last executing test programs:

58.47492761s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

46.878050318s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

35.951382552s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

25.022344154s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

12.851040759s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.869923429s ago: executing program 0 (id=503):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000053e3bb3250a9630b00000000bfa100000001000007010000f8ffffffb702000008000000b702000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.590607417s ago: executing program 3 (id=1218):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000980)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x138, 0x138, 0x7, [@enum64={0x6, 0x7, 0x0, 0x13, 0x1, 0x3, [{0xf, 0x8, 0x63}, {0x7, 0x7ff, 0xd5}, {0x6, 0x0, 0x6}, {0xf, 0x859, 0x5}, {0x6, 0x8, 0x1}, {0xc, 0x29c, 0xfffffffd}, {0x3, 0x4, 0xfffffffe}]}, @enum64={0x4, 0x6, 0x0, 0x13, 0x1, 0x5, [{0x4, 0x4, 0x1}, {0xf, 0x32f59c2f, 0x6}, {0x10, 0x0, 0x1}, {0x2, 0x3, 0x5}, {0x7, 0x6, 0x400}, {0x8, 0x7f, 0x1}]}, @float={0x6, 0x0, 0x0, 0x10, 0xc}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x3, 0x4}, {0xe, 0x800}, {0x8, 0x2}, {0xd, 0x5}]}, @decl_tag={0xa, 0x0, 0x0, 0x11, 0x4, 0x3}, @decl_tag={0xb, 0x0, 0x0, 0x11, 0x2}, @var={0x10, 0x0, 0x0, 0xe, 0x4}, @decl_tag={0x5, 0x0, 0x0, 0x11, 0x3}, @func={0xa, 0x0, 0x0, 0xc, 0x4}]}, {0x0, [0x5f, 0x2e, 0x5f, 0x5f, 0x0]}}, &(0x7f0000001000)=""/4096, 0x157, 0x1000, 0x1, 0xdc12, 0x10000, @value=r1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="d5cf0000000000800095"], &(0x7f0000000000)='GPL\x00', 0x3, 0x87, &(0x7f0000000200)=""/135, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'lo\x00', <r7=>0x0})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20}, {0x6, 0xff}]}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0x3}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x5192}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)
ioctl$sock_inet_SIOCSARP(r3, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, {}, 0x2, {0x2, 0x0, @multicast1=0xe000cc02}, 'ipvlan1\x00'})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x40, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_LABELS_MASK={0x4}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_LABELS={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={@loopback, @dev={0xfe, 0x80, '\x00', 0x3c}, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xdc7, 0x2, 0x4, 0x400, 0x1, 0x280200})

3.545828182s ago: executing program 1 (id=1219):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000240))
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000000000001000000008000600", @ANYRES32=r5, @ANYBLOB="08000300", @ANYRES32=r6, @ANYBLOB='\b\x00;'], 0x2c}}, 0x20004810)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet_sctp(r7, &(0x7f0000001d00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0xc05a, 0x18201, 0x4, 0x2}}], 0x38, 0x4010}], 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@mcast2, @private2, @mcast1, 0x3, 0x6, 0x80, 0x0, 0x4, 0x240143, r5})
sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x20000800)

3.461257283s ago: executing program 1 (id=1220):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000004700000095"], &(0x7f0000000100)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.359116029s ago: executing program 1 (id=1221):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0xa}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xff0, 0x0, &(0x7f0000000c40), 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

3.302902821s ago: executing program 3 (id=1222):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="040000000800000000000000", @ANYRES32, @ANYBLOB="425d410f91e0bc162227d5761af5ee678262f38bfdee1986467e8afb416ed69cfd9af14a369ea4df17b8267e", @ANYRES64=0x0, @ANYRES64=r0], 0x20)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000080)={'gre0\x00', 0x0, 0x7, 0x7800, 0x9, 0x9, {{0xd, 0x4, 0x3, 0x9, 0x34, 0x66, 0x0, 0x20, 0x2f, 0x0, @rand_addr=0x64010100, @remote, {[@timestamp={0x44, 0x18, 0x89, 0x0, 0xc, [0x9, 0x6, 0x1, 0x0, 0x7f]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}]}}}}})
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x10000000}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32=r6, @ANYBLOB="080001"], 0x20}}, 0x0)

3.099578054s ago: executing program 1 (id=1223):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = epoll_create1(0x0)
epoll_wait(r1, &(0x7f000000affb)=[{}], 0x1, 0x7fff) (async)
epoll_wait(r1, &(0x7f000000affb)=[{}], 0x1, 0x7fff)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xa0000004})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.071188848s ago: executing program 3 (id=1224):
r0 = epoll_create1(0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x194, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x2, 0x80}}}}, [@NL80211_ATTR_FRAME_MATCH={0xf0, 0x5b, "130dfd79549547d65c45c39864a4fffc01f6ac93049787630bf9bcee70ec958260efe384b807fa0f1098949e9941edc45ac7000424dabcaae578c549a46690a2bb5b90273169ca48d209ff2c1468f680cb4b5990a80548fb44bbced0315d2c6c3df44bb9267a88f1800efecdab57e65a996681d6ff6a171f718ee5a2ec05f197936e20236eb41de7cee5ace5bba79818a75bf75bac3e23eed8ea689cd71c5f74d3e8a97fd8b921dd06ac96a2ccf9c83b61325681bc74229ac5c47d076f4b00e5cd3f88953ec101cf8abb3fbcb2946f316be0253ea2902c1c07d27869bab7312c23e56e1878ccd53c3ea939ce"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}, @NL80211_ATTR_FRAME_MATCH={0x73, 0x5b, "25b4bf5750138297e0a2487ded87e1fc610394f2da83ea41e415b09f2005c7519a61d0d6354e24341bec5b9662229039b07187268425175dbc5f02d78697e36be4a9dfe14065002efd7f33ddd5b4713416207b63c93903a6ef4f922d242bfc6e2d364f553e92641440d53a8ad645a9"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xa7}]}, 0x194}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x8}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x2c}, @TCA_FQ_PIE_ECN={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844)

2.866887154s ago: executing program 3 (id=1225):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
r2 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000cc0)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {}, {0x2, 0xfff9}}, [@filter_kind_options=@f_route={{0xa}, {0x10, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0xca}, @TCA_ROUTE4_ACT={0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x4004)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendto$inet6(r0, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x400, 0x0, @empty}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x3, 0x4}, 0x8)

2.713288224s ago: executing program 3 (id=1227):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a31000000000800410072896500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x44410)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
socketpair(0x1a, 0x1, 0x11, &(0x7f0000000040))

2.529740586s ago: executing program 2 (id=1229):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0b00dc2642e4368b01c103b92ecea06a36990000070000000800000008000000055f0c0c1470b26a9868427dbf33965c33d96123c55457bd9540f377f29d8f7061ddbdfe", @ANYBLOB="0bc9b412a89dfa9f291b452c29e77a8f457ad36bf9c20b7a8fa38dc0785cf8d9c4770692a34afb824f576f0ac86cb2b2b2eebfd2b05399aa749f88ac6f3d34acb6733ed6cdc8f19785ca7786a3b8b15ae70598d8e9c7c37962b1fd4d8cd0f73d5fb1c4c07a920a8f55f5398779f4e54d95fe585f", @ANYRES32=r0, @ANYRES32=r0, @ANYRES8=r0], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr=0x64010101, @in6=@mcast2, 0x0, 0x0, 0x0, 0x4, 0xa}, {0x200, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x40000000000000}, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1}, {{@in6=@mcast1, 0x0, 0x6c}, 0x2, @in=@multicast1, 0x0, 0x4, 0x0, 0x0, 0x40000000, 0x3}}, 0xe8)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97000288c19e9ace00000000000000002100000002ff020000000000000000000000000001"], 0x0)
r4 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES16=r5, @ANYRES8=r5], 0x54}, 0x1, 0x0, 0x0, 0x240080c0}, 0x40000000)

2.390433293s ago: executing program 2 (id=1230):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)=0x40000)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc0000001b0001000000000000000000e00000010000000000000000000000007f00000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d8622c2628eb7f5900000000000000000000000000000200000008000000000000000000000000000001000004d40000000000000000ffffffff00"/180], 0xfc}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000170001030000000000000000010000009530a90256c66d1224357f8dac25f048a571fad187eb7929210a565f19a4d654f8b1a187436fe37c6004facc86b7d3d4c38d4a2a3a9eac"], 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x31)
close(0x3)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
recvmsg(r2, &(0x7f00000000c0)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1000000}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000640)="a2", 0x1}], 0x1, 0x0, 0x0, 0x6000000}, 0x0)
write$cgroup_type(r3, &(0x7f0000000000), 0x9)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r3)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="5168ac71db00000000000000", @ANYRES16=r5, @ANYBLOB="000326bd7000fddbdf2501000000000000000c410000000c001473797a3100000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20], 0x35)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r11=>0x0}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000180)={r11, 0x2}, &(0x7f00000001c0)=0x8)

2.066838323s ago: executing program 1 (id=1231):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000006a000105fefdfffffddbdf25000000000000000008000500", @ANYBLOB="88a980815f07ca25c2b70625a5b1fe87772590b08ff9f1e5265139285f278580a82277dc39059772e4c5a88ad802eb3e5e366f9c47b633e1c6ea55832111a6dd2d02e363f57de95b3f2adb0d0975fd56dd387bb126601e3d25cc7ab329cf9d869bc25e254d2608a51e3bc3b23ff726ec7d45c5fab69a34c6a33ba994354328d1c93c480ad8631c5d8bd0cb3b0e25af6dbbcb1cfd861d950efe41166caafe0028ff4816e646845422bbe9b8b07670cbeb827f5e1157e791138e51d7874b0aa421"], 0x20}, 0x1, 0x0, 0x0, 0x20000090}, 0x48000) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000015000000000000170000400000000000000095"], &(0x7f0000000000)='GPL\x00', 0x3, 0x87, &(0x7f0000000200)=""/135, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x10, 0x1000000, @void, @value}, 0x90)

1.963117561s ago: executing program 1 (id=1232):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000003600000085000000"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000001580)="e0856497ba6cf0f21a00000000101d59b73609e68bab107a6afc9aee9dcb023abd85146967c135bc34b2070993e2d1585aea30384c2e6f861ac74f94f9904e64df5bfad104cc941486d8bd2f170415128623a5c9786bb6ae70ae2273f28bb6b92ce16d17e1cb6267fad52fb60698f12b3a25c226e5223418a1471847f90bae34d7dc127356d168745b176d26d5cac699a38f9d7f179c9f44f5e556f17adf8376d056803d1cdf81368a5edf3eabd401508f58590b68d877f4f7bf0a0542946c7e9ba46eb79b9c2f08638088e3cbb90f2c28bb2b677df90792ea8791d77a2279fa664ab2267c93a9e844553b340ad398b302a0e7ef8ebc33d5cb7c19922c3883a334b43ba6dac35ba63935afbd47b8609933493a41832bac37c9ebd0d59ffdfd5e19a9ed7e8c993b1815b7d0edfcfd95de", 0x0, 0x20000700, 0x0, 0xffffffffffffff51, 0x0, 0x0, 0x0, 0x5}, 0x1d)
close(0x3)
r2 = socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet(r2, &(0x7f0000001080)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000008c0)="db", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000480)="06", 0x1}], 0x1}}], 0x2, 0x4000005)
close(r2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000f80)=ANY=[@ANYBLOB="b70200000b000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f7a80d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001e8c76bbe7ff988a28ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4522bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b9fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabfd50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd1389a0963de85dd2b189774450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f326df86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c39b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa525235da0000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc32a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f8293cf83bceaf6c9eda1f83166aa1e2093d626870510e6cd176d501fe01e4a752fc30134073188e3f826f695e4e14fca6596943467c7df154493023f77c107b3db20ea75b493b4b38dc43986d94748cbfab954edae20982b6d212a44f4b40387876bc9eb73900"/3112], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000100)="b9ff0b076859268cb89e14f088a847", 0x0, 0xf00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0xfffe, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
unshare(0x20010b00)
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x80}, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x2, @local, @remote, @remote, @private0={0xfc, 0x0, '\x00', 0x1}}}}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r5, 0x29, 0x50, 0x0, &(0x7f0000000140)=0xfe7b)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xf0b, 0x13, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xffff}}}, 0x24}}, 0x8000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44804)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x2, @mcast2}, @in={0x2, 0x4e22, @rand_addr=0x64010102}, @in6={0xa, 0x4e23, 0x0, @mcast2, 0x5}], 0x48)
unshare(0x68060200)
unshare(0x6a040000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x132, &(0x7f0000000500)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb8100000086dd6d4f022c00f800fffc020000000000000000000000000001fc010000000000000000000000000001061d00000000000004dab55cd0c9d1cdebccff4d23e8cd050e32d9568e97fc744f63bccad46eccd89229d530bd1100d408ea65cb1ab260490064480e9df6314f70ae36f03850f80d3fbf367eec2442c07838f8f12d2c3e69fd273c6a95aeb711c3e4635d2cc9633a29362ea531381b87b520a148d86f541b0535fd6b34493127cb95bd6e6682fa273edb7e19418020330d67963ab12600000000ca77af863fa61033b90e73b95b10abb07fc23117c0c532d0925bdbaf9ca10bc7623d8fee61cb55725a5730a739a0d24ca1024e0312426aa34c76c07a4aef592af87eba40b757b3d5022305020000000100c2040000000700000000000000"], 0x0)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001003b"], 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x0)

1.854421063s ago: executing program 4 (id=1233):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0xa}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xff0, 0x0, &(0x7f0000000c40), 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

1.55906236s ago: executing program 4 (id=1234):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="040000000800000000000000", @ANYRES32, @ANYBLOB="425d410f91e0bc162227d5761af5ee678262f38bfdee1986467e8afb416ed69cfd9af14a369ea4df17b8267e", @ANYRES64=0x0, @ANYRES64=r0], 0x20)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000080)={'gre0\x00', 0x0, 0x7, 0x7800, 0x9, 0x9, {{0xd, 0x4, 0x3, 0x9, 0x34, 0x66, 0x0, 0x20, 0x2f, 0x0, @rand_addr=0x64010100, @remote, {[@timestamp={0x44, 0x18, 0x89, 0x0, 0xc, [0x9, 0x6, 0x1, 0x0, 0x7f]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}]}}}}})
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x10000000}, @TCA_CAKE_FWMARK={0x8}]}}]}, 0x44}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32=r6, @ANYBLOB="080001"], 0x20}}, 0x0)

1.434978278s ago: executing program 2 (id=1235):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffffac)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYRESOCT=r0], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_lsm={0x1e, 0x20000051, &(0x7f00000004c0)=ANY=[], &(0x7f00000009c0)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000500)='track_foreign_dirty\x00', r2}, 0x16)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r5, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000840)=""/232, 0xe8}, {&(0x7f0000002f80)=""/37, 0x25}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000003240)=""/4110, 0x100e}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x6}, 0x7fffffff}], 0x4, 0x20, 0x0)
setsockopt$inet_mreqsrc(r4, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0xc)
setsockopt$inet_group_source_req(r4, 0x0, 0x2b, &(0x7f0000000780)={0x9, {{0x2, 0x4e21, @broadcast}}, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
poll(0x0, 0x30, 0xffbffff9)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket(0x15, 0x5, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="280000003c0007010000000000000000027c000008008900", @ANYRES32=r6, @ANYBLOB="0c00018006000600800a00006b8491988dcb7d69b4b7df73890c0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00040000000000000000e8ff000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0500000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000ffb09e47a5ad299c4e605fd6cc52da0928ffffffa26310ae1c39694eb0d3a392c5ffff00"/57], 0x50)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r11}, 0xc)

540.130646ms ago: executing program 4 (id=1236):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000551000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) (async)
mmap(&(0x7f0000551000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f00009c5000/0x4000)=nil, 0x4000, 0x3, 0x28012, r1, 0x0)
setsockopt(r0, 0x400, 0x1, &(0x7f00000000c0)="94cfaf4c91b726eaaa1bc8bc87f169eb9484fca2537325b7c1b14e711a5bdd6a7fdad6c58f5cf0a466c1a1d69a035408eddcc72a02068bd8042525c7149f67a39ed71097282b245467409a22116410e7da677b0cf55a5aa7669c0e29d0e60e05c691908542790426fdce16e4ef17e6745ae4d8aaddb645be4cd7aabb0451817ed74d19946d9173d000302ac03f5b52ee6be07f47a3e9c4b52e3725ddc62c9a42a831e118e1dec188b377df98a726a0f26a963a4c13ad2f98fe152f39b7f1e7a6722dbce877d8f7432d2a2b5e908a95b40f60", 0xd2)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r1, 0x0)
setsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f0000000000), 0x4)

405.598155ms ago: executing program 2 (id=1237):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x22, 0x0, 0xfffff024}, {0x20, 0x0, 0x0, 0xfdfff034}, {0x6, 0x3, 0x8, 0x4}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) (fail_nth: 42)

