last executing test programs:

1m2.483853948s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

53.136333374s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

43.659331763s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

31.810383958s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

21.128210054s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

10.37180128s ago: executing program 3 (id=2941):
unshare(0x22020600)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8, 0xfff5}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)

10.23002873s ago: executing program 3 (id=2942):
socket(0x21, 0x2, 0x10000000000002)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x8001000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_LIST_RULES(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x10, 0x3f5, 0x10, 0x70bd28, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x4000010}, 0x8000)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r5, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x2}, [@RTA_IP_PROTO={0x5, 0x1b, 0x1}, @RTA_SPORT={0x6}]}, 0x2c}}, 0x24008800)

10.12803301s ago: executing program 3 (id=2943):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x2, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000008c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)=ANY=[@ANYBLOB="14010000", @ANYRES16=r2, @ANYBLOB="cd3e0000000000000000010000000800020007000000ce00010043ecf8a077157cd8bc73e1b93314cdcbb6b9bb84e5bcdb7f9af2eacc913a7640e8332d1daa67516c7f094b740c631f175dd5d0f0a8ebd2679204020b006f64e62cd3404917f3be657330adc6bf2f2ab6286f915412935536f4406edcdc8a3779814659bebb63d2c301a5e2568cb3696d7ed256da47bd6246c86e86ac9cfbdae22622b43a13e9096385b4cb17bf6d8436e77f709e436462ad3ba28f73bf36e8e358673326e220d60a9d3d7e3c932faf89062b965db52beeff385e442adbb8d87480d48f4b3d4530e85283000014000500fe80000000000000000000000000000014000600fc0100"/270], 0x114}}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x53)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, r3, 0x0, 0x2c, &(0x7f0000000000)='/proc/\x80yync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff?\x11\xc8\xdd\x15\xcc\xd2\xf1\xfb\'%\xa0\x00\x00\x00,'}, 0x30)
write$tun(r3, &(0x7f0000000000)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r3, 0x15, 0x0, 0x0, &(0x7f0000000100)=[0x0], 0x1, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0]}, 0x40)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
recvmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041)

9.858322956s ago: executing program 2 (id=1581):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=r2, @ANYRESHEX=r0, @ANYRESDEC], 0x20}, 0x1, 0x40030000000000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x1c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001200375f"], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x880)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
setsockopt(r4, 0x7, 0x9, &(0x7f0000000100)="c4fff4218779945157ba22c64b10b185fd9bc4ca082920c5e594feb3e47aa9cb672d5f2eb462143b8f1289155ed88c9ec4c9df", 0x33)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={r11, 0x2}, &(0x7f00000000c0)=0x8)
socket$inet(0x2, 0x800, 0x3)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2ef9ee02cb9ce5c1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

4.037721414s ago: executing program 1 (id=2966):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x2}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0xfc, 0x54}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600001900000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001414000000110001"], 0x64}}, 0x0)

3.910959022s ago: executing program 1 (id=2968):
r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x3, &(0x7f0000000380)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000b40)="e5e4121815d00b6c46c9d7a9456f1b1f3a814613e4db4105b0afd2b7b1d6ca652229d6821b3b7bc46b9e1621025874e477835336a9e699a6fd7acb3190e77e1cd8882e915b8513753b374ca03e57034ccc96bd9f83b8dc00ca712b0decdc1e73b441eb", 0x63) (async)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@dellink={0x20, 0x11, 0x1, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, 0x8500, 0x2}}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x304}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b680000000000000000a45b4e00", "0000ff00", "dfa27021fe106750"}, 0x38) (async)
bpf$PROG_LOAD(0xfe, 0x0, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x5f0, 0x0, 0x290, 0x0, 0x450, 0x1b0, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'pimreg0\x00', 'macvtap0\x00'}, 0x0, 0x188, 0x1b0, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @mcast2, @private2}}, @common=@inet=@multiport={{0x50}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev, [], [], 'veth1_macvtap\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x680}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='1'], 0x20)
sendmsg$inet(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000680)="30a8ca488893d06f91990650a10141a8bc4dfc649014b8a065e46355db843073d290184a17d1c8490d73b2ba93d9ce", 0x2f}, {&(0x7f00000006c0)="360e97036f253890eca673f7b6ff14bd6343ae00a9618b7f5b7f92d87eb5ba77f12a052afc3ee1afde18ffbf3a7db92929d28ce22514fd154cdc22d49cd16adc049791e917424d422b975d8ee7aed171d78b365012e017fad2f0dfecfbb47e3a86dc87a3511bb54e006d1a28cc67491d359fd176e19a9fd4", 0x78}, {&(0x7f0000000740)}, {&(0x7f0000000900)="fe2d82fd954b088e7900d1da287c6da4da0ccea912ff68faadb05fd568821ebcf0a51dd5ff5d857c31802729b2fbbcb8fbada63dd3930fe7230a580c7cdea723a9b419b068de9b54c48d1ebc3189f5cb0d410aeab6d98b31bc9a81acb4cfb33f49381eb86e11193f8b7b10cb48340ef5f7fde9636d6a25dc36d98a9851fc411822a6afe35c8109ee5756f4edbd2df80a6ac4f275b5ed74bb09da4474329b454fbf8f9f4a929264418d7ac1e4a26a5bc7d3a7db31113744600bc544b550d34154c3f7eedee689a93d240fd2495b88d9a2056c2d682ff0e9716ccd717fcd5422ec8256f7fcd169a5108bff89ff0a79d7e394e96f103b0d", 0xf6}, {&(0x7f0000000780)="eb4c0c5b40e55a8f0a73e74c1610d78f4250e0a4190b0eb70f4675478ba8ceed4b3f86d6dd60855e6510ab8b48c43bd36e2f418ed3446e4295b38f6ef9c2263e01cea3b7de2e1cb6fe9ab7395f37ab843acd82b14ed1f16e32df850a43c6c9932c7a7dc91fe4bd228f0687427b6584cc627eb5a98e58bda361", 0x79}], 0x5, &(0x7f0000000800)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x5}}], 0x18}, 0x40000) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002f0000001801000020207025000000000020a9cb4c07c25e389d1a5e20207b1af8ff00000002bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500009500"/106], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x5caf90e002cdd1c0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r6, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9545dd30a3731677b2d0bfa91", 0x0, 0x27cb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x10, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf090800000000005509010080ffffff950000000000000085100000f5ffffffbd0400000000000056020000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.739764511s ago: executing program 1 (id=2970):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020"], 0x80}}, 0x4814)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x4}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x10, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0xff, 0x0, 0x0, 0x3], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x1ff], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff]}}]}}]}, 0x8c}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r3, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001980)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb4}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r5, 0x0, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f00000000c0)=0x8, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00'}, 0x18)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002380)="1b0000001a007f029e741683c28f7b331d00"/27, 0x1b}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r7, 0x800448d4, &(0x7f0000000080)={0x0, 0x200, "408b7c"})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55006}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.796332949s ago: executing program 1 (id=2975):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000006a0019012cbd7000fedbdf25020000000000000008000500", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x40440c0}, 0x44090)
socket(0x2b, 0x80801, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000400)=0x1a8, 0x4)
sendmmsg$inet(r1, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
r2 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000540)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=@deltaction={0xb8, 0x31, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x2c, 0x1, [{0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x790d}}, {0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}, @TCA_ACT_TAB={0x30, 0x1, [{0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfff}}]}]}, 0xb8}}, 0x8000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x9}, {0xfff3, 0x5}, {0x1c, 0x2613a1b406814a86}}}, 0x24}}, 0x44804)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x5, @loopback, 0x3}, @in6={0xa, 0x4e22, 0xb, @private0, 0x6}, @in6={0xa, 0x4e22, 0xff, @dev={0xfe, 0x80, '\x00', 0xe}, 0x8}, @in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e23, 0x8, @remote, 0x1}], 0x80)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x810, r2, 0xf79ee000)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a00000000000000008020"], 0x26}, 0x1, 0x0, 0x0, 0xa1}, 0x0)
unshare(0x68060200)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
accept4(r7, &(0x7f0000000380)=@tipc, &(0x7f0000000240)=0x80, 0x800)
setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000440)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000020000000000000000000000000000000001000000000000d4cd6ec7aa9020cdd4a3a2e7822b3db56e44cbcd426cf3df0941ad9f97a41c3a83e847811c286ad27ebac85319fbc8f43c96ba733259bd9f4383e0bcd80f0cf6d35a571c45f92d818a940f64b19bbb10bdb1908a26fa68588212f6a88ca21bdd09ebf5228fce10d9e10f760c5f1f12449afa79dd43f8660000000000000006ed6819f7d491f0c523deafd39fd5e9bf3c38bd00"/218], 0x48)
ioctl$TUNSETPERSIST(r5, 0x400454cb, 0x4)

1.803908601s ago: executing program 4 (id=2980):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x48, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local}]}}}]}, 0x48}, 0x1, 0xa1ffffffffffffff, 0x0, 0x800}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)

1.540480503s ago: executing program 4 (id=2981):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0xf00000000000000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.512534725s ago: executing program 0 (id=2982):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r0, &(0x7f00000004c0)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x2, {0x4e21}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x48000}, 0x40058c5)
bind$tipc(r0, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x8000002}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, 0x0}, 0xf5ff)

1.30862001s ago: executing program 4 (id=2983):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0303f8bd7000000000000a00000008000300", @ANYRES32, @ANYBLOB], 0x1c}}, 0x0)

1.219465653s ago: executing program 0 (id=2984):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg(0xffffffffffffffff, &(0x7f0000002a80)=[{{0x0, 0x0, &(0x7f0000006800)=[{0x0}, {&(0x7f00000001c0)="00000000000b4f9a0c150bf217b8d38a08338383eaec3adeec337961abd2aaa3e1791aa7959759bc4907296d630eb2b9b315bf1a740625995e4621a217780271d8293372f809cab298a39c204bfc4e7d4b6fd31e0c9294507f442719828d95821de56666b52ed41d1dfd2c8e8bcc2a909c8bd0eb40aef73c3a6cb1a462407170ed17dfb0c34c9b9cac73177dddc16cd9178bf9da0c7e1d6c9fdfd2df53f835afb74d851396442148cf4c968b62d7035b7f26c5084a57d0b0225220f46a7ea465fef6e539462a33368686b63ac2dd167680761bba8e8402571ee2578dab7d9cc65d9f82e1c7d8c8438af06e0bb13595168003a0128c95d359c82c9a8f0245d41d0cd509df930f9ba30589f8238a56603605229b3de6", 0x115}], 0x2}}], 0x1, 0x40080)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0x138, 0x21, 0x1, 0xff88, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0xe8, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0xff, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in=@local, @in6=@local, @in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x4, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0x138}}, 0x0)

1.192739554s ago: executing program 3 (id=2947):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f00000007c0)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}, 0xa000000}], 0x1, 0x2c000011)

1.063395095s ago: executing program 1 (id=2985):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000500000000000000000098718973e3e25f9106a16fb1a890b737e73a77c4ce7e3a3b0d5b704004b1888cd1140be2bae4081d2f2c0933c37a7aed7f53208212060615acf783dbeb76b2318ba2aa37f5a81b4bc3dc60f5ea744e546887dcbd54250588fa5ad9e56a4adbb56c4fc37f956a79c6b02cdaf4c1bc88828d213de79febe5950e61c46d3cc1cc785cce197f2736ea5ed365da38857f52b159e10e7d1f16900a21a66665ecd27ed0db03870c90f8fcae2d2f74741a3ae5fda20cef0b2df315cc0e5811fd781a9b55cf58453812d9a5a596a614f47f09938ed5399c37198cb62539ad6798f0bea65756510d66c8956e162b36b4cc15a2db4bb4392c3f90742fcdb924753e7d9187b9d3fd799d9e7e5b699399cc7687f1"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
r6 = socket$inet(0x2, 0xa, 0x1)
pipe(&(0x7f0000000c00)={<r7=>0xffffffffffffffff})
r8 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000240))
epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r7, &(0x7f00000004c0)={0xe0000012})
ioctl$SIOCGETNODEID(r7, 0x89e1, &(0x7f0000000140))
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000040)={0x64, 0xffff, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000080)="0800b123e7ef003f1c", 0x9}], 0x1, &(0x7f0000000000)=ANY=[], 0x40}, 0x20000000)
r9 = socket(0x2000000015, 0x80005, 0x0)
bind$inet6(r9, 0x0, 0x0)
sendto$inet6(r9, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvfrom$inet6(r9, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x20000000)
ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000000))
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0)
recvfrom$llc(r0, &(0x7f0000000000)=""/248, 0xf8, 0x40010001, 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCAX25DELUID(r7, 0x89e2, &(0x7f0000000300)={0x3, @bcast})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0xfff2}, {0x2, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x10)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)

1.024310185s ago: executing program 4 (id=2986):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000a10000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

944.177651ms ago: executing program 3 (id=2987):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x84, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x40, 0x12, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x10000}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xcc}}, 0x20050800)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000052000100000000000000000002000000080007"], 0x1c}}, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
unshare(0x24060400)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000fd3f1400e27f000001"], 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r5, &(0x7f0000000180), 0x20000000}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000000c0)={r5, &(0x7f0000000180), 0x0}, 0x20)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x20000000, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0xfa665a81a6d02b4d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x1], 0xff, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x3]}}]}}]}, 0x8c}}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={<r9=>0x0}, &(0x7f0000000980)=0x59)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={r9, 0x1, 0x6}, 0x13)

943.65479ms ago: executing program 0 (id=2988):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), r0)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x490c4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$isdn(0x22, 0x3, 0x21)
accept4(r3, &(0x7f0000000200)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000300)=0x80, 0x80000)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000010)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x1, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0xfffeffff, 0x7}}]}]}]}, 0x50}}, 0x0)

780.23454ms ago: executing program 0 (id=2989):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0xd1383000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r3, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r3, 0x1000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0)
mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f000015b000/0x3000)=nil, 0x3000, 0x800001, 0x10012, r5, 0x0)
mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x2000)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x80800100000000, 0x2000000000032, 0xffffffffffffffff, 0x0)

779.873248ms ago: executing program 4 (id=2990):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f42fc3199f000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af735ed41793bdf9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbc68223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f00001000000000eeff7c5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729eec082830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d424c14283a94395b64645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d620100000000000000494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd779a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9b0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000002684c2d8eb8cac98930fa6a893ca44c0f64c07a87eb7b05f56ca6c70cb3a0eb328a15fe96a88235155e6d64bd434f641ddf9db2245e47e5904453577895dd81d"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008e00)=ANY=[@ANYBLOB="e846000040000900ffffffff000000000100000004001f00d04601", @ANYBLOB, @ANYBLOB], 0x46e8}, 0x1, 0xf000000, 0x0, 0x4040000}, 0x0)

596.095427ms ago: executing program 3 (id=2991):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r0=>0xffffffffffffffff, 0xffffffffffff0001, 0x5, 0x1})
r1 = openat$cgroup_ro(r0, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf20200000000000160005003f1b48013d030100000000009500000000000000bc26000000000000bf67000000000000070600000fff07006702000003000000360600000ee600f0bf052000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x4, 0x0, 0x6}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000094}, 0x8000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0xfc}}, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$l2tp6(r4, 0x0, 0x0, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffe, @mcast2, 0x0, 0x4}, 0x20)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x143ffd, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r6, 0x0, 0x20000000}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000000c0)={r6, 0x0, 0x0}, 0x20)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendto$unix(r8, &(0x7f0000000080), 0xffffff9d, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r8, 0x0, 0x0, 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000003d0007010000000000000000027c0000040000000c000180"], 0x24}}, 0x0)
bind$bt_hci(r9, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000040)="0d000000010001", 0x7)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'nr0\x00'})

