last executing test programs:

56.218760985s ago: executing program 3 (id=395):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x2, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r5}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
close(r7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r8)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r8, r5, 0x4, r7}, 0x8)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252b00000005002b000100000005002e00b20000000c0005000201aaaaaaaaaaaa0800", @ANYRES32=r9], 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x850)
ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000280)=0x5, 0x4)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0xffffffffffffff01, 0x9})
mmap(&(0x7f00006a9000/0x2000)=nil, 0x2000, 0x1000005, 0x12, r0, 0xcd44a000)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r11)

55.954047981s ago: executing program 3 (id=400):
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0) (async)
unshare(0x62040200) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0xf, 0xffffffffffffffad)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x752, 0xc, 0x6, 0xfffffffe}, 0x10) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e22, 0xfffffffc, @loopback}, 0x1c) (async)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r4, 0x2) (async)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x63, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000078c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x9, 0xffff}, {0x6}}}, 0x5f}}, 0x0)

48.407440623s ago: executing program 3 (id=400):
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0) (async)
unshare(0x62040200) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0xf, 0xffffffffffffffad)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x752, 0xc, 0x6, 0xfffffffe}, 0x10) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e22, 0xfffffffc, @loopback}, 0x1c) (async)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r4, 0x2) (async)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x63, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000078c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x9, 0xffff}, {0x6}}}, 0x5f}}, 0x0)

38.738885844s ago: executing program 3 (id=400):
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0) (async)
unshare(0x62040200) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0xf, 0xffffffffffffffad)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x752, 0xc, 0x6, 0xfffffffe}, 0x10) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e22, 0xfffffffc, @loopback}, 0x1c) (async)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r4, 0x2) (async)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x63, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000078c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x9, 0xffff}, {0x6}}}, 0x5f}}, 0x0)

38.067128663s ago: executing program 2 (id=583):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x4000044)

37.877932478s ago: executing program 2 (id=586):
r0 = socket$inet(0x2, 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff}) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r2}, 0x10)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="02"], 0x10)
close(r4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x4, 0x1d, 0x7, 0x0, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x8000, 0x8000, 0x800, 0x7f}}) (async)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r8, r7, 0x2, 0x6, 0x4000, @void, @value}, 0x10) (async)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r10, 0x65, 0x7, &(0x7f00000001c0)=0x6, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r11=>0x0})
sendmsg$can_raw(r10, &(0x7f0000000180)={&(0x7f0000000000)={0x1d, r11}, 0x10, &(0x7f00000005c0)={&(0x7f00000004c0)=@canfd={{0x4, 0x0, 0x1, 0x1}, 0x30, 0x1, 0x0, 0x0, "d0b42dc65ceec3dc04b55fac90f1ef661c10c907085558b93a92bd42223b66c6c96850f45bb8ee79e61e023c39c66fd20ddea06d480df5fef431365eb2d103a8"}, 0x48}}, 0x48006)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @local, r11}, 0xc) (async)
r12 = socket$netlink(0x10, 0x3, 0x0)
writev(r12, &(0x7f00000003c0)=[{&(0x7f0000000600)="39000000130000010000005600000025000000190004000400000007fd17e5ffff082304000000000047ac006407c5b8b101e12ce140df6717bf26c67a3949ef72cab8b3efd9ad947853d1cbf0816fb3030389e6c68f7d347e1faddb91a03e184b6834a68a198d239381af536b63adf4d7ba6112c5715b9330b32dae92a1d3b23d5a2c2ec94cbdd724056f8df301b9c44bdbeaa3c1306193377152c530218f15d78587c611d165066335b6932251b17cc405fcfd29fda6b876bdb7e52a33f3a2e824fc207dcbe48939a83e1db42dcdc6f42ef4228c9055199bc011d358dc43570c589c60e016f56b98fb00", 0xeb}], 0x1) (async)
writev(r12, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) (async)
close(r0)

37.683461132s ago: executing program 2 (id=589):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac1414000000000000000000000000000000000000000000000000000000000000000000000400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x0)

37.546486414s ago: executing program 2 (id=590):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x300, 0x70bd2b, 0x2, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6erspan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008050}, 0x840)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000140)={'syztnl1\x00', <r3=>0x0, 0x10, 0x8000, 0x0, 0xc, {{0x16, 0x4, 0x2, 0x5, 0x58, 0x65, 0x0, 0x4, 0x2f, 0x0, @private=0xa010101, @loopback, {[@generic={0x44, 0x4, "d909"}, @rr={0x7, 0x2b, 0x90, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @multicast1, @private=0xa010102, @remote, @empty, @remote, @multicast2]}, @rr={0x7, 0x13, 0x51, [@local, @multicast2, @broadcast, @remote]}, @end]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000200)={'ip6_vti0\x00', r3, 0x4, 0x7, 0x4, 0x4, 0x38, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2, 0x10, 0x7, 0xff16, 0x7}})
recvmmsg(r2, &(0x7f0000003440)=[{{&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)=""/252, 0xfc}], 0x1, &(0x7f0000000480)=""/254, 0xfe}, 0x2}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000580)=""/104, 0x68}, {&(0x7f0000000600)=""/153, 0x99}, {&(0x7f00000006c0)=""/144, 0x90}, {&(0x7f0000000780)=""/225, 0xe1}, {&(0x7f0000000880)=""/182, 0xb6}, {&(0x7f0000000940)=""/11, 0xb}, {&(0x7f0000000980)=""/249, 0xf9}], 0x7, &(0x7f0000000b00)=""/136, 0x88}, 0x1}, {{&(0x7f0000000bc0)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000c40)=""/247, 0xf7}], 0x1, &(0x7f0000000d80)=""/240, 0xf0}, 0x6}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000002180)=[{&(0x7f0000000f00)=""/29, 0x1d}, {&(0x7f0000000f40)=""/62, 0x3e}, {&(0x7f0000000f80)=""/14, 0xe}, {&(0x7f0000000fc0)=""/122, 0x7a}, {&(0x7f0000001040)=""/164, 0xa4}, {&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f0000002100)=""/82, 0x52}], 0x7, &(0x7f0000002200)=""/200, 0xc8}, 0x5}, {{&(0x7f0000002300)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000002640)=[{&(0x7f0000002380)=""/95, 0x5f}, {&(0x7f0000002400)=""/240, 0xf0}, {&(0x7f0000002500)=""/173, 0xad}, {&(0x7f00000025c0)=""/16, 0x10}, {&(0x7f0000002600)=""/23, 0x17}], 0x5, &(0x7f00000026c0)=""/34, 0x22}}, {{&(0x7f0000002700)=@nfc, 0x80, &(0x7f0000002880)=[{&(0x7f0000002780)=""/235, 0xeb}], 0x1}, 0x3}, {{&(0x7f00000028c0)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002940)=""/182, 0xb6}, {&(0x7f0000002a00)=""/7, 0x7}, {&(0x7f0000002a40)=""/32, 0x20}, {&(0x7f0000002a80)=""/80, 0x50}, {&(0x7f0000002b00)=""/168, 0xa8}], 0x5, &(0x7f0000002c40)=""/13, 0xd}, 0x9}, {{&(0x7f0000002c80)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000003340)=[{&(0x7f0000002d00)=""/165, 0xa5}, {&(0x7f0000002dc0)=""/220, 0xdc}, {&(0x7f0000002ec0)=""/99, 0x63}, {&(0x7f0000002f40)=""/197, 0xc5}, {&(0x7f0000003040)=""/240, 0xf0}, {&(0x7f0000003140)=""/186, 0xba}, {&(0x7f0000003200)=""/187, 0xbb}, {&(0x7f00000032c0)=""/70, 0x46}], 0x8, &(0x7f00000033c0)=""/73, 0x49}, 0x40}], 0x8, 0x2022, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000003640)=<r6=>0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000003680)={{{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@remote, 0x4e24, 0x5, 0x4e21, 0x6, 0x8, 0x80, 0x0, 0x3b, 0x0, r6}, {0x9, 0xa, 0x400000000000000, 0x101, 0xef, 0xc, 0x7fff, 0x1}, {0x7fff, 0x2, 0x10000000000000, 0x5}, 0x1, 0x0, 0x2, 0x0, 0x1, 0x2}, {{@in=@remote, 0x4d6, 0xae}, 0xa, @in6=@mcast2, 0x3507, 0x3, 0x2, 0xff, 0x8, 0x5, 0x5}}, 0xe8)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000003780))
sendmsg$nl_route(r4, &(0x7f0000003880)={&(0x7f00000037c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003840)={&(0x7f0000003800)=@ipv6_deladdrlabel={0x40, 0x49, 0x400, 0x70bd2c, 0x25dfdbfe, {0xa, 0x0, 0x78, 0x0, r3, 0x2}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @private0}, @IFAL_LABEL={0x8, 0x2, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r7 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000003900), r5)
sendmsg$NLBL_CALIPSO_C_LISTALL(r5, &(0x7f00000039c0)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003980)={&(0x7f0000003940)={0x14, r7, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000003a00)=[@in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e24, 0x58a, @private0, 0x7fffffff}, @in6={0xa, 0x4e21, 0x6, @mcast1, 0x1}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x9}, @in6={0xa, 0x4e23, 0x495, @mcast1, 0xe1200000}, @in6={0xa, 0x4e24, 0x6, @remote, 0x9}, @in6={0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x32}, 0x400}, @in={0x2, 0x4e24, @rand_addr=0x64010101}], 0xc8)
r9 = socket(0x11, 0x3, 0x8)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000003b00)=@assoc_value, &(0x7f0000003b40)=0x8)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003b80)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r10, &(0x7f0000003bc0)='syz1\x00', 0x1ff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003c00)={<r11=>0xffffffffffffffff})
r12 = accept4(r11, &(0x7f0000003c40)=@hci, &(0x7f0000003cc0)=0x80, 0x800)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r12, 0x6, 0x14, &(0x7f0000003d00), 0x4)
recvmsg$can_raw(r12, &(0x7f0000005100)={&(0x7f0000003d40)=@pppol2tp={0x18, 0x1, {0x0, <r13=>0xffffffffffffffff}}, 0x80, &(0x7f0000004f80)=[{&(0x7f0000003dc0)=""/4096, 0x1000}, {&(0x7f0000004dc0)=""/79, 0x4f}, {&(0x7f0000004e40)=""/25, 0x19}, {&(0x7f0000004e80)=""/174, 0xae}, {&(0x7f0000004f40)=""/36, 0x24}], 0x5, &(0x7f0000005000)=""/214, 0xd6}, 0x40)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000005180), r5)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r14, &(0x7f0000005280)={&(0x7f0000005140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000005240)={&(0x7f00000051c0)={0x54, r15, 0x804, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x34}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x4000004)
r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000005300), r14)
sendmsg$NBD_CMD_CONNECT(r14, &(0x7f0000005540)={&(0x7f00000052c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000005500)={&(0x7f0000005440)={0xbc, r16, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}]}, @NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000040}, 0x20040801)

24.275014115s ago: executing program 3 (id=400):
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0) (async)
unshare(0x62040200) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0xf, 0xffffffffffffffad)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x752, 0xc, 0x6, 0xfffffffe}, 0x10) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e22, 0xfffffffc, @loopback}, 0x1c) (async)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r4, 0x2) (async)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x63, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000078c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x9, 0xffff}, {0x6}}}, 0x5f}}, 0x0)

23.476225845s ago: executing program 2 (id=590):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x300, 0x70bd2b, 0x2, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6erspan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008050}, 0x840)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000140)={'syztnl1\x00', <r3=>0x0, 0x10, 0x8000, 0x0, 0xc, {{0x16, 0x4, 0x2, 0x5, 0x58, 0x65, 0x0, 0x4, 0x2f, 0x0, @private=0xa010101, @loopback, {[@generic={0x44, 0x4, "d909"}, @rr={0x7, 0x2b, 0x90, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @multicast1, @private=0xa010102, @remote, @empty, @remote, @multicast2]}, @rr={0x7, 0x13, 0x51, [@local, @multicast2, @broadcast, @remote]}, @end]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000200)={'ip6_vti0\x00', r3, 0x4, 0x7, 0x4, 0x4, 0x38, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2, 0x10, 0x7, 0xff16, 0x7}})
recvmmsg(r2, &(0x7f0000003440)=[{{&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)=""/252, 0xfc}], 0x1, &(0x7f0000000480)=""/254, 0xfe}, 0x2}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000580)=""/104, 0x68}, {&(0x7f0000000600)=""/153, 0x99}, {&(0x7f00000006c0)=""/144, 0x90}, {&(0x7f0000000780)=""/225, 0xe1}, {&(0x7f0000000880)=""/182, 0xb6}, {&(0x7f0000000940)=""/11, 0xb}, {&(0x7f0000000980)=""/249, 0xf9}], 0x7, &(0x7f0000000b00)=""/136, 0x88}, 0x1}, {{&(0x7f0000000bc0)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000c40)=""/247, 0xf7}], 0x1, &(0x7f0000000d80)=""/240, 0xf0}, 0x6}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000002180)=[{&(0x7f0000000f00)=""/29, 0x1d}, {&(0x7f0000000f40)=""/62, 0x3e}, {&(0x7f0000000f80)=""/14, 0xe}, {&(0x7f0000000fc0)=""/122, 0x7a}, {&(0x7f0000001040)=""/164, 0xa4}, {&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f0000002100)=""/82, 0x52}], 0x7, &(0x7f0000002200)=""/200, 0xc8}, 0x5}, {{&(0x7f0000002300)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000002640)=[{&(0x7f0000002380)=""/95, 0x5f}, {&(0x7f0000002400)=""/240, 0xf0}, {&(0x7f0000002500)=""/173, 0xad}, {&(0x7f00000025c0)=""/16, 0x10}, {&(0x7f0000002600)=""/23, 0x17}], 0x5, &(0x7f00000026c0)=""/34, 0x22}}, {{&(0x7f0000002700)=@nfc, 0x80, &(0x7f0000002880)=[{&(0x7f0000002780)=""/235, 0xeb}], 0x1}, 0x3}, {{&(0x7f00000028c0)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002940)=""/182, 0xb6}, {&(0x7f0000002a00)=""/7, 0x7}, {&(0x7f0000002a40)=""/32, 0x20}, {&(0x7f0000002a80)=""/80, 0x50}, {&(0x7f0000002b00)=""/168, 0xa8}], 0x5, &(0x7f0000002c40)=""/13, 0xd}, 0x9}, {{&(0x7f0000002c80)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000003340)=[{&(0x7f0000002d00)=""/165, 0xa5}, {&(0x7f0000002dc0)=""/220, 0xdc}, {&(0x7f0000002ec0)=""/99, 0x63}, {&(0x7f0000002f40)=""/197, 0xc5}, {&(0x7f0000003040)=""/240, 0xf0}, {&(0x7f0000003140)=""/186, 0xba}, {&(0x7f0000003200)=""/187, 0xbb}, {&(0x7f00000032c0)=""/70, 0x46}], 0x8, &(0x7f00000033c0)=""/73, 0x49}, 0x40}], 0x8, 0x2022, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000003640)=<r6=>0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000003680)={{{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@remote, 0x4e24, 0x5, 0x4e21, 0x6, 0x8, 0x80, 0x0, 0x3b, 0x0, r6}, {0x9, 0xa, 0x400000000000000, 0x101, 0xef, 0xc, 0x7fff, 0x1}, {0x7fff, 0x2, 0x10000000000000, 0x5}, 0x1, 0x0, 0x2, 0x0, 0x1, 0x2}, {{@in=@remote, 0x4d6, 0xae}, 0xa, @in6=@mcast2, 0x3507, 0x3, 0x2, 0xff, 0x8, 0x5, 0x5}}, 0xe8)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000003780))
sendmsg$nl_route(r4, &(0x7f0000003880)={&(0x7f00000037c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003840)={&(0x7f0000003800)=@ipv6_deladdrlabel={0x40, 0x49, 0x400, 0x70bd2c, 0x25dfdbfe, {0xa, 0x0, 0x78, 0x0, r3, 0x2}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @private0}, @IFAL_LABEL={0x8, 0x2, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r7 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000003900), r5)
sendmsg$NLBL_CALIPSO_C_LISTALL(r5, &(0x7f00000039c0)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003980)={&(0x7f0000003940)={0x14, r7, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000003a00)=[@in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e24, 0x58a, @private0, 0x7fffffff}, @in6={0xa, 0x4e21, 0x6, @mcast1, 0x1}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x9}, @in6={0xa, 0x4e23, 0x495, @mcast1, 0xe1200000}, @in6={0xa, 0x4e24, 0x6, @remote, 0x9}, @in6={0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x32}, 0x400}, @in={0x2, 0x4e24, @rand_addr=0x64010101}], 0xc8)
r9 = socket(0x11, 0x3, 0x8)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000003b00)=@assoc_value, &(0x7f0000003b40)=0x8)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003b80)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r10, &(0x7f0000003bc0)='syz1\x00', 0x1ff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003c00)={<r11=>0xffffffffffffffff})
r12 = accept4(r11, &(0x7f0000003c40)=@hci, &(0x7f0000003cc0)=0x80, 0x800)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r12, 0x6, 0x14, &(0x7f0000003d00), 0x4)
recvmsg$can_raw(r12, &(0x7f0000005100)={&(0x7f0000003d40)=@pppol2tp={0x18, 0x1, {0x0, <r13=>0xffffffffffffffff}}, 0x80, &(0x7f0000004f80)=[{&(0x7f0000003dc0)=""/4096, 0x1000}, {&(0x7f0000004dc0)=""/79, 0x4f}, {&(0x7f0000004e40)=""/25, 0x19}, {&(0x7f0000004e80)=""/174, 0xae}, {&(0x7f0000004f40)=""/36, 0x24}], 0x5, &(0x7f0000005000)=""/214, 0xd6}, 0x40)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000005180), r5)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r14, &(0x7f0000005280)={&(0x7f0000005140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000005240)={&(0x7f00000051c0)={0x54, r15, 0x804, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x34}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x4000004)
r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000005300), r14)
sendmsg$NBD_CMD_CONNECT(r14, &(0x7f0000005540)={&(0x7f00000052c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000005500)={&(0x7f0000005440)={0xbc, r16, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}]}, @NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000040}, 0x20040801)