404.633998ms ago: executing program 4 (id=1238):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r2, 0x0, 0x14, &(0x7f0000000180)=0x10000, 0x4)
recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) (async)
recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x3, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "b8a3e100908f6164000000020000000000000000000000ffff008879e66485201a0015ca83747357a02745000400"/55}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)
getsockopt$rose(r3, 0x104, 0x7, 0x0, &(0x7f0000000040)=0xfffffffffffffe3b)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="85000000080000004e0000000000000027000000000000009500000000000000e5de576de3899560fa7eac1cfe0a4cbf92f669d195232d5bba3620f84b2c61016c4efadd3d11420b34d5d0c1c546d059193477b28f3262c4b5e50f0ee98d34a2f6389817940248bf68d7e162090564d3696ed3c97f1e11e433b6f3f7d59dd51af8a0957473f1e71311de3cc3797e4a37585945b1f8b3412c35e31c025c8aca9e0c206f49eec231b1b39fcb61298d04a4bb9e318bdf9fd8b85d1825cccb195acbe4dc80775285416f633e84315c4b4011f0a0d5e27db0e22a6098f4e8ba65773de4f11f0594a1d53a5cbe8c271ab54614faacec01d22dcf25e68f0061f3ea03519cb5259d98531f4c3ddfb7655f5fa6c1d61d0064243005daebab74cba1cbf357af8424c605b1c5c6d3f3de04cb8479407bbb69ea19dd00"/320], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) (async)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="85000000080000004e0000000000000027000000000000009500000000000000e5de576de3899560fa7eac1cfe0a4cbf92f669d195232d5bba3620f84b2c61016c4efadd3d11420b34d5d0c1c546d059193477b28f3262c4b5e50f0ee98d34a2f6389817940248bf68d7e162090564d3696ed3c97f1e11e433b6f3f7d59dd51af8a0957473f1e71311de3cc3797e4a37585945b1f8b3412c35e31c025c8aca9e0c206f49eec231b1b39fcb61298d04a4bb9e318bdf9fd8b85d1825cccb195acbe4dc80775285416f633e84315c4b4011f0a0d5e27db0e22a6098f4e8ba65773de4f11f0594a1d53a5cbe8c271ab54614faacec01d22dcf25e68f0061f3ea03519cb5259d98531f4c3ddfb7655f5fa6c1d61d0064243005daebab74cba1cbf357af8424c605b1c5c6d3f3de04cb8479407bbb69ea19dd00"/320], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r4}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x20, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x3f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x21}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x20, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x3f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x21}, 0x50)

282.046931ms ago: executing program 2 (id=1239):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x0, 0xcbf, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, 0x700, 0x8, 0x101, 0xd66}}) (async)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtclass={0x498, 0x28, 0x200, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xe, 0x6}, {0xa, 0xe}, {0xf, 0xd}}, [@tclass_kind_options=@c_htb={{0x8}, {0x414, 0x2, [@TCA_HTB_RATE64={0xc, 0x6, 0x3}, @TCA_HTB_RTAB={0x404, 0x4, [0x800, 0x8000, 0x8, 0x11, 0x4, 0x5, 0xcc, 0x8, 0x6, 0x7fffffff, 0xffffffff, 0xffff0000, 0xf, 0x2, 0x0, 0x6, 0xfffffffd, 0x401, 0x9, 0x6, 0x100, 0x92, 0x101, 0x0, 0x4, 0x0, 0x9, 0x2, 0xd3d, 0xffffff68, 0x400, 0xf, 0x8001, 0x1, 0x9, 0xce, 0x8, 0x402, 0x5, 0x9, 0x4, 0x9, 0x4, 0xffa, 0x49665fb5, 0x81, 0xa, 0x8, 0x7, 0x6, 0x3, 0x1ff, 0x5, 0xf, 0x7, 0x8, 0x2, 0x8, 0xbfd, 0x6, 0x7, 0x7, 0x5, 0x8, 0x7a, 0x6, 0xfffffff8, 0x4, 0x401, 0x2, 0x5, 0x2, 0x2, 0x7, 0x0, 0x3, 0xfffffffa, 0x9, 0x8, 0x8, 0x5, 0x7fffffff, 0x8, 0xffffffff, 0x8, 0xf, 0x7, 0xfffff950, 0x3, 0x7, 0x0, 0x3ff, 0x2, 0x1e3, 0x1, 0x9, 0x6, 0x62, 0x4, 0x9, 0x10, 0x8, 0x6, 0x9, 0xd, 0xffff685a, 0x6cf, 0xe, 0x7fff, 0x1, 0x9, 0xc8, 0x0, 0x8, 0x4, 0x3, 0x80, 0xc, 0x0, 0x8, 0x476f00, 0x5f, 0x8, 0xd, 0x1, 0x1, 0xd6c1, 0x8, 0x8, 0x1ff, 0x56c, 0x1, 0xfffffffe, 0x4492d046, 0x5, 0xffffffff, 0x6, 0x5, 0x7ff, 0xc48, 0xfff, 0x2, 0x2, 0x81, 0x3, 0x40000, 0x3, 0xc0000000, 0x6, 0x0, 0x20, 0x502c, 0x7, 0x10001, 0x5b7, 0xffffffff, 0x680000, 0x5, 0x8000, 0x4, 0xb0, 0xfff, 0x4, 0x9, 0x1, 0x9, 0x2, 0x7fff, 0x5, 0x8, 0x2, 0xd, 0x7fffffff, 0x5, 0x80000001, 0x92a, 0xa0, 0x2, 0x3, 0x8a, 0x9, 0x5, 0x6, 0x8, 0xf658, 0x0, 0xc2b5, 0x9, 0x3, 0x1000, 0x1, 0x10, 0xffffffff, 0xd, 0x5, 0x800, 0x3, 0x3, 0x8f, 0xffff, 0x8, 0x0, 0x1, 0x70, 0xfffeffff, 0x9, 0x5, 0x2304, 0x6, 0x9, 0xfffffff8, 0x3, 0x8, 0xe, 0x36f, 0x7, 0x0, 0xd, 0x6, 0x1000, 0xb82c37e3, 0x7, 0x5, 0x9, 0x8, 0x832, 0x2, 0x5, 0x258, 0x0, 0x5, 0x0, 0x10000, 0x3, 0x5f8a068d, 0x9, 0xffff8001, 0x9, 0x81, 0x4, 0x3, 0x101, 0x0, 0x0, 0x6, 0x81, 0x4, 0x6, 0x558f, 0x5, 0x7f, 0x3, 0x4, 0x84a, 0x81, 0x7]}]}}, @TCA_RATE={0x6, 0x5, {0x10, 0x1}}, @tclass_kind_options=@c_prio={0x9}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_ingress={0xc}, @tclass_kind_options=@c_fq_codel={0xd}, @TCA_RATE={0x6, 0x5, {0xfa, 0x2}}, @tclass_kind_options=@c_skbprio={0xc}]}, 0x498}}, 0x404c080)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', r4, 0x4, 0xfe, 0x2, 0x4038a09, 0x4, @loopback={0xe0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x5}}) (async, rerun: 32)
splice(r2, &(0x7f0000000000), r1, &(0x7f0000000240)=0x7, 0x120000, 0x8) (rerun: 32)

225.808524ms ago: executing program 4 (id=1240):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x801}], {0x14}}, 0xa4}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x30, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)
recvmmsg(r1, 0x0, 0x0, 0x2000, &(0x7f0000002840))
getsockopt$inet6_buf(r1, 0x29, 0x2f, &(0x7f0000000000)=""/84, &(0x7f0000000080)=0x54)
syz_init_net_socket$ax25(0x3, 0x5, 0xca)

112.33562ms ago: executing program 4 (id=1241):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2808c0018"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
r1 = socket$l2tp(0x2, 0x2, 0x73)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)

50.93213ms ago: executing program 3 (id=1242):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4101}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0x7)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x4e24, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@multicast1, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_extract_tcp_res(0x0, 0x7fff, 0x8)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaa86dd60f10200001c06fffc010000000000000000000000000001fe8000000400000000000000000000aa4e2000"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYRESDEC=r3], 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000004c0)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x4000000)
unshare(0x42000000)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, &(0x7f0000000500)={0x1, 0x1, 0x1000, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0})
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[], 0x138}, 0x1, 0x0, 0x0, 0x20004800}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r9, &(0x7f0000000dc0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r9, 0x0)
connect$unix(r8, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$sock_timeval(r8, 0x1, 0x15, &(0x7f0000000e80)={0x0, 0x2710}, 0x10)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$inet(r7, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)

0s ago: executing program 2 (id=1243):
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000b40)={'dummy0\x00'})
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socket$inet6(0xa, 0x80002, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000024000180060005004e230000060001000200000008000300ac1414aa"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)

kernel console output (not intermixed with test programs):