401.596632ms ago: executing program 0 (id=2992):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
sendto$inet(r2, &(0x7f0000000140)="f506478c89e2622140074a06eea6cee33f76af4cb57f1031c961323194c3b37212e1850eeb8823febff7e22f1b2bf35217c5607ff3032d1dd8f3b3e1053099fdbd9a11f1ead9d829ff91fc1a72cd5f4bc740991d4da33d67308740ae8b4189789c", 0x61, 0x48880, 0x0, 0x0)
ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f00000001c0)=0x1)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xb, 0x0, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4, 0x6}, @md5sig={0x1d, 0x12, "ac3272000000006f00"}]}}}}}}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
listen(r3, 0x100)
openat$cgroup_subtree(r4, &(0x7f0000000300), 0x2, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff10f5", 0x18, 0x6, 0xff, @local, @local, {[], {{0xfffd, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x4, {[@mptcp=@ack={0x1e, 0x4, 0x1f}]}}}}}}}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r7, @ANYBLOB="01000000000000000000010000000c0005006c000000000000000c0002000000000000000000040007800c0008000000000000000000080001000000000044000780", @ANYBLOB='8', @ANYBLOB], 0x90}}, 0x0)

306.233342ms ago: executing program 4 (id=2993):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
r2 = socket$key(0xf, 0x3, 0x2)
getsockopt$sock_int(r2, 0x1, 0x45, 0x0, &(0x7f0000000080))
connect$unix(r1, &(0x7f0000000100)=@abs={0x1}, 0x6e)
setsockopt$inet6_mreq(r0, 0x29, 0x16, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r5, 0x11, 0xa, &(0x7f0000000040)=0x4, 0x4)
sendmmsg$inet6(r5, &(0x7f00000006c0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x25, @local, 0x5}, 0x1c, 0x0}}], 0x1, 0x0)
write$cgroup_int(r4, &(0x7f0000000140)=0x7, 0x12)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000300)={'gretap0\x00', &(0x7f0000000280)={'ip_vti0\x00', <r6=>0x0, 0x40, 0x40, 0x5, 0xffffffff, {{0x9, 0x4, 0x3, 0x3, 0x24, 0x66, 0x0, 0x9, 0x2f, 0x0, @private=0xa010100, @loopback, {[@generic={0x7, 0xc, "c4643b2a4b723941c681"}, @ra={0x94, 0x4}]}}}}})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0000000500000003000000eb0d000014000200", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES32=r6, @ANYRES32, @ANYBLOB="050000000300000003beaad3a200"/28], 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r9=>0xffffffffffffffff})
unshare(0x20000600)
epoll_wait(r4, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0xdd)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000bdc5072e4c75223f007e6ca306000000000000009c91420b66f0980e90dc0a9900d145243692fe648adf4cbc1dc631c378820861eccfa60822e798d6526600eea6c33dd5b2a7762091bffe56a9440bf23deb4dc8947d2bafec88ae3708013fdc5b2a1dbc7d50fcb6d9a01d03491c35fee5ff00002e40db34dea1063eaf2e3d6959435775943a5a7090b1c08454a248811ed0850a0e16793732f7c9af95af00100000955133044fd041b55379c29cc8ca9e1e5223ceb6f2e4980e5be2d3f36ae968af01953b6e4b3aa3fe0c375b2e17019ccdf4b9b5caccc4722cf3e6cfa6567c5a8e01bf465f0a27e54911827c4fa432ca89bf5ac89effedbe12b66ce9643697ac0e12a966dcea592613f479d71eb2597dd9000000000000000000000000001d5bdafcd419016b45507fedc616a94a06268d9b21e956eabc"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
setsockopt$sock_attach_bpf(r9, 0x1, 0x34, &(0x7f0000009000)=r10, 0x4)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r8, 0x0, 0x0}, 0x20)
sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="10030000150a030000000000000000000a00000a0900010073797a3100000000d2000800c88de9b222c33d0b9c840c4312970cf410d26f74cea2ef205a615d218df63bf55b711b742d143bd178b756ca52d132e0b197568c2d71cd0818129677cb926947959c4b7be96804e6025892f3cdf02cc5ede994f79735ffa325be346d1011e8edfa31a895d8c3308a1a279a6b4c8aa44e74764e062245e29885445f0fd66e69db2d288838897f564aa17bb8e07b4978c4276491cf97f379aa41c7e49d43edc01880c6831c0864375ca23c813bcffe54b2ffae271642466262d7f14d1a7eb6185470a3ffe6e9d8fb94f35e6de2ce830000080003400000000c0900010073797a3000000000d800080062d10b2431781bf1d61dd4f6e90f6d23830973b57d70abb0f391f70b1754baee191d220fcc9c0dcb8c611d36a78e33723bb62c4ae4bf70d0def63ff6a76fbbf0f6bca369bb1c00ab71400389d7b48b028131dcc451677c51c1ab2454959f8ca9625d0c90c7375a55f05ec1a1a61765f22018d5b9a319f4087268f9fc8922001d057dd6c3a25d53b3b3388e53005112f65017c5bfcfc11d251f8cf11231a0b8be183ce017e49d3fdaef535d5a64d26a0a1e26198d45d393d49046f5451f7c688e18db302df9f2f84b000000000000040108009697b6668c1ffc9c1f501fc1de155a2137ce6a161d14fec3358b045432cba3c44b40aa4c008d9fcd581582ee6600137d31276dac0cf1dc00bca7420d5b0046a7639e803fad1b086a045855ac95d2bc71f76e63168a44139e4b1ab028f401b4b3f3c8808d2c347d9f190e6d0719a7216fa2d26d7878abc17c9b34bb89e085de6105290990e12e636d521e470299bce8f2bc752988ce8d7b71ce75486373e6285c1a8325da9fadae95d40062f70f1c562a9522812e7fd9e6a96dd24d15bf27868e75ee5c5e5c8d24301ff2f784bfe60b8c000000000000000bd3efb5e2e8dea976e3278ad6faa5a0c9f4266e572b18309bf4a1560ca5e84fffb478bb0537144fe308000340000000050900010073797a31000000000900020073797a31000000000900010073797a3000000000"], 0x310}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a3200000000090001"], 0xec}}, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000100)=ANY=[], 0x32600)

2.34651ms ago: executing program 0 (id=2994):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x40, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x42}, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x20, 0x5, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

0s ago: executing program 1 (id=2995):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000f2096047d8e5559f29c5726c29c2e1b34a8c3c860c90dce75041c3a5b002", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f00000003c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], {{0x6, 0x1, 0xd, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

kernel console output (not intermixed with test programs):

