last executing test programs:

58.389849872s ago: executing program 2 (id=2379):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r3, r4, 0x2, 0x2, 0x0, @void, @value}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="16f0", @ANYRES16=r5, @ANYBLOB="010000000000000000001b0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000002afe0b0000000000"], 0x3c}}, 0x0)

58.00526842s ago: executing program 2 (id=2381):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='westwood\x00', 0x9)
sendto$inet(r0, 0x0, 0x4102, 0x20000fbd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)

55.760335911s ago: executing program 2 (id=2387):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x40}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x97ff}, 0x0)

43.84504735s ago: executing program 1 (id=2485):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="0815000000050104000000f0ffffff0001000005540201"], 0x1508}}, 0x0)

43.679006526s ago: executing program 1 (id=2487):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000007000000008000000100000000000000", @ANYRES32, @ANYBLOB="1e03000000000000000ded6d04318ea6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448c9, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00'], 0x30}}, 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r3, r4, 0x2, 0x2, 0x0, @void, @value}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'team0\x00'}}]}, 0x38}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

43.38492042s ago: executing program 1 (id=2489):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r4 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f00000005c0)={<r5=>0x0, 0x2d6, 0x4})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000009c0)={<r6=>0x0, "7dc927a7b75e6f2c2161cb6705c45375"})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000019c0)={0x7, 0x0, {0x83e8, @struct={0x10001, 0x8ef}, 0x0, 0x9a, 0x61802e29, 0x920, 0x2, 0x4, 0x20, @usage=0x8, 0x3ff, 0x0, [0x3, 0x10001, 0xc, 0x9, 0xd62d, 0x6e66ba8d]}, {0x7, @usage=0x1, <r7=>0x0, 0x1, 0x3, 0x3, 0x8001, 0x6, 0x10, @struct={0x10001, 0x2}, 0x1000, 0xfffffffa, [0x5, 0x4c78, 0x9, 0x80000000, 0x100000001, 0xcb]}, {0x9, @struct={0x7, 0x9}, 0x0, 0xec78, 0x3, 0x7, 0x6, 0x80000000, 0x4c2, @struct={0x0, 0x1}, 0x80000000, 0x9, [0x80000001, 0x3, 0xd, 0x2, 0x5, 0xd8]}, {0x5, 0x8, 0x8}})
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000021c0)=@bpf_ext={0x1c, 0x1b, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @ldst={0x1, 0x1, 0x1, 0xa, 0x6, 0x6, 0x8}, @ldst={0x0, 0x0, 0x1, 0x2, 0x6, 0x1, 0x7fffffffffffffff}, @exit, @call={0x85, 0x0, 0x0, 0x6d}, @jmp={0x5, 0x1, 0xf, 0x0, 0x8, 0x40, 0x10}, @generic={0xcd, 0x6, 0x5, 0x81, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x2eee, 0x3c, &(0x7f0000000300)=""/60, 0x41100, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x4, 0x2, 0x3}, 0x10, 0x21aad, r4, 0x2, &(0x7f0000000480)=[r1, r1], &(0x7f00000004c0)=[{0x4, 0x1, 0x0, 0xa}, {0x5, 0x1, 0xa, 0x3}], 0x10, 0x1, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000500)=r8, 0x4)
ioctl$BTRFS_IOC_BALANCE_V2(r3, 0xc4009420, &(0x7f0000001dc0)={0x18, 0x1, {0x8, @usage, r5, 0x0, 0x7, 0x1, 0xd0bf, 0x4, 0x2, @struct={0xbb, 0x8}, 0x7, 0x400, [0x3, 0xcf9, 0x3ff, 0x7, 0x100000000, 0x3]}, {0xffffffffffffa76c, @usage=0x80000001, r6, 0x0, 0xa, 0x7, 0x4, 0x10, 0x13, @struct={0xfe9, 0xffffffff}, 0x0, 0x10001, [0x0, 0x3, 0x80000001, 0x5, 0x47, 0x8]}, {0xfffffffffffff001, @struct={0xffff8290, 0xff}, r7, 0x5, 0x1, 0xfffffffffffffffc, 0xc, 0x8, 0x8, @usage=0x9, 0xaee, 0x3, [0x2, 0xfffffffffffffffa, 0x8, 0x7, 0x0, 0x637]}, {0x2, 0xa85, 0x4}})
read(r0, &(0x7f0000000080)=""/73, 0x49)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10)