9.118585208s ago: executing program 2 (id=590):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x300, 0x70bd2b, 0x2, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6erspan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008050}, 0x840)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl2\x00', &(0x7f0000000140)={'syztnl1\x00', <r3=>0x0, 0x10, 0x8000, 0x0, 0xc, {{0x16, 0x4, 0x2, 0x5, 0x58, 0x65, 0x0, 0x4, 0x2f, 0x0, @private=0xa010101, @loopback, {[@generic={0x44, 0x4, "d909"}, @rr={0x7, 0x2b, 0x90, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @multicast1, @private=0xa010102, @remote, @empty, @remote, @multicast2]}, @rr={0x7, 0x13, 0x51, [@local, @multicast2, @broadcast, @remote]}, @end]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000200)={'ip6_vti0\x00', r3, 0x4, 0x7, 0x4, 0x4, 0x38, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2, 0x10, 0x7, 0xff16, 0x7}})
recvmmsg(r2, &(0x7f0000003440)=[{{&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)=""/252, 0xfc}], 0x1, &(0x7f0000000480)=""/254, 0xfe}, 0x2}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000580)=""/104, 0x68}, {&(0x7f0000000600)=""/153, 0x99}, {&(0x7f00000006c0)=""/144, 0x90}, {&(0x7f0000000780)=""/225, 0xe1}, {&(0x7f0000000880)=""/182, 0xb6}, {&(0x7f0000000940)=""/11, 0xb}, {&(0x7f0000000980)=""/249, 0xf9}], 0x7, &(0x7f0000000b00)=""/136, 0x88}, 0x1}, {{&(0x7f0000000bc0)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000c40)=""/247, 0xf7}], 0x1, &(0x7f0000000d80)=""/240, 0xf0}, 0x6}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000002180)=[{&(0x7f0000000f00)=""/29, 0x1d}, {&(0x7f0000000f40)=""/62, 0x3e}, {&(0x7f0000000f80)=""/14, 0xe}, {&(0x7f0000000fc0)=""/122, 0x7a}, {&(0x7f0000001040)=""/164, 0xa4}, {&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f0000002100)=""/82, 0x52}], 0x7, &(0x7f0000002200)=""/200, 0xc8}, 0x5}, {{&(0x7f0000002300)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000002640)=[{&(0x7f0000002380)=""/95, 0x5f}, {&(0x7f0000002400)=""/240, 0xf0}, {&(0x7f0000002500)=""/173, 0xad}, {&(0x7f00000025c0)=""/16, 0x10}, {&(0x7f0000002600)=""/23, 0x17}], 0x5, &(0x7f00000026c0)=""/34, 0x22}}, {{&(0x7f0000002700)=@nfc, 0x80, &(0x7f0000002880)=[{&(0x7f0000002780)=""/235, 0xeb}], 0x1}, 0x3}, {{&(0x7f00000028c0)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002940)=""/182, 0xb6}, {&(0x7f0000002a00)=""/7, 0x7}, {&(0x7f0000002a40)=""/32, 0x20}, {&(0x7f0000002a80)=""/80, 0x50}, {&(0x7f0000002b00)=""/168, 0xa8}], 0x5, &(0x7f0000002c40)=""/13, 0xd}, 0x9}, {{&(0x7f0000002c80)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000003340)=[{&(0x7f0000002d00)=""/165, 0xa5}, {&(0x7f0000002dc0)=""/220, 0xdc}, {&(0x7f0000002ec0)=""/99, 0x63}, {&(0x7f0000002f40)=""/197, 0xc5}, {&(0x7f0000003040)=""/240, 0xf0}, {&(0x7f0000003140)=""/186, 0xba}, {&(0x7f0000003200)=""/187, 0xbb}, {&(0x7f00000032c0)=""/70, 0x46}], 0x8, &(0x7f00000033c0)=""/73, 0x49}, 0x40}], 0x8, 0x2022, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000003640)=<r6=>0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000003680)={{{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@remote, 0x4e24, 0x5, 0x4e21, 0x6, 0x8, 0x80, 0x0, 0x3b, 0x0, r6}, {0x9, 0xa, 0x400000000000000, 0x101, 0xef, 0xc, 0x7fff, 0x1}, {0x7fff, 0x2, 0x10000000000000, 0x5}, 0x1, 0x0, 0x2, 0x0, 0x1, 0x2}, {{@in=@remote, 0x4d6, 0xae}, 0xa, @in6=@mcast2, 0x3507, 0x3, 0x2, 0xff, 0x8, 0x5, 0x5}}, 0xe8)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000003780))
sendmsg$nl_route(r4, &(0x7f0000003880)={&(0x7f00000037c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003840)={&(0x7f0000003800)=@ipv6_deladdrlabel={0x40, 0x49, 0x400, 0x70bd2c, 0x25dfdbfe, {0xa, 0x0, 0x78, 0x0, r3, 0x2}, [@IFAL_LABEL={0x8, 0x2, 0x6}, @IFAL_ADDRESS={0x14, 0x1, @private0}, @IFAL_LABEL={0x8, 0x2, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r7 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000003900), r5)
sendmsg$NLBL_CALIPSO_C_LISTALL(r5, &(0x7f00000039c0)={&(0x7f00000038c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000003980)={&(0x7f0000003940)={0x14, r7, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000003a00)=[@in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e24, 0x58a, @private0, 0x7fffffff}, @in6={0xa, 0x4e21, 0x6, @mcast1, 0x1}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x9}, @in6={0xa, 0x4e23, 0x495, @mcast1, 0xe1200000}, @in6={0xa, 0x4e24, 0x6, @remote, 0x9}, @in6={0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, '\x00', 0x32}, 0x400}, @in={0x2, 0x4e24, @rand_addr=0x64010101}], 0xc8)
r9 = socket(0x11, 0x3, 0x8)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000003b00)=@assoc_value, &(0x7f0000003b40)=0x8)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000003b80)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r10, &(0x7f0000003bc0)='syz1\x00', 0x1ff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003c00)={<r11=>0xffffffffffffffff})
r12 = accept4(r11, &(0x7f0000003c40)=@hci, &(0x7f0000003cc0)=0x80, 0x800)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r12, 0x6, 0x14, &(0x7f0000003d00), 0x4)
recvmsg$can_raw(r12, &(0x7f0000005100)={&(0x7f0000003d40)=@pppol2tp={0x18, 0x1, {0x0, <r13=>0xffffffffffffffff}}, 0x80, &(0x7f0000004f80)=[{&(0x7f0000003dc0)=""/4096, 0x1000}, {&(0x7f0000004dc0)=""/79, 0x4f}, {&(0x7f0000004e40)=""/25, 0x19}, {&(0x7f0000004e80)=""/174, 0xae}, {&(0x7f0000004f40)=""/36, 0x24}], 0x5, &(0x7f0000005000)=""/214, 0xd6}, 0x40)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000005180), r5)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r14, &(0x7f0000005280)={&(0x7f0000005140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000005240)={&(0x7f00000051c0)={0x54, r15, 0x804, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x34}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x4000004)
r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000005300), r14)
sendmsg$NBD_CMD_CONNECT(r14, &(0x7f0000005540)={&(0x7f00000052c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000005500)={&(0x7f0000005440)={0xbc, r16, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}]}, @NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r13}, {0x8, 0x1, r13}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8, 0x1, r12}, {0x8}, {0x8, 0x1, r11}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000040}, 0x20040801)

8.867673485s ago: executing program 3 (id=400):
r0 = socket$netlink(0x10, 0x3, 0xa)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r2, 0x0, 0x0) (async)
unshare(0x62040200) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0xf, 0xffffffffffffffad)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req={0x752, 0xc, 0x6, 0xfffffffe}, 0x10) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@generic={0x0, 0x0, 0x10}, 0x18)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e22, 0xfffffffc, @loopback}, 0x1c) (async)
r5 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000040)=@ethtool_ts_info={0x15, 0x12}})
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
shutdown(r4, 0x2) (async)
bind$bt_l2cap(r1, &(0x7f0000000000), 0xe)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r8, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x63, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xfff1, 0xffff}, {0xfff3}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000078c0)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x2}, {0x9, 0xffff}, {0x6}}}, 0x5f}}, 0x0)

4.195527616s ago: executing program 1 (id=799):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x700}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0x500}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.06484633s ago: executing program 1 (id=802):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'nq\x00', 0x24, 0x1000, 0x62}, 0x2c)
getsockname$netrom(r0, 0x0, &(0x7f0000001280)) (async)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

3.967294024s ago: executing program 1 (id=803):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x7b, &(0x7f0000000000)=@assoc_value, &(0x7f0000000080)=0x8)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="67d8908a807d9e246743bff362e38a733b2400aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea417", 0x46}, {0x0}], 0x2, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
sendmsg$can_bcm(r0, 0x0, 0x20000010)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r6, 0x401054d5, &(0x7f0000000480)={0x2, &(0x7f00000004c0)=[{0x2c}, {0x6}]})
close(r0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4)
sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
close(r7)

3.71670817s ago: executing program 4 (id=806):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @local, 0x1}, 0x1c)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0x5a, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f0000000280), &(0x7f0000000380), 0x8, 0x26, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r6 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
socket$packet(0x11, 0xa, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'wg0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
shutdown(r1, 0x0)
setsockopt$inet_udp_encap(r5, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f00000019c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x1c, 0x0, @opaque="5fb31c3f9a6150adddabcd3899c9792cdd100477"}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="f718110000000009000000000000009ceb171800", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085100000f5ffffffbf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.61710569s ago: executing program 4 (id=808):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x183081, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c"], 0x140)

2.879781599s ago: executing program 0 (id=816):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000580)="b9fe030768045c8c989a14f088a8657986dd", 0x0, 0x9e, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

2.821971049s ago: executing program 0 (id=817):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20040010)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x183081, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c"], 0x66)

958.936601ms ago: executing program 4 (id=818):
r0 = socket$kcm(0xa, 0x3, 0x87)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0xee3, @mcast2, 0xc501, 0xfffffffc}, 0x80, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000100)="cfef", 0x2}], 0x2}, 0x24048040)

958.473642ms ago: executing program 1 (id=819):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
close(r3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

947.469619ms ago: executing program 0 (id=820):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x5, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x3}]}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x31, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)

893.560575ms ago: executing program 4 (id=821):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x4, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0x2}]}, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

767.030781ms ago: executing program 4 (id=822):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'geneve0\x00', @broadcast})

766.674774ms ago: executing program 1 (id=823):
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000100), 0x120)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000100000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
close(r0)

766.440695ms ago: executing program 0 (id=824):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x0)

656.49598ms ago: executing program 0 (id=825):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e120900400000000401a80016000a0004400a08", 0x3a}], 0x1}, 0x4)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09e8fe55a10a00", 0x1e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b904020000", 0x13}], 0x1}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)

622.591512ms ago: executing program 4 (id=826):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2594f90d24fc60", 0x14}], 0x1}, 0x0)

458.04391ms ago: executing program 0 (id=827):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'veth1_to_hsr\x00', 0x5})

0s ago: executing program 1 (id=828):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000b40)=ANY=[@ANYBLOB="180200000000000000000000000e00008500000017000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

kernel console output (not intermixed with test programs):