2960] chnl_net:caif_netlink_parms(): no params data found
[  321.015582][T13012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2379'.
[  321.178819][T13016] syzkaller1: entered promiscuous mode
[  321.184376][T13016] syzkaller1: entered allmulticast mode
[  321.253403][T12960] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.264791][T12960] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.275536][T12960] bridge_slave_0: entered allmulticast mode
[  321.288856][T12960] bridge_slave_0: entered promiscuous mode
[  321.367281][T12960] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.387720][T12960] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.403983][T12960] bridge_slave_1: entered allmulticast mode
[  321.416605][T12960] bridge_slave_1: entered promiscuous mode
[  321.470782][T12960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.570529][T13040] ieee802154 phy1 wpan1: encryption failed: -22
[  321.580347][T12960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.603079][T13042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2386'.
[  321.651719][T12960] team0: Port device team_slave_0 added
[  321.667606][T12960] team0: Port device team_slave_1 added
[  321.702869][T12960] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.710084][T12960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.736789][T12960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.793711][T12960] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.809803][T12960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.856207][T12960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.777156][   T55] Bluetooth: hci3: command tx timeout
[  322.824646][ T9819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.858599][ T9819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.890764][T12960] hsr_slave_0: entered promiscuous mode
[  322.910064][T12960] hsr_slave_1: entered promiscuous mode
[  322.916421][T12960] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.932597][T12960] Cannot create hsr debugfs directory
[  322.939672][T13055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2390'.
[  323.507484][T13084] netlink: 'syz.1.2402': attribute type 3 has an invalid length.
[  323.651222][T13090] netlink: 'syz.1.2403': attribute type 10 has an invalid length.
[  323.683889][T12960] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  323.708670][T12960] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  323.733635][T12960] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  323.775213][T12960] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  323.953388][T12960] 8021q: adding VLAN 0 to HW filter on device bond0
[  324.001200][T12960] 8021q: adding VLAN 0 to HW filter on device team0
[  324.022892][ T9813] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.030064][ T9813] bridge0: port 1(bridge_slave_0) entered forwarding state
[  324.060344][ T9813] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.067537][ T9813] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.092304][T13101] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2405'.
[  324.208558][T13105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  324.274181][T13106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  324.369989][T12960] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.452217][T12960] veth0_vlan: entered promiscuous mode
[  324.483457][T12960] veth1_vlan: entered promiscuous mode
[  324.520457][T12960] veth0_macvtap: entered promiscuous mode
[  324.540643][T12960] veth1_macvtap: entered promiscuous mode
[  324.560311][T12960] batman_adv: batadv0: Interface activated: batadv_slave_0
[  324.575715][T12960] batman_adv: batadv0: Interface activated: batadv_slave_1
[  324.595883][T12960] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  324.608564][T12960] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.618887][T12960] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.628158][T12960] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.629978][T13120] nbd: must specify a size in bytes for the device
[  324.735671][ T9819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.757005][ T9819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.783931][ T9819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.807541][ T9819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.857440][   T55] Bluetooth: hci3: command tx timeout
[  325.768814][T13170] netlink: 'syz.4.2429': attribute type 10 has an invalid length.
[  325.770686][T13168] netlink: 'syz.1.2431': attribute type 3 has an invalid length.
[  325.778883][T13170] team0: Device veth1_macvtap failed to register rx_handler
[  326.113432][T13181] netlink: 'syz.1.2435': attribute type 1 has an invalid length.
[  326.164701][T13181] 8021q: adding VLAN 0 to HW filter on device bond4
[  326.262747][ T9813] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.328997][T13181] ip6erspan0: entered promiscuous mode
[  326.341696][T13181] bond4: (slave ip6erspan0): making interface the new active one
[  326.351957][T13181] bond4: (slave ip6erspan0): Enslaving as an active interface with an up link
[  327.318529][ T9813] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.558392][T13193] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2439'.
[  327.654505][T13197] IPVS: set_ctl: invalid protocol: 94 127.0.0.1:20003
[  327.699390][T13193] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.717840][T13193] 8021q: adding VLAN 0 to HW filter on device team0
[  327.738256][T13193] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  327.855759][ T9813] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.034539][ T9813] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.185732][T13220] netlink: 'syz.0.2445': attribute type 8 has an invalid length.
[  328.233758][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  328.247922][T13226] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2446'.
[  328.252349][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  328.265698][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  328.275254][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  328.283647][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  328.291491][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  328.315263][ T9813] bridge_slave_1: left allmulticast mode
[  328.344495][ T9813] bridge_slave_1: left promiscuous mode
[  328.361616][ T9813] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.398676][ T9813] bridge_slave_0: left allmulticast mode
[  328.419615][ T9813] bridge_slave_0: left promiscuous mode
[  328.435521][ T9813] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.636371][T13240] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[  328.646774][T13240] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  328.813745][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2453'.
[  328.974352][ T9813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  328.990736][ T9813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  329.002499][ T9813] bond0 (unregistering): Released all slaves
[  329.483692][ T9813] hsr_slave_0: left promiscuous mode
[  329.495283][ T9813] hsr_slave_1: left promiscuous mode
[  329.502157][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  329.511863][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_0
[  329.522245][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  329.533695][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_1
[  329.586536][ T9813] veth1_macvtap: left promiscuous mode
[  329.599077][ T9813] veth0_macvtap: left promiscuous mode
[  329.606510][ T9813] veth1_vlan: left promiscuous mode
[  329.616020][ T9813] veth0_vlan: left promiscuous mode
[  330.405152][   T55] Bluetooth: hci3: command tx timeout
[  330.591604][ T9813] team0 (unregistering): Port device team_slave_1 removed
[  330.633648][ T9813] team0 (unregistering): Port device team_slave_0 removed
[  331.015470][T13223] chnl_net:caif_netlink_parms(): no params data found
[  331.113885][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2466'.
[  331.123146][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2466'.
[  331.132218][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2466'.
[  331.286588][T13223] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.303664][T13223] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.311298][T13223] bridge_slave_0: entered allmulticast mode
[  331.318777][T13223] bridge_slave_0: entered promiscuous mode
[  331.329446][T13296] FAULT_INJECTION: forcing a failure.
[  331.329446][T13296] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.343109][T13296] CPU: 0 UID: 0 PID: 13296 Comm: syz.3.2469 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  331.343137][T13296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  331.343150][T13296] Call Trace:
[  331.343158][T13296]  <TASK>
[  331.343167][T13296]  dump_stack_lvl+0x241/0x360
[  331.343198][T13296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.343222][T13296]  ? __pfx__printk+0x10/0x10
[  331.343254][T13296]  should_fail_ex+0x40a/0x550
[  331.343289][T13296]  _copy_to_user+0x31/0xb0
[  331.343319][T13296]  generic_map_lookup_batch+0x98a/0xf20
[  331.343361][T13296]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  331.343394][T13296]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  331.343421][T13296]  bpf_map_do_batch+0x288/0x660
[  331.343457][T13296]  __sys_bpf+0x653/0x820
[  331.343485][T13296]  ? __pfx___sys_bpf+0x10/0x10
[  331.343519][T13296]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  331.343554][T13296]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  331.343585][T13296]  ? do_syscall_64+0x100/0x230
[  331.343615][T13296]  __x64_sys_bpf+0x7c/0x90
[  331.343650][T13296]  do_syscall_64+0xf3/0x230
[  331.343673][T13296]  ? clear_bhb_loop+0x35/0x90
[  331.343705][T13296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.343732][T13296] RIP: 0033:0x7f784fb8d169
[  331.343749][T13296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.343765][T13296] RSP: 002b:00007f78509c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  331.343787][T13296] RAX: ffffffffffffffda RBX: 00007f784fda5fa0 RCX: 00007f784fb8d169
[  331.343801][T13296] RDX: 0000000000000038 RSI: 00004000000003c0 RDI: 0000000000000018
[  331.343814][T13296] RBP: 00007f78509c0090 R08: 0000000000000000 R09: 0000000000000000
[  331.343826][T13296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  331.343839][T13296] R13: 0000000000000000 R14: 00007f784fda5fa0 R15: 00007fff0ea88748
[  331.343868][T13296]  </TASK>
[  331.625501][T13223] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.633690][T13223] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.641503][T13223] bridge_slave_1: entered allmulticast mode
[  331.648850][T13223] bridge_slave_1: entered promiscuous mode
[  331.722174][T13306] sctp: [Deprecated]: syz.0.2470 (pid 13306) Use of int in max_burst socket option.
[  331.722174][T13306] Use struct sctp_assoc_value instead
[  331.764384][T13223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.811206][T13223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.918055][T13314] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2475'.
[  331.991134][T13223] team0: Port device team_slave_0 added
[  332.018309][T13223] team0: Port device team_slave_1 added
[  332.144562][T13223] batman_adv: batadv0: Adding interface: batadv_slave_0
[  332.151907][T13223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.178768][T13223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  332.193766][T13223] batman_adv: batadv0: Adding interface: batadv_slave_1
[  332.200988][T13223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.257505][T13223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  332.335792][T13223] hsr_slave_0: entered promiscuous mode
[  332.345399][T13223] hsr_slave_1: entered promiscuous mode
[  332.352360][T13223] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  332.360448][T13223] Cannot create hsr debugfs directory
[  332.457968][   T55] Bluetooth: hci3: command tx timeout
[  333.073505][T13223] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  333.116729][T13223] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  333.179776][T13223] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  333.244966][T13223] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  333.618785][T13223] 8021q: adding VLAN 0 to HW filter on device bond0
[  333.655749][T13350] Cannot find set identified by id 0 to match
[  333.751431][T13223] 8021q: adding VLAN 0 to HW filter on device team0
[  333.795533][ T9813] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.802703][ T9813] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.848517][ T9813] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.855676][ T9813] bridge0: port 2(bridge_slave_1) entered forwarding state
[  334.006119][T13363] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2490'.
[  334.011458][T13223] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  334.406451][T13223] 8021q: adding VLAN 0 to HW filter on device batadv0
[  334.519939][T13223] veth0_vlan: entered promiscuous mode
[  334.537646][   T55] Bluetooth: hci3: command tx timeout
[  334.544635][T13223] veth1_vlan: entered promiscuous mode
[  334.614947][T13223] veth0_macvtap: entered promiscuous mode
[  334.670822][T13223] veth1_macvtap: entered promiscuous mode
[  334.721882][T13223] batman_adv: batadv0: Interface activated: batadv_slave_0
[  334.758049][T13223] batman_adv: batadv0: Interface activated: batadv_slave_1
[  334.783841][T13385] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2495'.
[  334.789753][T13223] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  334.814873][T13223] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  334.834027][T13223] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  334.851828][T13385] netlink: 'syz.0.2495': attribute type 1 has an invalid length.
[  334.851895][T13223] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  335.090116][ T9825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.109942][T13392] FAULT_INJECTION: forcing a failure.
[  335.109942][T13392] name failslab, interval 1, probability 0, space 0, times 0
[  335.116976][ T9825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.151947][T13392] CPU: 0 UID: 0 PID: 13392 Comm: syz.1.2498 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  335.151980][T13392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  335.151995][T13392] Call Trace:
[  335.152003][T13392]  <TASK>
[  335.152012][T13392]  dump_stack_lvl+0x241/0x360
[  335.152046][T13392]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.152071][T13392]  ? __pfx__printk+0x10/0x10
[  335.152095][T13392]  ? fs_reclaim_acquire+0x93/0x130
[  335.152118][T13392]  ? __pfx___might_resched+0x10/0x10
[  335.152151][T13392]  should_fail_ex+0x40a/0x550
[  335.152188][T13392]  should_failslab+0xac/0x100
[  335.152218][T13392]  __kmalloc_noprof+0xdd/0x4c0
[  335.152246][T13392]  ? kstrtouint_from_user+0x128/0x190
[  335.152268][T13392]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  335.152302][T13392]  tomoyo_realpath_from_path+0xcf/0x5e0
[  335.152344][T13392]  tomoyo_path_number_perm+0x239/0x770
[  335.152373][T13392]  ? __lock_acquire+0x1397/0x2100
[  335.152409][T13392]  ? tomoyo_path_number_perm+0x209/0x770
[  335.152442][T13392]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  335.152523][T13392]  ? __fget_files+0x2a/0x410
[  335.152557][T13392]  ? __fget_files+0x2a/0x410
[  335.152594][T13392]  security_file_ioctl+0xc6/0x2a0
[  335.152624][T13392]  __se_sys_ioctl+0x46/0x170
[  335.152651][T13392]  do_syscall_64+0xf3/0x230
[  335.152679][T13392]  ? clear_bhb_loop+0x35/0x90
[  335.152713][T13392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.152742][T13392] RIP: 0033:0x7f3fd9b8d169
[  335.152760][T13392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.152780][T13392] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  335.152804][T13392] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  335.152820][T13392] RDX: 0000400000006100 RSI: 00000000000089f3 RDI: 0000000000000003
[  335.152835][T13392] RBP: 00007f3fdaa3b090 R08: 0000000000000000 R09: 0000000000000000
[  335.152848][T13392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.152861][T13392] R13: 0000000000000000 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  335.152895][T13392]  </TASK>
[  335.152904][T13392] ERROR: Out of memory at tomoyo_realpath_from_path.
[  335.182429][T13395] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2499'.
[  335.418310][ T9813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.438058][ T9813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.702088][T13407] netlink: 'syz.4.2502': attribute type 21 has an invalid length.
[  335.740237][T13407] netlink: 'syz.4.2502': attribute type 1 has an invalid length.
[  335.982187][T13419] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$�'
[  336.012708][T13419] CPU: 1 UID: 0 PID: 13419 Comm: syz.4.2506 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  336.012740][T13419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  336.012754][T13419] Call Trace:
[  336.012761][T13419]  <TASK>
[  336.012770][T13419]  dump_stack_lvl+0x241/0x360
[  336.012801][T13419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.012824][T13419]  ? __pfx__printk+0x10/0x10
[  336.012851][T13419]  ? __kmalloc_cache_noprof+0x243/0x390
[  336.012878][T13419]  ? sysfs_warn_dup+0x51/0xa0
[  336.012908][T13419]  sysfs_warn_dup+0x8e/0xa0
[  336.012932][T13419]  sysfs_do_create_link_sd+0xbe/0x110
[  336.012961][T13419]  device_add_class_symlinks+0x1c5/0x250
[  336.012997][T13419]  device_add+0x553/0xbf0
[  336.013035][T13419]  wiphy_register+0x1922/0x2650
[  336.013117][T13419]  ? __pfx_wiphy_register+0x10/0x10
[  336.013142][T13419]  ? minstrel_ht_alloc+0x84b/0x940
[  336.013182][T13419]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[  336.013219][T13419]  ieee80211_register_hw+0x35d9/0x42e0
[  336.013268][T13419]  ? ieee80211_register_hw+0x1651/0x42e0
[  336.013314][T13419]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  336.013360][T13419]  ? __asan_memset+0x23/0x50
[  336.013382][T13419]  ? __hrtimer_init+0x170/0x250
[  336.013411][T13419]  mac80211_hwsim_new_radio+0x2a89/0x49f0
[  336.013474][T13419]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  336.013502][T13419]  ? trace_kmalloc+0x1f/0xd0
[  336.013528][T13419]  ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0
[  336.013571][T13419]  ? kstrndup+0xbb/0x150
[  336.013613][T13419]  hwsim_new_radio_nl+0xece/0x2290
[  336.013654][T13419]  ? __pfx___nla_validate_parse+0x10/0x10
[  336.013682][T13419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  336.013744][T13419]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  336.013778][T13419]  genl_rcv_msg+0xb1f/0xec0
[  336.013809][T13419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  336.013864][T13419]  ? __pfx_lock_acquire+0x10/0x10
[  336.013894][T13419]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  336.013922][T13419]  ? __pfx___might_resched+0x10/0x10
[  336.013961][T13419]  netlink_rcv_skb+0x206/0x480
[  336.013989][T13419]  ? __pfx_genl_rcv_msg+0x10/0x10
[  336.014014][T13419]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  336.014082][T13419]  genl_rcv+0x28/0x40
[  336.014101][T13419]  netlink_unicast+0x7f6/0x990
[  336.014137][T13419]  ? __pfx_netlink_unicast+0x10/0x10
[  336.014160][T13419]  ? __virt_addr_valid+0x45f/0x530
[  336.014182][T13419]  ? __phys_addr_symbol+0x2f/0x70
[  336.014212][T13419]  ? __check_object_size+0x47a/0x730
[  336.014243][T13419]  netlink_sendmsg+0x8de/0xcb0
[  336.014316][T13419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.014348][T13419]  ? aa_sock_msg_perm+0x91/0x160
[  336.014384][T13419]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.014409][T13419]  __sock_sendmsg+0x221/0x270
[  336.014439][T13419]  ____sys_sendmsg+0x53a/0x860