43.038521322s ago: executing program 1 (id=2495):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x2000, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x2000, 0x0, 0x0, 0x0, 0x0, @empty, @multicast2}}}})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4)
sendto$inet(r1, &(0x7f0000000040)="0400", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)

42.477650089s ago: executing program 2 (id=2387):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x40}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x97ff}, 0x0)

27.443949821s ago: executing program 1 (id=2495):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x2000, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x2000, 0x0, 0x0, 0x0, 0x0, @empty, @multicast2}}}})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4)
sendto$inet(r1, &(0x7f0000000040)="0400", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)

27.111262567s ago: executing program 2 (id=2387):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x40}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x97ff}, 0x0)

9.351592359s ago: executing program 2 (id=2387):
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x40}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x97ff}, 0x0)

8.721815616s ago: executing program 1 (id=2495):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x2000, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x2000, 0x0, 0x0, 0x0, 0x0, @empty, @multicast2}}}})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4)
sendto$inet(r1, &(0x7f0000000040)="0400", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)

2.791990446s ago: executing program 3 (id=2734):
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000180)=0x4a9a, 0x4)
sendmmsg$inet(r2, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000bc0)="23004e4ee760d48ddc6b7a1ebfc6e0276028840fb20d5233e81c802684e8ac1dc195296ffaaeace75a07a653ee918f67beb970cd36769470f7acb5cd5becfa3839cec05a81f9488931e0a9ba9a246f45fee8b5240bd1e078539b56973bfbbee5a100668daf66ef25121ca65db1d172a489e35e43f2ced9183d48b5850b9e1de2c492604f7b27f030d82cf14d7bcbe35579bfbfbcccc3dceb90fc0075c0c67c8b887bd9356b0fc5e5479c0133683c922e936e6d9431f80a38a5f819c00801d677445ad545dd77e1", 0xc7}], 0x1}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000640)="f473bd", 0x3}], 0x1}}], 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x220, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000500], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000000180c20000000000000000000180c200000000faffffffffffffff000000670100009001000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000646e61740000000000000000ff0300000000000000000000000000000000000010000000000000ffffffff000000006e666c010000000000000000000000000000000000000000000000000000ff0050000000121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aee86f4fe16383d2afb577ed2bb6dd99f024b3f54ba00000000415544495400000000000000000000000000000000000000000000000000000008000000000000200000000000000000000200"/544]}, 0x298)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
read$alg(r4, &(0x7f0000000140)=""/116, 0x74)
close(r5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=@newtaction={0x18, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x3a, 0x3, 0x0, 0x0, 0x0, 0x5, 0xc8, 0x0, 0x5b, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x45, [0x67, 0x8001]}})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x22020400)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140012"], 0x48}}, 0x400400c0)
sendmmsg$alg(r7, &(0x7f00000000c0), 0x492492492492627, 0x0)
r8 = syz_genetlink_get_family_id$smc(&(0x7f0000001540), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="4000f762c310296a1b4b1c7f6200", @ANYRES16=r8, @ANYBLOB="01000000000002000000020202000900010073797a3200000000140002007465616d5f736c6176655f30000000000900030073797a3000000000"], 0x40}, 0x1, 0x40030000000000}, 0x40080)

2.485996657s ago: executing program 0 (id=2738):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842ba4470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc3}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)

2.144345074s ago: executing program 0 (id=2740):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, 0x0, 0x0) (fail_nth: 1)

1.750303075s ago: executing program 0 (id=2742):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
close(r5)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r5) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000400)={'wg1\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r6, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0xffff}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x1ff}, @ETHTOOL_A_COALESCE_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5, 0xb, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x801}, 0x880) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r8) (async)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10) (async)
bpf$LINK_DETACH(0x22, &(0x7f0000001ac0)=r8, 0x4) (async)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r8, 0x4) (async)
bind$alg(r5, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'mcryptd(crc32c-generic)\x00'}, 0x58) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000640)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x4, 0xa}, {0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x4}, {0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, 0x0, 0x3c}, 0xa, @in6=@mcast1, 0xb502, 0x3, 0x3}}, 0xe8) (async)
sendmmsg$inet6(r1, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0)

