last executing test programs:

1m2.461920369s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

52.776023854s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

42.926939921s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

32.162359071s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

18.056021033s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

5.597909814s ago: executing program 4 (id=1909):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x11, 0x4, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x8, &(0x7f00000038c0)=ANY=[@ANYRES64=r0], &(0x7f0000000380)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0xfffffffd}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000af0000000000a05000000000000000000010000000900010073797a300000000008000240000000010800024000000003be0006005648bcb8ebc7a3d42038ac21985a123194dbea5b35836131c21d6b227606443adbf8c01221b6101d79f4f7aaaf7148ab772b37a009711236a8ecf2c06d49f8747b1d2f22623af87258867738fcb2d84dcb18656c568a48c1d4d399573492b960148d1b26f73bc16ad2c298ef66713c01ea6089d3371b602e7c38a93fc2f782ab8b81002f5a9a8bd68d20a0dcbb66e372dffb49cb95b3dddedabd4044c9e09bdca1e88d2f810ac9ef07c0d5177e3467c9a1de01fc5e988deb062100002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a3100000000140000001100010000000000000000000000000a"], 0x144}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x800}, 0x20)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYRES64=r2, @ANYBLOB="05ac57e69164103fa858d8d4e420601eea27d159b0c7bb525c767db824b695154d0eaf69afc96f7fa03062ad63ccb114f7d33083b657725eade358f472549925755330706ad56b36e4f49d09f7f8e1472bc3b80d89c0241472cec885bef1c46adb9e4ac8c1b453eb8daa5eb9050e6203d2e4fb5cbff4cacc8f4196504e4b46e5830f567a87ff4f6d83567adc0be52e02949fd4cfb385957f17e1723d39685292c3928c291a5632c58832dd72304f4a7196d94067276fb533a331d18534376f8e4dd4103077f4eef93fc2f479227332b1cb75e0360baf3edaea51bcc071c10bf1a674388fabb789b4a1075b2071cfcca258acfc"], &(0x7f00000003c0)=""/240, 0x56, 0xf0, 0x1, 0x80, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1b00000000000000000000005fffffff00000000", @ANYRES32=r2, @ANYBLOB="f9ffffff00"/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="000000000400000000000000000000000000000000000000000000006c516dad327c82692876d6f7a8e6a62c6bdeb4dff84b8d2a85fb6c69cadaffe91ec90fbef0c27071d5704f2a072af4fdaaa7d456f4a646c0f84c19e614081d375c464962b0f85c474e361bbf8943749ee00f95035f9ce1cf1d"], 0x50)
socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(cast6)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$inet6(0xa, 0x2, 0xfc)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000240)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r7, &(0x7f0000004980)=[{{&(0x7f0000000280)=@caif=@dgm, 0x80, &(0x7f00000001c0)=[{&(0x7f00000009c0)=""/163, 0xa3}], 0x1, &(0x7f00000004c0)=""/93, 0x5d}, 0x5}, {{&(0x7f0000000700)=@phonet, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000a80)=""/158, 0x9e}, {&(0x7f0000000b40)=""/125, 0x7d}, {&(0x7f0000000bc0)=""/205, 0xcd}, {&(0x7f0000000cc0)=""/136, 0x88}], 0x4, &(0x7f0000000dc0)=""/4096, 0x1000}, 0xfffffff6}, {{&(0x7f0000001dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000001e40)}, {&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000002e80)=""/66, 0x42}, {&(0x7f0000002f00)=""/169, 0xa9}], 0x4, &(0x7f0000003000)=""/138, 0x8a}, 0x80000000}, {{&(0x7f00000030c0)=@qipcrtr, 0x80, &(0x7f0000001e40), 0x0, &(0x7f0000003380)=""/169, 0xa9}, 0x2}, {{0x0, 0x0, &(0x7f0000004900)=[{&(0x7f0000003440)=""/25, 0x19}, {&(0x7f0000001e40)}, {&(0x7f0000003900)=""/4096, 0x1000}, {&(0x7f00000034c0)=""/160, 0xa0}, {&(0x7f0000003580)=""/175, 0xaf}, {&(0x7f0000003640)=""/136, 0x88}, {&(0x7f0000003700)=""/188, 0xbc}, {&(0x7f00000037c0)=""/230, 0xe6}], 0x8}, 0x9}], 0x5, 0x22, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0)
accept4$ax25(r0, &(0x7f00000000c0)={{0x3, @rose}, [@rose, @default, @bcast, @rose, @remote, @null, @bcast, @netrom]}, &(0x7f0000000200)=0x48, 0x80800)
setsockopt$inet6_int(r6, 0x29, 0x16, &(0x7f0000000040), 0xfffffceb)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
unshare(0x62040200)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_LBT_MODE(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=ANY=[], 0x14}}, 0x0)

4.6430527s ago: executing program 4 (id=1919):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)={@val={0x0, 0xf9}, @void, @eth={@empty, @random="1f00", @val, {@mpls_mc={0x8848, {[], @llc={@llc={0x0, 0xfe, '\x00'}}}}}}}, 0x1d)

4.547001496s ago: executing program 2 (id=1095):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [0x4000], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

3.396022154s ago: executing program 4 (id=1925):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r0, 0xfffffffffffffffc, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b0400000000000000000200000009194fe97878bd16ba7b1400020073797a32000000000900010073797a30000000003800048034000180090001007866726d00000000240002800800044000000006080001400000000105000300000000000800024000000006140000001100010000000000000000000000000a"], 0x8c}, 0x1, 0x0, 0x0, 0x1}, 0x24048810)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0x3fe3aa0262d8c583, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x5, 0xa9, 0x0, 0x8, 0x4, 0x6}}}}]}, 0x4c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000018c0)=ANY=[@ANYBLOB="b702000000000004bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af5a942115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f01000000010000006e7dac1aba4b20dc7d0200000000000000df1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56e9cc48da2054476846591418451f3a6f907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b98d2de10c21d3ea02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d000000200008000000000000001abc11c800000000000000000000000928ee53595a779d243a48cea769470424d20a04c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642ba1694a0949b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91afeea8df50bebb2f589e19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de920000000000100000000000004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e91311ab96b81eea91cc6e3e4c37ee01c85009c68c54de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d505109000000000000008f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c82c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e495f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e4a48dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c4698aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde05c10809c9edfa6d77c652fd742e6dad13d2a397bebe3ea8bc087d3720e2202f36c7719ae34f042e19dc08a3323a3d94098a7ec171469352bab1662c3e4d4803c565cfcce32dad628fade43a4844abb230ce608726fd87e93c40378b9811ad67440e68049304df5a7b86bfd7e3341f3e0b5f75b2a210c53adcca7de960a37b9e0b9b74e0d06d61b35ea65e6b4c810cc3735d4306552d7be0e2019e84688968d4c716f2b17f4ff0c9e5ee89d5e14ec149aae353e228612f5719dd6dae8a287064c93233a85ca5492798b54aae7d633f140aded112ce88a1aff7109aa5a9d2a447346a066c416933ab2a3c50b71946be9091ae1cdf30d46845ebe711458b8da6617579738ed8082a071c1d3cad599a3011f3bf456cd55a2d28ef3b196f235866aa8e44f3624fe4798468b5c1e3c8a10f2c93c003b0d6bf609f01e9140bdc537382839a034efa759309c643040cc857fe209b38b642a36ac6e4c328bb90ad54e1096656e002e4bc1e7f079e1af16a7279847813229a2a794469a719b7e96162b830b5c9d2f7f1066f48e648533819acf73bb61c9a0a195e77a9843ce9f308498d0582fd9dba998df732a0984af552c9ff050ea253f25d80daeadde771435874b5eac9132804ef01f319a6bc2ee9cc664f79a2c38ad91bdb02885fa6c3fb9af9ca7e2f8fd179de1528a0091c85fde4b3bcd0ae4017d7d9405f82a439b565910ce8d2f5c0d20567ee473f04df89884bfe8139f07018eef5158e94d36ec816d9c8b3e167c13d420a18657fa3d7691e2e71c7666bf7a08339b46a544a12af11f99ee94b404adafbf26be785fbc"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x8, 0x62, 0x125, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c961e5f3762a51fe4c736edec6f", &(0x7f0000000440)=""/254, 0x8000, 0x0, 0xff, 0x695866635b959906, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2}, 0x24)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x54c, 0x4, 0x3, 0x3, 0xc, 0x6, 0x7}, 0x1c)
recvfrom(r5, &(0x7f0000000040)=""/18, 0x12, 0x1, 0x0, 0x0)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r6, 0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r7, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/6, 0x6}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x5}, 0x80000000}], 0x4, 0x20, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$PNPIPE_HANDLE(r6, 0x113, 0x3, 0x0, 0x0)

2.900706462s ago: executing program 4 (id=1928):
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1e, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000001000000000000000000000089120e000000640095"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3fffffc, @void, @value}, 0x94)

2.683229306s ago: executing program 1 (id=1930):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={<r3=>r2}, &(0x7f0000000280)=0x8)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x80, 0x0, @mcast1, 0x8}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r6, &(0x7f0000003640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f00000006c0)={0x2, 0x4e20}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[], 0x50}}], 0x2, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000200)={r3, 0xdc}, 0x8)
sendmmsg$inet6(r4, &(0x7f00000027c0)=[{{&(0x7f00000002c0)={0xa, 0x4e24, 0x9, @local, 0x80400}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000002900000036000000330000000000000070010000000000002900000037000000892a0000000000000001000738000000010c0ceb5c260400000000000006000000000000001e080008000400000600000000000000070000000008e88689f3cf780d18482fc0fc1acb0a0784981250c4c6122dbf0e630a384a6152a9493118087f57533c18ac22141c9b06e70fbb12a7f9f599802179d10e1453f3973cdfc0d9be6cc22ceab10a4c9f5c717309f9dd68262125482dfecdd525b7f2aaefb40676146705aa2be6eb0c2cc201f952db4be3c94a22ad75bce4011873e3f59bde0da8eb57b83397294e430d7f58eb59ad6d84842937ce905fae2389b4fcebafda139c9ca364df0b291b4cfb0b44a3c61b332d942123f116cdf986ec59946ba3ffd27033ab0a36054420ad0f2815ee09ad657543a38fc1e99fe570528d6cc2c2321ed0266cf0e0074900000003086105000800000000000000020000000000000002000000000000000300"/381], 0x188}}], 0x1, 0x4080)

2.611328567s ago: executing program 4 (id=1931):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0b00000007000000010001004900000001000000", @ANYRES32, @ANYBLOB="000000002bfd3d8c2491000000000000000000000000000800", @ANYBLOB="2fee865e8b1ee0dca2d555fffffdb4267aca", @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r3, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
sendfile(r4, r4, 0x0, 0xfffffffefff)
shutdown(r3, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r3)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000004c0)={'vcan0\x00'})
sendmsg$can_bcm(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b40)=ANY=[@ANYBLOB="01000000400800000000000000000000803fe75d8541dbcb4f579e97799f55e1eab6f32ae357b41a086b5da35040511350360e9e9554c63d7874808fa49df784c457917898a4b0337ae62e87b2d3e59132660d82dc67ffc1c1cb8a697c387da6c9c2dc1c57e18c5b050d8904d9aa9da363ff00fdf93fb3c044", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"], 0x80}}, 0x0)
sendmsg$can_bcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)={0x1, 0x0, 0x0, {0x77359400}, {0x77359400}, {}, 0x1, @canfd={{0x3, 0x0, 0x1, 0x1}, 0x1e, 0x3, 0x0, 0x0, "8e3838baa9da9f58788cecf2649674072e8340e138025d0156e994e25d3237d9234b37000948984298d9f8fa8d0c423467ca2a2dc323dd2e2efb0daf89035ba4"}}, 0xffffffffffffff8e}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0)
setsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x7f, &(0x7f0000000340)=0x1b, 0x4)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00022cbd7000d3723412f69e17e7000000000200000008000b01"], 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NAME_TABLE_GET(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r11, @ANYBLOB="010f060000000000000010"], 0x14}, 0x1, 0x0, 0x0, 0x1021}, 0x4000000)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)=ANY=[@ANYBLOB="df253415", @ANYRES16=r7, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r8, @ANYBLOB], 0x28}}, 0x0)

1.725026974s ago: executing program 1 (id=1938):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1500000010"], 0x48)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300, 0x1000000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0xff00}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.70154571s ago: executing program 4 (id=1940):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x400c010)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0)
unshare(0x62040200)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)="010000000980ffff", 0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r1, 0x2)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x2, 0x2, 0x0, 0x2, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e23, @rand_addr=0x64010101}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x44}}}, @sadb_key={0x1, 0x8}, @sadb_x_nat_t_type={0x1}]}, 0x60}, 0x1, 0x7}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
syz_emit_ethernet(0x5e, &(0x7f0000000300)={@local, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "75f5d4", 0x28, 0x21, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @local, {[@srh={0x33, 0x2, 0x4, 0x1, 0x8, 0x0, 0x4, [@private1={0xfc, 0x1, '\x00', 0x1}]}], {{0x4e21, 0x4e23, 0x4, 0x1, 0xc, 0x0, 0x0, 0x4, 0x7, "428b40", 0x8, "64a04f"}}}}}}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0xfb5, 0xfffffffe}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000001600156f"], 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x8080)

1.47111853s ago: executing program 3 (id=1942):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90201007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.27145368s ago: executing program 1 (id=1944):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xf4, 0x2e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x177f}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000080)={'pim6reg0\x00', @local})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001800010300000000000000000a80000000030007000000001400010000000000000000000020"], 0x30}}, 0x0)

953.353923ms ago: executing program 3 (id=1946):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c000000000061137e0000000000bf2000000000000007020100180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000f020201d706000020000000620a04ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5275c00"/420], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

886.04309ms ago: executing program 0 (id=1947):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000010000100000000000f0000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c000380080001400000000008000240000000001800038004"], 0xe8}}, 0x0)

844.264492ms ago: executing program 3 (id=1948):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0xdb4, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000ffdbdf25450000000e0001"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x14)
unshare(0x22020400)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000280)=r1}, 0x20)
pipe(&(0x7f0000000580))
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x2a}}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=[@dstopts={{0x18}}], 0x18}, 0x4000000)

764.384254ms ago: executing program 3 (id=1949):
socket$inet_dccp(0x2, 0x6, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0258ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090810000000000000040000", 0x58}], 0x1)

667.494987ms ago: executing program 0 (id=1950):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="c3020000000000006b17908d0000000085000000b40000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21)

567.644876ms ago: executing program 0 (id=1951):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
read(r1, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000040)=""/58, 0x2000, 0x800, 0x31}, 0x20)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r0)