313067][ T6250] __nla_validate_parse: 1 callbacks suppressed
[   74.313085][ T6250] netlink: 132 bytes leftover after parsing attributes in process `syz.3.96'.
[   74.847202][ T6275] sctp: [Deprecated]: syz.2.102 (pid 6275) Use of int in max_burst socket option.
[   74.847202][ T6275] Use struct sctp_assoc_value instead
[   74.881912][ T6275] netlink: 'syz.2.102': attribute type 10 has an invalid length.
[   74.903877][ T6275] veth0_vlan: left promiscuous mode
[   74.906610][ T6277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.106'.
[   74.928529][ T6275] veth0_vlan: entered promiscuous mode
[   74.970522][ T6275] team0: Device veth0_vlan failed to register rx_handler
[   75.049490][ T6285] netlink: 84 bytes leftover after parsing attributes in process `syz.4.108'.
[   75.571972][ T6306] netlink: 40 bytes leftover after parsing attributes in process `syz.1.117'.
[   75.596791][ T6306] netlink: 48 bytes leftover after parsing attributes in process `syz.1.117'.
[   75.649262][ T6311] FAULT_INJECTION: forcing a failure.
[   75.649262][ T6311] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   75.675007][ T6311] CPU: 1 UID: 0 PID: 6311 Comm: syz.4.119 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[   75.675033][ T6311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   75.675046][ T6311] Call Trace:
[   75.675051][ T6311]  <TASK>
[   75.675058][ T6311]  dump_stack_lvl+0x241/0x360
[   75.675091][ T6311]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.675108][ T6311]  ? __pfx__printk+0x10/0x10
[   75.675124][ T6311]  ? __pfx_lock_release+0x10/0x10
[   75.675154][ T6311]  should_fail_ex+0x40a/0x550
[   75.675184][ T6311]  _copy_from_user+0x2d/0xb0
[   75.675204][ T6311]  __sys_bpf+0x1be/0x820
[   75.675227][ T6311]  ? __pfx___sys_bpf+0x10/0x10
[   75.675259][ T6311]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   75.675282][ T6311]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   75.675305][ T6311]  ? do_syscall_64+0x100/0x230
[   75.675329][ T6311]  __x64_sys_bpf+0x7c/0x90
[   75.675348][ T6311]  do_syscall_64+0xf3/0x230
[   75.675367][ T6311]  ? clear_bhb_loop+0x35/0x90
[   75.675396][ T6311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.675419][ T6311] RIP: 0033:0x7ff9d8b8d169
[   75.675437][ T6311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.675450][ T6311] RSP: 002b:00007ff9d69f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   75.675468][ T6311] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8d169
[   75.675480][ T6311] RDX: 0000000000000094 RSI: 0000400000000440 RDI: 0000000000000005
[   75.675490][ T6311] RBP: 00007ff9d69f6090 R08: 0000000000000000 R09: 0000000000000000
[   75.675500][ T6311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.675510][ T6311] R13: 0000000000000001 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[   75.675532][ T6311]  </TASK>
[   76.510964][ T6345] sctp: [Deprecated]: syz.4.128 (pid 6345) Use of int in max_burst socket option.
[   76.510964][ T6345] Use struct sctp_assoc_value instead
[   76.537431][ T6345] netlink: 'syz.4.128': attribute type 10 has an invalid length.
[   76.546324][ T6345] veth0_vlan: left promiscuous mode
[   76.553622][ T6345] veth0_vlan: entered promiscuous mode
[   76.562168][ T6345] team0: Device veth0_vlan failed to register rx_handler
[   77.565128][ T6375] sctp: [Deprecated]: syz.1.139 (pid 6375) Use of int in max_burst socket option.
[   77.565128][ T6375] Use struct sctp_assoc_value instead
[   77.817868][ T6368] team0 (unregistering): Port device team_slave_0 removed
[   77.827560][ T6368] team0 (unregistering): Port device team_slave_1 removed
[   77.870201][ T6381] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'.
[   77.884613][ T6381] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'.
[   78.241739][ T6407] sctp: [Deprecated]: syz.1.146 (pid 6407) Use of int in max_burst socket option.
[   78.241739][ T6407] Use struct sctp_assoc_value instead
[   78.262284][ T6407] netlink: 'syz.1.146': attribute type 10 has an invalid length.
[   78.271088][ T6407] veth0_vlan: left promiscuous mode
[   78.287743][ T6407] veth0_vlan: entered promiscuous mode
[   78.297486][ T6407] team0: Device veth0_vlan failed to register rx_handler
[   78.661836][ T6418] netlink: 34 bytes leftover after parsing attributes in process `syz.2.152'.
[   78.666095][   T54] Bluetooth: hci4: command 0x0405 tx timeout
[   78.970375][ T6429] netlink: 'syz.2.155': attribute type 9 has an invalid length.
[   78.982634][ T6429] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.155'.
[   79.124008][ T6424] lo speed is unknown, defaulting to 1000
[   79.154009][ T6428] lo speed is unknown, defaulting to 1000
[   79.236663][ T6434] Cannot find set identified by id 0 to match
[   79.242953][ T6433] Cannot find set identified by id 0 to match
[   80.069164][ T6475] sctp: [Deprecated]: syz.3.167 (pid 6475) Use of int in max_burst socket option.
[   80.069164][ T6475] Use struct sctp_assoc_value instead
[   80.118401][ T6475] netlink: 'syz.3.167': attribute type 10 has an invalid length.
[   80.136803][ T6475] veth0_vlan: left promiscuous mode
[   80.145509][ T6475] veth0_vlan: entered promiscuous mode
[   80.157576][ T6475] team0: Device veth0_vlan failed to register rx_handler
[   80.320068][ T6484] netlink: 16 bytes leftover after parsing attributes in process `syz.2.173'.
[   80.334473][ T6480] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.383665][ T6482] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[   80.400763][ T6482] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[   80.525405][ T6480] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.595369][ T6494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'.
[   80.617042][ T6494] netlink: 'syz.1.177': attribute type 3 has an invalid length.
[   80.701466][ T6495] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[   80.774922][ T6480] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.953056][ T6495] netlink: 20 bytes leftover after parsing attributes in process `syz.2.175'.
[   81.046234][ T6480] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.243360][ T6480] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.308297][ T6480] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.368842][ T6480] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.416567][ T6480] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.567661][ T6537] netlink: 12 bytes leftover after parsing attributes in process `syz.3.188'.
[   81.595795][ T6537] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   81.631552][ T6537] netlink: 84 bytes leftover after parsing attributes in process `syz.3.188'.
[   81.770683][ T6551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.193'.
[   81.842425][ T6553] lo speed is unknown, defaulting to 1000
[   81.920010][ T6559] trusted_key: syz.3.195 sent an empty control message without MSG_MORE.
[   81.962731][ T1916] cfg80211: failed to load regulatory.db
[   81.981969][ T6560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.195'.
[   81.991352][ T6559] netlink: 8 bytes leftover after parsing attributes in process `syz.3.195'.
[   82.037983][ T6567] netlink: 44 bytes leftover after parsing attributes in process `syz.0.198'.
[   82.352010][ T6569] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.433006][ T6585] syzkaller1: entered promiscuous mode
[   82.444243][ T6585] syzkaller1: entered allmulticast mode
[   82.459662][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.204'.
[   82.479416][ T6585] Bluetooth: MGMT ver 1.23
[   82.863764][ T6601] pim6reg: tun_chr_ioctl cmd 1074025677
[   82.870058][ T6601] pim6reg: linktype set to 821
[   83.683686][ T6652] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   83.691333][ T6652] IPv6: NLM_F_CREATE should be set when creating new route
[   83.759266][ T6652] lo speed is unknown, defaulting to 1000
[   84.416593][ T6682] lo speed is unknown, defaulting to 1000
[   84.853849][ T6701] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20001
[   85.426827][ T6734] __nla_validate_parse: 57 callbacks suppressed
[   85.426845][ T6734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.252'.
[   85.473969][ T6734] netlink: 52 bytes leftover after parsing attributes in process `syz.4.252'.
[   85.560323][ T6741] unsupported nla_type 33050
[   85.696968][ T6749] netlink: 16 bytes leftover after parsing attributes in process `syz.4.259'.
[   85.846517][ T6763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.262'.
[   85.961896][ T6768] tls_set_device_offload: netdev not found
[   86.059146][ T6776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.265'.
[   86.069310][ T6763] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.084132][ T6778] x_tables: duplicate underflow at hook 3
[   86.499155][ T6798] netlink: 16 bytes leftover after parsing attributes in process `syz.0.275'.
[   86.532718][ T6763] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.600191][ T6802] netlink: 28 bytes leftover after parsing attributes in process `syz.2.276'.
[   86.621523][ T6802] netlink: 28 bytes leftover after parsing attributes in process `syz.2.276'.
[   86.704788][ T6763] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.818205][ T6763] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.827854][ T6817] netlink: 'syz.3.280': attribute type 1 has an invalid length.
[   86.861865][ T6817] bond1: entered promiscuous mode
[   86.879093][ T6817] 8021q: adding VLAN 0 to HW filter on device bond1
[   86.907232][ T6817] netlink: 3 bytes leftover after parsing attributes in process `syz.3.280'.
[   86.921296][ T6817] batadv1: entered promiscuous mode
[   86.926732][ T6817] batadv1: entered allmulticast mode
[   86.935486][ T6817] 8021q: adding VLAN 0 to HW filter on device batadv1
[   86.945559][ T6817] bond1: (slave batadv1): making interface the new active one
[   86.954520][ T6817] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   87.043641][ T6763] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.091162][ T6763] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.114010][ T6821] netlink: 48 bytes leftover after parsing attributes in process `syz.3.280'.
[   87.127127][ T6763] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.161902][ T6763] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.280349][ T6828] netlink: 'syz.4.282': attribute type 10 has an invalid length.
[   87.532956][ T6828] infiniband syz1: set down
[   87.537944][ T6828] infiniband syz1: added team_slave_0
[   87.577196][ T6828] RDS/IB: syz1: added
[   87.581942][ T6828] smc: adding ib device syz1 with port count 1
[   87.590515][ T6828] smc:    ib device syz1 port 1 has pnetid 
[   87.835436][ T6851] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.843005][ T6851] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.988403][ T6851] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.004763][ T6851] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.059038][ T6851] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.068303][ T6851] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.080325][ T6851] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.089415][ T6851] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.171865][ T5878] lo speed is unknown, defaulting to 1000
[   88.180576][ T6858] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[   88.574947][ T6874] tipc: Started in network mode
[   88.580344][ T6874] tipc: Node identity ac14142f, cluster identity 4711
[   88.592172][ T6874] tipc: New replicast peer: 0.0.0.0
[   88.623290][ T6874] tipc: Enabled bearer <udp:syz2>, priority 10
[   89.223968][ T6900] sctp: [Deprecated]: syz.4.302 (pid 6900) Use of int in max_burst socket option.
[   89.223968][ T6900] Use struct sctp_assoc_value instead
[   89.280117][ T6900] netlink: 'syz.4.302': attribute type 10 has an invalid length.
[   89.365266][ T6904] netlink: 'syz.1.306': attribute type 2 has an invalid length.
[   89.663104][ T6914] netlink: 'syz.3.310': attribute type 4 has an invalid length.
[   89.706517][ T6914] netlink: 'syz.3.310': attribute type 2 has an invalid length.
[   89.715319][ T6914] netlink: 'syz.3.310': attribute type 1 has an invalid length.
[   89.757233][ T5878] tipc: Node number set to 2886997039
[   89.806436][ T6918] smc: removing ib device syz1
[   90.049237][ T6931] lo speed is unknown, defaulting to 1000
[   90.386241][ T6941] netlink: 'syz.4.318': attribute type 4 has an invalid length.
[   91.441615][ T6972] netlink: 'syz.1.330': attribute type 11 has an invalid length.
[   91.454125][ T6972] __nla_validate_parse: 6 callbacks suppressed
[   91.454143][ T6972] netlink: 60 bytes leftover after parsing attributes in process `syz.1.330'.
[   91.755128][ T6987] lo speed is unknown, defaulting to 1000
[   92.271880][ T7012] sctp: [Deprecated]: syz.0.342 (pid 7012) Use of int in max_burst socket option.
[   92.271880][ T7012] Use struct sctp_assoc_value instead
[   92.293127][ T7012] netlink: 'syz.0.342': attribute type 10 has an invalid length.
[   92.317212][ T7012] veth0_vlan: left promiscuous mode
[   92.328743][ T7012] veth0_vlan: entered promiscuous mode
[   92.339536][ T7012] team0: Device veth0_vlan failed to register rx_handler
[   92.567202][ T6996] netlink: 'syz.2.339': attribute type 21 has an invalid length.
[   92.582834][ T6996] netlink: 156 bytes leftover after parsing attributes in process `syz.2.339'.
[   93.097504][ T7028] netlink: 68 bytes leftover after parsing attributes in process `syz.2.346'.
[   93.114712][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.347'.
[   93.168379][ T7035] netlink: 4 bytes leftover after parsing attributes in process `syz.3.350'.
[   93.219658][ T7035] ipvlan0: entered promiscuous mode
[   93.234250][ T7043] netlink: 'syz.2.352': attribute type 2 has an invalid length.
[   93.242213][ T7043] netlink: 'syz.2.352': attribute type 9 has an invalid length.
[   93.250308][ T7043] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.352'.
[   93.308818][ T7041] vcan1: entered allmulticast mode
[   93.561205][ T7057] netlink: 16 bytes leftover after parsing attributes in process `syz.4.356'.
[   93.718630][ T7065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.359'.
[   93.741208][ T7071] sctp: [Deprecated]: syz.1.358 (pid 7071) Use of int in max_burst socket option.
[   93.741208][ T7071] Use struct sctp_assoc_value instead
[   93.761480][ T7071] netlink: 'syz.1.358': attribute type 10 has an invalid length.
[   93.769686][ T7071] veth0_vlan: left promiscuous mode
[   93.776267][ T7071] veth0_vlan: entered promiscuous mode
[   93.784274][ T7071] team0: Device veth0_vlan failed to register rx_handler
[   93.813364][ T7073] 8021q: VLANs not supported on vcan0
[   93.903562][ T7077] netlink: 'syz.0.363': attribute type 10 has an invalid length.
[   93.944335][ T7077] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.979883][ T7077] team0: Port device batadv0 added
[   93.998862][ T7079] netlink: 12 bytes leftover after parsing attributes in process `syz.3.365'.
[   94.389411][ T7103] sctp: [Deprecated]: syz.3.369 (pid 7103) Use of int in max_burst socket option.
[   94.389411][ T7103] Use struct sctp_assoc_value instead
[   94.466883][ T7103] netlink: 'syz.3.369': attribute type 10 has an invalid length.
[   94.583441][ T7112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.372'.
[   95.136845][ T7142] netlink: 'syz.0.381': attribute type 1 has an invalid length.
[   95.144736][ T7142] netlink: 'syz.0.381': attribute type 2 has an invalid length.
[   95.357882][ T7160] sctp: [Deprecated]: syz.3.383 (pid 7160) Use of int in max_burst socket option.
[   95.357882][ T7160] Use struct sctp_assoc_value instead
[   95.377291][ T7160] netlink: 'syz.3.383': attribute type 10 has an invalid length.
[   95.400429][ T7161] lo speed is unknown, defaulting to 1000
[   95.521130][ T5909] IPVS: starting estimator thread 0...
[   95.527566][ T7165] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[   95.615812][ T7168] IPVS: using max 20 ests per chain, 48000 per kthread
[   95.843937][ T7183] syzkaller0: entered promiscuous mode
[   95.886681][ T7183] syzkaller0: entered allmulticast mode
[   96.765889][ T7205] __nla_validate_parse: 1 callbacks suppressed
[   96.765910][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.399'.
[   96.795258][ T7186] syz.1.392: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0x100dc2(GFP_HIGHUSER|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   96.836697][ T7186] CPU: 1 UID: 0 PID: 7186 Comm: syz.1.392 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[   96.836724][ T7186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   96.836734][ T7186] Call Trace:
[   96.836740][ T7186]  <TASK>
[   96.836748][ T7186]  dump_stack_lvl+0x241/0x360
[   96.836777][ T7186]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.836796][ T7186]  ? __pfx__printk+0x10/0x10
[   96.836817][ T7186]  ? __rcu_read_unlock+0xa1/0x110
[   96.836843][ T7186]  warn_alloc+0x278/0x410
[   96.836865][ T7186]  ? __pfx_warn_alloc+0x10/0x10
[   96.836889][ T7186]  ? bpf_check+0x104c/0x1bcd0
[   96.836907][ T7186]  ? __get_vm_area_node+0x1c8/0x2d0
[   96.836929][ T7186]  ? __get_vm_area_node+0x25c/0x2d0
[   96.836956][ T7186]  __vmalloc_node_range_noprof+0x62f/0x1380
[   96.836997][ T7186]  ? rcu_is_watching+0x15/0xb0
[   96.837027][ T7186]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   96.837044][ T7186]  ? rcu_is_watching+0x15/0xb0
[   96.837063][ T7186]  ? trace_kmalloc+0x1f/0xd0
[   96.837081][ T7186]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[   96.837101][ T7186]  ? security_capable+0x7e/0x2d0
[   96.837122][ T7186]  ? __kvmalloc_node_noprof+0x72/0x190
[   96.837149][ T7186]  __kvmalloc_node_noprof+0x142/0x190
[   96.837173][ T7186]  ? bpf_check+0x104c/0x1bcd0
[   96.837193][ T7186]  bpf_check+0x104c/0x1bcd0
[   96.837225][ T7186]  ? __lock_acquire+0x1397/0x2100
[   96.837283][ T7186]  ? page_ext_put+0x97/0xc0
[   96.837318][ T7186]  ? __handle_mm_fault+0x5ca8/0x70f0
[   96.837342][ T7186]  ? __handle_mm_fault+0x5d33/0x70f0
[   96.837366][ T7186]  ? __pfx_validate_chain+0x10/0x10
[   96.837383][ T7186]  ? __page_table_check_ptes_set+0x30f/0x410
[   96.837409][ T7186]  ? do_raw_spin_unlock+0x13c/0x8b0
[   96.837431][ T7186]  ? validate_chain+0x11e/0x5920
[   96.837451][ T7186]  ? __handle_mm_fault+0x5d44/0x70f0
[   96.837472][ T7186]  ? mark_lock+0x9a/0x360
[   96.837494][ T7186]  ? validate_chain+0x11e/0x5920
[   96.837519][ T7186]  ? __pfx_validate_chain+0x10/0x10
[   96.837543][ T7186]  ? __lock_acquire+0x1397/0x2100
[   96.837569][ T7186]  ? __pfx_validate_chain+0x10/0x10
[   96.837592][ T7186]  ? __pfx_bpf_check+0x10/0x10
[   96.837620][ T7186]  ? mark_lock+0x9a/0x360
[   96.837633][ T7186]  ? count_memcg_event_mm+0x94/0x420
[   96.837658][ T7186]  ? __lock_acquire+0x1397/0x2100
[   96.837706][ T7186]  ? __pfx_lock_acquire+0x10/0x10
[   96.837730][ T7186]  ? ktime_get_with_offset+0x8d/0x2a0
[   96.837752][ T7186]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   96.837778][ T7186]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   96.837808][ T7186]  ? ktime_get_with_offset+0x8d/0x2a0
[   96.837826][ T7186]  ? seqcount_lockdep_reader_access+0x157/0x220
[   96.837845][ T7186]  ? lockdep_hardirqs_on+0x99/0x150
[   96.837864][ T7186]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   96.837884][ T7186]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   96.837913][ T7186]  ? __check_object_size+0x8e/0x730
[   96.837935][ T7186]  ? __asan_memset+0x23/0x50
[   96.837951][ T7186]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   96.837970][ T7186]  bpf_prog_load+0x1664/0x20e0
[   96.838015][ T7186]  ? __pfx_bpf_prog_load+0x10/0x10