1.749072743s ago: executing program 3 (id=2743):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd78, &(0x7f0000000340)={&(0x7f0000000540)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in=@remote, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x4, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x184}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000005000100077b00000900020073797a3200000000140006400000b3fe9429548125c9df000008001340ffffffff2c000300686173683a6e6504000000000500050002000000050004000200"/88], 0x5c}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYRESDEC], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x30, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x6131, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040), 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="02"], 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x31, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7ab2}, {}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffa}, @ringbuf_query, @alu={0x7, 0x1, 0x8, 0x0, 0x6, 0x1, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xee7ff6fd276f2342}}, @ldst={0x3, 0x2, 0x6, 0x5, 0x8, 0x2, 0xfffffffffffffffc}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xffffffffffffffff}, @initr0={0x18, 0x0, 0x0, 0x0, 0xd1, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000240)='syzkaller\x00', 0x7fff, 0x27, &(0x7f0000000280)=""/39, 0x40f00, 0xc0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000680)=[0x1, 0xffffffffffffffff, 0x1], &(0x7f00000006c0)=[{0x0, 0x4, 0xd, 0x6}, {0x5, 0x3, 0x6, 0x2}, {0x1, 0x1, 0xf, 0x5}], 0x10, 0xe, @void, @value}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000880)={r3, r4, 0x18c8ec67c22c2c7d, r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000004000000000000e00080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b00)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb0, 0xb0, 0x5, [@enum64={0x10, 0x4, 0x0, 0x13, 0x1, 0x4, [{0x4, 0x2, 0x9}, {0x4, 0x3ff, 0x2}, {0x3, 0x1, 0x8}, {0x4, 0x8, 0x80000001}]}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x4f, 0x0, 0x29, 0x2}, @ptr={0x8, 0x0, 0x0, 0x2, 0x2}, @ptr={0x8, 0x0, 0x0, 0x2, 0x3}, @volatile={0x8, 0x0, 0x0, 0x9, 0x3}, @enum64={0x8, 0x1, 0x0, 0x13, 0x1, 0x3, [{0x6, 0x2, 0x7e}]}, @decl_tag={0xd, 0x0, 0x0, 0x11, 0x1, 0x7}, @ptr={0xb, 0x0, 0x0, 0x2, 0x3}, @volatile={0x5}]}, {0x0, [0x2e, 0x30, 0x2e]}}, &(0x7f0000000a00)=""/228, 0xcd, 0xe4, 0x0, 0x81, 0x0, @void, @value}, 0x28)
r8 = socket$inet(0x2, 0x2, 0x1)
bind$unix(r8, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r9 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r9, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r9, 0x3)
r10 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r10, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r11 = accept4$inet(r10, &(0x7f0000000b40)={0x2, 0x0, @loopback}, &(0x7f0000000b80)=0x10, 0x80000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000c40)={'ip6_vti0\x00', &(0x7f0000000bc0)={'ip6_vti0\x00', <r12=>0x0, 0x2f, 0x6, 0x8, 0x1, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, 0x700, 0x20, 0x6, 0x9794000}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r11, 0x89f1, &(0x7f0000000d00)={'sit0\x00', &(0x7f0000000c80)={'gretap0\x00', r12, 0x700, 0x700, 0x8, 0x5, {{0x17, 0x4, 0x0, 0x8, 0x5c, 0x67, 0x0, 0x7, 0x4, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x1c, 0x28, 0x0, 0x3, [0x0, 0x5, 0xfff, 0x9, 0x6, 0x8]}, @rr={0x7, 0x2b, 0x41, [@broadcast, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x22}, @local, @remote, @remote, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @local]}]}}}}})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b400000000000000691061000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xdfe54c09d58426c7, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendmmsg(r10, &(0x7f0000007340)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x4)
r13 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r13, 0x84, 0x80, &(0x7f00000002c0)="1af3050000f2bd5b", 0x8)
openat$cgroup_ro(r5, &(0x7f00000008c0)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70200000922a51b5bfd14f5670200000085002000860000000d00000000000000bf918a797443f6d920e91f798e384f68624e000000000000b7020000000000008500000084000000b700000000ffff"], &(0x7f0000001640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1.58008986s ago: executing program 0 (id=2744):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={0x1, &(0x7f0000000080)="e83555c9b40c85dfc6de4dac7aeef7870c480cb3632dc75fa4c083a520a0bb6f2ebbc17b0de86179ab120c4caa0ba5850b8ae6ff7dbeeba84bdfd21b470a8468142ad0510947501088910dc72cde8173e2588a0af4cd607dbd3073f40b00de6cbc955b5ad40678837faa696e221badd2e1392e27938c4a6a7ce7f2657d6a4c7145ada4c55cab8854fc91330bfb8281eacb7e91e4c52ec4037ebb2d934e0f05313157b83081384246791fe980cd03a773ab0eea50091d8d608c017486186e5816439e", 0x0, 0x4}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
unshare(0x2000400)
socket$rds(0x15, 0x5, 0x0) (async)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR(r6, 0x114, 0x2, 0x0, 0x20)
sendmsg$NL80211_CMD_ABORT_SCAN(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r2, @ANYRES16=r4, @ANYBLOB="379500000000000000007200000008000300", @ANYRES32=r5], 0x1c}}, 0x20044040) (async)
sendmsg$NL80211_CMD_ABORT_SCAN(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r2, @ANYRES16=r4, @ANYBLOB="379500000000000000007200000008000300", @ANYRES32=r5], 0x1c}}, 0x20044040)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0xb}]}}}]}, 0x3c}}, 0x80)