552.58775ms ago: executing program 1 (id=1952):
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@random="a6e0854a7262", @remote, @val={@val={0x88a8, 0x7, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0x2}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0xa, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, @multicast, @remote}}}}, &(0x7f0000000080)={0x0, 0x1, [0x235, 0x7ac, 0x5cc, 0xe6f]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018"], 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0xfdef}], 0x1}, 0x0)
recvmsg(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000080)=""/248, 0xf8}], 0x1, 0x0, 0x18}, 0x10100)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
socket(0x2, 0x80805, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0xffffffffffffff54, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x5}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x108}}, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x200}, 0x18)
r7 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r7, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0xffa0}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x5a, 0x29, 0x36}}, @ip_tos_u8={{0x38, 0x29, 0x3b}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x50}, 0x0)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x4000, 0x3}, 0x6)
close(r6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001140)=ANY=[@ANYBLOB="000000000009dd26c75baee15f742094a3d9daae0000", @ANYRES16=r9, @ANYBLOB="01002dbd7000fedbdf250c00000008000300", @ANYRES32=r8, @ANYBLOB="0c0050800800070002000000"], 0x28}, 0x1, 0x0, 0x0, 0x4480}, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x2f, 0x9, 0x2, 0x25dfdbfd, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x804)

447.553632ms ago: executing program 3 (id=1953):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="05240600"], 0x6c}}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000800)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000900000000000800097c86b722735035dc0067f6b13308000a000000000008000a000000000008000900975b9b5e04000b801c000b800800090000000900000009005e2a2d7a080009000000000024000b80080009e6ff0000000800090000000000080009000000000008000900000000005c000b8008000a"], 0x184}, 0x1, 0x100000000000000}, 0x0)

333.873982ms ago: executing program 0 (id=1954):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000000000007f000001000000000000000000000000ac1e000100000000000000000000000000000000000000000a003080"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}, 0x4000000}}, 0xb8}}, 0x0)

212.157567ms ago: executing program 1 (id=1955):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB="0000000000000000b70500", @ANYRES32, @ANYBLOB="000000000000010185100000070080", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000184000000600000000000000000000001851000009000000000000000000000085100000faffffff5318ffff10000000bf91000000000000b702"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[r0, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000340)=[{0x0, 0x4, 0x4, 0x6}, {0x10000002, 0x2, 0x0, 0x3}], 0x10, 0x1, @void, @value}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xf, 0x0, &(0x7f0000000540)="a31b61a67eb50f6874312e2c7ac2f4", &(0x7f0000000580), 0x0, 0x0, 0x607}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff})
bind$llc(r5, &(0x7f00000002c0)={0x1a, 0x307, 0x0, 0x6, 0x10, 0x27, @broadcast}, 0x10)
sendmsg$nl_route(r5, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8040)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="2c0000001a0001fc80000000000000050a000000000000000000000006"], 0x2c}}, 0x0)
r7 = accept4(r4, 0x0, 0x0, 0x800)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000140), 0x0}, 0x20)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r6, 0x89f6, &(0x7f0000000880)={'sit0\x00', &(0x7f0000000800)={@broadcast, 0x0, 0x0, 0x20, 0x0, [{}, {@remote}]}})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

151.427495ms ago: executing program 0 (id=1956):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="380000001800090300000000000000000a0000000005000b0000010008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x1000c840)

147.609306ms ago: executing program 3 (id=1957):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$alg(0x26, 0x5, 0x0)
socket$packet(0x11, 0x4000000000002, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x3, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000010000000000000000000000850000008700000085000000a000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xd)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x3, &(0x7f0000000640)=@framed, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x3, 0x300)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$packet(0x11, 0x3, 0x300)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0020001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

6.026255ms ago: executing program 1 (id=1958):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x18)
r4 = socket$tipc(0x1e, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r5=>0x0})
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r7, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4a22, 0x0, @private1={0xfc, 0x1, '\x00', 0x3}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r7, 0x1)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x5}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r6}, 0x18)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x67, 0x5, 0x7, 0xf8, 0x1, 0x7d, 0x7, 0x28, 0x9, 0x28, 0x81, 0x80, 0x5, 0xe}, 0xe)

0s ago: executing program 0 (id=1959):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001700)="87", 0x1}], 0x1}}], 0x1, 0x4040010)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x28, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7, 0x4f}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0xc0)
syz_init_net_socket$ax25(0x3, 0x5, 0xcd)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000000200)=""/227, 0xe3}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x14, &(0x7f0000000880)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006916000000000000bf67000000000000170600000fff01006706000002000000070600000ee60000bf260000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f3d2401000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ffa78b02af242f8ee5476d4ef7a6f0c4704403b9bad2b648e90f89c54ca2d6b792beb3302600ff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b06e7f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d545741fb087b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adfff3f6daed3cdfee7de13ad4f9000"/639], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1004e22}, 0x6e)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x3)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ppoll(&(0x7f0000000000)=[{r6, 0x8104}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
recvmmsg(r3, &(0x7f0000006100), 0x49f, 0x0, 0x0)

kernel console output (not intermixed with test programs):