[   96.838037][ T7186]  ? __pfx___might_resched+0x10/0x10
[   96.838070][ T7186]  ? __might_fault+0xaa/0x120
[   96.838092][ T7186]  __sys_bpf+0x4ea/0x820
[   96.838113][ T7186]  ? __pfx___sys_bpf+0x10/0x10
[   96.838145][ T7186]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   96.838169][ T7186]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   96.838192][ T7186]  ? do_syscall_64+0x100/0x230
[   96.838214][ T7186]  __x64_sys_bpf+0x7c/0x90
[   96.838235][ T7186]  do_syscall_64+0xf3/0x230
[   96.838252][ T7186]  ? clear_bhb_loop+0x35/0x90
[   96.838276][ T7186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.838296][ T7186] RIP: 0033:0x7f7cacf8d169
[   96.838312][ T7186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.838325][ T7186] RSP: 002b:00007f7caddb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   96.838346][ T7186] RAX: ffffffffffffffda RBX: 00007f7cad1a5fa0 RCX: 00007f7cacf8d169
[   96.838359][ T7186] RDX: 0000000000000048 RSI: 000040000000e000 RDI: 0000000000000005
[   96.838369][ T7186] RBP: 00007f7cad00e2a0 R08: 0000000000000000 R09: 0000000000000000
[   96.838379][ T7186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   96.838389][ T7186] R13: 0000000000000000 R14: 00007f7cad1a5fa0 R15: 00007ffccea74728
[   96.838414][ T7186]  </TASK>
[   96.838544][ T7186] Mem-Info:
[   97.293418][ T7186] active_anon:3481 inactive_anon:0 isolated_anon:0
[   97.293418][ T7186]  active_file:1640 inactive_file:38310 isolated_file:0
[   97.293418][ T7186]  unevictable:768 dirty:107 writeback:0
[   97.293418][ T7186]  slab_reclaimable:10492 slab_unreclaimable:96159
[   97.293418][ T7186]  mapped:23810 shmem:1428 pagetables:699
[   97.293418][ T7186]  sec_pagetables:0 bounce:0
[   97.293418][ T7186]  kernel_misc_reclaimable:0
[   97.293418][ T7186]  free:1332284 free_pcp:4419 free_cma:0
[   97.315411][ T7214] netlink: 16 bytes leftover after parsing attributes in process `syz.4.403'.
[   97.352979][ T7186] Node 0 active_anon:14024kB inactive_anon:0kB active_file:6560kB inactive_file:153168kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97740kB dirty:424kB writeback:0kB shmem:4176kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10332kB pagetables:2696kB sec_pagetables:0kB all_unreclaimable? no
[   97.394585][ T7186] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[   97.436095][ T7186] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   97.499732][ T7186] lowmem_reserve[]: 0 2489 2490 0 0
[   97.505105][ T7186] Node 0 DMA32 free:1390180kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:13888kB inactive_anon:0kB active_file:6560kB inactive_file:152848kB unevictable:1536kB writepending:424kB present:3129332kB managed:2549728kB mlocked:0kB bounce:0kB free_pcp:10452kB local_pcp:5972kB free_cma:0kB
[   97.561464][ T7186] lowmem_reserve[]: 0 0 0 0 0
[   97.574700][ T7186] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[   97.617555][ T7186] lowmem_reserve[]: 0 0 0 0 0
[   97.622364][ T7186] Node 1 Normal free:3906024kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:64kB free_cma:0kB
[   97.685178][ T7186] lowmem_reserve[]: 0 0 0 0 0
[   97.707114][ T7186] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   97.732495][ T7186] Node 0 DMA32: 4*4kB (UME) 179*8kB (UM) 129*16kB (UME) 103*32kB (UME) 56*64kB (UME) 32*128kB (UME) 17*256kB (UME) 15*512kB (UME) 8*1024kB (M) 6*2048kB (UME) 326*4096kB (UM) = 1382296kB
[   97.753756][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   97.759290][ T7186] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[   97.807408][ T7186] Node 1 Normal: 214*4kB (UME) 60*8kB (UME) 41*16kB (UME) 213*32kB (UME) 94*64kB (UME) 40*128kB (UME) 16*256kB (UME) 12*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 945*4096kB (M) = 3906024kB
[   97.808121][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   97.843656][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   97.854006][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   97.856517][ T7186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   97.877749][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   97.887676][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   97.893748][ T7186] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   97.906908][ T7237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.406'.
[   97.944229][ T7186] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   97.990810][ T7226] lo speed is unknown, defaulting to 1000
[   98.021316][ T7186] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   98.074074][ T7186] 41379 total pagecache pages
[   98.095868][ T7186] 0 pages in swap cache
[   98.100873][ T7186] Free swap  = 124996kB
[   98.105243][ T7186] Total swap = 124996kB
[   98.116781][ T7186] 2097051 pages RAM
[   98.145815][ T7186] 0 pages HighMem/MovableOnly
[   98.183379][ T7186] 427897 pages reserved
[   98.207632][ T7186] 0 pages cma reserved
[   98.292350][ T7250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.409'.
[   98.422110][ T7254] smc: net device bond0 applied user defined pnetid SYZ2
[   98.459787][ T7226] chnl_net:caif_netlink_parms(): no params data found
[   98.582483][ T7260] netlink: 'syz.2.413': attribute type 12 has an invalid length.
[   98.708540][ T7226] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.724117][ T7226] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.739890][ T7226] bridge_slave_0: entered allmulticast mode
[   98.752267][ T7270] netlink: 16 bytes leftover after parsing attributes in process `syz.2.414'.
[   98.762997][ T7226] bridge_slave_0: entered promiscuous mode
[   98.789532][ T7226] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.808303][ T7226] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.823463][ T7226] bridge_slave_1: entered allmulticast mode
[   98.833659][ T7226] bridge_slave_1: entered promiscuous mode
[   98.871907][ T7226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.886799][ T7226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.908867][ T7276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.417'.
[   98.940126][ T7279] sctp: [Deprecated]: syz.1.416 (pid 7279) Use of int in max_burst socket option.
[   98.940126][ T7279] Use struct sctp_assoc_value instead
[   98.974274][ T7226] team0: Port device team_slave_0 added
[   98.991028][ T7226] team0: Port device team_slave_1 added
[   99.043262][ T7226] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.050656][ T7226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.078116][ T7226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.093686][ T7226] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.101680][ T7226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.111444][ T7279] netlink: 'syz.1.416': attribute type 10 has an invalid length.
[   99.129201][ T7226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.262183][ T7279] veth0_vlan: left promiscuous mode
[   99.270560][ T7279] veth0_vlan: entered promiscuous mode
[   99.278383][ T7279] team0: Device veth0_vlan failed to register rx_handler
[   99.341985][ T7226] hsr_slave_0: entered promiscuous mode
[   99.349003][ T7226] hsr_slave_1: entered promiscuous mode
[   99.355433][ T7226] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.372875][ T7226] Cannot create hsr debugfs directory
[   99.513175][ T7298] netlink: 12 bytes leftover after parsing attributes in process `syz.4.422'.
[   99.531986][ T7300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'.
[   99.786190][ T7312] netlink: 16 bytes leftover after parsing attributes in process `syz.4.427'.
[   99.894087][ T7226] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.945786][ T5147] Bluetooth: hci3: command tx timeout
[  100.027765][ T7226] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.267999][ T7226] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.364272][ T7226] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.589165][ T7226] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  100.599795][ T7331] netlink: 'syz.2.434': attribute type 1 has an invalid length.
[  100.608236][ T7331] netlink: 'syz.2.434': attribute type 3 has an invalid length.
[  100.627709][ T7226] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  100.652355][ T7331] netlink: 224 bytes leftover after parsing attributes in process `syz.2.434'.
[  100.685708][ T7226] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  100.709438][ T7226] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  100.746143][ T7334] vlan2: entered promiscuous mode
[  100.762032][ T7340] sctp: [Deprecated]: syz.0.436 (pid 7340) Use of int in max_burst socket option.
[  100.762032][ T7340] Use struct sctp_assoc_value instead
[  100.765799][ T7334] hsr0: entered promiscuous mode
[  100.783981][ T7340] netlink: 'syz.0.436': attribute type 10 has an invalid length.
[  100.816414][ T7340] veth0_vlan: left promiscuous mode
[  100.827039][ T7340] veth0_vlan: entered promiscuous mode
[  100.842250][ T7340] team0: Device veth0_vlan failed to register rx_handler
[  101.022589][  T798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.031936][  T798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.262163][ T7226] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.315241][ T7226] 8021q: adding VLAN 0 to HW filter on device team0
[  101.349256][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.356468][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.434276][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.441482][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.687655][ T7370] bridge0: entered promiscuous mode
[  101.696358][ T7370] erspan0: entered promiscuous mode
[  101.878257][ T7381] netlink: 'syz.0.450': attribute type 1 has an invalid length.
[  101.907893][ T7383] sctp: [Deprecated]: syz.4.448 (pid 7383) Use of int in max_burst socket option.
[  101.907893][ T7383] Use struct sctp_assoc_value instead
[  101.951448][ T7383] netlink: 'syz.4.448': attribute type 10 has an invalid length.
[  101.971413][ T7381] netlink: 'syz.0.450': attribute type 3 has an invalid length.
[  102.009245][ T7226] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.024478][ T7381] __nla_validate_parse: 3 callbacks suppressed
[  102.024498][ T7381] netlink: 224 bytes leftover after parsing attributes in process `syz.0.450'.
[  102.028089][ T5147] Bluetooth: hci3: command tx timeout
[  102.163356][ T7226] veth0_vlan: entered promiscuous mode
[  102.198053][ T7226] veth1_vlan: entered promiscuous mode
[  102.274707][ T7391] geneve0: entered allmulticast mode
[  102.366679][ T7396] netlink: 24 bytes leftover after parsing attributes in process `syz.2.454'.
[  102.423029][ T7226] veth0_macvtap: entered promiscuous mode
[  102.453451][ T7226] veth1_macvtap: entered promiscuous mode
[  102.548262][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.574883][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.590715][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.595321][ T7405] sctp: [Deprecated]: syz.1.455 (pid 7405) Use of int in max_burst socket option.
[  102.595321][ T7405] Use struct sctp_assoc_value instead
[  102.601523][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.632757][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.637736][ T7405] netlink: 'syz.1.455': attribute type 10 has an invalid length.
[  102.644124][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.644144][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.692894][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.717628][ T7226] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.733244][ T7403] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  102.747068][ T7405] veth0_vlan: left promiscuous mode
[  102.753599][ T7405] veth0_vlan: entered promiscuous mode
[  102.760564][ T7405] team0: Device veth0_vlan failed to register rx_handler
[  102.794934][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.833487][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.863178][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.894947][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.912591][ T7226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  102.931231][ T7226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  102.948495][ T7226] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.964092][ T7226] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.973439][ T7226] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.984561][ T7226] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.995186][ T7226] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.186010][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.210710][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.274963][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.305146][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.445844][ T7427] sctp: [Deprecated]: syz.1.464 (pid 7427) Use of struct sctp_assoc_value in delayed_ack socket option.
[  103.445844][ T7427] Use struct sctp_sack_info instead
[  103.534874][ T7430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.465'.
[  103.735483][ T7437] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.875434][ T7437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.890248][ T7437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.943681][ T7437] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.953341][ T7437] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.962480][ T7437] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  103.971756][ T7437] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  104.021071][ T7448] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  104.174723][ T7453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.471'.
[  104.245055][ T7458] lo speed is unknown, defaulting to 1000
[  104.322163][ T7465] sctp: [Deprecated]: syz.0.474 (pid 7465) Use of int in max_burst socket option.
[  104.322163][ T7465] Use struct sctp_assoc_value instead
[  104.346822][ T7465] netlink: 'syz.0.474': attribute type 10 has an invalid length.
[  104.517370][ T3580] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.573613][ T7465] veth0_vlan: left promiscuous mode
[  104.581564][ T7465] veth0_vlan: entered promiscuous mode
[  104.590391][ T7465] team0: Device veth0_vlan failed to register rx_handler
[  104.646024][ T3580] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.795391][ T3580] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.821693][ T7476] Bluetooth: MGMT ver 1.23
[  105.187526][ T3580] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.266699][ T7491] siw: device registration error -23
[  105.270034][ T7458] netlink: 312 bytes leftover after parsing attributes in process `syz.4.473'.
[  105.317598][ T7458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.473'.
[  105.331999][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  105.343122][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  105.361674][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  105.370771][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  105.379726][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  105.388064][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  105.488883][ T7496] netlink: 'syz.2.481': attribute type 29 has an invalid length.
[  105.550316][ T7498] netlink: 'syz.0.482': attribute type 7 has an invalid length.
[  105.565151][ T7492] lo speed is unknown, defaulting to 1000
[  105.613956][ T3580] bridge_slave_1: left allmulticast mode
[  105.648163][ T3580] bridge_slave_1: left promiscuous mode
[  105.678996][ T3580] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.712774][ T3580] bridge_slave_0: left allmulticast mode
[  105.730117][ T3580] bridge_slave_0: left promiscuous mode
[  105.749545][ T3580] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.139087][ T7524] netlink: 52 bytes leftover after parsing attributes in process `syz.0.484'.
[  106.449838][ T7537] netlink: 12 bytes leftover after parsing attributes in process `syz.1.491'.
[  106.504441][ T3580] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.522884][ T3580] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.549260][ T3580] bond0 (unregistering): Released all slaves
[  106.775203][ T7545] FAULT_INJECTION: forcing a failure.
[  106.775203][ T7545] name failslab, interval 1, probability 0, space 0, times 1
[  106.788170][ T7545] CPU: 0 UID: 0 PID: 7545 Comm: syz.2.495 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  106.788193][ T7545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  106.788202][ T7545] Call Trace:
[  106.788208][ T7545]  <TASK>
[  106.788215][ T7545]  dump_stack_lvl+0x241/0x360
[  106.788240][ T7545]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.788259][ T7545]  ? __pfx__printk+0x10/0x10
[  106.788275][ T7545]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  106.788292][ T7545]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  106.788308][ T7545]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  106.788335][ T7545]  should_fail_ex+0x40a/0x550
[  106.788361][ T7545]  should_failslab+0xac/0x100
[  106.788382][ T7545]  ? __inet_bhash2_update_saddr+0x205/0x1ac0
[  106.788402][ T7545]  kmem_cache_alloc_noprof+0x70/0x380
[  106.788428][ T7545]  __inet_bhash2_update_saddr+0x205/0x1ac0
[  106.788459][ T7545]  ? __asan_memset+0x23/0x50
[  106.788484][ T7545]  tcp_disconnect+0x478/0x1ae0
[  106.788508][ T7545]  inet_shutdown+0x250/0x390
[  106.788528][ T7545]  __x64_sys_shutdown+0x13f/0x1a0
[  106.788547][ T7545]  do_syscall_64+0xf3/0x230
[  106.788565][ T7545]  ? clear_bhb_loop+0x35/0x90
[  106.788589][ T7545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.788607][ T7545] RIP: 0033:0x7fc44818d169
[  106.788622][ T7545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.788634][ T7545] RSP: 002b:00007fc449091038 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
[  106.788651][ T7545] RAX: ffffffffffffffda RBX: 00007fc4483a5fa0 RCX: 00007fc44818d169
[  106.788663][ T7545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  106.788672][ T7545] RBP: 00007fc449091090 R08: 0000000000000000 R09: 0000000000000000
[  106.788682][ T7545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.788692][ T7545] R13: 0000000000000000 R14: 00007fc4483a5fa0 R15: 00007ffc39168228
[  106.788719][ T7545]  </TASK>
[  107.115164][ T7551] batadv_slave_1: entered promiscuous mode
[  107.286814][ T7560] netlink: 16 bytes leftover after parsing attributes in process `syz.1.501'.
[  107.304547][ T3580] hsr_slave_0: left promiscuous mode
[  107.318246][ T3580] hsr_slave_1: left promiscuous mode
[  107.336409][ T3580] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.354184][ T3580] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.401265][ T3580] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.419483][ T3580] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.465820][   T54] Bluetooth: hci3: command tx timeout
[  107.474473][ T3580] veth1_macvtap: left promiscuous mode
[  107.483580][ T3580] veth0_macvtap: left promiscuous mode
[  107.489708][ T3580] veth1_vlan: left promiscuous mode
[  107.495473][ T3580] veth0_vlan: left promiscuous mode
[  108.006967][ T3580] team0 (unregistering): Port device team_slave_1 removed
[  108.051644][ T3580] team0 (unregistering): Port device team_slave_0 removed
[  108.531703][ T7550] batadv_slave_1: left promiscuous mode
[  108.790108][ T7492] chnl_net:caif_netlink_parms(): no params data found
[  108.883898][ T7597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.511'.
[  108.962256][ T7602] netlink: 16 bytes leftover after parsing attributes in process `syz.1.512'.
