last executing test programs:

1m15.414952934s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

1m1.034789429s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

47.776184351s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

31.590048191s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

19.941624542s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

8.244123945s ago: executing program 2 (id=552):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080), 0x6)
sendto$inet6(r2, &(0x7f0000006580)="e2", 0x1, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="030300000000000000000c0000f3070003"], 0x1c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000180)=0x4)
r6 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0)={0x1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRES16=r7, @ANYRES8=r6, @ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r9, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000000000008", 0x1d)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r8, 0x27, 0x14, 0x0, &(0x7f0000000440)="f8ad48cc02cb29dcc8007f5b08009f59d351f20c", 0x0, 0x3ffe, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r10, &(0x7f0000000280)={0x1d, r11, 0x1, {0x1, 0x0, 0x2}}, 0x18)
sendmmsg(r10, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x8a, &(0x7f00000005c0), 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

2.585911099s ago: executing program 1 (id=1746):
r0 = socket(0x2b, 0x1, 0x1)
sendmmsg$sock(r0, &(0x7f0000001280)=[{{&(0x7f0000000240)=@in6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}}], 0x1, 0x20000001)
connect$netlink(r0, &(0x7f0000000000)=@unspec={0x700}, 0xc)

2.123807774s ago: executing program 0 (id=1747):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x2000, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e000f00"}}}]}, 0x48}}, 0x0)

1.903862136s ago: executing program 0 (id=1748):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0xb0b}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r2, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004080)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000640)={0x44, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x5}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x2}]}, 0x44}}, 0x0)

1.797761785s ago: executing program 4 (id=1749):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB], 0xb8}}, 0x0)
sendmsg$inet(r0, 0x0, 0x30004001)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(0x3)

1.74956541s ago: executing program 0 (id=1750):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0xfb80de84199d8fc4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4000000)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x2000000)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={<r3=>0x0, @multicast1, @broadcast}, &(0x7f0000000180)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'gretap0\x00', &(0x7f0000000280)={'syztnl2\x00', <r5=>0x0, 0x20, 0x8000, 0x1ff, 0x7fffffff, {{0x1a, 0x4, 0x1, 0x37, 0x68, 0x65, 0x0, 0x9, 0x4, 0x0, @broadcast, @private=0xa010100, {[@ssrr={0x89, 0x27, 0xb4, [@loopback, @rand_addr=0x64010101, @multicast1, @private=0xa010101, @remote, @rand_addr=0x64010101, @private=0xa010100, @multicast2, @dev={0xac, 0x14, 0x14, 0x3a}]}, @timestamp={0x44, 0x1c, 0xf3, 0x0, 0x5, [0x200, 0x5, 0x6, 0x36, 0x42b, 0x10000]}, @generic={0x88, 0xf, "86df0596ef417e38a49b782617"}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000400)={'team0\x00', <r6=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000440)={'sit0\x00', <r7=>0x0, 0x8, 0x10, 0xfffffff8, 0x8, {{0x4b, 0x4, 0x2, 0x2f, 0x12c, 0x68, 0x0, 0xc7, 0x2f, 0x0, @private=0xa010102, @private=0xa010101, {[@timestamp_addr={0x44, 0xc, 0x59, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}]}, @cipso={0x86, 0x41, 0x3, [{0x2, 0xb, "24049408f152c651a8"}, {0x7, 0xd, "961dd6bc0ebf00ce70b85a"}, {0x5, 0x5, "51904e"}, {0x6, 0xf, "a0878b01d8a186a452278bc247"}, {0x0, 0xf, "c59f481eb818c6e4ed7a6b5118"}]}, @timestamp={0x44, 0x14, 0x35, 0x0, 0x2, [0xc1, 0x6, 0x7, 0x6]}, @end, @rr={0x7, 0x7, 0x61, [@broadcast]}, @cipso={0x86, 0x5c, 0x2, [{0x0, 0x8, "eea1b1270dcd"}, {0x7, 0x9, "a2fa1a01d0254a"}, {0x0, 0x7, "acc52b1746"}, {0x1, 0x10, "e7f2615cf6e0d9957b7d56635961"}, {0x7, 0x11, "84523ce6e48e18d2612d3d3741ef9b"}, {0x5, 0xe, "8d2d713deafdd7d45a307002"}, {0x7, 0x8, "e58acbcd5d2b"}, {0x5, 0x7, "834cbd9e1d"}]}, @rr={0x7, 0x23, 0x67, [@local, @remote, @local, @local, @rand_addr=0x64010102, @multicast1, @broadcast, @local]}, @generic={0x82, 0x12, "edbefc77c88708a9046fa6302810bb17"}, @timestamp={0x44, 0x14, 0x79, 0x0, 0x7, [0x4, 0xa, 0xffffffff, 0xfffffb12]}, @ssrr={0x89, 0x7, 0xa9, [@remote]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000008c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000880)={&(0x7f0000000900)={0x210, r2, 0x10, 0x70bd28, 0x25dfdbfb, {}, [{{0x8, 0x1, r8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r4}, {0xc4, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}]}}, {{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x90, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}, {0x8}}}]}}]}, 0x210}, 0x1, 0x0, 0x0, 0x4000040}, 0x8080)
sendto$inet6(r1, 0x0, 0x0, 0x8100, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast1, 0xffffffff}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000001080)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="15d9", 0x2}], 0x1}}], 0x1, 0x2000c801)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000c2b000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000005380)=""/231, 0x107f, 0x0, 0x0}, &(0x7f00000064c0)=0x40)

1.636309673s ago: executing program 0 (id=1751):
socket$inet6(0xa, 0x200000000003, 0x87)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x10, 0x2b, 0x0, @private2, @local, {[@hopopts={0x87}], {0x0, 0x3b, 0x8}}}}}}, 0x0)

1.63566793s ago: executing program 4 (id=1752):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x2, 0x0, 0x2, 0x20, 0x0, 0x84, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x1000000000005}, {0x0, 0x0, 0x1}, 0x0, 0x20000}}, 0xb8}}, 0x4008040)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x108)
close(r3)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7}]}, 0x54}}, 0x0)

1.591950333s ago: executing program 1 (id=1753):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) (fail_nth: 7)

1.47527763s ago: executing program 1 (id=1754):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
accept4$rose(r0, 0x0, 0x0, 0x800)
socket$inet(0x2, 0x2, 0x0)

1.461417011s ago: executing program 0 (id=1755):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec", 0x4b, 0x182, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)={0x14, 0x1e, 0xa01, 0x0, 0x0, {0x8}}, 0x14}}, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff6a0af0fff8ffff1971a400fe00000000b7060000080000002d6400000000000045040300010000001704000001000a00b7040000ff010000720af2fe000000008500000049000000b700000070b2000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d761ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a8321e056acf27c34bed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb93ce1c0983cdcb48477b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e44c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6bc7c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c460880000000000000000000000000000007a4604baa70bda5d5f18f54e9638350a6dd81a55ab5528efd1ef5a564908db7cce99e5c569c2947763b90e03b6d1a53b590e4ff4867f0d86b9af58244866b9df33634c8d85ce1b3bfa3e5bec6989c907c2f46b9a837676e07d87bb7dba3f34694ceb5b9faf10eece00bcfd503ed3f3048782665a848d79e443de4ba97db3a9bde69be7612cb1441c61eadd5bb4494ff2eb189c2ab3a241c12f764c0719650c"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000080), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
connect$netlink(r0, &(0x7f0000000000)=@unspec={0x0, 0xe803}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r3=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={0x0, &(0x7f00000007c0)=""/20, 0x27, 0x14, 0x0, 0x4, 0x10000, @value=r0}, 0x28)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r5, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
setsockopt$inet6_tcp_int(r5, 0x6, 0x3, &(0x7f0000000040)=0x916, 0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup=r4, 0xffffffffffffffff, 0x1, 0x0, 0x0, @void, @value}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_tracing={0x1a, 0x5, &(0x7f00000008c0)=ANY=[@ANYBLOB="186400000a0000000000000008000000850000001500000018160000b1b1d9f297098dfe6af58694649b97a185c6440b1b3e784cce65b720cc62538b34e7a34baea1047ff1ecb62befd45bf2712098b78f0929e9d5a34302ae7d27fc7ae7ab53d0a640b5e5ba90fc72b7424f4966e08c09265cb80defebed848afafb9604b488dacf538b47d50c2f1ee1fec5fc790957f961c028eaa734557e98b91c866f2b8aa4eaa645b3fa00"/182, @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000002c0)='syzkaller\x00', 0x2, 0x4f, &(0x7f0000000300)=""/79, 0x41100, 0x4, '\x00', r3, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0xc, 0x6, 0x9}, 0x10, 0x242e6, r2, 0x4, &(0x7f00000004c0)=[0xffffffffffffffff], &(0x7f00000005c0)=[{0x4, 0x4, 0x10, 0xa}, {0x0, 0x4, 0xf, 0x2}, {0x1, 0x4, 0x1, 0x3}, {0x5, 0x4, 0xc, 0xb}], 0x10, 0x40, @void, @value}, 0x94)
recvmmsg(0xffffffffffffffff, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40000001, &(0x7f0000000a00))

1.359976016s ago: executing program 3 (id=1756):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x44, r2, 0x1, 0x1, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x7}]}, 0x44}}, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2080}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r4, 0x0, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x8040)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000001280)=""/247, &(0x7f0000000200)=0xf7)

1.284169248s ago: executing program 1 (id=1757):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0xffffffffffffff58, 0x24, 0x2, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x9}, {0xfff2, 0x8}}}, 0x24}}, 0xe070faa2eb21c198)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x7, 0x5275, 0x10}}}}]}, 0x44}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000037072b51f056e1833bc92e4a535ae000000140001800600"], 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc8420028}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0xb8, r3, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xff}]}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007080)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfff2}, {0x10, 0x4}, {0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.137335273s ago: executing program 3 (id=1758):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001a00010000004000000200008180000000000401"], 0x1c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_bpf={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0xfffffffffffffd5c}, {0x4}, {0xc}, {0xc}}}, @m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)

943.949171ms ago: executing program 1 (id=1759):
syz_emit_ethernet(0x52, &(0x7f0000000440)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x1c, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @local, {[@dstopts={0x4}], "1ce302d74f6ae54b8ea6c756cdf9a157b64679a9"}}}}}, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000003c0)="f201efc7328eb4fc3ec897902f77ca8679408aba83", 0x15}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)="909aff2688ab00ad7a27b79f59982da25ed1a5b86786117c", 0x18}], 0x1}}], 0x2, 0x8008801)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000005c0)="98", 0x1}], 0x1}}], 0x1, 0x0)

927.319335ms ago: executing program 4 (id=1760):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) (async)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x0, 0x0, 0x400}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1000}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000001a00), 0xffffffffffffffff) (rerun: 64)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000001a80)={0x14, r2, 0x1}, 0x14}}, 0x0)

893.315889ms ago: executing program 0 (id=1761):
unshare(0x68060200)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x21, &(0x7f0000001300)=ANY=[@ANYBLOB="3ccd7891770a6647589aec92ba41e3def7cbc101c693c49d102dccd74fcdd5effc3ccb74d7403147a92e4c6c07e7014ab9636ed80231173da3aa6cbfc65cc1875922a588eef5d6cb5ead2e951bbdb8705790e2316f2ac7a4945a9060e863128ebbc1ecf33fe21ca0f3507f83d5473eb2de8bc0e572f7e8685b12319f754d8e232d809872646ef3b6214a5149ccca52896d285602347d67eb6a9701bdc95e42e452a203293b790feba48a1ed441160c9adb028d4f9ce867d3b8147bad196d15198d4e93cc93d56a6102c262650bae91c08fc870be0d40cf2fd0f477fe69684fb63d0988db69d3176b8f6eef27787c288ea2ba6b5e3b8c61e01294a90f182e05373342534d295f844e5b04b094b909f2be20376622573ff27fb748372dde9615d85cf0177909b3265f83cded421b2031fa23686c989f6a1e50edeeb91383520a02d833b2b8446103e96a2240aa22860f4903df138ed27162a52939fac68e5f4952540ac1ace6b77132e38dbfdb7d830a059fcbd9416412058272be370d950413c8f419a521a65f1e9fc14d55c2d6c015147cb852324bc05ed6097199d4957f74706750280e740c24ed7924e69a243625f29d5459cc7aaff90d293b2611ab63db3bf7b22de13e1ceda66ad82511d99af43c395e09f1ffda6ce7708d6e8af3915a355c96f163cda0384a58564bfc943356d42f8befc6db54e78900c45828f91b1643ca01fbdd3a51c71004193a619d20b1c02130332fd90d6e40a9c3f0d96dfca75f544c5c9d5fddf2fa34621f9d69ea06e4d1f1edf32025161e5ae234075177199c18116d4223913ce9cfdee2da5977613fd578f1061ae6a993f4aa1c2bfaaf204c167c718b9839b9ba4016ccb407723d411d160c883faa54815fb0640fa9527306416a3fb081965aaeb1be2a3ff5964fcc2b62f1a753be9dc14a2e0c1b1e97486e3722404028218cbd843706b5914ef0cb004a8297383bb1b9480a84cffe36c4e0b3894898ae9750ed5da9bffb58e916b9c6b8979fd8268548b99c779a5e68be21bcd1d16d5ff2908d32c1d63a54461ac85db29825e0358ca3e25a13155ad618a87632b42b3fea3f8b141f98993e06b5f245575198c5a2247f247fc653ceb33a3e0fb5fdc704436f71030b28fb87febc3728c50a6ade2f0cc3eeac618906b9a144ed5acc57c63891a68d4a0aad847a06bc578370a8ce84714e7d79eefa095fae958128c51a669e340498a53fd634ed6d40837c9ec8cb8ab970027844ab4b1d4a9a32358f153c6609d74f4cf3802fda4d976eae03de1ba0e7489d6ad2ad91ff9927ffdd1a360856a807e48ad92fa12ee04c4e4bb013b28ac7b6f67efe9514dba045d6c2f6684eaa6d944608e50152083b63ab8ccbadabb319c2ab95b754006bb10ad26cd93efff6c647960e5e4d5b747d3bd90f031d2ebec99afecc956cbac9b6821986c10d31052306c7c8f5384b7fc9b5fdd0ff2edb39f869c73a3043fd1941ada472388fb4b3488f584a91a0eec3ef739d18a6fca1712bdffe72961b8ce23418cd1928d70a177965193aa8f5bd5d8dd1cfdd20a7abaec1926ae57203c89bbdd0bd5261abf996957668b8db8b1aba20d0c6b4589e27d5dfddc8887eadd3dc4cc28de01afea5bd84edd22216ae9551021c8b1f28b03b528464ba835445f8497765a9dbf0266f588ab7267f452c24f33e6f9ff0e4351cb2ea9db201b5d3dec27af7c8bfd6494c6b4407cdc3330607521cbe5ce24b3513a32ccd45ab178f54c50f7dceeb3d4c430562ca81d5d4aceb4f38dd6dc4142cfc9db81075a3297ce5a3e3b55e1a4f2b3eba7b4dd2058127baab95b6cc9b1df948e2be6b104c97f36f0f607c3f4568aec52b2656128735892d13d208653b1211b53afc022bcfe5f008ade4ac446f8606ef32fe5da1d5adeb62a6aa92cb663e090d97ba5bbf2d4f02ccd506040483086092eb3ad5b1027fb10a7e8d02280eea274d1e16baf62f0ba93f55f82f85c37c5ce29747e3e9f08406ac8f137587974bf92db180739a33ac1c673795f0765877efe9cdf912afc431d9bfff05cee91a84beabe1a60731147a4e8bd388bf97640b4bd451b78242f2d8eac14c03fe746787a2d305db4780116e7e2452ec4ef3ebf8879c1d7a7b1a392c4669a15d7d2bd1c959ec2b4d0035548366ab857638ba88fa1c83a4a49d9a4ed2cbabc5ef31000e2d01b6067172ccd09b96025bf16b79c2036ca4b6770574f64de9fcaa730b090af21362dfeed1ebcadc35f5df1ea5743e7912087c8192108a1c416486e8bebb488cb5c4b9ccfd29374267b41829c3188c736f0e309d8223b4659a82958b03d403b2e4998a54020fe2467ccb4b2b3175619e9fda96ad6e0487cffa6c2fc896482bc01ece0d7745557f0c11e8e0a8e18eb06f5510a6179aad42296979f50865ce9600239daa6063f721c8f9747cd0c3214ac57e5440570fbf0ca09508aca34e74ef033321b32e7f0bc19fabc70e0f90df8f652c5f58f3ae6a96bf04d0266e776e1b9c34da208235ff6f7e258fe00706591cf739b176e274807a80a85ae9f416299fbd17cf6e41579e5022b18d25bdb8f0d7587a6dfa0d3e35ffd6a3e81f194d4ec4f8170fd083bcb18b85a2af0b2842f747573619c4aa6fa7c076c8852dbc8b69886b76afc18cf7363a0701e4483b46d80b73cb6f40069e03ab5efd1349cff55f3686bb52cd9cadcebba8d4aae212ca483cb1780fbfe06789456b74909e54906d887353dad699d93dea77d8a851db0c05cf32af50cc6a181b026a6eb893737447ccba7ceccb01d6c7fd45f63f7ff90ce8d7f6920ed780126677d3d277017ff8d10c71139c6afa4d3ecbb6dfea01dc2812f04ce5ca6896187090c74b3adb8396282a8892dee0cc8de216b2273b6617e4d0e50b8501d33231fa30483e2495aff120dedaa31a587e1388fac90c7be3a98c7a34eb916886f08449763be4fd9024311f78792b8049428e4fa37dfaf5d46d0d39474c94358a4b9df6ddd1ef440c895413c1a0446166c5dfc32b26224dfb65771464a5ef1a545e27450805b2c7d4793b55050d29d1e1b2d36f9e41615804b548b862a22a71c9d310a31ca5a47f1eee1bd53b501357fd91cc31667b6053af43c9cfe79a7bd05c69a963592bdc5e900f96559184f6681dca944f5d6a1f87e1578b01ba3cc9ac8a4d258b2d97c78bca83cd0f9abb901d62da90f4adf39e1ea233f55a6fac4caa4ad8ffd50dc6230eb2972554d20e1af341aeec977da1b02ce3bc114797809939f67b79d00c7f2c1c43cbe57bd009a83061372a53c32abcbaf458d13be65c2fe372673e20288fd2b81f321d7b7e670c449706fc46e92102f20c2103c085a5d98473f8ac240fa74d21644cdb29d57b27b5b7c04a0c740361d04b13e2700bfa52bb44da455a43d3810c41118e17d17c755d5cabfc7868ba93d7848c6a13ad807a24df1fe8d245412a807251040db17ab2fbf586849b29be54afa860e5622d7169d8026d398ca82e008e103bad523a5d4a3d5c53a0e46b5b102499d7e8a2c95cf4376fbccd3fae5a7e6956d6b6c187768e9648371be0330241aa9d95cb0ac113ca50fec963d56021843c7333a07dcdc38623432315ea4de56e74eabf9df486825fe75e5ac9ef02ec59439f5704de01136d643bcc42761602bfac164fb3bc72631780b1739da12796a2be3aed29ddadf9f899debfa50ad6087ad49447440dc8643174dbb0778c0d355bde75a3492e491884b95001dac2d636e3b338491dc1345a7dfbe8e9ba7b55b327f67f3c33c04bae15aa3a58633f24504f64b5cd8cc30262e5fc4ee1f572b34cb824fcb6ace28cd900c3676d6f8b4f3f36ffed808a4c5946af3d46937c616d18026138fd74a60371d3d09de13064b3cb7bfcf4884f11f72a789f9b8499a9ea1d23e59ed52deeaff32ed5e9422b6b810fb2821f9f8f1964b2e8576958db3785d7816098b96b075bd46ac8e2cafbca51c07534803c0287184993e28ced876f162943ff8481142e797dea7db1f2aa265922733b9a2b58bf1acac0f7b16057700ede8e892fe45f4e7702807a5a41684b95c5b545f12f489989faa44272de95b3d1f9172d6cb99c161ce3577323c848f42ebe613f9a87eae0aee2517a34cad2e6420352267f1dc4eecbdd8bdf32133d7ea5116e1c4e5078191d7a92871278788ccff6096e96d2490b2a0ea77c024b27de94b63ec445ff773187665e73bb13917e339d609b4cc9a960c880fc67fd91a0f164cfe84e751b6d7fa1552d18abe23c743835d7bd0d829f208d6d87d44b97fc01637ef5a77108e8db6e2a170df5d11570adab9025d424ac409317addddeedf405f6da872ac07e1c9879c5ac6c351b57a3f8514f856f2d8e3ce46286f0352dd2f2cb264eddd76d23dd8b6db45a397f325880d88bca1250eddf35a861092fcc418b7250882c1ffbee206142537e43be17c86c1a02287891ac165d101de76688c8e2993f6d01ec09ae22987ccbb5cdecb74ae0870101969f65ecf41b468c477741e9e901b0687632da3751e25d3c53d0b5641447cfa80a782e261315147147b8834f9449cb9eb5dae0126f5c83832d79d73513ef94b4688e2dc0490b20af7596d668b4165199e4698bddbb457be550b80df5a48cc5688aa8dcb92eb60067710e2160c587998d8a9a46a1837269d6b6400aaf4e1ba2f15e1eea75b46eee7e7a645d65b0e4aa7ea55f7006874354f4715a4f621df83cc0273424200a4d954a4e66800b6f744e430dbf3e86675c022174cfd6bc10ee0becb2045bd2d0b9439e9d64ebb368335aab69a16a52921e00ca620b04c762f3b021e58a024af4cc0b35493f886989e24e82657a18c560f0f2a9d5edf8de0cdc3ff282013827a083f97da77712116d54c39c2dee5e7fb6b512f7ed9ee74fc7778bdf4cd581523ad25cb87ebb1b4b2aca8cc0d85312b720b758864fdc6b5448ac76375852f1fdf6c6cfa64b756e05f3752e2f3c536fdca39b855579487d196b073dd0b7a95756bb4625aef88d36b20612a914b902c2f933c13e12e0ea9bf157cef52f60d4a570af2aef6b21dd1f9e668de0e8f1d65072dc13e2a9920be39102117ff6474fc0398783aa5186114bb4310646b1dc95b4c5753865412c8bdab84046315cc6acdfccf4ee314db971d1393a05967df49bdfc9fde8c63870b2d5985ff8582fcf16e2fd6940fcdeb85610faa2e91d719f02237c0fa1394051a1e281bbd867beaff4b7fd28e6e128d7a7e0c3055aba165fa6dfc49554de32fcdad093e9f91ed5ed1ace942817be41c42f29599f50a3abdb3bf6e3958d51a076968488652cf2045285696fc73d9fbe0f18bf0594b6ad634106748979c17b9c9203c04f8df477c5cea13f64f7e928ccccba31661b1b70b30391e0a8391883787eadf14bfad6bbb48ce729d60f483286ca64392f3b226cab0940e614cc33ae1ce5f912338efa4248771f97997dfcc25840697398a854aa6360d32c7b7e0368fa0a9306f041f66ed15ab84ee37c759fd7504eec9f3fd9d4bbf60c4e633f5dc5e78ec4211f54ddf6f49bdf119438eb67419dce17857c0a76fe8f401c6940bd356d3908b82df2deaa45a5c4222ec9a5ec88a6d1ac52f5091c757dee7b1e5a2a0856f7ad64f0b111466c1aba79b07ed8f37b97e78d38c644a48776576c61b228e2204cc9f68c4d50728936de86ebafa0c29adfffff0d6ab4af587f6b4ac960bae774ac07f6cbe1d3a83065792e150d723e2313a5152da35090a4b32d21f5190ae1166bb40af8dea7fbbd8985e41a7b96d102349af91b15879793079f9e", @ANYRES8=0x0, @ANYRESHEX], 0x0)
socket$igmp(0x2, 0x3, 0x2)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r0, &(0x7f0000000000)={0x24, @short}, 0x14)
socket$netlink(0x10, 0x3, 0x8000000004)
r1 = socket$nl_route(0x10, 0x3, 0x0)
gettid()
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="54000000100001050300"/20, @ANYRES32=0x0, @ANYBLOB="00000000103000002c0000001c00028008000100030000010100000002000000080002000400"/56, @ANYBLOB="d48f42f81d2d49b1141bbfb9c9d8e9da1887227dc977f77224073ba99bbbb13036988627c675121b54ff9b8e201ed0390578278b47774359cdc6689a973b26ed789b04721174e3190911b810cfef687d4706b081c61d2ffd5baf5ea24b1c15b11f89067e1cc931b9a56a207d1fbcfac5c51fe4fae2a138eec12efc0b76ede0143f0665a6c42eeb38bad47cb32027b942f128c1b1ea51a1b3ce57005cfaa314bf0446ffc1514d66085f56acd94969a6354ee0afb08974f5bd6611c6c9a5ad0ee2d01248706c00ff2c4bfd61f5a6c6fc3c65", @ANYBLOB="563532b20000000800000000088b876f0000"], 0x54}}, 0x4)
socket$netlink(0x10, 0x3, 0x8000000004)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.idle_time\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffc, 0x8)
unshare(0x400)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000180)={<r4=>0x0, @in6={{0xa, 0x4e22, 0xf, @private2, 0xf16}}}, &(0x7f0000000040)=0x84)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r4, 0x9e}, &(0x7f0000000280)=0x8)
socket$inet6(0xa, 0x2, 0x3a)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r5, 0x0, 0x40800)

