last executing test programs:

1m19.08625909s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

1m11.13618547s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

53.730040487s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

40.099714439s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

27.130550907s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

11.992443204s ago: executing program 0 (id=589):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0)

2.223266108s ago: executing program 2 (id=1608):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000e304000900000000873e44af3062cb31ed2617bf31000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e640000000014000280050001000000000005001d0000000000"], 0x44}}, 0x0) (rerun: 32)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=<r3=>0xffffffffffffffff, @ANYBLOB="010000000000000000004400000010000300", @ANYBLOB="08002600851600000a00180000"], 0x4c}}, 0x0) (async, rerun: 64)
r4 = socket(0x10, 0x3, 0x0) (rerun: 64)
write(r4, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc0003000500000014000027000089fee1434f1e596534d07302ade0bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201800015b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb00d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a8700"/252, 0xfc)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYRES32=r0, @ANYRESHEX=r4, @ANYBLOB="080003007f000001080006", @ANYRES16=r3], 0x30}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x4e}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit={0x95, 0x0, 0x48}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0xc, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x7, &(0x7f0000000040)=ANY=[@ANYRESHEX=r3, @ANYBLOB="000000000900000018", @ANYRES32=r5, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) (async)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) (async)
socket$inet6_sctp(0xa, 0x0, 0x84) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async)
syz_emit_ethernet(0x0, 0x0, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) (async)
r6 = socket$inet_tcp(0x2, 0x1, 0x0) (async, rerun: 64)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async, rerun: 64)
r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r8, 0x0, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000340)={'veth1_to_bond\x00', &(0x7f0000000040)=@ethtool_per_queue_op={0x4b, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x5]}}) (async, rerun: 64)
getsockopt$sock_buf(r6, 0x1, 0x1a, 0x0, &(0x7f0000000080)) (async, rerun: 64)
recvmmsg(r6, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) (async)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000840)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f00000000c0)='7', 0x1)

1.883644767s ago: executing program 2 (id=1611):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8041)
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'pimreg\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=r3, @ANYBLOB="0000000000800200380012800b0001006272696467650000280002800c002300fbffffffffffffff05002400000000010500240001000000060027"], 0x58}}, 0x0)
pipe(&(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f00000002c0))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x80, 0x0, r4, 0x41}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
pipe(&(0x7f00000001c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800900e4b90100626f6e64000000000c00028008001400020059475d2c4a1fbe61f3ddcfd95d113e5925b8763c802c07213c7d9ee2d148"], 0x3c}}, 0x0)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
close(r10)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r11, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0xe)
shutdown(r11, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r11, 0x84, 0x6f, &(0x7f0000000000)={<r12=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r11, 0x84, 0x1a, &(0x7f0000000080)={r12}, &(0x7f00000000c0)=0x18)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r9, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r8, 0x0, r10, 0x0, 0x4ffe2, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000480)={@remote, @private, <r13=>0x0}, &(0x7f00000004c0)=0xc)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'syztnl0\x00', &(0x7f0000000540)={'syztnl1\x00', <r14=>0x0, 0x8780, 0x40, 0x4, 0x9, {{0x10, 0x4, 0x2, 0x2, 0x40, 0x66, 0x0, 0xf8, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4}, @noop, @lsrr={0x83, 0x17, 0x83, [@loopback, @rand_addr=0x64010101, @local, @broadcast, @multicast1]}, @lsrr={0x83, 0xf, 0xa5, [@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e8000000b1285e6d6421bfaa8e1e1c20c149bd0dfae413ec4009f483776f1f0ea59a15ac34baee7fc9bc33fcd5ad895151cdf9a6d9c96bf9f02596b44fae28e5ba7edde8c5c3aac8ea3c054d1cc1b0c7d977f389ca99ffbc56e0d07572af215b011601fbf0d549c0438ad4ad269f583973930500000000000000909e697bd3d4b7574f9f3284aca6b95fc101b7280b34fb62538fd104da078b621ea6cbf4f88dce0979ecda97ad1965a6701de10a5e3d1405a1b98692a17ff638dc0ba8ddb75bfbf600"/206, @ANYRES16=r7, @ANYRES32, @ANYBLOB="d4619600e828f3e39aeb4e33d7474c2fd36c5bfbbb8ce4cedc214b5b0a2157f7f7775df9a70fdab0c4b3bb1c899300bb222db6d9bd3a0ec1adca70c3692cf02c6e8e5a954903d725bb28dfe9768f0432d06f2cbedf9275e27c7579e5957672de30e43a0884f9293ba13977128e86074de5e5a1545ca7a6529e7279bebae32fb4e38c", @ANYBLOB="290f5ca6757b0853077a0e3c44bc4d8c960b79725c22e3fd56ea7d0046ca6c0720af2ae24e87f3e1ad30849fbd018e7cc3d2ec72b0cde4c0700ba76b307768515f468d6d041a802bed086debb03e5a78f5b31d6b0bc1070211af97d1e3432a9d4391543d162a9197d2d02e41350286bad66daeb5398f54886f87ff6eaced", @ANYRES8=r1, @ANYRES32=r13, @ANYBLOB="14000200776c616e3100000000000000000000001800018014100200766c616e3000000000000000000000004c00018008000100", @ANYRES32=r14, @ANYBLOB="080003000300000008000300040000001400020073797a6b616c6c6572310000000000001400020076657468305f746f"], 0xe8}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000)
socket(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @loopback={0x0, 0xffff8881a56043d8}}})
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x10, 0x1ff, 0x9, 0xa200, 0x402, r6, 0x9, '\x00', r14, r5, 0x2, 0x3, 0x2}, 0x48)

951.676681ms ago: executing program 1 (id=1628):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x2}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0xa, 0x0, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x1d, 0x2, 0x6)
accept$alg(r3, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r4=>0x0})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
bind$can_j1939(r1, &(0x7f00000001c0)={0x1d, r4, 0x1, {0x0, 0x0, 0x5}, 0xff}, 0x18)
sendmsg$nl_route(r2, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x2872}}, 0x20}}, 0x0)

950.964619ms ago: executing program 2 (id=1629):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}}, 0x40030000000000)

875.686239ms ago: executing program 2 (id=1631):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000280), 0x4) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) (async)
connect$inet(0xffffffffffffffff, 0x0, 0x0) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000080)=[@window, @mss, @window, @window], 0x4) (async)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async)
recvmsg$can_bcm(r3, &(0x7f00000000c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000140)=""/226, 0xe2}, {&(0x7f0000000240)=""/232, 0xe8}, {&(0x7f0000000080)}, {&(0x7f0000000340)=""/77, 0x4d}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000480)=""/196, 0xc4}], 0x6, &(0x7f0000000600)=""/216, 0xd8}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000000000000000000000000007e30071dd656febd8ea01d573bfe0e323c44a76215fa25dfc0202c564c8f8fd6191b16728a8b0bee4", @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100767469000c0002800800040000000000"], 0x38}}, 0x0)

760.294659ms ago: executing program 3 (id=1632):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ac141400000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000000000200ff010000000000000000050000000001ffffffff"], 0xec}}, 0x0)

709.110733ms ago: executing program 2 (id=1633):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0x3)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000001c0)=0x2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, 0x0}, 0x90)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
socketpair$tipc(0x1e, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
r7 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0)
sendfile(r7, r7, 0x0, 0x5)
close(r1)

694.981937ms ago: executing program 4 (id=1634):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0xfecc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100030000002c000480050003000100000005000300000000000500030000000000050003000100000005000300800000000800020002000000f145233435132df9f07f7b2a5e38e228d941a338560aed935a6d"], 0x50}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0}, 0x20)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:4\tm\n'], 0xa)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000206050000000000000000000000000014000780080011400000000005eb1400040000000500010007000000050005000a000000050004000000000009000200797a31000000697000"/88], 0x58}}, 0x0)

620.323216ms ago: executing program 3 (id=1635):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d003f8864f0671200000003000000000000", 0x14}, {&(0x7f0000000200)="c6", 0x1}], 0x2)

620.012288ms ago: executing program 1 (id=1636):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
unshare(0x400)
close(r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba"], 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0)

550.513611ms ago: executing program 1 (id=1637):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
setsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000000), 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000440)={'vxcan0\x00', <r2=>0x0})
sendmsg$can_raw(r1, &(0x7f00000004c0)={&(0x7f00000000c0)={0x1d, r2, 0x3}, 0x10, &(0x7f0000000080)={&(0x7f0000000300)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "621105b0ae0282d478b6b01305946c17afcea96765fbac1cd8aabe5bd5522a79da5a1d57b5fc63998d476ac32a7e3327e8817a9a8a32956867b2ab6e543ac6e5"}, 0x48}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x0, 0x11, 0x148, 0x100, 0x0, 0x200, 0x2a8, 0x2a8, 0x200, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4, [], 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, 0x0, 0x200}}}, {{@ip={@empty, @local, 0x0, 0x0, 'gretap0\x00', 'pimreg1\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8)

532.091608ms ago: executing program 4 (id=1638):
r0 = socket$kcm(0x10, 0x7, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xf2, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x4, 0x4, 0x98, 0x0, 0x1}, 0x48)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="44010000", @ANYRES16=0x0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="1800f08005000700000000000500010000000000040004003800f080040009000500070000000000050006000000000005000100000000000500030000000000050001000000000005000600000000000c00f0800500070000000000b400f0809d000b0088606d1673e0ac341cf4abcd43d54e23e52bff8d42f61e8bf09c28fd6529c36b8dfaee70c3e684e95496e2256825298b0dfb6dcb9f9f432011af8136a6c7386130b75bf3dcef34c2623568a93e7fa43da4198636f6d5cb474ec4a6f50beedcecd1ee7e2bf78411a4e6392c85c96fcd7609b5e73b0eb463703dd200185a116c5b0b14fa9234de8d353e0ddc50193e60ffdf648d9d5a742c9a7a000000050006000000000008000a00000000001800f08004000b0005000100000000000500070000000000"], 0x144}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x7, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218100000", @ANYRES32=r1, @ANYBLOB="000000000000000018100000", @ANYRES32=r2, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$inet(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000940)="5c00000014006b030231a40802000f00e5aa000017d34060bc24eab556bd05251e6182949a2756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700e6657594f1817d9c2e8c62f943400d4febd48815", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

419.739962ms ago: executing program 4 (id=1639):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private1, 0x7fd, 0x0, 0x0, 0x9, 0xf3}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) (async)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="dcfa60e72bd7fe701f522baf1520b9180000010000000d000000000000000071"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="dcfa60e72bd7fe701f522baf1520b9180000010000000d000000000000000071"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000000c0), &(0x7f0000000240)=r2}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000000c0), &(0x7f0000000240)=r2}, 0x20)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000002c0)={0xffffffffffffffff, 0x6, 0x0, 0x1})
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) (async)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="110800b87605730000002000000034930500000000000000000400002393cabaebff00000049"], 0x8c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x14, 0x0, 0x0, 0x0, {0x2}}, 0x24}}, 0x0)
socket$inet6(0xa, 0x2, 0x0) (async)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) (async)
setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4) (async)
setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r5 = socket(0x10, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @initdev={0xac, 0x1e, 0x0, 0x0}}, "341517c1b7df60c7"}}}}}, 0x0)
bind$unix(r6, &(0x7f0000000340)=@file={0x1, './cgroup.cpu/cgroup.procs/file0\x00'}, 0x2)
write(r5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x90, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xa}}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @TCA_RATE={0x6}]}, 0x90}}, 0x0)
socket(0x10, 0x803, 0x0)

419.016885ms ago: executing program 1 (id=1640):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = epoll_create1(0x0)
epoll_pwait(r1, &(0x7f0000000200)=[{}], 0x1, 0x6e, &(0x7f00000001c0)={[0x400000000000009]}, 0x8)
close(r1)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1, 0x4, 0x8, 0xc}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x0, 0x4, 0x4, 0x12}, 0x48)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, &(0x7f0000000500)=""/82, &(0x7f0000000580)=0x52)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000004}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x50040080}, 0x40844)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
socket$inet6(0xa, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x4c7a8ffdeee6158b, r6, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_GW_MODE={0x0, 0x33, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x0, 0x34, 0xd}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40048c4}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r4, @ANYBLOB="040025bd700092a59faefcdbdf25010000001c000180050002000100000008000700", @ANYRES32=r7, @ANYBLOB="060005004e210000080003000600000005000500080000000800020004000000080003000100000014000180060001000a00000005000200070000003c000680050002000200000014000400ff02000000000000000000000000000114000400fc0000000000000000000000000000010600010002000000"], 0xa0}, 0x1, 0x0, 0x0, 0x804}, 0x20004010)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x2}, {}]}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x44, 0xff9, 0x8}, 0x20)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000005400e501000000000009000030f05ec3cf1f6845b854711b07000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="00000000ffffffff00000000000000000000000086dd0000"], 0x38}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x5, &(0x7f0000000280)=@framed={{}, [@exit, @jmp={0x5, 0x1, 0x9, 0x5, 0x6, 0x0, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r12=>0x0})
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

417.331477ms ago: executing program 3 (id=1641):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
socket$unix(0x1, 0x5, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x0, 0x0, &(0x7f0000000080)=0x1b00)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300eb990000000000000000fc000000000000000200000000000000ac1e000100000000000000000000000000000000000000000a003000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000040000000000000000000000000000000000000000000000000340000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e000000000000000000000000000000ff01000026ec000000000000000000000000000000a3c55f377a269b73c33a0c122bd13ab4d45a5fe855dc468af09b953c87f7f25afa119732e2ec7b17de9898aada234f61e2b298a0e8fbc1af430e44f124df2f1ae593ffbcf85dedcc0dbdfd06a53bc39fd8f4aa2415b2fe39ea25d7ac98bcc8b7a86a0d83cb493909ca75da0f745dfe66239d533ed30f7d6ee4babe34747e23ba41f481e37f3da0cf878694"], 0xb8}}, 0x0)

360.763638ms ago: executing program 4 (id=1642):
socket$inet6_sctp(0xa, 0x801, 0x84) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) (async)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r0], 0x24}}, 0x0) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$igmp(0x2, 0x3, 0x2) (async)
unshare(0x20040600) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.time\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) (async)
mmap(&(0x7f0000000000/0x11000)=nil, 0x11000, 0x3000001, 0x13, r2, 0x0) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r3, &(0x7f00000000c0)={0x1f, 0x0, @fixed}, 0xe)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd0, &(0x7f0000000240), 0x4)
r4 = socket$l2tp6(0xa, 0x2, 0x73) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4)
bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4) (async)
r6 = accept4(r5, 0x0, 0x0, 0x0) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xba1, 0x9, 0x11}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r7, <r8=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000c00000085000000030000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
r10 = socket(0x10, 0x3, 0x0) (async)
r11 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37}}}]}, 0x78}}, 0x0)
sendmmsg$alg(r6, &(0x7f0000004c00)=[{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000000)="a9861869a75f66ef7d128ae4230965648a021cdf93508c9706dc1e4d9e1d4c436faf1d2786e53d4c8b827fc9174b67dab67acb28c76f6310145b3bfb0804675b44f3372615", 0x45}, {&(0x7f0000000240)="eeb9ff4efd6ce05a6ccd7c232e4442ec0660f89aeac6d45aea60e560bd9dd945dfc8e65ad2cf2e4d55fb59ee276f5e40e07f7b37b86e88c65190565d726b079d4043e88acbc549f5d3291ba8e35c906d22091ac5b87485aab22c1c9723fe9e1fdc8dd53b5e20ff5f2aa43f29cb053bba51958b69b6a5196c75f6c4c10e213afd12e617eceab1020c9c814d456046a1", 0x8f}, {&(0x7f0000001380)="5e4f1b8edaca0fbbb2d381bca66efabb97e5ec4f21ea39add4576b3f6cee354e296c63411644984be95ec4dfde61530d76d658d948193630128904e3d521b1a9d999a23d789f4946d308d88ea73ec8442421f62e", 0x54}], 0x3, &(0x7f0000001480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r6, &(0x7f0000001e80)={0x0, 0x4010, &(0x7f0000001e00)=[{&(0x7f0000004dc0)=""/118, 0xff78}], 0x1, 0x0, 0xd}, 0x0) (async)
sendmmsg$inet6(r4, &(0x7f0000002c00)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @private2}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000900002900b222a53efd60f004a7ba78d19723"], 0x18}}], 0x2, 0x0)