[  109.017406][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.056016][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.075203][ T7492] bridge_slave_0: entered allmulticast mode
[  109.084448][ T7492] bridge_slave_0: entered promiscuous mode
[  109.092384][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.100054][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.114461][ T7492] bridge_slave_1: entered allmulticast mode
[  109.126898][ T7492] bridge_slave_1: entered promiscuous mode
[  109.221915][ T7492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.275238][ T7492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.365276][ T7619] sctp: [Deprecated]: syz.1.517 (pid 7619) Use of int in max_burst socket option.
[  109.365276][ T7619] Use struct sctp_assoc_value instead
[  109.386558][ T7619] netlink: 'syz.1.517': attribute type 10 has an invalid length.
[  109.406747][ T7619] veth0_vlan: left promiscuous mode
[  109.413168][ T7619] veth0_vlan: entered promiscuous mode
[  109.421461][ T7619] team0: Device veth0_vlan failed to register rx_handler
[  109.458974][ T7492] team0: Port device team_slave_0 added
[  109.496250][ T7492] team0: Port device team_slave_1 added
[  109.545863][   T54] Bluetooth: hci3: command tx timeout
[  109.573619][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.584347][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.612296][ T7492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.649231][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.671763][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.707167][ T7492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.825316][ T7492] hsr_slave_0: entered promiscuous mode
[  109.832392][ T7492] hsr_slave_1: entered promiscuous mode
[  109.839077][ T7492] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  109.847064][ T7492] Cannot create hsr debugfs directory
[  110.144553][ T7632] netlink: 16 bytes leftover after parsing attributes in process `syz.4.524'.
[  110.361250][ T7638] lo speed is unknown, defaulting to 1000
[  110.557733][ T7492] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  110.589349][ T7492] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  110.610288][ T7492] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  110.658760][ T7492] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  110.705282][ T7660] bridge: RTM_NEWNEIGH with invalid ether address
[  110.888864][ T7492] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.017232][ T7669] netlink: 16 bytes leftover after parsing attributes in process `syz.2.539'.
[  111.061720][ T7492] 8021q: adding VLAN 0 to HW filter on device team0
[  111.096874][ T7513] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.104080][ T7513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.149156][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.156444][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.280775][ T7674] netlink: 24 bytes leftover after parsing attributes in process `syz.2.541'.
[  111.312791][ T7674] netlink: 24 bytes leftover after parsing attributes in process `syz.2.541'.
[  111.380938][ T7683] netlink: 40 bytes leftover after parsing attributes in process `syz.4.544'.
[  111.467202][ T7678] netlink: 96 bytes leftover after parsing attributes in process `syz.2.541'.
[  111.502965][ T7672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.527'.
[  111.519033][ T7678] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  111.590911][ T7678] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  111.629037][   T54] Bluetooth: hci3: command tx timeout
[  111.703091][ T7492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.849363][ T7695] netlink: 'syz.4.548': attribute type 21 has an invalid length.
[  111.859956][ T7492] veth0_vlan: entered promiscuous mode
[  111.907247][ T7492] veth1_vlan: entered promiscuous mode
[  111.971035][ T7492] veth0_macvtap: entered promiscuous mode
[  112.017277][ T7492] veth1_macvtap: entered promiscuous mode
[  112.067180][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.086380][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.129770][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.149312][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.166336][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.178062][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.193198][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.255043][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.268726][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.279899][ T7492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.302244][ T7492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.324389][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.432914][ T7492] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.451057][ T7492] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.463719][ T7492] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.473436][ T7492] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.484533][ T7716] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  112.777360][ T7729] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.790228][ T7732] __nla_validate_parse: 2 callbacks suppressed
[  112.790246][ T7732] netlink: 16 bytes leftover after parsing attributes in process `syz.2.562'.
[  112.794915][ T7729] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.819154][ T7735] netlink: 68 bytes leftover after parsing attributes in process `syz.1.561'.
[  112.823804][ T7729] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.845695][ T7729] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.881000][ T7729] geneve2: entered promiscuous mode
[  112.940333][ T7513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.953100][ T7513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.035945][ T3580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.067980][ T3580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.150371][ T7750] netlink: 'syz.0.564': attribute type 4 has an invalid length.
[  113.163755][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.564'.
[  113.634384][ T7773] netlink: 52 bytes leftover after parsing attributes in process `syz.2.574'.
[  113.666791][ T7774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.686494][ T7777] veth0_to_team: mtu less than device minimum
[  113.694348][ T7774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.763849][ T7774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.001239][ T1339] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.082211][ T7789] lo speed is unknown, defaulting to 1000
[  114.385447][ T1339] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.485420][ T7796] netlink: 'syz.0.581': attribute type 2 has an invalid length.
[  114.573407][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  114.588507][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  114.603758][ T1339] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.615234][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  114.630927][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  114.639586][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  114.647190][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  114.693813][ T7802] lo speed is unknown, defaulting to 1000
[  114.773025][ T1339] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.784411][ T7786] netlink: 28 bytes leftover after parsing attributes in process `syz.1.578'.
[  114.956262][ T7786] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  115.377490][ T1339] bridge_slave_1: left allmulticast mode
[  115.383215][ T1339] bridge_slave_1: left promiscuous mode
[  115.425808][ T1339] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.466438][ T1339] bridge_slave_0: left allmulticast mode
[  115.472148][ T1339] bridge_slave_0: left promiscuous mode
[  115.515956][ T1339] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.637512][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  115.648220][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  115.657598][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  115.675177][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  115.695120][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  115.702599][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  115.846407][ T7843] netlink: 20 bytes leftover after parsing attributes in process `syz.0.598'.
[  116.260745][ T1339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.276977][ T1339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.292510][ T1339] bond0 (unregistering): Released all slaves
[  116.317605][ T7843] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (83886090)
[  116.345735][ T7843] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  116.399254][ T7802] chnl_net:caif_netlink_parms(): no params data found
[  116.458131][ T7832] lo speed is unknown, defaulting to 1000
[  116.552196][ T7863] FAULT_INJECTION: forcing a failure.
[  116.552196][ T7863] name failslab, interval 1, probability 0, space 0, times 0
[  116.572654][ T7863] CPU: 1 UID: 0 PID: 7863 Comm: syz.4.602 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  116.572680][ T7863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  116.572689][ T7863] Call Trace:
[  116.572694][ T7863]  <TASK>
[  116.572701][ T7863]  dump_stack_lvl+0x241/0x360
[  116.572725][ T7863]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.572755][ T7863]  should_fail_ex+0x40a/0x550
[  116.572782][ T7863]  should_failslab+0xac/0x100
[  116.572804][ T7863]  kmem_cache_alloc_node_noprof+0x77/0x380
[  116.572825][ T7863]  ? __alloc_skb+0x1c3/0x440
[  116.572845][ T7863]  __alloc_skb+0x1c3/0x440
[  116.572860][ T7863]  ? validate_chain+0x11e/0x5920
[  116.572879][ T7863]  ? __pfx___alloc_skb+0x10/0x10
[  116.572905][ T7863]  alloc_skb_with_frags+0xc3/0x820
[  116.572924][ T7863]  ? l2cap_sock_alloc_skb_cb+0xe4/0x5b0
[  116.572946][ T7863]  ? __pfx_lock_release+0x10/0x10
[  116.572974][ T7863]  sock_alloc_send_pskb+0x91a/0xa60
[  116.573010][ T7863]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  116.573051][ T7863]  l2cap_sock_alloc_skb_cb+0xfc/0x5b0
[  116.573075][ T7863]  ? __pfx_l2cap_sock_alloc_skb_cb+0x10/0x10
[  116.573103][ T7863]  ? __pfx_l2cap_sock_alloc_skb_cb+0x10/0x10
[  116.573123][ T7863]  l2cap_chan_send+0x1d1/0x2690
[  116.573151][ T7863]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  116.573181][ T7863]  ? l2cap_sock_sendmsg+0x1a4/0x2c0
[  116.573201][ T7863]  ? __pfx_l2cap_chan_send+0x10/0x10
[  116.573228][ T7863]  ? do_raw_spin_unlock+0x13c/0x8b0
[  116.573255][ T7863]  l2cap_sock_sendmsg+0x1b4/0x2c0
[  116.573278][ T7863]  ? __pfx_l2cap_sock_sendmsg+0x10/0x10
[  116.573294][ T7863]  __sock_sendmsg+0x221/0x270
[  116.573318][ T7863]  ____sys_sendmsg+0x53a/0x860
[  116.573343][ T7863]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.573358][ T7863]  ? __fget_files+0x2a/0x410
[  116.573382][ T7863]  ? __fget_files+0x2a/0x410
[  116.573411][ T7863]  __sys_sendmmsg+0x36a/0x720
[  116.573439][ T7863]  ? __pfx___sys_sendmmsg+0x10/0x10
[  116.573468][ T7863]  ? __pfx_lock_release+0x10/0x10
[  116.573487][ T7863]  ? kstrtouint_from_user+0x128/0x190
[  116.573527][ T7863]  ? ksys_write+0x22a/0x2b0
[  116.573544][ T7863]  ? __pfx_lock_release+0x10/0x10
[  116.573571][ T7863]  ? sb_end_write+0xe9/0x1c0
[  116.573592][ T7863]  ? vfs_write+0x7fa/0xd10
[  116.573611][ T7863]  ? __mutex_unlock_slowpath+0x227/0x800
[  116.573657][ T7863]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  116.573681][ T7863]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  116.573704][ T7863]  ? do_syscall_64+0x100/0x230
[  116.573726][ T7863]  __x64_sys_sendmmsg+0xa0/0xb0
[  116.573745][ T7863]  do_syscall_64+0xf3/0x230
[  116.573763][ T7863]  ? clear_bhb_loop+0x35/0x90
[  116.573786][ T7863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.573805][ T7863] RIP: 0033:0x7ff9d8b8d169
[  116.573820][ T7863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.573833][ T7863] RSP: 002b:00007ff9d69f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  116.573851][ T7863] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8d169
[  116.573863][ T7863] RDX: 0000000000000001 RSI: 0000400000001200 RDI: 0000000000000004
[  116.573873][ T7863] RBP: 00007ff9d69f6090 R08: 0000000000000000 R09: 0000000000000000
[  116.573883][ T7863] R10: 0000000000008800 R11: 0000000000000246 R12: 0000000000000001
[  116.573893][ T7863] R13: 0000000000000000 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[  116.573918][ T7863]  </TASK>
[  116.933482][   T54] Bluetooth: hci3: command tx timeout
[  117.162300][ T7864] netlink: 16 bytes leftover after parsing attributes in process `syz.0.601'.
[  117.171530][ T7864] netlink: 6 bytes leftover after parsing attributes in process `syz.0.601'.
[  117.342980][ T1339] hsr_slave_0: left promiscuous mode
[  117.360961][ T1339] hsr_slave_1: left promiscuous mode
[  117.379883][ T1339] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.394605][ T1339] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.413235][ T1339] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.423172][ T1339] batman_adv: batadv0: Removing interface: batadv_slave_1
[  117.450853][ T1339] veth1_macvtap: left promiscuous mode
[  117.456540][ T1339] veth0_macvtap: left promiscuous mode
[  117.462109][ T1339] veth1_vlan: left promiscuous mode
[  117.467712][ T1339] veth0_vlan: left promiscuous mode
[  117.788801][   T54] Bluetooth: hci4: command tx timeout
[  117.908552][ T1339] team0 (unregistering): Port device team_slave_1 removed
[  117.959511][ T1339] team0 (unregistering): Port device team_slave_0 removed
[  118.485411][ T7802] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.492758][ T7802] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.504358][ T7802] bridge_slave_0: entered allmulticast mode
[  118.513299][ T7802] bridge_slave_0: entered promiscuous mode
[  118.521031][ T7886] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  118.545071][ T7802] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.552298][ T7802] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.559769][ T7802] bridge_slave_1: entered allmulticast mode
[  118.574789][ T7802] bridge_slave_1: entered promiscuous mode
[  118.633028][ T7832] chnl_net:caif_netlink_parms(): no params data found
[  118.729422][ T7802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.763292][ T7802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.842024][ T7898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.613'.
[  118.893594][ T7802] team0: Port device team_slave_0 added
[  118.948082][ T7802] team0: Port device team_slave_1 added
[  118.995781][   T54] Bluetooth: hci3: command tx timeout
[  119.088026][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.095422][ T7832] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.105337][ T7832] bridge_slave_0: entered allmulticast mode
[  119.134252][ T7832] bridge_slave_0: entered promiscuous mode
[  119.153773][ T7802] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.172171][ T7802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.205630][ T7802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.233147][ T7802] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.249473][ T7802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  119.284374][ T7802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.288922][ T7917] netlink: 'syz.4.620': attribute type 3 has an invalid length.
[  119.325808][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.333698][ T7832] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.345220][ T7832] bridge_slave_1: entered allmulticast mode
[  119.352585][ T7832] bridge_slave_1: entered promiscuous mode
[  119.413629][ T7802] hsr_slave_0: entered promiscuous mode
[  119.423936][ T7802] hsr_slave_1: entered promiscuous mode
[  119.431485][ T7802] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  119.440757][ T7802] Cannot create hsr debugfs directory
[  119.463248][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.489296][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.491345][ T7832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.540398][ T7832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.587114][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.627008][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.728350][ T7832] team0: Port device team_slave_0 added
[  119.754102][ T7933] sctp: [Deprecated]: syz.0.624 (pid 7933) Use of int in max_burst socket option.
[  119.754102][ T7933] Use struct sctp_assoc_value instead
[  119.757164][ T7832] team0: Port device team_slave_1 added
[  119.775286][ T7933] netlink: 'syz.0.624': attribute type 10 has an invalid length.
[  119.796069][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.804946][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.869412][   T54] Bluetooth: hci4: command tx timeout
[  119.887767][ T7936] netlink: 16 bytes leftover after parsing attributes in process `syz.4.625'.
[  119.907978][ T7933] veth0_vlan: left promiscuous mode
[  119.914389][ T7933] veth0_vlan: entered promiscuous mode
[  119.932097][ T7933] team0: Device veth0_vlan failed to register rx_handler
[  119.948580][ T7919] netlink: 18 bytes leftover after parsing attributes in process `syz.1.621'.
[  119.968993][ T7938] netlink: 4 bytes leftover after parsing attributes in process `syz.4.626'.
[  120.051314][ T7832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.059737][ T7832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.098416][ T7832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.184157][ T7832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.203136][ T7832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.242345][ T7832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.394548][ T7951] FAULT_INJECTION: forcing a failure.
[  120.394548][ T7951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.418213][ T7951] CPU: 0 UID: 0 PID: 7951 Comm: syz.4.631 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  120.418239][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.418249][ T7951] Call Trace:
[  120.418255][ T7951]  <TASK>
[  120.418263][ T7951]  dump_stack_lvl+0x241/0x360
[  120.418293][ T7951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.418311][ T7951]  ? __pfx__printk+0x10/0x10
[  120.418329][ T7951]  ? __pfx_lock_release+0x10/0x10
[  120.418360][ T7951]  should_fail_ex+0x40a/0x550
[  120.418387][ T7951]  _copy_from_iter+0x427/0x1c40
[  120.418421][ T7951]  ? __pfx__copy_from_iter+0x10/0x10
[  120.418442][ T7951]  ? __virt_addr_valid+0x183/0x530
[  120.418459][ T7951]  ? __virt_addr_valid+0x183/0x530
[  120.418472][ T7951]  ? __virt_addr_valid+0x45f/0x530
[  120.418488][ T7951]  ? __phys_addr_symbol+0x2f/0x70
[  120.418503][ T7951]  ? __check_object_size+0x47a/0x730
[  120.418528][ T7951]  l2cap_skbuff_fromiovec+0x9d/0x4f0
[  120.418549][ T7951]  ? skb_put+0x114/0x1f0
[  120.418571][ T7951]  l2cap_chan_send+0x389/0x2690
[  120.418599][ T7951]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  120.418630][ T7951]  ? l2cap_sock_sendmsg+0x1a4/0x2c0
[  120.418650][ T7951]  ? __pfx_l2cap_chan_send+0x10/0x10
[  120.418685][ T7951]  ? do_raw_spin_unlock+0x13c/0x8b0
[  120.418712][ T7951]  l2cap_sock_sendmsg+0x1b4/0x2c0
[  120.418734][ T7951]  ? __pfx_l2cap_sock_sendmsg+0x10/0x10
[  120.418751][ T7951]  __sock_sendmsg+0x221/0x270
[  120.418775][ T7951]  ____sys_sendmsg+0x53a/0x860
[  120.418801][ T7951]  ? __pfx_____sys_sendmsg+0x10/0x10
[  120.418816][ T7951]  ? __fget_files+0x2a/0x410
[  120.418839][ T7951]  ? __fget_files+0x2a/0x410
[  120.418866][ T7951]  __sys_sendmmsg+0x36a/0x720
[  120.418892][ T7951]  ? __pfx___sys_sendmmsg+0x10/0x10