1.346899437s ago: executing program 0 (id=2746):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)

1.247837968s ago: executing program 4 (id=2747):
socket$xdp(0x2c, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="480000001400190d09004beafd0d8c562c84ed7a060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7006000"/72, 0x48}], 0x1)
syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), r0)

1.126470695s ago: executing program 4 (id=2748):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x88}, 0x80)

1.087110128s ago: executing program 4 (id=2749):
r0 = socket(0x1e, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200027bd7000ffdbdf2501000000050037006ad69f012a010000120500300000000000050029000100000008003400ff0300e4f249c0755c0cdf0911534000050029de00000000050038000010000005003500020000"], 0x5c}, 0x1, 0x0, 0x0, 0x24000814}, 0x8000)
listen(r0, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10)
accept4(r0, 0x0, 0x0, 0x80000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xba}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

968.208264ms ago: executing program 4 (id=2750):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800ff80000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000c200000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xff6, &(0x7f0000001e00)=""/4086, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

951.821533ms ago: executing program 4 (id=2751):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000e80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x98, 0x98, 0x7, [@type_tag={0x8, 0x0, 0x0, 0x12, 0x2}, @union={0x3, 0x8, 0x0, 0x5, 0x0, 0xfff, [{0x2, 0x2, 0x7}, {0x10, 0x5, 0xffffffff}, {0x8, 0x1, 0x80}, {0x3, 0x2, 0x5}, {0x3, 0x4, 0xb}, {0xf, 0x5}, {0x7, 0x2, 0x2}, {0xb, 0x5, 0x8000}]}, @fwd={0xe}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0xb}]}]}, {0x0, [0x2e, 0x30, 0x2e, 0x0, 0x30]}}, &(0x7f0000000f80)=""/4096, 0xb7, 0x1000, 0x1, 0x7fffffff, 0x0, @void, @value}, 0x28)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r1, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
ioctl$FIBMAP(r0, 0x1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000140)={0x0, 0x7d7, 0x0, 0x1, 0x4}, 0xc)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="02030000120000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000000000a00000000000000fc0100000000000000000000000000000000bec8571cd1790000000000000200010000000000000000000000000005000500000000000a00000000000000ff0100000000000000000000000000010000"], 0x90}}, 0x0)
r4 = socket$inet6(0xa, 0x806, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000380), 0x8)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000500040000000089452f730073797a31000000001400078008000840000000000500140100060007000c000300686173683a697000"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r7, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
close(r7)
listen(r4, 0x3)
r8 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_mtu(r8, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x1)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000000000000000000080364a071ce004ceef69060000007b49f3e824a2dc2df6fc3f40", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r9, &(0x7f0000000080), 0x0}, 0x20)
r10 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r10, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{0x0}], 0x1}}], 0x1, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)