352.288586ms ago: executing program 3 (id=1643):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0) (async)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000100)=[{{}, {0x0, 0x0, 0x1, 0x1}}], 0x8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r4}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}]}, &(0x7f0000000200)='syzkaller\x00', 0x6, 0xdd, &(0x7f0000000340)=""/221, 0x0, 0x0, '\x00', 0x0, 0x0, r2}, 0x90)
r5 = socket$can_raw(0x1d, 0x3, 0x1) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_raw(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000002c0)=[{{}, {0x0, 0x0, 0x0, 0x1}}], 0x8) (async)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r7, 0x0, 0x1, &(0x7f0000000140)=0x2, 0x4)
syz_genetlink_get_family_id$l2tp(&(0x7f0000002100), r7) (async)
bind$can_raw(r2, &(0x7f0000000240)={0x1d, r6}, 0x10) (async)
bind$can_raw(r2, &(0x7f0000000040), 0x10)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) (async)
listen(r1, 0x0) (async)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r8, 0x5452, &(0x7f00000000c0)=0x40)
connect$inet(r8, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10) (async, rerun: 32)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r8, 0x8905, &(0x7f0000000000)) (async, rerun: 32)
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r9, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000000400)={0xb, {{0xa, 0x0, 0x0, @mcast2, 0xfffffffd}}, 0x0, 0x3, [{{0xa, 0x0, 0x0, @private2}}, {{0xa, 0x0, 0x2, @private2}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}]}, 0x210) (async)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) (async)
syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xac00, 0x0)

289.797841ms ago: executing program 2 (id=1644):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x8, 0x3, 0x3a8, 0x128, 0xa, 0x148, 0x128, 0x10, 0x310, 0x2a8, 0x2a8, 0x310, 0x2a8, 0x3, 0x0, {[{{@ip={@loopback, @empty, 0x0, 0x0, 'veth0\x00', 'veth1_to_team\x00'}, 0x3c0, 0xf8, 0x128, 0x70, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'vlan0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x9}}}, @common=@unspec=@connmark={{0x30}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x4}}}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'ipvlan0\x00', 'ip_vti0\x00'}, 0x0, 0xc0, 0x1e8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "8e20"}}, @common=@inet=@set1={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, '/usr/sbin/cupsd\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x408)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="210000000000002cb00b0916493778534f8227738401fb001b000000950000000000010000000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000790b000000000000950000000000"], &(0x7f0000000780)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0xffffff29)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000000)=0x2000000, 0x4)
socket$l2tp(0x2, 0x2, 0x73)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x8f}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r3, &(0x7f0000000340)="e208001500a644b505aa3b6e07ca55eb60406f6735e83908f0cae42db396002f03b0152c35f80bf68ef5", 0x2a, 0x24000800, &(0x7f0000000440)={0xa, 0x20, 0x2003, @mcast1, 0x15}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000000), 0x4)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x2000000, 0x0, 0x0, 0x74}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000380)={'tunl0\x00', &(0x7f00000002c0)={'sit0\x00', <r6=>0x0, 0x40, 0x10, 0x7f3, 0x7, {{0xf, 0x4, 0x1, 0x23, 0x3c, 0x65, 0x0, 0x6, 0x29, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@cipso={0x86, 0x6, 0x1}, @lsrr={0x83, 0xf, 0x21, [@loopback, @loopback, @rand_addr=0x64010102]}, @timestamp={0x44, 0x10, 0x49, 0x0, 0xf, [0x900000, 0x2, 0xfff]}]}}}}})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000055000100000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYRES16=r2], 0x38}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r10, @ANYBLOB="000000000000000008101b007fff0000e29b03660b1baab0695be0161950d3d0957b5d51a7142817cff88d1b92c04f5e0dbf61f62131b2d1c9c7369b4235d0eee24d9cf1025a32fd925f7ab9987e11da25193d"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'wg2\x00', <r11=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', <r12=>0x0})
r13 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r13, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r14=>0x0})
ioctl(r7, 0x3, &(0x7f0000000c00)="c261cd30452d13526ad016096f9996daf6e733be49b87623470ba74b661eca9e5fb75eb9ad6ad884ed13f95d444c034576777d5ec4f1c0acb616e1d28bdc011044b717f0100b9fbdba7c1ac5948661162585a09f8cb6ea66bd70b8700c779399e71ccd99")
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000500)={'syztnl2\x00', <r15=>0x0, 0x80, 0x58, 0x1, 0x1, {{0x1b, 0x4, 0x3, 0x9, 0x6c, 0x66, 0x0, 0x7f, 0x2f, 0x0, @local, @empty, {[@timestamp={0x44, 0x1c, 0xc0, 0x0, 0x3, [0xffffffff, 0x1ff, 0x800, 0x3f, 0x800, 0x7]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x34, 0x30, 0x3, 0x6, [{@broadcast, 0xc0}, {@remote, 0x1}, {@private=0xa010100, 0x80000000}, {@loopback, 0x6}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@loopback, 0x3ff}]}]}}}}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="000225bd7000fcdbdf25150000003800018008000100", @ANYRES32=r6, @ANYBLOB="080003000000000008000100", @ANYRES32=r10, @ANYBLOB="1f00010078bb9d6c6528914234feeff75e122664aaf473fabfbdd4343b1990cd9b0e6f46fdf2", @ANYRES32=r11, @ANYBLOB="140002007465616d5f736c6176655f31000000004c00018008000100", @ANYRES32=r12, @ANYBLOB="1400020065727370616e3000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="08000100", @ANYRES32=r15, @ANYBLOB="140002007663616e30000000000000000000000008000300030000004800018014000200766574683100000000000000000000000800030002000000080003000300000008000300030000000800030000000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="14000180080003000200000008000300010000003c000180140002006970766c616e31000000000000000000140002006261746164765f736c6176655f310000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x40004}, 0x20004004)
readv(r4, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1)

152.279968ms ago: executing program 3 (id=1645):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ac141400000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000000000200ff010000000000000000060000000001ffffffff"], 0xec}}, 0x0)

151.87564ms ago: executing program 4 (id=1646):
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r1, &(0x7f0000000080)="b3019c28", 0x4, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x44b, 0x70bd26, 0x8000000, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x1900}, [@IFLA_WEIGHT={0x8, 0xf, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x94)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)
pipe(&(0x7f0000000080))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000004600000000010000000c0002000800000000000000100007"], 0x30}}, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f00000004c0)=0x401, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@ifindex, 0xffffffffffffffff, 0xf, 0x21, 0xffffffffffffffff, @prog_id}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x3}}, 0x0)
splice(0xffffffffffffffff, 0x0, r5, 0x0, 0x4ffe2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0xa, 0x3, 0x3a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_rdma(0x10, 0x3, 0x14)

128.580802ms ago: executing program 1 (id=1647):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
unshare(0x400)
close(r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba"], 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0)

116.236498ms ago: executing program 3 (id=1648):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='yeah\x00', 0x5)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad4dace0f5119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c78e7756bf4fcaff0c2337", 0x89}, {&(0x7f0000000d40)}], 0x2}}], 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce347c7b623dd3140cfb2326fa1bf9f1dc2375eeba25df45aefdb3c49a4e7ffab4ed7181180bde98af644d11f", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672dbecde54535371af01e67576ef51", 0x1a}, {&(0x7f0000000580)="c3e361cabaa484b0c035139c64932a377f926342f6b052b6a3b273c187a5e0c26fe049092a54eb9b6be2ac2df69e6a36fad43d88851aa162b6aa0d4734e36aad318ea99586ca9f642920068473af2e996703149f0c13bcfae9beeb8d", 0x5c}, {&(0x7f0000000800)="8434335f698d91a2a3efe5291f7ebbc2424bb7ee30459376efe5541dc546f93c4ad4f9343e", 0x25}], 0x4}, 0x0)

67.413967ms ago: executing program 1 (id=1649):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
unshare(0x400)
close(r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x23, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba25ac1414ff"], 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x1200, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x0)

0s ago: executing program 4 (id=1651):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000000000008500000040000000b70000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26)
getsockopt$bt_BT_SECURITY(r1, 0x111, 0x2, 0x0, 0x20000000)
r4 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000000140), 0x4)
pipe(&(0x7f00000001c0))
socket$unix(0x1, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32, @ANYBLOB="24005a8020000180140003000000000002000000000001000000000004000200040001"], 0x40}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty}, 0x2a0})
ioctl$sock_inet_SIOCDELRT(r6, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @empty}, 0xab852ebbeefbd6b1})

kernel console output (not intermixed with test programs):