[  120.418919][ T7951]  ? __pfx_lock_release+0x10/0x10
[  120.418937][ T7951]  ? kstrtouint_from_user+0x128/0x190
[  120.418977][ T7951]  ? ksys_write+0x22a/0x2b0
[  120.418996][ T7951]  ? __pfx_lock_release+0x10/0x10
[  120.419023][ T7951]  ? sb_end_write+0xe9/0x1c0
[  120.419044][ T7951]  ? vfs_write+0x7fa/0xd10
[  120.419063][ T7951]  ? __mutex_unlock_slowpath+0x227/0x800
[  120.419109][ T7951]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  120.419134][ T7951]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  120.419157][ T7951]  ? do_syscall_64+0x100/0x230
[  120.419179][ T7951]  __x64_sys_sendmmsg+0xa0/0xb0
[  120.419198][ T7951]  do_syscall_64+0xf3/0x230
[  120.419216][ T7951]  ? clear_bhb_loop+0x35/0x90
[  120.419239][ T7951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.419258][ T7951] RIP: 0033:0x7ff9d8b8d169
[  120.419273][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.419286][ T7951] RSP: 002b:00007ff9d69f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  120.419304][ T7951] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8d169
[  120.419316][ T7951] RDX: 0000000000000001 RSI: 0000400000001200 RDI: 0000000000000004
[  120.419326][ T7951] RBP: 00007ff9d69f6090 R08: 0000000000000000 R09: 0000000000000000
[  120.419336][ T7951] R10: 0000000000008800 R11: 0000000000000246 R12: 0000000000000001
[  120.419345][ T7951] R13: 0000000000000000 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[  120.419372][ T7951]  </TASK>
[  120.787159][ T7832] hsr_slave_0: entered promiscuous mode
[  120.793834][ T7832] hsr_slave_1: entered promiscuous mode
[  120.844158][ T7832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  120.905719][ T7832] Cannot create hsr debugfs directory
[  121.070954][   T54] Bluetooth: hci3: command tx timeout
[  121.412688][ T1339] bridge_slave_1: left allmulticast mode
[  121.427627][ T1339] bridge_slave_1: left promiscuous mode
[  121.433465][ T1339] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.483129][ T1339] bridge_slave_0: left allmulticast mode
[  121.495774][ T1339] bridge_slave_0: left promiscuous mode
[  121.501697][ T1339] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.669526][ T7991] FAULT_INJECTION: forcing a failure.
[  121.669526][ T7991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.687459][ T7991] CPU: 1 UID: 0 PID: 7991 Comm: syz.0.642 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  121.687485][ T7991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  121.687494][ T7991] Call Trace:
[  121.687499][ T7991]  <TASK>
[  121.687505][ T7991]  dump_stack_lvl+0x241/0x360
[  121.687531][ T7991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.687549][ T7991]  ? __pfx__printk+0x10/0x10
[  121.687568][ T7991]  ? __pfx_lock_release+0x10/0x10
[  121.687598][ T7991]  should_fail_ex+0x40a/0x550
[  121.687625][ T7991]  _copy_from_iter+0x427/0x1c40
[  121.687658][ T7991]  ? __pfx__copy_from_iter+0x10/0x10
[  121.687679][ T7991]  ? __virt_addr_valid+0x183/0x530
[  121.687694][ T7991]  ? __virt_addr_valid+0x183/0x530
[  121.687708][ T7991]  ? __virt_addr_valid+0x45f/0x530
[  121.687724][ T7991]  ? __phys_addr_symbol+0x2f/0x70
[  121.687738][ T7991]  ? __check_object_size+0x47a/0x730
[  121.687771][ T7991]  l2cap_skbuff_fromiovec+0x9d/0x4f0
[  121.687792][ T7991]  ? skb_put+0x114/0x1f0
[  121.687813][ T7991]  l2cap_chan_send+0x389/0x2690
[  121.687840][ T7991]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  121.687870][ T7991]  ? l2cap_sock_sendmsg+0x1a4/0x2c0
[  121.687890][ T7991]  ? __pfx_l2cap_chan_send+0x10/0x10
[  121.687918][ T7991]  ? do_raw_spin_unlock+0x13c/0x8b0
[  121.687946][ T7991]  l2cap_sock_sendmsg+0x1b4/0x2c0
[  121.687969][ T7991]  ? __pfx_l2cap_sock_sendmsg+0x10/0x10
[  121.687986][ T7991]  __sock_sendmsg+0x221/0x270
[  121.688011][ T7991]  ____sys_sendmsg+0x53a/0x860
[  121.688037][ T7991]  ? __pfx_____sys_sendmsg+0x10/0x10
[  121.688052][ T7991]  ? __fget_files+0x2a/0x410
[  121.688076][ T7991]  ? __fget_files+0x2a/0x410
[  121.688106][ T7991]  __sys_sendmmsg+0x36a/0x720
[  121.688133][ T7991]  ? __pfx___sys_sendmmsg+0x10/0x10
[  121.688159][ T7991]  ? __pfx_lock_release+0x10/0x10
[  121.688177][ T7991]  ? kstrtouint_from_user+0x128/0x190
[  121.688217][ T7991]  ? ksys_write+0x22a/0x2b0
[  121.688233][ T7991]  ? __pfx_lock_release+0x10/0x10
[  121.688260][ T7991]  ? sb_end_write+0xe9/0x1c0
[  121.688279][ T7991]  ? vfs_write+0x7fa/0xd10
[  121.688295][ T7991]  ? __mutex_unlock_slowpath+0x227/0x800
[  121.688337][ T7991]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  121.688358][ T7991]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.688379][ T7991]  ? do_syscall_64+0x100/0x230
[  121.688400][ T7991]  __x64_sys_sendmmsg+0xa0/0xb0
[  121.688419][ T7991]  do_syscall_64+0xf3/0x230
[  121.688437][ T7991]  ? clear_bhb_loop+0x35/0x90
[  121.688461][ T7991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.688480][ T7991] RIP: 0033:0x7f5014d8d169
[  121.688495][ T7991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.688509][ T7991] RSP: 002b:00007f5015be4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  121.688526][ T7991] RAX: ffffffffffffffda RBX: 00007f5014fa5fa0 RCX: 00007f5014d8d169
[  121.688538][ T7991] RDX: 0000000000000001 RSI: 0000400000001200 RDI: 0000000000000004
[  121.688548][ T7991] RBP: 00007f5015be4090 R08: 0000000000000000 R09: 0000000000000000
[  121.688558][ T7991] R10: 0000000000008800 R11: 0000000000000246 R12: 0000000000000001
[  121.688568][ T7991] R13: 0000000000000000 R14: 00007f5014fa5fa0 R15: 00007fffdab2ea48
[  121.688595][ T7991]  </TASK>
[  122.026504][   T54] Bluetooth: hci4: command tx timeout
[  122.037531][ T7992] Cannot find del_set index 4 as target
[  122.175038][ T8001] sctp: [Deprecated]: syz.0.645 (pid 8001) Use of int in max_burst socket option.
[  122.175038][ T8001] Use struct sctp_assoc_value instead
[  122.210509][ T8001] netlink: 'syz.0.645': attribute type 10 has an invalid length.
[  122.630423][ T1339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.642539][ T1339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.654691][ T1339] bond0 (unregistering): Released all slaves
[  122.684416][ T8001] veth0_vlan: left promiscuous mode
[  122.726207][ T8001] veth0_vlan: entered promiscuous mode
[  122.740678][ T8001] team0: Device veth0_vlan failed to register rx_handler
[  122.826813][ T1339] tipc: Disabling bearer <udp:syz2>
[  122.838805][ T1339] tipc: Left network mode
[  122.877347][ T8007] IPVS: length: 24 != 3221225496
[  123.054597][ T7802] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  123.144262][ T1339] hsr_slave_0: left promiscuous mode
[  123.153722][   T54] Bluetooth: hci3: command tx timeout
[  123.171714][ T1339] hsr_slave_1: left promiscuous mode
[  123.186214][ T1339] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.197309][ T1339] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.892004][ T1339] team0 (unregistering): Port device team_slave_1 removed
[  123.946117][ T1339] team0 (unregistering): Port device team_slave_0 removed
[  123.957412][ T8040] sctp: [Deprecated]: syz.0.658 (pid 8040) Use of int in max_burst socket option.
[  123.957412][ T8040] Use struct sctp_assoc_value instead
[  123.977358][ T8040] netlink: 'syz.0.658': attribute type 10 has an invalid length.
[  124.106243][   T54] Bluetooth: hci4: command tx timeout
[  124.458628][ T7802] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  124.522380][ T8040] veth0_vlan: left promiscuous mode
[  124.534188][ T8040] veth0_vlan: entered promiscuous mode
[  124.542460][ T8040] team0: Device veth0_vlan failed to register rx_handler
[  124.560368][ T7802] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  124.620918][ T7802] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  124.788475][ T7802] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.823257][ T8045] __nla_validate_parse: 4 callbacks suppressed
[  124.823276][ T8045] netlink: 4 bytes leftover after parsing attributes in process `syz.0.660'.
[  124.871052][ T7802] 8021q: adding VLAN 0 to HW filter on device team0
[  124.911103][ T7513] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.918337][ T7513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.939228][ T1339] IPVS: stop unused estimator thread 0...
[  125.030468][ T7513] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.037902][ T7513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.097464][ T8052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.659'.
[  125.315436][ T7832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  125.349659][ T7832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  125.422630][ T7832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  125.461549][ T7832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  125.659312][ T8081] netlink: 1 bytes leftover after parsing attributes in process `syz.4.668'.
[  125.678714][ T8081] netlink: 1 bytes leftover after parsing attributes in process `syz.4.668'.
[  125.688933][ T8081] netlink: 56 bytes leftover after parsing attributes in process `syz.4.668'.
[  125.766246][ T7802] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.840606][ T8085] sctp: [Deprecated]: syz.1.670 (pid 8085) Use of int in max_burst socket option.
[  125.840606][ T8085] Use struct sctp_assoc_value instead
[  125.889160][ T7802] veth0_vlan: entered promiscuous mode
[  125.901815][ T7802] veth1_vlan: entered promiscuous mode
[  125.952247][ T7832] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.997002][ T7802] veth0_macvtap: entered promiscuous mode
[  126.020473][ T7832] 8021q: adding VLAN 0 to HW filter on device team0
[  126.044323][ T7802] veth1_macvtap: entered promiscuous mode
[  126.065032][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.072516][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.092889][ T8089] netlink: 44 bytes leftover after parsing attributes in process `syz.1.672'.
[  126.109029][ T8089] netlink: 43 bytes leftover after parsing attributes in process `syz.1.672'.
[  126.116276][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.118887][ T8089] netlink: 'syz.1.672': attribute type 6 has an invalid length.
[  126.125195][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.135760][ T8089] netlink: 'syz.1.672': attribute type 5 has an invalid length.
[  126.149965][ T8089] netlink: 43 bytes leftover after parsing attributes in process `syz.1.672'.
[  126.183394][ T7802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.212175][ T7802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.236272][ T7802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.252916][ T7802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.263378][ T7802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.274323][ T7802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.286563][ T7802] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.302875][ T8094] netlink: 'syz.1.674': attribute type 29 has an invalid length.
[  126.320069][ T7802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.337862][ T7802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.349367][ T7802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.360891][ T7802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.377171][ T7802] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.387682][ T8094] netlink: 'syz.1.674': attribute type 29 has an invalid length.
[  126.399681][ T8096] netlink: 'syz.0.675': attribute type 3 has an invalid length.
[  126.407724][ T8096] netlink: 'syz.0.675': attribute type 3 has an invalid length.
[  126.415401][ T8096] netlink: 20 bytes leftover after parsing attributes in process `syz.0.675'.
[  126.446825][ T7802] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.456420][ T7802] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.466222][ T7802] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.483629][ T8096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'.
[  126.493020][ T8096] netlink: 'syz.0.675': attribute type 7 has an invalid length.
[  126.503405][ T7802] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.512513][ T8096] netlink: 'syz.0.675': attribute type 8 has an invalid length.
[  126.535880][ T8098] IPv6: sit1: Disabled Multicast RS
[  126.541994][ T8098] sit1: entered allmulticast mode
[  126.661226][ T7832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  126.704690][ T7832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  126.994572][ T7513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.006990][ T7513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.128558][ T1339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.149736][ T1339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.270476][ T7832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.423412][ T7832] veth0_vlan: entered promiscuous mode
[  127.439449][ T7832] veth1_vlan: entered promiscuous mode
[  127.602112][ T7832] veth0_macvtap: entered promiscuous mode
[  127.662146][ T8131] team0: Port device batadv0 removed
[  127.679452][ T8135] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  127.693659][ T8131] bridge_slave_0: left allmulticast mode
[  127.702421][ T8131] bridge_slave_0: left promiscuous mode
[  127.710347][ T8131] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.735167][ T8131] bridge_slave_1: left allmulticast mode
[  127.741216][ T8131] bridge_slave_1: left promiscuous mode
[  127.747242][ T8131] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.763958][ T8131] bond0: (slave bond_slave_0): Releasing backup interface
[  127.773869][ T8131] bond0: (slave bond_slave_1): Releasing backup interface
[  127.793759][ T8131] team0: Port device team_slave_0 removed
[  127.804410][ T8131] team0: Port device team_slave_1 removed
[  127.811842][ T8131] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.820111][ T8131] batman_adv: batadv0: Removing interface: batadv_slave_0
[  127.829587][ T8131] batman_adv: batadv0: Removing interface: batadv_slave_1
[  127.852993][ T8132] team0: Mode changed to "loadbalance"
[  127.867322][    T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  127.907681][ T7832] veth1_macvtap: entered promiscuous mode
[  127.952817][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.988095][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.016252][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.043717][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.063726][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.085036][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.096988][ T7832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.121038][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.140716][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.151330][ T8144] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  128.158272][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.175006][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.182477][    T8] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  128.185430][ T7832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.219243][ T7832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.232194][ T7832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.258285][ T7832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.272396][ T7832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.281699][ T7832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.291442][ T7832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.483354][ T7980] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.611265][ T7513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.619684][ T7513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.683128][ T7513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.699335][ T7513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.781278][ T7980] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.860449][ T7980] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.957007][ T7980] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.033389][ T7980] bridge_slave_1: left allmulticast mode
[  129.039286][ T7980] bridge_slave_1: left promiscuous mode
[  129.045077][ T7980] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.054841][ T7980] bridge_slave_0: left allmulticast mode
[  129.061546][ T7980] bridge_slave_0: left promiscuous mode
[  129.069546][ T7980] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.699542][ T8182] sctp: [Deprecated]: syz.4.695 (pid 8182) Use of int in max_burst socket option.
[  129.699542][ T8182] Use struct sctp_assoc_value instead
[  129.705189][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  129.717597][ T8182] netlink: 'syz.4.695': attribute type 10 has an invalid length.
[  129.748363][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  129.754717][ T8183] sctp: [Deprecated]: syz.1.696 (pid 8183) Use of int in max_burst socket option.
[  129.754717][ T8183] Use struct sctp_assoc_value instead
[  129.793017][ T8183] netlink: 'syz.1.696': attribute type 10 has an invalid length.
[  129.795746][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  129.814856][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  129.823571][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  129.831651][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  130.079867][ T7980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  130.097311][ T5147] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  130.107463][ T5147] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  130.119683][ T5147] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  130.129704][ T7980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  130.139407][ T5147] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  130.153662][ T7980] bond0 (unregistering): Released all slaves
[  130.160952][ T5147] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  130.175858][ T5147] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  130.178150][ T8183] veth0_vlan: left promiscuous mode
[  130.191847][ T8183] veth0_vlan: entered promiscuous mode
[  130.238423][ T8183] team0: Device veth0_vlan failed to register rx_handler
[  130.707984][ T7980] hsr_slave_0: left promiscuous mode
[  130.714183][ T7980] hsr_slave_1: left promiscuous mode
[  130.728474][ T7980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.741061][ T7980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.762292][ T7980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.772695][ T7980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.835227][ T7980] veth1_macvtap: left promiscuous mode
[  130.841697][ T7980] veth0_macvtap: left promiscuous mode
[  130.855781][ T7980] veth1_vlan: left promiscuous mode
[  130.861806][ T7980] veth0_vlan: left promiscuous mode
[  131.587293][ T7980] team0 (unregistering): Port device team_slave_1 removed
[  131.652323][ T7980] team0 (unregistering): Port device team_slave_0 removed
[  131.945672][   T54] Bluetooth: hci3: command tx timeout
[  132.266134][   T54] Bluetooth: hci4: command tx timeout
[  132.353963][ T8206] __nla_validate_parse: 4 callbacks suppressed
[  132.353982][ T8206] netlink: 280 bytes leftover after parsing attributes in process `syz.0.702'.
[  132.578760][ T8223] FAULT_INJECTION: forcing a failure.
[  132.578760][ T8223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  132.593941][ T8223] CPU: 0 UID: 0 PID: 8223 Comm: syz.4.706 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  132.593965][ T8223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  132.593975][ T8223] Call Trace:
[  132.593981][ T8223]  <TASK>
[  132.593988][ T8223]  dump_stack_lvl+0x241/0x360