[  336.014486][T13419]  ? __pfx_____sys_sendmsg+0x10/0x10
[  336.014506][T13419]  ? __fget_files+0x2a/0x410
[  336.014539][T13419]  ? __fget_files+0x2a/0x410
[  336.014578][T13419]  __sys_sendmsg+0x269/0x350
[  336.014606][T13419]  ? __pfx___sys_sendmsg+0x10/0x10
[  336.014678][T13419]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  336.014711][T13419]  ? do_syscall_64+0x100/0x230
[  336.014739][T13419]  ? do_syscall_64+0xb6/0x230
[  336.014766][T13419]  do_syscall_64+0xf3/0x230
[  336.014791][T13419]  ? clear_bhb_loop+0x35/0x90
[  336.014823][T13419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.014850][T13419] RIP: 0033:0x7f798238d169
[  336.014869][T13419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.014887][T13419] RSP: 002b:00007f7983293038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  336.014909][T13419] RAX: ffffffffffffffda RBX: 00007f79825a5fa0 RCX: 00007f798238d169
[  336.014924][T13419] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004
[  336.014938][T13419] RBP: 00007f798240e2a0 R08: 0000000000000000 R09: 0000000000000000
[  336.014951][T13419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  336.014963][T13419] R13: 0000000000000000 R14: 00007f79825a5fa0 R15: 00007ffee1dcdb78
[  336.014995][T13419]  </TASK>
[  336.715169][T13329] Set syz1 is full, maxelem 65536 reached
[  336.809496][T13425] netlink: 'syz.4.2508': attribute type 1 has an invalid length.
[  336.834032][T13425] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2508'.
[  337.016532][T13437] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD�w�}�zR'
[  337.061111][T13437] CPU: 1 UID: 0 PID: 13437 Comm: syz.4.2512 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  337.061145][T13437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  337.061159][T13437] Call Trace:
[  337.061167][T13437]  <TASK>
[  337.061178][T13437]  dump_stack_lvl+0x241/0x360
[  337.061214][T13437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.061239][T13437]  ? __pfx__printk+0x10/0x10
[  337.061268][T13437]  ? __kmalloc_cache_noprof+0x243/0x390
[  337.061299][T13437]  ? sysfs_warn_dup+0x51/0xa0
[  337.061332][T13437]  sysfs_warn_dup+0x8e/0xa0
[  337.061360][T13437]  sysfs_do_create_link_sd+0xbe/0x110
[  337.061393][T13437]  device_add_class_symlinks+0x1c5/0x250
[  337.061433][T13437]  device_add+0x553/0xbf0
[  337.061476][T13437]  wiphy_register+0x1922/0x2650
[  337.061522][T13437]  ? __pfx_wiphy_register+0x10/0x10
[  337.061547][T13437]  ? minstrel_ht_alloc+0x84b/0x940
[  337.061589][T13437]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[  337.061628][T13437]  ieee80211_register_hw+0x35d9/0x42e0
[  337.061679][T13437]  ? ieee80211_register_hw+0x1651/0x42e0
[  337.061723][T13437]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  337.061771][T13437]  ? __asan_memset+0x23/0x50
[  337.061794][T13437]  ? __hrtimer_init+0x170/0x250
[  337.061823][T13437]  mac80211_hwsim_new_radio+0x2a89/0x49f0
[  337.061891][T13437]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  337.061919][T13437]  ? trace_kmalloc+0x1f/0xd0
[  337.061960][T13437]  ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0
[  337.061993][T13437]  ? kstrndup+0xbb/0x150
[  337.062038][T13437]  hwsim_new_radio_nl+0xece/0x2290
[  337.062084][T13437]  ? __pfx___nla_validate_parse+0x10/0x10
[  337.062115][T13437]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  337.062187][T13437]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  337.062284][T13437]  genl_rcv_msg+0xb1f/0xec0
[  337.062330][T13437]  ? __pfx_genl_rcv_msg+0x10/0x10
[  337.062395][T13437]  ? __pfx_lock_acquire+0x10/0x10
[  337.062430][T13437]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  337.062464][T13437]  ? __pfx___might_resched+0x10/0x10
[  337.062508][T13437]  netlink_rcv_skb+0x206/0x480
[  337.062540][T13437]  ? __pfx_genl_rcv_msg+0x10/0x10
[  337.062567][T13437]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  337.062639][T13437]  genl_rcv+0x28/0x40
[  337.062660][T13437]  netlink_unicast+0x7f6/0x990
[  337.062699][T13437]  ? __pfx_netlink_unicast+0x10/0x10
[  337.062726][T13437]  ? __virt_addr_valid+0x45f/0x530
[  337.062750][T13437]  ? __phys_addr_symbol+0x2f/0x70
[  337.062780][T13437]  ? __check_object_size+0x47a/0x730
[  337.062819][T13437]  netlink_sendmsg+0x8de/0xcb0
[  337.062867][T13437]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.062905][T13437]  ? aa_sock_msg_perm+0x91/0x160
[  337.062980][T13437]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.063012][T13437]  __sock_sendmsg+0x221/0x270
[  337.063060][T13437]  ____sys_sendmsg+0x53a/0x860
[  337.063095][T13437]  ? __pfx_____sys_sendmsg+0x10/0x10
[  337.063117][T13437]  ? __fget_files+0x2a/0x410
[  337.063159][T13437]  ? __fget_files+0x2a/0x410
[  337.063202][T13437]  __sys_sendmsg+0x269/0x350
[  337.063234][T13437]  ? __pfx___sys_sendmsg+0x10/0x10
[  337.063313][T13437]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  337.063347][T13437]  ? do_syscall_64+0x100/0x230
[  337.063377][T13437]  ? do_syscall_64+0xb6/0x230
[  337.063408][T13437]  do_syscall_64+0xf3/0x230
[  337.063433][T13437]  ? clear_bhb_loop+0x35/0x90
[  337.063469][T13437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.063498][T13437] RIP: 0033:0x7f798238d169
[  337.063517][T13437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.063536][T13437] RSP: 002b:00007f7983293038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  337.063559][T13437] RAX: ffffffffffffffda RBX: 00007f79825a5fa0 RCX: 00007f798238d169
[  337.063575][T13437] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004
[  337.063589][T13437] RBP: 00007f798240e2a0 R08: 0000000000000000 R09: 0000000000000000
[  337.063602][T13437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  337.063616][T13437] R13: 0000000000000000 R14: 00007f79825a5fa0 R15: 00007ffee1dcdb78
[  337.063652][T13437]  </TASK>
[  337.785564][T13452] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  337.829818][T13456] ieee802154 phy1 wpan1: encryption failed: -22
[  337.977438][ T9827] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.860663][ T9827] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.928881][ T9827] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.002117][ T9827] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.073580][ T9827] bridge_slave_1: left allmulticast mode
[  339.081523][ T9827] bridge_slave_1: left promiscuous mode
[  339.087515][ T9827] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.103439][ T9827] bridge_slave_0: left allmulticast mode
[  339.109232][ T9827] bridge_slave_0: left promiscuous mode
[  339.114925][ T9827] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.371140][T13475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2524'.
[  339.880142][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  339.889541][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  339.904098][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  339.918751][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  339.937316][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  339.944971][T13493] ieee802154 phy1 wpan1: encryption failed: -22
[  339.953450][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  340.042793][ T9827] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  340.080878][ T9827] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  340.103803][ T9827] bond0 (unregistering): Released all slaves
[  340.321334][T13504] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  340.329294][T13504] netlink: 332 bytes leftover after parsing attributes in process `syz.1.2534'.
[  340.449279][T13513] netlink: 'syz.3.2535': attribute type 2 has an invalid length.
[  340.520617][T13515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2536'.
[  340.622269][T13489] chnl_net:caif_netlink_parms(): no params data found
[  340.712297][ T9827] hsr_slave_0: left promiscuous mode
[  340.735643][ T9827] hsr_slave_1: left promiscuous mode
[  340.759275][ T9827] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  340.766747][ T9827] batman_adv: batadv0: Removing interface: batadv_slave_0
[  340.815794][ T9827] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  340.826079][ T9827] batman_adv: batadv0: Removing interface: batadv_slave_1
[  340.875144][ T9827] veth1_macvtap: left promiscuous mode
[  340.890627][ T9827] veth0_macvtap: left promiscuous mode
[  340.896299][ T9827] veth1_vlan: left promiscuous mode
[  340.902505][T13532] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2540'.
[  340.908451][ T9827] veth0_vlan: left promiscuous mode
[  340.955789][T13532] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2540'.
[  341.407579][ T9827] team0 (unregistering): Port device team_slave_1 removed
[  341.437395][    T9] tipc: Node number set to 16385
[  341.459845][ T9827] team0 (unregistering): Port device team_slave_0 removed
[  341.872183][T13524] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2539'.
[  341.939912][ T9825] tipc: Resetting bearer <eth:syzkaller0>
[  342.041770][T13543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2545'.
[  342.051260][T13543] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2545'.
[  342.057056][ T5838] Bluetooth: hci3: command tx timeout
[  342.173544][T13489] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.202931][T13489] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.227384][T13489] bridge_slave_0: entered allmulticast mode
[  342.234473][T13489] bridge_slave_0: entered promiscuous mode
[  342.269319][T13489] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.276498][T13489] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.293148][T13489] bridge_slave_1: entered allmulticast mode
[  342.302302][T13489] bridge_slave_1: entered promiscuous mode
[  342.352349][T13489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  342.381200][T13489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  342.402220][T13555] netlink: 'syz.3.2548': attribute type 10 has an invalid length.
[  342.410820][T13552] netlink: 'syz.3.2548': attribute type 10 has an invalid length.
[  342.546055][T13489] team0: Port device team_slave_0 added
[  342.562408][T13489] team0: Port device team_slave_1 added
[  342.574889][T13568] ieee802154 phy1 wpan1: encryption failed: -22
[  342.663486][T13489] batman_adv: batadv0: Adding interface: batadv_slave_0
[  342.673316][T13489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  342.713994][T13489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  342.759612][T13489] batman_adv: batadv0: Adding interface: batadv_slave_1
[  342.771737][T13489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  342.799427][T13489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.889946][T13489] hsr_slave_0: entered promiscuous mode
[  342.902064][T13489] hsr_slave_1: entered promiscuous mode
[  342.910659][T13489] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  342.942457][T13489] Cannot create hsr debugfs directory
[  342.950498][T13579] FAULT_INJECTION: forcing a failure.
[  342.950498][T13579] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  342.965604][T13579] CPU: 0 UID: 0 PID: 13579 Comm: syz.3.2557 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  342.965632][T13579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  342.965646][T13579] Call Trace:
[  342.965653][T13579]  <TASK>
[  342.965663][T13579]  dump_stack_lvl+0x241/0x360
[  342.965693][T13579]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.965717][T13579]  ? __pfx__printk+0x10/0x10
[  342.965741][T13579]  ? __pfx_lock_release+0x10/0x10
[  342.965781][T13579]  should_fail_ex+0x40a/0x550
[  342.965817][T13579]  _copy_from_user+0x2d/0xb0
[  342.965846][T13579]  copy_msghdr_from_user+0xae/0x680
[  342.965875][T13579]  ? __pfx___might_resched+0x10/0x10
[  342.965907][T13579]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  342.965941][T13579]  ? do_recvmmsg+0x44e/0xab0
[  342.965965][T13579]  ? __might_fault+0xaa/0x120
[  342.965990][T13579]  do_recvmmsg+0x3bd/0xab0
[  342.966026][T13579]  ? __pfx_do_recvmmsg+0x10/0x10
[  342.966072][T13579]  ? ksys_write+0x22a/0x2b0
[  342.966094][T13579]  ? __pfx_lock_release+0x10/0x10
[  342.966132][T13579]  ? sb_end_write+0xe9/0x1c0
[  342.966161][T13579]  ? vfs_write+0x7fa/0xd10
[  342.966186][T13579]  ? __mutex_unlock_slowpath+0x227/0x800
[  342.966221][T13579]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  342.966245][T13579]  ? __fget_files+0x2a/0x410
[  342.966292][T13579]  __x64_sys_recvmmsg+0x199/0x250
[  342.966318][T13579]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  342.966343][T13579]  ? do_syscall_64+0x100/0x230
[  342.966371][T13579]  ? do_syscall_64+0xb6/0x230
[  342.966399][T13579]  do_syscall_64+0xf3/0x230
[  342.966423][T13579]  ? clear_bhb_loop+0x35/0x90
[  342.966456][T13579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.966483][T13579] RIP: 0033:0x7f784fb8d169
[  342.966508][T13579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.966526][T13579] RSP: 002b:00007f78509c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  342.966548][T13579] RAX: ffffffffffffffda RBX: 00007f784fda5fa0 RCX: 00007f784fb8d169
[  342.966565][T13579] RDX: 000000000400007c RSI: 0000400000000f40 RDI: 0000000000000006
[  342.966579][T13579] RBP: 00007f78509c0090 R08: 0000000000000000 R09: 0000000000000000
[  342.966596][T13579] R10: 0000000000002302 R11: 0000000000000246 R12: 0000000000000002
[  342.966610][T13579] R13: 0000000000000000 R14: 00007f784fda5fa0 R15: 00007fff0ea88748
[  342.966642][T13579]  </TASK>
[  343.405248][T13588] netlink: 'syz.0.2562': attribute type 2 has an invalid length.
[  343.523906][ T8736] hid-generic 0005:0458:0009.0001: unknown main item tag 0x0
[  343.549808][ T8736] hid-generic 0005:0458:0009.0001: unknown main item tag 0x0
[  343.571589][ T8736] hid-generic 0005:0458:0009.0001: unknown main item tag 0x0
[  343.601385][ T8736] hid-generic 0005:0458:0009.0001: hidraw0: BLUETOOTH HID v0.09 Device [syz0] on aa:aa:aa:aa:aa:aa
[  343.965682][T13611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2571'.
[  344.041954][T13489] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  344.068074][T13489] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  344.090589][T13489] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  344.111692][T13489] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  344.137567][ T5838] Bluetooth: hci3: command tx timeout
[  344.273504][T13625] netlink: 'syz.4.2576': attribute type 1 has an invalid length.
[  344.362158][T13489] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.395477][T13489] 8021q: adding VLAN 0 to HW filter on device team0
[  344.455403][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.458958][T13630] FAULT_INJECTION: forcing a failure.
[  344.458958][T13630] name failslab, interval 1, probability 0, space 0, times 0
[  344.462664][ T9825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.480820][T13632] FAULT_INJECTION: forcing a failure.
[  344.480820][T13632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.523204][T13630] CPU: 1 UID: 0 PID: 13630 Comm: syz.0.2577 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  344.523238][T13630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  344.523253][T13630] Call Trace:
[  344.523262][T13630]  <TASK>
[  344.523273][T13630]  dump_stack_lvl+0x241/0x360
[  344.523306][T13630]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.523341][T13630]  ? __pfx__printk+0x10/0x10
[  344.523366][T13630]  ? __kmalloc_cache_noprof+0x48/0x390
[  344.523398][T13630]  ? __pfx___might_resched+0x10/0x10
[  344.523425][T13630]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  344.523452][T13630]  should_fail_ex+0x40a/0x550
[  344.523490][T13630]  should_failslab+0xac/0x100
[  344.523526][T13630]  __kmalloc_cache_noprof+0x70/0x390
[  344.523555][T13630]  ? ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  344.523591][T13630]  ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  344.523638][T13630]  genl_rcv_msg+0xb1f/0xec0
[  344.523672][T13630]  ? __pfx_genl_rcv_msg+0x10/0x10
[  344.523726][T13630]  ? __pfx_lock_acquire+0x10/0x10
[  344.523758][T13630]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  344.523790][T13630]  ? __pfx___might_resched+0x10/0x10
[  344.523830][T13630]  netlink_rcv_skb+0x206/0x480
[  344.523861][T13630]  ? __pfx_genl_rcv_msg+0x10/0x10
[  344.523886][T13630]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  344.523948][T13630]  genl_rcv+0x28/0x40
[  344.523968][T13630]  netlink_unicast+0x7f6/0x990
[  344.524005][T13630]  ? __pfx_netlink_unicast+0x10/0x10
[  344.524029][T13630]  ? __virt_addr_valid+0x45f/0x530
[  344.524051][T13630]  ? __phys_addr_symbol+0x2f/0x70
[  344.524071][T13630]  ? __check_object_size+0x47a/0x730
[  344.524105][T13630]  netlink_sendmsg+0x8de/0xcb0
[  344.524150][T13630]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.524190][T13630]  ? aa_sock_msg_perm+0x91/0x160
[  344.524229][T13630]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.524258][T13630]  __sock_sendmsg+0x221/0x270
[  344.524290][T13630]  ____sys_sendmsg+0x53a/0x860
[  344.524324][T13630]  ? __pfx_____sys_sendmsg+0x10/0x10
[  344.524356][T13630]  ? __fget_files+0x2a/0x410
[  344.524391][T13630]  ? __fget_files+0x2a/0x410
[  344.524432][T13630]  __sys_sendmsg+0x269/0x350
[  344.524460][T13630]  ? __pfx___sys_sendmsg+0x10/0x10
[  344.524495][T13630]  ? do_sys_openat2+0x17a/0x1d0
[  344.524550][T13630]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  344.524583][T13630]  ? do_syscall_64+0x100/0x230
[  344.524610][T13630]  ? do_syscall_64+0xb6/0x230
[  344.524636][T13630]  do_syscall_64+0xf3/0x230
[  344.524660][T13630]  ? clear_bhb_loop+0x35/0x90
[  344.524691][T13630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.524726][T13630] RIP: 0033:0x7fe9a018d169
[  344.524743][T13630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.524761][T13630] RSP: 002b:00007fe9a0ffe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.524783][T13630] RAX: ffffffffffffffda RBX: 00007fe9a03a5fa0 RCX: 00007fe9a018d169
[  344.524799][T13630] RDX: 0000000000000000 RSI: 0000400000000100 RDI: 0000000000000003
[  344.524812][T13630] RBP: 00007fe9a0ffe090 R08: 0000000000000000 R09: 0000000000000000
[  344.524825][T13630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  344.524838][T13630] R13: 0000000000000000 R14: 00007fe9a03a5fa0 R15: 00007ffd53fcb8e8
[  344.524871][T13630]  </TASK>
[  344.529408][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.539099][T13634] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2580'.
[  344.547921][ T9825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.597332][T13632] CPU: 0 UID: 0 PID: 13632 Comm: syz.3.2578 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  344.597365][T13632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  344.597379][T13632] Call Trace:
[  344.597389][T13632]  <TASK>
[  344.597398][T13632]  dump_stack_lvl+0x241/0x360
[  344.597434][T13632]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.597459][T13632]  ? __pfx__printk+0x10/0x10
[  344.597490][T13632]  ? __pfx_lock_release+0x10/0x10
[  344.597534][T13632]  should_fail_ex+0x40a/0x550
[  344.597574][T13632]  _copy_from_user+0x2d/0xb0
[  344.597613][T13632]  copy_msghdr_from_user+0xae/0x680
[  344.597644][T13632]  ? __pfx___might_resched+0x10/0x10
[  344.597679][T13632]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  344.597716][T13632]  ? __sys_sendmmsg+0x392/0x720
[  344.597740][T13632]  ? __might_fault+0xaa/0x120
[  344.597769][T13632]  __sys_sendmmsg+0x32b/0x720
[  344.597807][T13632]  ? __pfx___sys_sendmmsg+0x10/0x10
[  344.597845][T13632]  ? __pfx_lock_release+0x10/0x10
[  344.597876][T13632]  ? kstrtouint_from_user+0x128/0x190
[  344.597928][T13632]  ? ksys_write+0x22a/0x2b0
[  344.597953][T13632]  ? __pfx_lock_release+0x10/0x10
[  344.597994][T13632]  ? sb_end_write+0xe9/0x1c0
[  344.598025][T13632]  ? vfs_write+0x7fa/0xd10
[  344.598063][T13632]  ? __mutex_unlock_slowpath+0x227/0x800