gle 06/07/2024
[  125.242231][ T6596] Call Trace:
[  125.245549][ T6596]  <TASK>
[  125.248516][ T6596]  dump_stack_lvl+0x241/0x360
[  125.253327][ T6596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.258569][ T6596]  ? __pfx__printk+0x10/0x10
[  125.263303][ T6596]  ? __pfx_lock_release+0x10/0x10
[  125.268390][ T6596]  should_fail_ex+0x3b0/0x4e0
[  125.273217][ T6596]  _copy_from_iter+0x43a/0x1960
[  125.278124][ T6596]  ? __pfx__copy_from_iter+0x10/0x10
[  125.283473][ T6596]  ? __pfx__copy_from_iter+0x10/0x10
[  125.288795][ T6596]  ? __netdev_alloc_frag_align+0x1a2/0x1f0
[  125.294731][ T6596]  ? page_copy_sane+0x154/0x260
[  125.299597][ T6596]  copy_page_from_iter+0x7a/0x100
[  125.304650][ T6596]  skb_copy_datagram_from_iter+0x2d8/0x6c0
[  125.310485][ T6596]  tun_get_user+0xec3/0x4720
[  125.315110][ T6596]  ? __pfx_tun_get_user+0x10/0x10
[  125.320181][ T6596]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  125.325666][ T6596]  ? tun_get+0x1e/0x2f0
[  125.329834][ T6596]  ? __pfx_lock_release+0x10/0x10
[  125.334883][ T6596]  ? tun_get+0x1e/0x2f0
[  125.339054][ T6596]  ? tun_get+0x27d/0x2f0
[  125.343315][ T6596]  tun_chr_write_iter+0x113/0x1f0
[  125.348356][ T6596]  do_iter_readv_writev+0x5a4/0x800
[  125.353576][ T6596]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  125.359310][ T6596]  ? bpf_lsm_file_permission+0x9/0x10
[  125.364697][ T6596]  ? security_file_permission+0x7f/0xa0
[  125.370260][ T6596]  ? rw_verify_area+0x1d2/0x6b0
[  125.375135][ T6596]  vfs_writev+0x37c/0xbb0
[  125.379507][ T6596]  ? __pfx_lock_acquire+0x10/0x10
[  125.384638][ T6596]  ? __pfx_vfs_writev+0x10/0x10
[  125.389520][ T6596]  ? vfs_write+0x7c4/0xc90
[  125.393961][ T6596]  ? __fget_files+0x29/0x470
[  125.398666][ T6596]  do_writev+0x1b1/0x350
[  125.403136][ T6596]  ? __pfx_do_writev+0x10/0x10
[  125.407923][ T6596]  ? do_syscall_64+0x100/0x230
[  125.412705][ T6596]  ? do_syscall_64+0xb6/0x230
[  125.417407][ T6596]  do_syscall_64+0xf3/0x230
[  125.421923][ T6596]  ? clear_bhb_loop+0x35/0x90
[  125.426613][ T6596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.432524][ T6596] RIP: 0033:0x7faa77175bd9
[  125.436948][ T6596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.456670][ T6596] RSP: 002b:00007faa77fbf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  125.465116][ T6596] RAX: ffffffffffffffda RBX: 00007faa77303f60 RCX: 00007faa77175bd9
[  125.473136][ T6596] RDX: 0000000000000002 RSI: 00000000200002c0 RDI: 0000000000000003
[  125.481323][ T6596] RBP: 00007faa77fbf0a0 R08: 0000000000000000 R09: 0000000000000000
[  125.489322][ T6596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.497398][ T6596] R13: 000000000000000b R14: 00007faa77303f60 R15: 00007ffc3c756728
[  125.505413][ T6596]  </TASK>
[  125.622468][ T6600] __nla_validate_parse: 4 callbacks suppressed
[  125.622489][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.479'.
[  125.698573][ T6563] lo: left promiscuous mode
[  126.242685][ T6631] netlink: 20 bytes leftover after parsing attributes in process `syz.0.487'.
[  126.400463][ T6633] netlink: 1 bytes leftover after parsing attributes in process `syz.3.485'.
[  126.484456][ T6631] netlink: 48 bytes leftover after parsing attributes in process `syz.0.487'.
[  126.920524][ T6655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.493'.
[  127.065801][ T6668] lo: entered promiscuous mode
[  127.286509][ T6677] netlink: 8 bytes leftover after parsing attributes in process `syz.4.503'.
[  127.818152][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.511'.
[  127.965262][ T6659] lo: left promiscuous mode
[  128.233736][ T6721] Dead loop on virtual device ipvlan1, fix it urgently!
[  128.258353][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.520'.
[  128.441950][ T6726] netlink: 'syz.4.521': attribute type 3 has an invalid length.
[  128.481602][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.521'.
[  128.797258][ T6721] syz.1.514 (6721) used greatest stack depth: 6008 bytes left
[  128.872800][ T6748] netlink: 4 bytes leftover after parsing attributes in process `syz.4.527'.
[  129.430091][ T6781] FAULT_INJECTION: forcing a failure.
[  129.430091][ T6781] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.445130][ T6781] CPU: 0 PID: 6781 Comm: syz.1.540 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  129.455176][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  129.465275][ T6781] Call Trace:
[  129.468595][ T6781]  <TASK>
[  129.471552][ T6781]  dump_stack_lvl+0x241/0x360
[  129.476288][ T6781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.481533][ T6781]  ? __pfx__printk+0x10/0x10
[  129.486185][ T6781]  ? __pfx_lock_release+0x10/0x10
[  129.491337][ T6781]  should_fail_ex+0x3b0/0x4e0
[  129.496047][ T6781]  _copy_from_iter+0x1f6/0x1960
[  129.500922][ T6781]  ? __virt_addr_valid+0x183/0x520
[  129.506151][ T6781]  ? __pfx_lock_release+0x10/0x10
[  129.511194][ T6781]  ? __alloc_skb+0x28f/0x440
[  129.515800][ T6781]  ? __pfx__copy_from_iter+0x10/0x10
[  129.521103][ T6781]  ? __virt_addr_valid+0x183/0x520
[  129.526226][ T6781]  ? __virt_addr_valid+0x183/0x520
[  129.531348][ T6781]  ? __virt_addr_valid+0x44e/0x520
[  129.536472][ T6781]  ? __check_object_size+0x49c/0x900
[  129.541806][ T6781]  netlink_sendmsg+0x73d/0xcb0
[  129.546604][ T6781]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.551998][ T6781]  ? __import_iovec+0x536/0x820
[  129.556869][ T6781]  ? aa_sock_msg_perm+0x91/0x160
[  129.561830][ T6781]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  129.567143][ T6781]  ? security_socket_sendmsg+0x87/0xb0
[  129.572635][ T6781]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.577959][ T6781]  __sock_sendmsg+0x221/0x270
[  129.582674][ T6781]  ____sys_sendmsg+0x525/0x7d0
[  129.587476][ T6781]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.592810][ T6781]  __sys_sendmsg+0x2b0/0x3a0
[  129.597421][ T6781]  ? __pfx___sys_sendmsg+0x10/0x10
[  129.602574][ T6781]  ? vfs_write+0x7c4/0xc90
[  129.607097][ T6781]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  129.613459][ T6781]  ? do_syscall_64+0x100/0x230
[  129.618243][ T6781]  ? do_syscall_64+0xb6/0x230
[  129.622939][ T6781]  do_syscall_64+0xf3/0x230
[  129.627459][ T6781]  ? clear_bhb_loop+0x35/0x90
[  129.632172][ T6781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.638093][ T6781] RIP: 0033:0x7f2386d75bd9
[  129.642525][ T6781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.662246][ T6781] RSP: 002b:00007f2387bc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  129.670677][ T6781] RAX: ffffffffffffffda RBX: 00007f2386f03f60 RCX: 00007f2386d75bd9
[  129.678663][ T6781] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  129.686657][ T6781] RBP: 00007f2387bc30a0 R08: 0000000000000000 R09: 0000000000000000
[  129.694640][ T6781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.702620][ T6781] R13: 000000000000000b R14: 00007f2386f03f60 R15: 00007fffa7ba0258
[  129.710640][ T6781]  </TASK>
[  130.033668][ T6797] Dead loop on virtual device ipvlan1, fix it urgently!
[  130.407276][ T6815] FAULT_INJECTION: forcing a failure.
[  130.407276][ T6815] name failslab, interval 1, probability 0, space 0, times 0
[  130.425003][ T6815] CPU: 0 PID: 6815 Comm: syz.0.553 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  130.435058][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  130.445294][ T6815] Call Trace:
[  130.448609][ T6815]  <TASK>
[  130.451672][ T6815]  dump_stack_lvl+0x241/0x360
[  130.456496][ T6815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.461733][ T6815]  ? __pfx__printk+0x10/0x10
[  130.466347][ T6815]  ? ref_tracker_alloc+0x332/0x490
[  130.471514][ T6815]  should_fail_ex+0x3b0/0x4e0
[  130.476210][ T6815]  ? skb_clone+0x20c/0x390
[  130.480639][ T6815]  should_failslab+0x9/0x20
[  130.485165][ T6815]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  130.490594][ T6815]  skb_clone+0x20c/0x390
[  130.494882][ T6815]  __netlink_deliver_tap+0x3cc/0x7c0
[  130.500204][ T6815]  ? netlink_deliver_tap+0x2e/0x1b0
[  130.505438][ T6815]  netlink_deliver_tap+0x19d/0x1b0
[  130.510596][ T6815]  netlink_unicast+0x7be/0x990
[  130.515380][ T6815]  ? __pfx_netlink_unicast+0x10/0x10
[  130.520789][ T6815]  ? __virt_addr_valid+0x183/0x520
[  130.525932][ T6815]  ? __check_object_size+0x49c/0x900
[  130.531245][ T6815]  ? bpf_lsm_netlink_send+0x9/0x10
[  130.536390][ T6815]  netlink_sendmsg+0x8e4/0xcb0
[  130.541199][ T6815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.546613][ T6815]  ? __import_iovec+0x536/0x820
[  130.551504][ T6815]  ? aa_sock_msg_perm+0x91/0x160
[  130.556494][ T6815]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  130.561818][ T6815]  ? security_socket_sendmsg+0x87/0xb0
[  130.567408][ T6815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.572716][ T6815]  __sock_sendmsg+0x221/0x270
[  130.577420][ T6815]  ____sys_sendmsg+0x525/0x7d0
[  130.582219][ T6815]  ? __pfx_____sys_sendmsg+0x10/0x10
[  130.587545][ T6815]  __sys_sendmsg+0x2b0/0x3a0
[  130.592156][ T6815]  ? __pfx___sys_sendmsg+0x10/0x10
[  130.597299][ T6815]  ? vfs_write+0x7c4/0xc90
[  130.601772][ T6815]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  130.608146][ T6815]  ? do_syscall_64+0x100/0x230
[  130.612945][ T6815]  ? do_syscall_64+0xb6/0x230
[  130.617907][ T6815]  do_syscall_64+0xf3/0x230
[  130.622432][ T6815]  ? clear_bhb_loop+0x35/0x90
[  130.627139][ T6815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.633045][ T6815] RIP: 0033:0x7ff29d175bd9
[  130.637474][ T6815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.657090][ T6815] RSP: 002b:00007ff29def5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.665517][ T6815] RAX: ffffffffffffffda RBX: 00007ff29d303f60 RCX: 00007ff29d175bd9
[  130.673498][ T6815] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  130.681562][ T6815] RBP: 00007ff29def50a0 R08: 0000000000000000 R09: 0000000000000000
[  130.689544][ T6815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.697520][ T6815] R13: 000000000000000b R14: 00007ff29d303f60 R15: 00007ffc9db5c5a8
[  130.705530][ T6815]  </TASK>
[  130.783097][ T6817] __nla_validate_parse: 4 callbacks suppressed
[  130.783119][ T6817] netlink: 24 bytes leftover after parsing attributes in process `syz.4.555'.
[  130.913885][ T6797] syz.1.547 (6797) used greatest stack depth: 5816 bytes left
[  131.063291][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'.
[  131.196029][ T6834] sctp: [Deprecated]: syz.2.562 (pid 6834) Use of struct sctp_assoc_value in delayed_ack socket option.
[  131.196029][ T6834] Use struct sctp_sack_info instead
[  131.354670][ T5189] IPVS: starting estimator thread 0...
[  131.462971][ T6845] netlink: 4 bytes leftover after parsing attributes in process `syz.3.565'.
[  131.473471][ T6843] IPVS: using max 17 ests per chain, 40800 per kthread
[  131.492357][ T6848] FAULT_INJECTION: forcing a failure.
[  131.492357][ T6848] name failslab, interval 1, probability 0, space 0, times 0
[  131.505478][ T6848] CPU: 1 PID: 6848 Comm: syz.2.567 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  131.515579][ T6848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  131.525682][ T6848] Call Trace:
[  131.528972][ T6848]  <TASK>
[  131.531915][ T6848]  dump_stack_lvl+0x241/0x360
[  131.536607][ T6848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.541817][ T6848]  ? __pfx__printk+0x10/0x10
[  131.546443][ T6848]  should_fail_ex+0x3b0/0x4e0
[  131.551287][ T6848]  ? skb_clone+0x20c/0x390
[  131.555818][ T6848]  should_failslab+0x9/0x20
[  131.560337][ T6848]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  131.565735][ T6848]  skb_clone+0x20c/0x390
[  131.569994][ T6848]  ? dev_queue_xmit_nit+0x220/0xc10
[  131.575208][ T6848]  dev_queue_xmit_nit+0x419/0xc10
[  131.580250][ T6848]  ? dev_queue_xmit_nit+0x2b/0xc10
[  131.585558][ T6848]  ? validate_xmit_skb+0x9f9/0x1120
[  131.590788][ T6848]  dev_hard_start_xmit+0x15f/0x7e0
[  131.595941][ T6848]  ? __pfx_validate_xmit_skb+0x10/0x10
[  131.601440][ T6848]  __dev_queue_xmit+0x1b63/0x3e90
[  131.606572][ T6848]  ? kasan_save_track+0x51/0x80
[  131.611449][ T6848]  ? do_syscall_64+0xf3/0x230
[  131.616142][ T6848]  ? __dev_queue_xmit+0x2da/0x3e90
[  131.621274][ T6848]  ? __pfx___dev_queue_xmit+0x10/0x10
[  131.626689][ T6848]  ? __copy_skb_header+0x437/0x5b0
[  131.631842][ T6848]  ? __asan_memcpy+0x40/0x70
[  131.636477][ T6848]  ? __copy_skb_header+0x437/0x5b0
[  131.641623][ T6848]  ? __skb_clone+0x454/0x6c0
[  131.646259][ T6848]  ? skb_clone+0x240/0x390
[  131.650709][ T6848]  __netlink_deliver_tap+0x54d/0x7c0
[  131.656023][ T6848]  ? netlink_deliver_tap+0x2e/0x1b0
[  131.661245][ T6848]  netlink_deliver_tap+0x19d/0x1b0
[  131.666394][ T6848]  netlink_unicast+0x7be/0x990
[  131.671181][ T6848]  ? __pfx_netlink_unicast+0x10/0x10
[  131.676494][ T6848]  ? __virt_addr_valid+0x183/0x520
[  131.681628][ T6848]  ? __check_object_size+0x49c/0x900
[  131.687039][ T6848]  ? bpf_lsm_netlink_send+0x9/0x10
[  131.692179][ T6848]  netlink_sendmsg+0x8e4/0xcb0
[  131.696980][ T6848]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.702821][ T6848]  ? __import_iovec+0x536/0x820
[  131.707679][ T6848]  ? aa_sock_msg_perm+0x91/0x160
[  131.712641][ T6848]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  131.717932][ T6848]  ? security_socket_sendmsg+0x87/0xb0
[  131.723441][ T6848]  ? __pfx_netlink_sendmsg+0x10/0x10
[  131.728851][ T6848]  __sock_sendmsg+0x221/0x270
[  131.733551][ T6848]  ____sys_sendmsg+0x525/0x7d0
[  131.738339][ T6848]  ? __pfx_____sys_sendmsg+0x10/0x10
[  131.743668][ T6848]  __sys_sendmsg+0x2b0/0x3a0
[  131.748274][ T6848]  ? __pfx___sys_sendmsg+0x10/0x10
[  131.753419][ T6848]  ? vfs_write+0x7c4/0xc90
[  131.757898][ T6848]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  131.764238][ T6848]  ? do_syscall_64+0x100/0x230
[  131.769012][ T6848]  ? do_syscall_64+0xb6/0x230
[  131.773700][ T6848]  do_syscall_64+0xf3/0x230
[  131.778300][ T6848]  ? clear_bhb_loop+0x35/0x90
[  131.782992][ T6848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.788898][ T6848] RIP: 0033:0x7fd50cf75bd9
[  131.793408][ T6848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.813107][ T6848] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  131.821538][ T6848] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9
[  131.829526][ T6848] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  131.837596][ T6848] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000
[  131.845579][ T6848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.853565][ T6848] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988
[  131.861558][ T6848]  </TASK>
[  132.114608][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'.
[  133.020174][ T6899] Cannot find add_set index 0 as target
[  133.163278][ T2865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.193362][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  133.199835][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  133.262444][ T2865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.409618][ T2865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.563671][ T2865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.709868][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  133.720205][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  133.729864][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  133.743118][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  133.751248][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  133.759593][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  133.900320][ T6929] bridge0: port 3(vlan2) entered blocking state
[  133.917601][ T6929] bridge0: port 3(vlan2) entered disabled state
[  133.924587][ T6929] vlan2: entered allmulticast mode
[  133.932816][ T6929] vlan2: left allmulticast mode
[  134.073074][ T6935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.601'.
[  134.093162][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'.
[  134.112118][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'.
[  134.129455][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'.
[  134.152013][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'.
[  134.206040][ T6920] caif0 speed is unknown, defaulting to 1000
[  134.216825][ T2865] bridge_slave_1: left allmulticast mode
[  134.240288][ T2865] bridge_slave_1: left promiscuous mode
[  134.257965][ T2865] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.314748][ T2865] bridge_slave_0: left allmulticast mode
[  134.342309][ T2865] bridge_slave_0: left promiscuous mode
[  134.358530][ T2865] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.546057][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.4.611'.
[  134.887186][ T2865] bridge0 (unregistering): left allmulticast mode
[  134.918734][ T2865] team0: Port device macvlan2 removed
[  135.102332][ T2865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  135.127553][ T2865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  135.143576][ T2865] bond0 (unregistering): Released all slaves
[  135.163295][ T2865] bond1 (unregistering): Released all slaves
[  135.178036][ T2865] bond2 (unregistering): Released all slaves
[  135.462746][ T6971] netlink: 'syz.1.614': attribute type 8 has an invalid length.
[  135.709515][ T6983] netlink: 'syz.3.617': attribute type 3 has an invalid length.
[  135.822287][   T53] Bluetooth: hci3: command tx timeout
[  136.508648][ T7016] __nla_validate_parse: 3 callbacks suppressed
[  136.508671][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.3.629'.
[  136.620847][ T6920] chnl_net:caif_netlink_parms(): no params data found
[  136.664224][ T7019] ɶƣ0GC¦: entered promiscuous mode
[  136.720574][ T2865] hsr_slave_0: left promiscuous mode
[  136.730815][ T2865] hsr_slave_1: left promiscuous mode
[  136.749841][ T2865] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  136.760340][ T2865] batman_adv: batadv0: Removing interface: batadv_slave_0
[  136.769077][ T2865] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  136.783730][ T2865] batman_adv: batadv0: Removing interface: batadv_slave_1
[  136.822880][ T2865] veth1_macvtap: left promiscuous mode
[  136.828968][ T2865] veth0_macvtap: left promiscuous mode
[  136.841281][ T2865] veth1_vlan: left promiscuous mode
[  136.848609][ T2865] 
@ÿ: left promiscuous mode
[  137.384118][ T2865] team0 (unregistering): Port device team_slave_1 removed
[  137.423728][ T2865] team0 (unregistering): Port device team_slave_0 removed
[  137.902086][   T53] Bluetooth: hci3: command tx timeout
[  138.067263][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.085809][ T7053] FAULT_INJECTION: forcing a failure.
[  138.085809][ T7053] name failslab, interval 1, probability 0, space 0, times 0
[  138.100130][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.107980][ T6920] bridge_slave_0: entered allmulticast mode
[  138.117446][ T6920] bridge_slave_0: entered promiscuous mode
[  138.123853][ T7053] CPU: 1 PID: 7053 Comm: syz.2.638 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  138.133961][ T7053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  138.144150][ T7053] Call Trace:
[  138.147455][ T7053]  <TASK>
[  138.150416][ T7053]  dump_stack_lvl+0x241/0x360
[  138.155138][ T7053]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.160378][ T7053]  ? __pfx__printk+0x10/0x10
[  138.161707][ T6920] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.164997][ T7053]  ? ref_tracker_alloc+0x332/0x490
[  138.165062][ T7053]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  138.165102][ T7053]  should_fail_ex+0x3b0/0x4e0
[  138.165147][ T7053]  ? skb_clone+0x20c/0x390
[  138.165181][ T7053]  should_failslab+0x9/0x20
[  138.165214][ T7053]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  138.187423][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.187497][ T7053]  skb_clone+0x20c/0x390
[  138.192384][ T6920] bridge_slave_1: entered allmulticast mode
[  138.196403][ T7053]  __netlink_deliver_tap+0x3cc/0x7c0