884.174448ms ago: executing program 1 (id=1762):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000241}, 0x52cc)

748.024789ms ago: executing program 3 (id=1763):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
sendto$l2tp6(r1, 0x0, 0x20, 0x4890, &(0x7f0000000040)={0xa, 0x0, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x4}, 0x0, 0x4}, 0x20)

602.292977ms ago: executing program 3 (id=1764):
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, 0x0, 0x4003f00)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r4}, 0x10)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@empty, 0x0, 0x1}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, &(0x7f0000000100))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01008a2866947adef339d099aab30d00008be50000000000000000753ee62205bb610446ae3297b700d7c5ac0defd8b73b3b83", @ANYRES32=r3, @ANYBLOB="10005a800c0001800400010004000200"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, &(0x7f00000000c0)=0x20)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, @dev={0xfe, 0x80, '\x00', 0x34}, 0xa, 0x9, 0x4, 0x400, 0x9, 0x40005, r6})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1b00000000000000000000006a478974e53ef59c", @ANYRESHEX=0x0, @ANYRES64, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="010000000200"/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x1a, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, {}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xa8f}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='GPL\x00', 0xb42e, 0xbb, &(0x7f0000000500)=""/187, 0x41100, 0x61, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x1, 0x2, 0xc7f}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000006c0)=[{0x5, 0x4, 0xb, 0x7}, {0x0, 0x4, 0xa, 0x3}, {0x5, 0x8, 0x9, 0x9}, {0x4, 0x1, 0x10, 0x1}, {0x2, 0x2, 0xc, 0xa}, {0x2, 0x5}], 0x10, 0xfffffffe, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000880)=ANY=[@ANYRESDEC, @ANYRES16=r8, @ANYBLOB="010000000000000000000200000008000300", @ANYRESOCT=r10, @ANYBLOB="0c009900000000000000000008000000080026000816"], 0x40}}, 0x0)
sendmsg$NL80211_CMD_FLUSH_PMKSA(r9, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00', <r12=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@gettfilter={0x24, 0x2e, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xed6dc87878576f7a}, {0x0, 0xec0}}}, 0x24}}, 0x0)

597.403088ms ago: executing program 4 (id=1765):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0xffffffffffffff7b}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x64}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f00000000c0)={0x0, @empty, 0x10, 0x0, 'lc\x00', 0x0, 0x0, 0xfffffffe}, 0x2c)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xa094}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), r4)
sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4048810)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r8=>0x0})
mmap(&(0x7f00006b5000/0x3000)=nil, 0x3000, 0x1000000, 0x12, r5, 0xf8830000)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x1, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x4044000)

335.795623ms ago: executing program 3 (id=1766):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$key(0xf, 0x3, 0x2)
close(r1)
socket$kcm(0x10, 0x7, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000264030004c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x50, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0xc}, @val={0x76, 0x6, {0x4, 0x5, 0x19, 0x103}}}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}]}, 0x50}}, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r3, &(0x7f00000000c0)="04", 0x1, 0x20010845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000)={0x81, 0xffffffff, 0x5, 0x58e, 0x7}, 0x14)

269.580366ms ago: executing program 4 (id=1767):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)=""/222, 0xde}, {&(0x7f0000000880)=""/262, 0x106}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000000580)=""/198, 0xc6}, {&(0x7f0000000700)=""/284, 0x11c}, {&(0x7f0000000c40)=""/4050, 0xfd2}], 0x6}, 0x104)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="1400000035000b6300800000f0ffffff450b9f24", 0x14}], 0x1}, 0x84)
r1 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@rose, @remote, @netrom, @bcast, @remote, @remote, @netrom, @rose]}, &(0x7f00000000c0)=0x48, 0x800)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000002d80), r2)
sendmmsg$sock(r1, &(0x7f0000000840)=[{{&(0x7f0000000440)=@generic={0x3, "85446ed0d0fc1b821c54496a3cd69a0627b852521420c9895cef27b79f29735f347c41691c98f94ffd9f13bfe178b7ea19e15a796840bbbf5453150ee25e5a87fc56325db9888df3307c25f40b9d9ef3c82292db5c1f64f68f740e1ae9a605e905cc0133ced189e3199f373f342b45fbb8ae796345c3d3db5fe06c8f16bb"}, 0x80, &(0x7f0000002c40)=[{&(0x7f0000001c40)="89771078cd9507810ec052e2dc17266fc1292cd8bd3c6fe46dbe9d1aca3fb289fee305539ea809a16d9957eeccaa7dff878bdf81f84fb17dd601454ccc04e8c6d4d747e10d4cd72f57ee51925615d4a71b768a916ce33abac339c5e03dd934662d1a426e5696ec2dfe149877b67eea79343243be3660cf8f393fb324c69de5c858594d5fee22d0704b92f75fbce21bef6c2c7c92a0fcb18658f7cae54eff42d81892b33305f1574750af171c851ef8df5f8b0568dd4d3496be7822bbeac234e8dc46275f1ef6e344561c5028760493754e5e46b0539bafdf03a56cd238c715c0bcc6c039b5c843c07425ae4bc29331a6f8270217eb49a98271b38e8ff50ac024928476a974908afe98302a87c5e6d3ca4bb38641e15f760a2a109cc84d9ba237d89559679b40b3e8b12344c810154df1435fc94b3a19b3a7306f0fc92b5c80649876be61fe0bd4f96c2775e467f59f320dbe5f50d3bf97d983edb89516f4a8e32504bb5af61d65940a6b47aff6800f1f313723b6ac68e4fc90ef00034457ee1faf61b0b91ce06e0835f3c9e529736f208e305a5058b766d6b9d0fc2004c6e35f21fcaa3ec7dd6a32156f6d9a44774b716241d9e8a59124d0e3ca73437c5cfaa70c1f17879aa3f59b700e7311399979ab225711caffe12829865d5408adba7363464b79c8cda8e41a1cd93f73faf01968d4dd904996a4f0fa609e990d803fd49bc3902151158b5c6964ea6b79a8d7643a8dd33f36fec8a698e1f78bb2831c183184d3417a725e846b16c8af90906f2d7e94f7fa50f70f4ecdd158282dcedd1681c014e9ac64d950f3db5bb50a82dad5e4aa5b4a99c0de78630f2886f6a109f229aa1e372ce5da41a59ad6cf94ac3c63690d52dc78976601d252a88612efa80a0e03378ac15eb5095296e8ddcdadc25775aa8ee3a909cd5d44097b4096ea113a44f8d611679c30e7bdc50a625235d86dffd5ab8e162102982e6cdb4faa7479dd788ca4b02f7f91bf23e47c4129c166d62eda50dd4de869322eda233239af1f61d20470b7ffedcf5173bb7ebd11ebc9aadf90c3dd1ac47f2e3d11e7bf8e723cc931fa8811953aeeec41aa77bb1e2c791e3427c8f9fe9e49211be286a5563cddc04180b4325e2ce10cfdb5321f01b61691678fca849515223e8811829be757a630ea445431af193ad0c3f280a3eac1ff830fa9c22cd5f60e5cc2a66aebaa1542ff68682005be2a4add11933aaf4bdd74d43edd3060198c5ce56bb6369e1c304f743cff67b978b94a4eb2f5977097273d994d6dcc82c5db125d3ac2a5b2092a2e27efec69f0e1b5ddc6ca6b7f5fa78b8a4448025727e42734096baa7da07847debc9303910684338797a299b38a452a83990fafaf5b5c98648e5012e57f8681b08685908a0af92e56716822a3095cac1e3ff0035ec010b753a60b43b89ec1d7cf28cbdc3a01a5f82eb243ac7e820405bdae2b73d470b6265fbed00b1dba377a26212b533e5094a294e4912a5598dfefb688e299927f323f540a935a093acdbc297ad8b30993513dfa3c5a6151f695d8710e05c8d49dc754093530618c8d2429959b46a0ca1441605278c0ac11e394817a7c8c3ba7560386d0e3be091fec3368f6a558111faad37811c8fb3465c72f8c5ecd0833f9b7b0880817200a1dc53e743ebf5a625779e79f2b05389578b034e3ff12d14b3603b0bf2d40d6f2f27600b17eb3ee663a840dbf68d9a3417a124cb5ab47c9e5e00a9dea3559e94a1fc57aed34919c463a71ba12a1b62439f0b32d48d9253114733314c78b9b7be3623af36ee76338c615c65d409e116b16a50bd49945cefe776a5123a8905d1e1efb29f67de3363ad02403ef48e682a34c4c477c9d5155fb7b308c38fed5c2bfb55c8e47fe50888c5250926d0291c8c611181a259766080b9b902457d06c374d4120df69d2a1a3098dd96ad8b6404bdfa71daaba9d48c9c20f9ac9b38a826e5a475268207142bbfd416e0683e492ce98f02920a24afa5e352395b4c0f5b699d97ecf4d1fd6bc48125d64a9d0ea58cc0aa0ae08863ef84e681d8e2c6ff5fbeeaca38122c676e2687bf250f42dfb9d3fd410a23d537586bc911fc7531169a5d490dae096429c2ae746319f58c4e839e84f80bbb6edb88782ff69c8ff4ccc6fdb79c9ebf9dd5c70c8119a0455e8f18e5606fb4309c57eb22f658feefaed914a09bce9b61e52b256d8d28f7def85aa3f32f6d2a941547a17f2e6ea2b809c53d6369489ccd2c92c24d6e586852aba8f703ee563beb93b663e408bea136149c0a99c0b7eb0d9f2f4bf31e5469c361c8682afe3ccc324e52780cd17defd8f9137741156fd615425e0bf731d015f2e6b476f1498b0e03157d6f9245490c0a146d8ef2528a22af7dccbc5d2113fb6e7f2bb3110fb2b75642590e4c110e6fb2cfeda1f882d972ed3321cd93fee3332cf8dc26ebc9abe8715a440f36ea42349547afede5b48f3fcd6a6491adeceb0ca9acb2232a008f5a21023a06a331b40e94fe0ccff59f36c45fa2b2c77e2e557e2af9f78d1a871f17a1fdcdd6e4214489db51516326448f87144ba4432a196a014fbb9566bee4b36fb03d4fefa1fbeb29a1adabb03297d1698242e890cb338205be5923e0afb6f853cfa1ba25155eb59b999f1462aeb22479db22723c97607a0b171a1e8d214b3b189847337c3bda84f97bfdeace3a1cedff5baa2c85dbb9d3be2edd877ba185da344ddf27636baee4d8e972c410a2fc9f53f2830a85f8677a5222ea3d7a1b53741bd508e42d4d06ea2640eb85ef37f521b0ade37c734ee4eea51d3e33e25ff2f4b41e8707ae59c4e88fce65a0f30c904ed26a787e6fcf1b01229cd380dcc774b71149f21a0a8500264648b9081bb0c1fd842c1e6dfe97c9180e9ba3a39980af9a175cc39237adf00738451a59a667e4bf2144096be45ea34653ccbb0b2550775eb36c5b94001c3c05ef325655f2afbc92ccd3e9fffe541515d0b5e0313a352aa39cc86dcb60b0b1c0120a7b2021a84c45b7e19568c6b63f0efaea28b809c31e765516331da522f06f69a9e02ecf28efe69d0dc37c90f964d263f1d6a1ddfda7478204934baba44a5c8bc7e41afae4fa12a750e0a164d1c40747749269c7fef9287ae7a8e6ee9ea718b066cee4c74ac34e71aaf454d74b9170bd880943b0ed74b1540ef05b7944bcc4c7ae20b574f7cfc919f66c930ee039dadb7682eca23c979e41e7d7e810b518171b46fa52833f5197668f16be672b98fb84c5746c192b737943c6851cba0fa638cace7945ac1c6a12774a8e813626912324311141457013cd308b9818a2dea0d7eb9b7c98f0d9dfb72c2dc0fd41fcf738bf9bf4897ff33f16b3cf0df0a3300813aadec2a036c96bff033f8b25398f163ffb1bf2083aa8b763f7b5af7c5ce7fab8ea4c4b8bee4e52959aa0ca7637be9cf1af154f56edb3ec5fa6ca4da32e9ce49e74119d86d465cf00c9c4fd2406ef26500ae4fbc4caa1ed4dd2491b15c6c3875fa0e698f5188a137303ad69d58e5f18b22fca854c161285ebe6c8ee7090b1d09aecbb62d78dcddb641cfe3b763723287ae395259c670ad1f416f92dcffeadc502b45e4a939f9ecbeb90c4e25dd0783f7a39f574746dd6a36d7c7f63340b7e05bf3c604b53941e4d24272732f86b9efe4b4608f26ba5af011e30fe522ceafb1f20f189d2144dd5bee627b8fa07e7bdefd364bf1c49606590e0f11e37db7242234d816894104a41f0b332c22cfc986c4806bf4e825c30d663835bc6d1c2d339864e750575a8601f67e8a8011193caf03e5e85955760ec55ad1601e634ca8263c47c34057b41f6aa46a92390ca4c0743a2b5545442c7bc0f096bd937805de4c8af386a86051d6d16f7952f77a1d1cbf5d28249c9ae92c82700688936bb1f088ebe726c1fe9447505f912e9aa457f79f584348cb35d40c525155d78a049d72a717fb432d7b01081511d7954f79a92a1b2b51c8756b8028298c746d339bbd0ec8780efe0f8ea4bcf3125151870c44a8f9ceeb33745b3fc4118cfa1331782bc4d1863b5e966ce776365682b149d81510d14d5ea9784768440d573f0ddff910abd0fd4fb1a6f11af78b1fd077007dcaef70b4da802f5c4bd3bbdbb3489b7eed70c3ea502d528943e68aaf8daddda4807f9646cba7f9656bb1883dc98744019c4727bc819e9f23e483acc0cc933d2e386c789ac7408289eeb3535b0fa7831816d7c1f575d9417047991280e0c9b546cc9ecfaf89a546c8e4fb6247aef5adee40eb9c6bebcce85558ce12acc9b0943bce2cda5806d87bb66d7086155afed375d641c5e9408461a3a21a69435df2265d440c640d18a992e9c7ac26e9eefc2601d515629125603104bd09c960bdaf43d1f3a2ff549a0aa6644f06e452d0bddf6e164fc5037db7eaa1d31ca1c7cdcaf7e9dc9ef6593575b1f03258245697f14326d800ed2179a38d22806231cc104c5b05d6172fc7a0ee09ee38f762c2f7976d34bd81d0cca8a184e5968cb88e1d26bcca04a75fa89eb0bd79449dd79c939d9200722f308955e4451aa9490d76a04416e480182524f3cd9063b9eaddbad0de77bae55d8ead73ddc9c48d92d25f8e3cc953e29d9b41616ac1673455ff4ab59c37d173ff373496dafca04fe6f1e1d12e07c72befef815345215e641e28e40de814e1e4f568211b472f2fd6d714f0a8930b77354a7bf13e86c88e1f630bff00f16b2c3c90965893c10ae3c0981ba03ce677441d95738ab6c2fb1b313f79d0e9511bf5c27b8de77b5b093bac9f6676806b623765b6a8094c49ecbeae266df69f58ce955b84b5f19d62f1b3f94869fbebe76bec50f32c3feaee0f0e4aa9eea63944e718149f8f3dc5b07cadaa2c0ab3137ea4b1dcb750bc001cfcc4a9a718b2a14f9fe78fd62e9b06351ca5ef7bf45a4ddd76a810447c8e32ce2bae5fb7a14c837f3e2790501574d59abfaa5b450aad32d05b41aa5611692da33a1497486e86a72abbb7c3a587eb6fb3f4054ebe058cf79341b7500a4503dc8f3f6752d724bb681630a30e52ac711ff36805e210dff5784a164d4e5c8f30629ed01ee3293224972bac224ff640f0ca80f6102731e3ebc9b63737cb0c3f20fdd989eedf22e0ca96ead4b72fba015e579e1854e944eb42817d8ce9219cd493c0f61176ab32b5c07554e138782a9fe88eaeed8fd91769cae8c6b612a1c091ce9b2f4cb95f203158f812e84002b38551a01bf3cc171409ac567d16dbbb14f32a476b15ccb48f7eda71f3ecba01a2bace73eabed0e04b6fe67c99387b85852f6410b7264ffd13d18c4b91034ea9fe66f632c0f0ab109184b298df84153ebf17b663de88f7a2bd0701459f0519c37a23b90bb288d1a04fd78cac63f5bf5f234d269c2d2d38a2255b982a8a93b4e681939be721aae9b15f4ec4ff7efab0bb34769f3eb05722f0c0cbafd4ef05fcaadd09030d2c625db1b688c161617e8ebfea38a15b8ce72b65267c99880088aa370241d6fbfa7ad9d5d003b2f89db1ffa61f3b54a479fd7d721229f92b965f71df8abdefdbef26e74dc0235d5380cc1783f41bde6e573c0cf2e4176abc53f2f3a33818258fa5130c517ac16e3e6f5606d6753e3b149b36250c91e5f2fd7172d85748fb6e8650a7c16c1a05ff46d32b5170a9ac07175fa96cf64d410e3e4a2e94003b76ccc7026a1f97660fbd74b77d5442d53e50e442ce3b54fe37bdf680f899b4cefcdd66e08c3223ac711b7fe951e2d0143723d607763278b90279db4c4b84968ebe545bb9d21db3977fa875a033a4f86310c569", 0x1000}, {&(0x7f00000004c0)="a152acd2443ea68b23", 0x9}, {&(0x7f0000000500)="3afd5ab267fa6dfd802f31b053bb4637a64740faa6203d30eb1c19423346d6a8554f9135ea6ab3732ccab7d9b57d061d663b61ccb0f98b6bc82940c05253905b480c7fe08d5107a14441e3", 0x4b}, {&(0x7f0000000a00)="ba208eab0e0a117fe4ba8900a21b0ec4e5e65e6567643ed6d0e120f38bbeffe25916fe1994f22e32455758122686c0d7d495da2def2069f8d36770895b94752bdcbb6597c652f321db7b53270ca37c10923ab505ee838360182ad4f55dd054920911fc13bbca40c9bf07cf5cf88007", 0x6f}, {&(0x7f0000000a80)="6bd70fe6505eaa8e3b0d5bb3ada8f944497cac41c2a187e30e6ca453858be2aa0d94d8567de89f7f1213c8d109c5f2cf0c8208d0308523cb3a79eedda35e5942855abfe09a250445b1c953e54a19870c2ac2f5fd706ffbb29d8548f42b767551e92e18e14a7dace994e0db7966816c72d58287345b4502ddfebf7e9e5a4818ed3f1025132cffbe8beac2dafcf4c8f3cf0c9f2f6fa05801db91493e8d8ad872c84cf109c0c09a41451c088e6206466540724690cc8aba6f59e1a89ec2c140b9541078f269c332e43ef40a12cda5fc2c780fd7aa623292f1fffdcffb3a1e33", 0xde}, {&(0x7f0000000b80)="8c7f1412167f2ffb1f3e909798ef0191f112e1689bcad47ec7e800086db799b7101f0d450137fd772663cef546023b7aa2fc1b773551a8ffade6b2fca8177f94f03d195bc7a1cdb73abd15fd3192fa0ab700cfa3bff7dec941a7c80c8092b9d177a2a03740429782b8cd30b2e1ae3e84549514dfd2e3fbc5a96208b447f6eeedb7f418a9e28a7b9cef67190862994c596061919b4cf68736df65720724d6c82ca89f3bccdbee787e326377", 0xab}], 0x6, &(0x7f0000002cc0)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0xf04}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x6}}], 0x90}}], 0x1, 0x4000)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