[  344.598120][T13632]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  344.598156][T13632]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  344.598191][T13632]  ? do_syscall_64+0x100/0x230
[  344.598221][T13632]  __x64_sys_sendmmsg+0xa0/0xb0
[  344.598248][T13632]  do_syscall_64+0xf3/0x230
[  344.598274][T13632]  ? clear_bhb_loop+0x35/0x90
[  344.598308][T13632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.598337][T13632] RIP: 0033:0x7f784fb8d169
[  344.598357][T13632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.598375][T13632] RSP: 002b:00007f78509c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  344.598398][T13632] RAX: ffffffffffffffda RBX: 00007f784fda5fa0 RCX: 00007f784fb8d169
[  344.598415][T13632] RDX: 04924924924925c6 RSI: 0000400000000680 RDI: 0000000000000006
[  344.598430][T13632] RBP: 00007f78509c0090 R08: 0000000000000000 R09: 0000000000000000
[  344.598444][T13632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  344.598458][T13632] R13: 0000000000000000 R14: 00007f784fda5fa0 R15: 00007fff0ea88748
[  344.598490][T13632]  </TASK>
[  345.147647][T13646] FAULT_INJECTION: forcing a failure.
[  345.147647][T13646] name failslab, interval 1, probability 0, space 0, times 0
[  345.167308][T13646] CPU: 1 UID: 0 PID: 13646 Comm: syz.3.2582 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  345.167339][T13646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  345.167353][T13646] Call Trace:
[  345.167361][T13646]  <TASK>
[  345.167370][T13646]  dump_stack_lvl+0x241/0x360
[  345.167404][T13646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.167428][T13646]  ? __pfx__printk+0x10/0x10
[  345.167452][T13646]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  345.167485][T13646]  ? __pfx___might_resched+0x10/0x10
[  345.167520][T13646]  should_fail_ex+0x40a/0x550
[  345.167564][T13646]  should_failslab+0xac/0x100
[  345.167595][T13646]  __kmalloc_node_noprof+0xe1/0x4d0
[  345.167623][T13646]  ? __kasan_kmalloc+0x98/0xb0
[  345.167646][T13646]  ? __kvmalloc_node_noprof+0x72/0x190
[  345.167684][T13646]  __kvmalloc_node_noprof+0x72/0x190
[  345.167719][T13646]  page_pool_create_percpu+0x2f5/0xb70
[  345.167753][T13646]  bpf_test_run_xdp_live+0x2e6/0x2220
[  345.167784][T13646]  ? __pfx_lock_release+0x10/0x10
[  345.167823][T13646]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  345.167849][T13646]  ? __pfx___might_resched+0x10/0x10
[  345.167882][T13646]  ? __mutex_unlock_slowpath+0x227/0x800
[  345.167919][T13646]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  345.167947][T13646]  ? synchronize_rcu+0x11b/0x360
[  345.167972][T13646]  ? __pfx_synchronize_rcu+0x10/0x10
[  345.168021][T13646]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[  345.168053][T13646]  ? 0xffffffffa00007c8
[  345.168071][T13646]  ? 0xffffffffa000090c
[  345.168122][T13646]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  345.168169][T13646]  ? _copy_from_user+0x95/0xb0
[  345.168203][T13646]  ? bpf_test_init+0x137/0x160
[  345.168232][T13646]  ? xdp_convert_md_to_buff+0x5b/0x330
[  345.168263][T13646]  bpf_prog_test_run_xdp+0x805/0x11e0
[  345.168299][T13646]  ? __pfx_lock_release+0x10/0x10
[  345.168340][T13646]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  345.168370][T13646]  ? __fget_files+0x2a/0x410
[  345.168404][T13646]  ? __fget_files+0x2a/0x410
[  345.168437][T13646]  ? fput+0x21b/0x290
[  345.168465][T13646]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  345.168495][T13646]  bpf_prog_test_run+0x2e4/0x360
[  345.168539][T13646]  __sys_bpf+0x487/0x820
[  345.168571][T13646]  ? __pfx___sys_bpf+0x10/0x10
[  345.168613][T13646]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  345.168648][T13646]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  345.168682][T13646]  ? do_syscall_64+0x100/0x230
[  345.168730][T13646]  __x64_sys_bpf+0x7c/0x90
[  345.168757][T13646]  do_syscall_64+0xf3/0x230
[  345.168784][T13646]  ? clear_bhb_loop+0x35/0x90
[  345.168818][T13646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.168846][T13646] RIP: 0033:0x7f784fb8d169
[  345.168865][T13646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.168883][T13646] RSP: 002b:00007f78509c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  345.168906][T13646] RAX: ffffffffffffffda RBX: 00007f784fda5fa0 RCX: 00007f784fb8d169
[  345.168923][T13646] RDX: 0000000000000050 RSI: 0000400000000240 RDI: 000000000000000a
[  345.168937][T13646] RBP: 00007f78509c0090 R08: 0000000000000000 R09: 0000000000000000
[  345.168950][T13646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.168963][T13646] R13: 0000000000000000 R14: 00007f784fda5fa0 R15: 00007fff0ea88748
[  345.168996][T13646]  </TASK>
[  345.169006][T13646] page_pool_create_percpu() gave up with errno -12
[  345.281922][T13489] 8021q: adding VLAN 0 to HW filter on device batadv0
[  345.380492][T13651] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2583'.
[  345.630131][T13489] veth0_vlan: entered promiscuous mode
[  345.647138][T13489] veth1_vlan: entered promiscuous mode
[  345.749604][T13489] veth0_macvtap: entered promiscuous mode
[  345.769759][T13489] veth1_macvtap: entered promiscuous mode
[  345.823088][T13489] batman_adv: batadv0: Interface activated: batadv_slave_0
[  345.857064][T13489] batman_adv: batadv0: Interface activated: batadv_slave_1
[  345.888077][T13489] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.921270][T13489] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.953191][T13489] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  345.977250][T13489] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  346.018439][T13670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2591'.
[  346.153892][ T9819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.181137][ T9819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.217103][ T5838] Bluetooth: hci3: command tx timeout
[  346.232220][ T9813] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.240910][ T9813] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.225281][ T9819] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.633193][ T9819] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.055114][ T9819] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.145355][ T9819] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.231381][ T9819] bridge_slave_1: left allmulticast mode
[  348.238975][ T9819] bridge_slave_1: left promiscuous mode
[  348.244694][ T9819] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.253730][ T9819] bridge_slave_0: left allmulticast mode
[  348.259645][ T9819] bridge_slave_0: left promiscuous mode
[  348.265337][ T9819] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.591680][ T9819] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  348.603106][ T9819] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  348.613226][ T9819] bond0 (unregistering): Released all slaves
[  348.852274][ T9819] hsr_slave_0: left promiscuous mode
[  348.858902][ T9819] hsr_slave_1: left promiscuous mode
[  348.864807][ T9819] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.872588][ T9819] batman_adv: batadv0: Removing interface: batadv_slave_0
[  348.939151][ T9819] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.964893][ T9819] batman_adv: batadv0: Removing interface: batadv_slave_1
[  349.080479][ T9819] veth1_macvtap: left promiscuous mode
[  349.116761][ T9819] veth0_macvtap: left promiscuous mode
[  349.125614][ T9819] veth1_vlan: left promiscuous mode
[  349.131478][ T9819] veth0_vlan: left promiscuous mode
[  349.479823][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  349.490218][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  349.508412][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  349.516429][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  349.524450][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  349.531968][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  350.055566][ T9819] team0 (unregistering): Port device team_slave_1 removed
[  350.104340][ T9819] team0 (unregistering): Port device team_slave_0 removed
[  350.524259][T13736] netlink: 'syz.3.2613': attribute type 1 has an invalid length.
[  350.532311][T13739] netlink: 'syz.1.2614': attribute type 8 has an invalid length.
[  350.839855][T13775] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  350.880635][T13750] chnl_net:caif_netlink_parms(): no params data found
[  350.884815][T13775] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  351.007514][T13785] nbd: must specify a device to reconfigure
[  351.119120][T13790] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.2625'.
[  351.128588][T13790] openvswitch: netlink: Missing key (keys=40, expected=80)
[  351.152010][T13750] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.165607][T13750] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.174724][T13750] bridge_slave_0: entered allmulticast mode
[  351.202249][T13750] bridge_slave_0: entered promiscuous mode
[  351.238076][T13750] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.252492][T13750] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.269113][T13750] bridge_slave_1: entered allmulticast mode
[  351.284129][T13750] bridge_slave_1: entered promiscuous mode
[  351.383447][T13750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  351.422904][T13750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  351.466121][T13802] ieee802154 phy1 wpan1: encryption failed: -22
[  351.483557][T13801] netlink: 'syz.0.2630': attribute type 4 has an invalid length.
[  351.577507][ T5838] Bluetooth: hci3: command tx timeout
[  351.584242][T13750] team0: Port device team_slave_0 added
[  351.608030][T13750] team0: Port device team_slave_1 added
[  352.343917][T13811] x_tables: ip6_tables: rpfilter.0 match: invalid size 8 (kernel) != (user) 48
[  352.511878][T13750] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.521465][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.558294][T13750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.576223][ T9817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.579230][T13814] netlink: 'syz.4.2635': attribute type 12 has an invalid length.
[  352.587909][ T9817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  352.657436][T13750] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.664437][T13750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.714414][T13820] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2637'.
[  352.724023][T13750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  352.862347][T13750] hsr_slave_0: entered promiscuous mode
[  352.883815][T13750] hsr_slave_1: entered promiscuous mode
[  352.907590][T13750] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  352.915210][T13750] Cannot create hsr debugfs directory
[  353.181813][T13840] ieee802154 phy1 wpan1: encryption failed: -22
[  353.564943][T13750] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  353.581886][T13750] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  353.592633][T13750] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  353.621129][T13750] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  353.657471][ T5838] Bluetooth: hci3: command tx timeout
[  353.784779][T13750] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.803530][T13750] 8021q: adding VLAN 0 to HW filter on device team0
[  353.823307][ T9819] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.830602][ T9819] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.850765][ T9821] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.857960][ T9821] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.223415][T13864] netlink: set zone limit has 4 unknown bytes
[  354.229337][T13750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.333995][T13871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  354.334655][T13750] veth0_vlan: entered promiscuous mode
[  354.383327][T13750] veth1_vlan: entered promiscuous mode
[  354.447342][T13750] veth0_macvtap: entered promiscuous mode
[  354.458475][T13750] veth1_macvtap: entered promiscuous mode
[  354.485372][T13750] batman_adv: batadv0: Interface activated: batadv_slave_0
[  354.501366][T13750] batman_adv: batadv0: Interface activated: batadv_slave_1
[  354.521217][T13750] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.532491][T13750] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.543704][T13750] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.557341][T13750] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  354.576607][T13877] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  354.691390][ T9819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.717233][ T9819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.765600][ T9821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.774973][ T9821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  355.032773][T13900] ieee802154 phy1 wpan1: encryption failed: -22
[  355.800786][T13914] FAULT_INJECTION: forcing a failure.
[  355.800786][T13914] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.834138][T13917] netlink: 'syz.4.2671': attribute type 1 has an invalid length.
[  355.845854][T13914] CPU: 1 UID: 0 PID: 13914 Comm: syz.1.2670 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  355.845888][T13914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  355.845902][T13914] Call Trace:
[  355.845909][T13914]  <TASK>
[  355.845918][T13914]  dump_stack_lvl+0x241/0x360
[  355.845951][T13914]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.845974][T13914]  ? __pfx__printk+0x10/0x10
[  355.845998][T13914]  ? __pfx_lock_release+0x10/0x10
[  355.846039][T13914]  should_fail_ex+0x40a/0x550
[  355.846075][T13914]  _copy_from_user+0x2d/0xb0
[  355.846104][T13914]  copy_msghdr_from_user+0xae/0x680
[  355.846140][T13914]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  355.846166][T13914]  ? __fget_files+0x2a/0x410
[  355.846198][T13914]  ? __fget_files+0x2a/0x410
[  355.846237][T13914]  __sys_sendmsg+0x209/0x350
[  355.846265][T13914]  ? __pfx___sys_sendmsg+0x10/0x10
[  355.846301][T13914]  ? do_sys_openat2+0x17a/0x1d0
[  355.846358][T13914]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  355.846390][T13914]  ? do_syscall_64+0x100/0x230
[  355.846419][T13914]  ? do_syscall_64+0xb6/0x230
[  355.846446][T13914]  do_syscall_64+0xf3/0x230
[  355.846480][T13914]  ? clear_bhb_loop+0x35/0x90
[  355.846513][T13914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.846542][T13914] RIP: 0033:0x7f3fd9b8d169
[  355.846577][T13914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.846596][T13914] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.846619][T13914] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  355.846635][T13914] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003
[  355.846649][T13914] RBP: 00007f3fdaa3b090 R08: 0000000000000000 R09: 0000000000000000
[  355.846662][T13914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.846675][T13914] R13: 0000000000000000 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  355.846708][T13914]  </TASK>
[  356.083798][T13917] bond2: entered allmulticast mode
[  356.133659][T13917] 8021q: adding VLAN 0 to HW filter on device bond2
[  356.159967][T13922] 8021q: adding VLAN 0 to HW filter on device batadv3
[  356.169219][T13922] bond2: (slave batadv3): making interface the new active one
[  356.176708][T13922] batadv3: entered allmulticast mode
[  356.183938][T13922] bond2: (slave batadv3): Enslaving as an active interface with an up link
[  356.609469][T13954] lo speed is unknown, defaulting to 1000
[  356.623130][T13954] lo speed is unknown, defaulting to 1000
[  356.635876][T13954] lo speed is unknown, defaulting to 1000
[  356.689623][T13954] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  356.725047][T13954] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  356.863477][ T9813] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  356.893617][T13960] xt_CT: No such helper "pptp"
[  356.907481][T13954] lo speed is unknown, defaulting to 1000
[  356.915452][T13954] lo speed is unknown, defaulting to 1000
[  356.932274][T13954] lo speed is unknown, defaulting to 1000
[  356.955904][T13954] lo speed is unknown, defaulting to 1000
[  356.999321][T13954] lo speed is unknown, defaulting to 1000
[  358.091532][ T9813] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.155749][ T9813] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.226006][ T9813] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.324736][ T9813] bridge_slave_1: left allmulticast mode
[  358.332159][ T9813] bridge_slave_1: left promiscuous mode
[  358.338142][ T9813] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.348818][ T9813] bridge_slave_0: left allmulticast mode
[  358.354570][ T9813] bridge_slave_0: left promiscuous mode
[  358.360452][ T9813] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.664957][T13977] ieee802154 phy1 wpan1: encryption failed: -22
[  358.838671][T13984] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2687'.
[  358.903148][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  358.912925][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  358.924052][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  358.934249][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  358.942726][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  358.950736][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  359.042303][ T9813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  359.056620][ T9813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  359.069954][ T9813] bond0 (unregistering): Released all slaves
[  359.192783][T13986] lo speed is unknown, defaulting to 1000
[  359.553977][ T9813] hsr_slave_0: left promiscuous mode
[  359.567680][ T9813] hsr_slave_1: left promiscuous mode
[  359.574527][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  359.582547][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_0
[  359.593894][ T9813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  359.601761][ T9813] batman_adv: batadv0: Removing interface: batadv_slave_1
[  359.616270][T13995] netlink: 'syz.1.2689': attribute type 10 has an invalid length.
[  359.636626][ T9813] veth1_macvtap: left promiscuous mode
[  359.642554][ T9813] veth0_macvtap: left promiscuous mode
[  359.648463][ T9813] veth1_vlan: left promiscuous mode
[  359.653781][ T9813] veth0_vlan: left promiscuous mode
[  360.301672][ T9813] team0 (unregistering): Port device team_slave_1 removed
[  360.349511][ T9813] team0 (unregistering): Port device team_slave_0 removed
[  360.785449][T13995] veth1_macvtap: left promiscuous mode
[  360.798273][T13995] team0: Device veth1_macvtap failed to register rx_handler
[  361.027717][   T55] Bluetooth: hci3: command tx timeout
[  361.081320][T14003] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.091750][T14003] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.104381][T14003] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.112978][T14003] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  361.134595][T14003] team0 (unregistering): Port device geneve0 removed
[  361.506198][T13986] chnl_net:caif_netlink_parms(): no params data found
[  361.613476][T14031] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  361.644276][T14031] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  361.658600][T14031] gretap1: entered promiscuous mode
[  361.663864][T14031] gretap1: entered allmulticast mode
[  361.821122][T14040] FAULT_INJECTION: forcing a failure.
[  361.821122][T14040] name failslab, interval 1, probability 0, space 0, times 0
[  361.836120][T14040] CPU: 0 UID: 0 PID: 14040 Comm: syz.0.2705 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  361.836165][T14040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  361.836180][T14040] Call Trace:
[  361.836189][T14040]  <TASK>
[  361.836199][T14040]  dump_stack_lvl+0x241/0x360
[  361.836235][T14040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  361.836259][T14040]  ? __pfx__printk+0x10/0x10
[  361.836283][T14040]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  361.836313][T14040]  ? __pfx___might_resched+0x10/0x10