[  138.196450][ T7053]  ? netlink_deliver_tap+0x2e/0x1b0
[  138.210787][ T6920] bridge_slave_1: entered promiscuous mode
[  138.213147][ T7053]  netlink_deliver_tap+0x19d/0x1b0
[  138.213184][ T7053]  netlink_sendskb+0x68/0x140
[  138.213211][ T7053]  netlink_unicast+0x39d/0x990
[  138.213246][ T7053]  ? __pfx_netlink_unicast+0x10/0x10
[  138.255303][ T7053]  ovs_ct_limit_cmd_set+0x970/0xaf0
[  138.260524][ T7053]  ? __nla_parse+0x40/0x60
[  138.264956][ T7053]  ? genl_family_rcv_msg_attrs_parse+0x21b/0x290
[  138.271316][ T7053]  genl_rcv_msg+0xb14/0xec0
[  138.275839][ T7053]  ? mark_lock+0x9a/0x350
[  138.280199][ T7053]  ? __pfx_genl_rcv_msg+0x10/0x10
[  138.285291][ T7053]  ? __pfx_lock_acquire+0x10/0x10
[  138.290326][ T7053]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  138.296066][ T7053]  ? __pfx___might_resched+0x10/0x10
[  138.301375][ T7053]  netlink_rcv_skb+0x1e3/0x430
[  138.306158][ T7053]  ? __pfx_genl_rcv_msg+0x10/0x10
[  138.311204][ T7053]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  138.316517][ T7053]  ? __netlink_deliver_tap+0x77e/0x7c0
[  138.322001][ T7053]  genl_rcv+0x28/0x40
[  138.326005][ T7053]  netlink_unicast+0x7f0/0x990
[  138.330782][ T7053]  ? __pfx_netlink_unicast+0x10/0x10
[  138.336075][ T7053]  ? __virt_addr_valid+0x183/0x520
[  138.341294][ T7053]  ? __check_object_size+0x49c/0x900
[  138.346686][ T7053]  ? bpf_lsm_netlink_send+0x9/0x10
[  138.351823][ T7053]  netlink_sendmsg+0x8e4/0xcb0
[  138.356702][ T7053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  138.362000][ T7053]  ? __import_iovec+0x536/0x820
[  138.366858][ T7053]  ? aa_sock_msg_perm+0x91/0x160
[  138.371816][ T7053]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  138.377120][ T7053]  ? security_socket_sendmsg+0x87/0xb0
[  138.382598][ T7053]  ? __pfx_netlink_sendmsg+0x10/0x10
[  138.387898][ T7053]  __sock_sendmsg+0x221/0x270
[  138.392593][ T7053]  ____sys_sendmsg+0x525/0x7d0
[  138.397379][ T7053]  ? __pfx_____sys_sendmsg+0x10/0x10
[  138.402714][ T7053]  __sys_sendmsg+0x2b0/0x3a0
[  138.407322][ T7053]  ? __pfx___sys_sendmsg+0x10/0x10
[  138.412448][ T7053]  ? vfs_write+0x7c4/0xc90
[  138.416959][ T7053]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  138.423308][ T7053]  ? do_syscall_64+0x100/0x230
[  138.428126][ T7053]  ? do_syscall_64+0xb6/0x230
[  138.432831][ T7053]  do_syscall_64+0xf3/0x230
[  138.437368][ T7053]  ? clear_bhb_loop+0x35/0x90
[  138.442074][ T7053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.448072][ T7053] RIP: 0033:0x7fd50cf75bd9
[  138.452502][ T7053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.472223][ T7053] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  138.480736][ T7053] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9
[  138.488721][ T7053] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  138.496906][ T7053] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000
[  138.504888][ T7053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  138.512873][ T7053] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988
[  138.520867][ T7053]  </TASK>
[  138.816008][ T6920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.864073][ T6920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.013768][ T6920] team0: Port device team_slave_0 added
[  139.106111][ T6920] team0: Port device team_slave_1 added
[  139.272541][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.287601][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.369938][ T6920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.443003][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.472257][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.528737][ T6920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.604451][ T7102] FAULT_INJECTION: forcing a failure.
[  139.604451][ T7102] name failslab, interval 1, probability 0, space 0, times 0
[  139.617638][ T7102] CPU: 0 PID: 7102 Comm: syz.3.652 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  139.627660][ T7102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  139.637762][ T7102] Call Trace:
[  139.641061][ T7102]  <TASK>
[  139.644024][ T7102]  dump_stack_lvl+0x241/0x360
[  139.648734][ T7102]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.653961][ T7102]  ? __pfx__printk+0x10/0x10
[  139.658636][ T7102]  should_fail_ex+0x3b0/0x4e0
[  139.663345][ T7102]  ? skb_clone+0x20c/0x390
[  139.667802][ T7102]  should_failslab+0x9/0x20
[  139.672338][ T7102]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  139.677746][ T7102]  skb_clone+0x20c/0x390
[  139.682035][ T7102]  ? dev_queue_xmit_nit+0x220/0xc10
[  139.687254][ T7102]  dev_queue_xmit_nit+0x419/0xc10
[  139.692298][ T7102]  ? dev_queue_xmit_nit+0x2b/0xc10
[  139.697448][ T7102]  ? validate_xmit_skb+0x9f9/0x1120
[  139.702679][ T7102]  dev_hard_start_xmit+0x15f/0x7e0
[  139.707812][ T7102]  ? __pfx_validate_xmit_skb+0x10/0x10
[  139.713302][ T7102]  __dev_queue_xmit+0x1b63/0x3e90
[  139.718355][ T7102]  ? genl_rcv_msg+0xb14/0xec0
[  139.723051][ T7102]  ? netlink_unicast+0x7f0/0x990
[  139.727999][ T7102]  ? ____sys_sendmsg+0x525/0x7d0
[  139.732951][ T7102]  ? __dev_queue_xmit+0x2da/0x3e90
[  139.738081][ T7102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.744173][ T7102]  ? __pfx___dev_queue_xmit+0x10/0x10
[  139.749577][ T7102]  ? __copy_skb_header+0x437/0x5b0
[  139.754709][ T7102]  ? __asan_memcpy+0x40/0x70
[  139.759316][ T7102]  ? __copy_skb_header+0x437/0x5b0
[  139.764452][ T7102]  ? __skb_clone+0x454/0x6c0
[  139.769066][ T7102]  ? skb_clone+0x240/0x390
[  139.773503][ T7102]  __netlink_deliver_tap+0x54d/0x7c0
[  139.778906][ T7102]  ? netlink_deliver_tap+0x2e/0x1b0
[  139.784207][ T7102]  netlink_deliver_tap+0x19d/0x1b0
[  139.789416][ T7102]  netlink_sendskb+0x68/0x140
[  139.794208][ T7102]  netlink_unicast+0x39d/0x990
[  139.799005][ T7102]  ? __pfx_netlink_unicast+0x10/0x10
[  139.804308][ T7102]  ovs_ct_limit_cmd_set+0x970/0xaf0
[  139.809522][ T7102]  ? __nla_parse+0x40/0x60
[  139.813959][ T7102]  ? genl_family_rcv_msg_attrs_parse+0x21b/0x290
[  139.820415][ T7102]  genl_rcv_msg+0xb14/0xec0
[  139.825036][ T7102]  ? mark_lock+0x9a/0x350
[  139.829391][ T7102]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.834458][ T7102]  ? __pfx_lock_acquire+0x10/0x10
[  139.839489][ T7102]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  139.845231][ T7102]  ? __pfx___might_resched+0x10/0x10
[  139.850538][ T7102]  netlink_rcv_skb+0x1e3/0x430
[  139.855318][ T7102]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.860359][ T7102]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  139.865668][ T7102]  ? __netlink_deliver_tap+0x77e/0x7c0
[  139.871147][ T7102]  genl_rcv+0x28/0x40
[  139.875154][ T7102]  netlink_unicast+0x7f0/0x990
[  139.879952][ T7102]  ? __pfx_netlink_unicast+0x10/0x10
[  139.885241][ T7102]  ? __virt_addr_valid+0x183/0x520
[  139.890369][ T7102]  ? __check_object_size+0x49c/0x900
[  139.895669][ T7102]  ? bpf_lsm_netlink_send+0x9/0x10
[  139.900799][ T7102]  netlink_sendmsg+0x8e4/0xcb0
[  139.905677][ T7102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.910988][ T7102]  ? __import_iovec+0x536/0x820
[  139.915859][ T7102]  ? aa_sock_msg_perm+0x91/0x160
[  139.920831][ T7102]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  139.926127][ T7102]  ? security_socket_sendmsg+0x87/0xb0
[  139.931687][ T7102]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.936983][ T7102]  __sock_sendmsg+0x221/0x270
[  139.941673][ T7102]  ____sys_sendmsg+0x525/0x7d0
[  139.946465][ T7102]  ? __pfx_____sys_sendmsg+0x10/0x10
[  139.951783][ T7102]  __sys_sendmsg+0x2b0/0x3a0
[  139.956396][ T7102]  ? __pfx___sys_sendmsg+0x10/0x10
[  139.961542][ T7102]  ? vfs_write+0x7c4/0xc90
[  139.966018][ T7102]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  139.972361][ T7102]  ? do_syscall_64+0x100/0x230
[  139.977140][ T7102]  ? do_syscall_64+0xb6/0x230
[  139.981837][ T7102]  do_syscall_64+0xf3/0x230
[  139.986352][ T7102]  ? clear_bhb_loop+0x35/0x90
[  139.991131][ T7102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.997039][ T7102] RIP: 0033:0x7ff024b75bd9
[  140.001459][ T7102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.021077][ T7102] RSP: 002b:00007ff025a0f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.029519][ T7102] RAX: ffffffffffffffda RBX: 00007ff024d03f60 RCX: 00007ff024b75bd9
[  140.037513][ T7102] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  140.045611][ T7102] RBP: 00007ff025a0f0a0 R08: 0000000000000000 R09: 0000000000000000
[  140.053590][ T7102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  140.061567][ T7102] R13: 000000000000000b R14: 00007ff024d03f60 R15: 00007ffe39547838
[  140.069574][ T7102]  </TASK>
[  140.109410][   T53] Bluetooth: hci3: command tx timeout
[  140.196906][ T6920] hsr_slave_0: entered promiscuous mode
[  140.211019][ T6920] hsr_slave_1: entered promiscuous mode
[  140.659791][ T7130] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  140.887116][ T7144] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  140.920110][ T7144] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  140.968493][ T7150] pim6reg: entered allmulticast mode
[  140.999063][ T7142] netlink: 52 bytes leftover after parsing attributes in process `syz.4.667'.
[  141.011916][ T7144] netlink: 'syz.3.668': attribute type 4 has an invalid length.
[  141.115505][ T7162] Bluetooth: MGMT ver 1.22
[  141.370377][ T6920] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  141.389623][ T6920] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  141.410272][ T6920] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  141.439463][ T6920] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  141.659044][ T6920] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.720049][ T6920] 8021q: adding VLAN 0 to HW filter on device team0
[  141.747299][ T7174] netlink: 'syz.1.679': attribute type 2 has an invalid length.
[  141.770854][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.778119][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.782428][ T7174] netlink: 28 bytes leftover after parsing attributes in process `syz.1.679'.
[  141.805131][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.812372][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.846900][ T7181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.681'.
[  141.883426][ T7181] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  141.928200][ T7182] netlink: 36 bytes leftover after parsing attributes in process `syz.1.679'.
[  142.143930][ T5113] Bluetooth: hci3: command tx timeout
[  142.149796][ T7196] netlink: 40 bytes leftover after parsing attributes in process `syz.2.682'.
[  142.600057][ T6920] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.748461][ T6920] veth0_vlan: entered promiscuous mode
[  142.789451][ T6920] veth1_vlan: entered promiscuous mode
[  142.889937][ T6920] veth0_macvtap: entered promiscuous mode
[  142.906867][ T6920] veth1_macvtap: entered promiscuous mode
[  142.934402][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.961868][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.971747][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.999222][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.009577][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.020538][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.037414][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.049433][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.067986][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.098872][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.118017][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.128496][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.141993][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.164889][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.186759][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.207924][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.220901][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.238735][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.284888][ T6920] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.316333][ T6920] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.317100][ T7247] FAULT_INJECTION: forcing a failure.
[  143.317100][ T7247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.335685][ T6920] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.342322][ T7247] CPU: 1 PID: 7247 Comm: syz.2.701 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  143.357266][ T7247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  143.366388][ T6920] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.367328][ T7247] Call Trace:
[  143.367341][ T7247]  <TASK>
[  143.382300][ T7247]  dump_stack_lvl+0x241/0x360
[  143.387085][ T7247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.392297][ T7247]  ? __pfx__printk+0x10/0x10
[  143.396913][ T7247]  ? snprintf+0xda/0x120
[  143.401175][ T7247]  should_fail_ex+0x3b0/0x4e0
[  143.405881][ T7247]  _copy_to_user+0x2f/0xb0
[  143.410310][ T7247]  simple_read_from_buffer+0xca/0x150
[  143.415708][ T7247]  proc_fail_nth_read+0x1e9/0x250
[  143.420748][ T7247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  143.426318][ T7247]  ? rw_verify_area+0x520/0x6b0
[  143.431187][ T7247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  143.436749][ T7247]  vfs_read+0x204/0xbc0
[  143.440917][ T7247]  ? __pfx_lock_release+0x10/0x10
[  143.445956][ T7247]  ? __pfx_vfs_read+0x10/0x10
[  143.450644][ T7247]  ? __fget_files+0x29/0x470
[  143.455252][ T7247]  ? __fget_files+0x3f6/0x470
[  143.459954][ T7247]  ksys_read+0x1a0/0x2c0
[  143.464214][ T7247]  ? __pfx_ksys_read+0x10/0x10
[  143.469013][ T7247]  ? do_syscall_64+0x100/0x230
[  143.473800][ T7247]  ? do_syscall_64+0xb6/0x230
[  143.478508][ T7247]  do_syscall_64+0xf3/0x230
[  143.483027][ T7247]  ? clear_bhb_loop+0x35/0x90
[  143.487726][ T7247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.493632][ T7247] RIP: 0033:0x7fd50cf746bc
[  143.498074][ T7247] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  143.517701][ T7247] RSP: 002b:00007fd50ddee040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  143.526130][ T7247] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf746bc
[  143.534121][ T7247] RDX: 000000000000000f RSI: 00007fd50ddee0b0 RDI: 0000000000000004
[  143.542098][ T7247] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000
[  143.550072][ T7247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  143.558048][ T7247] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988
[  143.566046][ T7247]  </TASK>
[  143.791340][ T7251] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING
[  143.936336][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.965291][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.026623][ T7254] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'.
[  144.061521][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.080178][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.224049][ T7264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.707'.
[  144.226738][ T5113] Bluetooth: hci3: command 0x0405 tx timeout
[  144.389243][ T7262] netlink: 44 bytes leftover after parsing attributes in process `syz.2.707'.
[  144.425913][ T7262] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  144.595099][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.709'.
[  144.823270][ T7277] tipc: MTU too low for tipc bearer
[  144.844825][ T7277] netlink: 52 bytes leftover after parsing attributes in process `syz.2.712'.
[  144.885419][ T7277] netlink: 'syz.2.712': attribute type 10 has an invalid length.
[  144.973172][ T7277] team0: Failed to send options change via netlink (err -105)
[  144.980895][ T7277] team0: Port device netdevsim0 added
[  145.000694][ T7289] netlink: 'syz.2.712': attribute type 1 has an invalid length.
[  145.022039][ T7289] netlink: 616 bytes leftover after parsing attributes in process `syz.2.712'.
[  145.033392][ T7290] xt_l2tp: invalid flags combination: 0
[  145.052001][ T7287] xt_l2tp: invalid flags combination: 0
[  145.071195][ T7277] netlink: 'syz.2.712': attribute type 10 has an invalid length.
[  145.087131][ T7277] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  145.137794][ T7277] team0: Failed to send options change via netlink (err -105)
[  145.150312][ T7277] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  145.183096][ T7277] team0: Port device netdevsim0 removed
[  145.205574][ T7277] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  145.216391][ T7277] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  145.228558][ T7277] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  145.239976][ T7301] netlink: 'syz.3.722': attribute type 2 has an invalid length.
[  146.649931][ T1092] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.852255][ T7370] netlink: 'syz.4.749': attribute type 2 has an invalid length.
[  146.902097][ T7374] macvlan3: entered allmulticast mode
[  146.922637][ T7374] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  146.953458][ T7374] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[  147.000965][ T7374] team0: Port device macvlan3 added
[  147.072134][ T7382] __nla_validate_parse: 3 callbacks suppressed
[  147.072158][ T7382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.752'.
[  147.335323][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  147.345612][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  147.360185][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  147.370921][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  147.380957][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  147.397184][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  147.405633][ T7404] netlink: 32 bytes leftover after parsing attributes in process `syz.2.758'.
[  147.433926][ T7404] netlink: 7 bytes leftover after parsing attributes in process `syz.2.758'.
[  147.476002][ T1092] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.519929][ T7400] caif0 speed is unknown, defaulting to 1000
[  147.561060][ T1092] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.657074][ T1092] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.838499][ T7400] chnl_net:caif_netlink_parms(): no params data found
[  147.869943][ T1092] bridge_slave_1: left allmulticast mode
[  147.875922][ T1092] bridge_slave_1: left promiscuous mode
[  147.881731][ T1092] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.895644][ T1092] bridge_slave_0: left allmulticast mode
[  147.901327][ T1092] bridge_slave_0: left promiscuous mode
[  147.915707][ T1092] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.265102][ T1092] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  148.279479][ T1092] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  148.291329][ T1092] bond0 (unregistering): Released all slaves
[  148.408927][ T7400] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.422384][ T7400] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.429681][ T7400] bridge_slave_0: entered allmulticast mode
[  148.439658][ T7400] bridge_slave_0: entered promiscuous mode
[  148.478917][ T7400] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.487330][ T7400] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.495357][ T7400] bridge_slave_1: entered allmulticast mode
[  148.503019][ T7400] bridge_slave_1: entered promiscuous mode
[  148.590255][ T7400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.605397][ T7400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.668321][ T7400] team0: Port device team_slave_0 added
[  148.690549][ T7400] team0: Port device team_slave_1 added
[  148.829262][ T7400] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.836972][ T7400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.867965][ T7400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.890230][ T1092] hsr_slave_0: left promiscuous mode
[  148.896645][ T1092] hsr_slave_1: left promiscuous mode