252.114036ms ago: executing program 3 (id=1768):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000185af61300020000004000000081000000000000070000000035cf88b71a555f8944594420bb179c39c70178d5bbcc28"], 0x1c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ec0)=@newtaction={0x88c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfff, 0x1, 0x3, 0x3, 0x0, 0x89, 0x8, 0x2, 0x81, 0x8ad0, 0x29a8, 0x8, 0xfffffffe, 0x3, 0x1, 0x3, 0x7, 0x1, 0x6, 0x9, 0x7, 0x2, 0xffff, 0x1b1e88b6, 0x1b, 0x9, 0x6, 0x9, 0x7, 0xb, 0x5, 0x2, 0x5, 0x4, 0x654, 0x8001, 0x7, 0x7dfb, 0x6, 0x6, 0x8001, 0x7, 0x1, 0x5, 0x9, 0x4, 0x80000001, 0xc3, 0x1, 0x1, 0x0, 0x1, 0x7, 0x7, 0x800, 0x7, 0xd, 0x6, 0x6, 0x8, 0xfffffff9, 0xfffffffa, 0x80000000, 0x6, 0x3, 0xc9, 0x7, 0x3, 0x3, 0x0, 0x7, 0xf, 0x2, 0x6, 0x389, 0x8, 0x7fff, 0x2, 0x0, 0xd12e, 0x6, 0x0, 0xdd7, 0x1, 0x3ff, 0x9, 0x0, 0x1, 0x8, 0xc, 0xfddd, 0x3, 0x7f, 0x0, 0xc1a, 0xa, 0x7fffffff, 0xffffffff, 0x4, 0xfffffffc, 0x5, 0x3, 0x401, 0x8, 0xa9, 0x5, 0x3ff, 0x6, 0x6, 0x8, 0xf33, 0x8, 0x6, 0x0, 0x3, 0x2, 0x1, 0x4, 0xfffffe00, 0x5, 0x7fffffff, 0x1, 0x5, 0x8, 0x81, 0x6, 0x7b, 0x4, 0xfffffffe, 0x3, 0x2, 0x6, 0x7, 0x4b1d, 0x80000000, 0x7, 0x2, 0x7ff, 0x1, 0x40, 0x1, 0x6, 0x0, 0x5, 0x8, 0x0, 0x9, 0x1, 0xfffffffd, 0x2a, 0x4, 0x3, 0x400000, 0x7, 0x9, 0x9, 0x4, 0x3, 0x4, 0x2a8f529d, 0x4c, 0x2, 0x7fffffff, 0x8, 0x7fff, 0x7ff, 0xe, 0xa92d, 0x0, 0x1, 0x6, 0xbf, 0x0, 0x1, 0x81, 0x5c, 0xfff, 0x5, 0x7a15, 0x8, 0x0, 0xac, 0x2e5bb190, 0xda3, 0x6, 0x1, 0x80000001, 0x2, 0x4, 0x7674, 0x7, 0x6, 0x6, 0x4932, 0x6, 0x9, 0x5, 0x2, 0x2, 0x5, 0xffff, 0x4, 0x6, 0x25, 0x179, 0x0, 0x6d5, 0x4, 0x8, 0x6, 0x2, 0x0, 0x1, 0x5d, 0x6, 0x6c, 0x0, 0xe, 0x8, 0x53a, 0x2, 0x9, 0x4, 0x97, 0x3, 0x1f5, 0xbd0, 0x1, 0x5, 0xecfc, 0x5, 0x4, 0x9e38, 0x2, 0xffff, 0x2, 0xdb6f, 0xff, 0x1c, 0x9, 0x5, 0x800, 0xe685, 0xdb7, 0xfffffffa, 0x7, 0x2, 0x7ff, 0x997, 0xffff, 0x3, 0xd, 0x3, 0xe, 0x4, 0xbb]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x80000001, 0x2, 0x9, 0x6, 0x9, 0x2, 0xffff, 0xfffffff9, 0x81, 0x5, 0x7fffffff, 0x81, 0x8000, 0xffffffff, 0x1, 0x8, 0x5, 0x7, 0xda8, 0xfffff800, 0x7fffffff, 0xfffffffa, 0x3, 0x4, 0x200, 0x100, 0x8, 0x7, 0x1ff, 0x0, 0xf1, 0x3, 0x8, 0x3, 0x10001, 0xc, 0x9, 0x200, 0x3, 0x543d, 0x74, 0x2, 0x8, 0x4, 0x37, 0x81, 0xd425, 0x1, 0x10, 0x200, 0x6, 0x9, 0x9, 0x1, 0x10001, 0x5, 0x4, 0x10001, 0x5, 0x40, 0x6, 0x400, 0xd87d, 0xfffffff7, 0x8, 0x3, 0x10001, 0xd1e, 0x4c8000, 0x348, 0x2, 0x8, 0x5, 0x2, 0x7fffffff, 0x0, 0x4, 0x6, 0x5, 0x0, 0x80000001, 0x10, 0xfffffc00, 0xffff, 0x81, 0x3, 0x1d4, 0x47ff, 0x3, 0x7, 0xfb6, 0x5, 0x1, 0x1000, 0x81, 0x4, 0x3, 0x10001, 0x80, 0x1, 0x5, 0x1, 0x9, 0x5, 0x5, 0x5, 0x8, 0xb, 0x5ca, 0xe, 0x6, 0xfff, 0x4, 0x80000000, 0x0, 0x4, 0x24, 0x5, 0x46, 0x3e994374, 0x7, 0x6, 0xe, 0x7f, 0x6, 0x2, 0x802, 0x4, 0x67, 0x800, 0x1ff, 0x0, 0x788, 0x0, 0x8000, 0x100, 0x9, 0xe, 0xb, 0x5, 0x7, 0xfffffff0, 0x0, 0x5, 0x7fffffff, 0xfffffffc, 0x2, 0x3, 0xfffffc01, 0x0, 0x6, 0x4, 0xf, 0x3850, 0x4, 0xe00000, 0xb9c, 0x0, 0xfffffff9, 0x0, 0x7, 0x2, 0x80, 0xfffffff9, 0x0, 0x1, 0x30, 0x1, 0x7, 0x140000, 0xfffffff8, 0x23, 0x7fffffff, 0x1, 0x5, 0x9, 0x40, 0x7, 0x200000, 0x8000, 0x3, 0x8, 0x6, 0x4, 0x9, 0xb95, 0x6, 0x7ff, 0x3, 0x7, 0xbdd1, 0x1, 0x132c, 0x4, 0x8, 0x0, 0x8, 0x9e, 0x8, 0x8, 0xfff, 0xffff, 0x7, 0x9d, 0x16, 0x2, 0x1, 0x0, 0xac, 0x7, 0x2, 0x6, 0x9e, 0xb, 0x10, 0x5, 0x4, 0xac, 0x7961481c, 0xf5c9, 0x27cf, 0x1, 0x6, 0x80, 0x7, 0x1, 0x7, 0x7, 0x7, 0x0, 0x4, 0xd3, 0x1, 0xff, 0x9, 0x7fffffff, 0x40000003, 0x9c7, 0x2000001, 0x6, 0x7, 0x1, 0x8, 0x8, 0x1746, 0x0, 0x9, 0x40, 0x1, 0x8001, 0x29fb, 0x0, 0x7, 0x8]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x800, 0xffffffffffffffff, 0xffff21a5, 0x3, 0x4, {0x3, 0x2, 0xfffb, 0xc7, 0x6554, 0x7}, {0x3, 0x0, 0x5, 0x8, 0xd, 0x8}, 0x80, 0x5b2, 0x6}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88c}}, 0x0)
writev(r0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800470000300000000000059078640101020a0101008903ce83033a000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\ \x00\x00\t\x00\x00\x00'], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bind$unix(r3, &(0x7f0000002c00)=@file={0x1, './file0\x00'}, 0x6e)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x24, &(0x7f0000000340)=0x7e, 0x4)
listen(r5, 0x0)
getpeername$unix(r4, 0x0, &(0x7f0000000100))
r6 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000000070929822beb86381ba3c02eebb4183e808e7605db50700251b7d6da364b7facd488f0a9c389da90b631dbea5b9f684a4301ed6bcf8678ee34af4aaa80ce536ef8542d64f4bc43606000000000000002b1d0a14", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r8, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff9, &(0x7f00000014c0)=""/4089, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$inet6(r7, &(0x7f0000002480)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x98}}], 0x1, 0x4010)
getpid()
socket$igmp6(0xa, 0x3, 0x2)
r9 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8916, &(0x7f00000000c0)={@local, 0x1e, r10})
ioctl$sock_bt_bnep_BNEPCONNADD(r6, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r0])
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r11, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x13}, 0x1c)
setsockopt$inet6_int(r11, 0x29, 0x31, &(0x7f0000000040)=0xfff, 0x4)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r11, 0x8983, &(0x7f0000000080)={0x2, 'dvmrp1\x00', {0x2}, 0x8})

0s ago: executing program 4 (id=1769):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=@newsa={0x180, 0x10, 0x1, 0x0, 0xffffff7f, {{@in=@empty, @in6=@remote}, {@in=@dev, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_crypt={0x48, 0x4, {{'ecb(arc4)\x00'}}}]}, 0x180}}, 0x0)

kernel console output (not intermixed with test programs):