[  132.594014][ T8223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.594032][ T8223]  ? __pfx__printk+0x10/0x10
[  132.594054][ T8223]  ? snprintf+0xda/0x120
[  132.594079][ T8223]  should_fail_ex+0x40a/0x550
[  132.594107][ T8223]  _copy_to_user+0x31/0xb0
[  132.594130][ T8223]  simple_read_from_buffer+0xca/0x150
[  132.594155][ T8223]  proc_fail_nth_read+0x1e9/0x250
[  132.594178][ T8223]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  132.594202][ T8223]  ? rw_verify_area+0x243/0x630
[  132.594218][ T8223]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  132.594241][ T8223]  vfs_read+0x1f8/0xb40
[  132.594259][ T8223]  ? fdget_pos+0x254/0x320
[  132.594281][ T8223]  ? __pfx___mutex_lock+0x10/0x10
[  132.594301][ T8223]  ? __pfx_vfs_read+0x10/0x10
[  132.594321][ T8223]  ? __fget_files+0x2a/0x410
[  132.594342][ T8223]  ? __fget_files+0x395/0x410
[  132.594362][ T8223]  ? __fget_files+0x2a/0x410
[  132.594392][ T8223]  ksys_read+0x18f/0x2b0
[  132.594411][ T8223]  ? __pfx_ksys_read+0x10/0x10
[  132.594428][ T8223]  ? do_syscall_64+0x100/0x230
[  132.594451][ T8223]  ? do_syscall_64+0xb6/0x230
[  132.594471][ T8223]  do_syscall_64+0xf3/0x230
[  132.594490][ T8223]  ? clear_bhb_loop+0x35/0x90
[  132.594513][ T8223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.594534][ T8223] RIP: 0033:0x7ff9d8b8bb7c
[  132.594549][ T8223] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  132.594562][ T8223] RSP: 002b:00007ff9d69f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  132.594588][ T8223] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8bb7c
[  132.594600][ T8223] RDX: 000000000000000f RSI: 00007ff9d69f60a0 RDI: 0000000000000003
[  132.594610][ T8223] RBP: 00007ff9d69f6090 R08: 0000000000000000 R09: 0000000000000000
[  132.594620][ T8223] R10: 0000000000008800 R11: 0000000000000246 R12: 0000000000000002
[  132.594630][ T8223] R13: 0000000000000000 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[  132.594658][ T8223]  </TASK>
[  132.953867][ T8229] netlink: 8 bytes leftover after parsing attributes in process `syz.0.707'.
[  133.015010][ T8188] chnl_net:caif_netlink_parms(): no params data found
[  133.150510][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.159428][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  133.179458][ T8179] chnl_net:caif_netlink_parms(): no params data found
[  133.376832][ T8188] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.384175][ T8188] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.392075][ T8188] bridge_slave_0: entered allmulticast mode
[  133.399845][ T8188] bridge_slave_0: entered promiscuous mode
[  133.409665][ T8242] sctp: [Deprecated]: syz.0.709 (pid 8242) Use of int in max_burst socket option.
[  133.409665][ T8242] Use struct sctp_assoc_value instead
[  133.420027][ T8228] netlink: 'syz.4.708': attribute type 13 has an invalid length.
[  133.430076][ T8242] netlink: 'syz.0.709': attribute type 10 has an invalid length.
[  133.467663][ T8188] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.475033][ T8188] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.503039][ T8188] bridge_slave_1: entered allmulticast mode
[  133.530251][ T8188] bridge_slave_1: entered promiscuous mode
[  133.555464][ T8242] veth0_vlan: left promiscuous mode
[  133.562036][ T8242] veth0_vlan: entered promiscuous mode
[  133.570324][ T8242] team0: Device veth0_vlan failed to register rx_handler
[  133.639140][ T7980] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.690559][ T8188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  133.711947][ T8188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.722122][ T8179] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.730886][ T8179] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.738290][ T8179] bridge_slave_0: entered allmulticast mode
[  133.745466][ T8179] bridge_slave_0: entered promiscuous mode
[  133.786282][ T7980] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.846745][ T8179] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.854282][ T8179] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.863216][ T8179] bridge_slave_1: entered allmulticast mode
[  133.876980][ T8179] bridge_slave_1: entered promiscuous mode
[  133.911009][ T8188] team0: Port device team_slave_0 added
[  133.978498][ T7980] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.025772][   T54] Bluetooth: hci3: command tx timeout
[  134.084019][ T8188] team0: Port device team_slave_1 added
[  134.101126][ T8179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.146685][ T8179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.158661][ T8256] netlink: 'syz.1.714': attribute type 13 has an invalid length.
[  134.229417][ T7980] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.346316][   T54] Bluetooth: hci4: command tx timeout
[  134.353715][ T8188] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.385225][ T8188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.428202][ T8279] netlink: 12 bytes leftover after parsing attributes in process `syz.4.717'.
[  134.447106][ T8188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.521849][ T8179] team0: Port device team_slave_0 added
[  134.543413][ T8179] team0: Port device team_slave_1 added
[  134.573949][ T8188] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.595895][ T8188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.653353][ T8188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.740060][ T8179] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.753778][ T8179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.790131][ T8179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.807264][ T8179] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.814892][ T8179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.842636][ T8179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.886506][ T8298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.720'.
[  134.928154][ T8298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.720'.
[  134.988007][ T8302] netlink: 'syz.4.722': attribute type 10 has an invalid length.
[  135.027333][ T8300] macvlan1: entered promiscuous mode
[  135.037843][ T8302] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.048880][ T8300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.721'.
[  135.062347][ T8302] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  135.084876][ T8188] hsr_slave_0: entered promiscuous mode
[  135.091788][ T8302] netlink: 4 bytes leftover after parsing attributes in process `syz.4.722'.
[  135.111293][ T8188] hsr_slave_1: entered promiscuous mode
[  135.118557][ T8188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  135.131811][ T8188] Cannot create hsr debugfs directory
[  135.274942][ T8300] macvlan1 (unregistering): left promiscuous mode
[  135.292709][ T8302] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.302179][ T8302] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.324447][ T8302] bond0: (slave batadv0): Releasing backup interface
[  135.354510][ T7980] bridge_slave_1: left allmulticast mode
[  135.361091][ T7980] bridge_slave_1: left promiscuous mode
[  135.370138][ T7980] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.382327][ T7980] bridge_slave_0: left allmulticast mode
[  135.404179][ T7980] bridge_slave_0: left promiscuous mode
[  135.423123][ T7980] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.788076][ T8323] netlink: 16 bytes leftover after parsing attributes in process `syz.4.728'.
[  135.925953][ T7980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.938996][ T7980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.951494][ T7980] bond0 (unregistering): Released all slaves
[  136.016590][ T8179] hsr_slave_0: entered promiscuous mode
[  136.023206][ T8179] hsr_slave_1: entered promiscuous mode
[  136.032021][ T8179] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  136.044136][ T8179] Cannot create hsr debugfs directory
[  136.106903][   T54] Bluetooth: hci3: command tx timeout
[  136.206974][ T8333] openvswitch: netlink: Multiple metadata blocks provided
[  136.214536][ T8332] openvswitch: netlink: Multiple metadata blocks provided
[  136.302716][ T8338] Bluetooth: MGMT ver 1.23
[  136.425679][   T54] Bluetooth: hci4: command tx timeout
[  136.652124][ T7980] hsr_slave_0: left promiscuous mode
[  136.663524][ T7980] hsr_slave_1: left promiscuous mode
[  136.678862][ T7980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.687351][ T7980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.695470][ T7980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.703391][ T7980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.726003][ T7980] veth1_macvtap: left promiscuous mode
[  136.731721][ T7980] veth0_macvtap: left promiscuous mode
[  136.738659][ T7980] veth1_vlan: left promiscuous mode
[  136.744512][ T7980] veth0_vlan: left promiscuous mode
[  137.282324][ T7980] team0 (unregistering): Port device team_slave_1 removed
[  137.336788][ T7980] team0 (unregistering): Port device team_slave_0 removed
[  137.868725][ T8348] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  138.120281][ T8358] netlink: 24 bytes leftover after parsing attributes in process `syz.4.739'.
[  138.183963][ T8358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.739'.
[  138.186017][   T54] Bluetooth: hci3: command tx timeout
[  138.505698][   T54] Bluetooth: hci4: command tx timeout
[  138.521130][ T8368] netlink: 16 bytes leftover after parsing attributes in process `syz.1.743'.
[  138.621135][ T8370] sctp: [Deprecated]: syz.0.742 (pid 8370) Use of int in max_burst socket option.
[  138.621135][ T8370] Use struct sctp_assoc_value instead
[  138.642241][ T8370] netlink: 'syz.0.742': attribute type 10 has an invalid length.
[  138.773669][ T8373] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  138.989520][ T8188] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  139.027013][ T8188] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  139.070254][ T8188] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  139.092812][ T8188] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  139.185217][ T8179] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  139.207350][ T8179] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  139.246258][ T8179] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  139.262411][ T8179] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  139.371012][ T8188] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.445800][ T8188] 8021q: adding VLAN 0 to HW filter on device team0
[  139.505131][ T7980] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.512899][ T7980] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.575539][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.582949][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.652476][ T8179] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.724116][ T8393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.750'.
[  139.739986][ T8179] 8021q: adding VLAN 0 to HW filter on device team0
[  139.809289][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.817275][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.933911][ T7979] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.941475][ T7979] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.957346][ T8401] netlink: 4 bytes leftover after parsing attributes in process `syz.4.753'.
[  139.968966][ T8401] netlink: 39 bytes leftover after parsing attributes in process `syz.4.753'.
[  140.061836][ T8401] netlink: 16 bytes leftover after parsing attributes in process `syz.4.753'.
[  140.081991][ T8401] gretap0: entered promiscuous mode
[  140.092333][ T8401] gretap0: left promiscuous mode
[  140.156339][ T8408] FAULT_INJECTION: forcing a failure.
[  140.156339][ T8408] name failslab, interval 1, probability 0, space 0, times 0
[  140.159173][ T8188] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.169591][ T8408] CPU: 0 UID: 0 PID: 8408 Comm: syz.0.755 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  140.169614][ T8408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  140.169624][ T8408] Call Trace:
[  140.169630][ T8408]  <TASK>
[  140.169638][ T8408]  dump_stack_lvl+0x241/0x360
[  140.169665][ T8408]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.169682][ T8408]  ? __pfx__printk+0x10/0x10
[  140.169710][ T8408]  should_fail_ex+0x40a/0x550
[  140.169737][ T8408]  should_failslab+0xac/0x100
[  140.169758][ T8408]  ? skb_clone+0x20c/0x390
[  140.169774][ T8408]  kmem_cache_alloc_noprof+0x70/0x380
[  140.169800][ T8408]  skb_clone+0x20c/0x390
[  140.169815][ T8408]  ? dev_queue_xmit_nit+0x3fe/0xca0
[  140.169872][ T8408]  dev_queue_xmit_nit+0x249/0xca0
[  140.169896][ T8408]  ? dev_queue_xmit_nit+0x2b/0xca0
[  140.169919][ T8408]  ? validate_xmit_skb+0x9b8/0xff0
[  140.169941][ T8408]  dev_hard_start_xmit+0x15f/0x7d0
[  140.169960][ T8408]  ? __pfx_validate_xmit_skb+0x10/0x10
[  140.169985][ T8408]  __dev_queue_xmit+0x1b73/0x3f40
[  140.170002][ T8408]  ? kasan_save_track+0x51/0x80
[  140.170022][ T8408]  ? ____sys_sendmsg+0x53a/0x860
[  140.170044][ T8408]  ? __dev_queue_xmit+0x2f4/0x3f40
[  140.170066][ T8408]  ? __pfx___dev_queue_xmit+0x10/0x10
[  140.170098][ T8408]  ? __copy_skb_header+0xa7/0x5a0
[  140.170116][ T8408]  ? __asan_memcpy+0x40/0x70
[  140.170149][ T8408]  ? skb_clone+0x240/0x390
[  140.170170][ T8408]  __netlink_deliver_tap+0x561/0x7f0
[  140.170201][ T8408]  ? netlink_deliver_tap+0x2e/0x1b0
[  140.170220][ T8408]  netlink_deliver_tap+0x19d/0x1b0
[  140.170241][ T8408]  netlink_unicast+0x7c4/0x990
[  140.170268][ T8408]  ? __pfx_netlink_unicast+0x10/0x10
[  140.170284][ T8408]  ? __virt_addr_valid+0x45f/0x530
[  140.170300][ T8408]  ? __phys_addr_symbol+0x2f/0x70
[  140.170314][ T8408]  ? __check_object_size+0x47a/0x730
[  140.170339][ T8408]  netlink_sendmsg+0x8de/0xcb0
[  140.170370][ T8408]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.170394][ T8408]  ? aa_sock_msg_perm+0x91/0x160
[  140.170422][ T8408]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.170440][ T8408]  __sock_sendmsg+0x221/0x270
[  140.170463][ T8408]  ____sys_sendmsg+0x53a/0x860
[  140.170488][ T8408]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.170502][ T8408]  ? __fget_files+0x2a/0x410
[  140.170525][ T8408]  ? __fget_files+0x2a/0x410
[  140.170553][ T8408]  __sys_sendmsg+0x269/0x350
[  140.170575][ T8408]  ? __pfx___sys_sendmsg+0x10/0x10
[  140.170604][ T8408]  ? do_sys_openat2+0x17a/0x1d0
[  140.170650][ T8408]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  140.170673][ T8408]  ? do_syscall_64+0x100/0x230
[  140.170694][ T8408]  ? do_syscall_64+0xb6/0x230
[  140.170715][ T8408]  do_syscall_64+0xf3/0x230
[  140.170733][ T8408]  ? clear_bhb_loop+0x35/0x90
[  140.170756][ T8408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.170775][ T8408] RIP: 0033:0x7f5014d8d169
[  140.170790][ T8408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.170803][ T8408] RSP: 002b:00007f5015be4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.170821][ T8408] RAX: ffffffffffffffda RBX: 00007f5014fa5fa0 RCX: 00007f5014d8d169
[  140.170838][ T8408] RDX: 0000000004000044 RSI: 0000400000000440 RDI: 0000000000000003
[  140.170848][ T8408] RBP: 00007f5015be4090 R08: 0000000000000000 R09: 0000000000000000
[  140.170858][ T8408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.170868][ T8408] R13: 0000000000000000 R14: 00007f5014fa5fa0 R15: 00007fffdab2ea48
[  140.170895][ T8408]  </TASK>
[  140.528735][ T8408] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  140.700626][ T8188] veth0_vlan: entered promiscuous mode
[  140.735168][ T8188] veth1_vlan: entered promiscuous mode
[  140.794222][ T8415] netlink: 12 bytes leftover after parsing attributes in process `syz.4.757'.
[  140.804964][ T8417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.756'.
[  140.810160][ T8415] netlink: 'syz.4.757': attribute type 1 has an invalid length.
[  140.841688][ T8188] veth0_macvtap: entered promiscuous mode
[  140.889172][ T8188] veth1_macvtap: entered promiscuous mode
[  140.934762][ T8188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  140.990058][ T8188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.012347][ T8188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.030850][ T8188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.042973][ T8188] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.132232][ T8433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.761'.
[  141.143289][ T8188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.155579][ T8188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.166463][ T8188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.177744][ T8188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.193183][ T8188] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.232670][ T8428] vlan3: entered allmulticast mode
[  141.258563][ T8188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.268628][ T8188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.279875][ T8188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.289564][ T8188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.326532][ T8179] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.461291][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.508689][ T7513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.517318][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.539152][ T7513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.558425][ T8179] veth0_vlan: entered promiscuous mode
[  141.597695][ T8179] veth1_vlan: entered promiscuous mode
[  141.697555][ T8179] veth0_macvtap: entered promiscuous mode
[  141.736409][ T8179] veth1_macvtap: entered promiscuous mode
[  141.768457][ T8448] FAULT_INJECTION: forcing a failure.
[  141.768457][ T8448] name failslab, interval 1, probability 0, space 0, times 0
[  141.810914][ T8448] CPU: 1 UID: 0 PID: 8448 Comm: syz.4.766 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  141.810933][ T8448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.810939][ T8448] Call Trace:
[  141.810942][ T8448]  <TASK>
[  141.810948][ T8448]  dump_stack_lvl+0x241/0x360
[  141.810966][ T8448]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.810977][ T8448]  ? __pfx__printk+0x10/0x10
[  141.810993][ T8448]  should_fail_ex+0x40a/0x550
[  141.811010][ T8448]  should_failslab+0xac/0x100
[  141.811024][ T8448]  __kmalloc_cache_noprof+0x70/0x390
[  141.811037][ T8448]  ? __hw_addr_add_ex+0x1fb/0x760
[  141.811050][ T8448]  __hw_addr_add_ex+0x1fb/0x760
[  141.811064][ T8448]  dev_addr_init+0x157/0x240
[  141.811076][ T8448]  ? __pfx_dev_addr_init+0x10/0x10
[  141.811091][ T8448]  alloc_netdev_mqs+0x307/0x1210
[  141.811102][ T8448]  ? __pfx_bond_setup+0x10/0x10
[  141.811116][ T8448]  rtnl_create_link+0x2f9/0xc90
[  141.811132][ T8448]  rtnl_newlink_create+0x2e1/0xbd0
[  141.811150][ T8448]  ? __pfx_aa_get_newest_label+0x10/0x10
[  141.811168][ T8448]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  141.811184][ T8448]  ? __pfx___mutex_lock+0x10/0x10
[  141.811201][ T8448]  ? ns_capable+0x8a/0xf0
[  141.811215][ T8448]  rtnl_newlink+0x167a/0x1d90
[  141.811230][ T8448]  ? __lock_acquire+0x1397/0x2100
[  141.811252][ T8448]  ? __pfx_rtnl_newlink+0x10/0x10
[  141.811268][ T8448]  ? __pfx_validate_chain+0x10/0x10
[  141.811301][ T8448]  ? validate_chain+0x11e/0x5920
[  141.811317][ T8448]  ? __pfx_lock_acquire+0x10/0x10
[  141.811341][ T8448]  ? __pfx_lock_release+0x10/0x10
[  141.811365][ T8448]  ? __pfx_validate_chain+0x10/0x10
[  141.811383][ T8448]  ? mark_lock+0x9a/0x360
[  141.811397][ T8448]  ? __lock_acquire+0x1397/0x2100
[  141.811430][ T8448]  ? __pfx_lock_release+0x10/0x10