ered disabled state
[  155.018724][ T5033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.035333][ T5033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.047685][ T5033] bond0 (unregistering): Released all slaves
[  155.061706][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.069376][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.095729][ T7976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.110281][ T7976] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.117839][ T7976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.144866][ T7976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.180408][ T8055] pimreg: entered allmulticast mode
[  155.210831][ T8069] dummy0: entered promiscuous mode
[  155.252544][ T8069] dummy0: left promiscuous mode
[  155.576905][ T7976] hsr_slave_0: entered promiscuous mode
[  155.589895][ T8083] netlink: 'syz.1.621': attribute type 2 has an invalid length.
[  155.602379][ T7976] hsr_slave_1: entered promiscuous mode
[  155.610332][ T7976] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  155.618314][ T7976] Cannot create hsr debugfs directory
[  155.702029][ T8082] dummy0: entered promiscuous mode
[  155.722053][ T8082] dummy0: left promiscuous mode
[  155.775168][ T8088] FAULT_INJECTION: forcing a failure.
[  155.775168][ T8088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.801860][ T8088] CPU: 1 UID: 0 PID: 8088 Comm: syz.3.623 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  155.801888][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  155.801900][ T8088] Call Trace:
[  155.801907][ T8088]  <TASK>
[  155.801915][ T8088]  dump_stack_lvl+0x189/0x250
[  155.801947][ T8088]  ? __lock_acquire+0xaac/0xd20
[  155.801977][ T8088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.802004][ T8088]  ? __pfx__printk+0x10/0x10
[  155.802025][ T8088]  ? __might_fault+0xb0/0x130
[  155.802062][ T8088]  should_fail_ex+0x414/0x560
[  155.802097][ T8088]  _copy_from_iter+0x1db/0x15a0
[  155.802145][ T8088]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  155.802167][ T8088]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  155.802193][ T8088]  ? __pfx__copy_from_iter+0x10/0x10
[  155.802217][ T8088]  ? __build_skb_around+0x257/0x3e0
[  155.802244][ T8088]  ? netlink_sendmsg+0x642/0xb30
[  155.802263][ T8088]  ? skb_put+0x11b/0x210
[  155.802289][ T8088]  netlink_sendmsg+0x6b2/0xb30
[  155.802321][ T8088]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.802345][ T8088]  ? aa_sock_msg_perm+0x94/0x160
[  155.802368][ T8088]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  155.802390][ T8088]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.802412][ T8088]  __sock_sendmsg+0x219/0x270
[  155.802445][ T8088]  ____sys_sendmsg+0x505/0x830
[  155.802476][ T8088]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.802510][ T8088]  ? import_iovec+0x74/0xa0
[  155.802539][ T8088]  ___sys_sendmsg+0x21f/0x2a0
[  155.802566][ T8088]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.802629][ T8088]  ? __fget_files+0x2a/0x420
[  155.802654][ T8088]  ? __fget_files+0x3a0/0x420
[  155.802691][ T8088]  __x64_sys_sendmsg+0x19b/0x260
[  155.802718][ T8088]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  155.802768][ T8088]  ? do_syscall_64+0xba/0x210
[  155.802801][ T8088]  do_syscall_64+0xf6/0x210
[  155.802830][ T8088]  ? clear_bhb_loop+0x45/0xa0
[  155.802856][ T8088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.802875][ T8088] RIP: 0033:0x7f607638e969
[  155.802892][ T8088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.802908][ T8088] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.802928][ T8088] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  155.802942][ T8088] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  155.802954][ T8088] RBP: 00007f60772cc090 R08: 0000000000000000 R09: 0000000000000000
[  155.802966][ T8088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.802978][ T8088] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  155.803008][ T8088]  </TASK>
[  156.138908][ T5033] hsr_slave_0: left promiscuous mode
[  156.149212][ T5033] hsr_slave_1: left promiscuous mode
[  156.229409][ T5033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.236976][ T5033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.274151][ T5033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  156.282976][ T5033] batman_adv: batadv0: Removing interface: batadv_slave_1
[  156.352782][ T5033] veth1_macvtap: left promiscuous mode
[  156.371343][ T5033] veth0_macvtap: left promiscuous mode
[  156.382027][ T8109] netlink: 'syz.3.627': attribute type 10 has an invalid length.
[  156.390335][ T5033] veth1_vlan: left promiscuous mode
[  156.415941][ T5033] veth0_vlan: left promiscuous mode
[  156.636652][ T5828] Bluetooth: hci3: command tx timeout
[  156.883872][ T5033] team0 (unregistering): Port device team_slave_1 removed
[  156.922597][ T5033] team0 (unregistering): Port device team_slave_0 removed
[  157.302642][ T8099] __nla_validate_parse: 3 callbacks suppressed
[  157.302662][ T8099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.626'.
[  157.760394][ T8132] netlink: 'syz.2.637': attribute type 10 has an invalid length.
[  157.780398][ T8132] netlink: 40 bytes leftover after parsing attributes in process `syz.2.637'.
[  157.796521][ T8135] FAULT_INJECTION: forcing a failure.
[  157.796521][ T8135] name failslab, interval 1, probability 0, space 0, times 0
[  157.814311][ T8135] CPU: 1 UID: 0 PID: 8135 Comm: syz.1.638 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  157.814337][ T8135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  157.814347][ T8135] Call Trace:
[  157.814354][ T8135]  <TASK>
[  157.814361][ T8135]  dump_stack_lvl+0x189/0x250
[  157.814398][ T8135]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.814423][ T8135]  ? __pfx__printk+0x10/0x10
[  157.814447][ T8135]  ? ref_tracker_alloc+0x318/0x460
[  157.814468][ T8135]  should_fail_ex+0x414/0x560
[  157.814499][ T8135]  should_failslab+0xa8/0x100
[  157.814524][ T8135]  kmem_cache_alloc_noprof+0x73/0x3c0
[  157.814554][ T8135]  ? skb_clone+0x212/0x3a0
[  157.814582][ T8135]  skb_clone+0x212/0x3a0
[  157.814608][ T8135]  __netlink_deliver_tap+0x404/0x850
[  157.814640][ T8135]  ? netlink_deliver_tap+0x2e/0x1b0
[  157.814660][ T8135]  netlink_deliver_tap+0x19c/0x1b0
[  157.814680][ T8135]  netlink_unicast+0x72f/0x8d0
[  157.814719][ T8135]  netlink_sendmsg+0x805/0xb30
[  157.814747][ T8135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.814770][ T8135]  ? aa_sock_msg_perm+0x94/0x160
[  157.814790][ T8135]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  157.814828][ T8135]  ? __pfx_netlink_sendmsg+0x10/0x10
[  157.814850][ T8135]  __sock_sendmsg+0x219/0x270
[  157.814881][ T8135]  ____sys_sendmsg+0x505/0x830
[  157.814911][ T8135]  ? __pfx_____sys_sendmsg+0x10/0x10
[  157.814944][ T8135]  ? import_iovec+0x74/0xa0
[  157.814973][ T8135]  ___sys_sendmsg+0x21f/0x2a0
[  157.814999][ T8135]  ? __pfx____sys_sendmsg+0x10/0x10
[  157.815061][ T8135]  ? __fget_files+0x2a/0x420
[  157.815085][ T8135]  ? __fget_files+0x3a0/0x420
[  157.815121][ T8135]  __x64_sys_sendmsg+0x19b/0x260
[  157.815147][ T8135]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  157.815188][ T8135]  ? do_syscall_64+0xba/0x210
[  157.815221][ T8135]  do_syscall_64+0xf6/0x210
[  157.815248][ T8135]  ? clear_bhb_loop+0x45/0xa0
[  157.815273][ T8135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.815291][ T8135] RIP: 0033:0x7fbd14d8e969
[  157.815308][ T8135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.815324][ T8135] RSP: 002b:00007fbd15be1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.815344][ T8135] RAX: ffffffffffffffda RBX: 00007fbd14fb5fa0 RCX: 00007fbd14d8e969
[  157.815358][ T8135] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  157.815370][ T8135] RBP: 00007fbd15be1090 R08: 0000000000000000 R09: 0000000000000000
[  157.815382][ T8135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.815393][ T8135] R13: 0000000000000000 R14: 00007fbd14fb5fa0 R15: 00007ffceb27a8e8
[  157.815424][ T8135]  </TASK>
[  157.819170][ T8136] netlink: 'syz.2.637': attribute type 10 has an invalid length.
[  157.849186][ T8135] netlink: 16 bytes leftover after parsing attributes in process `syz.1.638'.
[  157.971860][ T8141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'.
[  158.122135][ T8132] batadv0: entered promiscuous mode
[  158.158084][ T8132] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.165930][ T8132] bridge0: port 4(batadv0) entered blocking state
[  158.179213][ T8132] bridge0: port 4(batadv0) entered disabled state
[  158.228535][ T8132] bridge0: port 4(batadv0) entered blocking state
[  158.235196][ T8132] bridge0: port 4(batadv0) entered forwarding state
[  158.295410][ T3462] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  158.304949][ T3462] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  158.334254][ T8136] bridge0: port 4(batadv0) entered disabled state
[  158.353989][ T8135] dummy0: entered promiscuous mode
[  158.367114][ T8135] dummy0: left promiscuous mode
[  158.401077][ T8144] netlink: 900 bytes leftover after parsing attributes in process `syz.2.637'.
[  158.612106][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.4.642'.
[  158.693154][ T8159] netlink: 'syz.1.641': attribute type 10 has an invalid length.
[  158.708012][ T5828] Bluetooth: hci3: command tx timeout
[  158.905882][ T8165] netlink: 60 bytes leftover after parsing attributes in process `syz.4.645'.
[  159.045715][ T7976] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  159.085373][ T7976] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  159.203800][ T7976] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  159.217777][ T8172] netlink: 60 bytes leftover after parsing attributes in process `syz.3.647'.
[  159.275068][ T7976] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  159.399162][ T8174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.646'.
[  159.637665][ T7976] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.749036][ T7976] 8021q: adding VLAN 0 to HW filter on device team0
[  159.780674][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.788779][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.822305][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.829623][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.831564][ T8190] netlink: 16 bytes leftover after parsing attributes in process `syz.4.652'.
[  159.850441][ T8190] FAULT_INJECTION: forcing a failure.
[  159.850441][ T8190] name failslab, interval 1, probability 0, space 0, times 0
[  159.866890][ T8190] CPU: 1 UID: 0 PID: 8190 Comm: syz.4.652 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  159.866919][ T8190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  159.866932][ T8190] Call Trace:
[  159.866940][ T8190]  <TASK>
[  159.866949][ T8190]  dump_stack_lvl+0x189/0x250
[  159.866988][ T8190]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.867018][ T8190]  ? __pfx__printk+0x10/0x10
[  159.867045][ T8190]  ? __pfx___might_resched+0x10/0x10
[  159.867062][ T8190]  ? fs_reclaim_acquire+0x7d/0x100
[  159.867097][ T8190]  should_fail_ex+0x414/0x560
[  159.867134][ T8190]  ? alloc_netdev_mqs+0xa6/0x11e0
[  159.867161][ T8190]  should_failslab+0xa8/0x100
[  159.867189][ T8190]  __kvmalloc_node_noprof+0x168/0x5e0
[  159.867215][ T8190]  ? alloc_netdev_mqs+0xa6/0x11e0
[  159.867239][ T8190]  ? snprintf+0xda/0x120
[  159.867263][ T8190]  ? __pfx_macvlan_setup+0x10/0x10
[  159.867283][ T8190]  alloc_netdev_mqs+0xa6/0x11e0
[  159.867308][ T8190]  ? __pfx_macvlan_setup+0x10/0x10
[  159.867325][ T8190]  ? __pfx_snprintf+0x10/0x10
[  159.867352][ T8190]  rtnl_create_link+0x31f/0xd10
[  159.867387][ T8190]  rtnl_newlink_create+0x25c/0xb00
[  159.867417][ T8190]  ? __pfx_aa_get_newest_label+0x10/0x10
[  159.867440][ T8190]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  159.867460][ T8190]  ? rtnl_newlink+0x8db/0x1c70
[  159.867482][ T8190]  ? __pfx___mutex_lock+0x10/0x10
[  159.867521][ T8190]  ? ns_capable+0x8a/0xf0
[  159.867544][ T8190]  rtnl_newlink+0x16d6/0x1c70
[  159.867582][ T8190]  ? __pfx_rtnl_newlink+0x10/0x10
[  159.867603][ T8190]  ? is_bpf_text_address+0x26/0x2b0
[  159.867645][ T8190]  ? is_bpf_text_address+0x292/0x2b0
[  159.867679][ T8190]  ? __lock_acquire+0xaac/0xd20
[  159.867730][ T8190]  ? __lock_acquire+0xaac/0xd20
[  159.867776][ T8190]  ? is_bpf_text_address+0x26/0x2b0
[  159.867844][ T8190]  ? is_bpf_text_address+0x292/0x2b0
[  159.867887][ T8190]  ? is_bpf_text_address+0x26/0x2b0
[  159.867923][ T8190]  ? aa_get_newest_label+0xf7/0x5d0
[  159.867947][ T8190]  ? __lock_acquire+0xaac/0xd20
[  159.868001][ T8190]  ? __pfx_rtnl_newlink+0x10/0x10
[  159.868020][ T8190]  rtnetlink_rcv_msg+0x7cc/0xb70
[  159.868039][ T8190]  ? kasan_save_track+0x4f/0x80
[  159.868064][ T8190]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  159.868082][ T8190]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  159.868102][ T8190]  ? __lock_acquire+0xaac/0xd20
[  159.868144][ T8190]  netlink_rcv_skb+0x219/0x490
[  159.868166][ T8190]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  159.868186][ T8190]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  159.868226][ T8190]  ? netlink_deliver_tap+0x2e/0x1b0
[  159.868246][ T8190]  ? netlink_deliver_tap+0x2e/0x1b0
[  159.868273][ T8190]  netlink_unicast+0x758/0x8d0
[  159.868315][ T8190]  netlink_sendmsg+0x805/0xb30
[  159.868347][ T8190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.868373][ T8190]  ? aa_sock_msg_perm+0x94/0x160
[  159.868396][ T8190]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  159.868418][ T8190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.868438][ T8190]  __sock_sendmsg+0x219/0x270
[  159.868467][ T8190]  ____sys_sendmsg+0x505/0x830
[  159.868492][ T8190]  ? __pfx_____sys_sendmsg+0x10/0x10
[  159.868519][ T8190]  ? import_iovec+0x74/0xa0
[  159.868542][ T8190]  ___sys_sendmsg+0x21f/0x2a0
[  159.868563][ T8190]  ? __pfx____sys_sendmsg+0x10/0x10
[  159.868613][ T8190]  ? __fget_files+0x2a/0x420
[  159.868640][ T8190]  ? __fget_files+0x3a0/0x420
[  159.868669][ T8190]  __x64_sys_sendmsg+0x19b/0x260
[  159.868691][ T8190]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  159.868726][ T8190]  ? do_syscall_64+0xba/0x210
[  159.868753][ T8190]  do_syscall_64+0xf6/0x210
[  159.868777][ T8190]  ? clear_bhb_loop+0x45/0xa0
[  159.868796][ T8190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.868811][ T8190] RIP: 0033:0x7f6495b8e969
[  159.868826][ T8190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.868839][ T8190] RSP: 002b:00007f6496911038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.868857][ T8190] RAX: ffffffffffffffda RBX: 00007f6495db5fa0 RCX: 00007f6495b8e969
[  159.868869][ T8190] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  159.868892][ T8190] RBP: 00007f6496911090 R08: 0000000000000000 R09: 0000000000000000
[  159.868901][ T8190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.868909][ T8190] R13: 0000000000000000 R14: 00007f6495db5fa0 R15: 00007ffec74f0048
[  159.868933][ T8190]  </TASK>
[  160.371054][ T7976] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  160.382009][ T7976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  160.646199][ T7976] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.692216][ T7976] veth0_vlan: entered promiscuous mode
[  160.705969][ T7976] veth1_vlan: entered promiscuous mode
[  160.734838][ T7976] veth0_macvtap: entered promiscuous mode
[  160.784718][ T5828] Bluetooth: hci3: command tx timeout
[  160.803965][ T7976] veth1_macvtap: entered promiscuous mode
[  160.908819][ T8204] IPVS: set_ctl: invalid protocol: 135 10.1.1.0:20002
[  160.919605][ T8203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  160.935297][ T8207] syzkaller1: entered promiscuous mode
[  160.940819][ T8207] syzkaller1: entered allmulticast mode
[  161.083649][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.098507][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.111837][ T7976] batman_adv: batadv0: Interface activated: batadv_slave_0
[  161.124019][ T8214] tipc: Started in network mode
[  161.194765][ T8214] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  161.210585][ T8214] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[  161.227518][ T8214] tipc: Enabled bearer <udp:syz1>, priority 10
[  161.538028][ T8219] batadv0: entered promiscuous mode
[  161.565847][ T8219] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  161.574333][ T8219] batadv0: left promiscuous mode
[  161.656293][ T7976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.671263][ T7976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.683366][ T7976] batman_adv: batadv0: Interface activated: batadv_slave_1
[  161.811163][ T7976] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  161.849369][ T7976] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  161.859976][ T7976] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  161.871300][ T7976] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  161.930619][ T8232] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  162.152813][ T8242] FAULT_INJECTION: forcing a failure.
[  162.152813][ T8242] name failslab, interval 1, probability 0, space 0, times 0
[  162.169200][ T8242] CPU: 1 UID: 0 PID: 8242 Comm: syz.3.666 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  162.169237][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  162.169250][ T8242] Call Trace:
[  162.169259][ T8242]  <TASK>
[  162.169268][ T8242]  dump_stack_lvl+0x189/0x250
[  162.169307][ T8242]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.169338][ T8242]  ? __pfx__printk+0x10/0x10
[  162.169363][ T8242]  ? __mutex_trylock_common+0x153/0x260
[  162.169392][ T8242]  should_fail_ex+0x414/0x560
[  162.169428][ T8242]  should_failslab+0xa8/0x100
[  162.169456][ T8242]  __kmalloc_cache_noprof+0x70/0x3d0
[  162.169479][ T8242]  ? __hw_addr_add_ex+0x1f4/0x770
[  162.169509][ T8242]  __hw_addr_add_ex+0x1f4/0x770
[  162.169541][ T8242]  dev_addr_init+0x14f/0x230
[  162.169569][ T8242]  ? __pfx_dev_addr_init+0x10/0x10
[  162.169589][ T8242]  ? alloc_netdev_mqs+0xa6/0x11e0
[  162.169631][ T8242]  alloc_netdev_mqs+0x2f3/0x11e0
[  162.169656][ T8242]  ? __pfx_macvlan_setup+0x10/0x10
[  162.169686][ T8242]  rtnl_create_link+0x31f/0xd10
[  162.169721][ T8242]  rtnl_newlink_create+0x25c/0xb00
[  162.169750][ T8242]  ? __mutex_lock+0x51b/0xe80
[  162.169785][ T8242]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  162.169806][ T8242]  ? rtnl_newlink+0x8db/0x1c70
[  162.169829][ T8242]  ? __pfx___mutex_lock+0x10/0x10
[  162.169866][ T8242]  ? ns_capable+0x8a/0xf0
[  162.169888][ T8242]  rtnl_newlink+0x16d6/0x1c70
[  162.169924][ T8242]  ? __pfx_rtnl_newlink+0x10/0x10
[  162.169945][ T8242]  ? is_bpf_text_address+0x26/0x2b0
[  162.169978][ T8242]  ? is_bpf_text_address+0x292/0x2b0
[  162.170009][ T8242]  ? __lock_acquire+0xaac/0xd20
[  162.170048][ T8242]  ? __lock_acquire+0xaac/0xd20
[  162.170095][ T8242]  ? is_bpf_text_address+0x26/0x2b0
[  162.170127][ T8242]  ? is_bpf_text_address+0x292/0x2b0
[  162.170153][ T8242]  ? is_bpf_text_address+0x26/0x2b0
[  162.170189][ T8242]  ? aa_get_newest_label+0xf7/0x5d0
[  162.170213][ T8242]  ? __lock_acquire+0xaac/0xd20
[  162.170284][ T8242]  ? __pfx_rtnl_newlink+0x10/0x10
[  162.170302][ T8242]  rtnetlink_rcv_msg+0x7cc/0xb70
[  162.170320][ T8242]  ? kasan_save_track+0x4f/0x80
[  162.170344][ T8242]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  162.170361][ T8242]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.170380][ T8242]  ? __lock_acquire+0xaac/0xd20
[  162.170422][ T8242]  netlink_rcv_skb+0x219/0x490
[  162.170444][ T8242]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.170466][ T8242]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  162.170509][ T8242]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.170528][ T8242]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.170554][ T8242]  netlink_unicast+0x758/0x8d0
[  162.170586][ T8242]  netlink_sendmsg+0x805/0xb30
[  162.170609][ T8242]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.170627][ T8242]  ? aa_sock_msg_perm+0x94/0x160
[  162.170643][ T8242]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  162.170659][ T8242]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.170676][ T8242]  __sock_sendmsg+0x219/0x270
[  162.170700][ T8242]  ____sys_sendmsg+0x505/0x830
[  162.170722][ T8242]  ? __pfx_____sys_sendmsg+0x10/0x10
[  162.170747][ T8242]  ? import_iovec+0x74/0xa0