in process `syz.0.1205'.
[  240.495924][T10026] ax25_connect(): syz.4.1218 uses autobind, please contact jreuter@yaina.de
[  240.573940][T10030] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  240.579378][   T54] Bluetooth: hci4: command tx timeout
[  240.633067][T10032] FAULT_INJECTION: forcing a failure.
[  240.633067][T10032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.688995][T10032] CPU: 1 UID: 0 PID: 10032 Comm: syz.0.1221 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  240.699840][T10032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  240.710032][T10032] Call Trace:
[  240.713372][T10032]  <TASK>
[  240.716359][T10032]  dump_stack_lvl+0x241/0x360
[  240.721111][T10032]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.726387][T10032]  ? __pfx__printk+0x10/0x10
[  240.731054][T10032]  ? snprintf+0xda/0x120
[  240.735408][T10032]  should_fail_ex+0x3b0/0x4e0
[  240.740150][T10032]  _copy_to_user+0x31/0xb0
[  240.744625][T10032]  simple_read_from_buffer+0xca/0x150
[  240.750102][T10032]  proc_fail_nth_read+0x1e9/0x250
[  240.755160][T10032]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  240.760744][T10032]  ? rw_verify_area+0x55e/0x6f0
[  240.765643][T10032]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  240.771302][T10032]  vfs_read+0x1fc/0xb70
[  240.775502][T10032]  ? fdget_pos+0x24e/0x320
[  240.779938][T10032]  ? __pfx_vfs_read+0x10/0x10
[  240.784684][T10032]  ? __fget_files+0x3f3/0x470
[  240.789402][T10032]  ? fdget_pos+0x24e/0x320
[  240.793853][T10032]  ksys_read+0x183/0x2b0
[  240.798125][T10032]  ? __pfx_ksys_read+0x10/0x10
[  240.802913][T10032]  ? do_syscall_64+0x100/0x230
[  240.807702][T10032]  ? do_syscall_64+0xb6/0x230
[  240.812399][T10032]  do_syscall_64+0xf3/0x230
[  240.816923][T10032]  ? clear_bhb_loop+0x35/0x90
[  240.821625][T10032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.827550][T10032] RIP: 0033:0x7f912197d25c
[  240.831991][T10032] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  240.851635][T10032] RSP: 002b:00007f912283c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  240.860074][T10032] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197d25c
[  240.868067][T10032] RDX: 000000000000000f RSI: 00007f912283c0a0 RDI: 0000000000000005
[  240.876057][T10032] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  240.884057][T10032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.892044][T10032] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  240.900051][T10032]  </TASK>
[  241.060453][T10043] sch_fq: defrate 7 ignored.
[  241.343926][T10055] netlink: 'syz.3.1228': attribute type 39 has an invalid length.
[  241.466609][ T9997] chnl_net:caif_netlink_parms(): no params data found
[  241.488239][T10045] lo speed is unknown, defaulting to 1000
[  241.671164][ T9997] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.710080][ T9997] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.732101][T10062] netlink: 'syz.3.1229': attribute type 10 has an invalid length.
[  241.746810][ T9997] bridge_slave_0: entered allmulticast mode
[  241.754880][ T9997] bridge_slave_0: entered promiscuous mode
[  241.772705][ T9997] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.780602][ T9997] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.796661][ T9997] bridge_slave_1: entered allmulticast mode
[  241.804872][ T9997] bridge_slave_1: entered promiscuous mode
[  241.831083][T10047] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1225'.
[  241.881215][T10047] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1225'.
[  241.894262][ T9997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.917778][T10058] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1225'.
[  241.930138][ T9997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.994098][ T9997] team0: Port device team_slave_0 added
[  242.010535][ T9997] team0: Port device team_slave_1 added
[  242.071006][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.084792][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.118900][T10069] tipc: Failed to remove unknown binding: 66,1,1/0:3374309367/3374309368
[  242.125871][ T9997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.131730][T10065] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  242.155068][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.162227][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.216292][ T9997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.297289][T10073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  242.300478][ T9997] hsr_slave_0: entered promiscuous mode
[  242.306752][T10073] netlink: 'syz.3.1234': attribute type 1 has an invalid length.
[  242.326599][ T9997] hsr_slave_1: entered promiscuous mode
[  242.336267][ T9997] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  242.344120][ T9997] Cannot create hsr debugfs directory
[  242.457360][T10072] netlink: 'syz.0.1233': attribute type 2 has an invalid length.
[  242.651316][ T5851] Bluetooth: hci4: command tx timeout
[  243.111827][T10086] netlink: 'syz.4.1238': attribute type 10 has an invalid length.
[  243.141065][T10086] syz1: rxe_newlink: already configured on team_slave_0
[  243.257811][T10095] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1241'.
[  243.288988][T10095] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1241'.
[  243.437630][T10097] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1242'.
[  243.466749][ T9997] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  243.519796][ T9997] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  243.559432][ T9997] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  243.585964][ T9997] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  243.631423][T10105] FAULT_INJECTION: forcing a failure.
[  243.631423][T10105] name failslab, interval 1, probability 0, space 0, times 0
[  243.651319][T10105] CPU: 0 UID: 0 PID: 10105 Comm: syz.0.1245 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  243.662171][T10105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  243.672279][T10105] Call Trace:
[  243.675601][T10105]  <TASK>
[  243.678577][T10105]  dump_stack_lvl+0x241/0x360
[  243.683316][T10105]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.688563][T10105]  ? __pfx__printk+0x10/0x10
[  243.693212][T10105]  ? ref_tracker_alloc+0x332/0x490
[  243.698383][T10105]  should_fail_ex+0x3b0/0x4e0
[  243.703126][T10105]  ? skb_clone+0x20c/0x390
[  243.707625][T10105]  should_failslab+0xac/0x100
[  243.712345][T10105]  ? skb_clone+0x20c/0x390
[  243.716789][T10105]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  243.722202][T10105]  skb_clone+0x20c/0x390
[  243.726474][T10105]  __netlink_deliver_tap+0x3cc/0x7f0
[  243.731809][T10105]  ? netlink_deliver_tap+0x2e/0x1b0
[  243.737047][T10105]  netlink_deliver_tap+0x19d/0x1b0
[  243.742192][T10105]  netlink_unicast+0x7c4/0x990
[  243.746991][T10105]  ? __pfx_netlink_unicast+0x10/0x10
[  243.752297][T10105]  ? __virt_addr_valid+0x183/0x530
[  243.757441][T10105]  ? __check_object_size+0x48e/0x900
[  243.762758][T10105]  netlink_sendmsg+0x8e4/0xcb0
[  243.767603][T10105]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.772962][T10105]  ? aa_sock_msg_perm+0x91/0x160
[  243.777957][T10105]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.783269][T10105]  __sock_sendmsg+0x221/0x270
[  243.787980][T10105]  ____sys_sendmsg+0x52a/0x7e0
[  243.792808][T10105]  ? __pfx_____sys_sendmsg+0x10/0x10
[  243.798187][T10105]  __sys_sendmsg+0x292/0x380
[  243.802913][T10105]  ? __pfx___sys_sendmsg+0x10/0x10
[  243.808066][T10105]  ? __pfx_vfs_write+0x10/0x10
[  243.812874][T10105]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  243.819230][T10105]  ? do_syscall_64+0x100/0x230
[  243.824021][T10105]  ? do_syscall_64+0xb6/0x230
[  243.828722][T10105]  do_syscall_64+0xf3/0x230
[  243.833337][T10105]  ? clear_bhb_loop+0x35/0x90
[  243.838065][T10105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.843979][T10105] RIP: 0033:0x7f912197e819
[  243.848499][T10105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.868131][T10105] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  243.876567][T10105] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  243.884557][T10105] RDX: 0000000020000010 RSI: 0000000020001000 RDI: 0000000000000003
[  243.892672][T10105] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  243.900661][T10105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.908668][T10105] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  243.916679][T10105]  </TASK>
[  244.011254][ T6979] wlan1: Trigger new scan to find an IBSS to join
[  244.037524][ T9997] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.057677][ T9997] 8021q: adding VLAN 0 to HW filter on device team0
[  244.085160][ T6979] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.092363][ T6979] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.133208][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.140392][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.218791][T10113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1250'.
[  244.342684][T10117] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2802595172/2802595173
[  244.346587][T10119] xt_connbytes: Forcing CT accounting to be enabled
[  244.606674][T10131] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1256'.
[  244.672210][T10113] bond0: (slave team0): Releasing backup interface
[  244.695408][T10113] team0 (unregistering): left allmulticast mode
[  244.727501][T10113] team0 (unregistering): Port device team_slave_0 removed
[  244.736198][ T5851] Bluetooth: hci4: command 0x040f tx timeout
[  244.747927][T10113] team0 (unregistering): Port device team_slave_1 removed
[  244.817501][T10135] lo speed is unknown, defaulting to 1000
[  245.218433][ T9997] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.274743][ T9997] veth0_vlan: entered promiscuous mode
[  245.286168][ T9997] veth1_vlan: entered promiscuous mode
[  245.311063][ T9997] veth0_macvtap: entered promiscuous mode
[  245.320607][ T9997] veth1_macvtap: entered promiscuous mode
[  245.337340][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.348021][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.359994][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.370038][ T9997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.380680][ T9997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.392032][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.400224][T10140] lo speed is unknown, defaulting to 1000
[  245.421431][ T9997] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.430215][ T9997] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.439084][ T9997] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.447898][ T9997] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.247382][ T3569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.280399][ T3569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.412337][ T6977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.432143][ T6977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.700937][T10180] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  246.902630][T10189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1275'.
[  246.949781][T10184] lo speed is unknown, defaulting to 1000
[  246.958086][T10188] sctp: [Deprecated]: syz.3.1275 (pid 10188) Use of struct sctp_assoc_value in delayed_ack socket option.
[  246.958086][T10188] Use struct sctp_sack_info instead
[  247.071746][T10193] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  247.261273][T10197] netlink: 'syz.4.1279': attribute type 39 has an invalid length.
[  247.642766][T10199] netlink: 'syz.4.1280': attribute type 1 has an invalid length.
[  247.680876][T10199] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1280'.
[  248.450086][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.554230][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.775900][T10206] netlink: 'syz.4.1283': attribute type 3 has an invalid length.
[  248.848948][T10211] Cannot find del_set index 4 as target
[  248.885069][T10212] macvlan0: entered allmulticast mode
[  248.897427][T10212] veth1_vlan: entered allmulticast mode
[  248.950035][T10212] veth1_vlan: left allmulticast mode
[  248.972529][ T3569] wlan1: Trigger new scan to find an IBSS to join
[  249.031522][T10212] macvlan0 (unregistering): left allmulticast mode
[  249.262737][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.305312][T10219] FAULT_INJECTION: forcing a failure.
[  249.305312][T10219] name failslab, interval 1, probability 0, space 0, times 0
[  249.355946][T10219] CPU: 0 UID: 0 PID: 10219 Comm: syz.0.1286 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  249.356198][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  249.366762][T10219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  249.366830][T10219] Call Trace:
[  249.366841][T10219]  <TASK>
[  249.366853][T10219]  dump_stack_lvl+0x241/0x360
[  249.366892][T10219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.366923][T10219]  ? __pfx__printk+0x10/0x10
[  249.366954][T10219]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  249.366985][T10219]  ? __pfx___might_resched+0x10/0x10
[  249.367022][T10219]  should_fail_ex+0x3b0/0x4e0
[  249.420651][T10219]  should_failslab+0xac/0x100
[  249.425404][T10219]  ? flow_indr_dev_setup_offload+0x24f/0x660
[  249.431448][T10219]  __kmalloc_cache_noprof+0x6c/0x2c0
[  249.436802][T10219]  flow_indr_dev_setup_offload+0x24f/0x660
[  249.442081][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  249.442651][T10219]  ? __pfx_tc_block_indr_cleanup+0x10/0x10
[  249.455459][T10219]  tcf_block_offload_cmd+0x31f/0x470
[  249.460024][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  249.460780][T10219]  ? __pfx_tcf_block_offload_cmd+0x10/0x10
[  249.460819][T10219]  ? __pfx_down_write+0x10/0x10
[  249.460853][T10219]  ? tcf_block_get_ext+0x86c/0x1670
[  249.460885][T10219]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  249.489249][T10219]  tcf_block_get_ext+0xe97/0x1670
[  249.494322][T10219]  tcf_block_get+0xf8/0x150
[  249.498880][T10219]  ? __pfx_tcf_block_get+0x10/0x10
[  249.504023][T10219]  ? __kmalloc_node_noprof+0x247/0x440
[  249.509510][T10219]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[  249.515802][T10219]  ? __asan_memset+0x23/0x50
[  249.520417][T10219]  hfsc_init_qdisc+0x11f/0x390
[  249.525205][T10219]  ? __pfx_hfsc_init_qdisc+0x10/0x10
[  249.530531][T10219]  qdisc_create+0x9d4/0x11a0
[  249.535152][T10219]  ? __pfx_qdisc_create+0x10/0x10
[  249.540206][T10219]  ? lockdep_rtnl_is_held+0x26/0x40
[  249.545434][T10219]  tc_modify_qdisc+0xa26/0x1e40
[  249.550324][T10219]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  249.555650][T10219]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  249.560968][T10219]  rtnetlink_rcv_msg+0x73f/0xcf0
[  249.565941][T10219]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  249.571078][T10219]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  249.576560][T10219]  ? ref_tracker_free+0x643/0x7e0
[  249.581609][T10219]  netlink_rcv_skb+0x1e3/0x430
[  249.586485][T10219]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  249.591962][T10219]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  249.597290][T10219]  ? netlink_deliver_tap+0x2e/0x1b0
[  249.602517][T10219]  netlink_unicast+0x7f6/0x990
[  249.607310][T10219]  ? __pfx_netlink_unicast+0x10/0x10
[  249.612614][T10219]  ? __virt_addr_valid+0x183/0x530
[  249.617746][T10219]  ? __check_object_size+0x48e/0x900
[  249.623056][T10219]  netlink_sendmsg+0x8e4/0xcb0
[  249.627893][T10219]  ? __pfx_netlink_sendmsg+0x10/0x10
[  249.633223][T10219]  ? aa_sock_msg_perm+0x91/0x160
[  249.638192][T10219]  ? __pfx_netlink_sendmsg+0x10/0x10
[  249.643503][T10219]  __sock_sendmsg+0x221/0x270
[  249.648206][T10219]  ____sys_sendmsg+0x52a/0x7e0
[  249.653003][T10219]  ? __pfx_____sys_sendmsg+0x10/0x10
[  249.658337][T10219]  __sys_sendmmsg+0x3ab/0x730
[  249.663059][T10219]  ? __pfx___sys_sendmmsg+0x10/0x10
[  249.668307][T10219]  ? __pfx_lock_release+0x10/0x10
[  249.673373][T10219]  ? kstrtouint_from_user+0x128/0x190
[  249.678811][T10219]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  249.684735][T10219]  ? ksys_write+0x229/0x2b0
[  249.689255][T10219]  ? __pfx_lock_release+0x10/0x10
[  249.694310][T10219]  ? vfs_write+0x730/0xd30
[  249.698752][T10219]  ? __mutex_unlock_slowpath+0x21d/0x750
[  249.704419][T10219]  ? __fget_files+0x3f3/0x470
[  249.709131][T10219]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  249.715138][T10219]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  249.721503][T10219]  ? do_syscall_64+0x100/0x230
[  249.726293][T10219]  __x64_sys_sendmmsg+0xa0/0xb0
[  249.731177][T10219]  do_syscall_64+0xf3/0x230
[  249.735713][T10219]  ? clear_bhb_loop+0x35/0x90
[  249.740415][T10219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.746356][T10219] RIP: 0033:0x7f912197e819
[  249.750808][T10219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.770441][T10219] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  249.778887][T10219] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  249.786907][T10219] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  249.794896][T10219] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  249.802885][T10219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  249.810871][T10219] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  249.818889][T10219]  </TASK>
[  249.824747][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  249.832980][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  249.862053][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  249.945747][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.971801][T10223] lo speed is unknown, defaulting to 1000
[  250.034356][T10230] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  250.300964][T10234] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  250.549756][T10223] chnl_net:caif_netlink_parms(): no params data found
[  250.734963][ T2922] wlan1: Creating new IBSS network, BSSID b2:a2:1e:d3:9e:b2
[  251.379710][T10223] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.404588][T10223] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.421910][T10223] bridge_slave_0: entered allmulticast mode
[  251.439539][T10223] bridge_slave_0: entered promiscuous mode
[  251.452696][T10259] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  251.479395][T10223] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.488142][T10223] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.511316][T10223] bridge_slave_1: entered allmulticast mode
[  251.521066][T10223] bridge_slave_1: entered promiscuous mode
[  251.532679][   T12] bridge_slave_1: left allmulticast mode
[  251.538960][   T12] bridge_slave_1: left promiscuous mode
[  251.561891][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.581676][   T12] bridge_slave_0: left allmulticast mode
[  251.587400][   T12] bridge_slave_0: left promiscuous mode
[  251.606734][T10271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1299'.
[  251.620511][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.690496][T10275] sctp: [Deprecated]: syz.1.1299 (pid 10275) Use of struct sctp_assoc_value in delayed_ack socket option.
[  251.690496][T10275] Use struct sctp_sack_info instead
[  251.846818][T10282] netlink: 'syz.0.1305': attribute type 10 has an invalid length.
[  251.937718][   T54] Bluetooth: hci4: command tx timeout
[  252.171586][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  252.183051][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.193714][   T12] bond0 (unregistering): Released all slaves
[  252.225371][T10282] 8021q: adding VLAN 0 to HW filter on device team0
[  252.234104][T10282] bond0: (slave team0): Enslaving as an active interface with an up link
[  252.315405][T10266] lo speed is unknown, defaulting to 1000
[  252.479880][T10223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.493702][T10223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  252.764097][T10223] team0: Port device team_slave_0 added
[  252.793541][T10223] team0: Port device team_slave_1 added
[  252.929798][T10223] batman_adv: batadv0: Adding interface: batadv_slave_0
[  252.951463][T10223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.999585][T10223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.062006][T10223] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.069023][T10223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.116720][T10223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.374552][T10223] hsr_slave_0: entered promiscuous mode
[  253.395495][T10223] hsr_slave_1: entered promiscuous mode
[  253.406562][T10223] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  253.418368][T10223] Cannot create hsr debugfs directory
[  253.440830][   T12] hsr_slave_0: left promiscuous mode
[  253.487162][   T12] hsr_slave_1: left promiscuous mode
[  253.498787][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.509275][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.522006][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.547056][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.589357][   T12] veth1_macvtap: left promiscuous mode
[  253.598675][   T12] veth0_macvtap: left promiscuous mode
[  253.614846][   T12] veth1_vlan: left promiscuous mode
[  253.627141][   T12] veth0_vlan: left promiscuous mode
[  254.019904][   T54] Bluetooth: hci4: command tx timeout
[  254.029933][T10329] xt_bpf: check failed: parse error
[  254.272813][   T12] team0 (unregistering): Port device team_slave_1 removed
[  254.322337][   T12] team0 (unregistering): Port device team_slave_0 removed
[  254.829382][T10319] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1315'.
[  254.865483][T10320] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1315'.
[  255.705338][T10348] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1324'.
[  255.853326][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.880281][T10223] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  255.932560][T10223] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  255.961365][T10223] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  255.996562][T10223] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  256.091645][   T54] Bluetooth: hci4: command tx timeout
[  256.258554][T10223] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.325879][T10223] 8021q: adding VLAN 0 to HW filter on device team0
[  256.371373][ T6977] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.378553][ T6977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.422660][ T6977] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.429833][ T6977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.788522][T10375] lo speed is unknown, defaulting to 1000
[  256.820606][T10379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1335'.
[  256.895954][T10379] sctp: [Deprecated]: syz.1.1335 (pid 10379) Use of struct sctp_assoc_value in delayed_ack socket option.
[  256.895954][T10379] Use struct sctp_sack_info instead
[  256.966861][T10223] 8021q: adding VLAN 0 to HW filter on device batadv0
[  256.978201][T10385] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1336'.
[  257.058507][T10223] veth0_vlan: entered promiscuous mode
[  257.083218][T10223] veth1_vlan: entered promiscuous mode
[  257.147270][T10223] veth0_macvtap: entered promiscuous mode
[  257.169792][T10223] veth1_macvtap: entered promiscuous mode
[  257.204891][T10223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.226296][T10223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.248051][T10223] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.279121][T10223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.303365][T10223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.332312][T10223] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.383165][T10223] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.392979][T10223] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.402273][T10223] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.412792][T10223] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.563280][ T3436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.585156][ T3436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.655683][ T3569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.694286][ T3569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.987945][T10397] FAULT_INJECTION: forcing a failure.
[  257.987945][T10397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  258.008427][T10397] CPU: 1 UID: 0 PID: 10397 Comm: syz.4.1340 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  258.019273][T10397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  258.029377][T10397] Call Trace:
[  258.032694][T10397]  <TASK>
[  258.035659][T10397]  dump_stack_lvl+0x241/0x360
[  258.040393][T10397]  ? __pfx_dump_stack_lvl+0x10/0x10
[  258.045644][T10397]  ? __pfx__printk+0x10/0x10
[  258.050295][T10397]  ? snprintf+0xda/0x120
[  258.054591][T10397]  should_fail_ex+0x3b0/0x4e0
[  258.059328][T10397]  _copy_to_user+0x31/0xb0
[  258.063798][T10397]  simple_read_from_buffer+0xca/0x150
[  258.069244][T10397]  proc_fail_nth_read+0x1e9/0x250
[  258.074332][T10397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  258.079940][T10397]  ? rw_verify_area+0x55e/0x6f0
[  258.084850][T10397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  258.090544][T10397]  vfs_read+0x1fc/0xb70
[  258.094745][T10397]  ? fdget_pos+0x24e/0x320
[  258.099224][T10397]  ? __pfx_vfs_read+0x10/0x10
[  258.103960][T10397]  ? __fget_files+0x3f3/0x470
[  258.108689][T10397]  ? fdget_pos+0x24e/0x320