[  141.811452][ T8448]  ? __pfx_rtnl_newlink+0x10/0x10
[  141.811466][ T8448]  rtnetlink_rcv_msg+0x791/0xcf0
[  141.811479][ T8448]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[  141.811493][ T8448]  ? __lock_acquire+0x1397/0x2100
[  141.811508][ T8448]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  141.811530][ T8448]  netlink_rcv_skb+0x206/0x480
[  141.811544][ T8448]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  141.811558][ T8448]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.811583][ T8448]  ? netlink_deliver_tap+0x2e/0x1b0
[  141.811598][ T8448]  netlink_unicast+0x7f6/0x990
[  141.811614][ T8448]  ? __pfx_netlink_unicast+0x10/0x10
[  141.811624][ T8448]  ? __virt_addr_valid+0x45f/0x530
[  141.811634][ T8448]  ? __phys_addr_symbol+0x2f/0x70
[  141.811642][ T8448]  ? __check_object_size+0x47a/0x730
[  141.811665][ T8448]  netlink_sendmsg+0x8de/0xcb0
[  141.811685][ T8448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.811701][ T8448]  ? aa_sock_msg_perm+0x91/0x160
[  141.811718][ T8448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.811731][ T8448]  __sock_sendmsg+0x221/0x270
[  141.811746][ T8448]  ____sys_sendmsg+0x53a/0x860
[  141.811760][ T8448]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.811769][ T8448]  ? __fget_files+0x2a/0x410
[  141.811785][ T8448]  ? __fget_files+0x2a/0x410
[  141.811803][ T8448]  __sys_sendmsg+0x269/0x350
[  141.811816][ T8448]  ? __pfx___sys_sendmsg+0x10/0x10
[  141.811833][ T8448]  ? do_sys_openat2+0x17a/0x1d0
[  141.811862][ T8448]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  141.811877][ T8448]  ? do_syscall_64+0x100/0x230
[  141.811890][ T8448]  ? do_syscall_64+0xb6/0x230
[  141.811903][ T8448]  do_syscall_64+0xf3/0x230
[  141.811914][ T8448]  ? clear_bhb_loop+0x35/0x90
[  141.811930][ T8448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.811943][ T8448] RIP: 0033:0x7ff9d8b8d169
[  141.811953][ T8448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.811961][ T8448] RSP: 002b:00007ff9d69f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.811973][ T8448] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8d169
[  141.811979][ T8448] RDX: 0000000004000044 RSI: 0000400000000440 RDI: 0000000000000003
[  141.811986][ T8448] RBP: 00007ff9d69f6090 R08: 0000000000000000 R09: 0000000000000000
[  141.811991][ T8448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.811997][ T8448] R13: 0000000000000000 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[  141.812012][ T8448]  </TASK>
[  142.375085][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.394220][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.425009][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.476143][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.486220][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.497391][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.509816][ T8179] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.520012][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.530860][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.541150][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.551785][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.562068][ T8179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.572952][ T8179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.584698][ T8179] batman_adv: batadv0: Interface activated: batadv_slave_1
[  142.610995][ T8453] netlink: 'syz.4.768': attribute type 15 has an invalid length.
[  142.624376][ T8179] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.633846][ T8179] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.642858][ T8179] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.651953][ T8179] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.740931][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.758832][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.821325][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.830175][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.579870][ T7511] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.099829][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  144.111049][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  144.125317][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  144.136313][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  144.148753][ T7511] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.157032][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  144.169386][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  144.224538][ T7511] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.320461][ T7511] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.339078][ T8474] chnl_net:caif_netlink_parms(): no params data found
[  144.452145][ T8474] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.459525][ T8474] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.467939][ T8474] bridge_slave_0: entered allmulticast mode
[  144.475065][ T8474] bridge_slave_0: entered promiscuous mode
[  144.488298][ T8474] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.495718][ T8474] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.503021][ T8474] bridge_slave_1: entered allmulticast mode
[  144.510759][ T8474] bridge_slave_1: entered promiscuous mode
[  144.627026][ T7511] bridge_slave_1: left allmulticast mode
[  144.635782][ T7511] bridge_slave_1: left promiscuous mode
[  144.646267][ T7511] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.674542][ T8490] xt_hashlimit: size too large, truncated to 1048576
[  144.707665][ T7511] bridge_slave_0: left allmulticast mode
[  144.727073][ T7511] bridge_slave_0: left promiscuous mode
[  144.733595][ T7511] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.060579][   T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  145.080829][   T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  145.092796][   T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  145.111277][   T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  145.126141][   T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  145.135478][   T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  145.392933][ T7511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  145.406456][ T7511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  145.420099][ T7511] bond0 (unregistering): Released all slaves
[  145.432206][ T8474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.460664][ T8474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.682160][ T8510] __nla_validate_parse: 1 callbacks suppressed
[  145.682179][ T8510] netlink: 12 bytes leftover after parsing attributes in process `syz.0.782'.
[  145.700955][ T8474] team0: Port device team_slave_0 added
[  145.899555][ T8474] team0: Port device team_slave_1 added
[  146.048612][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.057788][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.085041][ T8474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.089247][ T8522] No such timeout policy "syz0"
[  146.099830][ T8474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.108629][ T8474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.138058][ T8474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.155760][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.784'.
[  146.265813][ T5147] Bluetooth: hci3: command tx timeout
[  146.301078][ T8532] netlink: 12 bytes leftover after parsing attributes in process `syz.1.789'.
[  146.349395][ T7511] hsr_slave_0: left promiscuous mode
[  146.360757][ T7511] hsr_slave_1: left promiscuous mode
[  146.367801][ T7511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.375335][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.392789][ T7511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.400805][ T7511] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.429404][ T7511] veth1_macvtap: left promiscuous mode
[  146.435006][ T7511] veth0_macvtap: left promiscuous mode
[  146.440925][ T7511] veth1_vlan: left promiscuous mode
[  146.446521][ T7511] veth0_vlan: left promiscuous mode
[  146.996785][ T7511] team0 (unregistering): Port device team_slave_1 removed
[  147.047533][ T7511] team0 (unregistering): Port device team_slave_0 removed
[  147.233059][ T5147] Bluetooth: hci4: command tx timeout
[  147.715890][ T8474] hsr_slave_0: entered promiscuous mode
[  147.729699][ T8474] hsr_slave_1: entered promiscuous mode
[  147.736675][ T8474] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  147.750359][ T8474] Cannot create hsr debugfs directory
[  147.875998][ T8552] netlink: 'syz.1.796': attribute type 1 has an invalid length.
[  147.887626][ T8552] netlink: 224 bytes leftover after parsing attributes in process `syz.1.796'.
[  147.898192][ T8500] chnl_net:caif_netlink_parms(): no params data found
[  148.015448][ T8552] bridge0: entered promiscuous mode
[  148.036768][ T8552] macvlan2: entered promiscuous mode
[  148.046865][ T8552] bridge0: port 3(macvlan2) entered blocking state
[  148.053976][ T8552] bridge0: port 3(macvlan2) entered disabled state
[  148.061395][ T8552] macvlan2: entered allmulticast mode
[  148.067391][ T8552] bridge0: entered allmulticast mode
[  148.075117][ T8552] macvlan2: left allmulticast mode
[  148.081039][ T8552] bridge0: left allmulticast mode
[  148.088666][ T8552] bridge0: left promiscuous mode
[  148.264006][ T8559] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  148.306862][ T8559] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  148.319566][ T8559] batadv_slave_0: entered promiscuous mode
[  148.330224][ T8561] netlink: 16 bytes leftover after parsing attributes in process `syz.4.798'.
[  148.346009][ T5147] Bluetooth: hci3: command tx timeout
[  148.361906][ T8561] netlink: 40 bytes leftover after parsing attributes in process `syz.4.798'.
[  148.386215][ T8561] gretap1: entered promiscuous mode
[  148.391528][ T8561] gretap1: entered allmulticast mode
[  148.405736][ T8500] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.412947][ T8500] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.420886][ T8500] bridge_slave_0: entered allmulticast mode
[  148.428109][ T8500] bridge_slave_0: entered promiscuous mode
[  148.533501][ T7511] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.595353][ T8500] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.615951][ T8500] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.624452][ T5929] IPVS: starting estimator thread 0...
[  148.639065][ T8500] bridge_slave_1: entered allmulticast mode
[  148.654122][ T8500] bridge_slave_1: entered promiscuous mode
[  148.723034][ T8567] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  148.736781][ T8573] IPVS: using max 27 ests per chain, 64800 per kthread
[  148.777809][ T7511] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.932340][ T7511] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.957889][ T8500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.053107][ T7511] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.080911][ T8500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.305732][ T5147] Bluetooth: hci4: command tx timeout
[  150.431052][ T5147] Bluetooth: hci3: command tx timeout
[  151.390169][ T5147] Bluetooth: hci4: command tx timeout
[  151.533784][ T8500] team0: Port device team_slave_0 added
[  151.569674][ T8500] team0: Port device team_slave_1 added
[  151.667357][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.685685][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.744924][ T8500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.837686][ T8500] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.844858][ T8500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.872566][ T8500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.915410][ T8474] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  151.947839][ T8626] geneve0: entered promiscuous mode
[  151.953115][ T8626] geneve0: entered allmulticast mode
[  152.027118][ T8474] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  152.043829][ T8630] netlink: 'syz.0.825': attribute type 21 has an invalid length.
[  152.046991][ T7511] bridge_slave_1: left allmulticast mode
[  152.058524][ T8630] netlink: 'syz.0.825': attribute type 4 has an invalid length.
[  152.064021][ T7511] bridge_slave_1: left promiscuous mode
[  152.070617][ T8630] netlink: 152 bytes leftover after parsing attributes in process `syz.0.825'.
[  152.075620][ T7511] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.094662][ T7511] bridge_slave_0: left allmulticast mode
[  152.100862][ T7511] bridge_slave_0: left promiscuous mode
[  152.107605][ T7511] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.505775][ T5147] Bluetooth: hci3: command tx timeout
[  152.549744][ T7511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.564117][ T7511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.574314][ T7511] bond0 (unregistering): Released all slaves
[  152.591708][ T8500] hsr_slave_0: entered promiscuous mode
[  152.614340][ T8500] hsr_slave_1: entered promiscuous mode
[  152.647228][ T8500] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  152.655284][ T8500] Cannot create hsr debugfs directory
[  152.672815][ T8474] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  152.710714][ T8632] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000197: 0000 [#1] PREEMPT SMP KASAN PTI
[  152.723949][ T8632] KASAN: null-ptr-deref in range [0x0000000000000cb8-0x0000000000000cbf]
[  152.733526][ T8632] CPU: 0 UID: 0 PID: 8632 Comm: syz.4.826 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0
[  152.745334][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  152.755515][ T8632] RIP: 0010:ethnl_default_dumpit+0x447/0xd40
[  152.761625][ T8632] Code: 49 8b 1f 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca e6 17 f8 4c 8b 3b 49 8d 9f bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 4b 07 00 00 0f b6 1b 31 ff 89 de e8 f0
[  152.781707][ T8632] RSP: 0018:ffffc9000239f0d8 EFLAGS: 00010203
[  152.787781][ T8632] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000000000
[  152.795775][ T8632] RDX: dffffc0000000000 RSI: ffffffff8c2ab2a0 RDI: 0000000000000001
[  152.803860][ T8632] RBP: ffff88803297fe40 R08: ffffffff9455284f R09: 1ffffffff28aa509
[  152.811862][ T8632] R10: dffffc0000000000 R11: fffffbfff28aa50a R12: ffff8880796a2600
[  152.820293][ T8632] R13: ffff888059407280 R14: dffffc0000000000 R15: 0000000000000000
[  152.828282][ T8632] FS:  00007ff9d69f66c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  152.837212][ T8632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  152.843885][ T8632] CR2: 00007f7caddb3f98 CR3: 000000007e232000 CR4: 00000000003526f0
[  152.851868][ T8632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  152.860206][ T8632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  152.868172][ T8632] Call Trace:
[  152.871451][ T8632]  <TASK>
[  152.874459][ T8632]  ? __die_body+0x5f/0xb0
[  152.878942][ T8632]  ? die_addr+0xb0/0xe0
[  152.883167][ T8632]  ? exc_general_protection+0x3dd/0x5d0
[  152.889109][ T8632]  ? asm_exc_general_protection+0x26/0x30
[  152.895209][ T8632]  ? ethnl_default_dumpit+0x447/0xd40
[  152.900683][ T8632]  ? ethnl_default_dumpit+0x402/0xd40
[  152.906056][ T8632]  ? ethnl_default_dumpit+0x78/0xd40
[  152.911882][ T8632]  genl_dumpit+0x10d/0x1b0
[  152.916395][ T8632]  netlink_dump+0x64d/0xe10
[  152.920899][ T8632]  ? __pfx_netlink_dump+0x10/0x10
[  152.925949][ T8632]  ? genl_start+0x59d/0x6d0
[  152.930532][ T8632]  __netlink_dump_start+0x5a2/0x790
[  152.935824][ T8632]  genl_rcv_msg+0x894/0xec0
[  152.940416][ T8632]  ? __pfx_genl_rcv_msg+0x10/0x10
[  152.945441][ T8632]  ? __pfx_genl_start+0x10/0x10
[  152.950452][ T8632]  ? __pfx_genl_dumpit+0x10/0x10
[  152.955519][ T8632]  ? __pfx_genl_done+0x10/0x10
[  152.960489][ T8632]  ? __pfx_lock_acquire+0x10/0x10
[  152.965634][ T8632]  ? __pfx_ethnl_default_start+0x10/0x10
[  152.971478][ T8632]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  152.977201][ T8632]  ? __pfx_ethnl_default_done+0x10/0x10
[  152.982745][ T8632]  ? __pfx___might_resched+0x10/0x10
[  152.988028][ T8632]  netlink_rcv_skb+0x206/0x480
[  152.992871][ T8632]  ? __pfx_genl_rcv_msg+0x10/0x10
[  152.998060][ T8632]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  153.003456][ T8632]  genl_rcv+0x28/0x40
[  153.007454][ T8632]  netlink_unicast+0x7f6/0x990
[  153.012414][ T8632]  ? __pfx_netlink_unicast+0x10/0x10
[  153.017715][ T8632]  ? __virt_addr_valid+0x45f/0x530
[  153.022850][ T8632]  ? __phys_addr_symbol+0x2f/0x70
[  153.027989][ T8632]  ? __check_object_size+0x47a/0x730
[  153.033300][ T8632]  netlink_sendmsg+0x8de/0xcb0
[  153.038347][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.043843][ T8632]  ? aa_sock_msg_perm+0x91/0x160
[  153.049170][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.054753][ T8632]  __sock_sendmsg+0x221/0x270
[  153.059464][ T8632]  ____sys_sendmsg+0x53a/0x860
[  153.064509][ T8632]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.069793][ T8632]  ? __fget_files+0x2a/0x410
[  153.074466][ T8632]  ? __fget_files+0x2a/0x410
[  153.079050][ T8632]  __sys_sendmsg+0x269/0x350
[  153.083630][ T8632]  ? __pfx___sys_sendmsg+0x10/0x10
[  153.088748][ T8632]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  153.095066][ T8632]  ? do_syscall_64+0x100/0x230
[  153.099830][ T8632]  ? do_syscall_64+0xb6/0x230
[  153.105017][ T8632]  do_syscall_64+0xf3/0x230
[  153.109511][ T8632]  ? clear_bhb_loop+0x35/0x90
[  153.114181][ T8632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.120152][ T8632] RIP: 0033:0x7ff9d8b8d169
[  153.124650][ T8632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.144558][ T8632] RSP: 002b:00007ff9d69f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.153696][ T8632] RAX: ffffffffffffffda RBX: 00007ff9d8da5fa0 RCX: 00007ff9d8b8d169
[  153.162112][ T8632] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  153.170313][ T8632] RBP: 00007ff9d8c0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  153.178562][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.186828][ T8632] R13: 0000000000000000 R14: 00007ff9d8da5fa0 R15: 00007ffec71ca0d8
[  153.194804][ T8632]  </TASK>
[  153.197899][ T8632] Modules linked in:
[  153.203513][ T8632] ---[ end trace 0000000000000000 ]---
[  153.218462][ T8632] RIP: 0010:ethnl_default_dumpit+0x447/0xd40
[  153.241074][ T8632] Code: 49 8b 1f 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca e6 17 f8 4c 8b 3b 49 8d 9f bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 4b 07 00 00 0f b6 1b 31 ff 89 de e8 f0
[  153.262365][ T8632] RSP: 0018:ffffc9000239f0d8 EFLAGS: 00010203
[  153.268619][ T8632] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000000000
[  153.278015][ T8632] RDX: dffffc0000000000 RSI: ffffffff8c2ab2a0 RDI: 0000000000000001
[  153.286199][ T8632] RBP: ffff88803297fe40 R08: ffffffff9455284f R09: 1ffffffff28aa509
[  153.294186][ T8632] R10: dffffc0000000000 R11: fffffbfff28aa50a R12: ffff8880796a2600
[  153.302300][ T8632] R13: ffff888059407280 R14: dffffc0000000000 R15: 0000000000000000
[  153.311759][ T8632] FS:  00007ff9d69f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  153.321572][ T8632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  153.328276][ T8632] CR2: 000055f194984088 CR3: 000000007e232000 CR4: 00000000003526f0
[  153.336851][ T8632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  153.345146][ T8632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  153.353203][ T8632] Kernel panic - not syncing: Fatal exception
[  153.364827][ T8632] Kernel Offset: disabled
[  153.369160][ T8632] Rebooting in 86400 seconds..