omm: syz.2.891 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  174.660589][ T8756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  174.660601][ T8756] Call Trace:
[  174.660609][ T8756]  <TASK>
[  174.660617][ T8756]  dump_stack_lvl+0x241/0x360
[  174.660654][ T8756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  174.660683][ T8756]  ? __pfx__printk+0x10/0x10
[  174.660722][ T8756]  should_fail_ex+0x424/0x570
[  174.660749][ T8756]  _copy_from_user+0x2d/0xb0
[  174.660780][ T8756]  copy_msghdr_from_user+0xb3/0x580
[  174.660815][ T8756]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  174.660864][ T8756]  do_recvmmsg+0x3bf/0xab0
[  174.660899][ T8756]  ? __pfx_do_recvmmsg+0x10/0x10
[  174.660938][ T8756]  ? rcu_read_lock_any_held+0xbb/0x160
[  174.660966][ T8756]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  174.660997][ T8756]  ? vfs_write+0xb29/0xd10
[  174.661030][ T8756]  ? ksys_write+0x24e/0x2d0
[  174.661056][ T8756]  ? __mutex_unlock_slowpath+0x229/0x800
[  174.661093][ T8756]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  174.661118][ T8756]  ? __fget_files+0x2a/0x420
[  174.661153][ T8756]  __x64_sys_recvmmsg+0x1ab/0x260
[  174.661179][ T8756]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  174.661209][ T8756]  ? do_syscall_64+0xb6/0x230
[  174.661238][ T8756]  do_syscall_64+0xf3/0x230
[  174.661264][ T8756]  ? clear_bhb_loop+0x45/0xa0
[  174.661288][ T8756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.661307][ T8756] RIP: 0033:0x7f529818d169
[  174.661325][ T8756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.661341][ T8756] RSP: 002b:00007f5298f80038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  174.661362][ T8756] RAX: ffffffffffffffda RBX: 00007f52983a5fa0 RCX: 00007f529818d169
[  174.661377][ T8756] RDX: 000000000400030f RSI: 0000200000005c80 RDI: 0000000000000003
[  174.661389][ T8756] RBP: 00007f5298f80090 R08: 0000000000000000 R09: 0000000000000000
[  174.661402][ T8756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  174.661413][ T8756] R13: 0000000000000000 R14: 00007f52983a5fa0 R15: 00007ffef73ea428
[  174.661444][ T8756]  </TASK>
[  174.946869][ T8759] netlink: 20 bytes leftover after parsing attributes in process `syz.1.893'.
[  175.224756][  T120] hid (null): unknown global tag 0xe
[  175.459972][ T8781] dccp_close: ABORT with 36 bytes unread
[  175.490426][ T8781] netlink: 'syz.3.899': attribute type 1 has an invalid length.
[  176.159085][  T120] hid-generic 0005:15C2:0A0F.0001: unknown global tag 0xe
[  176.166980][  T120] hid-generic 0005:15C2:0A0F.0001: item 0 2 1 14 parsing failed
[  176.180694][  T120] hid-generic 0005:15C2:0A0F.0001: probe with driver hid-generic failed with error -22
[  176.867587][ T8781] 8021q: adding VLAN 0 to HW filter on device bond1
[  176.901458][ T8788] bond1: (slave veth3): Enslaving as an active interface with a down link
[  176.976832][ T8799] FAULT_INJECTION: forcing a failure.
[  176.976832][ T8799] name failslab, interval 1, probability 0, space 0, times 1
[  176.977761][ T8795] bond0: (slave dummy0): Releasing backup interface
[  176.989968][ T8799] CPU: 1 UID: 0 PID: 8799 Comm: syz.0.904 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  176.989997][ T8799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  176.990011][ T8799] Call Trace:
[  176.990019][ T8799]  <TASK>
[  176.990029][ T8799]  dump_stack_lvl+0x241/0x360
[  176.990079][ T8799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  176.990112][ T8799]  ? __pfx__printk+0x10/0x10
[  176.990148][ T8799]  ? __pfx___might_resched+0x10/0x10
[  176.990181][ T8799]  should_fail_ex+0x424/0x570
[  176.990210][ T8799]  should_failslab+0xac/0x100
[  176.990242][ T8799]  __kmalloc_noprof+0xdf/0x4d0
[  176.990272][ T8799]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  176.990297][ T8799]  ? apparmor_capable+0x13b/0x1b0
[  176.990324][ T8799]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  176.990358][ T8799]  genl_rcv_msg+0x819/0xf00
[  176.990393][ T8799]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.990426][ T8799]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  176.990450][ T8799]  ? lockdep_hardirqs_on+0x9d/0x150
[  176.990493][ T8799]  ? __lock_acquire+0xad5/0xd80
[  176.990516][ T8799]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  176.990536][ T8799]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  176.990557][ T8799]  ? __pfx_nl80211_post_doit+0x10/0x10
[  176.990594][ T8799]  netlink_rcv_skb+0x208/0x480
[  176.990627][ T8799]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.990653][ T8799]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  176.990708][ T8799]  ? netlink_deliver_tap+0x2e/0x1b0
[  176.990746][ T8799]  genl_rcv+0x28/0x40
[  176.990768][ T8799]  netlink_unicast+0x7f8/0x9a0
[  176.990807][ T8799]  ? __pfx_netlink_unicast+0x10/0x10
[  176.990837][ T8799]  ? skb_put+0x114/0x1f0
[  176.990864][ T8799]  netlink_sendmsg+0x8c3/0xcd0
[  176.990909][ T8799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.990946][ T8799]  ? aa_sock_msg_perm+0x91/0x160
[  176.990983][ T8799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.991013][ T8799]  __sock_sendmsg+0x221/0x270
[  176.991058][ T8799]  ____sys_sendmsg+0x523/0x860
[  176.991093][ T8799]  ? __pfx_____sys_sendmsg+0x10/0x10
[  176.991113][ T8799]  ? __fget_files+0x2a/0x420
[  176.991136][ T8799]  ? __fget_files+0x2a/0x420
[  176.991166][ T8799]  __sys_sendmsg+0x271/0x360
[  176.991195][ T8799]  ? __pfx___sys_sendmsg+0x10/0x10
[  176.991280][ T8799]  ? do_syscall_64+0xb6/0x230
[  176.991312][ T8799]  do_syscall_64+0xf3/0x230
[  176.991349][ T8799]  ? clear_bhb_loop+0x45/0xa0
[  176.991375][ T8799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.991396][ T8799] RIP: 0033:0x7fd90ab8d169
[  176.991416][ T8799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.991433][ T8799] RSP: 002b:00007fd90baa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.991455][ T8799] RAX: ffffffffffffffda RBX: 00007fd90ada5fa0 RCX: 00007fd90ab8d169
[  176.991471][ T8799] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000004
[  176.991484][ T8799] RBP: 00007fd90baa1090 R08: 0000000000000000 R09: 0000000000000000
[  176.991497][ T8799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.991510][ T8799] R13: 0000000000000000 R14: 00007fd90ada5fa0 R15: 00007ffde1ffe8d8
[  176.991543][ T8799]  </TASK>
[  177.318357][ T8795] dummy0: left allmulticast mode
[  177.325185][ T8795] dummy0: left promiscuous mode
[  177.332584][ T8795] bond1: (slave dummy0): making interface the new active one
[  177.342908][ T8795] dummy0: entered promiscuous mode
[  177.348868][ T8795] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  177.396012][ T8805] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.558002][ T8805] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.719378][ T8805] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.786511][ T8825] netlink: 'syz.4.912': attribute type 1 has an invalid length.
[  177.841465][ T8805] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.962797][ T8805] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.995831][ T8805] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.040687][ T8805] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.070122][ T8835] netlink: 12 bytes leftover after parsing attributes in process `syz.4.914'.
[  178.112507][ T8805] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.139813][ T8830] bridge0: port 1(team0) entered blocking state
[  178.174629][ T8830] bridge0: port 1(team0) entered disabled state
[  178.195340][ T8830] team0: entered allmulticast mode
[  178.198865][ T8835] netlink: 'syz.4.914': attribute type 1 has an invalid length.
[  178.820443][ T8870] xt_CT: You must specify a L4 protocol and not use inversions on it
[  178.922979][ T8875] netlink: 16 bytes leftover after parsing attributes in process `syz.3.929'.
[  178.948563][ T8878] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0
[  178.960815][ T8877] FAULT_INJECTION: forcing a failure.
[  178.960815][ T8877] name failslab, interval 1, probability 0, space 0, times 0
[  178.986966][ T8873] lo speed is unknown, defaulting to 1000
[  178.994592][ T8873] lo speed is unknown, defaulting to 1000
[  179.017857][ T8877] CPU: 0 UID: 0 PID: 8877 Comm: syz.1.930 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  179.017897][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.017909][ T8877] Call Trace:
[  179.017917][ T8877]  <TASK>
[  179.017925][ T8877]  dump_stack_lvl+0x241/0x360
[  179.017961][ T8877]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.017989][ T8877]  ? __pfx__printk+0x10/0x10
[  179.018021][ T8877]  ? __pfx___might_resched+0x10/0x10
[  179.018049][ T8877]  should_fail_ex+0x424/0x570
[  179.018108][ T8877]  should_failslab+0xac/0x100
[  179.018136][ T8877]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  179.018163][ T8877]  ? __alloc_skb+0x1c2/0x480
[  179.018179][ T8877]  ? __mutex_unlock_slowpath+0x79a/0x800
[  179.018227][ T8877]  __alloc_skb+0x1c2/0x480
[  179.018252][ T8877]  ? __pfx___alloc_skb+0x10/0x10
[  179.018267][ T8877]  ? rcu_is_watching+0x15/0xb0
[  179.018294][ T8877]  ? trace_contention_end+0x3c/0x120
[  179.018327][ T8877]  nl80211_tx_mgmt+0xc55/0x1280
[  179.018360][ T8877]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  179.018382][ T8877]  ? __pfx_netdev_run_todo+0x10/0x10
[  179.018436][ T8877]  genl_rcv_msg+0xb38/0xf00
[  179.018470][ T8877]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.018490][ T8877]  ? __dev_queue_xmit+0x1780/0x3f60
[  179.018511][ T8877]  ? kasan_save_track+0x3f/0x80
[  179.018532][ T8877]  ? __kasan_slab_alloc+0x66/0x80
[  179.018563][ T8877]  ? do_syscall_64+0xf3/0x230
[  179.018608][ T8877]  ? __lock_acquire+0xad5/0xd80
[  179.018630][ T8877]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  179.018649][ T8877]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  179.018667][ T8877]  ? __pfx_nl80211_post_doit+0x10/0x10
[  179.018703][ T8877]  netlink_rcv_skb+0x208/0x480
[  179.018735][ T8877]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.018759][ T8877]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.018813][ T8877]  ? netlink_deliver_tap+0x2e/0x1b0
[  179.018872][ T8877]  genl_rcv+0x28/0x40
[  179.018916][ T8877]  netlink_unicast+0x7f8/0x9a0
[  179.018955][ T8877]  ? __pfx_netlink_unicast+0x10/0x10
[  179.018985][ T8877]  ? skb_put+0x114/0x1f0
[  179.019011][ T8877]  netlink_sendmsg+0x8c3/0xcd0
[  179.019057][ T8877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.019093][ T8877]  ? aa_sock_msg_perm+0x91/0x160
[  179.019130][ T8877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.019159][ T8877]  __sock_sendmsg+0x221/0x270
[  179.019191][ T8877]  ____sys_sendmsg+0x523/0x860
[  179.019224][ T8877]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.019242][ T8877]  ? __fget_files+0x2a/0x420
[  179.019265][ T8877]  ? __fget_files+0x2a/0x420
[  179.019294][ T8877]  __sys_sendmsg+0x271/0x360
[  179.019323][ T8877]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.019407][ T8877]  ? do_syscall_64+0xb6/0x230
[  179.019438][ T8877]  do_syscall_64+0xf3/0x230
[  179.019465][ T8877]  ? clear_bhb_loop+0x45/0xa0
[  179.019488][ T8877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.019507][ T8877] RIP: 0033:0x7fcdb2d8d169
[  179.019525][ T8877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.019541][ T8877] RSP: 002b:00007fcdb3ba6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.019563][ T8877] RAX: ffffffffffffffda RBX: 00007fcdb2fa5fa0 RCX: 00007fcdb2d8d169
[  179.019578][ T8877] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000004
[  179.019591][ T8877] RBP: 00007fcdb3ba6090 R08: 0000000000000000 R09: 0000000000000000
[  179.019602][ T8877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.019614][ T8877] R13: 0000000000000000 R14: 00007fcdb2fa5fa0 R15: 00007fffdd0799e8
[  179.019645][ T8877]  </TASK>
[  179.459746][ T8883] netlink: 4 bytes leftover after parsing attributes in process `syz.2.932'.
[  179.555524][ T8886] macsec2: entered promiscuous mode
[  179.731827][ T8896] netlink: 'syz.2.937': attribute type 1 has an invalid length.
[  179.756120][ T8893] xt_hashlimit: size too large, truncated to 1048576
[  179.816621][ T8899] xt_hashlimit: size too large, truncated to 1048576
[  180.080575][ T8900] 
: renamed from bond0 (while UP)
[  180.701979][ T8929] lo speed is unknown, defaulting to 1000
[  180.737019][ T8929] lo speed is unknown, defaulting to 1000
[  180.996882][ T8946] FAULT_INJECTION: forcing a failure.
[  180.996882][ T8946] name failslab, interval 1, probability 0, space 0, times 0
[  181.011900][ T8946] CPU: 0 UID: 0 PID: 8946 Comm: syz.2.953 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  181.011929][ T8946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  181.011941][ T8946] Call Trace:
[  181.011949][ T8946]  <TASK>
[  181.011957][ T8946]  dump_stack_lvl+0x241/0x360
[  181.011995][ T8946]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.012025][ T8946]  ? __pfx__printk+0x10/0x10
[  181.012057][ T8946]  ? __pfx___might_resched+0x10/0x10
[  181.012087][ T8946]  should_fail_ex+0x424/0x570
[  181.012113][ T8946]  should_failslab+0xac/0x100
[  181.012143][ T8946]  __kmalloc_noprof+0xdf/0x4d0
[  181.012169][ T8946]  ? tomoyo_encode2+0x27e/0x550
[  181.012205][ T8946]  tomoyo_encode2+0x27e/0x550
[  181.012245][ T8946]  tomoyo_check_unix_address+0x36b/0x8e0
[  181.012284][ T8946]  ? tomoyo_check_unix_address+0x173/0x8e0
[  181.012314][ T8946]  ? __pfx_tomoyo_check_unix_address+0x10/0x10
[  181.012352][ T8946]  ? _parse_integer_limit+0x1b4/0x200
[  181.012388][ T8946]  tomoyo_socket_sendmsg_permission+0x27b/0x420
[  181.012420][ T8946]  ? __lock_acquire+0xad5/0xd80
[  181.012445][ T8946]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  181.012496][ T8946]  security_socket_sendmsg+0x9a/0x2a0
[  181.012519][ T8946]  __sock_sendmsg+0x49/0x270
[  181.012544][ T8946]  ? ____sys_sendmsg+0x4fb/0x860
[  181.012567][ T8946]  ____sys_sendmsg+0x523/0x860
[  181.012599][ T8946]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.012618][ T8946]  ? __fget_files+0x2a/0x420
[  181.012640][ T8946]  ? __fget_files+0x2a/0x420
[  181.012669][ T8946]  __sys_sendmsg+0x271/0x360
[  181.012697][ T8946]  ? __pfx___sys_sendmsg+0x10/0x10
[  181.012786][ T8946]  ? do_syscall_64+0xb6/0x230
[  181.012817][ T8946]  do_syscall_64+0xf3/0x230
[  181.012842][ T8946]  ? clear_bhb_loop+0x45/0xa0
[  181.012866][ T8946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.012885][ T8946] RIP: 0033:0x7f529818d169
[  181.012902][ T8946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.012918][ T8946] RSP: 002b:00007f5298f80038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.012940][ T8946] RAX: ffffffffffffffda RBX: 00007f52983a5fa0 RCX: 00007f529818d169
[  181.012954][ T8946] RDX: 0000000020000080 RSI: 0000200000000280 RDI: 0000000000000003
[  181.012967][ T8946] RBP: 00007f5298f80090 R08: 0000000000000000 R09: 0000000000000000
[  181.012979][ T8946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.012990][ T8946] R13: 0000000000000000 R14: 00007f52983a5fa0 R15: 00007ffef73ea428
[  181.013022][ T8946]  </TASK>
[  181.269489][ T8940] bridge0: port 3(gretap0) entered blocking state
[  181.279490][ T8940] bridge0: port 3(gretap0) entered disabled state
[  181.286189][ T8940] gretap0: entered allmulticast mode
[  181.293269][ T8940] gretap0: entered promiscuous mode
[  181.299452][ T8940] bridge0: port 3(gretap0) entered blocking state
[  181.306268][ T8940] bridge0: port 3(gretap0) entered forwarding state
[  181.315948][ T8943] gretap0: left allmulticast mode
[  181.321114][ T8943] gretap0: left promiscuous mode
[  181.329821][ T8943] bridge0: port 3(gretap0) entered disabled state
[  181.568521][ T8954] netlink: 248 bytes leftover after parsing attributes in process `syz.1.956'.
[  181.842579][ T8966] x_tables: duplicate underflow at hook 1
[  181.926943][ T8970] IPv6: NLM_F_CREATE should be specified when creating new route
[  182.381565][ T8992] netlink: 88 bytes leftover after parsing attributes in process `syz.2.968'.
[  182.406654][ T8992] netlink: 24 bytes leftover after parsing attributes in process `syz.2.968'.
[  182.439247][ T8992] netlink: 16 bytes leftover after parsing attributes in process `syz.2.968'.
[  182.450241][ T8992] netlink: 80 bytes leftover after parsing attributes in process `syz.2.968'.
[  183.000540][ T9024] nbd: must specify a size in bytes for the device
[  183.035638][ T9024] netlink: 'syz.3.978': attribute type 3 has an invalid length.
[  183.293588][ T9041] netlink: 'syz.1.982': attribute type 4 has an invalid length.
[  183.362965][ T9047] netlink: 'syz.1.982': attribute type 4 has an invalid length.
[  184.109090][ T9081] FAULT_INJECTION: forcing a failure.
[  184.109090][ T9081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.124146][ T9080] netlink: 8 bytes leftover after parsing attributes in process `syz.4.995'.
[  184.164085][ T9081] CPU: 1 UID: 0 PID: 9081 Comm: syz.3.996 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  184.164114][ T9081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  184.164125][ T9081] Call Trace:
[  184.164133][ T9081]  <TASK>
[  184.164142][ T9081]  dump_stack_lvl+0x241/0x360
[  184.164180][ T9081]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.164209][ T9081]  ? __pfx__printk+0x10/0x10
[  184.164250][ T9081]  should_fail_ex+0x424/0x570
[  184.164278][ T9081]  _copy_from_user+0x2d/0xb0
[  184.164308][ T9081]  copy_msghdr_from_user+0xb3/0x580
[  184.164342][ T9081]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  184.164385][ T9081]  do_recvmmsg+0x3bf/0xab0
[  184.164448][ T9081]  ? __pfx_do_recvmmsg+0x10/0x10
[  184.164495][ T9081]  ? rcu_read_lock_any_held+0xbb/0x160
[  184.164524][ T9081]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  184.164555][ T9081]  ? vfs_write+0xb29/0xd10
[  184.164589][ T9081]  ? ksys_write+0x24e/0x2d0
[  184.164617][ T9081]  ? __mutex_unlock_slowpath+0x229/0x800
[  184.164655][ T9081]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  184.164681][ T9081]  ? __fget_files+0x2a/0x420
[  184.164717][ T9081]  __x64_sys_recvmmsg+0x1ab/0x260
[  184.164744][ T9081]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  184.164774][ T9081]  ? do_syscall_64+0xb6/0x230
[  184.164804][ T9081]  do_syscall_64+0xf3/0x230
[  184.164831][ T9081]  ? clear_bhb_loop+0x45/0xa0
[  184.164855][ T9081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.164875][ T9081] RIP: 0033:0x7f3f0ed8d169
[  184.164893][ T9081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.164910][ T9081] RSP: 002b:00007f3f0fb94038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  184.164932][ T9081] RAX: ffffffffffffffda RBX: 00007f3f0efa5fa0 RCX: 00007f3f0ed8d169
[  184.164947][ T9081] RDX: 000000000400030f RSI: 0000200000005c80 RDI: 0000000000000003
[  184.164960][ T9081] RBP: 00007f3f0fb94090 R08: 0000000000000000 R09: 0000000000000000
[  184.164973][ T9081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  184.164984][ T9081] R13: 0000000000000000 R14: 00007f3f0efa5fa0 R15: 00007ffc06ba5e98
[  184.165016][ T9081]  </TASK>
[  184.435945][ T9085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.998'.
[  184.521071][ T9089] netlink: 24 bytes leftover after parsing attributes in process `syz.3.999'.
[  184.593153][ T9089] netlink: 24 bytes leftover after parsing attributes in process `syz.3.999'.
[  184.680989][ T9098] xt_CT: You must specify a L4 protocol and not use inversions on it
[  184.887251][ T9107] rdma_op ffff8880580c01f0 conn xmit_rdma 0000000000000000
[  185.023321][ T9111] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[  185.090444][ T9111] netlink: 'syz.2.1008': attribute type 6 has an invalid length.
[  185.165973][ T9120] FAULT_INJECTION: forcing a failure.
[  185.165973][ T9120] name failslab, interval 1, probability 0, space 0, times 0
[  185.205143][ T9120] CPU: 1 UID: 0 PID: 9120 Comm: syz.3.1011 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  185.205174][ T9120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  185.205187][ T9120] Call Trace:
[  185.205195][ T9120]  <TASK>
[  185.205204][ T9120]  dump_stack_lvl+0x241/0x360
[  185.205243][ T9120]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.205274][ T9120]  ? __pfx__printk+0x10/0x10