[  258.113173][T10397]  ksys_read+0x183/0x2b0
[  258.117459][T10397]  ? __pfx_ksys_read+0x10/0x10
[  258.122326][T10397]  ? do_syscall_64+0x100/0x230
[  258.127144][T10397]  ? do_syscall_64+0xb6/0x230
[  258.131872][T10397]  do_syscall_64+0xf3/0x230
[  258.136420][T10397]  ? clear_bhb_loop+0x35/0x90
[  258.141187][T10397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.147128][T10397] RIP: 0033:0x7f6ddcf7d25c
[  258.151583][T10397] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  258.171269][T10397] RSP: 002b:00007f6ddddb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  258.179735][T10397] RAX: ffffffffffffffda RBX: 00007f6ddd136080 RCX: 00007f6ddcf7d25c
[  258.187764][T10397] RDX: 000000000000000f RSI: 00007f6ddddb50a0 RDI: 0000000000000005
[  258.195802][T10397] RBP: 00007f6ddddb5090 R08: 0000000000000000 R09: 0000000000000000
[  258.203824][T10397] R10: 000000000000005e R11: 0000000000000246 R12: 0000000000000001
[  258.211859][T10397] R13: 0000000000000000 R14: 00007f6ddd136080 R15: 00007ffd0110f498
[  258.219901][T10397]  </TASK>
[  259.501567][T10413] netlink: 'syz.1.1347': attribute type 39 has an invalid length.
[  260.734264][T10441] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1355'.
[  260.736257][T10443] Unknown status report in ack skb
[  260.859018][T10447] netlink: 'syz.0.1359': attribute type 39 has an invalid length.
[  261.317101][T10473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1369'.
[  261.331312][T10473] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  261.339346][T10473] macvlan2: entered allmulticast mode
[  261.348181][T10473] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  261.357371][T10474] netlink: 'syz.3.1368': attribute type 29 has an invalid length.
[  261.371698][T10474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1368'.
[  261.441272][T10476] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1370'.
[  261.595124][T10484] syzkaller1: entered promiscuous mode
[  261.600701][T10484] syzkaller1: entered allmulticast mode
[  261.782523][ T6977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.046554][T10492] FAULT_INJECTION: forcing a failure.
[  263.046554][T10492] name failslab, interval 1, probability 0, space 0, times 0
[  263.073387][T10492] CPU: 0 UID: 0 PID: 10492 Comm: syz.3.1377 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  263.084255][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  263.094471][T10492] Call Trace:
[  263.097794][T10492]  <TASK>
[  263.100753][T10492]  dump_stack_lvl+0x241/0x360
[  263.105490][T10492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.110745][T10492]  ? __pfx__printk+0x10/0x10
[  263.115392][T10492]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  263.121468][T10492]  ? __pfx___might_resched+0x10/0x10
[  263.126826][T10492]  should_fail_ex+0x3b0/0x4e0
[  263.131617][T10492]  should_failslab+0xac/0x100
[  263.137316][T10492]  ? __alloc_skb+0x1c3/0x440
[  263.141937][T10492]  kmem_cache_alloc_node_noprof+0x71/0x320
[  263.147774][T10492]  __alloc_skb+0x1c3/0x440
[  263.152216][T10492]  ? __pfx___alloc_skb+0x10/0x10
[  263.157183][T10492]  ? netlink_autobind+0xd6/0x2f0
[  263.162145][T10492]  ? netlink_autobind+0x2b0/0x2f0
[  263.167197][T10492]  netlink_sendmsg+0x638/0xcb0
[  263.171992][T10492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.177313][T10492]  ? aa_sock_msg_perm+0x91/0x160
[  263.182299][T10492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  263.187614][T10492]  __sock_sendmsg+0x221/0x270
[  263.192315][T10492]  ____sys_sendmsg+0x52a/0x7e0
[  263.197112][T10492]  ? __pfx_____sys_sendmsg+0x10/0x10
[  263.202453][T10492]  __sys_sendmsg+0x292/0x380
[  263.207074][T10492]  ? __pfx___sys_sendmsg+0x10/0x10
[  263.212223][T10492]  ? __pfx_vfs_write+0x10/0x10
[  263.217030][T10492]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  263.223384][T10492]  ? do_syscall_64+0x100/0x230
[  263.228200][T10492]  ? do_syscall_64+0xb6/0x230
[  263.232908][T10492]  do_syscall_64+0xf3/0x230
[  263.237437][T10492]  ? clear_bhb_loop+0x35/0x90
[  263.242140][T10492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.248055][T10492] RIP: 0033:0x7f609a77e819
[  263.252495][T10492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.272294][T10492] RSP: 002b:00007f609b5c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.280732][T10492] RAX: ffffffffffffffda RBX: 00007f609a935fa0 RCX: 00007f609a77e819
[  263.288740][T10492] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[  263.296732][T10492] RBP: 00007f609b5c2090 R08: 0000000000000000 R09: 0000000000000000
[  263.304753][T10492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.312740][T10492] R13: 0000000000000000 R14: 00007f609a935fa0 R15: 00007fff01e907b8
[  263.320752][T10492]  </TASK>
[  263.380092][ T6977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.529836][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  263.550535][T10506] xt_NFQUEUE: number of total queues is 0
[  263.600714][T10507] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1380'.
[  263.732995][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  263.742386][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  263.766881][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  263.786043][ T5854] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  263.790148][ T6977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.794301][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  263.838215][T10514] tipc: Failed to remove unknown binding: 66,1,1/0:3939689892/3939689894
[  263.847048][T10514] tipc: Failed to remove unknown binding: 66,1,1/0:3939689892/3939689894
[  263.866451][T10510] x_tables: duplicate underflow at hook 2
[  263.876894][T10503] lo speed is unknown, defaulting to 1000
[  264.028384][ T6977] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.151840][T10523] netlink: 'syz.3.1386': attribute type 10 has an invalid length.
[  264.159869][T10523] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1386'.
[  264.176580][T10523] bridge0: port 3(macvlan1) entered blocking state
[  264.183634][T10523] bridge0: port 3(macvlan1) entered disabled state
[  264.192749][T10523] macvlan1: entered promiscuous mode
[  264.241129][T10510] lo speed is unknown, defaulting to 1000
[  264.385162][T10527] openvswitch: netlink: Port 2099045992 exceeds max allowable 65535
[  264.541172][ T6977] bridge_slave_1: left allmulticast mode
[  264.546919][ T6977] bridge_slave_1: left promiscuous mode
[  264.553559][ T6977] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.566728][ T6977] bridge_slave_0: left allmulticast mode
[  264.578589][ T6977] bridge_slave_0: left promiscuous mode
[  264.587128][ T6977] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.784664][T10537] x_tables: duplicate underflow at hook 2
[  264.800227][T10539] netlink: 'syz.0.1389': attribute type 39 has an invalid length.
[  265.086961][ T6977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.102646][ T6977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.115319][ T6977] bond0 (unregistering): Released all slaves
[  265.129701][T10532] 
: renamed from bond0
[  265.388879][T10547] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  265.621519][T10503] chnl_net:caif_netlink_parms(): no params data found
[  265.643382][T10555] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1394'.
[  265.851121][ T5854] Bluetooth: hci4: command tx timeout
[  267.176245][T10563] FAULT_INJECTION: forcing a failure.
[  267.176245][T10563] name failslab, interval 1, probability 0, space 0, times 0
[  267.203045][T10563] CPU: 0 UID: 0 PID: 10563 Comm: syz.3.1397 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  267.213907][T10563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  267.224016][T10563] Call Trace:
[  267.227348][T10563]  <TASK>
[  267.230320][T10563]  dump_stack_lvl+0x241/0x360
[  267.235072][T10563]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.240334][T10563]  ? __pfx__printk+0x10/0x10
[  267.244993][T10563]  ? __kmalloc_node_noprof+0xb7/0x440
[  267.250417][T10563]  ? __pfx___might_resched+0x10/0x10
[  267.255841][T10563]  ? __asan_memset+0x23/0x50
[  267.260567][T10563]  should_fail_ex+0x3b0/0x4e0
[  267.265303][T10563]  should_failslab+0xac/0x100
[  267.270037][T10563]  __kmalloc_node_noprof+0xdf/0x440
[  267.275303][T10563]  ? __kvmalloc_node_noprof+0x72/0x190
[  267.280839][T10563]  __kvmalloc_node_noprof+0x72/0x190
[  267.286191][T10563]  alloc_netdev_mqs+0xa72/0x1080
[  267.291192][T10563]  rtnl_create_link+0x2f9/0xc20
[  267.296119][T10563]  rtnl_newlink_create+0x210/0xa30
[  267.301299][T10563]  ? rtnl_newlink+0xd04/0x24f0
[  267.306125][T10563]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  267.311837][T10563]  ? ns_capable+0x8a/0xf0
[  267.316233][T10563]  rtnl_newlink+0x17dd/0x24f0
[  267.320975][T10563]  ? __pfx_rtnl_newlink+0x10/0x10
[  267.326046][T10563]  ? __pfx_validate_chain+0x10/0x10
[  267.331320][T10563]  ? validate_chain+0x11e/0x5920
[  267.336324][T10563]  ? __pfx_lock_acquire+0x10/0x10
[  267.341425][T10563]  ? __pfx_lock_release+0x10/0x10
[  267.346572][T10563]  ? __pfx_validate_chain+0x10/0x10
[  267.351793][T10563]  ? mark_lock+0x9a/0x360
[  267.356151][T10563]  ? __lock_acquire+0x1384/0x2050
[  267.361264][T10563]  ? __pfx_lock_release+0x10/0x10
[  267.366339][T10563]  ? __pfx_rtnl_newlink+0x10/0x10
[  267.371401][T10563]  rtnetlink_rcv_msg+0x791/0xcf0
[  267.376356][T10563]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  267.381488][T10563]  ? __lock_acquire+0x1384/0x2050
[  267.386538][T10563]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  267.392048][T10563]  netlink_rcv_skb+0x1e3/0x430
[  267.396852][T10563]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  267.402447][T10563]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  267.407797][T10563]  ? netlink_deliver_tap+0x2e/0x1b0
[  267.413066][T10563]  netlink_unicast+0x7f6/0x990
[  267.417864][T10563]  ? __pfx_netlink_unicast+0x10/0x10
[  267.423206][T10563]  ? __virt_addr_valid+0x183/0x530
[  267.428338][T10563]  ? __check_object_size+0x48e/0x900
[  267.433663][T10563]  netlink_sendmsg+0x8e4/0xcb0
[  267.438574][T10563]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.443885][T10563]  ? aa_sock_msg_perm+0x91/0x160
[  267.448935][T10563]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.454254][T10563]  __sock_sendmsg+0x221/0x270
[  267.458954][T10563]  ____sys_sendmsg+0x52a/0x7e0
[  267.463781][T10563]  ? __pfx_____sys_sendmsg+0x10/0x10
[  267.469108][T10563]  __sys_sendmsg+0x292/0x380
[  267.473814][T10563]  ? __pfx___sys_sendmsg+0x10/0x10
[  267.478962][T10563]  ? __pfx_vfs_write+0x10/0x10
[  267.483795][T10563]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  267.490157][T10563]  ? do_syscall_64+0x100/0x230
[  267.494969][T10563]  ? do_syscall_64+0xb6/0x230
[  267.499673][T10563]  do_syscall_64+0xf3/0x230
[  267.504209][T10563]  ? clear_bhb_loop+0x35/0x90
[  267.508907][T10563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.514833][T10563] RIP: 0033:0x7f609a77e819
[  267.519278][T10563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.538965][T10563] RSP: 002b:00007f609b5c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  267.547506][T10563] RAX: ffffffffffffffda RBX: 00007f609a935fa0 RCX: 00007f609a77e819
[  267.555513][T10563] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
[  267.563524][T10563] RBP: 00007f609b5c2090 R08: 0000000000000000 R09: 0000000000000000
[  267.571514][T10563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.579500][T10563] R13: 0000000000000000 R14: 00007f609a935fa0 R15: 00007fff01e907b8
[  267.587508][T10563]  </TASK>
[  267.851059][T10503] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.858230][T10503] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.888589][T10503] bridge_slave_0: entered allmulticast mode
[  267.928546][T10503] bridge_slave_0: entered promiscuous mode
[  267.941627][ T5854] Bluetooth: hci4: command tx timeout
[  268.042646][ T6977] hsr_slave_0: left promiscuous mode
[  268.059269][ T6977] hsr_slave_1: left promiscuous mode
[  268.069448][ T6977] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  268.094195][ T6977] batman_adv: batadv0: Removing interface: batadv_slave_0
[  268.122668][ T6977] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  268.130289][ T6977] batman_adv: batadv0: Removing interface: batadv_slave_1
[  268.161966][ T6977] veth1_macvtap: left promiscuous mode
[  268.167723][ T6977] veth0_macvtap: left promiscuous mode
[  268.177422][ T6977] veth1_vlan: left promiscuous mode
[  268.182988][ T6977] veth0_vlan: left promiscuous mode
[  268.724282][ T6977] team0 (unregistering): Port device team_slave_1 removed
[  268.778223][ T6977] team0 (unregistering): Port device team_slave_0 removed
[  269.274284][T10503] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.286258][T10503] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.296835][T10503] bridge_slave_1: entered allmulticast mode
[  269.310162][T10503] bridge_slave_1: entered promiscuous mode
[  269.473278][T10503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.506019][T10503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.558132][T10590] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  269.686373][T10503] team0: Port device team_slave_0 added
[  269.698802][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1407'.
[  269.704769][T10503] team0: Port device team_slave_1 added
[  269.721181][T10595] batadv_slave_0: entered promiscuous mode
[  269.728246][T10595] batadv_slave_0: left allmulticast mode
[  269.822240][T10597] netlink: 'syz.4.1408': attribute type 10 has an invalid length.
[  270.011265][ T5854] Bluetooth: hci4: command tx timeout
[  270.153456][T10503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.172071][T10503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.231681][T10503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.264559][T10606] bridge0: port 4(gretap0) entered blocking state
[  270.282163][T10606] bridge0: port 4(gretap0) entered disabled state
[  270.316267][T10606] gretap0: entered promiscuous mode
[  270.438760][T10503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.446202][T10503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.518864][T10503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.537729][T10605] gretap0: left promiscuous mode
[  270.545035][T10605] bridge0: port 4(gretap0) entered disabled state
[  270.710662][T10503] hsr_slave_0: entered promiscuous mode
[  270.725400][T10503] hsr_slave_1: entered promiscuous mode
[  270.751074][T10503] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  270.765889][T10503] Cannot create hsr debugfs directory
[  270.971731][T10628] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1417'.
[  271.110417][T10630] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1418'.
[  271.315756][T10634] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1420'.
[  271.329391][T10637] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1421'.
[  271.530699][T10639] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1422'.
[  271.564546][T10639] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1422'.
[  271.596563][T10503] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  271.611855][T10503] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  271.635879][T10503] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  271.655633][T10503] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  271.817507][T10653] x_tables: ip_tables: tcpmss match: only valid for protocol 6
[  271.864414][T10503] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.897582][T10503] 8021q: adding VLAN 0 to HW filter on device team0
[  271.952081][T10503] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  271.962700][T10503] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  271.974527][T10655] FAULT_INJECTION: forcing a failure.
[  271.974527][T10655] name failslab, interval 1, probability 0, space 0, times 0
[  271.989542][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.996744][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  272.016446][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.023725][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.072780][T10655] CPU: 0 UID: 0 PID: 10655 Comm: syz.0.1427 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  272.083647][T10655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  272.093771][T10655] Call Trace:
[  272.097102][T10655]  <TASK>
[  272.100098][T10655]  dump_stack_lvl+0x241/0x360
[  272.104849][T10655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.110113][T10655]  ? __pfx__printk+0x10/0x10
[  272.114775][T10655]  ? ref_tracker_alloc+0x332/0x490
[  272.119947][T10655]  should_fail_ex+0x3b0/0x4e0
[  272.124690][T10655]  ? skb_clone+0x20c/0x390
[  272.129161][T10655]  should_failslab+0xac/0x100
[  272.133544][ T5854] Bluetooth: hci4: command tx timeout
[  272.133875][T10655]  ? skb_clone+0x20c/0x390
[  272.143712][T10655]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  272.149149][T10655]  skb_clone+0x20c/0x390
[  272.153451][T10655]  __netlink_deliver_tap+0x3cc/0x7f0
[  272.158811][T10655]  ? netlink_deliver_tap+0x2e/0x1b0
[  272.164081][T10655]  netlink_deliver_tap+0x19d/0x1b0
[  272.169263][T10655]  netlink_unicast+0x7c4/0x990
[  272.174104][T10655]  ? __pfx_netlink_unicast+0x10/0x10
[  272.179443][T10655]  ? __virt_addr_valid+0x183/0x530
[  272.184621][T10655]  ? __check_object_size+0x48e/0x900
[  272.189974][T10655]  netlink_sendmsg+0x8e4/0xcb0
[  272.194835][T10655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  272.200287][T10655]  ? aa_sock_msg_perm+0x91/0x160
[  272.205304][T10655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  272.210658][T10655]  __sock_sendmsg+0x221/0x270
[  272.215412][T10655]  ____sys_sendmsg+0x52a/0x7e0
[  272.220340][T10655]  ? __pfx_____sys_sendmsg+0x10/0x10
[  272.225796][T10655]  __sys_sendmsg+0x292/0x380
[  272.230452][T10655]  ? __pfx___sys_sendmsg+0x10/0x10
[  272.235656][T10655]  ? __pfx_vfs_write+0x10/0x10
[  272.240595][T10655]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  272.246994][T10655]  ? do_syscall_64+0x100/0x230
[  272.251844][T10655]  ? do_syscall_64+0xb6/0x230
[  272.256593][T10655]  do_syscall_64+0xf3/0x230
[  272.261157][T10655]  ? clear_bhb_loop+0x35/0x90
[  272.265892][T10655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.271842][T10655] RIP: 0033:0x7f912197e819
[  272.276302][T10655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.295967][T10655] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  272.304451][T10655] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  272.312475][T10655] RDX: 0000000000008040 RSI: 0000000020000640 RDI: 0000000000000003
[  272.320497][T10655] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  272.328521][T10655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.336526][T10655] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  272.344744][T10655]  </TASK>
[  272.636810][T10503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  272.658519][T10668] delete_channel: no stack
[  272.774079][T10503] veth0_vlan: entered promiscuous mode
[  272.800488][T10503] veth1_vlan: entered promiscuous mode
[  272.867313][T10503] veth0_macvtap: entered promiscuous mode
[  272.879950][T10503] veth1_macvtap: entered promiscuous mode
[  272.899360][T10503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.916434][T10503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.946998][T10503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  272.968336][T10503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  272.993153][T10503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.021833][T10503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  273.044510][T10503] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  273.063417][T10503] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  273.072388][T10503] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  273.081298][T10503] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  273.099177][T10692] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.149749][T10696] netlink: 'syz.3.1441': attribute type 39 has an invalid length.
[  273.215336][T10692] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.245248][ T6977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  273.260155][ T6977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  273.291736][T10692] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.313738][ T2922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  273.325641][ T2922] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  273.346019][T10692] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.507810][T10692] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  273.565622][T10692] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  273.607566][T10692] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  273.640482][T10692] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  273.709415][T10704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1445'.
[  273.817816][T10711] netlink: 'syz.4.1448': attribute type 1 has an invalid length.
[  273.841715][T10711] 8021q: adding VLAN 0 to HW filter on device bond5
[  273.887725][T10711] 8021q: adding VLAN 0 to HW filter on device bond5
[  273.895124][T10711] bond5: (slave vcan1): The slave device specified does not support setting the MAC address
[  273.907189][T10711] bond5: (slave vcan1): Error -95 calling set_mac_address
[  273.974944][T10715] 8021q: adding VLAN 0 to HW filter on device batadv1
[  273.984509][T10715] bond5: (slave batadv1): making interface the new active one
[  273.994827][T10715] bond5: (slave batadv1): Enslaving as an active interface with an up link
[  274.018275][T10717] FAULT_INJECTION: forcing a failure.
[  274.018275][T10717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.044160][T10717] CPU: 1 UID: 0 PID: 10717 Comm: syz.3.1450 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  274.055016][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  274.065122][T10717] Call Trace:
[  274.068483][T10717]  <TASK>
[  274.071454][T10717]  dump_stack_lvl+0x241/0x360
[  274.076189][T10717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.081444][T10717]  ? __pfx__printk+0x10/0x10
[  274.086197][T10717]  ? snprintf+0xda/0x120
[  274.090514][T10717]  should_fail_ex+0x3b0/0x4e0
[  274.095254][T10717]  _copy_to_user+0x31/0xb0
[  274.099726][T10717]  simple_read_from_buffer+0xca/0x150
[  274.105169][T10717]  proc_fail_nth_read+0x1e9/0x250
[  274.110246][T10717]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.115853][T10717]  ? rw_verify_area+0x55e/0x6f0
[  274.120770][T10717]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.126390][T10717]  vfs_read+0x1fc/0xb70
[  274.130602][T10717]  ? fdget_pos+0x24e/0x320
[  274.135077][T10717]  ? __pfx_vfs_read+0x10/0x10
[  274.139832][T10717]  ? __fget_files+0x3f3/0x470
[  274.144581][T10717]  ? fdget_pos+0x24e/0x320
[  274.149058][T10717]  ksys_read+0x183/0x2b0
[  274.153352][T10717]  ? __pfx_ksys_read+0x10/0x10
[  274.158131][T10717]  ? do_syscall_64+0x100/0x230
[  274.162939][T10717]  ? do_syscall_64+0xb6/0x230
[  274.167689][T10717]  do_syscall_64+0xf3/0x230
[  274.172248][T10717]  ? clear_bhb_loop+0x35/0x90
[  274.176983][T10717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.183026][T10717] RIP: 0033:0x7f609a77d25c
[  274.187489][T10717] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  274.207151][T10717] RSP: 002b:00007f609b5c2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  274.215636][T10717] RAX: ffffffffffffffda RBX: 00007f609a935fa0 RCX: 00007f609a77d25c
[  274.223764][T10717] RDX: 000000000000000f RSI: 00007f609b5c20a0 RDI: 0000000000000006
[  274.231782][T10717] RBP: 00007f609b5c2090 R08: 0000000000000000 R09: 0000000000000000
[  274.239792][T10717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  274.247801][T10717] R13: 0000000000000000 R14: 00007f609a935fa0 R15: 00007fff01e907b8
[  274.255827][T10717]  </TASK>
[  274.276575][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1453'.
[  274.318679][T10726] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1453'.
[  274.362680][T10726] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  274.369972][T10726] IPv6: NLM_F_CREATE should be set when creating new route
[  274.806035][T10741] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.836794][T10746] netlink: 'syz.1.1461': attribute type 10 has an invalid length.
[  274.869875][T10746] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  274.957472][T10741] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.176220][ T2922] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.230308][T10741] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.322445][T10741] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.423803][T10741] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.440656][T10741] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.457219][T10741] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.472434][T10741] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.184690][ T2922] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.245353][ T2922] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.470643][ T2922] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.527458][T10764] __nla_validate_parse: 2 callbacks suppressed
[  276.527483][T10764] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1468'.
[  276.655396][T10764] batadv_slave_1: entered promiscuous mode
[  276.682340][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1470'.