[  162.170769][ T8242]  ___sys_sendmsg+0x21f/0x2a0
[  162.170788][ T8242]  ? __pfx____sys_sendmsg+0x10/0x10
[  162.170834][ T8242]  ? __fget_files+0x2a/0x420
[  162.170853][ T8242]  ? __fget_files+0x3a0/0x420
[  162.170879][ T8242]  __x64_sys_sendmsg+0x19b/0x260
[  162.170899][ T8242]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  162.170930][ T8242]  ? do_syscall_64+0xba/0x210
[  162.170954][ T8242]  do_syscall_64+0xf6/0x210
[  162.170976][ T8242]  ? clear_bhb_loop+0x45/0xa0
[  162.170994][ T8242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.171008][ T8242] RIP: 0033:0x7f607638e969
[  162.171021][ T8242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.171034][ T8242] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  162.171050][ T8242] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  162.171060][ T8242] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  162.171070][ T8242] RBP: 00007f60772cc090 R08: 0000000000000000 R09: 0000000000000000
[  162.171079][ T8242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.171087][ T8242] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  162.171110][ T8242]  </TASK>
[  162.593466][ T3074] tipc: Node number set to 1
[  162.612209][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.620168][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.735756][ T6820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.751402][ T6820] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.784458][ T8246] __nla_validate_parse: 5 callbacks suppressed
[  162.784475][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.667'.
[  162.799952][ T8246] netlink: 27 bytes leftover after parsing attributes in process `syz.3.667'.
[  163.090630][ T8248] bond4: entered promiscuous mode
[  163.126009][ T8248] 8021q: adding VLAN 0 to HW filter on device bond4
[  163.132096][ T8256] tipc: Can't bind to reserved service type 2
[  163.430710][ T8269] xt_CT: You must specify a L4 protocol and not use inversions on it
[  163.470456][ T8266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.673'.
[  163.537316][ T8272] netlink: 24 bytes leftover after parsing attributes in process `syz.3.673'.
[  163.677438][ T8282] xt_hashlimit: overflow, rate too high: 1125899906842624
[  163.885342][ T8284] IPVS: set_ctl: invalid protocol: 60 172.30.1.5:20001
[  163.900498][ T8294] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  164.890648][ T8310] netlink: 'syz.4.685': attribute type 7 has an invalid length.
[  164.900445][ T8312] netlink: 16 bytes leftover after parsing attributes in process `syz.1.687'.
[  164.946655][ T8312] veth0: entered promiscuous mode
[  164.986106][ T8312] veth0: left promiscuous mode
[  165.074190][ T8323] netlink: 24 bytes leftover after parsing attributes in process `syz.3.688'.
[  165.439847][ T8340] bridge_slave_0: left allmulticast mode
[  165.455530][ T8340] bridge_slave_0: left promiscuous mode
[  165.461385][ T8340] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.502530][ T8341] netlink: 'syz.1.694': attribute type 10 has an invalid length.
[  165.547618][ T8340] bridge_slave_1: left allmulticast mode
[  165.559180][ T8340] bridge_slave_1: left promiscuous mode
[  165.578958][ T8340] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.597976][ T8340] bond0: (slave bond_slave_0): Releasing backup interface
[  165.623279][ T8340] bond0: (slave bond_slave_1): Releasing backup interface
[  165.689212][ T8340] team0: Port device team_slave_0 removed
[  165.751017][ T8340] team0: Port device team_slave_1 removed
[  165.761607][ T8340] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.772366][ T8340] batman_adv: batadv0: Removing interface: batadv_slave_0
[  165.796938][ T8340] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  165.817628][ T8340] batman_adv: batadv0: Removing interface: batadv_slave_1
[  165.832450][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.697'.
[  165.863201][ T8350] netlink: 32 bytes leftover after parsing attributes in process `syz.2.697'.
[  165.950708][   T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.046923][ T8341] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  166.135082][ T8350] xt_hashlimit: size too large, truncated to 1048576
[  166.234074][ T8350] xt_hashlimit: invalid rate
[  166.309789][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  166.326898][   T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.341358][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  166.352055][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  166.361816][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  166.374347][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  166.596917][   T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.617387][ T8368] netlink: 16 bytes leftover after parsing attributes in process `syz.4.699'.
[  167.030574][   T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.295481][ T8382] netlink: 16 bytes leftover after parsing attributes in process `syz.1.704'.
[  167.362749][ T8382] FAULT_INJECTION: forcing a failure.
[  167.362749][ T8382] name failslab, interval 1, probability 0, space 0, times 0
[  167.380575][ T8382] CPU: 1 UID: 0 PID: 8382 Comm: syz.1.704 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  167.380602][ T8382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  167.380614][ T8382] Call Trace:
[  167.380622][ T8382]  <TASK>
[  167.380630][ T8382]  dump_stack_lvl+0x189/0x250
[  167.380664][ T8382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.380691][ T8382]  ? __pfx__printk+0x10/0x10
[  167.380714][ T8382]  ? __mutex_trylock_common+0x153/0x260
[  167.380742][ T8382]  should_fail_ex+0x414/0x560
[  167.380772][ T8382]  should_failslab+0xa8/0x100
[  167.380800][ T8382]  __kmalloc_cache_noprof+0x70/0x3d0
[  167.380822][ T8382]  ? __hw_addr_add_ex+0x1f4/0x770
[  167.380850][ T8382]  __hw_addr_add_ex+0x1f4/0x770
[  167.380878][ T8382]  dev_addr_init+0x14f/0x230
[  167.380903][ T8382]  ? __pfx_dev_addr_init+0x10/0x10
[  167.380921][ T8382]  ? alloc_netdev_mqs+0xa6/0x11e0
[  167.380959][ T8382]  alloc_netdev_mqs+0x2f3/0x11e0
[  167.380983][ T8382]  ? __pfx_macvlan_setup+0x10/0x10
[  167.381016][ T8382]  rtnl_create_link+0x31f/0xd10
[  167.381048][ T8382]  rtnl_newlink_create+0x25c/0xb00
[  167.381073][ T8382]  ? __mutex_lock+0x51b/0xe80
[  167.381105][ T8382]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  167.381123][ T8382]  ? rtnl_newlink+0x8db/0x1c70
[  167.381143][ T8382]  ? __pfx___mutex_lock+0x10/0x10
[  167.381179][ T8382]  ? ns_capable+0x8a/0xf0
[  167.381200][ T8382]  rtnl_newlink+0x16d6/0x1c70
[  167.381219][ T8382]  ? __kasan_slab_free+0x62/0x70
[  167.381251][ T8382]  ? __pfx_rtnl_newlink+0x10/0x10
[  167.381307][ T8382]  ? kasan_quarantine_put+0xdd/0x220
[  167.381325][ T8382]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.381354][ T8382]  ? nlmon_xmit+0xb0/0x100
[  167.381374][ T8382]  ? kmem_cache_free+0x192/0x3f0
[  167.381403][ T8382]  ? __local_bh_enable_ip+0x12d/0x1c0
[  167.381447][ T8382]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.381473][ T8382]  ? __local_bh_enable_ip+0x12d/0x1c0
[  167.381501][ T8382]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  167.381537][ T8382]  ? aa_get_newest_label+0xf7/0x5d0
[  167.381558][ T8382]  ? __lock_acquire+0xaac/0xd20
[  167.381607][ T8382]  ? __pfx_rtnl_newlink+0x10/0x10
[  167.381625][ T8382]  rtnetlink_rcv_msg+0x7cc/0xb70
[  167.381647][ T8382]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  167.381664][ T8382]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  167.381686][ T8382]  ? ref_tracker_free+0x63a/0x7d0
[  167.381702][ T8382]  ? __copy_skb_header+0xa7/0x550
[  167.381734][ T8382]  netlink_rcv_skb+0x219/0x490
[  167.381755][ T8382]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  167.381775][ T8382]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  167.381813][ T8382]  ? netlink_deliver_tap+0x2e/0x1b0
[  167.381832][ T8382]  ? netlink_deliver_tap+0x2e/0x1b0
[  167.381855][ T8382]  netlink_unicast+0x758/0x8d0
[  167.381894][ T8382]  netlink_sendmsg+0x805/0xb30
[  167.381922][ T8382]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.381944][ T8382]  ? aa_sock_msg_perm+0x94/0x160
[  167.381964][ T8382]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  167.381984][ T8382]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.382012][ T8382]  __sock_sendmsg+0x219/0x270
[  167.382042][ T8382]  ____sys_sendmsg+0x505/0x830
[  167.382070][ T8382]  ? __pfx_____sys_sendmsg+0x10/0x10
[  167.382101][ T8382]  ? import_iovec+0x74/0xa0
[  167.382129][ T8382]  ___sys_sendmsg+0x21f/0x2a0
[  167.382153][ T8382]  ? __pfx____sys_sendmsg+0x10/0x10
[  167.382213][ T8382]  ? __fget_files+0x2a/0x420
[  167.382235][ T8382]  ? __fget_files+0x3a0/0x420
[  167.382269][ T8382]  __x64_sys_sendmsg+0x19b/0x260
[  167.382295][ T8382]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  167.382336][ T8382]  ? do_syscall_64+0xba/0x210
[  167.382366][ T8382]  do_syscall_64+0xf6/0x210
[  167.382392][ T8382]  ? clear_bhb_loop+0x45/0xa0
[  167.382416][ T8382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.382434][ T8382] RIP: 0033:0x7fbd14d8e969
[  167.382450][ T8382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.382466][ T8382] RSP: 002b:00007fbd15be1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  167.382486][ T8382] RAX: ffffffffffffffda RBX: 00007fbd14fb5fa0 RCX: 00007fbd14d8e969
[  167.382499][ T8382] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  167.382511][ T8382] RBP: 00007fbd15be1090 R08: 0000000000000000 R09: 0000000000000000
[  167.382523][ T8382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.382533][ T8382] R13: 0000000000000000 R14: 00007fbd14fb5fa0 R15: 00007ffceb27a8e8
[  167.382563][ T8382]  </TASK>
[  168.184005][   T53] bridge_slave_1: left allmulticast mode
[  168.190844][   T53] bridge_slave_1: left promiscuous mode
[  168.196958][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.208038][   T53] bridge_slave_0: left allmulticast mode
[  168.213713][   T53] bridge_slave_0: left promiscuous mode
[  168.223355][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.344827][ T8410] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'.
[  168.441425][ T8411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.709'.
[  168.468239][ T5832] Bluetooth: hci3: command tx timeout
[  168.600507][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  168.613673][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  168.624754][   T53] bond0 (unregistering): Released all slaves
[  168.660931][ T8359] chnl_net:caif_netlink_parms(): no params data found
[  168.903791][ T8419] !
: renamed from dummy0
[  168.955962][ T8422] netlink: 28 bytes leftover after parsing attributes in process `syz.4.711'.
[  169.028503][ T8420] netlink: 12 bytes leftover after parsing attributes in process `syz.3.710'.
[  169.088653][ T8359] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.112325][ T8359] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.128259][ T8432] netlink: 60 bytes leftover after parsing attributes in process `syz.2.712'.
[  169.132120][ T8359] bridge_slave_0: entered allmulticast mode
[  169.172141][ T8359] bridge_slave_0: entered promiscuous mode
[  169.394749][   T53] hsr_slave_0: left promiscuous mode
[  169.447975][   T53] hsr_slave_1: left promiscuous mode
[  169.454233][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.484657][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.542440][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.560372][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  169.658199][   T53] veth1_macvtap: left promiscuous mode
[  169.674391][   T53] veth0_macvtap: left promiscuous mode
[  169.680342][   T53] veth1_vlan: left promiscuous mode
[  169.687125][ T8443] netlink: 28 bytes leftover after parsing attributes in process `syz.1.714'.
[  169.698373][   T53] veth0_vlan: left promiscuous mode
[  170.451330][   T53] team0 (unregistering): Port device team_slave_1 removed
[  170.486310][   T53] team0 (unregistering): Port device team_slave_0 removed
[  170.551842][ T5832] Bluetooth: hci3: command tx timeout
[  170.830510][ T8359] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.842611][ T8359] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.852092][ T8359] bridge_slave_1: entered allmulticast mode
[  170.860342][ T8359] bridge_slave_1: entered promiscuous mode
[  171.010423][ T8454] netlink: 16 bytes leftover after parsing attributes in process `syz.4.716'.
[  171.097503][ T8454] FAULT_INJECTION: forcing a failure.
[  171.097503][ T8454] name failslab, interval 1, probability 0, space 0, times 0
[  171.119760][ T8454] CPU: 0 UID: 0 PID: 8454 Comm: syz.4.716 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  171.119786][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  171.119797][ T8454] Call Trace:
[  171.119805][ T8454]  <TASK>
[  171.119812][ T8454]  dump_stack_lvl+0x189/0x250
[  171.119848][ T8454]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.119875][ T8454]  ? __pfx__printk+0x10/0x10
[  171.119896][ T8454]  ? __pfx___might_resched+0x10/0x10
[  171.119914][ T8454]  ? fs_reclaim_acquire+0x7d/0x100
[  171.119944][ T8454]  should_fail_ex+0x414/0x560
[  171.119978][ T8454]  should_failslab+0xa8/0x100
[  171.120003][ T8454]  __kmalloc_cache_noprof+0x70/0x3d0
[  171.120024][ T8454]  ? alloc_netdev_mqs+0xbd5/0x11e0
[  171.120047][ T8454]  ? __xdp_rxq_info_reg+0x189/0x2a0
[  171.120072][ T8454]  alloc_netdev_mqs+0xbd5/0x11e0
[  171.120104][ T8454]  rtnl_create_link+0x31f/0xd10
[  171.120136][ T8454]  rtnl_newlink_create+0x25c/0xb00
[  171.120161][ T8454]  ? __mutex_lock+0x51b/0xe80
[  171.120193][ T8454]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  171.120211][ T8454]  ? rtnl_newlink+0x8db/0x1c70
[  171.120232][ T8454]  ? __pfx___mutex_lock+0x10/0x10
[  171.120267][ T8454]  ? ns_capable+0x8a/0xf0
[  171.120288][ T8454]  rtnl_newlink+0x16d6/0x1c70
[  171.120322][ T8454]  ? __pfx_rtnl_newlink+0x10/0x10
[  171.120342][ T8454]  ? is_bpf_text_address+0x26/0x2b0
[  171.120372][ T8454]  ? is_bpf_text_address+0x292/0x2b0
[  171.120402][ T8454]  ? __lock_acquire+0xaac/0xd20
[  171.120441][ T8454]  ? __lock_acquire+0xaac/0xd20
[  171.120490][ T8454]  ? is_bpf_text_address+0x26/0x2b0
[  171.120530][ T8454]  ? is_bpf_text_address+0x292/0x2b0
[  171.120552][ T8454]  ? is_bpf_text_address+0x26/0x2b0
[  171.120600][ T8454]  ? aa_get_newest_label+0xf7/0x5d0
[  171.120622][ T8454]  ? __lock_acquire+0xaac/0xd20
[  171.120671][ T8454]  ? __pfx_rtnl_newlink+0x10/0x10
[  171.120689][ T8454]  rtnetlink_rcv_msg+0x7cc/0xb70
[  171.120706][ T8454]  ? kasan_save_track+0x4f/0x80
[  171.120735][ T8454]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  171.120752][ T8454]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  171.120771][ T8454]  ? __lock_acquire+0xaac/0xd20
[  171.120808][ T8454]  netlink_rcv_skb+0x219/0x490
[  171.120828][ T8454]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  171.120848][ T8454]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  171.120886][ T8454]  ? netlink_deliver_tap+0x2e/0x1b0
[  171.120903][ T8454]  ? netlink_deliver_tap+0x2e/0x1b0
[  171.120927][ T8454]  netlink_unicast+0x758/0x8d0
[  171.120967][ T8454]  netlink_sendmsg+0x805/0xb30
[  171.120995][ T8454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.121018][ T8454]  ? aa_sock_msg_perm+0x94/0x160
[  171.121038][ T8454]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  171.121058][ T8454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.121079][ T8454]  __sock_sendmsg+0x219/0x270
[  171.121109][ T8454]  ____sys_sendmsg+0x505/0x830
[  171.121136][ T8454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  171.121167][ T8454]  ? import_iovec+0x74/0xa0
[  171.121194][ T8454]  ___sys_sendmsg+0x21f/0x2a0
[  171.121218][ T8454]  ? __pfx____sys_sendmsg+0x10/0x10
[  171.121277][ T8454]  ? __fget_files+0x2a/0x420
[  171.121300][ T8454]  ? __fget_files+0x3a0/0x420
[  171.121332][ T8454]  __x64_sys_sendmsg+0x19b/0x260
[  171.121356][ T8454]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  171.121395][ T8454]  ? do_syscall_64+0xba/0x210
[  171.121425][ T8454]  do_syscall_64+0xf6/0x210
[  171.121451][ T8454]  ? clear_bhb_loop+0x45/0xa0
[  171.121474][ T8454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.121491][ T8454] RIP: 0033:0x7f6495b8e969
[  171.121508][ T8454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.121524][ T8454] RSP: 002b:00007f6496911038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.121543][ T8454] RAX: ffffffffffffffda RBX: 00007f6495db5fa0 RCX: 00007f6495b8e969
[  171.121555][ T8454] RDX: 000000000000c010 RSI: 00002000000002c0 RDI: 0000000000000010
[  171.121566][ T8454] RBP: 00007f6496911090 R08: 0000000000000000 R09: 0000000000000000
[  171.121578][ T8454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  171.121588][ T8454] R13: 0000000000000000 R14: 00007f6495db5fa0 R15: 00007ffec74f0048
[  171.121618][ T8454]  </TASK>
[  171.605639][ T8359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.638608][ T8359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.813325][ T8466] netlink: 4 bytes leftover after parsing attributes in process `syz.4.720'.
[  171.825787][ T8466] netlink: 'syz.4.720': attribute type 7 has an invalid length.
[  171.839648][ T8359] team0: Port device team_slave_0 added
[  171.849950][ T8359] team0: Port device team_slave_1 added
[  171.950843][ T8470] sock: sock_set_timeout: `syz.4.722' (pid 8470) tries to set negative timeout
[  171.979323][ T8359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.996055][ T8359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.028383][ T8359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.047021][ T8470] geneve1: entered promiscuous mode
[  172.054334][ T8359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.068246][ T8359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.216658][ T8359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.238947][ T8478] netlink: 16 bytes leftover after parsing attributes in process `syz.2.721'.
[  172.577889][ T8359] hsr_slave_0: entered promiscuous mode
[  172.586313][ T8359] hsr_slave_1: entered promiscuous mode
[  172.592702][ T8359] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.613202][ T8359] Cannot create hsr debugfs directory
[  172.624887][ T5832] Bluetooth: hci3: command tx timeout
[  172.880951][ T8487] netlink: 32 bytes leftover after parsing attributes in process `syz.1.724'.
[  173.715356][ T8497] netlink: 388 bytes leftover after parsing attributes in process `syz.3.728'.
[  174.044272][ T8359] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  174.090277][ T8359] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  174.110740][ T8359] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  174.209500][ T8359] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  174.229863][ T8515] netlink: 24 bytes leftover after parsing attributes in process `syz.1.734'.
[  174.285310][ T8515] netlink: 24 bytes leftover after parsing attributes in process `syz.1.734'.
[  174.644697][ T8359] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.682230][ T8359] 8021q: adding VLAN 0 to HW filter on device team0
[  174.707164][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.708121][ T5832] Bluetooth: hci3: command tx timeout
[  174.714511][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.739661][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.746860][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.043924][ T8548] netlink: 16 bytes leftover after parsing attributes in process `syz.2.740'.
[  175.137332][ T8547] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input6
[  175.152662][ T8359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.334244][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.4.742'.
[  175.344995][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.4.742'.
[  175.353956][ T8554] netlink: 'syz.4.742': attribute type 18 has an invalid length.
[  175.407440][ T8554] netlink: 'syz.4.742': attribute type 13 has an invalid length.
[  175.438484][ T8359] veth0_vlan: entered promiscuous mode
[  175.468824][ T8359] veth1_vlan: entered promiscuous mode
[  175.513422][ T8359] veth0_macvtap: entered promiscuous mode
[  175.525597][ T8359] veth1_macvtap: entered promiscuous mode
[  175.769227][ T8564] netlink: 48 bytes leftover after parsing attributes in process `syz.1.744'.
[  175.787952][ T8563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.745'.