845.494616ms ago: executing program 3 (id=2752):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
r2 = socket(0x10, 0x3, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="300000004a0001002abd7000fbdbdf250a008000", @ANYRES32=0x0, @ANYBLOB="090000001400010000000000edff"], 0x30}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {}, {0x3}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x6a, 0x3, 0x0, 0x0, 0xff, 0xfff}}, {0x4}}, {{0x1c, 0x1, {0x5, 0x80, 0xc, 0x9, 0x0, 0x9, 0x2}}, {0x4}}]}]}, 0x68}}, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x28, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeca}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_idx={0x18, 0x6, 0x5, 0x0, 0xb}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xc}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @ldst={0x0, 0x2, 0x3, 0x0, 0x2, 0x80, 0x8}, @generic={0xd, 0x9, 0x8, 0x400, 0x46}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000080)={0x3, 0xf, 0x8, 0xfffffff7}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000000c0)=[0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, r0], &(0x7f0000000280)=[{0x5, 0x2, 0xc, 0xc}, {0x4, 0x4, 0xa, 0xb}, {0x5, 0x3, 0x2, 0x9}, {0x5, 0x5, 0x6}, {0x0, 0x2, 0xe, 0x5}, {0x2, 0x2, 0xe, 0x9}, {0x1, 0x2, 0x4, 0x8}], 0x10, 0x7ff, @void, @value}, 0x94)
setsockopt$netrom_NETROM_N2(r2, 0x103, 0x3, &(0x7f0000000380)=0x6, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000ec0)={@map, 0xffffffffffffffff, 0x2e, 0x2, 0xffffffffffffffff, @void, @value=r4}, 0x20)
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180004801300010062726f5d62dc719fb6167f9dc13415"], 0x2c}}, 0x0)

740.158578ms ago: executing program 3 (id=2753):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000740)=@filter={'filter\x00', 0x42, 0x4, 0x328, 0xffffffff, 0x198, 0x198, 0x198, 0xffffffff, 0xffffffff, 0x290, 0x290, 0x290, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@inet=@socket3={{0x28, 'socket\x00', 0x2}}, @common=@unspec=@addrtype1={{0x28}}]}, @REJECT={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@statistic={{0x38}, {0x0, 0x2000}}, @common=@ttl={{0x28}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x2c, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xffffffffffffff37}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40404}, 0x100)

397.922611ms ago: executing program 0 (id=2754):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000002235fdd732e30095c9a500000000e980f35c14a4d52f4600dd2295327b9fee926cd594bb1d90a65336464908a0d4207028bcbe640ca269c55cf623a100000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000140)={0x2, 0x88, "6efd823ea3f8bc0e2e30a9e36dd9ed6141b0310fb58cc584d272518024383869069c526ef6a5ae455dc2b6aee321312f2f646024a6e55c705d1256687b9041261e227a96b798ac7c3d17b4dcb943a932f1363ddbb4a2b77d9f7cf20df51c853cdc843ba2d2afb646c8f72a1cea0b860310c9170008bbd69c9654b6d1ee7be506c965c1e55cc7498a"})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x1d, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000540000000000000006000000678608001000000095000000000000002c2a1000080000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000100000085000000060000001830000005000000000000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018200000", @ANYRES32, @ANYBLOB="00000000a6cd00001858000002000000000000000000000018250000", @ANYRES32, @ANYBLOB="000000000400000018100000", @ANYRES32, @ANYBLOB="00000000000000f29500000000001f20"], &(0x7f0000000300)='syzkaller\x00', 0x5, 0x78, &(0x7f00000005c0)=""/120, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xf, 0x9, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000200)='cachefiles_vol_coherency\x00', r1}, 0x3c)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
close(r3)
close(r2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000340)="07000000010000", 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x8)
socket$inet_tcp(0x2, 0x1, 0x0)
recvfrom(r5, 0x0, 0x0, 0x10102, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r5, 0x84, 0x1e, &(0x7f0000000080), &(0x7f0000000100)=0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000068000000060a010400000000000000000100000008000b4000000000400004802800018007000100637400001c000280080001400000000108000240000000090500030000000000140001800a0001007265646972000000040002800900010073797a30"], 0xdc}, 0x1, 0x0, 0x0, 0x5090}, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
setsockopt$inet_int(r6, 0x0, 0xe, &(0x7f00000009c0)=0x1234, 0x4)

332.252385ms ago: executing program 3 (id=2755):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
unshare(0x22020400)
write$cgroup_int(r2, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0xfeffff07, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)