[  276.715158][T10764] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.751672][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  276.761646][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  276.770129][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  276.792675][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  276.801748][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  276.809198][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  276.976874][T10781] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1471'.
[  276.987796][T10764] batadv_slave_1 (unregistering): left promiscuous mode
[  276.996892][T10764] batman_adv: batadv0: Removing interface: batadv_slave_1
[  277.070949][T10783] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  277.073769][T10785] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1471'.
[  277.257416][T10767] lo speed is unknown, defaulting to 1000
[  277.515593][T10791] lo speed is unknown, defaulting to 1000
[  277.560979][ T2922] bridge_slave_1: left allmulticast mode
[  277.566720][ T2922] bridge_slave_1: left promiscuous mode
[  277.588208][ T2922] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.631846][ T2922] bridge_slave_0: left allmulticast mode
[  277.637578][ T2922] bridge_slave_0: left promiscuous mode
[  277.671278][ T2922] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.893070][ T5854] Bluetooth: hci4: command tx timeout
[  280.534248][T10812] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1483'.
[  280.664293][ T2922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  280.676386][ T2922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  280.696285][ T2922] bond0 (unregistering): Released all slaves
[  280.722018][T10790] lo speed is unknown, defaulting to 1000
[  280.793853][ T3436] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  280.898677][T10811] sit0: entered promiscuous mode
[  280.931704][T10811] netlink: 'syz.0.1483': attribute type 1 has an invalid length.
[  280.953148][T10811] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1483'.
[  280.971010][ T5854] Bluetooth: hci4: command tx timeout
[  281.137036][T10819] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1485'.
[  281.346882][T10827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1487'.
[  281.382855][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1487'.
[  281.469218][T10831] netlink: 'syz.4.1488': attribute type 10 has an invalid length.
[  281.516634][T10831] syz1: rxe_newlink: already configured on team_slave_0
[  281.544158][T10767] chnl_net:caif_netlink_parms(): no params data found
[  281.889894][T10843] netlink: 'syz.4.1490': attribute type 10 has an invalid length.
[  281.969319][T10846] syz1: rxe_newlink: already configured on team_slave_0
[  282.334955][T10852] xt_connbytes: Forcing CT accounting to be enabled
[  282.824335][T10857] ipt_rpfilter: unknown options
[  282.882732][ T2922] hsr_slave_0: left promiscuous mode
[  282.938321][ T2922] hsr_slave_1: left promiscuous mode
[  283.004517][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  283.012981][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_0
[  283.038512][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  283.051097][ T5854] Bluetooth: hci4: command tx timeout
[  283.060953][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_1
[  283.092574][T10864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1498'.
[  283.118264][ T2922] veth1_macvtap: left promiscuous mode
[  283.144694][T10865] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1499'.
[  283.167620][T10864] netlink: 'syz.4.1498': attribute type 1 has an invalid length.
[  283.171130][ T2922] veth0_macvtap: left promiscuous mode
[  283.183563][ T2922] veth1_vlan: left promiscuous mode
[  283.196032][ T2922] veth0_vlan: left promiscuous mode
[  283.757269][ T2922] team0 (unregistering): Port device team_slave_1 removed
[  283.826015][ T2922] team0 (unregistering): Port device team_slave_0 removed
[  284.323543][T10855] FAULT_INJECTION: forcing a failure.
[  284.323543][T10855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.337388][T10855] CPU: 1 UID: 0 PID: 10855 Comm: syz.0.1495 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  284.348222][T10855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  284.358422][T10855] Call Trace:
[  284.361744][T10855]  <TASK>
[  284.364713][T10855]  dump_stack_lvl+0x241/0x360
[  284.369452][T10855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.374686][T10855]  ? __pfx__printk+0x10/0x10
[  284.379309][T10855]  ? __pfx_lock_release+0x10/0x10
[  284.384369][T10855]  should_fail_ex+0x3b0/0x4e0
[  284.389164][T10855]  _copy_from_iter+0x21f/0x1e70
[  284.394048][T10855]  ? __virt_addr_valid+0x183/0x530
[  284.399191][T10855]  ? __pfx_lock_release+0x10/0x10
[  284.404275][T10855]  ? __alloc_skb+0x28f/0x440
[  284.408988][T10855]  ? __pfx__copy_from_iter+0x10/0x10
[  284.414301][T10855]  ? __virt_addr_valid+0x183/0x530
[  284.419433][T10855]  ? __virt_addr_valid+0x183/0x530
[  284.424582][T10855]  ? __virt_addr_valid+0x45f/0x530
[  284.429734][T10855]  ? __check_object_size+0x48e/0x900
[  284.435053][T10855]  netlink_sendmsg+0x73d/0xcb0
[  284.439896][T10855]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.445236][T10855]  ? aa_sock_msg_perm+0x91/0x160
[  284.450211][T10855]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.455522][T10855]  __sock_sendmsg+0x221/0x270
[  284.460338][T10855]  ____sys_sendmsg+0x52a/0x7e0
[  284.465159][T10855]  ? __pfx_____sys_sendmsg+0x10/0x10
[  284.470474][T10855]  ? rcu_is_watching+0x15/0xb0
[  284.475270][T10855]  ? __might_fault+0xaa/0x120
[  284.479983][T10855]  __sys_sendmmsg+0x3ab/0x730
[  284.484703][T10855]  ? __pfx___sys_sendmmsg+0x10/0x10
[  284.489976][T10855]  ? __pfx_lock_release+0x10/0x10
[  284.495049][T10855]  ? kstrtouint_from_user+0x128/0x190
[  284.500475][T10855]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  284.506393][T10855]  ? ksys_write+0x229/0x2b0
[  284.510929][T10855]  ? __pfx_lock_release+0x10/0x10
[  284.516018][T10855]  ? vfs_write+0x730/0xd30
[  284.520477][T10855]  ? __mutex_unlock_slowpath+0x21d/0x750
[  284.526145][T10855]  ? __fget_files+0x3f3/0x470
[  284.530864][T10855]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  284.536881][T10855]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  284.543251][T10855]  ? do_syscall_64+0x100/0x230
[  284.548068][T10855]  __x64_sys_sendmmsg+0xa0/0xb0
[  284.552985][T10855]  do_syscall_64+0xf3/0x230
[  284.557532][T10855]  ? clear_bhb_loop+0x35/0x90
[  284.562241][T10855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.568160][T10855] RIP: 0033:0x7f912197e819
[  284.572599][T10855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.592260][T10855] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  284.600797][T10855] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  284.608828][T10855] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  284.616830][T10855] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  284.624820][T10855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  284.632819][T10855] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  284.640838][T10855]  </TASK>
[  284.662069][T10864] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[  284.806413][T10874] hsr0: left promiscuous mode
[  284.892526][T10767] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.899718][T10767] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.907171][T10767] bridge_slave_0: entered allmulticast mode
[  284.914430][T10767] bridge_slave_0: entered promiscuous mode
[  284.922731][T10767] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.929891][T10767] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.938590][T10767] bridge_slave_1: entered allmulticast mode
[  284.945926][T10767] bridge_slave_1: entered promiscuous mode
[  285.068479][T10767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.122096][T10767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  285.132847][ T5854] Bluetooth: hci4: command tx timeout
[  285.260670][T10887] tipc: Started in network mode
[  285.271107][T10887] tipc: Node identity 00000069b5003a000000000000000001, cluster identity 4711
[  285.295096][T10887] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  285.390593][T10767] team0: Port device team_slave_0 added
[  285.418645][T10767] team0: Port device team_slave_1 added
[  285.475892][T10767] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.486435][T10767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.515626][T10767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.528930][T10767] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.540344][T10767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.568241][T10898] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1510'.
[  285.626798][T10767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.755515][T10767] hsr_slave_0: entered promiscuous mode
[  285.778092][T10912] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1514'.
[  285.789028][T10767] hsr_slave_1: entered promiscuous mode
[  285.794427][T10912] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1514'.
[  285.818485][T10767] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  285.824949][T10912] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1514'.
[  285.836988][T10767] Cannot create hsr debugfs directory
[  285.844598][T10912] netlink: 'syz.1.1514': attribute type 3 has an invalid length.
[  285.860983][T10912] netlink: 'syz.1.1514': attribute type 2 has an invalid length.
[  285.870095][T10912] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1514'.
[  285.901067][T10915] FAULT_INJECTION: forcing a failure.
[  285.901067][T10915] name failslab, interval 1, probability 0, space 0, times 0
[  285.920954][T10915] CPU: 0 UID: 0 PID: 10915 Comm: syz.0.1513 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  285.931813][T10915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  285.941929][T10915] Call Trace:
[  285.945255][T10915]  <TASK>
[  285.948230][T10915]  dump_stack_lvl+0x241/0x360
[  285.952971][T10915]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.958236][T10915]  ? __pfx__printk+0x10/0x10
[  285.962899][T10915]  should_fail_ex+0x3b0/0x4e0
[  285.967633][T10915]  should_failslab+0xac/0x100
[  285.972371][T10915]  ? __hw_addr_add_ex+0x1a8/0x610
[  285.977454][T10915]  __kmalloc_cache_noprof+0x6c/0x2c0
[  285.982815][T10915]  __hw_addr_add_ex+0x1a8/0x610
[  285.987732][T10915]  dev_addr_init+0x143/0x230
[  285.992385][T10915]  ? __pfx_dev_addr_init+0x10/0x10
[  285.997569][T10915]  alloc_netdev_mqs+0x2ae/0x1080
[  286.002563][T10915]  ? __pfx_macvtap_setup+0x10/0x10
[  286.007738][T10915]  ? __pfx_snprintf+0x10/0x10
[  286.012493][T10915]  rtnl_create_link+0x2f9/0xc20
[  286.017435][T10915]  rtnl_newlink_create+0x210/0xa30
[  286.022627][T10915]  ? rtnl_newlink+0xd04/0x24f0
[  286.027626][T10915]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  286.033427][T10915]  ? ns_capable+0x8a/0xf0
[  286.037815][T10915]  rtnl_newlink+0x17dd/0x24f0
[  286.042588][T10915]  ? __pfx_rtnl_newlink+0x10/0x10
[  286.047640][T10915]  ? netlink_unicast+0x7c4/0x990
[  286.052615][T10915]  ? __pfx_validate_chain+0x10/0x10
[  286.057921][T10915]  ? __sys_sendmsg+0x292/0x380
[  286.062742][T10915]  ? do_syscall_64+0xf3/0x230
[  286.067463][T10915]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.073586][T10915]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  286.079627][T10915]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.086027][T10915]  ? mark_lock+0x9a/0x360
[  286.090377][T10915]  ? __lock_acquire+0x1384/0x2050
[  286.095453][T10915]  ? __pfx_lock_release+0x10/0x10
[  286.100516][T10915]  ? __pfx_rtnl_newlink+0x10/0x10
[  286.105594][T10915]  rtnetlink_rcv_msg+0x791/0xcf0
[  286.110549][T10915]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  286.115692][T10915]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  286.121183][T10915]  ? ref_tracker_free+0x643/0x7e0
[  286.126276][T10915]  netlink_rcv_skb+0x1e3/0x430
[  286.131068][T10915]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  286.136548][T10915]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  286.141876][T10915]  ? netlink_deliver_tap+0x2e/0x1b0
[  286.147099][T10915]  netlink_unicast+0x7f6/0x990
[  286.151893][T10915]  ? __pfx_netlink_unicast+0x10/0x10
[  286.157201][T10915]  ? __virt_addr_valid+0x183/0x530
[  286.162338][T10915]  ? __check_object_size+0x48e/0x900
[  286.167647][T10915]  netlink_sendmsg+0x8e4/0xcb0
[  286.172449][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.177765][T10915]  ? aa_sock_msg_perm+0x91/0x160
[  286.182729][T10915]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.188038][T10915]  __sock_sendmsg+0x221/0x270
[  286.192741][T10915]  ____sys_sendmsg+0x52a/0x7e0
[  286.197565][T10915]  ? __pfx_____sys_sendmsg+0x10/0x10
[  286.202895][T10915]  __sys_sendmsg+0x292/0x380
[  286.207512][T10915]  ? __pfx___sys_sendmsg+0x10/0x10
[  286.212884][T10915]  ? __pfx_vfs_write+0x10/0x10
[  286.217723][T10915]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.224099][T10915]  ? do_syscall_64+0x100/0x230
[  286.228896][T10915]  ? do_syscall_64+0xb6/0x230
[  286.233608][T10915]  do_syscall_64+0xf3/0x230
[  286.238173][T10915]  ? clear_bhb_loop+0x35/0x90
[  286.242889][T10915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.248825][T10915] RIP: 0033:0x7f912197e819
[  286.253257][T10915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.272880][T10915] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  286.281340][T10915] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  286.289327][T10915] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
[  286.297422][T10915] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  286.305408][T10915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.313395][T10915] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  286.321405][T10915]  </TASK>
[  286.444647][T10922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1515'.
[  286.459903][T10922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1515'.
[  286.515128][T10919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1515'.
[  286.652573][T10927] FAULT_INJECTION: forcing a failure.
[  286.652573][T10927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.667269][T10927] CPU: 1 UID: 0 PID: 10927 Comm: syz.0.1518 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  286.678104][T10927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  286.688215][T10927] Call Trace:
[  286.691547][T10927]  <TASK>
[  286.694530][T10927]  dump_stack_lvl+0x241/0x360
[  286.699272][T10927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.704533][T10927]  ? __pfx__printk+0x10/0x10
[  286.709187][T10927]  ? __pfx_lock_release+0x10/0x10
[  286.714292][T10927]  should_fail_ex+0x3b0/0x4e0
[  286.719040][T10927]  _copy_from_user+0x2f/0xc0
[  286.723704][T10927]  copy_msghdr_from_user+0xae/0x680
[  286.728964][T10927]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  286.734870][T10927]  __sys_sendmsg+0x22d/0x380
[  286.739622][T10927]  ? __pfx___sys_sendmsg+0x10/0x10
[  286.744820][T10927]  ? __pfx_vfs_write+0x10/0x10
[  286.749668][T10927]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.754031][T10932] netlink: 'syz.1.1520': attribute type 1 has an invalid length.
[  286.756034][T10927]  ? do_syscall_64+0x100/0x230
[  286.768568][T10927]  ? do_syscall_64+0xb6/0x230
[  286.773320][T10927]  do_syscall_64+0xf3/0x230
[  286.777893][T10927]  ? clear_bhb_loop+0x35/0x90
[  286.782638][T10927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.788569][T10927] RIP: 0033:0x7f912197e819
[  286.793008][T10927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.812673][T10927] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  286.821115][T10927] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  286.829547][T10927] RDX: 0000000000004010 RSI: 0000000020000c80 RDI: 0000000000000005
[  286.837550][T10927] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  286.845543][T10927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.853544][T10927] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  286.861591][T10927]  </TASK>
[  286.968025][T10932] 8021q: adding VLAN 0 to HW filter on device bond6
[  287.029360][T10935] bond6: (slave gretap1): making interface the new active one
[  287.043855][T10935] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  287.405269][T10767] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  287.415781][T10767] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  287.434593][T10767] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  287.450045][T10767] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  287.614842][T10767] 8021q: adding VLAN 0 to HW filter on device bond0
[  287.674710][T10767] 8021q: adding VLAN 0 to HW filter on device team0
[  287.717086][ T3515] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.724373][ T3515] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.754471][ T3515] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.761760][ T3515] bridge0: port 2(bridge_slave_1) entered forwarding state
[  288.043092][T10968] vlan3: entered promiscuous mode
[  288.048318][T10968] sit0: entered promiscuous mode
[  288.084706][T10968] sit0: left promiscuous mode
[  288.299843][T10767] 8021q: adding VLAN 0 to HW filter on device batadv0
[  288.337869][T10767] veth0_vlan: entered promiscuous mode
[  288.352100][T10767] veth1_vlan: entered promiscuous mode
[  288.384000][T10767] veth0_macvtap: entered promiscuous mode
[  288.394086][T10767] veth1_macvtap: entered promiscuous mode
[  288.437505][T10767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  288.450052][T10767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.548240][T10767] batman_adv: batadv0: Interface activated: batadv_slave_0
[  288.612049][T10767] batman_adv: batadv0: Interface activated: batadv_slave_1
[  288.629580][T10996] rdma_rxe: rxe_newlink: failed to add lo
[  288.644105][T10767] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  288.685334][T10767] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  288.708132][T10767] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  288.738545][T10767] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  288.932212][ T3569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.932871][T11002] lo speed is unknown, defaulting to 1000
[  288.971714][ T3569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  289.031421][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  289.060201][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  289.854885][T11020] tipc: Failed to remove unknown binding: 66,1,1/0:2455062998/2455062999
[  290.030296][T11022] tipc: Failed to remove unknown binding: 66,1,1/2886997162:1301778239/1301778240
[  290.071108][T11022] FAULT_INJECTION: forcing a failure.
[  290.071108][T11022] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.107330][T11022] CPU: 1 UID: 0 PID: 11022 Comm: syz.4.1551 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  290.118181][T11022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  290.128293][T11022] Call Trace:
[  290.131621][T11022]  <TASK>
[  290.134604][T11022]  dump_stack_lvl+0x241/0x360
[  290.139452][T11022]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.144709][T11022]  ? __pfx__printk+0x10/0x10
[  290.149357][T11022]  ? snprintf+0xda/0x120
[  290.153667][T11022]  should_fail_ex+0x3b0/0x4e0
[  290.158405][T11022]  _copy_to_user+0x31/0xb0
[  290.162879][T11022]  simple_read_from_buffer+0xca/0x150
[  290.168327][T11022]  proc_fail_nth_read+0x1e9/0x250
[  290.173410][T11022]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.179030][T11022]  ? rw_verify_area+0x55e/0x6f0
[  290.183949][T11022]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.189574][T11022]  vfs_read+0x1fc/0xb70
[  290.193805][T11022]  ? fdget_pos+0x24e/0x320
[  290.198283][T11022]  ? __pfx_vfs_read+0x10/0x10
[  290.203035][T11022]  ? __fget_files+0x3f3/0x470
[  290.207785][T11022]  ? fdget_pos+0x24e/0x320
[  290.212264][T11022]  ksys_read+0x183/0x2b0
[  290.216563][T11022]  ? __pfx_ksys_read+0x10/0x10
[  290.221384][T11022]  ? do_syscall_64+0x100/0x230
[  290.226206][T11022]  ? do_syscall_64+0xb6/0x230
[  290.230937][T11022]  do_syscall_64+0xf3/0x230
[  290.235494][T11022]  ? clear_bhb_loop+0x35/0x90
[  290.240228][T11022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.246176][T11022] RIP: 0033:0x7f6ddcf7d25c
[  290.250654][T11022] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  290.270187][T11027] FAULT_INJECTION: forcing a failure.
[  290.270187][T11027] name failslab, interval 1, probability 0, space 0, times 0
[  290.270414][T11022] RSP: 002b:00007f6ddddd6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  290.270468][T11022] RAX: ffffffffffffffda RBX: 00007f6ddd135fa0 RCX: 00007f6ddcf7d25c
[  290.298234][T11028] Unsupported ieee802154 address type: 0
[  290.299447][T11022] RDX: 000000000000000f RSI: 00007f6ddddd60a0 RDI: 0000000000000006
[  290.299471][T11022] RBP: 00007f6ddddd6090 R08: 0000000000000000 R09: 0000000000000000
[  290.299489][T11022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.299505][T11022] R13: 0000000000000000 R14: 00007f6ddd135fa0 R15: 00007ffd0110f498
[  290.318150][T11028] netlink: 'syz.3.1554': attribute type 2 has an invalid length.
[  290.321376][T11022]  </TASK>
[  290.352773][T11027] CPU: 0 UID: 0 PID: 11027 Comm: syz.0.1553 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  290.363621][T11027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  290.373719][T11027] Call Trace:
[  290.377049][T11027]  <TASK>
[  290.379990][T11027]  dump_stack_lvl+0x241/0x360
[  290.384778][T11027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.390010][T11027]  ? __pfx__printk+0x10/0x10
[  290.392828][T11028] __nla_validate_parse: 3 callbacks suppressed
[  290.392849][T11028] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1554'.
[  290.394609][T11027]  ? __kmalloc_noprof+0xb0/0x400
[  290.414794][T11027]  ? __pfx___might_resched+0x10/0x10
[  290.420147][T11027]  should_fail_ex+0x3b0/0x4e0
[  290.424881][T11027]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  290.431267][T11027]  should_failslab+0xac/0x100
[  290.435997][T11027]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  290.442291][T11027]  __kmalloc_noprof+0xd8/0x400
[  290.447113][T11027]  ? apparmor_capable+0x13b/0x1b0
[  290.452206][T11027]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  290.458336][T11027]  genl_rcv_msg+0x802/0xec0
[  290.462896][T11027]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.467975][T11027]  ? __pfx_lock_acquire+0x10/0x10
[  290.473025][T11027]  ? __pfx_ovs_flow_cmd_del+0x10/0x10
[  290.478418][T11027]  ? __pfx___might_resched+0x10/0x10
[  290.483733][T11027]  netlink_rcv_skb+0x1e3/0x430
[  290.488611][T11027]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.493662][T11027]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.498980][T11027]  ? __netlink_deliver_tap+0x7aa/0x7f0
[  290.504484][T11027]  genl_rcv+0x28/0x40
[  290.508497][T11027]  netlink_unicast+0x7f6/0x990
[  290.513309][T11027]  ? __pfx_netlink_unicast+0x10/0x10
[  290.518618][T11027]  ? __virt_addr_valid+0x183/0x530
[  290.523760][T11027]  ? __check_object_size+0x48e/0x900
[  290.529074][T11027]  netlink_sendmsg+0x8e4/0xcb0
[  290.533875][T11027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.539214][T11027]  ? aa_sock_msg_perm+0x91/0x160
[  290.544289][T11027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.549619][T11027]  __sock_sendmsg+0x221/0x270
[  290.554326][T11027]  ____sys_sendmsg+0x52a/0x7e0
[  290.559128][T11027]  ? __pfx_____sys_sendmsg+0x10/0x10
[  290.564451][T11027]  __sys_sendmsg+0x292/0x380
[  290.569070][T11027]  ? __pfx___sys_sendmsg+0x10/0x10
[  290.574241][T11027]  ? __pfx_vfs_write+0x10/0x10
[  290.579043][T11027]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  290.585415][T11027]  ? do_syscall_64+0x100/0x230
[  290.590215][T11027]  ? do_syscall_64+0xb6/0x230
[  290.595000][T11027]  do_syscall_64+0xf3/0x230
[  290.599524][T11027]  ? clear_bhb_loop+0x35/0x90
[  290.604222][T11027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.610137][T11027] RIP: 0033:0x7f912197e819
[  290.614571][T11027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.634393][T11027] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  290.642927][T11027] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  290.650922][T11027] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  290.658915][T11027] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  290.666906][T11027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.674893][T11027] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  290.682907][T11027]  </TASK>
[  291.000134][T11039] rdma_rxe: rxe_newlink: failed to add lo
[  291.295965][ T3569] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.585963][ T3569] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.649452][ T3569] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.784361][T11054] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3955221924/3955221926
[  292.861678][T11060] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3955221924/3955221926
[  292.890958][T11060] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3955221924/3955221926
[  292.957166][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  292.967341][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  292.977401][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  292.986433][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  292.998354][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  293.006636][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  293.053089][ T3569] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.088526][T11062] lo speed is unknown, defaulting to 1000