[  361.836339][T14040]  ? __asan_memset+0x23/0x50
[  361.836362][T14040]  should_fail_ex+0x40a/0x550
[  361.836398][T14040]  should_failslab+0xac/0x100
[  361.836429][T14040]  __kmalloc_node_noprof+0xe1/0x4d0
[  361.836456][T14040]  ? __kvmalloc_node_noprof+0x72/0x190
[  361.836491][T14040]  __kvmalloc_node_noprof+0x72/0x190
[  361.836520][T14040]  rhashtable_init_noprof+0x534/0xa60
[  361.836548][T14040]  br_dev_init+0x29/0x490
[  361.836570][T14040]  ? __kmalloc_cache_noprof+0x243/0x390
[  361.836600][T14040]  register_netdevice+0x6d7/0x1b70
[  361.836629][T14040]  ? validate_linkmsg+0x828/0xa40
[  361.836653][T14040]  ? __pfx_register_netdevice+0x10/0x10
[  361.836674][T14040]  ? __pfx_validate_linkmsg+0x10/0x10
[  361.836696][T14040]  ? alloc_netdev_mqs+0xe01/0x1210
[  361.836727][T14040]  br_dev_newlink+0x67/0x140
[  361.836751][T14040]  ? rtnl_newlink_create+0x366/0xbd0
[  361.836777][T14040]  ? __pfx_br_dev_newlink+0x10/0x10
[  361.836811][T14040]  rtnl_newlink_create+0x37b/0xbd0
[  361.836850][T14040]  ? __mutex_lock+0x602/0x1010
[  361.836879][T14040]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  361.836935][T14040]  ? __pfx___mutex_lock+0x10/0x10
[  361.836980][T14040]  ? ns_capable+0x8a/0xf0
[  361.837010][T14040]  rtnl_newlink+0x167a/0x1d90
[  361.837043][T14040]  ? __lock_acquire+0x1397/0x2100
[  361.837092][T14040]  ? __pfx_rtnl_newlink+0x10/0x10
[  361.837123][T14040]  ? __pfx_validate_chain+0x10/0x10
[  361.837170][T14040]  ? validate_chain+0x11e/0x5920
[  361.837193][T14040]  ? __pfx_lock_acquire+0x10/0x10
[  361.837228][T14040]  ? __pfx_lock_release+0x10/0x10
[  361.837264][T14040]  ? __pfx_validate_chain+0x10/0x10
[  361.837290][T14040]  ? mark_lock+0x9a/0x360
[  361.837316][T14040]  ? __lock_acquire+0x1397/0x2100
[  361.837386][T14040]  ? __pfx_lock_release+0x10/0x10
[  361.837435][T14040]  ? __pfx_rtnl_newlink+0x10/0x10
[  361.837468][T14040]  rtnetlink_rcv_msg+0x791/0xcf0
[  361.837496][T14040]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  361.837528][T14040]  ? __lock_acquire+0x1397/0x2100
[  361.837562][T14040]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  361.837611][T14040]  netlink_rcv_skb+0x206/0x480
[  361.837642][T14040]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  361.837675][T14040]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  361.837731][T14040]  ? netlink_deliver_tap+0x2e/0x1b0
[  361.837764][T14040]  netlink_unicast+0x7f6/0x990
[  361.837800][T14040]  ? __pfx_netlink_unicast+0x10/0x10
[  361.837824][T14040]  ? __virt_addr_valid+0x45f/0x530
[  361.837846][T14040]  ? __phys_addr_symbol+0x2f/0x70
[  361.837866][T14040]  ? __check_object_size+0x47a/0x730
[  361.837901][T14040]  netlink_sendmsg+0x8de/0xcb0
[  361.837945][T14040]  ? __pfx_netlink_sendmsg+0x10/0x10
[  361.838005][T14040]  ? aa_sock_msg_perm+0x91/0x160
[  361.838044][T14040]  ? __pfx_netlink_sendmsg+0x10/0x10
[  361.838072][T14040]  __sock_sendmsg+0x221/0x270
[  361.838106][T14040]  ____sys_sendmsg+0x53a/0x860
[  361.838139][T14040]  ? __pfx_____sys_sendmsg+0x10/0x10
[  361.838161][T14040]  ? __fget_files+0x2a/0x410
[  361.838196][T14040]  ? __fget_files+0x2a/0x410
[  361.838237][T14040]  __sys_sendmsg+0x269/0x350
[  361.838267][T14040]  ? __pfx___sys_sendmsg+0x10/0x10
[  361.838306][T14040]  ? do_sys_openat2+0x17a/0x1d0
[  361.838369][T14040]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  361.838404][T14040]  ? do_syscall_64+0x100/0x230
[  361.838433][T14040]  ? do_syscall_64+0xb6/0x230
[  361.838462][T14040]  do_syscall_64+0xf3/0x230
[  361.838489][T14040]  ? clear_bhb_loop+0x35/0x90
[  361.838523][T14040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.838553][T14040] RIP: 0033:0x7fe9a018d169
[  361.838572][T14040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.838591][T14040] RSP: 002b:00007fe9a0ffe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  361.838614][T14040] RAX: ffffffffffffffda RBX: 00007fe9a03a5fa0 RCX: 00007fe9a018d169
[  361.838630][T14040] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003
[  361.838644][T14040] RBP: 00007fe9a0ffe090 R08: 0000000000000000 R09: 0000000000000000
[  361.838658][T14040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  361.838671][T14040] R13: 0000000000000000 R14: 00007fe9a03a5fa0 R15: 00007ffd53fcb8e8
[  361.838704][T14040]  </TASK>
[  362.597373][T14053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2708'.
[  362.638371][T13986] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.645532][T13986] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.674259][T14059] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2709'.
[  362.683546][T14059] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2709'.
[  362.701099][T13986] bridge_slave_0: entered allmulticast mode
[  362.714037][T13986] bridge_slave_0: entered promiscuous mode
[  362.722496][T14060] ieee802154 phy1 wpan1: encryption failed: -22
[  362.732821][T14053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2708'.
[  362.773845][T13986] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.806050][T13986] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.813568][T13986] bridge_slave_1: entered allmulticast mode
[  362.821859][T13986] bridge_slave_1: entered promiscuous mode
[  362.881832][T14049] lo speed is unknown, defaulting to 1000
[  362.933608][T13986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  362.962953][T14067] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2713'.
[  362.972655][T13986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  362.988682][T14067] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2713'.
[  363.097604][   T55] Bluetooth: hci3: command tx timeout
[  363.116667][T14069] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2714'.
[  363.126536][T14069] openvswitch: netlink: Flow actions attr not present in new flow.
[  363.135852][T13986] team0: Port device team_slave_0 added
[  363.154484][T13986] team0: Port device team_slave_1 added
[  363.180919][T14071] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2715'.
[  363.320426][T13986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  363.335937][T13986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  363.371426][T13986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  363.388914][T13986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  363.396005][T13986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  363.432451][T13986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  363.530319][T14084] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2720'.
[  363.598710][T13986] hsr_slave_0: entered promiscuous mode
[  363.605210][T13986] hsr_slave_1: entered promiscuous mode
[  363.622084][T13986] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  363.634211][T13986] Cannot create hsr debugfs directory
[  363.916480][T14079] lo speed is unknown, defaulting to 1000
[  364.671265][T14122] sctp: [Deprecated]: syz.0.2733 (pid 14122) Use of int in max_burst socket option.
[  364.671265][T14122] Use struct sctp_assoc_value instead
[  364.759097][T13986] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  364.780530][T13986] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  364.805728][T13986] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  364.843932][T13986] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  365.105080][T13986] 8021q: adding VLAN 0 to HW filter on device bond0
[  365.161061][T13986] 8021q: adding VLAN 0 to HW filter on device team0
[  365.177258][   T55] Bluetooth: hci3: command tx timeout
[  365.192641][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  365.200010][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  365.262281][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  365.269459][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  365.432571][T14127] __nla_validate_parse: 1 callbacks suppressed
[  365.439836][T14127] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2734'.
[  365.514134][T14131] netlink: 'syz.1.2737': attribute type 4 has an invalid length.
[  365.688665][T14137] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD�w�}�zR'
[  365.708605][T14137] CPU: 1 UID: 0 PID: 14137 Comm: syz.0.2738 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  365.708652][T14137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  365.708671][T14137] Call Trace:
[  365.708680][T14137]  <TASK>
[  365.708690][T14137]  dump_stack_lvl+0x241/0x360
[  365.708724][T14137]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.708760][T14137]  ? __pfx__printk+0x10/0x10
[  365.708786][T14137]  ? __kmalloc_cache_noprof+0x243/0x390
[  365.708814][T14137]  ? sysfs_warn_dup+0x51/0xa0
[  365.708843][T14137]  sysfs_warn_dup+0x8e/0xa0
[  365.708867][T14137]  sysfs_do_create_link_sd+0xbe/0x110
[  365.708894][T14137]  device_add_class_symlinks+0x1c5/0x250
[  365.708934][T14137]  device_add+0x553/0xbf0
[  365.708970][T14137]  wiphy_register+0x1922/0x2650
[  365.709011][T14137]  ? __pfx_wiphy_register+0x10/0x10
[  365.709034][T14137]  ? minstrel_ht_alloc+0x84b/0x940
[  365.709088][T14137]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[  365.709126][T14137]  ieee80211_register_hw+0x35d9/0x42e0
[  365.709173][T14137]  ? ieee80211_register_hw+0x1651/0x42e0
[  365.709213][T14137]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  365.709255][T14137]  ? __asan_memset+0x23/0x50
[  365.709276][T14137]  ? __hrtimer_init+0x170/0x250
[  365.709303][T14137]  mac80211_hwsim_new_radio+0x2a89/0x49f0
[  365.709366][T14137]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  365.709392][T14137]  ? trace_kmalloc+0x1f/0xd0
[  365.709418][T14137]  ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0
[  365.709448][T14137]  ? kstrndup+0xbb/0x150
[  365.709491][T14137]  hwsim_new_radio_nl+0xece/0x2290
[  365.709534][T14137]  ? __pfx___nla_validate_parse+0x10/0x10
[  365.709564][T14137]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  365.709630][T14137]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  365.709665][T14137]  genl_rcv_msg+0xb1f/0xec0
[  365.709698][T14137]  ? __pfx_genl_rcv_msg+0x10/0x10
[  365.709756][T14137]  ? __pfx_lock_acquire+0x10/0x10
[  365.709787][T14137]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  365.709817][T14137]  ? __pfx___might_resched+0x10/0x10
[  365.709859][T14137]  netlink_rcv_skb+0x206/0x480
[  365.709895][T14137]  ? __pfx_genl_rcv_msg+0x10/0x10
[  365.709927][T14137]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  365.709996][T14137]  genl_rcv+0x28/0x40
[  365.710015][T14137]  netlink_unicast+0x7f6/0x990
[  365.710054][T14137]  ? __pfx_netlink_unicast+0x10/0x10
[  365.710079][T14137]  ? __virt_addr_valid+0x45f/0x530
[  365.710102][T14137]  ? __phys_addr_symbol+0x2f/0x70
[  365.710122][T14137]  ? __check_object_size+0x47a/0x730
[  365.710157][T14137]  netlink_sendmsg+0x8de/0xcb0
[  365.710202][T14137]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.710239][T14137]  ? aa_sock_msg_perm+0x91/0x160
[  365.710278][T14137]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.710307][T14137]  __sock_sendmsg+0x221/0x270
[  365.710340][T14137]  ____sys_sendmsg+0x53a/0x860
[  365.710374][T14137]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.710395][T14137]  ? __fget_files+0x2a/0x410
[  365.710430][T14137]  ? __fget_files+0x2a/0x410
[  365.710472][T14137]  __sys_sendmsg+0x269/0x350
[  365.710502][T14137]  ? __pfx___sys_sendmsg+0x10/0x10
[  365.710577][T14137]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  365.710630][T14137]  ? do_syscall_64+0x100/0x230
[  365.710662][T14137]  ? do_syscall_64+0xb6/0x230
[  365.710693][T14137]  do_syscall_64+0xf3/0x230
[  365.710720][T14137]  ? clear_bhb_loop+0x35/0x90
[  365.710756][T14137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.710793][T14137] RIP: 0033:0x7fe9a018d169
[  365.710814][T14137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.710834][T14137] RSP: 002b:00007fe9a0ffe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.710859][T14137] RAX: ffffffffffffffda RBX: 00007fe9a03a5fa0 RCX: 00007fe9a018d169
[  365.710876][T14137] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004
[  365.710890][T14137] RBP: 00007fe9a020e2a0 R08: 0000000000000000 R09: 0000000000000000
[  365.710905][T14137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  365.710918][T14137] R13: 0000000000000000 R14: 00007fe9a03a5fa0 R15: 00007ffd53fcb8e8
[  365.710960][T14137]  </TASK>
[  366.136564][T13986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  366.189753][T13986] veth0_vlan: entered promiscuous mode
[  366.200797][T13986] veth1_vlan: entered promiscuous mode
[  366.319128][T13986] veth0_macvtap: entered promiscuous mode
[  366.330550][T13986] veth1_macvtap: entered promiscuous mode
[  366.349746][T13986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.384776][T13986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.396758][T13986] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  366.405995][T13986] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  366.415159][T13986] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  366.424110][T13986] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.653070][T14162] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2746'.
[  366.706418][T14163] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2748'.
[  366.727269][ T9825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.735135][ T9825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.748681][T14163] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2748'.
[  366.794171][T14163] erspan0: entered promiscuous mode
[  366.853036][T14163] erspan0: left promiscuous mode
[  366.866015][T14168] netlink: 'syz.4.2750': attribute type 8 has an invalid length.
[  366.912004][ T9819] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.937308][ T9819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.978772][T14171] lo speed is unknown, defaulting to 1000
[  367.153664][T14180] ip6gretap0: entered promiscuous mode
[  367.183958][T14180] batadv_slave_1: entered promiscuous mode
[  367.247935][T14180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2755'.
[  367.258601][   T55] Bluetooth: hci3: command tx timeout
[  367.275547][T14185] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2756'.
[  367.595059][T14197] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2761'.
[  367.598531][T14198] ieee802154 phy1 wpan1: encryption failed: -22
[  367.612755][T14197] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2761'.
[  368.603619][T14223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2771'.
[  368.684907][ T9821] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.752981][T14219] IPv6: Can't replace route, no match found
[  368.762526][T14226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2771'.
[  369.431724][ T9821] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.513022][ T9821] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.573772][ T9821] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.648729][ T9821] bridge_slave_1: left allmulticast mode
[  369.654432][ T9821] bridge_slave_1: left promiscuous mode
[  369.661995][ T9821] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.671337][ T9821] bridge_slave_0: left allmulticast mode
[  369.677843][ T9821] bridge_slave_0: left promiscuous mode
[  369.683565][ T9821] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.023340][ T9821] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.036412][ T9821] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.046663][ T9821] bond0 (unregistering): Released all slaves
[  370.304764][ T9821] hsr_slave_0: left promiscuous mode
[  370.314362][ T9821] hsr_slave_1: left promiscuous mode
[  370.320308][ T9821] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  370.332779][ T9821] batman_adv: batadv0: Removing interface: batadv_slave_0
[  370.341001][ T9821] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  370.349472][ T9821] batman_adv: batadv0: Removing interface: batadv_slave_1
[  370.375672][ T9821] veth1_macvtap: left promiscuous mode
[  370.381602][ T9821] veth0_macvtap: left promiscuous mode
[  370.387491][ T9821] veth1_vlan: left promiscuous mode
[  370.392841][ T9821] veth0_vlan: left promiscuous mode
[  370.492457][T14231] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2774'.
[  370.975514][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  370.986545][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  370.997573][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  371.006521][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  371.014454][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  371.022002][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  371.051453][T14257] ieee802154 phy1 wpan1: encryption failed: -22
[  371.366281][ T9821] team0 (unregistering): Port device team_slave_1 removed
[  371.412504][ T9821] team0 (unregistering): Port device team_slave_0 removed
[  372.048541][T14252] lo speed is unknown, defaulting to 1000
[  372.061402][T14231] lo speed is unknown, defaulting to 1000
[  373.097585][   T55] Bluetooth: hci3: command tx timeout
[  373.312548][T14284] xt_TCPMSS: Only works on TCP SYN packets
[  373.410211][T14252] chnl_net:caif_netlink_parms(): no params data found
[  373.683432][T14252] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.721607][T14252] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.739493][T14252] bridge_slave_0: entered allmulticast mode
[  373.746476][T14252] bridge_slave_0: entered promiscuous mode
[  373.762062][T14252] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.776478][T14252] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.788942][T14252] bridge_slave_1: entered allmulticast mode
[  373.796398][T14252] bridge_slave_1: entered promiscuous mode
[  373.889383][T14252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.916676][T14252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  374.073571][T14252] team0: Port device team_slave_0 added
[  374.128470][T14252] team0: Port device team_slave_1 added
[  374.234607][T14252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.252338][T14252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.286133][T14252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.299402][T14252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.306484][T14252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.334186][T14252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.350611][T14325] lo speed is unknown, defaulting to 1000
[  374.600612][T14252] hsr_slave_0: entered promiscuous mode
[  374.625071][T14252] hsr_slave_1: entered promiscuous mode
[  374.648156][T14252] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  374.687376][T14252] Cannot create hsr debugfs directory
[  374.916974][T14329] lo speed is unknown, defaulting to 1000
[  375.124489][T14325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2797'.
[  375.177100][   T55] Bluetooth: hci3: command tx timeout
[  375.224228][T14326] netlink: 'syz.0.2797': attribute type 1 has an invalid length.
[  375.232863][T14326] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2797'.
[  375.722719][T14352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2805'.
[  375.761860][T14354] x_tables: ip6_tables: rpfilter.0 match: invalid size 8 (kernel) != (user) 48
[  375.767389][T14352] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  375.808725][T14356] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2807'.
[  375.855250][T14252] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  375.905934][T14252] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  375.940266][T14252] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  375.979447][T14252] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  376.297441][T14252] 8021q: adding VLAN 0 to HW filter on device bond0
[  376.349372][T14252] 8021q: adding VLAN 0 to HW filter on device team0