122.707578ms ago: executing program 3 (id=2756):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r2, 0x1}, 0x1c}}, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="840000001000010800"/20, @ANYBLOB="040000000000000008002c000400000008001b0000000000540019"], 0x84}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b323675149783ec057ec6d6e8e600b9eced07ddcc56b77d8ea08223"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
r7 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r8, 0x11, 0x64, &(0x7f0000000280)=0x2, 0x4)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000140)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x48, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0xffff, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "6fc9b68afdd885950b27335ac274f67fada255be7e15f72f", "23e523c172dc39cf9b7dcfeb166c9338b5e7150a1dfb048ae4320ed54ea887c7"}}}}}}}, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r6, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r3}, 0x20)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xfff, 0x19801, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003480)={0x6, 0x2, &(0x7f00000001c0)=ANY=[@ANYBLOB="0701000009090c040500feff"], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r10}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000007112330000020000950000040000000039e280516164957482cf10b1e319fc2e44dd90e2e932c45a154b34d10aa47ff1117b34108728f41847cb4a313af7c463367d4b4ca33d30f75dd80c8c958d996a77faf689132d4ee80213e8872a774e1707e18fbb83a7e7e0a84ba3d145c9b64e58687e9a93b6b907dbb8c657f0ff8dbd8076fc0d97eb534a5528c8f28077adaa5996459045d56ef49fa969a9416cb52d9cc50b00afb021b91124eefcd269da6290e82ba4d8cbd3b1a2d4859a032f1e5e6a90d0e9b8d00b748dfb346efb03a93881ccde98ff79736531bf8af3ec8687a53af117c9a2d13c6240d5923f0943fbb08e37459d2ef2bb2518d20c17a875a69a8ccfc848e295a298c3db194f18705d5a7bcdf5bdbc6e36d31a1cb11afe0386c2041423e34a51de86bef2aa7a7d7198c78e1d2cc3d14554f134e8fb30e2d1b17329366d09e8fde64dc80f9f93327d81cd9916d5303a0efa01975be7b35c79ebc64f9fe9fa747a949b35ddbaebba2b1f57111459ad026d3627125fcce4681d090e4507c72c899a682f90a43a57978a2d8c94f7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r9, &(0x7f0000000000), &(0x7f0000000340)=""/71}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200))
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000), 0x8)

0s ago: executing program 4 (id=2757):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close(r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010000000000000000000a00000000004e2200000000ff00"/56, @ANYRES32=0x0, @ANYBLOB="010000000000000000000000000000000800030011"], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x0) (fail_nth: 2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x22, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, <r4=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r4}, &(0x7f0000000080), &(0x7f00000000c0)=r2}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100feffffff000000008900000008000300", @ANYRES32, @ANYBLOB="180006"], 0x34}}, 0x0)

kernel console output (not intermixed with test programs):