[  148.907436][ T1092] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  148.915289][ T1092] batman_adv: batadv0: Removing interface: batadv_slave_0
[  148.923405][ T1092] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  148.931269][ T1092] batman_adv: batadv0: Removing interface: batadv_slave_1
[  148.956570][ T1092] veth1_macvtap: left promiscuous mode
[  148.962297][ T1092] veth0_macvtap: left promiscuous mode
[  148.967904][ T1092] veth1_vlan: left promiscuous mode
[  148.974493][ T1092] veth0_vlan: left promiscuous mode
[  149.198022][    C1] Dead loop on virtual device ipvlan1, fix it urgently!
[  149.477010][ T1092] team0 (unregistering): Port device team_slave_1 removed
[  149.503564][ T5113] Bluetooth: hci3: command tx timeout
[  149.526614][ T1092] team0 (unregistering): Port device team_slave_0 removed
[  149.940230][ T7400] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.948853][ T7400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.976971][ T7400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.043196][ T7400] hsr_slave_0: entered promiscuous mode
[  150.049910][ T7400] hsr_slave_1: entered promiscuous mode
[  150.489440][ T7400] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  150.500664][ T7400] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  150.513094][ T7400] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  150.525185][ T7400] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  150.622556][ T7400] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.648910][ T7400] 8021q: adding VLAN 0 to HW filter on device team0
[  150.665024][  T784] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.672244][  T784] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.689579][  T784] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.696857][  T784] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.897242][ T7400] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.949136][ T7400] veth0_vlan: entered promiscuous mode
[  150.965064][ T7400] veth1_vlan: entered promiscuous mode
[  151.004524][ T7400] veth0_macvtap: entered promiscuous mode
[  151.021050][ T7400] veth1_macvtap: entered promiscuous mode
[  151.042935][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.053514][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.063979][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.075059][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.087160][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.097744][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.113397][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.123922][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.135443][ T7400] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.151705][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.162408][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.172614][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.186477][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.197232][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.207862][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.219340][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.231072][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.243821][ T7400] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.258471][ T7400] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.268114][ T7400] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.276905][ T7400] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.288640][ T7400] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.370589][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.389038][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.419995][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.429441][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.581248][ T7427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  152.589428][ T7427] IPv6: NLM_F_CREATE should be set when creating new route
[  152.678357][ T7423] vlan2: entered promiscuous mode
[  152.690250][ T7423] vlan2: entered allmulticast mode
[  153.013885][ T7446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.770'.
[  153.278976][ T7462] netlink: 'syz.1.777': attribute type 4 has an invalid length.
[  153.354433][ T7467] netlink: 32 bytes leftover after parsing attributes in process `syz.2.778'.
[  153.371564][ T7466] netlink: 'syz.1.777': attribute type 4 has an invalid length.
[  153.386303][ T7471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.778'.
[  153.402719][ T7467] IPVS: rr: TCP 172.20.20.170:0 - no destination available
[  153.458421][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.778'.
[  153.477431][ T7471] netlink: 24 bytes leftover after parsing attributes in process `syz.2.778'.
[  153.486691][ T7462] netlink: 'syz.1.777': attribute type 4 has an invalid length.
[  154.058641][ T7496] geneve2: entered promiscuous mode
[  154.083737][ T7496] geneve2: entered allmulticast mode
[  154.823887][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.081234][ T7529] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  155.124921][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  155.136263][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  155.145426][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  155.157045][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  155.172631][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  155.206686][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  155.400380][ T7534] caif0 speed is unknown, defaulting to 1000
[  155.600638][ T7551] netlink: 'syz.4.809': attribute type 1 has an invalid length.
[  155.636219][ T7551] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.809'.
[  155.775451][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'.
[  155.984993][ T7562] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  155.992324][ T7562] IPv6: NLM_F_CREATE should be set when creating new route
[  156.535694][ T7588] netlink: 16 bytes leftover after parsing attributes in process `syz.1.819'.
[  156.641553][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'.
[  156.676788][ T7534] chnl_net:caif_netlink_parms(): no params data found
[  156.697643][ T7588] netlink: 16 bytes leftover after parsing attributes in process `syz.1.819'.
[  156.810257][ T7594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  156.841568][ T7595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  156.894110][ T7597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  156.974721][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.059866][ T7599] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  157.250197][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.271225][ T5113] Bluetooth: hci3: command tx timeout
[  157.380509][ T7534] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.394242][ T7534] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.402142][ T7534] bridge_slave_0: entered allmulticast mode
[  157.423545][ T7534] bridge_slave_0: entered promiscuous mode
[  157.438857][ T7534] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.452171][ T7534] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.459655][ T7534] bridge_slave_1: entered allmulticast mode
[  157.468275][ T7534] bridge_slave_1: entered promiscuous mode
[  157.566478][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.805868][ T7534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.878397][ T7534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.049524][ T7534] team0: Port device team_slave_0 added
[  158.156548][ T7534] team0: Port device team_slave_1 added
[  158.371221][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.387494][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.419315][ T7534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.595635][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.613326][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.653651][ T7534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.745200][ T7635] FAULT_INJECTION: forcing a failure.
[  158.745200][ T7635] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.771944][ T7635] CPU: 1 PID: 7635 Comm: syz.4.837 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  158.781998][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  158.792185][ T7635] Call Trace:
[  158.795485][ T7635]  <TASK>
[  158.798424][ T7635]  dump_stack_lvl+0x241/0x360
[  158.803126][ T7635]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.808334][ T7635]  ? __pfx__printk+0x10/0x10
[  158.812946][ T7635]  ? __pfx_lock_release+0x10/0x10
[  158.818010][ T7635]  should_fail_ex+0x3b0/0x4e0
[  158.822804][ T7635]  _copy_from_user+0x2f/0xe0
[  158.827427][ T7635]  br_ioctl_stub+0x184/0xb00
[  158.832126][ T7635]  ? __mutex_lock+0x527/0xd70
[  158.836818][ T7635]  ? __pfx_br_ioctl_stub+0x10/0x10
[  158.841947][ T7635]  ? sock_ioctl+0x5c6/0x8e0
[  158.846459][ T7635]  ? __pfx___mutex_lock+0x10/0x10
[  158.851544][ T7635]  ? __pfx_br_ioctl_stub+0x10/0x10
[  158.856668][ T7635]  sock_ioctl+0x5ee/0x8e0
[  158.861014][ T7635]  ? __pfx_sock_ioctl+0x10/0x10
[  158.865885][ T7635]  ? __fget_files+0x29/0x470
[  158.870675][ T7635]  ? __fget_files+0x3f6/0x470
[  158.875372][ T7635]  ? __fget_files+0x29/0x470
[  158.880016][ T7635]  ? bpf_lsm_file_ioctl+0x9/0x10
[  158.884972][ T7635]  ? security_file_ioctl+0x87/0xb0
[  158.890109][ T7635]  ? __pfx_sock_ioctl+0x10/0x10
[  158.894976][ T7635]  __se_sys_ioctl+0xfc/0x170
[  158.899604][ T7635]  do_syscall_64+0xf3/0x230
[  158.904123][ T7635]  ? clear_bhb_loop+0x35/0x90
[  158.908817][ T7635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.914730][ T7635] RIP: 0033:0x7faa77175bd9
[  158.919161][ T7635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.938890][ T7635] RSP: 002b:00007faa77fbf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  158.947334][ T7635] RAX: ffffffffffffffda RBX: 00007faa77303f60 RCX: 00007faa77175bd9
[  158.955326][ T7635] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007
[  158.963310][ T7635] RBP: 00007faa77fbf0a0 R08: 0000000000000000 R09: 0000000000000000
[  158.971294][ T7635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.979279][ T7635] R13: 000000000000000b R14: 00007faa77303f60 R15: 00007ffc3c756728
[  158.987459][ T7635]  </TASK>
[  159.060436][   T11] bridge_slave_1: left allmulticast mode
[  159.071994][   T11] bridge_slave_1: left promiscuous mode
[  159.078936][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.113565][   T11] bridge_slave_0: left allmulticast mode
[  159.119274][   T11] bridge_slave_0: left promiscuous mode
[  159.143307][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.343901][ T5113] Bluetooth: hci3: command tx timeout
[  159.358682][ T7646] netlink: 'syz.4.840': attribute type 3 has an invalid length.
[  159.368471][ T7646] netlink: 'syz.4.840': attribute type 3 has an invalid length.
[  159.838103][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.858923][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.880466][   T11] bond0 (unregistering): Released all slaves
[  159.922299][ T7637] __nla_validate_parse: 2 callbacks suppressed
[  159.922321][ T7637] netlink: 72 bytes leftover after parsing attributes in process `syz.1.838'.
[  160.167374][ T7534] hsr_slave_0: entered promiscuous mode
[  160.224595][ T7534] hsr_slave_1: entered promiscuous mode
[  160.246089][ T7534] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.258318][ T7534] Cannot create hsr debugfs directory
[  160.468263][ T7668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.849'.
[  160.810455][ T7674] trusted_key: syz.4.851 sent an empty control message without MSG_MORE.
[  160.838085][ T7680] netlink: 'syz.3.852': attribute type 10 has an invalid length.
[  160.874782][ T7680] team0: Port device netdevsim0 added
[  160.913698][ T7677] netlink: 'syz.3.852': attribute type 10 has an invalid length.
[  160.963600][ T7677] team0: Port device netdevsim0 removed
[  160.990424][ T7677] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  161.328826][   T11] hsr_slave_0: left promiscuous mode
[  161.361710][   T11] hsr_slave_1: left promiscuous mode
[  161.383776][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.391272][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.415548][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.421974][ T5113] Bluetooth: hci3: command tx timeout
[  161.453218][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.517020][   T11] veth1_macvtap: left promiscuous mode
[  161.540481][ T7700] netlink: 256 bytes leftover after parsing attributes in process `syz.1.857'.
[  161.543228][   T11] veth0_macvtap: left promiscuous mode
[  161.567946][   T11] veth1_vlan: left promiscuous mode
[  161.573595][   T11] veth0_vlan: left promiscuous mode
[  162.197246][   T11] team0 (unregistering): Port device team_slave_1 removed
[  162.254893][   T11] team0 (unregistering): Port device team_slave_0 removed
[  162.721240][ T7700] netlink: 24 bytes leftover after parsing attributes in process `syz.1.857'.
[  162.825548][ T7707] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  162.907338][ T7711] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  163.502383][ T5113] Bluetooth: hci3: command tx timeout
[  163.622842][ T7534] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  163.642369][ T7534] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  163.676343][ T7534] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  163.714635][ T7748] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  163.722140][ T7534] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  163.950889][ T7750] netlink: 'syz.2.876': attribute type 4 has an invalid length.
[  164.207301][ T7534] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.264726][ T7534] 8021q: adding VLAN 0 to HW filter on device team0
[  164.301504][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.308768][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.355551][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.362885][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.481387][ T7766] ieee802154 phy0 wpan0: encryption failed: -90
[  164.496295][ T7775] FAULT_INJECTION: forcing a failure.
[  164.496295][ T7775] name failslab, interval 1, probability 0, space 0, times 0
[  164.542780][ T7775] CPU: 1 PID: 7775 Comm: syz.2.886 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  164.552845][ T7775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  164.562939][ T7775] Call Trace:
[  164.566242][ T7775]  <TASK>
[  164.569181][ T7775]  dump_stack_lvl+0x241/0x360
[  164.573910][ T7775]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.579166][ T7775]  ? __pfx__printk+0x10/0x10
[  164.583825][ T7775]  should_fail_ex+0x3b0/0x4e0
[  164.588586][ T7775]  ? __alloc_skb+0x1c3/0x440
[  164.593226][ T7775]  should_failslab+0x9/0x20
[  164.597870][ T7775]  kmem_cache_alloc_node_noprof+0x71/0x320
[  164.603741][ T7775]  __alloc_skb+0x1c3/0x440
[  164.608203][ T7775]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  164.614579][ T7775]  ? __pfx___alloc_skb+0x10/0x10
[  164.619579][ T7775]  ? __pfx_lockdep_hardirqs_on+0x10/0x10
[  164.625279][ T7775]  inet_netconf_notify_devconf+0x15a/0x220
[  164.631135][ T7775]  inetdev_event+0x839/0x15c0
[  164.635847][ T7775]  ? __pfx_inetdev_event+0x10/0x10
[  164.640981][ T7775]  ? cfg802154_netdev_notifier_call+0xde/0x8f0
[  164.647167][ T7775]  notifier_call_chain+0x19f/0x3e0
[  164.652347][ T7775]  unregister_netdevice_many_notify+0xdc8/0x1d20
[  164.658714][ T7775]  ? mark_lock+0x9a/0x350
[  164.663072][ T7775]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  164.669857][ T7775]  ? call_rcu+0x738/0xa70
[  164.674200][ T7775]  ? lockdep_hardirqs_on+0x99/0x150
[  164.679439][ T7775]  unregister_netdevice_queue+0x303/0x370
[  164.685181][ T7775]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  164.691442][ T7775]  ? br_dev_delete+0xda/0x100
[  164.696136][ T7775]  br_del_bridge+0xb8/0xf0
[  164.700567][ T7775]  br_ioctl_stub+0x48d/0xb00
[  164.705184][ T7775]  ? __pfx_br_ioctl_stub+0x10/0x10
[  164.710307][ T7775]  ? sock_ioctl+0x5c6/0x8e0
[  164.714988][ T7775]  ? __pfx___mutex_lock+0x10/0x10
[  164.720096][ T7775]  ? __pfx_br_ioctl_stub+0x10/0x10
[  164.725246][ T7775]  sock_ioctl+0x5ee/0x8e0
[  164.729598][ T7775]  ? __pfx_sock_ioctl+0x10/0x10
[  164.734461][ T7775]  ? __fget_files+0x29/0x470
[  164.739071][ T7775]  ? __fget_files+0x3f6/0x470
[  164.743775][ T7775]  ? __fget_files+0x29/0x470
[  164.748400][ T7775]  ? bpf_lsm_file_ioctl+0x9/0x10
[  164.753480][ T7775]  ? security_file_ioctl+0x87/0xb0
[  164.758704][ T7775]  ? __pfx_sock_ioctl+0x10/0x10
[  164.763568][ T7775]  __se_sys_ioctl+0xfc/0x170
[  164.768265][ T7775]  do_syscall_64+0xf3/0x230
[  164.772780][ T7775]  ? clear_bhb_loop+0x35/0x90
[  164.777471][ T7775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.783377][ T7775] RIP: 0033:0x7fd50cf75bd9
[  164.787803][ T7775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.807539][ T7775] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.816009][ T7775] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9
[  164.824081][ T7775] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007
[  164.832063][ T7775] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000
[  164.840061][ T7775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.848053][ T7775] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988
[  164.856064][ T7775]  </TASK>
[  165.294081][ T7794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'.
[  165.410494][ T7794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'.
[  165.726345][ T7794] syzkaller0: entered promiscuous mode
[  165.737636][ T7794] syzkaller0: entered allmulticast mode
[  166.222944][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'.
[  168.737748][    C0] vcan0: j1939_tp_rxtimer: 0xffff888029462400: rx timeout, send abort
[  168.951947][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.899'.
[  169.056824][ T7534] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.098497][ T7825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  169.146871][ T7825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  169.226376][ T7534] veth0_vlan: entered promiscuous mode
[  169.246884][    C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff888029462400: abort rx timeout. Force session deactivation
[  169.249186][ T7534] veth1_vlan: entered promiscuous mode
[  169.385674][ T7534] veth0_macvtap: entered promiscuous mode
[  169.419282][ T7534] veth1_macvtap: entered promiscuous mode
[  169.478510][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.499237][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.499333][ T7843] netlink: 264 bytes leftover after parsing attributes in process `syz.4.908'.
[  169.515421][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.543851][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.558786][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.574329][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.596117][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.615108][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.638750][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.648178][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.910'.
[  169.695547][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.721064][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.744704][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.769389][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.792187][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.808224][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.821666][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.834398][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.867656][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_1