[  293.093708][T11058] syzkaller0: entered allmulticast mode
[  293.339744][T11072] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1566'.
[  293.359810][ T3569] bridge_slave_1: left allmulticast mode
[  293.375440][ T3569] bridge_slave_1: left promiscuous mode
[  293.387757][ T3569] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.401705][ T3569] bridge_slave_0: left allmulticast mode
[  293.407681][ T3569] bridge_slave_0: left promiscuous mode
[  293.413701][ T3569] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.689124][T11078] tipc: Failed to remove unknown binding: 66,1,1/2886997162:1286556033/1286556034
[  293.898075][ T3569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  293.917854][ T3569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  293.931559][ T3569] bond0 (unregistering): Released all slaves
[  294.471554][T11092] rdma_rxe: rxe_newlink: failed to add lo
[  294.491346][T11099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  294.551604][T11062] chnl_net:caif_netlink_parms(): no params data found
[  294.999477][ T3569] hsr_slave_0: left promiscuous mode
[  295.017028][ T3569] hsr_slave_1: left promiscuous mode
[  295.051120][   T54] Bluetooth: hci4: command tx timeout
[  295.071040][ T3569] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  295.078555][ T3569] batman_adv: batadv0: Removing interface: batadv_slave_0
[  295.103171][T11119] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1580'.
[  295.112042][ T3569] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  295.128971][ T3569] batman_adv: batadv0: Removing interface: batadv_slave_1
[  295.158219][ T3569] veth1_macvtap: left promiscuous mode
[  295.164640][ T3569] veth0_macvtap: left promiscuous mode
[  295.170572][ T3569] veth1_vlan: left promiscuous mode
[  295.170607][T11111] sctp: [Deprecated]: syz.1.1577 (pid 11111) Use of struct sctp_assoc_value in delayed_ack socket option.
[  295.170607][T11111] Use struct sctp_sack_info instead
[  295.176372][ T3569] veth0_vlan: left promiscuous mode
[  295.464093][T11133] x_tables: ip6_tables: SNPT target: used from hooks PREROUTING, but only usable from INPUT/POSTROUTING
[  295.683325][T11136] IPv6: addrconf: prefix option has invalid lifetime
[  295.693095][T11136] tipc: Failed to remove unknown binding: 66,1,1/0:1026688333/1026688335
[  296.095272][ T3569] team0 (unregistering): Port device team_slave_1 removed
[  296.151326][ T3569] team0 (unregistering): Port device team_slave_0 removed
[  296.638069][T11062] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.648349][T11062] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.656168][T11062] bridge_slave_0: entered allmulticast mode
[  296.672650][T11062] bridge_slave_0: entered promiscuous mode
[  296.682387][T11062] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.689564][T11062] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.697041][T11062] bridge_slave_1: entered allmulticast mode
[  296.704987][T11062] bridge_slave_1: entered promiscuous mode
[  296.757445][T11141] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1586'.
[  296.925560][T11062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.000894][T11062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  297.118688][T11156] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1590'.
[  297.131342][   T54] Bluetooth: hci4: command tx timeout
[  297.149295][T11062] team0: Port device team_slave_0 added
[  297.160012][T11062] team0: Port device team_slave_1 added
[  297.250211][T11062] batman_adv: batadv0: Adding interface: batadv_slave_0
[  297.269234][T11062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.348985][T11062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  297.384218][T11062] batman_adv: batadv0: Adding interface: batadv_slave_1
[  297.399432][T11062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.473908][T11062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  297.533211][T11166] xt_TPROXY: Can be used only with -p tcp or -p udp
[  297.618156][T11171] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1597'.
[  297.691969][T11062] hsr_slave_0: entered promiscuous mode
[  297.708072][T11062] hsr_slave_1: entered promiscuous mode
[  297.726131][T11062] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  297.746158][T11062] Cannot create hsr debugfs directory
[  297.773278][T11175] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1599'.
[  297.794201][T11176] netlink: 'syz.0.1598': attribute type 1 has an invalid length.
[  298.031214][T11181] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1602'.
[  298.247301][T11188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1604'.
[  298.270980][T11188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1604'.
[  298.342591][T11190] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1605'.
[  298.377254][T11190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1605'.
[  298.693705][T11201] xt_TPROXY: Can be used only with -p tcp or -p udp
[  298.773275][T11062] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  298.795139][T11062] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  298.834827][T11062] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  298.894952][T11209] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1611'.
[  298.909630][T11062] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  299.112048][T11062] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.133812][T11062] 8021q: adding VLAN 0 to HW filter on device team0
[  299.148326][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.155672][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.188848][T11213] openvswitch: netlink: Key 3 has unexpected len 2 expected 4
[  299.211474][   T54] Bluetooth: hci4: command tx timeout
[  299.248139][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.255390][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.015614][T11062] 8021q: adding VLAN 0 to HW filter on device batadv0
[  301.168823][T11062] veth0_vlan: entered promiscuous mode
[  301.236067][T11062] veth1_vlan: entered promiscuous mode
[  301.242169][T11227] netlink: 'syz.0.1617': attribute type 1 has an invalid length.
[  301.301065][   T54] Bluetooth: hci4: command tx timeout
[  301.413331][T11062] veth0_macvtap: entered promiscuous mode
[  301.424946][T11062] veth1_macvtap: entered promiscuous mode
[  301.445815][T11062] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.460141][T11062] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.494546][T11062] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.540407][T11062] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.584796][T11062] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  301.627789][T11062] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  301.650290][T11062] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.683210][T11062] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  301.956923][ T6978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.980911][ T6978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.062107][ T3548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.070000][ T3548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.277553][T11243] __nla_validate_parse: 1 callbacks suppressed
[  302.277589][T11243] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1622'.
[  302.811793][T11250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1624'.
[  302.928573][ T2922] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.138554][ T2922] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.310702][ T2922] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.417982][ T2922] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.575168][ T2922] bridge_slave_1: left allmulticast mode
[  303.581889][ T2922] bridge_slave_1: left promiscuous mode
[  303.587650][ T2922] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.596921][ T2922] bridge_slave_0: left allmulticast mode
[  303.603150][ T2922] bridge_slave_0: left promiscuous mode
[  303.608924][ T2922] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.054534][ T2922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.073932][ T2922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.094405][ T2922] bond0 (unregistering): Released all slaves
[  304.653445][T11259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1627'.
[  304.847183][ T2922] hsr_slave_0: left promiscuous mode
[  304.897965][T11272] netlink: 'syz.4.1633': attribute type 10 has an invalid length.
[  304.948971][T11277] syz1: rxe_newlink: already configured on team_slave_0
[  304.957306][ T2922] hsr_slave_1: left promiscuous mode
[  304.968708][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.991318][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_0
[  305.021977][ T2922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  305.029657][ T2922] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.066910][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  305.078922][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  305.085085][ T2922] veth1_macvtap: left promiscuous mode
[  305.093101][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  305.103120][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  305.111321][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  305.119102][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  305.126006][ T2922] veth0_macvtap: left promiscuous mode
[  305.147138][ T2922] veth1_vlan: left promiscuous mode
[  305.155973][ T2922] veth0_vlan: left promiscuous mode
[  305.678888][ T2922] team0 (unregistering): Port device team_slave_1 removed
[  305.722715][ T2922] team0 (unregistering): Port device team_slave_0 removed
[  306.203656][T11280] lo speed is unknown, defaulting to 1000
[  306.353518][T11285] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1635'.
[  306.396929][T11285] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1635'.
[  306.554870][T11294] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1639'.
[  306.625082][T11298] netlink: 'syz.3.1641': attribute type 7 has an invalid length.
[  306.640018][T11298] netlink: 'syz.3.1641': attribute type 8 has an invalid length.
[  306.648189][T11298] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1641'.
[  306.800531][T11302] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1642'.
[  307.134866][T11280] chnl_net:caif_netlink_parms(): no params data found
[  307.231170][ T5854] Bluetooth: hci4: command tx timeout
[  307.239164][T11312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1645'.
[  307.592894][T11280] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.600056][T11280] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.610722][T11339] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1653'.
[  307.623909][T11280] bridge_slave_0: entered allmulticast mode
[  307.645054][T11280] bridge_slave_0: entered promiscuous mode
[  307.682205][T11280] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.689351][T11280] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.727153][T11280] bridge_slave_1: entered allmulticast mode
[  307.753079][T11280] bridge_slave_1: entered promiscuous mode
[  307.806669][T11344] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1654'.
[  307.883621][T11280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.897679][T11280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.949507][T11350] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1656'.
[  307.950530][T11347] lo speed is unknown, defaulting to 1000
[  307.972749][T11280] team0: Port device team_slave_0 added
[  307.991037][T11280] team0: Port device team_slave_1 added
[  308.056446][T11354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1657'.
[  308.059629][T11280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  308.081995][T11355] sctp: [Deprecated]: syz.0.1656 (pid 11355) Use of struct sctp_assoc_value in delayed_ack socket option.
[  308.081995][T11355] Use struct sctp_sack_info instead
[  308.089900][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.114614][T11360] sctp: [Deprecated]: syz.4.1657 (pid 11360) Use of struct sctp_assoc_value in delayed_ack socket option.
[  308.114614][T11360] Use struct sctp_sack_info instead
[  308.191232][T11280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  308.240383][T11280] batman_adv: batadv0: Adding interface: batadv_slave_1
[  308.257906][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.302958][T11280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.389492][T11351] lo speed is unknown, defaulting to 1000
[  308.428468][T11280] hsr_slave_0: entered promiscuous mode
[  308.451738][T11280] hsr_slave_1: entered promiscuous mode
[  308.487661][T11280] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  308.505667][T11280] Cannot create hsr debugfs directory
[  308.639646][T11369] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1664'.
[  308.728443][T11374] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1666'.
[  309.314874][ T5854] Bluetooth: hci4: command tx timeout
[  309.531412][T11391] tipc: Started in network mode
[  309.536550][T11391] tipc: Node identity ac1414aa, cluster identity 4711
[  309.561551][T11391] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  309.570447][T11391] tipc: Enabled bearer <udp:s>, priority 10
[  309.576805][T11393] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1671'.
[  309.701001][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  309.841025][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  309.943013][T11280] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  309.980998][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.120952][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.260951][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.310176][T11280] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  310.336374][T11280] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  310.365286][T11280] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  310.400991][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.526502][T11280] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.540952][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.580180][T11280] 8021q: adding VLAN 0 to HW filter on device team0
[  310.603112][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.610294][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.634606][ T3436] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.641841][ T3436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.681052][ T5855] tipc: Node number set to 2886997162
[  310.821050][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  310.979830][T11280] 8021q: adding VLAN 0 to HW filter on device batadv0
[  311.042619][T11280] veth0_vlan: entered promiscuous mode
[  311.082591][T11280] veth1_vlan: entered promiscuous mode
[  311.091018][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  311.143337][T11280] veth0_macvtap: entered promiscuous mode
[  311.179657][T11280] veth1_macvtap: entered promiscuous mode
[  311.206663][T11280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  311.237415][T11280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.266626][T11280] batman_adv: batadv0: Interface activated: batadv_slave_0
[  311.292895][T11280] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.372596][ T5854] Bluetooth: hci4: command tx timeout
[  311.456884][T11280] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.475505][T11280] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.505473][T11280] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.535427][T11280] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.742183][T11436] FAULT_INJECTION: forcing a failure.
[  311.742183][T11436] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  311.763108][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.776851][T11436] CPU: 0 UID: 0 PID: 11436 Comm: syz.0.1685 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  311.787690][T11436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  311.797874][T11436] Call Trace:
[  311.801193][T11436]  <TASK>
[  311.804163][T11436]  dump_stack_lvl+0x241/0x360
[  311.808981][T11436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.810820][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.814263][T11436]  ? __pfx__printk+0x10/0x10
[  311.814300][T11436]  ? __pfx_lock_release+0x10/0x10
[  311.831286][T11436]  should_fail_ex+0x3b0/0x4e0
[  311.836023][T11436]  _copy_from_iter+0x21f/0x1e70
[  311.840929][T11436]  ? __virt_addr_valid+0x183/0x530
[  311.846088][T11436]  ? __pfx_lock_release+0x10/0x10
[  311.851175][T11436]  ? __alloc_skb+0x28f/0x440
[  311.855826][T11436]  ? __pfx__copy_from_iter+0x10/0x10
[  311.861170][T11436]  ? __virt_addr_valid+0x183/0x530
[  311.866325][T11436]  ? __virt_addr_valid+0x183/0x530
[  311.871483][T11436]  ? __virt_addr_valid+0x45f/0x530
[  311.876640][T11436]  ? __check_object_size+0x48e/0x900
[  311.881979][T11436]  netlink_sendmsg+0x73d/0xcb0
[  311.886837][T11436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.892182][T11436]  ? aa_sock_msg_perm+0x91/0x160
[  311.897190][T11436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.902524][T11436]  __sock_sendmsg+0x221/0x270
[  311.907265][T11436]  ____sys_sendmsg+0x52a/0x7e0
[  311.912088][T11436]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.917529][T11436]  __sys_sendmmsg+0x3ab/0x730
[  311.922268][T11436]  ? __pfx___sys_sendmmsg+0x10/0x10
[  311.927614][T11436]  ? __pfx_lock_release+0x10/0x10
[  311.932698][T11436]  ? kstrtouint_from_user+0x128/0x190
[  311.938143][T11436]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  311.944086][T11436]  ? ksys_write+0x229/0x2b0
[  311.948721][T11436]  ? __pfx_lock_release+0x10/0x10
[  311.953815][T11436]  ? vfs_write+0x730/0xd30
[  311.958283][T11436]  ? __mutex_unlock_slowpath+0x21d/0x750
[  311.964161][T11436]  ? __fget_files+0x3f3/0x470
[  311.968911][T11436]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  311.974956][T11436]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  311.981420][T11436]  ? do_syscall_64+0x100/0x230
[  311.986234][T11436]  __x64_sys_sendmmsg+0xa0/0xb0
[  311.991143][T11436]  do_syscall_64+0xf3/0x230
[  311.995696][T11436]  ? clear_bhb_loop+0x35/0x90
[  311.996757][T11438] lo speed is unknown, defaulting to 1000
[  312.000486][T11436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.012130][T11436] RIP: 0033:0x7f912197e819
[  312.016757][T11436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.030875][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.036483][T11436] RSP: 002b:00007f912283c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  312.036514][T11436] RAX: ffffffffffffffda RBX: 00007f9121b35fa0 RCX: 00007f912197e819
[  312.060856][T11436] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  312.063022][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  312.068860][T11436] RBP: 00007f912283c090 R08: 0000000000000000 R09: 0000000000000000
[  312.068881][T11436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  312.068896][T11436] R13: 0000000000000000 R14: 00007f9121b35fa0 R15: 00007ffefb49deb8
[  312.068931][T11436]  </TASK>
[  312.175500][T11444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1686'.
[  312.236624][T11446] sctp: [Deprecated]: syz.3.1686 (pid 11446) Use of struct sctp_assoc_value in delayed_ack socket option.
[  312.236624][T11446] Use struct sctp_sack_info instead
[  312.411579][T11450] netlink: 'syz.4.1689': attribute type 10 has an invalid length.
[  312.479027][T11450] team0: Device bond0 is already an upper device of the team interface
[  312.634457][T11454] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1691'.
[  312.740121][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  312.880549][T11466] xt_bpf: check failed: parse error
[  312.917322][T11466] FAULT_INJECTION: forcing a failure.
[  312.917322][T11466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  312.937907][T11466] CPU: 0 UID: 0 PID: 11466 Comm: syz.1.1694 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  312.948739][T11466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  312.950135][T11468] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3197071906/3197071908
[  312.958809][T11466] Call Trace:
[  312.958823][T11466]  <TASK>
[  312.958834][T11466]  dump_stack_lvl+0x241/0x360
[  312.958873][T11466]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.984242][T11466]  ? __pfx__printk+0x10/0x10
[  312.988847][T11466]  ? __pfx_lock_release+0x10/0x10
[  312.993890][T11466]  should_fail_ex+0x3b0/0x4e0
[  312.998669][T11466]  _copy_from_iter+0x21f/0x1e70
[  313.003569][T11466]  ? __virt_addr_valid+0x183/0x530
[  313.008683][T11466]  ? __pfx_lock_release+0x10/0x10
[  313.013725][T11466]  ? __alloc_skb+0x28f/0x440
[  313.018322][T11466]  ? __pfx__copy_from_iter+0x10/0x10
[  313.023641][T11466]  ? __virt_addr_valid+0x183/0x530
[  313.028758][T11466]  ? __virt_addr_valid+0x183/0x530
[  313.033876][T11466]  ? __virt_addr_valid+0x45f/0x530
[  313.038999][T11466]  ? __check_object_size+0x48e/0x900
[  313.044296][T11466]  netlink_sendmsg+0x73d/0xcb0
[  313.049084][T11466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.054389][T11466]  ? aa_sock_msg_perm+0x91/0x160
[  313.059344][T11466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.064643][T11466]  __sock_sendmsg+0x221/0x270
[  313.069330][T11466]  ____sys_sendmsg+0x52a/0x7e0
[  313.074131][T11466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  313.079438][T11466]  __sys_sendmsg+0x292/0x380
[  313.084061][T11466]  ? __pfx___sys_sendmsg+0x10/0x10
[  313.089215][T11466]  ? __pfx_vfs_write+0x10/0x10
[  313.094004][T11466]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  313.100368][T11466]  ? do_syscall_64+0x100/0x230
[  313.105145][T11466]  ? do_syscall_64+0xb6/0x230
[  313.109856][T11466]  do_syscall_64+0xf3/0x230
[  313.114403][T11466]  ? clear_bhb_loop+0x35/0x90
[  313.119108][T11466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.125009][T11466] RIP: 0033:0x7f494077e819
[  313.129447][T11466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.149075][T11466] RSP: 002b:00007f493e5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  313.157526][T11466] RAX: ffffffffffffffda RBX: 00007f4940935fa0 RCX: 00007f494077e819
[  313.165509][T11466] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  313.173502][T11466] RBP: 00007f493e5f6090 R08: 0000000000000000 R09: 0000000000000000
[  313.181535][T11466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.189529][T11466] R13: 0000000000000000 R14: 00007f4940935fa0 R15: 00007ffc4b3f8488
[  313.197532][T11466]  </TASK>
[  313.774449][T11481] netlink: 'syz.0.1700': attribute type 10 has an invalid length.
[  313.783460][T11467] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3197071906/3197071908
[  313.793240][T11467] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3197071906/3197071908
[  313.827406][T11484] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  313.841714][T11483] netlink: 'syz.3.1701': attribute type 1 has an invalid length.
[  313.862345][T11483] netlink: 'syz.3.1701': attribute type 1 has an invalid length.
[  314.217489][T11495] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1704'.
[  314.325997][T11505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1709'.
[  314.697902][T11516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1711'.
[  314.708737][T11519] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1714'.
[  314.730989][    C0] net_ratelimit: 3 callbacks suppressed
[  314.731011][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  314.777955][T11519] af_packet: tpacket_rcv: packet too big, clamped from 3956 to 3952. macoff=96
[  314.791594][ T3436] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.805920][T11521] sctp: [Deprecated]: syz.1.1711 (pid 11521) Use of struct sctp_assoc_value in delayed_ack socket option.
[  314.805920][T11521] Use struct sctp_sack_info instead
[  314.867247][T11511] lo speed is unknown, defaulting to 1000
[  315.122819][ T3436] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.208319][ T3436] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.282334][ T3436] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.390286][ T3436] bridge_slave_1: left allmulticast mode
[  315.396133][ T3436] bridge_slave_1: left promiscuous mode
[  315.402415][ T3436] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.413360][ T3436] bridge_slave_0: left allmulticast mode
[  315.419041][ T3436] bridge_slave_0: left promiscuous mode
[  315.430059][ T3436] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.751523][ T3436] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.765268][ T3436] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.771082][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  315.784062][ T3436] bond0 (unregistering): Released all slaves
[  316.344525][ T3436] hsr_slave_0: left promiscuous mode
[  316.361492][ T3436] hsr_slave_1: left promiscuous mode
[  316.368962][ T3436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  316.376796][ T3436] batman_adv: batadv0: Removing interface: batadv_slave_0
[  316.399181][ T3436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  316.415331][ T3436] batman_adv: batadv0: Removing interface: batadv_slave_1
[  316.458442][ T3436] veth1_macvtap: left promiscuous mode
[  316.468104][ T3436] veth0_macvtap: left promiscuous mode
[  316.477564][ T3436] veth1_vlan: left promiscuous mode
[  316.486792][ T3436] veth0_vlan: left promiscuous mode