[  376.399878][ T9817] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.407271][ T9817] bridge0: port 1(bridge_slave_0) entered forwarding state
[  376.440178][ T9817] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.447423][ T9817] bridge0: port 2(bridge_slave_1) entered forwarding state
[  376.817998][T14252] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.865792][T14396] netlink: 'syz.0.2820': attribute type 1 has an invalid length.
[  376.896616][T14396] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2820'.
[  376.921749][T14252] veth0_vlan: entered promiscuous mode
[  376.935881][T14252] veth1_vlan: entered promiscuous mode
[  377.004834][T14252] veth0_macvtap: entered promiscuous mode
[  377.064188][T14252] veth1_macvtap: entered promiscuous mode
[  377.133970][T14252] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.138601][T14407] FAULT_INJECTION: forcing a failure.
[  377.138601][T14407] name failslab, interval 1, probability 0, space 0, times 0
[  377.172029][T14252] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.188958][T14407] CPU: 1 UID: 0 PID: 14407 Comm: syz.1.2822 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  377.188989][T14407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  377.189002][T14407] Call Trace:
[  377.189010][T14407]  <TASK>
[  377.189019][T14407]  dump_stack_lvl+0x241/0x360
[  377.189051][T14407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.189074][T14407]  ? __pfx__printk+0x10/0x10
[  377.189097][T14407]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  377.189129][T14407]  ? __pfx___might_resched+0x10/0x10
[  377.189162][T14407]  should_fail_ex+0x40a/0x550
[  377.189198][T14407]  should_failslab+0xac/0x100
[  377.189228][T14407]  kmem_cache_alloc_node_noprof+0x77/0x380
[  377.189257][T14407]  ? __alloc_skb+0x1c3/0x440
[  377.189282][T14407]  __alloc_skb+0x1c3/0x440
[  377.189307][T14407]  ? __pfx___alloc_skb+0x10/0x10
[  377.189330][T14407]  ? netlink_autobind+0xd6/0x2f0
[  377.189359][T14407]  ? netlink_autobind+0x2b0/0x2f0
[  377.189394][T14407]  netlink_sendmsg+0x634/0xcb0
[  377.189436][T14407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.189470][T14407]  ? aa_sock_msg_perm+0x91/0x160
[  377.189508][T14407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.189535][T14407]  __sock_sendmsg+0x221/0x270
[  377.189584][T14407]  ____sys_sendmsg+0x53a/0x860
[  377.189616][T14407]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.189638][T14407]  ? __fget_files+0x2a/0x410
[  377.189672][T14407]  ? __fget_files+0x2a/0x410
[  377.189712][T14407]  __sys_sendmsg+0x269/0x350
[  377.189741][T14407]  ? __pfx___sys_sendmsg+0x10/0x10
[  377.189779][T14407]  ? do_sys_openat2+0x17a/0x1d0
[  377.189837][T14407]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  377.189879][T14407]  ? do_syscall_64+0x100/0x230
[  377.189912][T14407]  ? do_syscall_64+0xb6/0x230
[  377.189941][T14407]  do_syscall_64+0xf3/0x230
[  377.189967][T14407]  ? clear_bhb_loop+0x35/0x90
[  377.190001][T14407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.190030][T14407] RIP: 0033:0x7f3fd9b8d169
[  377.190049][T14407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.190067][T14407] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.190091][T14407] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  377.190106][T14407] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003
[  377.190120][T14407] RBP: 00007f3fdaa3b090 R08: 0000000000000000 R09: 0000000000000000
[  377.190134][T14407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.190147][T14407] R13: 0000000000000000 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  377.190179][T14407]  </TASK>
[  377.211609][T14252] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.259543][   T55] Bluetooth: hci3: command tx timeout
[  377.490693][T14252] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.547474][T14417] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2827'.
[  377.556451][T14417] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2827'.
[  377.565821][T14252] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.600282][T14252] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.662157][T14417] netlink: 'syz.0.2827': attribute type 5 has an invalid length.
[  377.680897][T14417] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2827'.
[  377.972318][ T9811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.992346][ T9811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  378.055582][ T9825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  378.065009][ T9825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  378.275345][T14444] FAULT_INJECTION: forcing a failure.
[  378.275345][T14444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.289308][T14444] CPU: 1 UID: 0 PID: 14444 Comm: syz.1.2837 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  378.289339][T14444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  378.289352][T14444] Call Trace:
[  378.289360][T14444]  <TASK>
[  378.289369][T14444]  dump_stack_lvl+0x241/0x360
[  378.289400][T14444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.289422][T14444]  ? __pfx__printk+0x10/0x10
[  378.289445][T14444]  ? __pfx_lock_release+0x10/0x10
[  378.289483][T14444]  should_fail_ex+0x40a/0x550
[  378.289517][T14444]  _copy_from_user+0x2d/0xb0
[  378.289545][T14444]  copy_msghdr_from_user+0xae/0x680
[  378.289573][T14444]  ? __pfx___might_resched+0x10/0x10
[  378.289603][T14444]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  378.289635][T14444]  ? __sys_sendmmsg+0x392/0x720
[  378.289657][T14444]  ? __might_fault+0xaa/0x120
[  378.289694][T14444]  __sys_sendmmsg+0x32b/0x720
[  378.289727][T14444]  ? __pfx___sys_sendmmsg+0x10/0x10
[  378.289761][T14444]  ? __pfx_lock_release+0x10/0x10
[  378.289788][T14444]  ? kstrtouint_from_user+0x128/0x190
[  378.289834][T14444]  ? ksys_write+0x22a/0x2b0
[  378.289855][T14444]  ? __pfx_lock_release+0x10/0x10
[  378.289890][T14444]  ? sb_end_write+0xe9/0x1c0
[  378.289918][T14444]  ? vfs_write+0x7fa/0xd10
[  378.289942][T14444]  ? __mutex_unlock_slowpath+0x227/0x800
[  378.289995][T14444]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  378.290028][T14444]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  378.290060][T14444]  ? do_syscall_64+0x100/0x230
[  378.290087][T14444]  __x64_sys_sendmmsg+0xa0/0xb0
[  378.290112][T14444]  do_syscall_64+0xf3/0x230
[  378.290136][T14444]  ? clear_bhb_loop+0x35/0x90
[  378.290166][T14444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.290192][T14444] RIP: 0033:0x7f3fd9b8d169
[  378.290211][T14444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.290229][T14444] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  378.290250][T14444] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  378.290265][T14444] RDX: 04924924924925c6 RSI: 0000400000000680 RDI: 0000000000000004
[  378.290279][T14444] RBP: 00007f3fdaa3b090 R08: 0000000000000000 R09: 0000000000000000
[  378.290293][T14444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  378.290305][T14444] R13: 0000000000000000 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  378.290335][T14444]  </TASK>
[  378.735884][T14450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  378.868775][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  378.905090][T14455] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2842'.
[  378.943663][T14459] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2843'.
[  379.158629][T14466] ieee802154 phy1 wpan1: encryption failed: -22
[  379.177741][T14466] netlink: zone id is out of range
[  379.192103][T14466] netlink: zone id is out of range
[  379.210045][T14466] netlink: zone id is out of range
[  379.215613][T14466] netlink: zone id is out of range
[  379.224864][T14466] netlink: zone id is out of range
[  379.230683][T14466] netlink: zone id is out of range
[  379.233610][T14469] ieee802154 phy1 wpan1: encryption failed: -22
[  379.238073][T14466] netlink: set zone limit has 8 unknown bytes
[  379.356742][ T9817] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.482947][ T9817] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.549880][ T9817] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.625074][ T9817] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.716089][ T9817] bridge_slave_1: left allmulticast mode
[  380.723412][ T9817] bridge_slave_1: left promiscuous mode
[  380.729372][ T9817] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.738235][ T9817] bridge_slave_0: left allmulticast mode
[  380.743983][ T9817] bridge_slave_0: left promiscuous mode
[  380.750529][ T9817] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.095102][ T9817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  381.106638][ T9817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  381.117340][ T9817] bond0 (unregistering): Released all slaves
[  381.315355][T14486] netlink: 'syz.3.2851': attribute type 10 has an invalid length.
[  381.730828][ T9817] hsr_slave_0: left promiscuous mode
[  381.763724][ T9817] hsr_slave_1: left promiscuous mode
[  381.778038][ T9817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  381.785690][ T9817] batman_adv: batadv0: Removing interface: batadv_slave_0
[  381.829580][ T9817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  381.849235][ T9817] batman_adv: batadv0: Removing interface: batadv_slave_1
[  381.944101][ T9817] veth1_macvtap: left promiscuous mode
[  381.963826][ T9817] veth0_macvtap: left promiscuous mode
[  381.979714][ T9817] veth1_vlan: left promiscuous mode
[  381.991161][ T9817] veth0_vlan: left promiscuous mode
[  381.999242][T14502] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  382.035899][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  382.056324][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  382.075228][ T5148] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  382.084030][ T5148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  382.091966][ T5148] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  382.099659][ T5148] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  382.420785][T14514] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2861'.
[  382.462823][T14516] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2862'.
[  382.551482][T14523] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2864'.
[  382.640306][T14523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2864'.
[  382.840778][ T9817] team0 (unregistering): Port device team_slave_1 removed
[  382.893144][ T9817] team0 (unregistering): Port device team_slave_0 removed
[  383.320822][T14519] 8021q: VLANs not supported on ip6_vti0
[  383.352998][T14523] bond3: entered promiscuous mode
[  383.369619][T14523] 8021q: adding VLAN 0 to HW filter on device bond3
[  383.582322][T14536] netlink: 'syz.1.2868': attribute type 5 has an invalid length.
[  383.692125][T14503] lo speed is unknown, defaulting to 1000
[  383.825810][T14540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2870'.
[  383.849025][T14540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2870'.
[  383.960774][T14541] IPVS: Scheduler module ip_vs_sip not found
[  384.058177][T14544] lo speed is unknown, defaulting to 1000
[  384.112766][T14546] lo speed is unknown, defaulting to 1000
[  384.137190][   T55] Bluetooth: hci3: command tx timeout
[  384.192147][T14503] chnl_net:caif_netlink_parms(): no params data found
[  384.480768][T14564] netlink: 'syz.4.2875': attribute type 1 has an invalid length.
[  384.488695][T14564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2875'.
[  384.702609][T14503] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.733453][T14503] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.761464][T14503] bridge_slave_0: entered allmulticast mode
[  384.782784][T14503] bridge_slave_0: entered promiscuous mode
[  384.808862][T14503] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.839366][T14503] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.846703][T14503] bridge_slave_1: entered allmulticast mode
[  384.867304][T14503] bridge_slave_1: entered promiscuous mode
[  384.936116][T14503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.005871][T14503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.124168][T14503] team0: Port device team_slave_0 added
[  385.159162][T14503] team0: Port device team_slave_1 added
[  385.278438][T14503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.297598][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.386046][T14503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.435585][T14503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.443926][T14589] netlink: 'syz.0.2885': attribute type 10 has an invalid length.
[  385.444484][T14597] netlink: 'syz.0.2885': attribute type 10 has an invalid length.
[  385.468861][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.495269][T14503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.522192][T14592] vlan4: entered promiscuous mode
[  385.680598][T14503] hsr_slave_0: entered promiscuous mode
[  385.693853][T14503] hsr_slave_1: entered promiscuous mode
[  385.727949][T14503] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  385.735555][T14503] Cannot create hsr debugfs directory
[  385.744087][T14605] ieee802154 phy1 wpan1: encryption failed: -22
[  385.853157][T14609] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD�w�}�zR'
[  385.877903][T14609] CPU: 1 UID: 0 PID: 14609 Comm: syz.3.2891 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  385.877935][T14609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  385.877949][T14609] Call Trace:
[  385.877957][T14609]  <TASK>
[  385.877967][T14609]  dump_stack_lvl+0x241/0x360
[  385.878001][T14609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.878027][T14609]  ? __pfx__printk+0x10/0x10
[  385.878057][T14609]  ? __kmalloc_cache_noprof+0x243/0x390
[  385.878087][T14609]  ? sysfs_warn_dup+0x51/0xa0
[  385.878140][T14609]  sysfs_warn_dup+0x8e/0xa0
[  385.878168][T14609]  sysfs_do_create_link_sd+0xbe/0x110
[  385.878199][T14609]  device_add_class_symlinks+0x1c5/0x250
[  385.878242][T14609]  device_add+0x553/0xbf0
[  385.878284][T14609]  wiphy_register+0x1922/0x2650
[  385.878328][T14609]  ? __pfx_wiphy_register+0x10/0x10
[  385.878354][T14609]  ? minstrel_ht_alloc+0x84b/0x940
[  385.878392][T14609]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[  385.878430][T14609]  ieee80211_register_hw+0x35d9/0x42e0
[  385.878479][T14609]  ? ieee80211_register_hw+0x1651/0x42e0
[  385.878522][T14609]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  385.878568][T14609]  ? __asan_memset+0x23/0x50
[  385.878601][T14609]  ? __hrtimer_init+0x170/0x250
[  385.878627][T14609]  mac80211_hwsim_new_radio+0x2a89/0x49f0
[  385.878685][T14609]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  385.878711][T14609]  ? trace_kmalloc+0x1f/0xd0
[  385.878735][T14609]  ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0
[  385.878765][T14609]  ? kstrndup+0xbb/0x150
[  385.878806][T14609]  hwsim_new_radio_nl+0xece/0x2290
[  385.878846][T14609]  ? __pfx___nla_validate_parse+0x10/0x10
[  385.878874][T14609]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  385.878937][T14609]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  385.878970][T14609]  genl_rcv_msg+0xb1f/0xec0
[  385.879002][T14609]  ? __pfx_genl_rcv_msg+0x10/0x10
[  385.879056][T14609]  ? __pfx_lock_acquire+0x10/0x10
[  385.879088][T14609]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  385.879124][T14609]  ? __pfx___might_resched+0x10/0x10
[  385.879163][T14609]  netlink_rcv_skb+0x206/0x480
[  385.879193][T14609]  ? __pfx_genl_rcv_msg+0x10/0x10
[  385.879217][T14609]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  385.879278][T14609]  genl_rcv+0x28/0x40
[  385.879297][T14609]  netlink_unicast+0x7f6/0x990
[  385.879332][T14609]  ? __pfx_netlink_unicast+0x10/0x10
[  385.879354][T14609]  ? __virt_addr_valid+0x45f/0x530
[  385.879376][T14609]  ? __phys_addr_symbol+0x2f/0x70
[  385.879395][T14609]  ? __check_object_size+0x47a/0x730
[  385.879428][T14609]  netlink_sendmsg+0x8de/0xcb0
[  385.879471][T14609]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.879504][T14609]  ? aa_sock_msg_perm+0x91/0x160
[  385.879541][T14609]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.879568][T14609]  __sock_sendmsg+0x221/0x270
[  385.879601][T14609]  ____sys_sendmsg+0x53a/0x860
[  385.879633][T14609]  ? __pfx_____sys_sendmsg+0x10/0x10
[  385.879654][T14609]  ? __fget_files+0x2a/0x410
[  385.879688][T14609]  ? __fget_files+0x2a/0x410
[  385.879728][T14609]  __sys_sendmsg+0x269/0x350
[  385.879757][T14609]  ? __pfx___sys_sendmsg+0x10/0x10
[  385.879828][T14609]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  385.879862][T14609]  ? do_syscall_64+0x100/0x230
[  385.879892][T14609]  ? do_syscall_64+0xb6/0x230
[  385.879919][T14609]  do_syscall_64+0xf3/0x230
[  385.879945][T14609]  ? clear_bhb_loop+0x35/0x90
[  385.879978][T14609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.880007][T14609] RIP: 0033:0x7f784fb8d169
[  385.880027][T14609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.880045][T14609] RSP: 002b:00007f78509c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  385.880067][T14609] RAX: ffffffffffffffda RBX: 00007f784fda5fa0 RCX: 00007f784fb8d169
[  385.880084][T14609] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004
[  385.880097][T14609] RBP: 00007f784fc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  385.880117][T14609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  385.880147][T14609] R13: 0000000000000000 R14: 00007f784fda5fa0 R15: 00007fff0ea88748
[  385.880182][T14609]  </TASK>
[  386.305777][   T55] Bluetooth: hci3: command tx timeout
[  386.492542][T14623] x_tables: duplicate underflow at hook 2
[  386.683686][T14631] lo speed is unknown, defaulting to 1000
[  386.770247][T14636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2898'.
[  386.882862][T14643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2903'.
[  387.059074][T14503] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  387.122866][T14503] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  387.134982][T14652] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2906'.
[  387.135789][T14503] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  387.228887][T14503] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  387.559235][T14503] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.620291][T14503] 8021q: adding VLAN 0 to HW filter on device team0
[  387.669569][ T9825] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.676766][ T9825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.688924][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.696084][ T9825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.252113][T14503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.339106][T14503] veth0_vlan: entered promiscuous mode
[  388.372068][T14503] veth1_vlan: entered promiscuous mode
[  388.385964][   T55] Bluetooth: hci3: command tx timeout
[  388.416714][T14715] __nla_validate_parse: 1 callbacks suppressed
[  388.416737][T14715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2924'.
[  388.466002][T14503] veth0_macvtap: entered promiscuous mode
[  388.503322][T14503] veth1_macvtap: entered promiscuous mode
[  388.581019][T14503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.608340][T14503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.639320][T14503] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.658291][T14503] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.674839][T14503] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.685486][T14503] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.827730][ T9821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.847236][ T9821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.910088][ T9817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.932028][ T9817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  389.003790][T14731] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2930'.