[  169.898804][ T7534] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.922938][ T7534] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.931707][ T7534] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.952279][ T7534] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.244496][ T2865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.275814][ T2865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.356799][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.371209][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.658675][ T7891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.923'.
[  170.814024][ T7896] netlink: 48 bytes leftover after parsing attributes in process `syz.4.926'.
[  171.235667][ T7916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'.
[  171.544749][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.943'.
[  171.570182][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.943'.
[  172.037233][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.600987][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'.
[  172.867373][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  172.885868][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  172.907100][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  172.927266][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  172.952293][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  172.976262][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  173.001907][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  173.040196][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  173.070218][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  173.071423][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length.
[  173.088348][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  173.100883][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  173.114615][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  173.127710][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  173.136419][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  173.247943][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.271499][ T7981] bridge0: port 1(macsec0) entered blocking state
[  173.278752][ T7981] bridge0: port 1(macsec0) entered disabled state
[  173.285739][ T7981] macsec0: entered allmulticast mode
[  173.291186][ T7981] veth1_macvtap: entered allmulticast mode
[  173.306553][ T7981] macsec0: entered promiscuous mode
[  173.315124][ T7981] bridge0: port 1(macsec0) entered blocking state
[  173.323148][ T7981] bridge0: port 1(macsec0) entered forwarding state
[  173.336667][ T7975] netlink: 'syz.3.958': attribute type 10 has an invalid length.
[  173.397156][ T7975] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  173.460860][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.527896][ T7986] caif0 speed is unknown, defaulting to 1000
[  173.598270][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.706574][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.962'.
[  174.037470][   T35] bridge_slave_1: left allmulticast mode
[  174.053743][   T35] bridge_slave_1: left promiscuous mode
[  174.059594][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.087633][   T35] bridge_slave_0: left allmulticast mode
[  174.099033][   T35] bridge_slave_0: left promiscuous mode
[  174.106363][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.356943][ T8031] xt_TCPMSS: Only works on TCP SYN packets
[  174.691239][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.705263][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.716665][   T35] bond0 (unregistering): Released all slaves
[  174.841448][ T8042] netlink: 48 bytes leftover after parsing attributes in process `syz.4.973'.
[  175.182367][ T5113] Bluetooth: hci3: command tx timeout
[  175.411488][ T7986] chnl_net:caif_netlink_parms(): no params data found
[  175.571256][ T8074] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  175.643168][ T8077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.985'.
[  175.838882][ T8087] netlink: 28 bytes leftover after parsing attributes in process `syz.3.987'.
[  175.872962][ T8077] netlink: 32 bytes leftover after parsing attributes in process `syz.4.985'.
[  175.931352][   T35] hsr_slave_0: left promiscuous mode
[  175.949670][   T35] hsr_slave_1: left promiscuous mode
[  176.004445][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  176.014599][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.037576][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  176.045276][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.082937][   T35] veth1_macvtap: left promiscuous mode
[  176.088665][   T35] veth0_macvtap: left promiscuous mode
[  176.094553][   T35] veth1_vlan: left promiscuous mode
[  176.100115][   T35] veth0_vlan: left promiscuous mode
[  176.674034][   T35] team0 (unregistering): Port device team_slave_1 removed
[  176.723489][   T35] team0 (unregistering): Port device team_slave_0 removed
[  177.180776][ T8095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.990'.
[  177.262866][ T5113] Bluetooth: hci3: command tx timeout
[  177.317996][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.340300][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.359640][ T7986] bridge_slave_0: entered allmulticast mode
[  177.396595][ T7986] bridge_slave_0: entered promiscuous mode
[  177.429859][ T7986] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.451115][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.459526][ T7986] bridge_slave_1: entered allmulticast mode
[  177.472466][ T7986] bridge_slave_1: entered promiscuous mode
[  177.488453][ T8112] sctp: [Deprecated]: syz.3.996 (pid 8112) Use of struct sctp_assoc_value in delayed_ack socket option.
[  177.488453][ T8112] Use struct sctp_sack_info instead
[  177.551317][ T8119] sctp: [Deprecated]: syz.3.996 (pid 8119) Use of struct sctp_assoc_value in delayed_ack socket option.
[  177.551317][ T8119] Use struct sctp_sack_info instead
[  177.618654][ T7986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.655032][ T7986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.699872][ T8112] netlink: 24 bytes leftover after parsing attributes in process `syz.3.996'.
[  177.709637][ T8125] sctp: [Deprecated]: syz.2.998 (pid 8125) Use of struct sctp_assoc_value in delayed_ack socket option.
[  177.709637][ T8125] Use struct sctp_sack_info instead
[  177.785796][ T7986] team0: Port device team_slave_0 added
[  177.815221][ T7986] team0: Port device team_slave_1 added
[  177.921629][ T8131] bond0: option arp_all_targets: invalid value (3)
[  177.944439][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.971908][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.032753][ T7986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  178.085311][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  178.098834][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.154918][ T7986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  178.435034][ T7986] hsr_slave_0: entered promiscuous mode
[  178.449575][ T7986] hsr_slave_1: entered promiscuous mode
[  178.517189][ T8159] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1014'.
[  178.795379][ T8173] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1019'.
[  178.918453][ T8175] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1021'.
[  179.219820][ T8189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1024'.
[  179.242185][ T8189] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.251066][ T8189] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.265966][ T8189] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.276262][ T8189] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.344502][ T5113] Bluetooth: hci3: command tx timeout
[  179.386118][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1024'.
[  179.418925][ T8197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1029'.
[  179.469380][ T8197] vlan2: entered promiscuous mode
[  179.480301][ T8197] batadv0: entered promiscuous mode
[  179.492461][ T8197] vlan2: entered allmulticast mode
[  179.498025][ T8197] batadv0: entered allmulticast mode
[  179.508189][ T8197] batadv0: left allmulticast mode
[  179.515308][ T8197] batadv0: left promiscuous mode
[  179.548130][ T8206] validate_nla: 1 callbacks suppressed
[  179.548154][ T8206] netlink: 'syz.3.1031': attribute type 29 has an invalid length.
[  179.590253][ T8205] netlink: 'syz.3.1031': attribute type 1 has an invalid length.
[  179.646852][ T8206] netlink: 'syz.3.1031': attribute type 29 has an invalid length.
[  180.169222][ T7986] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  180.201353][ T8230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  180.219357][ T8234] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  180.232771][ T7986] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  180.338755][ T7986] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  180.361550][ T7986] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  180.738882][ T7986] 8021q: adding VLAN 0 to HW filter on device bond0
[  180.827994][ T7986] 8021q: adding VLAN 0 to HW filter on device team0
[  180.855350][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.862618][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  180.910537][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.917874][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.961188][ T8258] __nla_validate_parse: 2 callbacks suppressed
[  180.961211][ T8258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1049'.
[  181.002062][ T8258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1049'.
[  181.130471][ T8265] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  181.333797][ T8267] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.341030][ T8267] bridge0: port 1(bridge_slave_0) entered forwarding state
[  181.425321][ T5113] Bluetooth: hci3: command tx timeout
[  181.447211][ T8268] pim6reg1: entered promiscuous mode
[  181.453259][ T8268] pim6reg1: entered allmulticast mode
[  181.487352][ T8286] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1059'.
[  181.524683][ T8286] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  181.752511][ T7986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.018944][ T7986] veth0_vlan: entered promiscuous mode
[  182.068788][ T7986] veth1_vlan: entered promiscuous mode
[  182.081348][ T8308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1066'.
[  182.110992][ T8312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1066'.
[  182.168596][ T7986] veth0_macvtap: entered promiscuous mode
[  182.204173][ T7986] veth1_macvtap: entered promiscuous mode
[  182.252924][ T8317] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  182.262971][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  182.278876][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.290666][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  182.305138][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.317077][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  182.328113][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.342193][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  182.365515][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  182.383095][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.394188][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  182.405177][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.415977][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  182.429528][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  182.442458][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  182.471200][ T8319] netlink: 'syz.3.1069': attribute type 15 has an invalid length.
[  182.481312][ T7986] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.496572][ T7986] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.507398][ T7986] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.522180][ T7986] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.834101][ T3990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  182.855621][ T3990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  182.903718][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  182.951113][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  183.043794][ T8343] sctp: [Deprecated]: syz.1.1079 (pid 8343) Use of struct sctp_assoc_value in delayed_ack socket option.
[  183.043794][ T8343] Use struct sctp_sack_info instead
[  183.250848][ T8345] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1078'.
[  183.264575][ T8345] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1078'.
[  183.363019][ T8352] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  183.469024][ T8361] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1085'.
[  183.549939][ T8362] netlink: 'syz.2.1085': attribute type 1 has an invalid length.
[  183.568305][ T8362] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.1085'.
[  183.636762][ T8370] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1089'.
[  184.134224][ T8395] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  185.657237][   T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.578529][   T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.760786][   T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.801599][ T8497] __nla_validate_parse: 10 callbacks suppressed
[  186.801623][ T8497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'.
[  186.823064][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  186.829415][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1136'.
[  186.833929][ T8497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'.
[  186.858813][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  186.870300][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  186.886429][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  186.896497][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  186.904795][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  186.920986][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1136'.
[  187.025315][   T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.093507][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1136'.
[  187.179650][ T8509] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1137'.
[  187.309168][ T8503] caif0 speed is unknown, defaulting to 1000
[  187.345231][   T51] bridge_slave_1: left allmulticast mode
[  187.382267][   T51] bridge_slave_1: left promiscuous mode
[  187.388392][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.445030][   T51] bridge_slave_0: left allmulticast mode
[  187.450843][   T51] bridge_slave_0: left promiscuous mode
[  187.474265][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.503597][ T8523] xt_TCPMSS: Only works on TCP SYN packets
[  188.131949][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  188.148060][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  188.159608][   T51] bond0 (unregistering): Released all slaves
[  188.736094][ T8563] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  188.946292][ T5113] Bluetooth: hci3: command tx timeout
[  188.966619][ T8563] caif0 speed is unknown, defaulting to 1000
[  189.248424][ T8503] chnl_net:caif_netlink_parms(): no params data found
[  189.456733][   T51] hsr_slave_0: left promiscuous mode
[  189.485636][   T51] hsr_slave_1: left promiscuous mode
[  189.521186][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.528858][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.546933][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.558905][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  189.612142][   T51] veth1_macvtap: left promiscuous mode
[  189.617760][   T51] veth0_macvtap: left promiscuous mode
[  189.633705][   T51] veth1_vlan: left promiscuous mode
[  189.639560][   T51] veth0_vlan: left promiscuous mode
[  190.179911][   T51] team0 (unregistering): Port device team_slave_1 removed
[  190.236522][   T51] team0 (unregistering): Port device team_slave_0 removed
[  190.895071][ T8599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1163'.
[  191.021940][ T5113] Bluetooth: hci3: command tx timeout
[  191.145992][ T8503] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.168636][ T8503] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.192049][ T8503] bridge_slave_0: entered allmulticast mode
[  191.199753][ T8503] bridge_slave_0: entered promiscuous mode
[  191.226674][ T8503] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.234497][ T8503] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.241716][ T8503] bridge_slave_1: entered allmulticast mode
[  191.250019][ T8503] bridge_slave_1: entered promiscuous mode
[  191.261729][ T8619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  191.621681][ T8503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.623201][ T8633] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002
[  191.668170][ T8503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  191.841306][ T8503] team0: Port device team_slave_0 added
[  191.859720][ T8503] team0: Port device team_slave_1 added
[  192.017162][ T8503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  192.029757][ T8650] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.1179'.
[  192.030327][ T8503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.119881][ T8503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  192.160092][ T8503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  192.197242][ T8503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.249870][ T8503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.275148][ T8658] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  192.380947][ T8503] hsr_slave_0: entered promiscuous mode
[  192.388056][ T8503] hsr_slave_1: entered promiscuous mode
[  192.400629][ T8663] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  192.502328][ T8663] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  192.532070][ T8666] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1186'.
[  193.103997][ T5113] Bluetooth: hci3: command tx timeout
[  193.324383][ T8503] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  193.345822][ T8503] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  193.367861][ T8503] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  193.385793][ T8503] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  193.614810][ T8503] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.688586][ T8503] 8021q: adding VLAN 0 to HW filter on device team0
[  193.729989][ T8681] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  193.803961][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.811201][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.879325][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.886594][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.020243][ T8716] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1204'.
[  194.140491][ T8721] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1204'.
[  194.551246][ T8503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.632591][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  194.641103][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  194.741578][ T8503] veth0_vlan: entered promiscuous mode
[  194.793420][ T8503] veth1_vlan: entered promiscuous mode
[  194.946881][ T8503] veth0_macvtap: entered promiscuous mode
[  194.982318][ T8503] veth1_macvtap: entered promiscuous mode
[  195.035913][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.062511][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.098812][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.122002][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.142360][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.157887][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.176234][ T8503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  195.182773][ T5113] Bluetooth: hci3: command tx timeout
[  195.260898][ T8758] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1218'.
[  195.279399][ T8762] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) !