[  185.205307][ T9120]  ? __pfx___might_resched+0x10/0x10
[  185.205339][ T9120]  should_fail_ex+0x424/0x570
[  185.205367][ T9120]  should_failslab+0xac/0x100
[  185.205399][ T9120]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  185.205429][ T9120]  ? __alloc_skb+0x1c2/0x480
[  185.205453][ T9120]  __alloc_skb+0x1c2/0x480
[  185.205479][ T9120]  ? __pfx___alloc_skb+0x10/0x10
[  185.205496][ T9120]  ? __lock_acquire+0xad5/0xd80
[  185.205530][ T9120]  alloc_skb_with_frags+0xc3/0x830
[  185.205558][ T9120]  ? __fget_files+0x2a/0x420
[  185.205583][ T9120]  ? __fget_files+0x2a/0x420
[  185.205619][ T9120]  sock_alloc_send_pskb+0x91c/0xa70
[  185.205643][ T9120]  ? unix_get_socket+0x11e/0x1b0
[  185.205682][ T9120]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  185.205710][ T9120]  ? __pfx___scm_send+0x10/0x10
[  185.205745][ T9120]  unix_dgram_sendmsg+0x6d4/0x1ea0
[  185.205794][ T9120]  ? aa_sk_perm+0x96f/0xac0
[  185.205825][ T9120]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  185.205863][ T9120]  ? aa_sock_msg_perm+0x91/0x160
[  185.205897][ T9120]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  185.205925][ T9120]  __sock_sendmsg+0x221/0x270
[  185.205955][ T9120]  ____sys_sendmsg+0x523/0x860
[  185.205986][ T9120]  ? __pfx_____sys_sendmsg+0x10/0x10
[  185.206004][ T9120]  ? __fget_files+0x2a/0x420
[  185.206026][ T9120]  ? __fget_files+0x2a/0x420
[  185.206054][ T9120]  __sys_sendmsg+0x271/0x360
[  185.206081][ T9120]  ? __pfx___sys_sendmsg+0x10/0x10
[  185.206158][ T9120]  ? do_syscall_64+0xb6/0x230
[  185.206187][ T9120]  do_syscall_64+0xf3/0x230
[  185.206213][ T9120]  ? clear_bhb_loop+0x45/0xa0
[  185.206237][ T9120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.206256][ T9120] RIP: 0033:0x7f3f0ed8d169
[  185.206273][ T9120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.206290][ T9120] RSP: 002b:00007f3f0fb94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  185.206312][ T9120] RAX: ffffffffffffffda RBX: 00007f3f0efa5fa0 RCX: 00007f3f0ed8d169
[  185.206326][ T9120] RDX: 0000000020000080 RSI: 0000200000000280 RDI: 0000000000000003
[  185.206339][ T9120] RBP: 00007f3f0fb94090 R08: 0000000000000000 R09: 0000000000000000
[  185.206351][ T9120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.206381][ T9120] R13: 0000000000000000 R14: 00007f3f0efa5fa0 R15: 00007ffc06ba5e98
[  185.206412][ T9120]  </TASK>
[  185.678134][ T9123] vlan2: entered promiscuous mode
[  186.158730][ T9155] IPv6: NLM_F_CREATE should be specified when creating new route
[  186.222255][ T9157] bridge1: the hash_elasticity option has been deprecated and is always 16
[  186.467372][ T9168] lo speed is unknown, defaulting to 1000
[  186.472621][ T9172] xt_CT: You must specify a L4 protocol and not use inversions on it
[  186.487843][ T9168] lo speed is unknown, defaulting to 1000
[  186.672005][ T9185] trusted_key: syz.0.1036 sent an empty control message without MSG_MORE.
[  186.673823][ T9182] dccp_invalid_packet: invalid packet type
[  187.254335][ T9208] Dead loop on virtual device ipvlan1, fix it urgently!
[  187.773314][ T9239] netlink: 'syz.0.1051': attribute type 1 has an invalid length.
[  187.797386][ T9238] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1053'.
[  187.825225][ T9238] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  187.833816][ T9238] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  187.842556][ T9238] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  187.852466][ T9238] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  187.953124][ T9238] vxlan0: entered promiscuous mode
[  187.958547][ T9238] vxlan0: entered allmulticast mode
[  188.003272][ T9238] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  188.012310][ T9238] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  188.020811][ T9238] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  188.029515][ T9238] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  188.202912][ T9251] netlink: 'syz.0.1056': attribute type 11 has an invalid length.
[  188.224340][ T9251] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1056'.
[  188.238481][ T9249] xt_l2tp: v2 tid > 0xffff: 4294967295
[  188.357801][ T9255] xt_l2tp: missing protocol rule (udp|l2tpip)
[  188.526040][ T9265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  188.585704][ T9265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  188.631446][ T9265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  188.661431][ T9265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  188.757758][ T9265] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  188.767175][ T9276] xt_CT: You must specify a L4 protocol and not use inversions on it
[  189.022715][ T9282] macsec1: entered promiscuous mode
[  189.364340][   T52] dummy0: left promiscuous mode
[  189.381749][ T9300] FAULT_INJECTION: forcing a failure.
[  189.381749][ T9300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.436923][ T9300] CPU: 1 UID: 0 PID: 9300 Comm: syz.1.1069 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  189.436953][ T9300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  189.436965][ T9300] Call Trace:
[  189.436973][ T9300]  <TASK>
[  189.436981][ T9300]  dump_stack_lvl+0x241/0x360
[  189.437020][ T9300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.437050][ T9300]  ? __pfx__printk+0x10/0x10
[  189.437109][ T9300]  should_fail_ex+0x424/0x570
[  189.437133][ T9300]  _copy_from_user+0x2d/0xb0
[  189.437162][ T9300]  copy_msghdr_from_user+0xb3/0x580
[  189.437195][ T9300]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  189.437237][ T9300]  do_recvmmsg+0x3bf/0xab0
[  189.437269][ T9300]  ? __pfx_do_recvmmsg+0x10/0x10
[  189.437325][ T9300]  ? rcu_read_lock_any_held+0xbb/0x160
[  189.437353][ T9300]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  189.437384][ T9300]  ? vfs_write+0xb29/0xd10
[  189.437418][ T9300]  ? ksys_write+0x24e/0x2d0
[  189.437445][ T9300]  ? __mutex_unlock_slowpath+0x229/0x800
[  189.437482][ T9300]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  189.437507][ T9300]  ? __fget_files+0x2a/0x420
[  189.437543][ T9300]  __x64_sys_recvmmsg+0x1ab/0x260
[  189.437569][ T9300]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  189.437596][ T9300]  ? do_syscall_64+0xb6/0x230
[  189.437625][ T9300]  do_syscall_64+0xf3/0x230
[  189.437650][ T9300]  ? clear_bhb_loop+0x45/0xa0
[  189.437674][ T9300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.437693][ T9300] RIP: 0033:0x7fcdb2d8d169
[  189.437711][ T9300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.437726][ T9300] RSP: 002b:00007fcdb3ba6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  189.437747][ T9300] RAX: ffffffffffffffda RBX: 00007fcdb2fa5fa0 RCX: 00007fcdb2d8d169
[  189.437761][ T9300] RDX: 000000000400030f RSI: 0000200000005c80 RDI: 0000000000000003
[  189.437773][ T9300] RBP: 00007fcdb3ba6090 R08: 0000000000000000 R09: 0000000000000000
[  189.437785][ T9300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  189.437796][ T9300] R13: 0000000000000000 R14: 00007fcdb2fa5fa0 R15: 00007fffdd0799e8
[  189.437827][ T9300]  </TASK>
[  189.464401][ T9302] vlan2: entered promiscuous mode
[  189.830758][ T9311] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20001 - 0
[  189.839649][ T9311] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20001 - 0
[  189.872565][ T9311] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20001 - 0
[  189.914699][ T9311] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20001 - 0
[  190.719025][ T9351] lo speed is unknown, defaulting to 1000
[  190.792430][ T9351] lo speed is unknown, defaulting to 1000
[  190.889894][ T9366] dccp_invalid_packet: invalid packet type
[  191.478414][ T9384] No such timeout policy "syz0"
[  191.656190][ T9395] __nla_validate_parse: 25 callbacks suppressed
[  191.656210][ T9395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'.
[  192.007241][ T9391] lo speed is unknown, defaulting to 1000
[  192.050785][ T9391] lo speed is unknown, defaulting to 1000
[  192.698722][   T81] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.809620][ T9436] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1098'.
[  192.824310][   T81] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.926651][   T81] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.093588][   T81] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.522567][   T81] bridge_slave_1: left allmulticast mode
[  193.534025][   T81] bridge_slave_1: left promiscuous mode
[  193.541205][   T81] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.639530][   T81] bridge_slave_0: left allmulticast mode
[  193.648362][   T81] bridge_slave_0: left promiscuous mode
[  193.681495][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  193.691857][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  193.701563][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  193.711593][   T81] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.722738][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  193.727696][ T9471] Dead loop on virtual device ipvlan1, fix it urgently!
[  193.741010][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  194.509380][   T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.531447][   T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.542130][   T81] bond0 (unregistering): Released all slaves
[  194.632788][   T81] bond1 (unregistering): (slave veth3): Releasing active interface
[  194.642620][   T81] bond1 (unregistering): Released all slaves
[  194.716088][ T9467] lo speed is unknown, defaulting to 1000
[  194.735694][ T9467] lo speed is unknown, defaulting to 1000
[  194.911005][ T9497] lo speed is unknown, defaulting to 1000
[  194.936948][   T81] IPVS: stopping master sync thread 7286 ...
[  195.047302][ T9497] lo speed is unknown, defaulting to 1000
[  195.098237][ T9513] FAULT_INJECTION: forcing a failure.
[  195.098237][ T9513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.112328][ T9513] CPU: 1 UID: 0 PID: 9513 Comm: syz.0.1117 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  195.112355][ T9513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  195.112366][ T9513] Call Trace:
[  195.112374][ T9513]  <TASK>
[  195.112382][ T9513]  dump_stack_lvl+0x241/0x360
[  195.112417][ T9513]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.112445][ T9513]  ? __pfx__printk+0x10/0x10
[  195.112484][ T9513]  should_fail_ex+0x424/0x570
[  195.112508][ T9513]  _copy_from_user+0x2d/0xb0
[  195.112536][ T9513]  copy_msghdr_from_user+0xb3/0x580
[  195.112568][ T9513]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  195.112631][ T9513]  do_recvmmsg+0x3bf/0xab0
[  195.112676][ T9513]  ? __pfx_do_recvmmsg+0x10/0x10
[  195.112717][ T9513]  ? rcu_read_lock_any_held+0xbb/0x160
[  195.112744][ T9513]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  195.112775][ T9513]  ? vfs_write+0xb29/0xd10
[  195.112808][ T9513]  ? ksys_write+0x24e/0x2d0
[  195.112835][ T9513]  ? __mutex_unlock_slowpath+0x229/0x800
[  195.112873][ T9513]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  195.112897][ T9513]  ? __fget_files+0x2a/0x420
[  195.112933][ T9513]  __x64_sys_recvmmsg+0x1ab/0x260
[  195.112958][ T9513]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  195.112988][ T9513]  ? do_syscall_64+0xb6/0x230
[  195.113017][ T9513]  do_syscall_64+0xf3/0x230
[  195.113043][ T9513]  ? clear_bhb_loop+0x45/0xa0
[  195.113067][ T9513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.113086][ T9513] RIP: 0033:0x7fd90ab8d169
[  195.113104][ T9513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.113119][ T9513] RSP: 002b:00007fd90baa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  195.113140][ T9513] RAX: ffffffffffffffda RBX: 00007fd90ada5fa0 RCX: 00007fd90ab8d169
[  195.113155][ T9513] RDX: 000000000400030f RSI: 0000200000005c80 RDI: 0000000000000003
[  195.113167][ T9513] RBP: 00007fd90baa1090 R08: 0000000000000000 R09: 0000000000000000
[  195.113179][ T9513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  195.113190][ T9513] R13: 0000000000000000 R14: 00007fd90ada5fa0 R15: 00007ffde1ffe8d8
[  195.113222][ T9513]  </TASK>
[  195.764374][ T5151] Bluetooth: hci1: command tx timeout
[  195.969531][   T81] dummy0: left promiscuous mode
[  195.990939][ T9541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1121'.
[  196.009998][   T81] hsr_slave_0: left promiscuous mode
[  196.029984][   T81] hsr_slave_1: left promiscuous mode
[  196.048843][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.056651][   T81] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.104472][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.111949][   T81] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.200969][   T81] veth0_macvtap: left promiscuous mode
[  196.246991][   T81] veth1_vlan: left promiscuous mode
[  196.273499][   T81] veth0_vlan: left promiscuous mode
[  196.916793][   T81] team0 (unregistering): Port device team_slave_1 removed
[  196.977679][   T81] team0 (unregistering): Port device team_slave_0 removed
[  197.023724][ T9559] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1125'.
[  197.654487][ T9467] chnl_net:caif_netlink_parms(): no params data found
[  197.833042][ T9569] Dead loop on virtual device ipvlan1, fix it urgently!
[  197.845946][ T5151] Bluetooth: hci1: command tx timeout
[  197.909053][ T9565] lo speed is unknown, defaulting to 1000
[  197.933416][ T9565] lo speed is unknown, defaulting to 1000
[  198.319121][ T9467] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.330521][ T9467] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.340169][ T9467] bridge_slave_0: entered allmulticast mode
[  198.352654][ T9467] bridge_slave_0: entered promiscuous mode
[  198.400134][ T9467] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.420448][ T9467] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.445588][ T9467] bridge_slave_1: entered allmulticast mode
[  198.482286][ T9467] bridge_slave_1: entered promiscuous mode
[  198.775153][ T9467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.811466][ T9467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.963711][ T9467] team0: Port device team_slave_0 added
[  199.039683][ T9467] team0: Port device team_slave_1 added
[  199.137622][ T9467] batman_adv: batadv0: Adding interface: batadv_slave_0
[  199.150219][ T9467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.181310][ T9467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.205587][ T9623] lo speed is unknown, defaulting to 1000
[  199.215787][ T9467] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.222937][ T9467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.256156][ T9467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.273976][ T9623] lo speed is unknown, defaulting to 1000
[  199.477675][ T9467] hsr_slave_0: entered promiscuous mode
[  199.495031][ T9467] hsr_slave_1: entered promiscuous mode
[  199.504548][ T9467] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  199.512146][ T9467] Cannot create hsr debugfs directory
[  199.531652][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  199.538317][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  199.767896][ T9648] Cannot find del_set index 2 as target
[  199.796886][ T9651] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1148'.
[  199.819187][ T9648] netlink: 'syz.0.1147': attribute type 1 has an invalid length.
[  199.854861][ T9651] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1148'.
[  199.923887][ T5151] Bluetooth: hci1: command tx timeout
[  199.947809][ T9651] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1148'.
[  199.968302][ T9661] IPv6: addrconf: prefix option has invalid lifetime
[  200.015243][ T9658] syz_tun: entered allmulticast mode
[  200.100885][ T9667] netlink: 'syz.1.1150': attribute type 1 has an invalid length.
[  200.141755][ T9658] dvmrp8: entered allmulticast mode
[  200.176726][ T9670] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1150'.
[  200.258123][ T9674] xt_CT: You must specify a L4 protocol and not use inversions on it
[  200.310393][ T9667] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.431777][ T9670] ip6erspan0: entered promiscuous mode
[  200.479447][ T9679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1155'.
[  200.589000][ T9656] syz_tun: left allmulticast mode
[  200.594798][ T9686] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1156'.
[  200.603009][ T9687] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1157'.
[  200.608554][ T9656] dvmrp8: left allmulticast mode
[  200.619147][ T9687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1157'.
[  200.631954][ T9687] netlink: 'syz.4.1157': attribute type 5 has an invalid length.
[  200.657063][ T9683] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1157'.
[  200.825935][ T9681] batman_adv: batadv0: Adding interface: dummy0
[  200.832246][ T9681] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.901126][ T9681] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  201.211245][ T9467] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  201.257842][ T9467] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  201.287940][ T9713] xt_hashlimit: size too large, truncated to 1048576
[  201.343310][ T9467] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  201.361574][ T9718] xt_hashlimit: size too large, truncated to 1048576
[  201.401533][ T9467] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  201.754371][ T9731] netlink: 'syz.3.1169': attribute type 11 has an invalid length.
[  202.000977][ T9467] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.014630][ T5151] Bluetooth: hci1: command tx timeout
[  202.061806][ T9467] 8021q: adding VLAN 0 to HW filter on device team0
[  202.093116][ T4116] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.100399][ T4116] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.228306][ T4116] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.235552][ T4116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.283028][ T9755] __nla_validate_parse: 4 callbacks suppressed
[  202.283048][ T9755] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1174'.
[  202.313700][ T9755] xt_TCPMSS: Only works on TCP SYN packets
[  202.444436][ T9467] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  203.272766][ T9794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1182'.
[  203.335098][ T9467] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.510659][ T9467] veth0_vlan: entered promiscuous mode
[  203.565304][ T9467] veth1_vlan: entered promiscuous mode
[  203.602861][ T9803] macsec1: entered promiscuous mode
[  203.795602][ T9805] lo speed is unknown, defaulting to 1000
[  203.803143][ T9805] lo speed is unknown, defaulting to 1000
[  203.853096][ T9467] veth0_macvtap: entered promiscuous mode
[  203.891552][ T9467] veth1_macvtap: entered promiscuous mode
[  203.902668][ T9815] netlink: 'syz.0.1187': attribute type 1 has an invalid length.
[  203.991648][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.017155][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.042569][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.072532][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.104345][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  204.133608][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.175480][ T9467] batman_adv: batadv0: Interface activated: batadv_slave_0
[  204.242742][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.268611][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.279583][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.290904][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.301138][ T9467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.324775][ T9467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.339740][ T9467] batman_adv: batadv0: Interface activated: batadv_slave_1
[  204.373192][ T9467] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.392888][ T9467] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.412588][ T9467] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.454375][ T9467] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.463339][ T9833] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1192'.
[  204.635831][ T9818] lo speed is unknown, defaulting to 1000
[  204.643420][ T9818] lo speed is unknown, defaulting to 1000