[  175.807458][ T8359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.827636][ T8564] vti0: entered promiscuous mode
[  175.855894][ T8563] !
: entered promiscuous mode
[  175.876739][ T8563] !
: left promiscuous mode
[  175.959560][ T8359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.992180][ T8359] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.041658][ T8359] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.084471][ T8359] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.123183][ T8359] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.490266][ T8587] netlink: 24 bytes leftover after parsing attributes in process `syz.4.751'.
[  176.496833][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.511671][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.524991][ T8587] netlink: 24 bytes leftover after parsing attributes in process `syz.4.751'.
[  176.624544][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.632571][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.159615][ T8599] netlink: 'syz.1.754': attribute type 10 has an invalid length.
[  177.618642][ T8621] sock: sock_timestamping_bind_phc: sock not bind to device
[  177.640454][ T8622] bridge0: port 4(batadv0) entered blocking state
[  177.647008][ T8622] bridge0: port 4(batadv0) entered forwarding state
[  177.659829][ T8622] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  177.985029][ T5828] Bluetooth: hci3: command 0x0405 tx timeout
[  178.745560][ T8638] __nla_validate_parse: 5 callbacks suppressed
[  178.745578][ T8638] netlink: 16 bytes leftover after parsing attributes in process `syz.1.763'.
[  178.871164][   T66] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.372779][   T66] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.489064][   T66] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.582092][   T66] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.684360][   T66] bridge_slave_1: left allmulticast mode
[  179.690558][   T66] bridge_slave_1: left promiscuous mode
[  179.696476][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.707593][   T66] bridge_slave_0: left allmulticast mode
[  179.713373][   T66] bridge_slave_0: left promiscuous mode
[  179.722587][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.933045][ T8642] netlink: 40 bytes leftover after parsing attributes in process `syz.1.766'.
[  180.004257][ T8650] netlink: 40 bytes leftover after parsing attributes in process `syz.1.766'.
[  180.017558][ T8646] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  180.201171][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.231986][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.251278][   T66] bond0 (unregistering): Released all slaves
[  180.265280][ T5138] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  180.274539][ T5138] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  180.286187][ T5138] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  180.294917][ T5138] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  180.307524][ T5138] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  180.329974][ T8644] netlink: 16 bytes leftover after parsing attributes in process `syz.2.767'.
[  180.458159][ T8649] can: request_module (can-proto-3) failed.
[  180.524986][ T8669] netlink: 24 bytes leftover after parsing attributes in process `syz.1.772'.
[  180.569905][ T8672] netlink: 16 bytes leftover after parsing attributes in process `syz.3.773'.
[  180.648484][ T8672] !
: entered promiscuous mode
[  180.664331][ T8672] !
: left promiscuous mode
[  180.885319][   T66] hsr_slave_0: left promiscuous mode
[  180.891249][   T66] hsr_slave_1: left promiscuous mode
[  180.898971][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  180.906464][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  180.927578][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.935308][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  181.065602][   T66] veth1_macvtap: left promiscuous mode
[  181.071206][   T66] veth0_macvtap: left promiscuous mode
[  181.078950][ T8689] netlink: 16 bytes leftover after parsing attributes in process `syz.3.776'.
[  181.094685][   T66] veth1_vlan: left promiscuous mode
[  181.100070][   T66] veth0_vlan: left promiscuous mode
[  182.086158][ T8705] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[  182.144490][ T5138] Bluetooth: hci4: command 0x0405 tx timeout
[  182.333436][   T66] team0 (unregistering): Port device team_slave_1 removed
[  182.367982][   T66] team0 (unregistering): Port device team_slave_0 removed
[  182.389152][ T5832] Bluetooth: hci3: command tx timeout
[  182.902649][ T8710] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  182.945147][ T8710] netlink: 'syz.4.782': attribute type 6 has an invalid length.
[  182.964510][ T8710] netlink: 'syz.4.782': attribute type 7 has an invalid length.
[  182.972196][ T8710] netlink: 'syz.4.782': attribute type 8 has an invalid length.
[  183.107240][ T8659] chnl_net:caif_netlink_parms(): no params data found
[  183.256550][ T8721] netlink: 16 bytes leftover after parsing attributes in process `syz.2.786'.
[  183.269593][ T8725] netlink: 'syz.4.787': attribute type 1 has an invalid length.
[  183.278249][ T8725] netlink: 'syz.4.787': attribute type 1 has an invalid length.
[  183.286664][ T8725] netlink: 'syz.4.787': attribute type 2 has an invalid length.
[  183.455590][ T8659] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.472093][ T8659] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.476245][ T8732] netlink: 24 bytes leftover after parsing attributes in process `syz.4.789'.
[  183.480103][ T8659] bridge_slave_0: entered allmulticast mode
[  183.497474][ T8659] bridge_slave_0: entered promiscuous mode
[  183.595896][ T8659] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.603790][ T8659] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.612441][ T8659] bridge_slave_1: entered allmulticast mode
[  183.619747][ T8659] bridge_slave_1: entered promiscuous mode
[  183.718385][ T8659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  183.730926][ T8659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  183.809163][ T8659] team0: Port device team_slave_0 added
[  183.818557][ T8659] team0: Port device team_slave_1 added
[  183.881545][ T8659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  183.888795][ T8659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  183.921303][ T8659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  183.929450][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  183.935422][ T8659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  183.951540][ T8659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  183.963244][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  183.977723][ T8659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.046240][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.078045][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.113058][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.177999][ T8659] hsr_slave_0: entered promiscuous mode
[  184.200446][ T8659] hsr_slave_1: entered promiscuous mode
[  184.209055][ T8659] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  184.218445][ T8659] Cannot create hsr debugfs directory
[  184.329172][ T8746] netlink: 24 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.385402][ T8746] netlink: 2 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.428489][ T8746] netlink: 24 bytes leftover after parsing attributes in process `syz.3.791'.
[  184.468740][ T5832] Bluetooth: hci3: command tx timeout
[  184.858944][ T8771] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  185.157161][ T8781] netlink: 16 bytes leftover after parsing attributes in process `syz.2.800'.
[  185.432477][ T8782] macvtap1: entered promiscuous mode
[  185.437927][ T8782] vlan0: entered promiscuous mode
[  185.444000][ T8782] macvtap1: entered allmulticast mode
[  185.449868][ T8782] vlan0: entered allmulticast mode
[  185.455412][ T8782] veth0_vlan: entered allmulticast mode
[  186.006576][ T8782] vlan0: left allmulticast mode
[  186.011639][ T8782] veth0_vlan: left allmulticast mode
[  186.034951][ T8782] vlan0: left promiscuous mode
[  186.118837][ T8800] sctp: [Deprecated]: syz.1.806 (pid 8800) Use of int in maxseg socket option.
[  186.118837][ T8800] Use struct sctp_assoc_value instead
[  186.186118][ T8801] sctp: [Deprecated]: syz.1.806 (pid 8801) Use of int in maxseg socket option.
[  186.186118][ T8801] Use struct sctp_assoc_value instead
[  186.544766][ T5832] Bluetooth: hci3: command tx timeout
[  186.622434][ T8807] vlan2: entered allmulticast mode
[  186.638619][ T8807] bridge0: entered allmulticast mode
[  186.731017][ T8814] netlink: 32 bytes leftover after parsing attributes in process `syz.4.810'.
[  186.762364][ T8659] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  186.790591][ T8659] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  186.819836][ T8820] netlink: 'syz.2.812': attribute type 1 has an invalid length.
[  186.831512][ T8659] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  186.840080][ T8820] netlink: 'syz.2.812': attribute type 3 has an invalid length.
[  186.868630][ T8820] netlink: 'syz.2.812': attribute type 1 has an invalid length.
[  186.877438][ T8820] NCSI netlink: No device for ifindex 0
[  186.907852][ T8659] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  187.375393][ T8659] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.402966][ T8659] 8021q: adding VLAN 0 to HW filter on device team0
[  187.424666][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.431933][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.451926][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.459144][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.791903][ T8659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.876300][ T8859] macvlan1: entered promiscuous mode
[  187.882737][ T8859] ipvlan0: entered promiscuous mode
[  187.913619][ T8859] ipvlan0: left promiscuous mode
[  188.084449][ T8859] macvlan1: left promiscuous mode
[  188.272218][ T8659] veth0_vlan: entered promiscuous mode
[  188.323053][ T8659] veth1_vlan: entered promiscuous mode
[  188.453901][ T8659] veth0_macvtap: entered promiscuous mode
[  188.479119][ T8659] veth1_macvtap: entered promiscuous mode
[  188.544035][ T8659] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.593803][ T8659] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.630366][ T8659] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.643725][ T8659] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.654934][ T5832] Bluetooth: hci3: command tx timeout
[  188.663297][ T8659] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.722803][ T8659] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.796347][ T8891] sctp: [Deprecated]: syz.3.833 (pid 8891) Use of int in max_burst socket option deprecated.
[  188.796347][ T8891] Use struct sctp_assoc_value instead
[  188.932566][ T8896] !
: renamed from dummy0
[  188.956815][ T8898] __nla_validate_parse: 3 callbacks suppressed
[  188.956836][ T8898] netlink: 12 bytes leftover after parsing attributes in process `syz.4.836'.
[  189.048501][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.056846][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  189.111945][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  189.131826][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.457950][ T8918] IPVS: Scheduler module ip_vs_sip not found
[  190.475053][ T8920] IPVS: length: 24 != 16106127384
[  190.499880][ T3462] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.896665][ T3462] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.134205][ T3462] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.212334][ T8925] netlink: 16 bytes leftover after parsing attributes in process `syz.1.844'.
[  191.299966][ T3462] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.700711][ T3462] bridge_slave_1: left allmulticast mode
[  191.725497][ T3462] bridge_slave_1: left promiscuous mode
[  191.733623][ T3462] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.757158][ T3462] bridge_slave_0: left allmulticast mode
[  191.765250][ T5138] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  191.775076][ T3462] bridge_slave_0: left promiscuous mode
[  191.777235][ T8948] netlink: 8 bytes leftover after parsing attributes in process `syz.4.850'.
[  191.780867][ T3462] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.801974][ T5138] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  191.804779][ T8948] netlink: 24 bytes leftover after parsing attributes in process `syz.4.850'.
[  191.855040][ T5138] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  191.881689][ T5138] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  191.890346][ T5138] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  192.172125][ T8956] FAULT_INJECTION: forcing a failure.
[  192.172125][ T8956] name failslab, interval 1, probability 0, space 0, times 0
[  192.188959][ T8956] CPU: 1 UID: 0 PID: 8956 Comm: syz.3.855 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  192.188994][ T8956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  192.189005][ T8956] Call Trace:
[  192.189013][ T8956]  <TASK>
[  192.189020][ T8956]  dump_stack_lvl+0x189/0x250
[  192.189056][ T8956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.189083][ T8956]  ? __pfx__printk+0x10/0x10
[  192.189104][ T8956]  ? __pfx___might_resched+0x10/0x10
[  192.189121][ T8956]  ? fs_reclaim_acquire+0x7d/0x100
[  192.189153][ T8956]  should_fail_ex+0x414/0x560
[  192.189185][ T8956]  should_failslab+0xa8/0x100
[  192.189209][ T8956]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  192.189230][ T8956]  ? __alloc_skb+0x112/0x2d0
[  192.189252][ T8956]  __alloc_skb+0x112/0x2d0
[  192.189274][ T8956]  alloc_skb_with_frags+0xca/0x890
[  192.189309][ T8956]  sock_alloc_send_pskb+0x857/0x990
[  192.189351][ T8956]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  192.189385][ T8956]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  192.189411][ T8956]  unix_dgram_sendmsg+0x5c2/0x17c0
[  192.189439][ T8956]  ? __lock_acquire+0xaac/0xd20
[  192.189468][ T8956]  ? aa_sk_perm+0x81e/0x950
[  192.189499][ T8956]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  192.189527][ T8956]  ? aa_sock_msg_perm+0x94/0x160
[  192.189546][ T8956]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  192.189565][ T8956]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  192.189587][ T8956]  __sock_sendmsg+0x219/0x270
[  192.189616][ T8956]  ____sys_sendmsg+0x52d/0x830
[  192.189642][ T8956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.189668][ T8956]  ? import_iovec+0x74/0xa0
[  192.189692][ T8956]  ___sys_sendmsg+0x21f/0x2a0
[  192.189712][ T8956]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.189770][ T8956]  ? __might_fault+0xb0/0x130
[  192.189794][ T8956]  __sys_sendmmsg+0x227/0x430
[  192.189817][ T8956]  ? __pfx___sys_sendmmsg+0x10/0x10
[  192.189844][ T8956]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  192.189882][ T8956]  ? ksys_write+0x1f0/0x250
[  192.189898][ T8956]  ? rcu_is_watching+0x15/0xb0
[  192.189935][ T8956]  __x64_sys_sendmmsg+0xa0/0xc0
[  192.189956][ T8956]  do_syscall_64+0xf6/0x210
[  192.189987][ T8956]  ? clear_bhb_loop+0x45/0xa0
[  192.190007][ T8956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.190022][ T8956] RIP: 0033:0x7f607638e969
[  192.190037][ T8956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.190051][ T8956] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  192.190068][ T8956] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  192.190080][ T8956] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  192.190090][ T8956] RBP: 00007f60772cc090 R08: 0000000000000000 R09: 0000000000000000
[  192.190100][ T8956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  192.190109][ T8956] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  192.190134][ T8956]  </TASK>
[  192.689360][ T8965] netlink: 16 bytes leftover after parsing attributes in process `syz.4.858'.
[  192.719958][ T8966] openvswitch: netlink: Message has 24 unknown bytes.
[  192.726825][ T8966] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  192.955010][ T3462] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.963805][ T8842] Set syz1 is full, maxelem 65536 reached
[  192.976775][ T3462] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  192.991522][ T3462] bond0 (unregistering): Released all slaves
[  193.032272][ T8965] batadv0: entered promiscuous mode
[  193.040978][ T8965] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  193.055939][ T8965] batadv0: left promiscuous mode
[  193.124189][ T8970] netlink: 24 bytes leftover after parsing attributes in process `syz.2.859'.
[  193.278443][ T8974] netlink: 20 bytes leftover after parsing attributes in process `syz.1.861'.
[  193.327682][ T8974] netlink: 16 bytes leftover after parsing attributes in process `syz.1.861'.
[  193.443586][ T8979] bridge0: port 4(batadv0) entered disabled state
[  193.501481][ T8979] veth0: left allmulticast mode
[  193.508213][ T8979] veth1: left allmulticast mode
[  193.513375][ T8979] wg0: left allmulticast mode
[  193.518758][ T8979] wg1: left allmulticast mode
[  193.523719][ T8979] wg2: left allmulticast mode
[  193.530130][ T8979] veth0_to_bridge: left allmulticast mode
[  193.536373][ T8979] veth1_to_bridge: left allmulticast mode
[  193.542563][ T8979] veth0_to_bond: left allmulticast mode
[  193.548855][ T8979] bond_slave_0: left allmulticast mode
[  193.552188][ T8989] FAULT_INJECTION: forcing a failure.
[  193.552188][ T8989] name failslab, interval 1, probability 0, space 0, times 0
[  193.554711][ T8979] veth1_to_bond: left allmulticast mode
[  193.570933][ T8989] CPU: 0 UID: 0 PID: 8989 Comm: syz.3.866 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  193.570959][ T8989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  193.570972][ T8989] Call Trace:
[  193.570980][ T8989]  <TASK>
[  193.570988][ T8989]  dump_stack_lvl+0x189/0x250
[  193.571025][ T8989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.571053][ T8989]  ? __pfx__printk+0x10/0x10
[  193.571077][ T8989]  ? __pfx___might_resched+0x10/0x10
[  193.571095][ T8989]  ? fs_reclaim_acquire+0x7d/0x100
[  193.571129][ T8989]  should_fail_ex+0x414/0x560
[  193.571165][ T8989]  should_failslab+0xa8/0x100
[  193.571193][ T8989]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  193.571217][ T8989]  ? __alloc_skb+0x112/0x2d0
[  193.571244][ T8989]  __alloc_skb+0x112/0x2d0
[  193.571269][ T8989]  alloc_skb_with_frags+0xca/0x890
[  193.571308][ T8989]  sock_alloc_send_pskb+0x857/0x990
[  193.571354][ T8989]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  193.571398][ T8989]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  193.571426][ T8989]  unix_dgram_sendmsg+0x5c2/0x17c0
[  193.571456][ T8989]  ? __lock_acquire+0xaac/0xd20
[  193.571488][ T8989]  ? aa_sk_perm+0x81e/0x950
[  193.571523][ T8989]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  193.571553][ T8989]  ? aa_sock_msg_perm+0x94/0x160
[  193.571574][ T8989]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  193.571594][ T8989]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  193.571617][ T8989]  __sock_sendmsg+0x219/0x270
[  193.571650][ T8989]  ____sys_sendmsg+0x52d/0x830
[  193.571678][ T8989]  ? __pfx_____sys_sendmsg+0x10/0x10
[  193.571710][ T8989]  ? import_iovec+0x74/0xa0
[  193.571739][ T8989]  ___sys_sendmsg+0x21f/0x2a0
[  193.571765][ T8989]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.571833][ T8989]  ? __might_fault+0xb0/0x130
[  193.571867][ T8989]  __sys_sendmmsg+0x227/0x430
[  193.571896][ T8989]  ? __pfx___sys_sendmmsg+0x10/0x10
[  193.571929][ T8989]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  193.571977][ T8989]  ? ksys_write+0x1f0/0x250
[  193.571996][ T8989]  ? rcu_is_watching+0x15/0xb0
[  193.572035][ T8989]  __x64_sys_sendmmsg+0xa0/0xc0
[  193.572061][ T8989]  do_syscall_64+0xf6/0x210
[  193.572091][ T8989]  ? clear_bhb_loop+0x45/0xa0
[  193.572115][ T8989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.572135][ T8989] RIP: 0033:0x7f607638e969
[  193.572152][ T8989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.572168][ T8989] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  193.572189][ T8989] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  193.572203][ T8989] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  193.572216][ T8989] RBP: 00007f60772cc090 R08: 0000000000000000 R09: 0000000000000000