[  195.334836][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.367327][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.378481][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.393169][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.405680][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  195.419355][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.434772][ T8503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  195.456789][ T8503] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  195.470575][ T8503] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  195.480334][ T8503] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  195.491283][ T8503] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  195.697995][ T8782] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  195.719900][ T8780] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  195.892078][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.903882][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.002001][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.010051][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.053529][ T8795] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1230'.
[  196.756230][ T8836] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  197.081518][ T8855] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  197.320209][ T8865] caif0 speed is unknown, defaulting to 1000
[  197.600800][ T8877] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1261'.
[  197.846530][ T8889] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  198.111071][ T8905] ip6t_srh: unknown srh match flags  5294
[  198.203840][ T8902] syzkaller0: entered promiscuous mode
[  198.209694][ T8902] syzkaller0: entered allmulticast mode
[  198.859401][ T2820] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.545666][ T8934] batadv0: entered promiscuous mode
[  199.909696][ T2820] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.005974][ T8955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1291'.
[  200.027406][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  200.037777][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  200.052251][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  200.082050][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  200.097890][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  200.105589][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  200.204603][ T2820] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.209331][ T8971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1298'.
[  200.247601][ T8973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1298'.
[  200.371482][ T8976] FAULT_INJECTION: forcing a failure.
[  200.371482][ T8976] name failslab, interval 1, probability 0, space 0, times 0
[  200.394647][ T8976] CPU: 0 PID: 8976 Comm: syz.3.1297 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  200.404772][ T8976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  200.414847][ T8976] Call Trace:
[  200.418136][ T8976]  <TASK>
[  200.421076][ T8976]  dump_stack_lvl+0x241/0x360
[  200.425791][ T8976]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.431002][ T8976]  ? __pfx__printk+0x10/0x10
[  200.435885][ T8976]  ? __pfx___might_resched+0x10/0x10
[  200.441183][ T8976]  ? up_write+0x1a9/0x590
[  200.445534][ T8976]  ? do_raw_spin_unlock+0x13c/0x8b0
[  200.450961][ T8976]  should_fail_ex+0x3b0/0x4e0
[  200.455696][ T8976]  ? kobject_uevent_env+0x28b/0x8e0
[  200.460925][ T8976]  should_failslab+0x9/0x20
[  200.465461][ T8976]  kmalloc_trace_noprof+0x6c/0x2c0
[  200.470720][ T8976]  kobject_uevent_env+0x28b/0x8e0
[  200.475770][ T8976]  ? sysfs_remove_group+0x242/0x2c0
[  200.481191][ T8976]  __kobject_del+0xd3/0x310
[  200.485716][ T8976]  ? kobject_put+0x23d/0x480
[  200.490341][ T8976]  kobject_put+0x245/0x480
[  200.494790][ T8976]  net_rx_queue_update_kobjects+0x52b/0x5b0
[  200.500727][ T8976]  netdev_unregister_kobject+0x104/0x250
[  200.506385][ T8976]  unregister_netdevice_many_notify+0x17d3/0x1d20
[  200.512850][ T8976]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  200.519635][ T8976]  ? call_rcu+0x738/0xa70
[  200.523980][ T8976]  ? lockdep_hardirqs_on+0x99/0x150
[  200.529223][ T8976]  unregister_netdevice_queue+0x303/0x370
[  200.534984][ T8976]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  200.541332][ T8976]  ? br_dev_delete+0xda/0x100
[  200.546029][ T8976]  br_del_bridge+0xb8/0xf0
[  200.550462][ T8976]  br_ioctl_stub+0x48d/0xb00
[  200.555077][ T8976]  ? __mutex_lock+0x527/0xd70
[  200.559771][ T8976]  ? __pfx_br_ioctl_stub+0x10/0x10
[  200.564899][ T8976]  ? sock_ioctl+0x5c6/0x8e0
[  200.569411][ T8976]  ? __pfx___mutex_lock+0x10/0x10
[  200.574465][ T8976]  ? __pfx_br_ioctl_stub+0x10/0x10
[  200.579606][ T8976]  sock_ioctl+0x5ee/0x8e0
[  200.583948][ T8976]  ? __pfx_sock_ioctl+0x10/0x10
[  200.588806][ T8976]  ? __fget_files+0x29/0x470
[  200.593417][ T8976]  ? __fget_files+0x3f6/0x470
[  200.598284][ T8976]  ? __fget_files+0x29/0x470
[  200.602898][ T8976]  ? bpf_lsm_file_ioctl+0x9/0x10
[  200.607849][ T8976]  ? security_file_ioctl+0x87/0xb0
[  200.612974][ T8976]  ? __pfx_sock_ioctl+0x10/0x10
[  200.617863][ T8976]  __se_sys_ioctl+0xfc/0x170
[  200.622489][ T8976]  do_syscall_64+0xf3/0x230
[  200.627019][ T8976]  ? clear_bhb_loop+0x35/0x90
[  200.631822][ T8976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.637757][ T8976] RIP: 0033:0x7ff024b75bd9
[  200.642198][ T8976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.661842][ T8976] RSP: 002b:00007ff0259ee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.670275][ T8976] RAX: ffffffffffffffda RBX: 00007ff024d04038 RCX: 00007ff024b75bd9
[  200.678350][ T8976] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007
[  200.686336][ T8976] RBP: 00007ff0259ee0a0 R08: 0000000000000000 R09: 0000000000000000
[  200.694328][ T8976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  200.702307][ T8976] R13: 000000000000006e R14: 00007ff024d04038 R15: 00007ffe39547838
[  200.710304][ T8976]  </TASK>
[  200.860716][ T2820] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.890777][ T8954] caif0 speed is unknown, defaulting to 1000
[  201.163892][ T2820] bridge_slave_1: left allmulticast mode
[  201.182489][ T2820] bridge_slave_1: left promiscuous mode
[  201.188566][ T2820] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.246294][ T2820] bridge_slave_0: left allmulticast mode
[  201.261212][ T2820] bridge_slave_0: left promiscuous mode
[  201.277597][ T2820] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.789343][ T2820] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.801418][ T2820] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.816329][ T2820] bond0 (unregistering): Released all slaves
[  201.822599][ T5102] Bluetooth: hci2: command 0x0406 tx timeout
[  201.822788][ T5102] Bluetooth: hci1: command 0x0406 tx timeout
[  201.832129][ T5102] Bluetooth: hci0: command 0x0406 tx timeout
[  202.146652][ T5108] Bluetooth: hci3: command tx timeout
[  202.337718][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'.
[  202.466116][ T9039] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  202.649031][ T9045] FAULT_INJECTION: forcing a failure.
[  202.649031][ T9045] name failslab, interval 1, probability 0, space 0, times 0
[  202.671753][ T9045] CPU: 1 PID: 9045 Comm: syz.2.1321 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  202.681892][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  202.692091][ T9045] Call Trace:
[  202.695402][ T9045]  <TASK>
[  202.698354][ T9045]  dump_stack_lvl+0x241/0x360
[  202.703056][ T9045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.708271][ T9045]  ? __pfx__printk+0x10/0x10
[  202.712886][ T9045]  ? __pfx___might_resched+0x10/0x10
[  202.718197][ T9045]  should_fail_ex+0x3b0/0x4e0
[  202.722900][ T9045]  ? kobject_get_path+0xb8/0x230
[  202.728023][ T9045]  should_failslab+0x9/0x20
[  202.732561][ T9045]  __kmalloc_noprof+0xd8/0x400
[  202.737370][ T9045]  kobject_get_path+0xb8/0x230
[  202.742351][ T9045]  kobject_uevent_env+0x2a5/0x8e0
[  202.747388][ T9045]  ? sysfs_remove_group+0x242/0x2c0
[  202.752812][ T9045]  __kobject_del+0xd3/0x310
[  202.757322][ T9045]  ? kobject_put+0x23d/0x480
[  202.761925][ T9045]  kobject_put+0x245/0x480
[  202.766356][ T9045]  net_rx_queue_update_kobjects+0x52b/0x5b0
[  202.772361][ T9045]  netdev_unregister_kobject+0x104/0x250
[  202.778017][ T9045]  unregister_netdevice_many_notify+0x17d3/0x1d20
[  202.784477][ T9045]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  202.791269][ T9045]  ? call_rcu+0x738/0xa70
[  202.795639][ T9045]  ? lockdep_hardirqs_on+0x99/0x150
[  202.800886][ T9045]  unregister_netdevice_queue+0x303/0x370
[  202.806631][ T9045]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  202.812931][ T9045]  ? br_dev_delete+0xda/0x100
[  202.817654][ T9045]  br_del_bridge+0xb8/0xf0
[  202.822091][ T9045]  br_ioctl_stub+0x48d/0xb00
[  202.826706][ T9045]  ? __pfx_br_ioctl_stub+0x10/0x10
[  202.831839][ T9045]  ? sock_ioctl+0x5c6/0x8e0
[  202.836369][ T9045]  ? __pfx___mutex_lock+0x10/0x10
[  202.841452][ T9045]  ? __pfx_br_ioctl_stub+0x10/0x10
[  202.846585][ T9045]  sock_ioctl+0x5ee/0x8e0
[  202.850929][ T9045]  ? __pfx_sock_ioctl+0x10/0x10
[  202.855796][ T9045]  ? __fget_files+0x29/0x470
[  202.860411][ T9045]  ? __fget_files+0x3f6/0x470
[  202.865103][ T9045]  ? __fget_files+0x29/0x470
[  202.869713][ T9045]  ? bpf_lsm_file_ioctl+0x9/0x10
[  202.874666][ T9045]  ? security_file_ioctl+0x87/0xb0
[  202.879992][ T9045]  ? __pfx_sock_ioctl+0x10/0x10
[  202.884865][ T9045]  __se_sys_ioctl+0xfc/0x170
[  202.889475][ T9045]  do_syscall_64+0xf3/0x230
[  202.893995][ T9045]  ? clear_bhb_loop+0x35/0x90
[  202.898690][ T9045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.904594][ T9045] RIP: 0033:0x7fd50cf75bd9
[  202.909018][ T9045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.928748][ T9045] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.937200][ T9045] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9
[  202.945193][ T9045] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007
[  202.953383][ T9045] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000
[  202.961460][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  202.969532][ T9045] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988
[  202.977532][ T9045]  </TASK>
[  203.237665][ T2820] hsr_slave_0: left promiscuous mode
[  203.259480][ T9063] xt_CT: You must specify a L4 protocol and not use inversions on it
[  203.286976][ T2820] hsr_slave_1: left promiscuous mode
[  203.316639][ T2820] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.337064][ T2820] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.355850][ T2820] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.372531][ T2820] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.409668][ T2820] veth1_macvtap: left promiscuous mode
[  203.422861][ T2820] veth0_macvtap: left promiscuous mode
[  203.429442][ T2820] veth1_vlan: left promiscuous mode
[  203.441080][ T2820] veth0_vlan: left promiscuous mode
[  203.992065][ T2820] team0 (unregistering): Port device team_slave_1 removed
[  204.037545][ T2820] team0 (unregistering): Port device team_slave_0 removed
[  204.222060][ T5108] Bluetooth: hci3: command tx timeout
[  204.960926][ T8954] chnl_net:caif_netlink_parms(): no params data found
[  205.119937][ T9099] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1338'.
[  205.134158][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1337'.
[  205.579981][ T9114] xt_CT: You must specify a L4 protocol and not use inversions on it
[  205.629465][ T9129] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  205.659640][ T8954] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.672182][ T8954] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.680534][ T8954] bridge_slave_0: entered allmulticast mode
[  205.688924][ T8954] bridge_slave_0: entered promiscuous mode
[  205.745424][ T9127] FAULT_INJECTION: forcing a failure.
[  205.745424][ T9127] name failslab, interval 1, probability 0, space 0, times 0
[  205.768424][ T9127] CPU: 0 PID: 9127 Comm: syz.3.1346 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  205.778576][ T9127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  205.788675][ T9127] Call Trace:
[  205.791986][ T9127]  <TASK>
[  205.794965][ T9127]  dump_stack_lvl+0x241/0x360
[  205.799681][ T9127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.804914][ T9127]  ? __pfx__printk+0x10/0x10
[  205.809549][ T9127]  ? br_del_bridge+0xb8/0xf0
[  205.814180][ T9127]  ? vsnprintf+0x948/0x1da0
[  205.818815][ T9127]  should_fail_ex+0x3b0/0x4e0
[  205.823537][ T9127]  ? __alloc_skb+0x1c3/0x440
[  205.828180][ T9127]  should_failslab+0x9/0x20
[  205.832742][ T9127]  kmem_cache_alloc_node_noprof+0x71/0x320
[  205.838611][ T9127]  __alloc_skb+0x1c3/0x440
[  205.843080][ T9127]  ? __pfx___alloc_skb+0x10/0x10
[  205.848078][ T9127]  alloc_uevent_skb+0x74/0x230
[  205.852887][ T9127]  ? __pfx_rx_queue_namespace+0x10/0x10
[  205.858469][ T9127]  kobject_uevent_net_broadcast+0x182/0x580
[  205.864432][ T9127]  kobject_uevent_env+0x57d/0x8e0
[  205.869524][ T9127]  __kobject_del+0xd3/0x310
[  205.874075][ T9127]  ? kobject_put+0x23d/0x480
[  205.878714][ T9127]  kobject_put+0x245/0x480
[  205.883184][ T9127]  net_rx_queue_update_kobjects+0x52b/0x5b0
[  205.889130][ T9127]  netdev_unregister_kobject+0x104/0x250
[  205.894816][ T9127]  unregister_netdevice_many_notify+0x17d3/0x1d20
[  205.901301][ T9127]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  205.908124][ T9127]  ? call_rcu+0x738/0xa70
[  205.912507][ T9127]  ? lockdep_hardirqs_on+0x99/0x150
[  205.917789][ T9127]  unregister_netdevice_queue+0x303/0x370
[  205.923567][ T9127]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  205.929871][ T9127]  ? br_dev_delete+0xda/0x100
[  205.934608][ T9127]  br_del_bridge+0xb8/0xf0
[  205.940018][ T9127]  br_ioctl_stub+0x48d/0xb00
[  205.944655][ T9127]  ? __pfx_br_ioctl_stub+0x10/0x10
[  205.949808][ T9127]  ? sock_ioctl+0x5c6/0x8e0
[  205.954353][ T9127]  ? __pfx___mutex_lock+0x10/0x10
[  205.959444][ T9127]  ? __pfx_br_ioctl_stub+0x10/0x10
[  205.964598][ T9127]  sock_ioctl+0x5ee/0x8e0
[  205.968973][ T9127]  ? __pfx_sock_ioctl+0x10/0x10
[  205.973947][ T9127]  ? __fget_files+0x29/0x470
[  205.978581][ T9127]  ? __fget_files+0x3f6/0x470
[  205.983368][ T9127]  ? __fget_files+0x29/0x470
[  205.988014][ T9127]  ? bpf_lsm_file_ioctl+0x9/0x10
[  205.992988][ T9127]  ? security_file_ioctl+0x87/0xb0
[  205.998139][ T9127]  ? __pfx_sock_ioctl+0x10/0x10
[  206.003035][ T9127]  __se_sys_ioctl+0xfc/0x170
[  206.007664][ T9127]  do_syscall_64+0xf3/0x230
[  206.012202][ T9127]  ? clear_bhb_loop+0x35/0x90
[  206.016923][ T9127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.022860][ T9127] RIP: 0033:0x7ff024b75bd9
[  206.027309][ T9127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.046964][ T9127] RSP: 002b:00007ff025a0f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.055424][ T9127] RAX: ffffffffffffffda RBX: 00007ff024d03f60 RCX: 00007ff024b75bd9
[  206.063432][ T9127] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007
[  206.071453][ T9127] RBP: 00007ff025a0f0a0 R08: 0000000000000000 R09: 0000000000000000
[  206.079640][ T9127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  206.087743][ T9127] R13: 000000000000000b R14: 00007ff024d03f60 R15: 00007ffe39547838
[  206.095780][ T9127]  </TASK>
[  206.147699][ T8954] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.157557][ T8954] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.183270][ T8954] bridge_slave_1: entered allmulticast mode
[  206.191197][ T8954] bridge_slave_1: entered promiscuous mode
[  206.270089][ T8954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.302270][ T5108] Bluetooth: hci3: command tx timeout
[  206.303109][ T8954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.515350][ T8954] team0: Port device team_slave_0 added
[  206.577636][ T8954] team0: Port device team_slave_1 added
[  206.674060][ T8954] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.691404][ T8954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.734658][ T8954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.788052][ T8954] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.801864][ T8954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.843517][ T8954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.855164][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1358'.
[  206.882741][ T9150] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  207.077791][ T8954] hsr_slave_0: entered promiscuous mode
[  207.123719][ T8954] hsr_slave_1: entered promiscuous mode
[  207.181364][ T9169] xt_CT: You must specify a L4 protocol and not use inversions on it
[  207.892560][ T9200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  207.952103][ T9206] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1373'.
[  207.998282][ T9209] netlink: 'syz.4.1376': attribute type 11 has an invalid length.
[  208.040724][ T9213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1378'.
[  208.069833][ T9206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  208.277044][ T9217] xt_CT: You must specify a L4 protocol and not use inversions on it
[  208.326927][ T8954] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  208.383292][ T5108] Bluetooth: hci3: command tx timeout
[  208.404468][ T8954] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  208.436816][ T8954] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  208.477126][ T8954] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  208.776871][ T9242] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  208.908843][ T8954] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.981275][ T8954] 8021q: adding VLAN 0 to HW filter on device team0
[  209.008178][ T5106] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.015485][ T5106] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.043699][ T5106] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.050982][ T5106] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.318015][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'.
[  209.554665][ T8954] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.891705][ T8954] veth0_vlan: entered promiscuous mode
[  209.924760][ T8954] veth1_vlan: entered promiscuous mode
[  210.037115][ T8954] veth0_macvtap: entered promiscuous mode
[  210.099739][ T8954] veth1_macvtap: entered promiscuous mode
[  210.171396][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.207332][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.230473][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.247179][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.258260][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  210.270602][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.283415][ T8954] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.292238][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1416'.
[  210.328070][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.342377][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.360994][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.379237][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.389873][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  210.401424][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  210.414894][ T8954] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.543798][ T8954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.582775][ T8954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.591737][ T8954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.601671][ T8954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.934815][ T2865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.960584][ T9344] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  210.963273][ T2865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.068234][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.095296][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.153048][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1432'.