[  204.960060][ T4136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  204.982133][ T4136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.181292][ T9858] erspan1: entered promiscuous mode
[  205.192881][ T9858] erspan1: entered allmulticast mode
[  205.266549][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.292305][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.312343][ T9864] lo speed is unknown, defaulting to 1000
[  205.536734][ T9864] lo speed is unknown, defaulting to 1000
[  205.708770][ T9871] lo speed is unknown, defaulting to 1000
[  205.738754][ T9871] lo speed is unknown, defaulting to 1000
[  206.183483][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1206'.
[  206.258746][ T9883] pim6reg9: entered allmulticast mode
[  206.518536][ T9892] macsec1: entered promiscuous mode
[  206.585954][ T9895] netlink: 'syz.0.1210': attribute type 1 has an invalid length.
[  206.901452][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1214'.
[  207.036666][ T9908] vlan2: entered promiscuous mode
[  207.153027][ T9910] lo speed is unknown, defaulting to 1000
[  207.164046][ T9910] lo speed is unknown, defaulting to 1000
[  207.261187][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  207.270216][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  207.271780][ T9913] Dead loop on virtual device ipvlan1, fix it urgently!
[  207.294239][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  207.309999][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  207.318836][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  207.421694][ T9926] x_tables: ip6_tables: rpfilter.0 match: invalid size 8 (kernel) != (user) 48
[  207.439206][ T9920] lo speed is unknown, defaulting to 1000
[  207.457011][ T9925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1221'.
[  207.464073][ T9920] lo speed is unknown, defaulting to 1000
[  208.081694][ T9953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1228'.
[  208.202067][ T9959] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1228'.
[  208.305945][ T9920] chnl_net:caif_netlink_parms(): no params data found
[  208.321108][ T9962] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1231'.
[  208.427951][ T9968] netlink: 'syz.1.1233': attribute type 1 has an invalid length.
[  208.614067][ T9979] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1237'.
[  208.850874][ T9920] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.886825][ T9920] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.912316][ T9920] bridge_slave_0: entered allmulticast mode
[  208.934283][ T9995] netlink: 'syz.1.1241': attribute type 10 has an invalid length.
[  208.954960][ T9920] bridge_slave_0: entered promiscuous mode
[  208.965440][ T9998] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1240'.
[  208.975081][ T9995] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1241'.
[  208.986358][ T9920] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.993599][ T9920] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.002061][ T9920] bridge_slave_1: entered allmulticast mode
[  209.015979][ T9920] bridge_slave_1: entered promiscuous mode
[  209.057822][ T9998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1240'.
[  209.076703][ T9995] team0: Port device geneve0 added
[  209.096148][ T9998] netlink: 'syz.4.1240': attribute type 39 has an invalid length.
[  209.306979][ T9920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.327286][ T9920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.363997][ T5151] Bluetooth: hci1: command tx timeout
[  209.441203][T10015] openvswitch: netlink: Key type 30 is not supported
[  209.482333][T10015] Bluetooth: MGMT ver 1.23
[  209.609766][ T9920] team0: Port device team_slave_0 added
[  209.634941][ T9920] team0: Port device team_slave_1 added
[  209.651863][T10025] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.726974][T10024] xt_l2tp: missing protocol rule (udp|l2tpip)
[  209.821975][ T9920] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.874196][ T9920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.963803][ T9920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.020689][ T9920] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.054063][ T9920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.143958][ T9920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.172909][T10015] lo speed is unknown, defaulting to 1000
[  210.201912][T10015] lo speed is unknown, defaulting to 1000
[  210.431611][ T9920] hsr_slave_0: entered promiscuous mode
[  210.452563][ T9920] hsr_slave_1: entered promiscuous mode
[  210.473949][ T9920] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  210.503899][ T9920] Cannot create hsr debugfs directory
[  210.630943][T10054] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1261'.
[  210.687584][T10054] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1261'.
[  211.249842][ T9920] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.389681][ T9920] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.445343][ T5151] Bluetooth: hci1: command tx timeout
[  211.508553][T10079] vlan2: entered promiscuous mode
[  211.536294][T10073] lo speed is unknown, defaulting to 1000
[  211.570057][T10073] lo speed is unknown, defaulting to 1000
[  211.631771][ T9920] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.793239][ T9920] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.213260][ T9920] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  212.272603][ T9920] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  212.349530][ T9920] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  212.391926][ T9920] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  212.479402][T10121] netlink: 'syz.3.1285': attribute type 15 has an invalid length.
[  212.626937][T10130] __nla_validate_parse: 3 callbacks suppressed
[  212.626958][T10130] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1288'.
[  212.663858][T10130] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1288'.
[  212.685242][T10130] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1288'.
[  212.704830][T10130] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1288'.
[  212.934749][ T9920] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.068007][ T9920] 8021q: adding VLAN 0 to HW filter on device team0
[  213.131864][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.139101][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.160145][T10146] SET target dimension over the limit!
[  213.236656][ T4136] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.243909][ T4136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.255149][T10148] x_tables: duplicate underflow at hook 1
[  213.291988][T10149] dccp_invalid_packet: invalid packet type
[  213.303374][T10151] FAULT_INJECTION: forcing a failure.
[  213.303374][T10151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  213.327403][T10146] nbd: socks must be embedded in a SOCK_ITEM attr
[  213.394073][T10151] CPU: 0 UID: 0 PID: 10151 Comm: syz.4.1294 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  213.394109][T10151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  213.394123][T10151] Call Trace:
[  213.394131][T10151]  <TASK>
[  213.394139][T10151]  dump_stack_lvl+0x241/0x360
[  213.394179][T10151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.394209][T10151]  ? __pfx__printk+0x10/0x10
[  213.394251][T10151]  should_fail_ex+0x424/0x570
[  213.394280][T10151]  _copy_to_user+0x31/0xb0
[  213.394314][T10151]  simple_read_from_buffer+0xc4/0x170
[  213.394350][T10151]  proc_fail_nth_read+0x1ef/0x260
[  213.394376][T10151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  213.394402][T10151]  ? rw_verify_area+0x246/0x630
[  213.394423][T10151]  ? aa_sk_perm+0x96f/0xac0
[  213.394448][T10151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  213.394472][T10151]  vfs_read+0x21f/0xb90
[  213.394501][T10151]  ? __pfx_inet_bind_sk+0x10/0x10
[  213.394525][T10151]  ? __pfx_vfs_read+0x10/0x10
[  213.394554][T10151]  ? __sys_bind+0x202/0x290
[  213.394586][T10151]  ? __pfx___sys_bind+0x10/0x10
[  213.394622][T10151]  ksys_read+0x19d/0x2d0
[  213.394649][T10151]  ? __pfx_ksys_read+0x10/0x10
[  213.394679][T10151]  ? do_syscall_64+0xb6/0x230
[  213.394710][T10151]  do_syscall_64+0xf3/0x230
[  213.394736][T10151]  ? clear_bhb_loop+0x45/0xa0
[  213.394761][T10151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.394781][T10151] RIP: 0033:0x7feaff18bb7c
[  213.394807][T10151] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  213.394824][T10151] RSP: 002b:00007feafff83030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  213.394846][T10151] RAX: ffffffffffffffda RBX: 00007feaff3a5fa0 RCX: 00007feaff18bb7c
[  213.394861][T10151] RDX: 000000000000000f RSI: 00007feafff830a0 RDI: 0000000000000004
[  213.394873][T10151] RBP: 00007feafff83090 R08: 0000000000000000 R09: 0000000000000000
[  213.394886][T10151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.394898][T10151] R13: 0000000000000000 R14: 00007feaff3a5fa0 R15: 00007ffcee393f78
[  213.394932][T10151]  </TASK>
[  213.616687][ T5151] Bluetooth: hci1: command tx timeout
[  213.635587][T10158] macsec2: entered promiscuous mode
[  213.905372][T10144] lo speed is unknown, defaulting to 1000
[  213.914568][T10144] lo speed is unknown, defaulting to 1000
[  213.963936][T10171] netlink: 'syz.4.1297': attribute type 1 has an invalid length.
[  214.009217][T10171] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1297'.
[  214.080672][T10171] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1297'.
[  214.149814][T10179] xt_CT: You must specify a L4 protocol and not use inversions on it
[  214.283018][ T9920] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.346659][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1300'.
[  214.368309][T10183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1300'.
[  214.520859][ T9920] veth0_vlan: entered promiscuous mode
[  214.601693][ T9920] veth1_vlan: entered promiscuous mode
[  214.636676][T10190] Dead loop on virtual device ipvlan1, fix it urgently!
[  214.738647][ T9920] veth0_macvtap: entered promiscuous mode
[  214.792185][ T9920] veth1_macvtap: entered promiscuous mode
[  214.847726][T10193] lo speed is unknown, defaulting to 1000
[  214.885338][    C0] Dead loop on virtual device ipvlan1, fix it urgently!
[  214.911764][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.933968][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.954624][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.965289][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.975825][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.992561][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.012607][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.038418][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.052613][ T9920] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.102532][T10193] lo speed is unknown, defaulting to 1000
[  215.119055][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.155465][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.188183][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.217498][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.227958][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.242753][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.253269][ T9920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.265255][ T9920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.287102][ T9920] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.494825][ T9920] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.514238][ T9920] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.547408][ T9920] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.561398][ T9920] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.684145][ T5840] Bluetooth: hci1: command tx timeout
[  216.282485][T10235] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1313'.
[  216.321364][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.323635][T10236] syzkaller1: tun_chr_ioctl cmd 1074025677
[  216.335577][T10236] syzkaller1: linktype set to 780
[  216.390971][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  216.539076][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.555534][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  216.727228][T10245] 
@ÿ†m!]¨¨†D: renamed from bond_slave_0
[  216.902589][T10251] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  216.932133][T10251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1318'.
[  216.978930][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  216.985305][ T5840] Bluetooth: hci0: command 0x0406 tx timeout
[  216.991352][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  217.058777][T10248] lo speed is unknown, defaulting to 1000
[  217.107306][T10250] Dead loop on virtual device ipvlan1, fix it urgently!
[  217.126911][T10248] lo speed is unknown, defaulting to 1000
[  218.334084][T10299] netlink: 'syz.0.1327': attribute type 1 has an invalid length.
[  218.503212][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  218.513605][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  218.522308][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  218.558717][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  218.567788][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  218.596195][T10314] xt_l2tp: v2 tid > 0xffff: 4294967295
[  218.627402][T10299] 8021q: adding VLAN 0 to HW filter on device bond3
[  218.728779][T10308] lo speed is unknown, defaulting to 1000
[  218.736442][T10308] lo speed is unknown, defaulting to 1000
[  218.970426][T10327] Dead loop on virtual device ipvlan1, fix it urgently!
[  219.014299][T10330] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1335'.
[  219.015906][T10325] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1333'.
[  219.043036][T10332] netlink: 'syz.0.1334': attribute type 2 has an invalid length.
[  219.178579][T10338] netlink: 'syz.0.1337': attribute type 1 has an invalid length.
[  219.257676][T10308] chnl_net:caif_netlink_parms(): no params data found
[  219.319185][T10340] macsec2: entered promiscuous mode
[  219.456819][T10308] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.464635][T10308] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.471897][T10308] bridge_slave_0: entered allmulticast mode
[  219.483338][T10308] bridge_slave_0: entered promiscuous mode
[  219.492197][T10308] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.501062][T10308] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.509471][T10308] bridge_slave_1: entered allmulticast mode
[  219.517771][T10308] bridge_slave_1: entered promiscuous mode
[  219.601805][T10348] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1340'.
[  219.607797][T10308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.621660][T10351] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1342'.
[  219.652806][T10351] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1342'.
[  219.677896][T10308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.681628][T10351] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1342'.
[  219.729269][T10351] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1342'.
[  219.809550][T10355] Dead loop on virtual device ipvlan1, fix it urgently!
[  219.830221][T10308] team0: Port device team_slave_0 added
[  219.863875][T10357] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1343'.
[  219.876608][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1343'.
[  219.887752][T10353] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1343'.
[  219.903908][T10308] team0: Port device team_slave_1 added
[  220.204142][T10364] netlink: 'syz.0.1348': attribute type 3 has an invalid length.
[  220.223217][T10308] batman_adv: batadv0: Adding interface: batadv_slave_0
[  220.248561][T10308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.392867][T10308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  220.450958][T10308] batman_adv: batadv0: Adding interface: batadv_slave_1
[  220.486911][T10308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.523418][T10308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.607001][T10386] bond0: entered promiscuous mode
[  220.612125][T10386] bond_slave_0: entered promiscuous mode
[  220.618460][T10386] bond_slave_1: entered promiscuous mode
[  220.644303][ T5151] Bluetooth: hci1: command tx timeout
[  220.851955][T10395] netlink: 'syz.0.1358': attribute type 12 has an invalid length.
[  220.869618][T10395] netlink: 'syz.0.1358': attribute type 29 has an invalid length.
[  220.886505][T10395] netlink: 'syz.0.1358': attribute type 2 has an invalid length.
[  220.922971][T10308] hsr_slave_0: entered promiscuous mode
[  220.966002][T10308] hsr_slave_1: entered promiscuous mode
[  220.972492][T10308] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  220.982799][T10308] Cannot create hsr debugfs directory
[  221.043499][T10400] xt_CT: You must specify a L4 protocol and not use inversions on it
[  221.053438][T10404] IPv6: addrconf: prefix option has invalid lifetime
[  221.363236][T10410] netlink: 'syz.3.1365': attribute type 7 has an invalid length.
[  221.458100][T10408] lo speed is unknown, defaulting to 1000
[  221.500487][T10408] lo speed is unknown, defaulting to 1000
[  221.739937][T10308] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.935690][T10308] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.159762][T10308] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.342419][T10308] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.469006][T10453] vlan2: entered promiscuous mode
[  222.723893][ T5151] Bluetooth: hci1: command tx timeout
[  222.745715][T10308] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  222.847764][T10467] batadv1: entered promiscuous mode
[  222.853037][T10467] batadv1: entered allmulticast mode
[  222.917997][T10308] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  222.929056][T10471] xt_socket: unknown flags 0x8
[  222.951154][T10308] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  222.997522][T10472] batadv1: entered promiscuous mode
[  223.003265][T10472] batadv1: entered allmulticast mode
[  223.048100][T10308] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  223.611827][T10492] lo speed is unknown, defaulting to 1000
[  223.671523][T10308] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.739503][T10492] lo speed is unknown, defaulting to 1000
[  223.757029][T10308] 8021q: adding VLAN 0 to HW filter on device team0
[  223.801238][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.808435][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.927502][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.934715][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.973715][T10513] netlink: 'syz.1.1403': attribute type 21 has an invalid length.
[  223.996786][T10513] netlink: 'syz.1.1403': attribute type 4 has an invalid length.
[  224.018953][T10513] netlink: 'syz.1.1403': attribute type 5 has an invalid length.
[  224.031616][T10513] __nla_validate_parse: 13 callbacks suppressed
[  224.031632][T10513] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1403'.
[  224.253225][T10526] netlink: 'syz.1.1407': attribute type 1 has an invalid length.
[  224.562784][T10308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.699726][T10308] veth0_vlan: entered promiscuous mode
[  224.751691][T10308] veth1_vlan: entered promiscuous mode
[  224.804234][ T5151] Bluetooth: hci1: command tx timeout
[  224.850281][T10308] veth0_macvtap: entered promiscuous mode
[  224.872054][T10308] veth1_macvtap: entered promiscuous mode
[  224.911577][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.931606][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.941638][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.958606][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.982485][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.010418][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.037793][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.056949][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.080817][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.103401][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.149581][T10308] batman_adv: batadv0: Interface activated: batadv_slave_0