[  193.572228][ T8989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  193.572239][ T8989] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  193.572270][ T8989]  </TASK>
[  193.866408][ T8979] bond_slave_1: left allmulticast mode
[  193.872056][ T8979] veth0_to_team: left allmulticast mode
[  193.877865][ T8979] team_slave_0: left allmulticast mode
[  193.883503][ T8979] veth1_to_team: left allmulticast mode
[  193.889591][ T8979] team_slave_1: left allmulticast mode
[  193.895260][ T8979] veth0_to_batadv: left allmulticast mode
[  193.901143][ T8979] batadv_slave_0: left allmulticast mode
[  193.908245][ T8979] veth1_to_batadv: left allmulticast mode
[  193.914149][ T8979] batadv_slave_1: left allmulticast mode
[  193.920045][ T8979] xfrm0: left allmulticast mode
[  193.925614][ T8979] veth0_to_hsr: left allmulticast mode
[  193.931378][ T8979] veth1_to_hsr: left allmulticast mode
[  193.938399][ T8979] veth1_virt_wifi: left allmulticast mode
[  193.945139][ T8979] veth0_virt_wifi: left allmulticast mode
[  193.951375][ T8979] net veth1_virt_wifi virt_wifi0: left allmulticast mode
[  193.958574][ T8979] veth1_vlan: left allmulticast mode
[  193.964104][ T8979] vlan0: left allmulticast mode
[  193.969452][ T8979] vlan1: left allmulticast mode
[  193.974462][ T8979] macvlan0: left allmulticast mode
[  193.979692][ T8979] macvlan1: left allmulticast mode
[  193.986704][ T8979] ipvlan0: left allmulticast mode
[  193.991866][ T8979] ipvlan1: left allmulticast mode
[  193.996932][ T8979] veth0_vlan: left allmulticast mode
[  194.002474][ T8979] veth1_macvtap: left allmulticast mode
[  194.008376][ T8979] veth0_macvtap: left allmulticast mode
[  194.014045][ T8979] macvtap0: left allmulticast mode
[  194.019319][ T8979] macsec0: left allmulticast mode
[  194.025119][ T8979] geneve0: left allmulticast mode
[  194.030264][ T8979] geneve1: left allmulticast mode
[  194.035489][ T8979] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  194.042743][ T8979] netdevsim netdevsim2 netdevsim1: left allmulticast mode
[  194.050509][ T8979] netdevsim netdevsim2 netdevsim2: left allmulticast mode
[  194.057859][ T8979] netdevsim netdevsim2 netdevsim3: left allmulticast mode
[  194.066203][ T5138] Bluetooth: hci3: command tx timeout
[  194.072261][ T8979] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  194.079191][ T8979] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  194.086809][ T8979] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  194.095892][ T8979] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  194.105302][ T8979] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  194.114159][ T8979] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  194.123227][ T8979] geneve2: left promiscuous mode
[  194.132836][ T8979] vlan2: left allmulticast mode
[  194.137766][ T8979] bridge0: left allmulticast mode
[  194.327820][ T3462] hsr_slave_0: left promiscuous mode
[  194.338458][ T3462] hsr_slave_1: left promiscuous mode
[  194.348609][ T3462] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  194.356392][ T3462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  194.397897][ T3462] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.409189][ T3462] batman_adv: batadv0: Removing interface: batadv_slave_1
[  194.453746][ T3462] veth1_macvtap: left promiscuous mode
[  194.459560][ T3462] veth0_macvtap: left promiscuous mode
[  194.466639][ T3462] veth1_vlan: left promiscuous mode
[  194.472101][ T3462] veth0_vlan: left promiscuous mode
[  195.095500][ T3462] team0 (unregistering): Port device team_slave_1 removed
[  195.147193][ T3462] team0 (unregistering): Port device team_slave_0 removed
[  195.764059][ T8946] chnl_net:caif_netlink_parms(): no params data found
[  196.014739][ T8946] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.034079][ T8946] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.049272][ T8946] bridge_slave_0: entered allmulticast mode
[  196.067319][ T8946] bridge_slave_0: entered promiscuous mode
[  196.101605][ T8946] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.120076][ T8946] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.136514][ T8946] bridge_slave_1: entered allmulticast mode
[  196.146994][ T5138] Bluetooth: hci3: command tx timeout
[  196.165268][ T8946] bridge_slave_1: entered promiscuous mode
[  196.181060][ T9047] pim6reg1: entered promiscuous mode
[  196.186936][ T9047] pim6reg1: entered allmulticast mode
[  196.361900][ T8946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.399044][ T8946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.601739][ T8946] team0: Port device team_slave_0 added
[  196.618625][ T8946] team0: Port device team_slave_1 added
[  196.657522][ T9056] netlink: 16 bytes leftover after parsing attributes in process `syz.2.883'.
[  196.796089][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.809533][ T9065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.885'.
[  196.813341][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.876871][ T8946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.898858][ T9070] netlink: 'syz.1.886': attribute type 8 has an invalid length.
[  196.952084][ T9065] tipc: Disabling bearer <eth:vlan0>
[  197.085119][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_1
[  197.098473][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.132052][ T8946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  197.215071][ T9079] syzkaller1: entered promiscuous mode
[  197.228433][ T9079] syzkaller1: entered allmulticast mode
[  197.353359][ T8946] hsr_slave_0: entered promiscuous mode
[  197.360677][ T8946] hsr_slave_1: entered promiscuous mode
[  197.367203][ T8946] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  197.374890][ T8946] Cannot create hsr debugfs directory
[  197.613368][ T9098] netlink: 16 bytes leftover after parsing attributes in process `syz.3.899'.
[  197.869258][ T9115] netlink: 'syz.1.906': attribute type 11 has an invalid length.
[  197.885985][ T9115] netlink: 'syz.1.906': attribute type 4 has an invalid length.
[  197.893759][ T9115] netlink: 224 bytes leftover after parsing attributes in process `syz.1.906'.
[  198.227333][ T5138] Bluetooth: hci3: command tx timeout
[  198.426880][ T9143] syzkaller1: entered promiscuous mode
[  198.432488][ T9143] syzkaller1: entered allmulticast mode
[  198.442108][ T8946] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  198.508864][ T8946] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  198.521505][ T8946] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  198.545353][ T8946] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  198.709791][ T8946] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.760029][ T8946] 8021q: adding VLAN 0 to HW filter on device team0
[  198.833284][ T6820] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.840510][ T6820] bridge0: port 1(bridge_slave_0) entered forwarding state
[  198.901846][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.909059][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.985786][ T9151] FAULT_INJECTION: forcing a failure.
[  198.985786][ T9151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.005566][ T9149] sch_tbf: burst 3631 is lower than device lo mtu (39799) !
[  199.019662][ T9151] CPU: 1 UID: 0 PID: 9151 Comm: syz.2.916 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  199.019690][ T9151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  199.019701][ T9151] Call Trace:
[  199.019709][ T9151]  <TASK>
[  199.019716][ T9151]  dump_stack_lvl+0x189/0x250
[  199.019746][ T9151]  ? __lock_acquire+0xaac/0xd20
[  199.019774][ T9151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.019800][ T9151]  ? __pfx__printk+0x10/0x10
[  199.019817][ T9151]  ? __might_fault+0xb0/0x130
[  199.019851][ T9151]  should_fail_ex+0x414/0x560
[  199.019885][ T9151]  _copy_from_user+0x2d/0xb0
[  199.019909][ T9151]  ___sys_sendmsg+0x158/0x2a0
[  199.019934][ T9151]  ? __pfx____sys_sendmsg+0x10/0x10
[  199.019998][ T9151]  ? __might_fault+0xb0/0x130
[  199.020024][ T9151]  __sys_sendmmsg+0x227/0x430
[  199.020051][ T9151]  ? __pfx___sys_sendmmsg+0x10/0x10
[  199.020082][ T9151]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  199.020160][ T9151]  ? ksys_write+0x1f0/0x250
[  199.020179][ T9151]  ? rcu_is_watching+0x15/0xb0
[  199.020216][ T9151]  __x64_sys_sendmmsg+0xa0/0xc0
[  199.020240][ T9151]  do_syscall_64+0xf6/0x210
[  199.020268][ T9151]  ? clear_bhb_loop+0x45/0xa0
[  199.020290][ T9151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.020308][ T9151] RIP: 0033:0x7fe52c58e969
[  199.020324][ T9151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.020340][ T9151] RSP: 002b:00007fe52d4af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  199.020360][ T9151] RAX: ffffffffffffffda RBX: 00007fe52c7b5fa0 RCX: 00007fe52c58e969
[  199.020373][ T9151] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  199.020385][ T9151] RBP: 00007fe52d4af090 R08: 0000000000000000 R09: 0000000000000000
[  199.020396][ T9151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  199.020407][ T9151] R13: 0000000000000000 R14: 00007fe52c7b5fa0 R15: 00007ffc3a2337d8
[  199.020434][ T9151]  </TASK>
[  199.309207][ T9157] netlink: 24 bytes leftover after parsing attributes in process `syz.2.918'.
[  199.358359][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.917'.
[  199.368185][ T9160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.917'.
[  199.470426][ T9167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.921'.
[  199.752632][ T8946] 8021q: adding VLAN 0 to HW filter on device batadv0
[  199.865790][ T8946] veth0_vlan: entered promiscuous mode
[  199.905256][ T8946] veth1_vlan: entered promiscuous mode
[  199.944153][ T8946] veth0_macvtap: entered promiscuous mode
[  199.951524][ T9186] netlink: 16 bytes leftover after parsing attributes in process `syz.1.926'.
[  199.960435][ T8946] veth1_macvtap: entered promiscuous mode
[  199.975346][ T8946] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.982815][ T9187] netlink: 16 bytes leftover after parsing attributes in process `syz.1.926'.
[  199.996400][ T8946] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.016128][ T8946] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.025177][ T8946] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.033906][ T8946] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.042672][ T8946] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.202879][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.211407][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.249602][ T5033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.258328][ T5033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.285695][ T9197] Unsupported ieee802154 address type: 0
[  200.304785][ T5832] Bluetooth: hci3: command tx timeout
[  200.393849][ T9199] FAULT_INJECTION: forcing a failure.
[  200.393849][ T9199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.409537][ T9199] CPU: 1 UID: 0 PID: 9199 Comm: syz.3.928 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  200.409564][ T9199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  200.409576][ T9199] Call Trace:
[  200.409584][ T9199]  <TASK>
[  200.409592][ T9199]  dump_stack_lvl+0x189/0x250
[  200.409620][ T9199]  ? __lock_acquire+0xaac/0xd20
[  200.409645][ T9199]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.409667][ T9199]  ? __pfx__printk+0x10/0x10
[  200.409684][ T9199]  ? __might_fault+0xb0/0x130
[  200.409713][ T9199]  should_fail_ex+0x414/0x560
[  200.409742][ T9199]  _copy_from_user+0x2d/0xb0
[  200.409764][ T9199]  ___sys_sendmsg+0x158/0x2a0
[  200.409789][ T9199]  ? __pfx____sys_sendmsg+0x10/0x10
[  200.409852][ T9199]  ? __might_fault+0xb0/0x130
[  200.409878][ T9199]  __sys_sendmmsg+0x227/0x430
[  200.409905][ T9199]  ? __pfx___sys_sendmmsg+0x10/0x10
[  200.409935][ T9199]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  200.409978][ T9199]  ? ksys_write+0x1f0/0x250
[  200.410007][ T9199]  ? rcu_is_watching+0x15/0xb0
[  200.410044][ T9199]  __x64_sys_sendmmsg+0xa0/0xc0
[  200.410068][ T9199]  do_syscall_64+0xf6/0x210
[  200.410095][ T9199]  ? clear_bhb_loop+0x45/0xa0
[  200.410117][ T9199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.410134][ T9199] RIP: 0033:0x7f607638e969
[  200.410150][ T9199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.410163][ T9199] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  200.410180][ T9199] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  200.410191][ T9199] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  200.410202][ T9199] RBP: 00007f60772cc090 R08: 0000000000000000 R09: 0000000000000000
[  200.410212][ T9199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  200.410221][ T9199] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  200.410246][ T9199]  </TASK>
[  201.189093][   T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.922053][   T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.155393][ T9235] xt_hashlimit: size too large, truncated to 1048576
[  202.215522][ T9238] xt_hashlimit: size too large, truncated to 1048576
[  202.415902][ T9241] FAULT_INJECTION: forcing a failure.
[  202.415902][ T9241] name failslab, interval 1, probability 0, space 0, times 0
[  202.435981][ T9241] CPU: 1 UID: 0 PID: 9241 Comm: syz.1.940 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  202.436014][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  202.436027][ T9241] Call Trace:
[  202.436035][ T9241]  <TASK>
[  202.436055][ T9241]  dump_stack_lvl+0x189/0x250
[  202.436092][ T9241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.436120][ T9241]  ? __pfx__printk+0x10/0x10
[  202.436143][ T9241]  ? __pfx___might_resched+0x10/0x10
[  202.436161][ T9241]  ? fs_reclaim_acquire+0x7d/0x100
[  202.436196][ T9241]  should_fail_ex+0x414/0x560
[  202.436232][ T9241]  should_failslab+0xa8/0x100
[  202.436260][ T9241]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  202.436286][ T9241]  ? __alloc_skb+0x112/0x2d0
[  202.436311][ T9241]  __alloc_skb+0x112/0x2d0
[  202.436336][ T9241]  alloc_skb_with_frags+0xca/0x890
[  202.436375][ T9241]  sock_alloc_send_pskb+0x857/0x990
[  202.436421][ T9241]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  202.436459][ T9241]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  202.436487][ T9241]  unix_dgram_sendmsg+0x5c2/0x17c0
[  202.436524][ T9241]  ? __lock_acquire+0xaac/0xd20
[  202.436556][ T9241]  ? aa_sk_perm+0x81e/0x950
[  202.436613][ T9241]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  202.436644][ T9241]  ? aa_sock_msg_perm+0x94/0x160
[  202.436667][ T9241]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  202.436689][ T9241]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  202.436714][ T9241]  __sock_sendmsg+0x219/0x270
[  202.436748][ T9241]  ____sys_sendmsg+0x52d/0x830
[  202.436779][ T9241]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.436813][ T9241]  ? import_iovec+0x74/0xa0
[  202.436844][ T9241]  ___sys_sendmsg+0x21f/0x2a0
[  202.436871][ T9241]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.436951][ T9241]  ? __might_fault+0xb0/0x130
[  202.436982][ T9241]  __sys_sendmmsg+0x227/0x430
[  202.437012][ T9241]  ? __pfx___sys_sendmmsg+0x10/0x10
[  202.437047][ T9241]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  202.437096][ T9241]  ? ksys_write+0x1f0/0x250
[  202.437118][ T9241]  ? rcu_is_watching+0x15/0xb0
[  202.437160][ T9241]  __x64_sys_sendmmsg+0xa0/0xc0
[  202.437186][ T9241]  do_syscall_64+0xf6/0x210
[  202.437217][ T9241]  ? clear_bhb_loop+0x45/0xa0
[  202.437242][ T9241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.437262][ T9241] RIP: 0033:0x7fbd14d8e969
[  202.437281][ T9241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.437298][ T9241] RSP: 002b:00007fbd15be1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  202.437319][ T9241] RAX: ffffffffffffffda RBX: 00007fbd14fb5fa0 RCX: 00007fbd14d8e969
[  202.437334][ T9241] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  202.437347][ T9241] RBP: 00007fbd15be1090 R08: 0000000000000000 R09: 0000000000000000
[  202.437360][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  202.437372][ T9241] R13: 0000000000000000 R14: 00007fbd14fb5fa0 R15: 00007ffceb27a8e8
[  202.437403][ T9241]  </TASK>
[  202.766709][ T9247] __nla_validate_parse: 6 callbacks suppressed
[  202.766729][ T9247] netlink: 12 bytes leftover after parsing attributes in process `syz.4.941'.
[  203.040697][ T5138] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  203.050405][ T5138] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  203.059437][ T5138] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  203.069063][ T5138] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  203.082742][ T5138] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  203.113467][   T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.291752][   T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.338101][ T9269] syzkaller0: entered promiscuous mode
[  203.359341][ T9269] syzkaller0: entered allmulticast mode
[  203.474180][ T9277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.949'.
[  203.483265][ T9277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.949'.
[  203.597485][ T9250] chnl_net:caif_netlink_parms(): no params data found
[  203.704173][ T9290] FAULT_INJECTION: forcing a failure.
[  203.704173][ T9290] name failslab, interval 1, probability 0, space 0, times 0
[  203.773829][ T9290] CPU: 0 UID: 0 PID: 9290 Comm: syz.2.952 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  203.773858][ T9290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  203.773870][ T9290] Call Trace:
[  203.773878][ T9290]  <TASK>
[  203.773886][ T9290]  dump_stack_lvl+0x189/0x250
[  203.773921][ T9290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.773948][ T9290]  ? __pfx__printk+0x10/0x10
[  203.773975][ T9290]  ? __pfx___might_resched+0x10/0x10
[  203.773992][ T9290]  ? fs_reclaim_acquire+0x7d/0x100
[  203.774042][ T9290]  should_fail_ex+0x414/0x560
[  203.774078][ T9290]  should_failslab+0xa8/0x100
[  203.774105][ T9290]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  203.774131][ T9290]  ? __alloc_skb+0x112/0x2d0
[  203.774157][ T9290]  __alloc_skb+0x112/0x2d0
[  203.774181][ T9290]  alloc_skb_with_frags+0xca/0x890
[  203.774220][ T9290]  sock_alloc_send_pskb+0x857/0x990
[  203.774266][ T9290]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  203.774304][ T9290]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  203.774333][ T9290]  unix_dgram_sendmsg+0x5c2/0x17c0
[  203.774364][ T9290]  ? __lock_acquire+0xaac/0xd20
[  203.774400][ T9290]  ? aa_sk_perm+0x81e/0x950
[  203.774434][ T9290]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  203.774475][ T9290]  ? aa_sock_msg_perm+0x94/0x160
[  203.774495][ T9290]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  203.774515][ T9290]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  203.774537][ T9290]  __sock_sendmsg+0x219/0x270
[  203.774568][ T9290]  ____sys_sendmsg+0x52d/0x830
[  203.774595][ T9290]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.774626][ T9290]  ? import_iovec+0x74/0xa0
[  203.774653][ T9290]  ___sys_sendmsg+0x21f/0x2a0
[  203.774678][ T9290]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.774776][ T9290]  ? __might_fault+0xb0/0x130
[  203.774804][ T9290]  __sys_sendmmsg+0x227/0x430
[  203.774833][ T9290]  ? __pfx___sys_sendmmsg+0x10/0x10
[  203.774865][ T9290]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  203.774911][ T9290]  ? ksys_write+0x1f0/0x250
[  203.774932][ T9290]  ? rcu_is_watching+0x15/0xb0
[  203.774977][ T9290]  __x64_sys_sendmmsg+0xa0/0xc0
[  203.775021][ T9290]  do_syscall_64+0xf6/0x210
[  203.775052][ T9290]  ? clear_bhb_loop+0x45/0xa0
[  203.775078][ T9290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.775097][ T9290] RIP: 0033:0x7fe52c58e969
[  203.775114][ T9290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.775132][ T9290] RSP: 002b:00007fe52d4af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  203.775153][ T9290] RAX: ffffffffffffffda RBX: 00007fe52c7b5fa0 RCX: 00007fe52c58e969
[  203.775168][ T9290] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  203.775182][ T9290] RBP: 00007fe52d4af090 R08: 0000000000000000 R09: 0000000000000000
[  203.775194][ T9290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  203.775206][ T9290] R13: 0000000000000000 R14: 00007fe52c7b5fa0 R15: 00007ffc3a2337d8
[  203.775238][ T9290]  </TASK>
[  204.172234][   T53] bridge_slave_1: left allmulticast mode