[  211.167124][ T9360] syzkaller1: entered promiscuous mode
[  211.176371][ T9360] syzkaller1: entered allmulticast mode
[  211.209393][ T9360] ip6_vti0: Master is either lo or non-ether device
[  212.086438][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1444'.
[  212.367992][ T9418] netlink: 'syz.1.1448': attribute type 1 has an invalid length.
[  212.376184][ T9418] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.1448'.
[  212.418720][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1451'.
[  213.087615][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1468'.
[  213.160232][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  213.189477][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  213.222996][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  213.249949][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  213.807785][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.408450][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.501140][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.604897][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.047722][   T11] bridge_slave_1: left allmulticast mode
[  215.073237][   T11] bridge_slave_1: left promiscuous mode
[  215.080261][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.164669][   T11] bridge_slave_0: left allmulticast mode
[  215.170385][   T11] bridge_slave_0: left promiscuous mode
[  215.182954][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  215.194428][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  215.202990][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.212044][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  215.223243][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  215.231572][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  215.239205][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  215.760913][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  215.777882][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  215.789605][   T11] bond0 (unregistering): Released all slaves
[  215.831910][ T9553] __nla_validate_parse: 30 callbacks suppressed
[  215.831931][ T9553] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1496'.
[  215.877862][ T9553] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1496'.
[  215.978181][ T9568] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  216.039148][ T9538] caif0 speed is unknown, defaulting to 1000
[  216.045696][ T9570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'.
[  216.838974][   T11] hsr_slave_0: left promiscuous mode
[  216.910461][   T11] hsr_slave_1: left promiscuous mode
[  216.926140][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.940603][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  216.963388][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  216.970841][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.019034][   T11] veth1_macvtap: left promiscuous mode
[  217.037840][   T11] veth0_macvtap: left promiscuous mode
[  217.048852][   T11] veth1_vlan: left promiscuous mode
[  217.065401][   T11] veth0_vlan: left promiscuous mode
[  217.342029][ T5113] Bluetooth: hci3: command tx timeout
[  217.423305][ T9621] netlink: 'syz.3.1519': attribute type 28 has an invalid length.
[  217.697005][   T11] team0 (unregistering): Port device team_slave_1 removed
[  217.742504][   T11] team0 (unregistering): Port device team_slave_0 removed
[  218.177180][ T9608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1517'.
[  218.186934][ T9619] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1519'.
[  218.407365][ T9629] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1522'.
[  218.588925][ T9636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1525'.
[  218.613023][ T9538] chnl_net:caif_netlink_parms(): no params data found
[  218.861998][ T9646] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1530'.
[  218.880807][ T9646] unsupported nlmsg_type 40
[  218.891404][ T9654] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1533'.
[  218.910175][ T9651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1531'.
[  218.994265][ T9538] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.014260][ T9538] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.032103][ T9538] bridge_slave_0: entered allmulticast mode
[  219.043943][ T9538] bridge_slave_0: entered promiscuous mode
[  219.085727][ T9657] ipvlan2: entered allmulticast mode
[  219.165478][ T9538] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.188550][ T9538] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.213141][ T9538] bridge_slave_1: entered allmulticast mode
[  219.231111][ T9538] bridge_slave_1: entered promiscuous mode
[  219.370793][ T9538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.422858][ T5113] Bluetooth: hci3: command tx timeout
[  219.477001][ T9538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.523021][ T9689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  219.697746][ T9538] team0: Port device team_slave_0 added
[  219.708141][ T9538] team0: Port device team_slave_1 added
[  219.781467][ T9538] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.807730][ T9538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.860285][ T9538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.871269][ T9717] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  219.930993][ T9538] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.954521][ T9538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.019020][ T9538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.169890][ T9538] hsr_slave_0: entered promiscuous mode
[  220.181466][ T9538] hsr_slave_1: entered promiscuous mode
[  220.214419][ T9734] delete_channel: no stack
[  220.791011][ T9755] netlink: 'syz.1.1567': attribute type 1 has an invalid length.
[  221.194854][ T9538] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  221.236352][ T9538] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  221.262159][ T9538] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  221.291138][ T9538] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  221.482358][ T9792] netlink: 'syz.4.1580': attribute type 8 has an invalid length.
[  221.502469][ T5113] Bluetooth: hci3: command tx timeout
[  221.605752][ T9538] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.615101][ T9799] __nla_validate_parse: 7 callbacks suppressed
[  221.615121][ T9799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  221.751498][ T9538] 8021q: adding VLAN 0 to HW filter on device team0
[  221.815741][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.822968][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.864687][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.871946][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.896541][ T9814] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  222.268412][ T9538] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.388533][ T9538] veth0_vlan: entered promiscuous mode
[  222.439444][ T9538] veth1_vlan: entered promiscuous mode
[  222.537685][ T9538] veth0_macvtap: entered promiscuous mode
[  222.555223][ T9538] veth1_macvtap: entered promiscuous mode
[  222.591648][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.608905][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.628699][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.640555][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.656067][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.669742][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.702672][ T9538] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.770878][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.799655][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.819413][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.830772][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.845620][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.868768][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.910319][ T9538] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.929371][ T9842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1597'.
[  222.957953][ T9538] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.981004][ T9538] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.992395][ T9538] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.001742][ T9538] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.299535][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.319181][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.355895][ T9864] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1607'.
[  223.465552][ T9869] netlink: 'syz.2.1608': attribute type 3 has an invalid length.
[  223.587779][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  223.592021][ T5113] Bluetooth: hci3: command tx timeout
[  223.649779][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.956965][ T9897] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1614'.
[  223.983922][ T9897] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  224.029458][ T9906] x_tables: duplicate underflow at hook 1
[  224.055688][ T9905] netlink: 'syz.4.1616': attribute type 1 has an invalid length.
[  224.405936][ T9923] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1624'.
[  225.254083][ T9976] vlan2: entered allmulticast mode
[  225.307631][ T9985] Cannot find del_set index 4 as target
[  225.354474][ T9985] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1644'.
[  225.752010][ T2820] ==================================================================
[  225.760122][ T2820] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0
[  225.768119][ T2820] Write of size 8 at addr ffff88801cfa6808 by task kworker/u8:7/2820
[  225.776188][ T2820] 
[  225.778523][ T2820] CPU: 0 PID: 2820 Comm: kworker/u8:7 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  225.788767][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  225.798857][ T2820] Workqueue: l2tp l2tp_tunnel_del_work
[  225.804343][ T2820] Call Trace:
[  225.807640][ T2820]  <TASK>
[  225.810693][ T2820]  dump_stack_lvl+0x241/0x360
[  225.815393][ T2820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.820618][ T2820]  ? __pfx__printk+0x10/0x10
[  225.825245][ T2820]  ? _printk+0xd5/0x120
[  225.829427][ T2820]  ? __virt_addr_valid+0x183/0x520
[  225.834573][ T2820]  ? __virt_addr_valid+0x183/0x520
[  225.839705][ T2820]  print_report+0x169/0x550
[  225.844224][ T2820]  ? __virt_addr_valid+0x183/0x520
[  225.849349][ T2820]  ? __virt_addr_valid+0x183/0x520
[  225.854473][ T2820]  ? __virt_addr_valid+0x44e/0x520
[  225.859610][ T2820]  ? __phys_addr+0xba/0x170
[  225.864127][ T2820]  ? l2tp_session_delete+0x28/0x9e0
[  225.869435][ T2820]  kasan_report+0x143/0x180
[  225.873968][ T2820]  ? l2tp_session_delete+0x28/0x9e0
[  225.879195][ T2820]  kasan_check_range+0x282/0x290
[  225.884152][ T2820]  l2tp_session_delete+0x28/0x9e0
[  225.889186][ T2820]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  225.894581][ T2820]  l2tp_tunnel_del_work+0x1cb/0x330
[  225.899788][ T2820]  ? process_scheduled_works+0x945/0x1830
[  225.905538][ T2820]  process_scheduled_works+0xa2c/0x1830
[  225.911102][ T2820]  ? __pfx_process_scheduled_works+0x10/0x10
[  225.917097][ T2820]  ? assign_work+0x364/0x3d0
[  225.921692][ T2820]  worker_thread+0x86d/0xd50
[  225.926388][ T2820]  ? __kthread_parkme+0x169/0x1d0
[  225.931425][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  225.936551][ T2820]  kthread+0x2f0/0x390
[  225.940631][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  225.945752][ T2820]  ? __pfx_kthread+0x10/0x10
[  225.950348][ T2820]  ret_from_fork+0x4b/0x80
[  225.954773][ T2820]  ? __pfx_kthread+0x10/0x10
[  225.959368][ T2820]  ret_from_fork_asm+0x1a/0x30
[  225.964151][ T2820]  </TASK>
[  225.967166][ T2820] 
[  225.969483][ T2820] Allocated by task 10001:
[  225.973899][ T2820]  kasan_save_track+0x3f/0x80
[  225.978578][ T2820]  __kasan_kmalloc+0x98/0xb0
[  225.983173][ T2820]  __kmalloc_noprof+0x1f9/0x400
[  225.988032][ T2820]  l2tp_session_create+0x3b/0xc20
[  225.993059][ T2820]  pppol2tp_connect+0xca3/0x17a0
[  225.997999][ T2820]  __sys_connect+0x2df/0x310
[  226.002591][ T2820]  __x64_sys_connect+0x7a/0x90
[  226.007360][ T2820]  do_syscall_64+0xf3/0x230
[  226.011861][ T2820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.017753][ T2820] 
[  226.020073][ T2820] Freed by task 16:
[  226.023875][ T2820]  kasan_save_track+0x3f/0x80
[  226.028560][ T2820]  kasan_save_free_info+0x40/0x50
[  226.033603][ T2820]  poison_slab_object+0xe0/0x150
[  226.038548][ T2820]  __kasan_slab_free+0x37/0x60
[  226.043327][ T2820]  kfree+0x149/0x360
[  226.047235][ T2820]  __sk_destruct+0x58/0x5f0
[  226.051748][ T2820]  rcu_core+0xafd/0x1830
[  226.056007][ T2820]  handle_softirqs+0x2c4/0x970
[  226.061045][ T2820]  run_ksoftirqd+0xca/0x130
[  226.065645][ T2820]  smpboot_thread_fn+0x544/0xa30
[  226.070587][ T2820]  kthread+0x2f0/0x390
[  226.074748][ T2820]  ret_from_fork+0x4b/0x80
[  226.079174][ T2820]  ret_from_fork_asm+0x1a/0x30
[  226.083949][ T2820] 
[  226.086279][ T2820] Last potentially related work creation:
[  226.091990][ T2820]  kasan_save_stack+0x3f/0x60
[  226.096672][ T2820]  __kasan_record_aux_stack+0xac/0xc0
[  226.102062][ T2820]  call_rcu+0x167/0xa70
[  226.106234][ T2820]  pppol2tp_release+0x24b/0x350
[  226.111098][ T2820]  sock_close+0xbc/0x240
[  226.115347][ T2820]  __fput+0x24a/0x8a0
[  226.119339][ T2820]  task_work_run+0x24f/0x310
[  226.123945][ T2820]  syscall_exit_to_user_mode+0x168/0x360
[  226.129591][ T2820]  do_syscall_64+0x100/0x230
[  226.134185][ T2820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.140090][ T2820] 
[  226.142420][ T2820] The buggy address belongs to the object at ffff88801cfa6800
[  226.142420][ T2820]  which belongs to the cache kmalloc-1k of size 1024
[  226.156488][ T2820] The buggy address is located 8 bytes inside of
[  226.156488][ T2820]  freed 1024-byte region [ffff88801cfa6800, ffff88801cfa6c00)
[  226.170290][ T2820] 
[  226.172626][ T2820] The buggy address belongs to the physical page:
[  226.179043][ T2820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cfa0
[  226.187806][ T2820] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  226.196311][ T2820] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  226.203952][ T2820] page_type: 0xffffefff(slab)
[  226.208631][ T2820] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122
[  226.217219][ T2820] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  226.225808][ T2820] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122
[  226.234485][ T2820] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  226.243161][ T2820] head: 00fff00000000003 ffffea000073e801 ffffffffffffffff 0000000000000000
[  226.251835][ T2820] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  226.260523][ T2820] page dumped because: kasan: bad access detected
[  226.267120][ T2820] page_owner tracks the page as allocated
[  226.272832][ T2820] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1092, tgid 1092 (kworker/u8:5), ts 87284559456, free_ts 87085376608
[  226.293599][ T2820]  post_alloc_hook+0x1f3/0x230
[  226.298395][ T2820]  get_page_from_freelist+0x2e4c/0x2f10
[  226.303965][ T2820]  __alloc_pages_noprof+0x256/0x6c0
[  226.309185][ T2820]  alloc_slab_page+0x5f/0x120
[  226.313959][ T2820]  allocate_slab+0x5a/0x2f0
[  226.318471][ T2820]  ___slab_alloc+0xcd1/0x14b0
[  226.323151][ T2820]  __slab_alloc+0x58/0xa0
[  226.327498][ T2820]  __kmalloc_noprof+0x257/0x400
[  226.332371][ T2820]  ieee802_11_parse_elems_full+0xdb/0x2880
[  226.338194][ T2820]  ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70
[  226.344274][ T2820]  ieee80211_iface_work+0x8a5/0xf20
[  226.349498][ T2820]  cfg80211_wiphy_work+0x2db/0x490
[  226.354627][ T2820]  process_scheduled_works+0xa2c/0x1830
[  226.360251][ T2820]  worker_thread+0x86d/0xd50
[  226.364858][ T2820]  kthread+0x2f0/0x390
[  226.368940][ T2820]  ret_from_fork+0x4b/0x80
[  226.373375][ T2820] page last free pid 5244 tgid 5244 stack trace:
[  226.379707][ T2820]  free_unref_page+0xd22/0xea0
[  226.384491][ T2820]  __put_partials+0xeb/0x130
[  226.389087][ T2820]  put_cpu_partial+0x17c/0x250
[  226.393858][ T2820]  __slab_free+0x2ea/0x3d0
[  226.398277][ T2820]  qlist_free_all+0x9e/0x140
[  226.402874][ T2820]  kasan_quarantine_reduce+0x14f/0x170
[  226.408339][ T2820]  __kasan_slab_alloc+0x23/0x80
[  226.413192][ T2820]  kmem_cache_alloc_noprof+0x135/0x2a0
[  226.418757][ T2820]  getname_flags+0xbd/0x4f0
[  226.423270][ T2820]  vfs_fstatat+0x11c/0x190
[  226.427694][ T2820]  __x64_sys_newfstatat+0x125/0x1b0
[  226.432893][ T2820]  do_syscall_64+0xf3/0x230
[  226.438931][ T2820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.445440][ T2820] 
[  226.447762][ T2820] Memory state around the buggy address:
[  226.453393][ T2820]  ffff88801cfa6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  226.461451][ T2820]  ffff88801cfa6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  226.469512][ T2820] >ffff88801cfa6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.477574][ T2820]                       ^
[  226.481906][ T2820]  ffff88801cfa6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.489964][ T2820]  ffff88801cfa6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.498018][ T2820] ==================================================================
[  226.588737][ T2820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  226.595993][ T2820] CPU: 1 PID: 2820 Comm: kworker/u8:7 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0
[  226.606267][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  226.616543][ T2820] Workqueue: l2tp l2tp_tunnel_del_work
[  226.622062][ T2820] Call Trace:
[  226.625391][ T2820]  <TASK>
[  226.628341][ T2820]  dump_stack_lvl+0x241/0x360
[  226.633056][ T2820]  ? __pfx_dump_stack_lvl+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  226.638300][ T2820]  ? __pfx__printk+0x10/0x10
[  226.642960][ T2820]  ? preempt_schedule+0xe1/0xf0
[  226.647855][ T2820]  ? vscnprintf+0x5d/0x90
[  226.652219][ T2820]  panic+0x349/0x860
[  226.656149][ T2820]  ? check_panic_on_warn+0x21/0xb0
[  226.661337][ T2820]  ? __pfx_panic+0x10/0x10
[  226.665810][ T2820]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  226.671829][ T2820]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  226.678289][ T2820]  ? print_report+0x502/0x550
[  226.683005][ T2820]  check_panic_on_warn+0x86/0xb0
[  226.688078][ T2820]  ? l2tp_session_delete+0x28/0x9e0
[  226.693309][ T2820]  end_report+0x77/0x160
[  226.697590][ T2820]  kasan_report+0x154/0x180
[  226.702134][ T2820]  ? l2tp_session_delete+0x28/0x9e0
[  226.707464][ T2820]  kasan_check_range+0x282/0x290
[  226.712440][ T2820]  l2tp_session_delete+0x28/0x9e0
[  226.717497][ T2820]  ? l2tp_tunnel_del_work+0x1d3/0x330
[  226.722903][ T2820]  l2tp_tunnel_del_work+0x1cb/0x330
[  226.728139][ T2820]  ? process_scheduled_works+0x945/0x1830
[  226.733903][ T2820]  process_scheduled_works+0xa2c/0x1830
[  226.739507][ T2820]  ? __pfx_process_scheduled_works+0x10/0x10
[  226.745537][ T2820]  ? assign_work+0x364/0x3d0
[  226.750160][ T2820]  worker_thread+0x86d/0xd50
[  226.754799][ T2820]  ? __kthread_parkme+0x169/0x1d0
[  226.759852][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  226.764994][ T2820]  kthread+0x2f0/0x390
[  226.769095][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  226.774234][ T2820]  ? __pfx_kthread+0x10/0x10
[  226.778867][ T2820]  ret_from_fork+0x4b/0x80
[  226.783314][ T2820]  ? __pfx_kthread+0x10/0x10
[  226.787953][ T2820]  ret_from_fork_asm+0x1a/0x30
[  226.792776][ T2820]  </TASK>
[  226.796122][ T2820] Kernel Offset: disabled
[  226.800483][ T2820] Rebooting in 86400 seconds..