[  225.180541][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.205477][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.229650][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.240803][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.251136][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.263056][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.273927][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.286701][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.297996][T10308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.309094][T10308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.321931][T10308] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.451212][T10308] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.504054][T10308] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.512903][T10308] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.531577][T10563] netlink: 'syz.4.1418': attribute type 11 has an invalid length.
[  225.552359][T10562] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1419'.
[  225.575109][T10308] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.621509][T10570] vlan0: entered promiscuous mode
[  226.057009][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.068122][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.185585][T10589] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1428'.
[  226.207912][T10593] xt_CT: You must specify a L4 protocol and not use inversions on it
[  226.236060][ T2909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.264438][ T2909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.688093][T10637] netlink: 124 bytes leftover after parsing attributes in process `syz.4.1445'.
[  228.002860][T10643] vlan2: entered promiscuous mode
[  228.005686][T10651] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1447'.
[  228.344647][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  228.356522][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  228.369357][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  228.377571][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  228.390404][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  228.511145][T10660] lo speed is unknown, defaulting to 1000
[  228.522139][T10660] lo speed is unknown, defaulting to 1000
[  228.557874][T10670] sctp: [Deprecated]: syz.3.1455 (pid 10670) Use of int in maxseg socket option.
[  228.557874][T10670] Use struct sctp_assoc_value instead
[  228.586278][T10670] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1455'.
[  228.743167][T10680] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1457'.
[  228.971896][T10685] delete_channel: no stack
[  228.998188][T10690] netlink: 'syz.4.1460': attribute type 1 has an invalid length.
[  229.080404][T10660] chnl_net:caif_netlink_parms(): no params data found
[  229.406540][T10660] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.414797][T10660] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.422076][T10660] bridge_slave_0: entered allmulticast mode
[  229.444934][T10660] bridge_slave_0: entered promiscuous mode
[  229.468580][T10660] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.484225][T10660] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.500248][T10660] bridge_slave_1: entered allmulticast mode
[  229.521645][T10660] bridge_slave_1: entered promiscuous mode
[  229.703359][T10660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.788459][T10660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.807037][T10718] dccp_invalid_packet: invalid packet type
[  229.819566][T10715] lo speed is unknown, defaulting to 1000
[  229.853539][T10715] lo speed is unknown, defaulting to 1000
[  229.939976][T10660] team0: Port device team_slave_0 added
[  229.962166][T10660] team0: Port device team_slave_1 added
[  230.138203][T10660] batman_adv: batadv0: Adding interface: batadv_slave_0
[  230.153372][T10660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.180764][T10660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.196992][T10660] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.204213][T10660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.230836][T10660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.486380][ T5151] Bluetooth: hci1: command tx timeout
[  230.491528][T10736] xt_CT: You must specify a L4 protocol and not use inversions on it
[  230.555257][T10660] hsr_slave_0: entered promiscuous mode
[  230.562105][T10660] hsr_slave_1: entered promiscuous mode
[  230.610456][T10660] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  230.680878][T10660] Cannot create hsr debugfs directory
[  231.075666][T10760] netlink: 'syz.3.1485': attribute type 1 has an invalid length.
[  231.239822][T10760] bond2: entered promiscuous mode
[  231.248117][T10760] 8021q: adding VLAN 0 to HW filter on device bond2
[  231.358792][T10772] netlink: 34 bytes leftover after parsing attributes in process `syz.4.1490'.
[  231.379291][T10660] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.394496][T10773] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1490'.
[  231.395288][T10772] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1490'.
[  231.545041][T10660] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.638060][T10660] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.691233][T10778] lo speed is unknown, defaulting to 1000
[  231.716734][T10778] lo speed is unknown, defaulting to 1000
[  231.760640][T10660] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.133675][T10796] xt_cluster: you have exceeded the maximum number of cluster nodes (261 > 32)
[  232.141843][T10660] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  232.178873][T10660] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  232.207903][T10660] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  232.268292][T10660] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  232.377200][T10805] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  232.424686][T10805] macvlan2: entered allmulticast mode
[  232.430237][T10805] bond0: entered allmulticast mode
[  232.436990][T10805] team0: Port device macvlan2 added
[  232.564418][ T5151] Bluetooth: hci1: command tx timeout
[  232.658113][T10808] lo speed is unknown, defaulting to 1000
[  232.713572][T10808] lo speed is unknown, defaulting to 1000
[  232.744983][T10660] 8021q: adding VLAN 0 to HW filter on device bond0
[  232.836618][T10660] 8021q: adding VLAN 0 to HW filter on device team0
[  232.963673][T10817] lo speed is unknown, defaulting to 1000
[  232.977223][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.984426][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.026476][T10817] lo speed is unknown, defaulting to 1000
[  233.084757][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.091971][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.154710][T10824] vlan2: entered promiscuous mode
[  233.389614][T10827] netlink: 'syz.0.1505': attribute type 1 has an invalid length.
[  233.411671][T10660] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  233.586497][T10833] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1506'.
[  233.935349][T10850] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4.
[  233.957912][T10660] 8021q: adding VLAN 0 to HW filter on device batadv0
[  234.156826][T10660] veth0_vlan: entered promiscuous mode
[  234.186241][T10660] veth1_vlan: entered promiscuous mode
[  234.306417][T10660] veth0_macvtap: entered promiscuous mode
[  234.345002][T10660] veth1_macvtap: entered promiscuous mode
[  234.459116][T10872] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  234.486856][T10872] macvlan2: entered promiscuous mode
[  234.492646][T10872] macvlan2: entered allmulticast mode
[  234.498971][T10872] bond0: entered allmulticast mode
[  234.507138][T10872] bond_slave_0: entered allmulticast mode
[  234.513040][T10872] bond_slave_1: entered allmulticast mode
[  234.520341][T10872] team0: Port device macvlan2 added
[  234.565516][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.603789][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.634248][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.643988][ T5151] Bluetooth: hci1: command tx timeout
[  234.685879][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.743926][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.771803][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.782322][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.805749][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.816428][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.829561][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.862565][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  234.883342][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  234.909201][T10660] batman_adv: batadv0: Interface activated: batadv_slave_0
[  234.969902][T10889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1524'.
[  234.990268][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.004064][T10889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1524'.
[  235.037268][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.064847][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.088584][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.115247][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.126612][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.140654][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.151386][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.167753][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.178579][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.193832][T10660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.224063][T10660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.245581][T10660] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.308255][T10895] vlan2: entered promiscuous mode
[  235.461367][T10660] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.513537][T10660] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.532317][T10660] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.548951][T10660] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.576988][T10899] lo speed is unknown, defaulting to 1000
[  235.610447][T10899] lo speed is unknown, defaulting to 1000
[  236.004518][ T4116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.012384][ T4116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.131044][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.167706][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.870723][T10955] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1545'.
[  238.015227][T10965] lo speed is unknown, defaulting to 1000
[  238.022785][T10965] lo speed is unknown, defaulting to 1000
[  238.545856][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  238.556195][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  238.570949][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  238.580313][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  238.595966][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  238.718899][T10987] lo speed is unknown, defaulting to 1000
[  238.739796][T10987] lo speed is unknown, defaulting to 1000
[  238.877334][T11001] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  238.906875][T11001] macvlan3: entered allmulticast mode
[  238.916737][T11001] team0: Port device macvlan3 added
[  239.097908][T11010] FAULT_INJECTION: forcing a failure.
[  239.097908][T11010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.114639][T11010] CPU: 1 UID: 0 PID: 11010 Comm: syz.4.1567 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  239.114670][T11010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  239.114683][T11010] Call Trace:
[  239.114692][T11010]  <TASK>
[  239.114700][T11010]  dump_stack_lvl+0x241/0x360
[  239.114741][T11010]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.114772][T11010]  ? __pfx__printk+0x10/0x10
[  239.114814][T11010]  should_fail_ex+0x424/0x570
[  239.114844][T11010]  _copy_to_user+0x31/0xb0
[  239.114877][T11010]  simple_read_from_buffer+0xc4/0x170
[  239.114913][T11010]  proc_fail_nth_read+0x1ef/0x260
[  239.114939][T11010]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.114965][T11010]  ? rw_verify_area+0x246/0x630
[  239.114987][T11010]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.115011][T11010]  vfs_read+0x21f/0xb90
[  239.115041][T11010]  ? __pfx___mutex_lock+0x10/0x10
[  239.115069][T11010]  ? __pfx_vfs_read+0x10/0x10
[  239.115096][T11010]  ? __fget_files+0x2a/0x420
[  239.115117][T11010]  ? __fget_files+0x39d/0x420
[  239.115134][T11010]  ? __fget_files+0x2a/0x420
[  239.115164][T11010]  ksys_read+0x19d/0x2d0
[  239.115190][T11010]  ? __pfx_ksys_read+0x10/0x10
[  239.115221][T11010]  ? do_syscall_64+0xb6/0x230
[  239.115252][T11010]  do_syscall_64+0xf3/0x230
[  239.115279][T11010]  ? clear_bhb_loop+0x45/0xa0
[  239.115305][T11010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.115325][T11010] RIP: 0033:0x7feaff18bb7c
[  239.115344][T11010] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  239.115366][T11010] RSP: 002b:00007feafff83030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  239.115388][T11010] RAX: ffffffffffffffda RBX: 00007feaff3a5fa0 RCX: 00007feaff18bb7c
[  239.115403][T11010] RDX: 000000000000000f RSI: 00007feafff830a0 RDI: 0000000000000004
[  239.115416][T11010] RBP: 00007feafff83090 R08: 0000000000000000 R09: 0000000000000000
[  239.115429][T11010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.115442][T11010] R13: 0000000000000000 R14: 00007feaff3a5fa0 R15: 00007ffcee393f78
[  239.115475][T11010]  </TASK>
[  239.538096][T11020] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1569'.
[  239.549744][T11020] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1569'.
[  240.029840][T10987] chnl_net:caif_netlink_parms(): no params data found
[  240.448842][T10987] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.462483][T10987] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.471058][T10987] bridge_slave_0: entered allmulticast mode
[  240.479088][T10987] bridge_slave_0: entered promiscuous mode
[  240.522728][T10987] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.524618][T11060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1581'.
[  240.530523][T10987] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.547152][T10987] bridge_slave_1: entered allmulticast mode
[  240.556162][T10987] bridge_slave_1: entered promiscuous mode
[  240.644716][   T55] Bluetooth: hci1: command tx timeout
[  240.683935][T10987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  240.716613][T10987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  240.861148][T10987] team0: Port device team_slave_0 added
[  240.876113][T10987] team0: Port device team_slave_1 added
[  240.989948][T10987] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.044919][T10987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.160250][T10987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  241.185578][T10987] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.197298][T10987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.228695][T10987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  241.547594][T10987] hsr_slave_0: entered promiscuous mode
[  241.564770][T10987] hsr_slave_1: entered promiscuous mode
[  241.588679][T10987] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  241.614183][T10987] Cannot create hsr debugfs directory
[  241.676057][T11100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1594'.
[  241.732003][T11100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  241.856365][T11100] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.115434][T11113] FAULT_INJECTION: forcing a failure.
[  242.115434][T11113] name failslab, interval 1, probability 0, space 0, times 0
[  242.150910][T11113] CPU: 0 UID: 0 PID: 11113 Comm: syz.0.1600 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  242.150940][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  242.150953][T11113] Call Trace:
[  242.150962][T11113]  <TASK>
[  242.150970][T11113]  dump_stack_lvl+0x241/0x360
[  242.151009][T11113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.151039][T11113]  ? __pfx__printk+0x10/0x10
[  242.151073][T11113]  ? __pfx___might_resched+0x10/0x10
[  242.151102][T11113]  should_fail_ex+0x424/0x570
[  242.151130][T11113]  should_failslab+0xac/0x100
[  242.151161][T11113]  __kmalloc_noprof+0xdf/0x4d0
[  242.151188][T11113]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  242.151238][T11113]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  242.151276][T11113]  tomoyo_realpath_from_path+0xcf/0x5e0
[  242.151335][T11113]  tomoyo_path_number_perm+0x245/0x790
[  242.151372][T11113]  ? tomoyo_path_number_perm+0x215/0x790
[  242.151402][T11113]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  242.151437][T11113]  ? ksys_write+0x24e/0x2d0
[  242.151469][T11113]  ? __lock_acquire+0xad5/0xd80
[  242.151512][T11113]  ? __fget_files+0x2a/0x420
[  242.151530][T11113]  ? __fget_files+0x2a/0x420
[  242.151551][T11113]  ? __fget_files+0x2a/0x420
[  242.151576][T11113]  security_file_ioctl+0xc6/0x2a0
[  242.151603][T11113]  __se_sys_ioctl+0x46/0x160
[  242.151631][T11113]  do_syscall_64+0xf3/0x230
[  242.151659][T11113]  ? clear_bhb_loop+0x45/0xa0
[  242.151683][T11113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.151703][T11113] RIP: 0033:0x7fd90ab8d169
[  242.151721][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.151738][T11113] RSP: 002b:00007fd90baa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  242.151759][T11113] RAX: ffffffffffffffda RBX: 00007fd90ada5fa0 RCX: 00007fd90ab8d169
[  242.151774][T11113] RDX: 0000200000000a00 RSI: 00000000000089f1 RDI: 0000000000000003
[  242.151788][T11113] RBP: 00007fd90baa1090 R08: 0000000000000000 R09: 0000000000000000
[  242.151800][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.151812][T11113] R13: 0000000000000000 R14: 00007fd90ada5fa0 R15: 00007ffde1ffe8d8
[  242.151844][T11113]  </TASK>
[  242.151853][T11113] ERROR: Out of memory at tomoyo_realpath_from_path.
[  242.284799][T11096] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  242.436720][T10987] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.689393][T10987] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.729528][   T55] Bluetooth: hci1: command tx timeout
[  242.861943][T10987] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.036688][T10987] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.422093][T11158] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1613'.
[  243.446514][T10987] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  243.482838][T10987] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  243.527115][T10987] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  243.588612][T10987] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  243.607152][   T55] Bluetooth: hci4: command 0x0405 tx timeout
[  243.915935][T10987] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.002141][T10987] 8021q: adding VLAN 0 to HW filter on device team0
[  244.096657][ T4116] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.103933][ T4116] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.147120][ T4116] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.154378][ T4116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.805240][   T55] Bluetooth: hci1: command tx timeout
[  244.934869][T10987] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.140789][T10987] veth0_vlan: entered promiscuous mode
[  245.172064][T10987] veth1_vlan: entered promiscuous mode
[  245.285382][T10987] veth0_macvtap: entered promiscuous mode
[  245.319784][T10987] veth1_macvtap: entered promiscuous mode