[  204.183016][   T53] bridge_slave_1: left promiscuous mode
[  204.192650][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.209548][ T9301] netlink: 'syz.1.955': attribute type 10 has an invalid length.
[  204.231856][   T53] bridge_slave_0: left allmulticast mode
[  204.250077][   T53] bridge_slave_0: left promiscuous mode
[  204.269018][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.716113][  T974] IPVS: starting estimator thread 0...
[  204.767095][ T9306] openvswitch: netlink: IP tunnel dst address not specified
[  204.815093][ T9309] IPVS: using max 31 ests per chain, 74400 per kthread
[  204.938200][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.968053][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.979379][   T53] bond0 (unregistering): Released all slaves
[  205.052918][ T9250] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.080939][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.095726][ T9250] bridge_slave_0: entered allmulticast mode
[  205.110811][ T5138] Bluetooth: hci3: command tx timeout
[  205.119555][ T9250] bridge_slave_0: entered promiscuous mode
[  205.136915][ T9250] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.144134][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.156347][ T9250] bridge_slave_1: entered allmulticast mode
[  205.164044][ T9250] bridge_slave_1: entered promiscuous mode
[  205.284300][ T9315] sctp: [Deprecated]: syz.4.960 (pid 9315) Use of int in maxseg socket option.
[  205.284300][ T9315] Use struct sctp_assoc_value instead
[  205.312479][ T9250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.314515][ T9315] sctp: [Deprecated]: syz.4.960 (pid 9315) Use of int in maxseg socket option.
[  205.314515][ T9315] Use struct sctp_assoc_value instead
[  205.338587][ T9250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  205.552714][ T9250] team0: Port device team_slave_0 added
[  205.594736][ T9325] netlink: 32 bytes leftover after parsing attributes in process `syz.4.962'.
[  205.631516][   T53] hsr_slave_0: left promiscuous mode
[  205.644838][   T53] hsr_slave_1: left promiscuous mode
[  205.652509][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.658842][ T9329] netlink: 28 bytes leftover after parsing attributes in process `syz.2.965'.
[  205.674636][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.683883][ T9327] netlink: 'syz.1.964': attribute type 5 has an invalid length.
[  205.684548][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.700560][ T9327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.964'.
[  205.713406][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.776368][   T53] veth1_macvtap: left promiscuous mode
[  205.781965][   T53] veth0_macvtap: left promiscuous mode
[  205.804617][   T53] veth1_vlan: left promiscuous mode
[  205.810015][   T53] veth0_vlan: left promiscuous mode
[  206.550665][   T53] team0 (unregistering): Port device team_slave_1 removed
[  206.607645][   T53] team0 (unregistering): Port device team_slave_0 removed
[  207.152915][ T9250] team0: Port device team_slave_1 added
[  207.159085][ T9333] netlink: 12 bytes leftover after parsing attributes in process `syz.1.967'.
[  207.184776][ T5138] Bluetooth: hci3: command tx timeout
[  207.191266][ T9336] netlink: 'syz.1.967': attribute type 1 has an invalid length.
[  207.304036][ T9357] netlink: 17 bytes leftover after parsing attributes in process `syz.3.973'.
[  207.336313][ T9357] netlink: zone id is out of range
[  207.341481][ T9357] netlink: zone id is out of range
[  207.350980][ T9357] netlink: zone id is out of range
[  207.357183][ T9357] netlink: zone id is out of range
[  207.362320][ T9357] netlink: zone id is out of range
[  207.374551][ T9357] netlink: zone id is out of range
[  207.387563][ T9357] netlink: zone id is out of range
[  207.392851][ T9357] netlink: zone id is out of range
[  207.409563][ T9357] netlink: zone id is out of range
[  207.419519][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.426744][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.469198][ T9250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.525998][ T9250] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.533047][ T9250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.564174][ T9250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.585070][ T9370] netlink: 112 bytes leftover after parsing attributes in process `syz.4.975'.
[  207.605560][ T9369] xt_bpf: check failed: parse error
[  207.656346][ T9373] netlink: 28 bytes leftover after parsing attributes in process `syz.1.977'.
[  207.693965][ T9250] hsr_slave_0: entered promiscuous mode
[  207.705005][ T9250] hsr_slave_1: entered promiscuous mode
[  207.711368][ T9250] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  207.725384][ T9250] Cannot create hsr debugfs directory
[  207.876072][ T9378] __nla_validate_parse: 1 callbacks suppressed
[  207.876092][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.979'.
[  207.902129][ T5907] IPVS: starting estimator thread 0...
[  208.004546][ T9382] IPVS: using max 27 ests per chain, 64800 per kthread
[  208.097863][ T9384] xt_CT: No such helper "pptp"
[  208.123182][ T9381] wireguard0: entered promiscuous mode
[  208.129192][ T9381] wireguard0: entered allmulticast mode
[  208.487920][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.984'.
[  208.519004][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.984'.
[  208.616431][ T9410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.987'.
[  208.852062][ T9425] FAULT_INJECTION: forcing a failure.
[  208.852062][ T9425] name failslab, interval 1, probability 0, space 0, times 0
[  208.867206][ T9250] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  208.879441][ T9425] CPU: 0 UID: 0 PID: 9425 Comm: syz.2.992 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  208.879488][ T9425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  208.879500][ T9425] Call Trace:
[  208.879509][ T9425]  <TASK>
[  208.879517][ T9425]  dump_stack_lvl+0x189/0x250
[  208.879555][ T9425]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.879586][ T9425]  ? __pfx__printk+0x10/0x10
[  208.879609][ T9425]  ? __pfx___might_resched+0x10/0x10
[  208.879627][ T9425]  ? fs_reclaim_acquire+0x7d/0x100
[  208.879661][ T9425]  should_fail_ex+0x414/0x560
[  208.879689][ T9425]  should_failslab+0xa8/0x100
[  208.879710][ T9425]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  208.879730][ T9425]  ? __alloc_skb+0x112/0x2d0
[  208.879748][ T9425]  __alloc_skb+0x112/0x2d0
[  208.879766][ T9425]  alloc_skb_with_frags+0xca/0x890
[  208.879794][ T9425]  sock_alloc_send_pskb+0x857/0x990
[  208.879828][ T9425]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  208.879860][ T9425]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  208.879881][ T9425]  unix_dgram_sendmsg+0x5c2/0x17c0
[  208.879899][ T9425]  ? __phys_addr+0xba/0x170
[  208.879919][ T9425]  ? nmi_uaccess_okay+0x75/0xb0
[  208.879940][ T9425]  ? bpf_send_signal_common+0x434/0x540
[  208.879961][ T9425]  ? aa_sk_perm+0x81e/0x950
[  208.879987][ T9425]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  208.880010][ T9425]  ? aa_sock_msg_perm+0x94/0x160
[  208.880025][ T9425]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  208.880041][ T9425]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  208.880059][ T9425]  __sock_sendmsg+0x219/0x270
[  208.880083][ T9425]  ____sys_sendmsg+0x52d/0x830
[  208.880104][ T9425]  ? __pfx_____sys_sendmsg+0x10/0x10
[  208.880129][ T9425]  ? import_iovec+0x74/0xa0
[  208.880151][ T9425]  ___sys_sendmsg+0x21f/0x2a0
[  208.880170][ T9425]  ? __pfx____sys_sendmsg+0x10/0x10
[  208.880219][ T9425]  ? __might_fault+0xb0/0x130
[  208.880240][ T9425]  __sys_sendmmsg+0x227/0x430
[  208.880262][ T9425]  ? __pfx___sys_sendmmsg+0x10/0x10
[  208.880287][ T9425]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  208.880327][ T9425]  ? ksys_write+0x1f0/0x250
[  208.880342][ T9425]  ? rcu_is_watching+0x15/0xb0
[  208.880372][ T9425]  __x64_sys_sendmmsg+0xa0/0xc0
[  208.880391][ T9425]  do_syscall_64+0xf6/0x210
[  208.880414][ T9425]  ? clear_bhb_loop+0x45/0xa0
[  208.880431][ T9425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.880445][ T9425] RIP: 0033:0x7fe52c58e969
[  208.880459][ T9425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.880472][ T9425] RSP: 002b:00007fe52d4af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  208.880487][ T9425] RAX: ffffffffffffffda RBX: 00007fe52c7b5fa0 RCX: 00007fe52c58e969
[  208.880498][ T9425] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  208.880507][ T9425] RBP: 00007fe52d4af090 R08: 0000000000000000 R09: 0000000000000000
[  208.880516][ T9425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  208.880524][ T9425] R13: 0000000000000000 R14: 00007fe52c7b5fa0 R15: 00007ffc3a2337d8
[  208.880547][ T9425]  </TASK>
[  208.891010][ T9250] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  209.201533][ T9250] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.218579][ T9250] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.264530][ T5138] Bluetooth: hci3: command tx timeout
[  209.333005][ T9433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.997'.
[  209.427822][ T9250] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.478485][ T9250] 8021q: adding VLAN 0 to HW filter on device team0
[  209.531303][ T3462] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.538617][ T3462] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.555989][ T9446] netlink: 'syz.3.1000': attribute type 8 has an invalid length.
[  209.575969][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.583085][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.211147][ T9250] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.229294][ T9472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1008'.
[  210.272413][ T9472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1008'.
[  210.299735][ T9474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1009'.
[  210.322423][ T9250] veth0_vlan: entered promiscuous mode
[  210.363235][ T9250] veth1_vlan: entered promiscuous mode
[  210.445332][ T9250] veth0_macvtap: entered promiscuous mode
[  210.477262][ T9250] veth1_macvtap: entered promiscuous mode
[  210.521832][ T9250] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.537835][ T9250] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.579483][ T9250] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.588847][ T9250] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.612354][ T9250] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.628375][ T9250] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.680492][ T9481] IPVS: length: 78 != 8
[  210.828741][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.859467][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.931181][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.941689][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.302423][ T9510] gretap1: entered promiscuous mode
[  211.312329][ T9510] gretap1: entered allmulticast mode
[  211.404074][ T9516] xt_connbytes: Forcing CT accounting to be enabled
[  211.411209][ T9516] set match dimension is over the limit!
[  211.424050][ T9516] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1023'.
[  211.666975][ T5828] Bluetooth: hci2: command 0x0406 tx timeout
[  211.666989][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  211.849487][ T9536] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1028'.
[  211.859989][ T9536] sctp: [Deprecated]: syz.3.1028 (pid 9536) Use of int in max_burst socket option.
[  211.859989][ T9536] Use struct sctp_assoc_value instead
[  212.306141][   T66] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.299332][ T9560] __nla_validate_parse: 1 callbacks suppressed
[  213.299350][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1033'.
[  213.512080][   T66] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.716102][   T66] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.786188][ T9569] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1037'.
[  213.818039][ T9574] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  213.866221][ T9569] gretap0: entered promiscuous mode
[  213.868587][ T5138] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  213.880153][ T5138] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  213.894073][ T5138] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  213.902186][ T5138] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  213.911520][ T5138] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  214.001643][   T66] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.220524][   T66] bridge_slave_1: left allmulticast mode
[  214.226923][   T66] bridge_slave_1: left promiscuous mode
[  214.232752][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.252711][   T66] bridge_slave_0: left allmulticast mode
[  214.260390][   T66] bridge_slave_0: left promiscuous mode
[  214.268089][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.291382][ T9601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1043'.
[  214.778566][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.792784][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.809432][   T66] bond0 (unregistering): Released all slaves
[  214.858358][ T9619] nbd: must specify at least one socket
[  215.082047][ T9625] raw_sendmsg: syz.2.1051 forgot to set AF_INET. Fix it!
[  215.231552][ T9629] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1053'.
[  215.397432][ T9637] gretap1: entered promiscuous mode
[  215.440168][ T9580] chnl_net:caif_netlink_parms(): no params data found
[  215.627157][   T66] hsr_slave_0: left promiscuous mode
[  215.653965][   T66] hsr_slave_1: left promiscuous mode
[  215.675571][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  215.700841][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  215.716506][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  215.735652][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.803818][   T66] veth1_macvtap: left promiscuous mode
[  215.813840][   T66] veth0_macvtap: left promiscuous mode
[  215.820263][   T66] veth1_vlan: left promiscuous mode
[  215.828905][   T66] veth0_vlan: left promiscuous mode
[  215.994821][ T5138] Bluetooth: hci3: command tx timeout
[  216.429270][ T9677] netlink: 'syz.4.1060': attribute type 10 has an invalid length.
[  216.440601][   T66] team0 (unregistering): Port device team_slave_1 removed
[  216.481547][   T66] team0 (unregistering): Port device team_slave_0 removed
[  216.861561][ T9655] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  216.963309][ T9658] syzkaller0: entered promiscuous mode
[  216.970635][ T9658] tipc: Resetting bearer <eth:syzkaller0>
[  217.050212][ T5033] tipc: Resetting bearer <eth:syzkaller0>
[  217.058520][ T9645] tipc: Resetting bearer <eth:syzkaller0>
[  218.067037][ T5138] Bluetooth: hci3: command tx timeout
[  218.177918][ T9645] tipc: Disabling bearer <eth:syzkaller0>
[  218.188112][ T9677] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  218.199089][ T9677] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  218.211763][ T9677] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  218.370908][ T9699] netlink: 'syz.4.1065': attribute type 10 has an invalid length.
[  218.413154][ T9580] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.414061][ T9699] netlink: 'syz.4.1065': attribute type 10 has an invalid length.
[  218.428668][ T9580] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.445501][ T9580] bridge_slave_0: entered allmulticast mode
[  218.447609][ T9699] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1065'.
[  218.479820][ T9700] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1064'.
[  218.480549][ T9580] bridge_slave_0: entered promiscuous mode
[  218.490140][ T9705] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1066'.
[  218.532115][ T9580] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.539883][ T9580] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.555957][ T9580] bridge_slave_1: entered allmulticast mode
[  218.563220][ T9580] bridge_slave_1: entered promiscuous mode
[  218.652781][ T9580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.692052][ T9580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.723253][ T9709] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1069'.
[  218.761539][   T30] audit: type=1107 audit(1746059383.067:2): pid=9708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1'
[  218.774177][ T9709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1069'.
[  218.805336][ T9715] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1070'.
[  218.828421][ T9716] net_ratelimit: 77 callbacks suppressed
[  218.828438][ T9716] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  218.920844][ T9715] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1070'.
[  218.972127][ T9580] team0: Port device team_slave_0 added
[  218.981918][ T9580] team0: Port device team_slave_1 added
[  219.039941][ T9721] netlink: 'syz.3.1072': attribute type 10 has an invalid length.
[  219.059955][ T9721] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1072'.
[  219.075391][ T9580] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.088655][ T9580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.114232][ T9726] netlink: 'syz.3.1072': attribute type 10 has an invalid length.
[  219.128240][ T9580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.140049][ T9721] batadv0: entered promiscuous mode
[  219.149813][ T9721] batadv0: entered allmulticast mode
[  219.157249][ T9721] 8021q: adding VLAN 0 to HW filter on device batadv0
[  219.166136][ T9721] bridge0: port 4(batadv0) entered blocking state
[  219.173196][ T9721] bridge0: port 4(batadv0) entered disabled state
[  219.191072][ T9726] bridge0: port 4(batadv0) entered blocking state
[  219.197825][ T9726] bridge0: port 4(batadv0) entered forwarding state
[  219.212382][ T9726] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  219.228743][ T9580] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.237555][ T9580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.266380][   T53] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  219.275731][   T53] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  219.285107][ T9580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.287309][ T9733] Bluetooth: MGMT ver 1.23
[  219.330396][ T9732] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  219.468689][ T9580] hsr_slave_0: entered promiscuous mode
[  219.478777][ T9580] hsr_slave_1: entered promiscuous mode
[  219.486366][ T9580] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  219.494231][ T9580] Cannot create hsr debugfs directory
[  219.649406][ T9746] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1081'.
[  220.144922][ T5138] Bluetooth: hci3: command tx timeout
[  220.162799][ T9768] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1087'.
[  220.180182][ T9770] unsupported nlmsg_type 40
[  220.502450][ T9580] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  220.520614][ T9580] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  220.540447][ T9580] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  220.596093][ T9580] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  220.750038][ T9580] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.819641][ T9580] 8021q: adding VLAN 0 to HW filter on device team0
[  220.851985][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.859238][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.875892][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.883247][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.473869][ T9580] 8021q: adding VLAN 0 to HW filter on device batadv0
[  221.843724][ T9580] veth0_vlan: entered promiscuous mode
[  221.925185][ T9832] netlink: 'syz.1.1104': attribute type 1 has an invalid length.
[  222.224797][ T5138] Bluetooth: hci3: command tx timeout
[  222.358317][ T9580] veth1_vlan: entered promiscuous mode
[  222.722560][ T9580] veth0_macvtap: entered promiscuous mode
[  222.757728][ T9580] veth1_macvtap: entered promiscuous mode
[  222.856699][ T9580] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.893954][ T9580] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.922913][ T9580] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.948495][ T9580] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.961632][ T9580] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.971891][ T9580] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.990488][ T9857] netlink: 'syz.1.1113': attribute type 2 has an invalid length.