[  389.027100][T14731] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2930'.
[  389.028063][T14733] FAULT_INJECTION: forcing a failure.
[  389.028063][T14733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.057552][T14733] CPU: 0 UID: 0 PID: 14733 Comm: syz.1.2931 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  389.057582][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  389.057596][T14733] Call Trace:
[  389.057604][T14733]  <TASK>
[  389.057613][T14733]  dump_stack_lvl+0x241/0x360
[  389.057645][T14733]  ? __pfx_dump_stack_lvl+0x10/0x10
[  389.057668][T14733]  ? __pfx__printk+0x10/0x10
[  389.057692][T14733]  ? __pfx_lock_release+0x10/0x10
[  389.057734][T14733]  should_fail_ex+0x40a/0x550
[  389.057771][T14733]  _copy_from_user+0x2d/0xb0
[  389.057800][T14733]  copy_msghdr_from_user+0xae/0x680
[  389.057831][T14733]  ? __pfx___might_resched+0x10/0x10
[  389.057863][T14733]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  389.057899][T14733]  ? __sys_sendmmsg+0x392/0x720
[  389.057929][T14733]  ? __might_fault+0xaa/0x120
[  389.057956][T14733]  __sys_sendmmsg+0x32b/0x720
[  389.057992][T14733]  ? __pfx___sys_sendmmsg+0x10/0x10
[  389.058029][T14733]  ? __pfx_lock_release+0x10/0x10
[  389.058058][T14733]  ? kstrtouint_from_user+0x128/0x190
[  389.058189][T14733]  ? ksys_write+0x22a/0x2b0
[  389.058217][T14733]  ? __pfx_lock_release+0x10/0x10
[  389.058257][T14733]  ? sb_end_write+0xe9/0x1c0
[  389.058289][T14733]  ? vfs_write+0x7fa/0xd10
[  389.058316][T14733]  ? __mutex_unlock_slowpath+0x227/0x800
[  389.058375][T14733]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  389.058411][T14733]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  389.058445][T14733]  ? do_syscall_64+0x100/0x230
[  389.058477][T14733]  __x64_sys_sendmmsg+0xa0/0xb0
[  389.058505][T14733]  do_syscall_64+0xf3/0x230
[  389.058531][T14733]  ? clear_bhb_loop+0x35/0x90
[  389.058566][T14733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.058596][T14733] RIP: 0033:0x7f3fd9b8d169
[  389.058615][T14733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.058635][T14733] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  389.058658][T14733] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  389.058675][T14733] RDX: 04924924924925c6 RSI: 0000400000000680 RDI: 0000000000000006
[  389.058690][T14733] RBP: 00007f3fdaa3b090 R08: 0000000000000000 R09: 0000000000000000
[  389.058705][T14733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  389.058719][T14733] R13: 0000000000000000 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  389.058753][T14733]  </TASK>
[  389.385668][T14736] netlink: 'syz.3.2933': attribute type 29 has an invalid length.
[  389.406559][T14738] netlink: 'syz.1.2934': attribute type 9 has an invalid length.
[  389.416102][T14736] netlink: 'syz.3.2933': attribute type 29 has an invalid length.
[  389.480495][T14738] netlink: 'syz.1.2934': attribute type 7 has an invalid length.
[  389.521046][T14738] netlink: 'syz.1.2934': attribute type 8 has an invalid length.
[  389.970163][T14760] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2940'.
[  390.025565][T14760] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8
[  390.066710][T14741] lo speed is unknown, defaulting to 1000
[  390.109663][T14760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2940'.
[  390.125508][T14760] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2940'.
[  390.152344][T14760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2940'.
[  391.023164][ T9817] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.121574][ T5148] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  391.132684][ T5148] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  391.141114][ T5148] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  391.149909][ T5148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  391.159057][ T5148] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  391.167640][ T5148] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  391.225333][ T9817] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.244232][T14782] lo speed is unknown, defaulting to 1000
[  391.343757][ T9817] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.383481][T14782] chnl_net:caif_netlink_parms(): no params data found
[  391.415605][ T9817] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.488789][T14782] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.495951][T14782] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.504680][T14782] bridge_slave_0: entered allmulticast mode
[  391.518240][T14782] bridge_slave_0: entered promiscuous mode
[  391.525891][T14782] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.533928][T14782] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.541321][T14782] bridge_slave_1: entered allmulticast mode
[  391.549108][T14782] bridge_slave_1: entered promiscuous mode
[  391.579835][T14782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.592032][T14782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.636419][T14782] team0: Port device team_slave_0 added
[  391.650200][T14782] team0: Port device team_slave_1 added
[  391.673610][ T9817] bridge_slave_1: left allmulticast mode
[  391.679442][ T9817] bridge_slave_1: left promiscuous mode
[  391.685131][ T9817] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.695060][ T9817] bridge_slave_0: left allmulticast mode
[  391.701071][ T9817] bridge_slave_0: left promiscuous mode
[  391.706751][ T9817] bridge0: port 1(bridge_slave_0) entered disabled state
[  392.067627][ T9817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  392.081169][ T9817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  392.092169][ T9817] bond0 (unregistering): Released all slaves
[  392.118077][T14782] batman_adv: batadv0: Adding interface: batadv_slave_0
[  392.125450][T14782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  392.152142][T14782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  392.165761][T14782] batman_adv: batadv0: Adding interface: batadv_slave_1
[  392.174596][T14782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  392.208540][T14782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  392.288318][T14782] hsr_slave_0: entered promiscuous mode
[  392.294442][T14782] hsr_slave_1: entered promiscuous mode
[  392.301480][T14782] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  392.309806][T14782] Cannot create hsr debugfs directory
[  392.404982][ T9817] hsr_slave_0: left promiscuous mode
[  392.416065][ T9817] hsr_slave_1: left promiscuous mode
[  392.422967][ T9817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  392.436181][ T9817] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.444401][ T9817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  392.452353][ T9817] batman_adv: batadv0: Removing interface: batadv_slave_1
[  392.478502][ T9817] veth1_macvtap: left promiscuous mode
[  392.484078][ T9817] veth0_macvtap: left promiscuous mode
[  392.489791][ T9817] veth1_vlan: left promiscuous mode
[  392.495068][ T9817] veth0_vlan: left promiscuous mode
[  392.705897][T14794] netlink: 'syz.4.2950': attribute type 1 has an invalid length.
[  393.150065][ T5148] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  393.164063][ T5148] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  393.173393][ T5148] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  393.183361][ T5148] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  393.193206][ T5148] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  393.201053][ T5148] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  393.257366][ T5148] Bluetooth: hci3: command tx timeout
[  393.494688][T14816] ieee802154 phy1 wpan1: encryption failed: -22
[  393.548539][ T9817] team0 (unregistering): Port device team_slave_1 removed
[  393.603554][ T9817] team0 (unregistering): Port device team_slave_0 removed
[  394.072497][T14794] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  394.174774][T14810] lo speed is unknown, defaulting to 1000
[  394.479543][T14825] netlink: 'syz.0.2956': attribute type 21 has an invalid length.
[  394.502716][T14825] netlink: 'syz.0.2956': attribute type 1 has an invalid length.
[  394.890704][T14810] chnl_net:caif_netlink_parms(): no params data found
[  395.259407][ T5148] Bluetooth: hci4: command tx timeout
[  395.323232][T14810] bridge0: port 1(bridge_slave_0) entered blocking state
[  395.336992][ T5148] Bluetooth: hci3: command tx timeout
[  395.346477][T14810] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.370086][T14810] bridge_slave_0: entered allmulticast mode
[  395.397493][T14810] bridge_slave_0: entered promiscuous mode
[  395.410470][T14810] bridge0: port 2(bridge_slave_1) entered blocking state
[  395.427366][T14810] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.434518][T14810] bridge_slave_1: entered allmulticast mode
[  395.451421][T14810] bridge_slave_1: entered promiscuous mode
[  395.579724][T14810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  395.627201][T14782] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  395.657521][T14810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  395.693142][T14782] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  395.729231][T14782] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  395.765288][T14810] team0: Port device team_slave_0 added
[  395.782103][T14810] team0: Port device team_slave_1 added
[  395.794413][T14782] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  395.829214][T14857] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.2963'.
[  395.838848][T14857] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  395.895822][T14857] bridge0: port 1(vlan4) entered blocking state
[  395.910518][T14857] bridge0: port 1(vlan4) entered disabled state
[  395.922868][T14857] vlan4: entered allmulticast mode
[  395.930175][T14857] vlan4: entered promiscuous mode
[  395.955487][T14810] batman_adv: batadv0: Adding interface: batadv_slave_0
[  395.976419][T14810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.003213][T14810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  396.016165][T14810] batman_adv: batadv0: Adding interface: batadv_slave_1
[  396.023382][T14810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  396.049828][T14810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  396.131195][T14810] hsr_slave_0: entered promiscuous mode
[  396.138637][T14810] hsr_slave_1: entered promiscuous mode
[  396.144659][T14810] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  396.153163][T14810] Cannot create hsr debugfs directory
[  396.407811][T14867] netlink: 'syz.0.2965': attribute type 1 has an invalid length.
[  396.480415][T14867] 8021q: adding VLAN 0 to HW filter on device bond4
[  396.504937][T14782] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.596402][T14877] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma?
[  396.600237][T14782] 8021q: adding VLAN 0 to HW filter on device team0
[  396.681486][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.688701][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.751028][ T9813] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.758255][ T9813] bridge0: port 2(bridge_slave_1) entered forwarding state
[  396.965446][T14782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  396.976661][T14782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  397.008085][T14888] lo speed is unknown, defaulting to 1000
[  397.271551][T14810] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  397.303261][T14810] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  397.337473][ T5148] Bluetooth: hci4: command tx timeout
[  397.372653][T14810] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  397.413641][T14810] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  397.421409][ T5148] Bluetooth: hci3: command tx timeout
[  397.574712][T14782] 8021q: adding VLAN 0 to HW filter on device batadv0
[  397.718927][T14782] veth0_vlan: entered promiscuous mode
[  397.760272][T14782] veth1_vlan: entered promiscuous mode
[  397.781792][T14810] 8021q: adding VLAN 0 to HW filter on device bond0
[  397.798594][T14899] lo speed is unknown, defaulting to 1000
[  397.881935][T14900] lo speed is unknown, defaulting to 1000
[  397.895873][T14782] veth0_macvtap: entered promiscuous mode
[  397.935281][T14810] 8021q: adding VLAN 0 to HW filter on device team0
[  397.985675][ T9813] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.993027][ T9813] bridge0: port 1(bridge_slave_0) entered forwarding state
[  398.012650][T14905] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  398.062375][T14782] veth1_macvtap: entered promiscuous mode
[  398.126049][ T9825] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.133293][ T9825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  398.179530][T14782] batman_adv: batadv0: Interface activated: batadv_slave_0
[  398.227219][T14782] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.265798][T14782] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.275366][T14782] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.286837][T14782] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.295609][T14782] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  398.750654][ T9821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.777572][ T9821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.847115][ T9811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.855005][ T9811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.235796][T14810] 8021q: adding VLAN 0 to HW filter on device batadv0
[  399.409185][T14810] veth0_vlan: entered promiscuous mode
[  399.416967][ T5148] Bluetooth: hci4: command tx timeout
[  399.498241][ T5148] Bluetooth: hci3: command tx timeout
[  399.505816][T14810] veth1_vlan: entered promiscuous mode
[  399.598887][T14810] veth0_macvtap: entered promiscuous mode
[  399.641974][T14810] veth1_macvtap: entered promiscuous mode
[  399.720214][T14810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  399.746727][T14947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2985'.
[  399.761799][T14810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.796933][T14947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2985'.
[  399.808751][T14810] batman_adv: batadv0: Interface activated: batadv_slave_0
[  399.856235][T14946] netlink: set zone limit has 4 unknown bytes
[  399.858965][T14810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  399.882793][T14947] netlink: 'syz.1.2985': attribute type 13 has an invalid length.
[  399.927130][T14810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  399.956716][T14810] batman_adv: batadv0: Interface activated: batadv_slave_1
[  400.055842][T14810] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.075672][T14952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2992'.
[  400.099494][T14810] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.131379][T14810] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.159543][T14810] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  400.190913][T14956] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2992'.
[  400.392152][T14962] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000197: 0000 [#1] PREEMPT SMP KASAN PTI
[  400.404798][T14962] KASAN: null-ptr-deref in range [0x0000000000000cb8-0x0000000000000cbf]
[  400.413239][T14962] CPU: 1 UID: 0 PID: 14962 Comm: syz.1.2995 Not tainted 6.14.0-rc5-syzkaller-01064-g2525e16a2bae #0
[  400.424031][T14962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  400.434108][T14962] RIP: 0010:bpf_map_offload_map_alloc+0x19a/0x910
[  400.440547][T14962] Code: 48 89 44 24 30 42 80 3c 20 00 74 08 48 89 df e8 ac e6 3b 00 48 89 5c 24 18 4c 89 2b 49 8d 9d bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 df 06 00 00 0f b6 1b 31 ff 89 de e8 dd
[  400.460177][T14962] RSP: 0018:ffffc9000440fbc0 EFLAGS: 00010203
[  400.466258][T14962] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000080000
[  400.474233][T14962] RDX: ffffc9000d61d000 RSI: 0000000000000063 RDI: 0000000000000064
[  400.482208][T14962] RBP: ffffc9000440fcd8 R08: ffffffff903d0b77 R09: 1ffffffff207a16e
[  400.490182][T14962] R10: dffffc0000000000 R11: fffffbfff207a16f R12: dffffc0000000000
[  400.498163][T14962] R13: 0000000000000000 R14: ffff8880354a0000 R15: 1ffff92000881f80
[  400.506140][T14962] FS:  00007f3fdaa3b6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  400.515072][T14962] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  400.521660][T14962] CR2: 00007f3fdaa3af98 CR3: 0000000033722000 CR4: 00000000003526f0
[  400.529640][T14962] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  400.537639][T14962] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  400.545611][T14962] Call Trace:
[  400.548892][T14962]  <TASK>
[  400.551826][T14962]  ? __die_body+0x5f/0xb0
[  400.556169][T14962]  ? die_addr+0xb0/0xe0
[  400.560335][T14962]  ? exc_general_protection+0x3dd/0x5d0
[  400.565898][T14962]  ? asm_exc_general_protection+0x26/0x30
[  400.571635][T14962]  ? bpf_map_offload_map_alloc+0x19a/0x910
[  400.577448][T14962]  ? __pfx_bpf_map_offload_map_alloc+0x10/0x10
[  400.583605][T14962]  ? __pfx___might_resched+0x10/0x10
[  400.588896][T14962]  ? __might_fault+0xaa/0x120
[  400.593572][T14962]  ? __pfx_lock_release+0x10/0x10
[  400.598608][T14962]  ? array_map_alloc_check+0x287/0x350
[  400.604074][T14962]  map_create+0x946/0x11c0
[  400.608502][T14962]  __sys_bpf+0x6d3/0x820
[  400.612753][T14962]  ? __pfx___sys_bpf+0x10/0x10
[  400.617529][T14962]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  400.623522][T14962]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  400.629864][T14962]  ? exc_page_fault+0x590/0x8b0
[  400.635071][T14962]  __x64_sys_bpf+0x7c/0x90
[  400.639498][T14962]  do_syscall_64+0xf3/0x230
[  400.644021][T14962]  ? clear_bhb_loop+0x35/0x90
[  400.648711][T14962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.654616][T14962] RIP: 0033:0x7f3fd9b8d169
[  400.659032][T14962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.678642][T14962] RSP: 002b:00007f3fdaa3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  400.687148][T14962] RAX: ffffffffffffffda RBX: 00007f3fd9da5fa0 RCX: 00007f3fd9b8d169
[  400.695122][T14962] RDX: 0000000000000048 RSI: 0000400000000000 RDI: 0000000000000000
[  400.703097][T14962] RBP: 00007f3fd9c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  400.711073][T14962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  400.719047][T14962] R13: 0000000000000001 R14: 00007f3fd9da5fa0 R15: 00007fff315ed3f8
[  400.727034][T14962]  </TASK>
[  400.730056][T14962] Modules linked in:
[  400.735120][T14962] ---[ end trace 0000000000000000 ]---
[  400.743556][T14962] RIP: 0010:bpf_map_offload_map_alloc+0x19a/0x910
[  400.751525][T14962] Code: 48 89 44 24 30 42 80 3c 20 00 74 08 48 89 df e8 ac e6 3b 00 48 89 5c 24 18 4c 89 2b 49 8d 9d bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 df 06 00 00 0f b6 1b 31 ff 89 de e8 dd
[  400.778636][T14962] RSP: 0018:ffffc9000440fbc0 EFLAGS: 00010203
[  400.784925][T14962] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000080000
[  400.802256][T14962] RDX: ffffc9000d61d000 RSI: 0000000000000063 RDI: 0000000000000064
[  400.811098][T14962] RBP: ffffc9000440fcd8 R08: ffffffff903d0b77 R09: 1ffffffff207a16e
[  400.819299][T14962] R10: dffffc0000000000 R11: fffffbfff207a16f R12: dffffc0000000000
[  400.827644][T14962] R13: 0000000000000000 R14: ffff8880354a0000 R15: 1ffff92000881f80
[  400.835657][T14962] FS:  00007f3fdaa3b6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  400.845095][T14962] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  400.852377][T14962] CR2: 00007fbaffd78ab8 CR3: 0000000033722000 CR4: 00000000003526f0
[  400.860511][T14962] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  400.869325][T14962] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  400.877401][T14962] Kernel panic - not syncing: Fatal exception
[  400.883809][T14962] Kernel Offset: disabled
[  400.888139][T14962] Rebooting in 86400 seconds..