[  245.477448][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.495614][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.533815][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.681789][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.734072][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.745233][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.775744][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.803972][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.815882][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.834208][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.875332][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.920655][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.946652][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.964130][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.976722][T10987] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.156065][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.169585][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.188432][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.208309][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.225791][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.260436][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.272985][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.284295][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.294626][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.312640][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.330199][T10987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.349055][T10987] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.363559][T10987] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.445319][T10987] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  246.457323][T10987] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  246.492246][T10987] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  246.523265][T10987] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.887121][   T55] Bluetooth: hci1: command tx timeout
[  246.892895][ T5952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  246.910595][ T5952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.989620][T11302] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  247.013652][T11302] team0: Port device macvlan2 added
[  247.108191][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.125286][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.502771][ T5151] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  249.512095][ T5151] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  249.520534][ T5151] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  249.535379][ T5151] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  249.546728][ T5151] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  249.679123][T11357] lo speed is unknown, defaulting to 1000
[  249.687025][T11357] lo speed is unknown, defaulting to 1000
[  249.730143][T11362] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) !
[  249.818059][T11366] bridge0: port 2(vlan0) entered blocking state
[  249.833111][T11366] bridge0: port 2(vlan0) entered disabled state
[  249.841657][T11366] vlan0: entered allmulticast mode
[  249.858273][T11366] bridge0: entered allmulticast mode
[  249.870737][T11366] vlan0: left allmulticast mode
[  249.883450][T11366] bridge0: left allmulticast mode
[  250.527793][T11357] chnl_net:caif_netlink_parms(): no params data found
[  250.965632][T11405] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  250.987707][T11357] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.995106][T11357] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.003967][T11407] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1679'.
[  251.013411][T11357] bridge_slave_0: entered allmulticast mode
[  251.046709][T11357] bridge_slave_0: entered promiscuous mode
[  251.076271][T11357] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.083505][T11357] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.145935][T11411] netlink: 'syz.0.1680': attribute type 10 has an invalid length.
[  251.154404][T11357] bridge_slave_1: entered allmulticast mode
[  251.162365][T11357] bridge_slave_1: entered promiscuous mode
[  251.184098][T11411] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1680'.
[  251.296205][T11357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  251.359213][T11357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  251.604094][ T5151] Bluetooth: hci1: command tx timeout
[  251.630901][T11357] team0: Port device team_slave_0 added
[  251.683007][T11357] team0: Port device team_slave_1 added
[  251.885042][T11357] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.906334][T11357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.028731][T11357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  252.050764][T11357] batman_adv: batadv0: Adding interface: batadv_slave_1
[  252.060724][T11357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.089191][T11357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.299039][T11357] hsr_slave_0: entered promiscuous mode
[  252.316403][T11357] hsr_slave_1: entered promiscuous mode
[  252.333165][T11357] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.349250][T11357] Cannot create hsr debugfs directory
[  252.631581][T11466] pimreg0: tun_chr_ioctl cmd 1074025677
[  252.637524][T11466] pimreg0: linktype set to 65534
[  253.091707][T11491] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  253.157552][T11491] macvlan4: entered allmulticast mode
[  253.195673][T11491] team0: Port device macvlan4 added
[  253.279188][T11501] xt_CT: You must specify a L4 protocol and not use inversions on it
[  253.351183][T11357] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.611684][T11357] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.693990][ T5151] Bluetooth: hci1: command tx timeout
[  253.875542][T11357] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.022211][T11533] netlink: 'syz.3.1719': attribute type 4 has an invalid length.
[  254.111973][T11357] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.269458][T11544] vlan2: entered promiscuous mode
[  254.701060][T11357] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  254.737526][T11565] xt_CT: You must specify a L4 protocol and not use inversions on it
[  254.738566][T11357] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  254.798915][T11357] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  254.871257][T11357] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  255.068314][T11578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1737'.
[  255.080575][T11574] netlink: 'syz.3.1735': attribute type 39 has an invalid length.
[  255.096178][T11578] netlink: 'syz.0.1737': attribute type 7 has an invalid length.
[  255.141312][T11574] syz_tun (unregistering): left allmulticast mode
[  255.438111][T11591] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1742'.
[  255.566870][T11357] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.630194][T11357] 8021q: adding VLAN 0 to HW filter on device team0
[  255.667518][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.674823][ T5952] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.711387][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.718657][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.765172][ T5151] Bluetooth: hci1: command tx timeout
[  256.240054][T11621] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1753'.
[  256.304188][T11357] 8021q: adding VLAN 0 to HW filter on device batadv0
[  256.443299][T11357] veth0_vlan: entered promiscuous mode
[  256.480739][T11357] veth1_vlan: entered promiscuous mode
[  256.538864][T11629] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  256.547874][T11629] macvlan5: entered allmulticast mode
[  256.556616][T11629] team0: Port device macvlan5 added
[  256.622357][T11357] veth0_macvtap: entered promiscuous mode
[  256.663375][T11357] veth1_macvtap: entered promiscuous mode
[  256.770758][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.804956][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.842133][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.861059][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.883165][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.905237][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.915250][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.925770][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.936310][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.961426][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  256.982722][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  256.994149][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.005362][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.016794][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.026952][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.037623][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.060624][T11357] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.161414][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.207721][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.218261][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.230735][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.241171][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.258885][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.274559][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.302066][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.314889][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.334337][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.349601][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.360514][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.377235][T11357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.399931][T11357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.421886][T11357] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.481414][T11357] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.507866][T11357] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.534756][T11357] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.563830][T11357] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.845035][ T5151] Bluetooth: hci1: command tx timeout
[  257.953457][T11680] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  257.968972][T11676] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  257.971249][T11682] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  258.021063][T11676] macvlan3: entered promiscuous mode
[  258.029485][T11676] macvlan3: entered allmulticast mode
[  258.037534][T11676] team0: Port device macvlan3 added
[  258.055188][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.063039][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.452191][T11257] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.473867][T11257] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.254904][T11711] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1784'.
[  259.273949][T11711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1784'.
[  259.295448][T11711] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1784'.
[  259.305301][T11711] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1784'.
[  259.873925][T11722] SET target dimension over the limit!
[  260.971317][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  260.978716][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  261.805722][T11741] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  261.832157][T11741] macvlan4: entered promiscuous mode
[  261.860017][T11741] macvlan4: entered allmulticast mode
[  261.874969][T11741] team0: Port device macvlan4 added
[  262.835391][T11750] tipc: Started in network mode
[  262.840337][T11750] tipc: Node identity @, cluster identity 4711
[  262.882481][T11750] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  263.022390][T11750] lo speed is unknown, defaulting to 1000
[  263.085217][T11757] x_tables: duplicate underflow at hook 2
[  263.197853][T11761] netlink: 'syz.1.1804': attribute type 1 has an invalid length.
[  263.206183][T11761] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1804'.
[  263.511496][T11766] lo speed is unknown, defaulting to 1000
[  263.591988][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  263.602506][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  263.611240][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  263.621308][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  263.631810][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  263.792371][T11768] lo speed is unknown, defaulting to 1000
[  263.962492][T11779] lo speed is unknown, defaulting to 1000
[  264.539904][T11779] chnl_net:caif_netlink_parms(): no params data found
[  265.191663][T11779] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.223975][T11779] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.231360][T11779] bridge_slave_0: entered allmulticast mode
[  265.279960][T11779] bridge_slave_0: entered promiscuous mode
[  265.308068][T11779] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.334182][T11779] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.341546][T11779] bridge_slave_1: entered allmulticast mode
[  265.389646][T11779] bridge_slave_1: entered promiscuous mode
[  265.548767][T11779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  265.571749][T11779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  265.684183][ T5151] Bluetooth: hci1: command tx timeout
[  265.733485][T11834] lo speed is unknown, defaulting to 1000
[  265.810484][T11779] team0: Port device team_slave_0 added
[  265.944933][T11779] team0: Port device team_slave_1 added
[  266.117660][T11779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.172102][T11779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.226476][ T5916] IPVS: starting estimator thread 0...
[  266.237499][T11779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.318143][T11779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.349194][T11779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.387460][T11862] IPVS: using max 27 ests per chain, 64800 per kthread
[  266.462535][T11779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.879173][T11779] hsr_slave_0: entered promiscuous mode
[  266.910599][T11779] hsr_slave_1: entered promiscuous mode
[  266.921556][T11779] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  266.942028][T11779] Cannot create hsr debugfs directory
[  267.419849][T11894] lo speed is unknown, defaulting to 1000
[  267.597816][T11913] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1844'.
[  267.634820][T11913] netlink: 'syz.4.1844': attribute type 12 has an invalid length.
[  267.764499][ T5151] Bluetooth: hci1: command tx timeout
[  267.987235][T11779] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.240273][T11779] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.255006][T11938] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  268.465566][T11779] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.597218][T11947] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  268.625704][T11947] macvlan5: entered promiscuous mode
[  268.642162][T11947] macvlan5: entered allmulticast mode
[  268.665189][T11947] team0: Port device macvlan5 added
[  268.789714][T11779] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.928223][T11965] FAULT_INJECTION: forcing a failure.
[  268.928223][T11965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.975432][T11965] CPU: 1 UID: 0 PID: 11965 Comm: syz.0.1858 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  268.975482][T11965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  268.975508][T11965] Call Trace:
[  268.975516][T11965]  <TASK>
[  268.975525][T11965]  dump_stack_lvl+0x241/0x360
[  268.975565][T11965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.975595][T11965]  ? __pfx__printk+0x10/0x10
[  268.975639][T11965]  should_fail_ex+0x424/0x570
[  268.975667][T11965]  _copy_from_user+0x2d/0xb0
[  268.975699][T11965]  sctp_setsockopt+0xc9/0x11e0
[  268.975723][T11965]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  268.975753][T11965]  do_sock_setsockopt+0x3b1/0x710
[  268.975782][T11965]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  268.975800][T11965]  ? __fget_files+0x2a/0x420
[  268.975825][T11965]  ? __fget_files+0x39d/0x420
[  268.975841][T11965]  ? __fget_files+0x2a/0x420
[  268.975870][T11965]  __x64_sys_setsockopt+0x1ee/0x280
[  268.975899][T11965]  do_syscall_64+0xf3/0x230
[  268.975934][T11965]  ? clear_bhb_loop+0x45/0xa0
[  268.975960][T11965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.975985][T11965] RIP: 0033:0x7fd90ab8d169
[  268.976003][T11965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.976021][T11965] RSP: 002b:00007fd90baa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  268.976044][T11965] RAX: ffffffffffffffda RBX: 00007fd90ada5fa0 RCX: 00007fd90ab8d169
[  268.976059][T11965] RDX: 000000000000000b RSI: 0000000000000084 RDI: 0000000000000003
[  268.976071][T11965] RBP: 00007fd90baa1090 R08: 000000000000000e R09: 0000000000000000
[  268.976084][T11965] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.976097][T11965] R13: 0000000000000000 R14: 00007fd90ada5fa0 R15: 00007ffde1ffe8d8
[  268.976143][T11965]  </TASK>
[  269.415735][T11779] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  269.469030][T11970] lo speed is unknown, defaulting to 1000
[  269.485600][T11779] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  269.609854][T11779] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  269.679258][T11779] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  269.846018][ T5151] Bluetooth: hci1: command tx timeout
[  270.007978][T11998] No such timeout policy "syz0"
[  270.248997][T12002] bond_slave_0: entered promiscuous mode
[  270.255068][T12002] bond_slave_1: entered promiscuous mode
[  270.294396][T12002] vlan2: entered promiscuous mode
[  270.301079][T12002] 
: entered promiscuous mode
[  270.321542][T12007] netlink: 'syz.3.1873': attribute type 1 has an invalid length.
[  270.389246][T12004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1872'.
[  270.482592][T11779] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.560044][T11779] 8021q: adding VLAN 0 to HW filter on device team0
[  270.606166][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.613408][ T5950] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.671728][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.679030][ T5952] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.441711][T12037] lo speed is unknown, defaulting to 1000
[  271.531210][T11779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  271.607828][T12042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1883'.
[  271.925769][ T5151] Bluetooth: hci1: command tx timeout
[  271.939875][T11779] veth0_vlan: entered promiscuous mode
[  271.968101][T11779] veth1_vlan: entered promiscuous mode
[  272.348481][T11779] veth0_macvtap: entered promiscuous mode
[  272.389711][T11779] veth1_macvtap: entered promiscuous mode
[  272.572416][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.611595][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.636555][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.682524][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.711290][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.748809][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.774304][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.799888][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.823813][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.852621][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.863103][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.875322][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.885989][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.897775][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.908758][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.919826][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.930578][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.944646][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.961433][T11779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  273.133996][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.174381][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.195859][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.215197][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.234499][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.247372][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.260687][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.271819][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.283027][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.294252][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.304928][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.321419][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.332307][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.343342][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.354046][T11779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.367772][T11779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.380254][T11779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  273.389822][T12069] lo speed is unknown, defaulting to 1000