[  316.646492][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  316.669085][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  316.678527][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  316.687912][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  316.703462][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  316.712335][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  316.811080][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  317.067032][ T3436] team0 (unregistering): Port device team_slave_1 removed
[  317.118788][ T3436] team0 (unregistering): Port device team_slave_0 removed
[  317.295025][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.503136][T11534] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  317.641586][T11538] lo speed is unknown, defaulting to 1000
[  317.726346][T11546] FAULT_INJECTION: forcing a failure.
[  317.726346][T11546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  317.788380][T11546] CPU: 1 UID: 0 PID: 11546 Comm: syz.4.1722 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  317.792422][T11552] x_tables: duplicate underflow at hook 1
[  317.799190][T11546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  317.799211][T11546] Call Trace:
[  317.799221][T11546]  <TASK>
[  317.799231][T11546]  dump_stack_lvl+0x241/0x360
[  317.799271][T11546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  317.831198][T11546]  ? __pfx__printk+0x10/0x10
[  317.835842][T11546]  ? __pfx_lock_release+0x10/0x10
[  317.840924][T11546]  should_fail_ex+0x3b0/0x4e0
[  317.845735][T11546]  _copy_from_iter+0x21f/0x1e70
[  317.850630][T11546]  ? __virt_addr_valid+0x183/0x530
[  317.850982][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  317.855760][T11546]  ? __pfx_lock_release+0x10/0x10
[  317.855808][T11546]  ? __alloc_skb+0x28f/0x440
[  317.872305][T11546]  ? __pfx__copy_from_iter+0x10/0x10
[  317.877652][T11546]  ? __virt_addr_valid+0x183/0x530
[  317.882804][T11546]  ? __virt_addr_valid+0x183/0x530
[  317.887961][T11546]  ? __virt_addr_valid+0x45f/0x530
[  317.893119][T11546]  ? __check_object_size+0x48e/0x900
[  317.898459][T11546]  netlink_sendmsg+0x73d/0xcb0
[  317.903302][T11546]  ? __pfx_netlink_sendmsg+0x10/0x10
[  317.908661][T11546]  ? aa_sock_msg_perm+0x91/0x160
[  317.913656][T11546]  ? __pfx_netlink_sendmsg+0x10/0x10
[  317.918987][T11546]  __sock_sendmsg+0x221/0x270
[  317.923715][T11546]  ____sys_sendmsg+0x52a/0x7e0
[  317.928541][T11546]  ? __pfx_____sys_sendmsg+0x10/0x10
[  317.933896][T11546]  __sys_sendmsg+0x292/0x380
[  317.938542][T11546]  ? __pfx___sys_sendmsg+0x10/0x10
[  317.943722][T11546]  ? __pfx_vfs_write+0x10/0x10
[  317.948581][T11546]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  317.954961][T11546]  ? do_syscall_64+0x100/0x230
[  317.959779][T11546]  ? do_syscall_64+0xb6/0x230
[  317.964512][T11546]  do_syscall_64+0xf3/0x230
[  317.969065][T11546]  ? clear_bhb_loop+0x35/0x90
[  317.973793][T11546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.979730][T11546] RIP: 0033:0x7f6ddcf7e819
[  317.984187][T11546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.003853][T11546] RSP: 002b:00007f6ddddd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  318.012325][T11546] RAX: ffffffffffffffda RBX: 00007f6ddd135fa0 RCX: 00007f6ddcf7e819
[  318.020357][T11546] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  318.028381][T11546] RBP: 00007f6ddddd6090 R08: 0000000000000000 R09: 0000000000000000
[  318.036398][T11546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.044411][T11546] R13: 0000000000000000 R14: 00007f6ddd135fa0 R15: 00007ffd0110f498
[  318.052442][T11546]  </TASK>
[  318.171802][T11556] xt_TPROXY: Can be used only with -p tcp or -p udp
[  318.441213][T11564] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1729'.
[  318.734376][ T5854] Bluetooth: hci4: command tx timeout
[  318.891298][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  319.042482][T11538] chnl_net:caif_netlink_parms(): no params data found
[  319.071927][T11585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  319.166369][T11538] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.175769][T11538] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.184686][T11538] bridge_slave_0: entered allmulticast mode
[  319.192904][T11538] bridge_slave_0: entered promiscuous mode
[  319.201902][T11538] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.209655][T11538] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.226912][T11538] bridge_slave_1: entered allmulticast mode
[  319.234150][T11538] bridge_slave_1: entered promiscuous mode
[  319.282316][T11538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.296249][T11538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.353552][T11538] team0: Port device team_slave_0 added
[  319.364985][T11595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1740'.
[  319.375676][T11538] team0: Port device team_slave_1 added
[  319.445337][T11538] batman_adv: batadv0: Adding interface: batadv_slave_0
[  319.453806][T11538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.481376][T11538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.493683][T11597] lo speed is unknown, defaulting to 1000
[  319.495198][T11538] batman_adv: batadv0: Adding interface: batadv_slave_1
[  319.507235][T11538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.510217][T11602] netlink: 'syz.3.1742': attribute type 1 has an invalid length.
[  319.533690][T11538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  319.672154][T11538] hsr_slave_0: entered promiscuous mode
[  319.692194][T11538] hsr_slave_1: entered promiscuous mode
[  319.712708][T11538] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  319.720431][T11538] Cannot create hsr debugfs directory
[  319.735601][T11602] lo speed is unknown, defaulting to 1000
[  319.774816][T11606] FAULT_INJECTION: forcing a failure.
[  319.774816][T11606] name failslab, interval 1, probability 0, space 0, times 0
[  319.795964][T11606] CPU: 0 UID: 0 PID: 11606 Comm: syz.1.1744 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  319.806788][T11606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  319.817068][T11606] Call Trace:
[  319.820380][T11606]  <TASK>
[  319.823346][T11606]  dump_stack_lvl+0x241/0x360
[  319.828073][T11606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.833318][T11606]  ? __pfx__printk+0x10/0x10
[  319.837968][T11606]  ? __kmalloc_node_track_caller_noprof+0xb2/0x440
[  319.844514][T11606]  ? __pfx___might_resched+0x10/0x10
[  319.849843][T11606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.855953][T11606]  should_fail_ex+0x3b0/0x4e0
[  319.860675][T11606]  should_failslab+0xac/0x100
[  319.865396][T11606]  __kmalloc_node_track_caller_noprof+0xda/0x440
[  319.871773][T11606]  ? kobject_set_name_vargs+0x61/0x120
[  319.877289][T11606]  kstrdup+0x3a/0x80
[  319.881245][T11606]  kobject_set_name_vargs+0x61/0x120
[  319.886580][T11606]  dev_set_name+0xd5/0x120
[  319.891060][T11606]  ? __pfx_dev_set_name+0x10/0x10
[  319.896139][T11606]  ? __kasan_kmalloc+0x98/0xb0
[  319.900946][T11606]  ? tty_register_device_attr+0x311/0x960
[  319.906714][T11606]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  319.912326][T11606]  tty_register_device_attr+0x3cc/0x960
[  319.917934][T11606]  ? __pfx_tty_register_device_attr+0x10/0x10
[  319.924067][T11606]  ? tty_port_register_device+0x5b/0x100
[  319.929755][T11606]  rfcomm_dev_ioctl+0x1a51/0x2220
[  319.934837][T11606]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  319.940268][T11606]  ? kfree+0x1a0/0x440
[  319.944390][T11606]  ? tomoyo_path_number_perm+0x68d/0x880
[  319.950076][T11606]  ? bt_sock_ioctl+0xe9/0x2c0
[  319.954819][T11606]  sock_do_ioctl+0x158/0x460
[  319.959461][T11606]  ? __pfx_sock_do_ioctl+0x10/0x10
[  319.964638][T11606]  sock_ioctl+0x626/0x8e0
[  319.969010][T11606]  ? __pfx_sock_ioctl+0x10/0x10
[  319.973897][T11606]  ? __fget_files+0x29/0x470
[  319.978548][T11606]  ? __fget_files+0x3f3/0x470
[  319.983272][T11606]  ? __pfx_sock_ioctl+0x10/0x10
[  319.988160][T11606]  __se_sys_ioctl+0xf9/0x170
[  319.992789][T11606]  do_syscall_64+0xf3/0x230
[  319.997364][T11606]  ? clear_bhb_loop+0x35/0x90
[  320.002103][T11606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.008067][T11606] RIP: 0033:0x7f494077e819
[  320.012681][T11606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  320.032320][T11606] RSP: 002b:00007f493e5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  320.040843][T11606] RAX: ffffffffffffffda RBX: 00007f4940935fa0 RCX: 00007f494077e819
[  320.048919][T11606] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000005
[  320.056927][T11606] RBP: 00007f493e5f6090 R08: 0000000000000000 R09: 0000000000000000
[  320.064913][T11606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.072919][T11606] R13: 0000000000000000 R14: 00007f4940935fa0 R15: 00007ffc4b3f8488
[  320.080934][T11606]  </TASK>
[  320.084856][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  320.290555][T11608] netlink: 'syz.0.1745': attribute type 16 has an invalid length.
[  320.311717][T11608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1745'.
[  320.820107][ T5854] Bluetooth: hci4: command tx timeout
[  320.986993][T11538] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  321.041481][T11538] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  321.066822][T11538] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  321.078966][T11538] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  321.130966][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  321.332762][T11538] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.409029][T11538] 8021q: adding VLAN 0 to HW filter on device team0
[  321.442281][ T3436] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.449492][ T3436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.491948][ T3436] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.499171][ T3436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.616988][T11637] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1757'.
[  321.790473][T11538] 8021q: adding VLAN 0 to HW filter on device batadv0
[  321.808883][T11643] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1758'.
[  321.851057][T11643] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1758'.
[  321.959168][T11538] veth0_vlan: entered promiscuous mode
[  322.007628][T11538] veth1_vlan: entered promiscuous mode
[  322.038084][T11651] lo speed is unknown, defaulting to 1000
[  322.083405][T11538] veth0_macvtap: entered promiscuous mode
[  322.105294][T11538] veth1_macvtap: entered promiscuous mode
[  322.111922][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1761'.
[  322.137686][T11538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.170986][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  322.181148][T11538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.192651][T11658] sctp: [Deprecated]: syz.0.1761 (pid 11658) Use of struct sctp_assoc_value in delayed_ack socket option.
[  322.192651][T11658] Use struct sctp_sack_info instead
[  322.204063][T11538] batman_adv: batadv0: Interface activated: batadv_slave_0
[  322.232923][T11538] batman_adv: batadv0: Interface activated: batadv_slave_1
[  322.276339][T11662] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1765'.
[  322.295297][T11538] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.316334][T11538] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  322.337963][T11538] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  322.362452][T11538] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  322.564686][ T3569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.591546][ T3569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.625197][ T6979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.657318][ T6979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.818066][T11670] ==================================================================
[  322.826272][T11670] BUG: KASAN: slab-use-after-free in cfusbl_device_notify+0x17e/0x5e0
[  322.834472][T11670] Read of size 8 at addr ffff888028750bf0 by task syz.3.1768/11670
[  322.842385][T11670] 
[  322.844739][T11670] CPU: 0 UID: 0 PID: 11670 Comm: syz.3.1768 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  322.855536][T11670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  322.865630][T11670] Call Trace:
[  322.868931][T11670]  <TASK>
[  322.871915][T11670]  dump_stack_lvl+0x241/0x360
[  322.876641][T11670]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.881922][T11670]  ? __pfx__printk+0x10/0x10
[  322.886557][T11670]  ? _printk+0xd5/0x120
[  322.890750][T11670]  ? __virt_addr_valid+0x183/0x530
[  322.895896][T11670]  ? __virt_addr_valid+0x183/0x530
[  322.901059][T11670]  print_report+0x169/0x550
[  322.905604][T11670]  ? __virt_addr_valid+0x183/0x530
[  322.910752][T11670]  ? __virt_addr_valid+0x183/0x530
[  322.915984][T11670]  ? __virt_addr_valid+0x45f/0x530
[  322.921129][T11670]  ? __phys_addr+0xba/0x170
[  322.925671][T11670]  ? cfusbl_device_notify+0x17e/0x5e0
[  322.931085][T11670]  kasan_report+0x143/0x180
[  322.935635][T11670]  ? cfusbl_device_notify+0x17e/0x5e0
[  322.941066][T11670]  cfusbl_device_notify+0x17e/0x5e0
[  322.946311][T11670]  ? __pfx_cfusbl_device_notify+0x10/0x10
[  322.952083][T11670]  ? __pfx_caif_device_notify+0x10/0x10
[  322.957670][T11670]  ? smc_pnet_netdev_event+0x38f/0x690
[  322.963174][T11670]  ? lockdep_rtnl_is_held+0x26/0x40
[  322.968530][T11670]  notifier_call_chain+0x19f/0x3e0
[  322.973695][T11670]  register_netdevice+0x1274/0x1b00
[  322.979039][T11670]  ? __pfx_register_netdevice+0x10/0x10
[  322.984638][T11670]  ? dev_addr_mod+0xbd/0x330
[  322.989264][T11670]  ? __asan_memset+0x23/0x50
[  322.993885][T11670]  register_netdev+0x3b/0x50
[  322.998512][T11670]  bnep_add_connection+0x823/0xd80
[  323.003678][T11670]  ? __pfx_bnep_add_connection+0x10/0x10
[  323.009365][T11670]  ? __fget_files+0x29/0x470
[  323.014186][T11670]  do_bnep_sock_ioctl+0x4f8/0x8d0
[  323.019259][T11670]  ? __pfx_do_bnep_sock_ioctl+0x10/0x10
[  323.024856][T11670]  ? tomoyo_path_number_perm+0x68d/0x880
[  323.030542][T11670]  sock_do_ioctl+0x158/0x460
[  323.035203][T11670]  ? __pfx_sock_do_ioctl+0x10/0x10
[  323.040364][T11670]  sock_ioctl+0x626/0x8e0
[  323.044736][T11670]  ? __pfx_sock_ioctl+0x10/0x10
[  323.049636][T11670]  ? __fget_files+0x29/0x470
[  323.054270][T11670]  ? __fget_files+0x3f3/0x470
[  323.059003][T11670]  ? __pfx_sock_ioctl+0x10/0x10
[  323.063895][T11670]  __se_sys_ioctl+0xf9/0x170
[  323.068517][T11670]  do_syscall_64+0xf3/0x230
[  323.073059][T11670]  ? clear_bhb_loop+0x35/0x90
[  323.077773][T11670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.083702][T11670] RIP: 0033:0x7f609a77e819
[  323.088149][T11670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.107880][T11670] RSP: 002b:00007f609b5c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  323.116339][T11670] RAX: ffffffffffffffda RBX: 00007f609a935fa0 RCX: 00007f609a77e819
[  323.124349][T11670] RDX: 00000000200000c0 RSI: 00000000400442c8 RDI: 000000000000000a
[  323.132354][T11670] RBP: 00007f609a7f175e R08: 0000000000000000 R09: 0000000000000000
[  323.140358][T11670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  323.148450][T11670] R13: 0000000000000000 R14: 00007f609a935fa0 R15: 00007fff01e907b8
[  323.156466][T11670]  </TASK>
[  323.159512][T11670] 
[  323.161862][T11670] Allocated by task 5854:
[  323.166220][T11670]  kasan_save_track+0x3f/0x80
[  323.170932][T11670]  __kasan_kmalloc+0x98/0xb0
[  323.175554][T11670]  __kmalloc_cache_noprof+0x19c/0x2c0
[  323.181063][T11670]  __hci_conn_add+0x2f9/0x1890
[  323.185882][T11670]  hci_conn_request_evt+0x5e8/0xdb0
[  323.191120][T11670]  hci_event_packet+0xac2/0x1540
[  323.196111][T11670]  hci_rx_work+0x3f3/0xdb0
[  323.200573][T11670]  process_scheduled_works+0xa63/0x1850
[  323.206179][T11670]  worker_thread+0x870/0xd30
[  323.210818][T11670]  kthread+0x2f0/0x390
[  323.214917][T11670]  ret_from_fork+0x4b/0x80
[  323.219485][T11670]  ret_from_fork_asm+0x1a/0x30
[  323.224295][T11670] 
[  323.226639][T11670] Freed by task 11538:
[  323.230722][T11670]  kasan_save_track+0x3f/0x80
[  323.235434][T11670]  kasan_save_free_info+0x40/0x50
[  323.240505][T11670]  __kasan_slab_free+0x59/0x70
[  323.245344][T11670]  kfree+0x1a0/0x440
[  323.249278][T11670]  device_release+0x99/0x1c0
[  323.253916][T11670]  kobject_put+0x22f/0x480
[  323.258375][T11670]  hci_conn_del+0x8c4/0xc40
[  323.261666][T11687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1773'.
[  323.262895][T11670]  hci_conn_hash_flush+0x18e/0x240
[  323.277054][T11670]  hci_dev_close_sync+0xa42/0x11c0
[  323.282195][T11670]  hci_unregister_dev+0x20b/0x510
[  323.287256][T11670]  vhci_release+0x80/0xd0
[  323.291621][T11670]  __fput+0x23f/0x880
[  323.295642][T11670]  task_work_run+0x24f/0x310
[  323.298078][T11687] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1773'.
[  323.300241][T11670]  do_exit+0xa2f/0x28e0
[  323.300268][T11670]  do_group_exit+0x207/0x2c0
[  323.300290][T11670]  __x64_sys_exit_group+0x3f/0x40
[  323.323115][T11670]  x64_sys_call+0x2634/0x2640
[  323.327824][T11670]  do_syscall_64+0xf3/0x230
[  323.332364][T11670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.338313][T11670] 
[  323.340675][T11670] Last potentially related work creation:
[  323.346586][T11670]  kasan_save_stack+0x3f/0x60
[  323.351316][T11670]  __kasan_record_aux_stack+0xac/0xc0
[  323.356732][T11670]  insert_work+0x3e/0x330
[  323.361096][T11670]  __queue_work+0xc8b/0xf50
[  323.365630][T11670]  queue_delayed_work_on+0x1ca/0x390
[  323.370950][T11670]  l2cap_chan_del+0x291/0x5d0
[  323.375659][T11670]  l2cap_conn_del+0x38a/0x690
[  323.380371][T11670]  hci_conn_hash_flush+0xff/0x240
[  323.385426][T11670]  hci_dev_close_sync+0xa42/0x11c0
[  323.390572][T11670]  hci_unregister_dev+0x20b/0x510
[  323.395636][T11670]  vhci_release+0x80/0xd0
[  323.400003][T11670]  __fput+0x23f/0x880
[  323.404028][T11670]  task_work_run+0x24f/0x310
[  323.408661][T11670]  do_exit+0xa2f/0x28e0
[  323.412849][T11670]  do_group_exit+0x207/0x2c0
[  323.417490][T11670]  __x64_sys_exit_group+0x3f/0x40
[  323.422550][T11670]  x64_sys_call+0x2634/0x2640
[  323.427257][T11670]  do_syscall_64+0xf3/0x230
[  323.431882][T11670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.437837][T11670] 
[  323.440181][T11670] The buggy address belongs to the object at ffff888028750000
[  323.440181][T11670]  which belongs to the cache kmalloc-8k of size 8192
[  323.454268][T11670] The buggy address is located 3056 bytes inside of
[  323.454268][T11670]  freed 8192-byte region [ffff888028750000, ffff888028752000)
[  323.468373][T11670] 
[  323.470718][T11670] The buggy address belongs to the physical page:
[  323.477170][T11670] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28750
[  323.486049][T11670] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  323.494574][T11670] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  323.502157][T11670] page_type: f5(slab)
[  323.506182][T11670] raw: 00fff00000000040 ffff88801ac42280 ffffea0001654000 dead000000000004
[  323.514819][T11670] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[  323.523435][T11670] head: 00fff00000000040 ffff88801ac42280 ffffea0001654000 dead000000000004
[  323.532136][T11670] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[  323.540836][T11670] head: 00fff00000000003 ffffea0000a1d401 ffffffffffffffff 0000000000000000
[  323.549538][T11670] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  323.558234][T11670] page dumped because: kasan: bad access detected
[  323.564682][T11670] page_owner tracks the page as allocated
[  323.570417][T11670] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11062, tgid 11062 (syz-executor), ts 294741751906, free_ts 294735221213
[  323.592167][T11670]  post_alloc_hook+0x1f3/0x230
[  323.596986][T11670]  get_page_from_freelist+0x3649/0x3790
[  323.602566][T11670]  __alloc_pages_noprof+0x292/0x710
[  323.607794][T11670]  alloc_pages_mpol_noprof+0x3e8/0x680
[  323.613282][T11670]  alloc_slab_page+0x6a/0x140
[  323.617984][T11670]  allocate_slab+0x5a/0x2f0
[  323.622529][T11670]  ___slab_alloc+0xcd1/0x14b0
[  323.627286][T11670]  __slab_alloc+0x58/0xa0
[  323.631675][T11670]  __kmalloc_node_noprof+0x286/0x440
[  323.637366][T11670]  __kvmalloc_node_noprof+0x72/0x190
[  323.642694][T11670]  wg_packet_queue_init+0x92/0x2f0
[  323.647843][T11670]  wg_newlink+0x2f5/0x640
[  323.652222][T11670]  rtnl_newlink_create+0x2df/0xa30
[  323.657375][T11670]  rtnl_newlink+0x17dd/0x24f0
[  323.662084][T11670]  rtnetlink_rcv_msg+0x791/0xcf0
[  323.667051][T11670]  netlink_rcv_skb+0x1e3/0x430
[  323.671852][T11670] page last free pid 5832 tgid 5832 stack trace:
[  323.678211][T11670]  free_unref_page+0xdf9/0x1140
[  323.683109][T11670]  __slab_free+0x31b/0x3d0
[  323.687561][T11670]  qlist_free_all+0x9a/0x140
[  323.692182][T11670]  kasan_quarantine_reduce+0x14f/0x170
[  323.697675][T11670]  __kasan_slab_alloc+0x23/0x80
[  323.702558][T11670]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  323.708490][T11670]  __alloc_skb+0x1c3/0x440
[  323.712950][T11670]  tcp_stream_alloc_skb+0x3d/0x310
[  323.718097][T11670]  tcp_sendmsg_locked+0xd96/0x4f30
[  323.723245][T11670]  tcp_sendmsg+0x30/0x50
[  323.727533][T11670]  __sock_sendmsg+0x1a6/0x270
[  323.732249][T11670]  sock_write_iter+0x2d7/0x3f0
[  323.737047][T11670]  vfs_write+0xaeb/0xd30
[  323.741334][T11670]  ksys_write+0x183/0x2b0
[  323.745688][T11670]  do_syscall_64+0xf3/0x230
[  323.750223][T11670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.756148][T11670] 
[  323.758494][T11670] Memory state around the buggy address:
[  323.764146][T11670]  ffff888028750a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  323.772238][T11670]  ffff888028750b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  323.780411][T11670] >ffff888028750b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  323.788482][T11670]                                                              ^
[  323.796207][T11670]  ffff888028750c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  323.804367][T11670]  ffff888028750c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  323.812460][T11670] ==================================================================
[  323.823855][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  323.832971][T11670] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  323.840217][T11670] CPU: 0 UID: 0 PID: 11670 Comm: syz.3.1768 Not tainted 6.12.0-rc7-syzkaller-01770-gdd7207838d38 #0
[  323.851014][T11670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  323.861106][T11670] Call Trace:
[  323.864398][T11670]  <TASK>
[  323.867350][T11670]  dump_stack_lvl+0x241/0x360
[  323.872050][T11670]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.877261][T11670]  ? __pfx__printk+0x10/0x10
[  323.881867][T11670]  ? preempt_schedule+0xe1/0xf0
[  323.886728][T11670]  ? vscnprintf+0x5d/0x90
[  323.891081][T11670]  panic+0x349/0x880
[  323.894997][T11670]  ? check_panic_on_warn+0x21/0xb0
[  323.900115][T11670]  ? __pfx_panic+0x10/0x10
[  323.904557][T11670]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  323.910568][T11670]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  323.916920][T11670]  ? print_report+0x502/0x550
[  323.921619][T11670]  check_panic_on_warn+0x86/0xb0
[  323.926572][T11670]  ? cfusbl_device_notify+0x17e/0x5e0
[  323.931968][T11670]  end_report+0x77/0x160
[  323.936226][T11670]  kasan_report+0x154/0x180
[  323.940749][T11670]  ? cfusbl_device_notify+0x17e/0x5e0
[  323.946150][T11670]  cfusbl_device_notify+0x17e/0x5e0
[  323.951382][T11670]  ? __pfx_cfusbl_device_notify+0x10/0x10
[  323.957119][T11670]  ? __pfx_caif_device_notify+0x10/0x10
[  323.962678][T11670]  ? smc_pnet_netdev_event+0x38f/0x690
[  323.968151][T11670]  ? lockdep_rtnl_is_held+0x26/0x40
[  323.973363][T11670]  notifier_call_chain+0x19f/0x3e0
[  323.978509][T11670]  register_netdevice+0x1274/0x1b00
[  323.983745][T11670]  ? __pfx_register_netdevice+0x10/0x10
[  323.989754][T11670]  ? dev_addr_mod+0xbd/0x330
[  323.994367][T11670]  ? __asan_memset+0x23/0x50
[  323.998970][T11670]  register_netdev+0x3b/0x50
[  324.003579][T11670]  bnep_add_connection+0x823/0xd80
[  324.008718][T11670]  ? __pfx_bnep_add_connection+0x10/0x10
[  324.014371][T11670]  ? __fget_files+0x29/0x470
[  324.018997][T11670]  do_bnep_sock_ioctl+0x4f8/0x8d0
[  324.024042][T11670]  ? __pfx_do_bnep_sock_ioctl+0x10/0x10
[  324.029612][T11670]  ? tomoyo_path_number_perm+0x68d/0x880
[  324.035264][T11670]  sock_do_ioctl+0x158/0x460
[  324.039880][T11670]  ? __pfx_sock_do_ioctl+0x10/0x10
[  324.045010][T11670]  sock_ioctl+0x626/0x8e0
[  324.049368][T11670]  ? __pfx_sock_ioctl+0x10/0x10
[  324.054241][T11670]  ? __fget_files+0x29/0x470
[  324.058850][T11670]  ? __fget_files+0x3f3/0x470
[  324.063548][T11670]  ? __pfx_sock_ioctl+0x10/0x10
[  324.068424][T11670]  __se_sys_ioctl+0xf9/0x170
[  324.073038][T11670]  do_syscall_64+0xf3/0x230
[  324.077560][T11670]  ? clear_bhb_loop+0x35/0x90
[  324.082247][T11670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.088154][T11670] RIP: 0033:0x7f609a77e819
[  324.092588][T11670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.112210][T11670] RSP: 002b:00007f609b5c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  324.120650][T11670] RAX: ffffffffffffffda RBX: 00007f609a935fa0 RCX: 00007f609a77e819
[  324.128621][T11670] RDX: 00000000200000c0 RSI: 00000000400442c8 RDI: 000000000000000a
[  324.136590][T11670] RBP: 00007f609a7f175e R08: 0000000000000000 R09: 0000000000000000
[  324.144563][T11670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.152538][T11670] R13: 0000000000000000 R14: 00007f609a935fa0 R15: 00007fff01e907b8
[  324.160521][T11670]  </TASK>
[  324.163910][T11670] Kernel Offset: disabled
[  324.168232][T11670] Rebooting in 86400 seconds..