[  223.157954][ T9864] netlink: 'syz.3.1114': attribute type 10 has an invalid length.
[  223.194376][ T9864] team0: Device veth0_vlan failed to register rx_handler
[  223.273734][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.292167][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.407584][ T9869] netlink: 'syz.2.1118': attribute type 1 has an invalid length.
[  223.419967][ T9875] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878)
[  223.436052][ T9875] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[  223.463409][ T5033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.480154][ T5033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.507831][ T9869] __nla_validate_parse: 16 callbacks suppressed
[  223.507849][ T9869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1118'.
[  223.955403][ T9909] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1131'.
[  223.978933][ T9911] xt_bpf: check failed: parse error
[  223.996876][ T9913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1130'.
[  224.149697][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1134'.
[  224.443360][   T66] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.662441][   T66] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.801395][   T66] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.862416][   T66] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.941979][   T66] bridge_slave_1: left allmulticast mode
[  224.951079][   T66] bridge_slave_1: left promiscuous mode
[  224.956992][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.966951][   T66] bridge_slave_0: left allmulticast mode
[  224.972620][   T66] bridge_slave_0: left promiscuous mode
[  224.979064][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.236565][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  225.247352][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  225.258031][   T66] bond0 (unregistering): Released all slaves
[  225.583090][   T66] hsr_slave_0: left promiscuous mode
[  225.605053][ T9943] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1136'.
[  225.628139][   T66] hsr_slave_1: left promiscuous mode
[  225.641768][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  225.654023][ T9946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1139'.
[  225.671169][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[  225.680016][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  225.687681][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[  225.717846][   T66] veth1_macvtap: left promiscuous mode
[  225.729897][   T66] veth0_macvtap: left promiscuous mode
[  225.736637][   T66] veth1_vlan: left promiscuous mode
[  225.741994][   T66] veth0_vlan: left promiscuous mode
[  225.815270][ T9957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1139'.
[  225.922840][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  225.934304][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  225.943954][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  225.957245][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  225.965242][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  226.283677][   T66] team0 (unregistering): Port device team_slave_1 removed
[  226.320458][   T66] team0 (unregistering): Port device team_slave_0 removed
[  226.678945][ T9943] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  226.723071][ T9946] 8021q: adding VLAN 0 to HW filter on device bond5
[  226.879101][ T9970] netlink: 'syz.4.1143': attribute type 10 has an invalid length.
[  226.980317][ T9957] bond5 (unregistering): Released all slaves
[  227.022789][ T9967] syzkaller1: entered promiscuous mode
[  227.037952][ T9967] syzkaller1: entered allmulticast mode
[  227.470362][ T9958] chnl_net:caif_netlink_parms(): no params data found
[  227.698145][T10016] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1150'.
[  227.727283][T10016] Bluetooth: MGMT ver 1.23
[  227.751765][T10014] netlink: 'syz.3.1152': attribute type 7 has an invalid length.
[  227.825559][T10014] : entered promiscuous mode
[  227.841083][ T9958] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.849210][ T9958] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.857808][ T9958] bridge_slave_0: entered allmulticast mode
[  227.879005][ T9958] bridge_slave_0: entered promiscuous mode
[  227.906096][ T9958] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.915997][ T9958] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.923277][ T9958] bridge_slave_1: entered allmulticast mode
[  227.939373][ T9958] bridge_slave_1: entered promiscuous mode
[  227.984954][ T5138] Bluetooth: hci3: command tx timeout
[  228.000557][T10030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1156'.
[  228.017463][ T9958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  228.028058][T10030] 8021q: VLANs not supported on ip6_vti0
[  228.040191][ T9958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  228.103271][ T9958] team0: Port device team_slave_0 added
[  228.111000][T10033] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  228.129762][ T9958] team0: Port device team_slave_1 added
[  228.263096][ T9958] batman_adv: batadv0: Adding interface: batadv_slave_0
[  228.275871][ T9958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.306255][ T9958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  228.321350][ T9958] batman_adv: batadv0: Adding interface: batadv_slave_1
[  228.330803][ T9958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.361669][ T9958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.450019][ T9958] hsr_slave_0: entered promiscuous mode
[  228.464227][ T9958] hsr_slave_1: entered promiscuous mode
[  228.474046][ T9958] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  228.474086][T10042] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1160'.
[  228.481820][ T9958] Cannot create hsr debugfs directory
[  228.525910][T10043] netlink: 'syz.4.1160': attribute type 20 has an invalid length.
[  228.911176][T10062] netlink: 732 bytes leftover after parsing attributes in process `syz.1.1167'.
[  228.922523][T10062] netlink: 732 bytes leftover after parsing attributes in process `syz.1.1167'.
[  228.959867][T10060] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1166'.
[  228.991220][T10066] netlink: 'syz.3.1165': attribute type 10 has an invalid length.
[  229.179934][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1171'.
[  229.197393][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1171'.
[  229.210404][T10081] netlink: 59 bytes leftover after parsing attributes in process `syz.2.1171'.
[  229.229722][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1171'.
[  229.239663][T10081] netlink: 59 bytes leftover after parsing attributes in process `syz.2.1171'.
[  229.240784][T10084] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1172'.
[  229.336466][T10084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1172'.
[  229.402135][ T9958] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  229.427865][ T9958] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  229.445276][ T9958] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  229.479166][ T9958] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  229.626568][ T9958] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.650565][ T9958] 8021q: adding VLAN 0 to HW filter on device team0
[  229.679876][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.687078][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.695766][T10104] netlink: 'syz.1.1178': attribute type 5 has an invalid length.
[  229.749394][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.756673][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.772887][T10104] tipc: Started in network mode
[  229.788445][T10104] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  229.811553][T10104] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  230.068361][ T5138] Bluetooth: hci3: command tx timeout
[  230.223106][ T9958] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.321474][ T9958] veth0_vlan: entered promiscuous mode
[  230.375142][ T9958] veth1_vlan: entered promiscuous mode
[  230.452363][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.469392][ T9958] veth0_macvtap: entered promiscuous mode
[  230.470778][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.496914][ T9958] veth1_macvtap: entered promiscuous mode
[  230.523753][ T9958] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.536531][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.567641][ T9958] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.582784][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.599458][ T9958] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.617338][ T9958] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.627354][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.634502][ T9958] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.638911][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.643818][ T9958] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  230.688884][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.726223][T10149] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  230.825922][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.833788][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.960975][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.979056][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.551421][T10198] tun0: tun_chr_ioctl cmd 2147767520
[  231.623212][T10204] xt_socket: unknown flags 0x8
[  232.106054][T10230] netlink: 'syz.2.1211': attribute type 1 has an invalid length.
[  232.245284][ T5033] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.230595][ T5033] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.358737][T10241] netlink: 'syz.3.1215': attribute type 32 has an invalid length.
[  233.783119][ T5033] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.992304][T10267] __nla_validate_parse: 7 callbacks suppressed
[  233.992325][T10267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1224'.
[  234.012429][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1224'.
[  234.023878][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  234.032606][ T5033] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.044616][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  234.061005][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  234.070467][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  234.079279][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  234.377808][ T5033] bridge_slave_1: left allmulticast mode
[  234.383624][ T5033] bridge_slave_1: left promiscuous mode
[  234.390195][ T5033] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.400984][ T5033] bridge_slave_0: left allmulticast mode
[  234.407100][ T5033] bridge_slave_0: left promiscuous mode
[  234.413066][ T5033] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.729337][T10294] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1230'.
[  234.798895][ T5033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.810784][ T5033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.821619][ T5033] bond0 (unregistering): Released all slaves
[  235.042577][T10268] chnl_net:caif_netlink_parms(): no params data found
[  235.336782][ T5033] hsr_slave_0: left promiscuous mode
[  235.350558][ T5033] hsr_slave_1: left promiscuous mode
[  235.362229][ T5033] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  235.399838][ T5033] batman_adv: batadv0: Removing interface: batadv_slave_0
[  235.430598][ T5033] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  235.443636][ T5033] batman_adv: batadv0: Removing interface: batadv_slave_1
[  235.531496][ T5033] veth1_macvtap: left promiscuous mode
[  235.541139][ T5033] veth0_macvtap: left promiscuous mode
[  235.547959][ T5033] veth1_vlan: left promiscuous mode
[  235.553432][ T5033] veth0_vlan: left promiscuous mode
[  235.989962][ T5033] team0 (unregistering): Port device team_slave_1 removed
[  236.028839][ T5033] team0 (unregistering): Port device team_slave_0 removed
[  236.151535][ T5138] Bluetooth: hci3: command tx timeout
[  236.472852][T10268] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.480333][T10268] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.487694][T10268] bridge_slave_0: entered allmulticast mode
[  236.499467][T10268] bridge_slave_0: entered promiscuous mode
[  236.536475][T10268] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.568339][T10268] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.575876][T10268] bridge_slave_1: entered allmulticast mode
[  236.583481][T10268] bridge_slave_1: entered promiscuous mode
[  236.673819][T10268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.762613][T10268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.941413][T10268] team0: Port device team_slave_0 added
[  236.965018][T10268] team0: Port device team_slave_1 added
[  236.974748][T10342] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1241'.
[  237.027228][T10341] ------------[ cut here ]------------
[  237.032988][T10341] UBSAN: array-index-out-of-bounds in net/ipv6/route.c:1095:9
[  237.040564][T10341] index 199 is out of range for type 'const int[12]'
[  237.047305][T10341] CPU: 1 UID: 0 PID: 10341 Comm: syz.3.1242 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  237.047336][T10341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  237.047350][T10341] Call Trace:
[  237.047359][T10341]  <TASK>
[  237.047368][T10341]  dump_stack_lvl+0x189/0x250
[  237.047410][T10341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.047441][T10341]  ? __pfx__printk+0x10/0x10
[  237.047459][T10341]  ? ip6_datagram_dst_update+0x758/0xcb0
[  237.047485][T10341]  ? __x64_sys_connect+0x7a/0x90
[  237.047505][T10341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.047536][T10341]  ubsan_epilogue+0xa/0x40
[  237.047557][T10341]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  237.047590][T10341]  ip6_rt_copy_init+0x8e7/0x970
[  237.047625][T10341]  ip6_pol_route+0xbac/0x1180
[  237.047644][T10341]  ? ip6_pol_route+0x162/0x1180
[  237.047668][T10341]  ? __pfx_ip6_pol_route+0x10/0x10
[  237.047688][T10341]  ? ipv6_addr_label+0x1ae/0x1e0
[  237.047718][T10341]  ? ipv6_get_saddr_eval+0xb85/0xee0
[  237.047764][T10341]  fib6_rule_lookup+0x348/0x6f0
[  237.047784][T10341]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  237.047814][T10341]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  237.047839][T10341]  ? ip6_route_output_flags+0x2e/0x5d0
[  237.047858][T10341]  ? __pfx_rcuref_put+0x10/0x10
[  237.047893][T10341]  ip6_route_output_flags+0x364/0x5d0
[  237.047912][T10341]  ? ip6_route_output_flags+0x2e/0x5d0
[  237.047933][T10341]  ip6_dst_lookup_tail+0x299/0x1510
[  237.047958][T10341]  ? ip6_dst_lookup_tail+0x211/0x1510
[  237.047986][T10341]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  237.048005][T10341]  ? __lock_acquire+0xaac/0xd20
[  237.048049][T10341]  ? ip6_datagram_dst_update+0x50d/0xcb0
[  237.048070][T10341]  ip6_dst_lookup_flow+0x47/0xe0
[  237.048096][T10341]  ip6_datagram_dst_update+0x758/0xcb0
[  237.048125][T10341]  ? __pfx_ip6_datagram_dst_update+0x10/0x10
[  237.048147][T10341]  ? look_up_lock_class+0x74/0x170
[  237.048186][T10341]  ? __ip6_datagram_connect+0xb92/0x1150
[  237.048236][T10341]  __ip6_datagram_connect+0xbd1/0x1150
[  237.048271][T10341]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  237.048292][T10341]  ? __local_bh_enable_ip+0x12d/0x1c0
[  237.048325][T10341]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  237.048368][T10341]  ip6_datagram_connect_v6_only+0x63/0xa0
[  237.048394][T10341]  __sys_connect+0x313/0x440
[  237.048418][T10341]  ? __pfx___sys_connect+0x10/0x10
[  237.048463][T10341]  __x64_sys_connect+0x7a/0x90
[  237.048486][T10341]  do_syscall_64+0xf6/0x210
[  237.048515][T10341]  ? clear_bhb_loop+0x45/0xa0
[  237.048540][T10341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.048559][T10341] RIP: 0033:0x7f607638e969
[  237.048579][T10341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.048596][T10341] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  237.048619][T10341] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  237.048634][T10341] RDX: 000000000000001c RSI: 00002000000000c0 RDI: 0000000000000004
[  237.048646][T10341] RBP: 00007f6076410ab1 R08: 0000000000000000 R09: 0000000000000000
[  237.048659][T10341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  237.048671][T10341] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  237.048704][T10341]  </TASK>
[  237.048712][T10341] ---[ end trace ]---
[  237.377310][T10341] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  237.384518][T10341] CPU: 1 UID: 0 PID: 10341 Comm: syz.3.1242 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) 
[  237.396650][T10341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  237.406753][T10341] Call Trace:
[  237.410066][T10341]  <TASK>
[  237.413027][T10341]  dump_stack_lvl+0x99/0x250
[  237.417666][T10341]  ? __asan_memcpy+0x40/0x70
[  237.422294][T10341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.427554][T10341]  ? __pfx__printk+0x10/0x10
[  237.432206][T10341]  panic+0x2db/0x790
[  237.436160][T10341]  ? __pfx_panic+0x10/0x10
[  237.440614][T10341]  ? _printk+0xcf/0x120
[  237.444808][T10341]  ? __pfx__printk+0x10/0x10
[  237.449432][T10341]  ? ip6_datagram_dst_update+0x758/0xcb0
[  237.455099][T10341]  ? __x64_sys_connect+0x7a/0x90
[  237.460069][T10341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.466174][T10341]  check_panic_on_warn+0x89/0xb0
[  237.471163][T10341]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  237.476952][T10341]  ip6_rt_copy_init+0x8e7/0x970
[  237.481854][T10341]  ip6_pol_route+0xbac/0x1180
[  237.486568][T10341]  ? ip6_pol_route+0x162/0x1180
[  237.491458][T10341]  ? __pfx_ip6_pol_route+0x10/0x10
[  237.496620][T10341]  ? ipv6_addr_label+0x1ae/0x1e0
[  237.501592][T10341]  ? ipv6_get_saddr_eval+0xb85/0xee0
[  237.506901][T10341]  fib6_rule_lookup+0x348/0x6f0
[  237.511804][T10341]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  237.517537][T10341]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  237.522939][T10341]  ? ip6_route_output_flags+0x2e/0x5d0
[  237.528409][T10341]  ? __pfx_rcuref_put+0x10/0x10
[  237.533280][T10341]  ip6_route_output_flags+0x364/0x5d0
[  237.538662][T10341]  ? ip6_route_output_flags+0x2e/0x5d0
[  237.544139][T10341]  ip6_dst_lookup_tail+0x299/0x1510
[  237.549353][T10341]  ? ip6_dst_lookup_tail+0x211/0x1510
[  237.554747][T10341]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  237.560384][T10341]  ? __lock_acquire+0xaac/0xd20
[  237.565258][T10341]  ? ip6_datagram_dst_update+0x50d/0xcb0
[  237.570902][T10341]  ip6_dst_lookup_flow+0x47/0xe0
[  237.575853][T10341]  ip6_datagram_dst_update+0x758/0xcb0
[  237.581323][T10341]  ? __pfx_ip6_datagram_dst_update+0x10/0x10
[  237.587311][T10341]  ? look_up_lock_class+0x74/0x170
[  237.592443][T10341]  ? __ip6_datagram_connect+0xb92/0x1150
[  237.598089][T10341]  __ip6_datagram_connect+0xbd1/0x1150
[  237.603558][T10341]  ? __pfx___ip6_datagram_connect+0x10/0x10
[  237.609451][T10341]  ? __local_bh_enable_ip+0x12d/0x1c0
[  237.614836][T10341]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  237.620571][T10341]  ip6_datagram_connect_v6_only+0x63/0xa0
[  237.626294][T10341]  __sys_connect+0x313/0x440
[  237.630889][T10341]  ? __pfx___sys_connect+0x10/0x10
[  237.636026][T10341]  __x64_sys_connect+0x7a/0x90
[  237.640797][T10341]  do_syscall_64+0xf6/0x210
[  237.645317][T10341]  ? clear_bhb_loop+0x45/0xa0
[  237.650003][T10341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.655916][T10341] RIP: 0033:0x7f607638e969
[  237.660331][T10341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.679950][T10341] RSP: 002b:00007f60772cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  237.688378][T10341] RAX: ffffffffffffffda RBX: 00007f60765b5fa0 RCX: 00007f607638e969
[  237.696361][T10341] RDX: 000000000000001c RSI: 00002000000000c0 RDI: 0000000000000004
[  237.704338][T10341] RBP: 00007f6076410ab1 R08: 0000000000000000 R09: 0000000000000000
[  237.712318][T10341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  237.720296][T10341] R13: 0000000000000000 R14: 00007f60765b5fa0 R15: 00007ffd974f6c78
[  237.728289][T10341]  </TASK>
[  237.731611][T10341] Kernel Offset: disabled
[  237.735994][T10341] Rebooting in 86400 seconds..