[  273.437645][T12098] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1902'.
[  273.495511][T11779] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  273.512800][T11779] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  273.535703][T11779] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  273.556075][T11779] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  273.636823][T12107] vlan2: entered promiscuous mode
[  274.019738][T12117] netlink: 'syz.4.1907': attribute type 1 has an invalid length.
[  274.170961][T11255] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.216215][T11255] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.357342][T11250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.399954][T11250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.493903][T12125] lo speed is unknown, defaulting to 1000
[  274.672135][T12134] vlan2: entered promiscuous mode
[  275.021418][T12149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1918'.
[  276.381491][T12165] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1925'.
[  276.411335][T12161] vlan2: entered promiscuous mode
[  276.668196][T12163] lo speed is unknown, defaulting to 1000
[  276.873544][T12182] xt_hashlimit: size too large, truncated to 1048576
[  276.880897][T12182] xt_hashlimit: max too large, truncated to 1048576
[  277.130848][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  277.139428][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  277.150920][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  277.162922][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  277.172444][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  277.260025][T12187] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.366584][T12190] lo speed is unknown, defaulting to 1000
[  277.981682][T12190] chnl_net:caif_netlink_parms(): no params data found
[  278.124610][T12218] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  278.185640][T12216] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  278.214883][T12216] team0: Port device macvlan3 added
[  278.436179][T12230] FAULT_INJECTION: forcing a failure.
[  278.436179][T12230] name failslab, interval 1, probability 0, space 0, times 0
[  278.451999][T12230] CPU: 1 UID: 0 PID: 12230 Comm: syz.0.1945 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  278.452036][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  278.452048][T12230] Call Trace:
[  278.452056][T12230]  <TASK>
[  278.452065][T12230]  dump_stack_lvl+0x241/0x360
[  278.452103][T12230]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.452133][T12230]  ? __pfx__printk+0x10/0x10
[  278.452166][T12230]  ? __pfx___might_resched+0x10/0x10
[  278.452198][T12230]  should_fail_ex+0x424/0x570
[  278.452225][T12230]  should_failslab+0xac/0x100
[  278.452255][T12230]  __kmalloc_noprof+0xdf/0x4d0
[  278.452283][T12230]  ? sock_kmalloc+0xd7/0x160
[  278.452312][T12230]  sock_kmalloc+0xd7/0x160
[  278.452338][T12230]  ____sys_sendmsg+0x23b/0x860
[  278.452370][T12230]  ? __pfx_____sys_sendmsg+0x10/0x10
[  278.452388][T12230]  ? __fget_files+0x2a/0x420
[  278.452412][T12230]  ? __fget_files+0x2a/0x420
[  278.452440][T12230]  __sys_sendmmsg+0x3a0/0x7b0
[  278.452474][T12230]  ? __pfx___sys_sendmmsg+0x10/0x10
[  278.452534][T12230]  ? rcu_read_lock_any_held+0xbb/0x160
[  278.452562][T12230]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  278.452593][T12230]  ? vfs_write+0xb29/0xd10
[  278.452626][T12230]  ? ksys_write+0x24e/0x2d0
[  278.452653][T12230]  ? __mutex_unlock_slowpath+0x229/0x800
[  278.452712][T12230]  ? ksys_write+0x275/0x2d0
[  278.452748][T12230]  __x64_sys_sendmmsg+0xa0/0xb0
[  278.452773][T12230]  do_syscall_64+0xf3/0x230
[  278.452800][T12230]  ? clear_bhb_loop+0x45/0xa0
[  278.452824][T12230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.452844][T12230] RIP: 0033:0x7fd90ab8d169
[  278.452862][T12230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.452878][T12230] RSP: 002b:00007fd90baa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  278.452900][T12230] RAX: ffffffffffffffda RBX: 00007fd90ada5fa0 RCX: 00007fd90ab8d169
[  278.452915][T12230] RDX: 0000000000000001 RSI: 00002000000027c0 RDI: 0000000000000003
[  278.452929][T12230] RBP: 00007fd90baa1090 R08: 0000000000000000 R09: 0000000000000000
[  278.452941][T12230] R10: 0000000000004080 R11: 0000000000000246 R12: 0000000000000001
[  278.452954][T12230] R13: 0000000000000000 R14: 00007fd90ada5fa0 R15: 00007ffde1ffe8d8
[  278.452986][T12230]  </TASK>
[  278.862137][T12240] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1948'.
[  279.029060][T12241] IPv6: Can't replace route, no match found
[  279.036077][T12223] lo speed is unknown, defaulting to 1000
[  279.084672][T12190] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.108951][T12190] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.135509][T12190] bridge_slave_0: entered allmulticast mode
[  279.175138][T12190] bridge_slave_0: entered promiscuous mode
[  279.205150][   T55] Bluetooth: hci1: command tx timeout
[  279.237426][T12190] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.262168][T12190] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.270513][T12190] bridge_slave_1: entered allmulticast mode
[  279.278938][T12190] bridge_slave_1: entered promiscuous mode
[  279.279263][T12249] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1952'.
[  279.305548][T12249] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1952'.
[  279.319692][T12251] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1953'.
[  279.337579][T12251] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1953'.
[  279.360281][T12251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1953'.
[  279.370540][T12190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.382218][T12251] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1953'.
[  279.428341][T12190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.679410][T12259] vlan0: entered promiscuous mode
[  279.800768][T12190] team0: Port device team_slave_0 added
[  279.834841][T12261] 
[  279.837229][T12261] ======================================================
[  279.844294][T12261] WARNING: possible circular locking dependency detected
[  279.851332][T12261] 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 Not tainted
[  279.858458][T12261] ------------------------------------------------------
[  279.865496][T12261] syz.1.1958/12261 is trying to acquire lock:
[  279.871668][T12261] ffff88807fab0d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: xsk_bind+0x2fd/0xfb0
[  279.881155][T12261] 
[  279.881155][T12261] but task is already holding lock:
[  279.888540][T12261] ffff8880633e16f0 (&xs->mutex){+.+.}-{4:4}, at: xsk_bind+0x166/0xfb0
[  279.896774][T12261] 
[  279.896774][T12261] which lock already depends on the new lock.
[  279.896774][T12261] 
[  279.907208][T12261] 
[  279.907208][T12261] the existing dependency chain (in reverse order) is:
[  279.916251][T12261] 
[  279.916251][T12261] -> #3 (&xs->mutex){+.+.}-{4:4}:
[  279.923512][T12261]        lock_acquire+0x116/0x2f0
[  279.928572][T12261]        __mutex_lock+0x1a5/0x10c0
[  279.933721][T12261]        xsk_notifier+0xcf/0x230
[  279.938688][T12261]        notifier_call_chain+0x1a5/0x3f0
[  279.944354][T12261]        unregister_netdevice_many_notify+0x1572/0x2510
[  279.951326][T12261]        rtnl_newlink_create+0x951/0xcb0
[  279.956986][T12261]        rtnl_newlink+0x18b0/0x1fe0
[  279.962230][T12261]        rtnetlink_rcv_msg+0x80f/0xd70
[  279.967726][T12261]        netlink_rcv_skb+0x208/0x480
[  279.973049][T12261]        netlink_unicast+0x7f8/0x9a0
[  279.978369][T12261]        netlink_sendmsg+0x8c3/0xcd0
[  279.983692][T12261]        __sock_sendmsg+0x221/0x270
[  279.988928][T12261]        ____sys_sendmsg+0x523/0x860
[  279.994249][T12261]        __sys_sendmsg+0x271/0x360
[  279.999400][T12261]        do_syscall_64+0xf3/0x230
[  280.004469][T12261]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.010918][T12261] 
[  280.010918][T12261] -> #2 (&net->xdp.lock){+.+.}-{4:4}:
[  280.018522][T12261]        lock_acquire+0x116/0x2f0
[  280.023580][T12261]        __mutex_lock+0x1a5/0x10c0
[  280.028725][T12261]        xsk_notifier+0x8b/0x230
[  280.033711][T12261]        notifier_call_chain+0x1a5/0x3f0
[  280.039379][T12261]        unregister_netdevice_many_notify+0x1572/0x2510
[  280.046351][T12261]        unregister_netdevice_queue+0x383/0x400
[  280.052632][T12261]        _cfg80211_unregister_wdev+0x163/0x590
[  280.058835][T12261]        ieee80211_if_remove+0x25d/0x320
[  280.064516][T12261]        ieee80211_del_iface+0x19/0x30
[  280.070010][T12261]        cfg80211_remove_virtual_intf+0x23f/0x410
[  280.076463][T12261]        genl_rcv_msg+0xb38/0xf00
[  280.081536][T12261]        netlink_rcv_skb+0x208/0x480
[  280.086870][T12261]        genl_rcv+0x28/0x40
[  280.091411][T12261]        netlink_unicast+0x7f8/0x9a0
[  280.096733][T12261]        netlink_sendmsg+0x8c3/0xcd0
[  280.102058][T12261]        __sock_sendmsg+0x221/0x270
[  280.107291][T12261]        ____sys_sendmsg+0x523/0x860
[  280.112610][T12261]        __sys_sendmsg+0x271/0x360
[  280.117755][T12261]        do_syscall_64+0xf3/0x230
[  280.122814][T12261]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.129253][T12261] 
[  280.129253][T12261] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[  280.137061][T12261]        lock_acquire+0x116/0x2f0
[  280.142117][T12261]        __mutex_lock+0x1a5/0x10c0
[  280.147266][T12261]        cfg80211_netdev_notifier_call+0x1b3/0x1430
[  280.153892][T12261]        notifier_call_chain+0x1a5/0x3f0
[  280.159555][T12261]        __dev_close_many+0x15d/0x760
[  280.164958][T12261]        dev_close_many+0x250/0x4c0
[  280.170191][T12261]        unregister_netdevice_many_notify+0x628/0x2510
[  280.177078][T12261]        default_device_exit_batch+0x7ff/0x880
[  280.183277][T12261]        cleanup_net+0x8af/0xd60
[  280.188251][T12261]        process_scheduled_works+0xac3/0x18e0
[  280.194352][T12261]        worker_thread+0x870/0xd50
[  280.199500][T12261]        kthread+0x7b7/0x940
[  280.204128][T12261]        ret_from_fork+0x4b/0x80
[  280.209093][T12261]        ret_from_fork_asm+0x1a/0x30
[  280.214405][T12261] 
[  280.214405][T12261] -> #0 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  280.222893][T12261]        validate_chain+0xa69/0x24e0
[  280.228254][T12261]        __lock_acquire+0xad5/0xd80
[  280.233480][T12261]        lock_acquire+0x116/0x2f0
[  280.238535][T12261]        __mutex_lock+0x1a5/0x10c0
[  280.243680][T12261]        xsk_bind+0x2fd/0xfb0
[  280.248387][T12261]        __sys_bind+0x1de/0x290
[  280.253277][T12261]        __x64_sys_bind+0x7a/0x90
[  280.258340][T12261]        do_syscall_64+0xf3/0x230
[  280.263397][T12261]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.269842][T12261] 
[  280.269842][T12261] other info that might help us debug this:
[  280.269842][T12261] 
[  280.280099][T12261] Chain exists of:
[  280.280099][T12261]   &dev_instance_lock_key#3 --> &net->xdp.lock --> &xs->mutex
[  280.280099][T12261] 
[  280.293469][T12261]  Possible unsafe locking scenario:
[  280.293469][T12261] 
[  280.300938][T12261]        CPU0                    CPU1
[  280.306325][T12261]        ----                    ----
[  280.311708][T12261]   lock(&xs->mutex);
[  280.315728][T12261]                                lock(&net->xdp.lock);
[  280.322616][T12261]                                lock(&xs->mutex);
[  280.329149][T12261]   lock(&dev_instance_lock_key#3);
[  280.334393][T12261] 
[  280.334393][T12261]  *** DEADLOCK ***
[  280.334393][T12261] 
[  280.342558][T12261] 2 locks held by syz.1.1958/12261:
[  280.347778][T12261]  #0: ffffffff900fd448 (rtnl_mutex){+.+.}-{4:4}, at: xsk_bind+0x153/0xfb0
[  280.356457][T12261]  #1: ffff8880633e16f0 (&xs->mutex){+.+.}-{4:4}, at: xsk_bind+0x166/0xfb0
[  280.365140][T12261] 
[  280.365140][T12261] stack backtrace:
[  280.371063][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.1.1958 Not tainted 6.15.0-rc1-syzkaller-00209-gfaeefc173be4 #0 PREEMPT(full) 
[  280.371094][T12261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  280.371108][T12261] Call Trace:
[  280.371117][T12261]  <TASK>
[  280.371125][T12261]  dump_stack_lvl+0x241/0x360
[  280.371163][T12261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.371196][T12261]  ? __pfx__printk+0x10/0x10
[  280.371227][T12261]  ? print_lock+0x171/0x1a0
[  280.371258][T12261]  print_circular_bug+0x2e1/0x300
[  280.371289][T12261]  check_noncircular+0x142/0x160
[  280.371321][T12261]  validate_chain+0xa69/0x24e0
[  280.371355][T12261]  ? __pfx_bpf_trace_run2+0x10/0x10
[  280.371397][T12261]  __lock_acquire+0xad5/0xd80
[  280.371425][T12261]  lock_acquire+0x116/0x2f0
[  280.371446][T12261]  ? xsk_bind+0x2fd/0xfb0
[  280.371474][T12261]  __mutex_lock+0x1a5/0x10c0
[  280.371502][T12261]  ? xsk_bind+0x2fd/0xfb0
[  280.371522][T12261]  ? ref_tracker_alloc+0x316/0x4c0
[  280.371548][T12261]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  280.371574][T12261]  ? xsk_bind+0x2fd/0xfb0
[  280.371595][T12261]  ? __pfx___mutex_lock+0x10/0x10
[  280.371627][T12261]  ? dev_get_by_index+0x23/0x2d0
[  280.371657][T12261]  ? dev_get_by_index+0x23/0x2d0
[  280.371685][T12261]  xsk_bind+0x2fd/0xfb0
[  280.371711][T12261]  __sys_bind+0x1de/0x290
[  280.371743][T12261]  ? __pfx___sys_bind+0x10/0x10
[  280.371789][T12261]  __x64_sys_bind+0x7a/0x90
[  280.371820][T12261]  do_syscall_64+0xf3/0x230
[  280.371849][T12261]  ? clear_bhb_loop+0x45/0xa0
[  280.371873][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.371903][T12261] RIP: 0033:0x7fcdb2d8d169
[  280.371922][T12261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.371940][T12261] RSP: 002b:00007fcdb3ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  280.371964][T12261] RAX: ffffffffffffffda RBX: 00007fcdb2fa5fa0 RCX: 00007fcdb2d8d169
[  280.371981][T12261] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000005
[  280.371995][T12261] RBP: 00007fcdb2e0e990 R08: 0000000000000000 R09: 0000000000000000
[  280.372009][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  280.372022][T12261] R13: 0000000000000000 R14: 00007fcdb2fa5fa0 R15: 00007fffdd0799e8
[  280.372046][T12261]  </TASK>
[  280.627777][T12190] team0: Port device team_slave_1 added
[  280.719287][T12190] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.726439][T12190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.754043][T12190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.766198][T12190] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.773621][T12190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.799960][T12190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.844747][T12190] hsr_slave_0: entered promiscuous mode
[  280.851154][T12190] hsr_slave_1: entered promiscuous mode
[  280.858266][T12190] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  280.866136][T12190] Cannot create hsr debugfs directory
[  280.954694][T12190] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.009441][T12190] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.050327][T12190] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.098880][T12190] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.171420][T12190] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  281.185338][T12190] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  281.195006][T12190] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  281.204394][T12190] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  281.260543][T12190] 8021q: adding VLAN 0 to HW filter on device bond0
[  281.279280][T12190] 8021q: adding VLAN 0 to HW filter on device team0
[  281.284323][   T55] Bluetooth: hci1: command tx timeout
[  281.298033][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.305156][ T2909] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.314790][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.321883][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.451045][T12190] 8021q: adding VLAN 0 to HW filter on device batadv0
[  281.490042][T12190] veth0_vlan: entered promiscuous mode
[  281.499999][T12190] veth1_vlan: entered promiscuous mode
[  281.521694][T12190] veth0_macvtap: entered promiscuous mode
[  281.530706][T12190] veth1_macvtap: entered promiscuous mode
[  281.544740][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.557750][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.567652][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.578795][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.588686][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.599788][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.609745][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.620279][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.630232][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.640743][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.652213][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.662766][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.672793][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.683286][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.693872][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.704631][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.714596][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.725495][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.735433][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  281.746173][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.758725][T12190] batman_adv: batadv0: Interface activated: batadv_slave_0
[  281.770330][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.780941][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.790943][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.801731][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.811840][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.822418][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.832366][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.844392][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.856583][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.867189][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.877071][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.887691][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.897595][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.908117][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.918003][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.928851][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.938733][T12190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  281.949280][T12190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  281.961620][T12190] batman_adv: batadv0: Interface activated: batadv_slave_1
[  281.973344][T12190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  281.982271][T12190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  281.991278][T12190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  282.000266][T12190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  282.034935][T12190] ieee80211 phy31: Selected rate control algorithm 'minstrel_ht'
[  282.066234][ T5952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.068668][T12190] ieee80211 phy32: Selected rate control algorithm 'minstrel_ht'
[  282.081363][ T5952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.108288][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.116364][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50