2.326241][T11993]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.331496][T11993]  ? __pfx__printk+0x10/0x10
[  272.336145][T11993]  ? __pfx_lock_acquire+0x10/0x10
[  272.341214][T11993]  ? nf_ct_pernet+0x45/0x270
[  272.345846][T11993]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  272.351863][T11993]  should_fail_ex+0x3b0/0x4e0
[  272.356575][T11993]  should_failslab+0xac/0x100
[  272.361301][T11993]  ? __nf_conntrack_alloc+0x8f/0x380
[  272.366610][T11993]  kmem_cache_alloc_noprof+0x70/0x380
[  272.372011][T11993]  __nf_conntrack_alloc+0x8f/0x380
[  272.377225][T11993]  init_conntrack+0x3c3/0x1310
[  272.382008][T11993]  ? __pfx_init_conntrack+0x10/0x10
[  272.387222][T11993]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  272.393216][T11993]  ? __local_bh_enable_ip+0x168/0x200
[  272.398617][T11993]  nf_conntrack_in+0xd5c/0x1890
[  272.403541][T11993]  ? __pfx_nf_conntrack_in+0x10/0x10
[  272.408868][T11993]  ? ipt_do_table+0x312/0x1860
[  272.413675][T11993]  ? __pfx_ipt_do_table+0x10/0x10
[  272.418719][T11993]  ? ipv4_conntrack_defrag+0x2a2/0x5a0
[  272.424201][T11993]  ? ipv4_conntrack_local+0x120/0x200
[  272.429596][T11993]  ? __pfx_ipv4_conntrack_local+0x10/0x10
[  272.435343][T11993]  nf_hook_slow+0xc3/0x220
[  272.439807][T11993]  ? __pfx_dst_output+0x10/0x10
[  272.444679][T11993]  nf_hook+0x2c4/0x450
[  272.448766][T11993]  ? nf_hook+0x9e/0x450
[  272.452931][T11993]  ? __pfx_nf_hook+0x10/0x10
[  272.457548][T11993]  ? __pfx_dst_output+0x10/0x10
[  272.462455][T11993]  ? ip_setup_cork+0x4e0/0x9c0
[  272.467270][T11993]  ? ip_fast_csum+0x1f4/0x2b0
[  272.471998][T11993]  __ip_local_out+0x3d9/0x4e0
[  272.476728][T11993]  ? __pfx_dst_output+0x10/0x10
[  272.481632][T11993]  ip_send_skb+0x4a/0x100
[  272.486008][T11993]  udp_send_skb+0xab6/0x1630
[  272.490672][T11993]  udp_sendmsg+0x1c09/0x2a50
[  272.495329][T11993]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  272.500923][T11993]  ? __pfx_udp_sendmsg+0x10/0x10
[  272.505916][T11993]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  272.511960][T11993]  ? irqentry_exit+0x63/0x90
[  272.516611][T11993]  ? inet_sendmsg+0x2ba/0x390
[  272.521346][T11993]  __sock_sendmsg+0x1a6/0x270
[  272.526076][T11993]  ____sys_sendmsg+0x52a/0x7e0
[  272.530901][T11993]  ? __pfx_____sys_sendmsg+0x10/0x10
[  272.536238][T11993]  ? __fget_files+0x2a/0x410
[  272.540878][T11993]  ? __fget_files+0x2a/0x410
[  272.545507][T11993]  __sys_sendmmsg+0x36a/0x720
[  272.550212][T11993]  ? __pfx___sys_sendmmsg+0x10/0x10
[  272.555460][T11993]  ? __pfx_lock_release+0x10/0x10
[  272.560541][T11993]  ? kstrtouint_from_user+0x128/0x190
[  272.566008][T11993]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  272.571922][T11993]  ? ksys_write+0x22a/0x2b0
[  272.576455][T11993]  ? __pfx_lock_release+0x10/0x10
[  272.581527][T11993]  ? vfs_write+0x730/0xd30
[  272.585979][T11993]  ? __mutex_unlock_slowpath+0x21e/0x790
[  272.591657][T11993]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  272.597664][T11993]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  272.604030][T11993]  ? do_syscall_64+0x100/0x230
[  272.608832][T11993]  __x64_sys_sendmmsg+0xa0/0xb0
[  272.613741][T11993]  do_syscall_64+0xf3/0x230
[  272.618304][T11993]  ? clear_bhb_loop+0x35/0x90
[  272.623027][T11993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.628977][T11993] RIP: 0033:0x7fa83b37fed9
[  272.633430][T11993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.653088][T11993] RSP: 002b:00007fa83c186058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  272.661567][T11993] RAX: ffffffffffffffda RBX: 00007fa83b545fa0 RCX: 00007fa83b37fed9
[  272.669590][T11993] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
[  272.677624][T11993] RBP: 00007fa83c1860a0 R08: 0000000000000000 R09: 0000000000000000
[  272.685648][T11993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.693665][T11993] R13: 0000000000000000 R14: 00007fa83b545fa0 R15: 00007ffceddc5b68
[  272.701683][T11993]  </TASK>
[  272.734362][ T5202] udevd[5202]: worker [5846] /devices/virtual/block/nbd3 is taking a long time
[  272.868423][T12006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2060'.
[  272.916220][T12011] netlink: 'syz.0.2061': attribute type 1 has an invalid length.
[  272.953271][T12012] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  272.975406][T12011] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2061'.
[  273.014599][T12006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2060'.
[  273.034696][T12016] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2062'.
[  273.037066][T12006] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2060'.
[  273.087320][ T5841] block nbd7: Receive control failed (result -107)
[  273.176081][T12006] nbd7: detected capacity change from 0 to 256
[  273.195454][ T5847] block nbd7: Dead connection, failed to find a fallback
[  273.202578][ T5847] block nbd7: shutting down sockets
[  273.243879][ T5847] blk_print_req_error: 27 callbacks suppressed
[  273.243904][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.299626][ T5847] buffer_io_error: 27 callbacks suppressed
[  273.299647][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.345620][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.401950][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.403869][T12028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  273.412469][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.417052][T12028] IPv6: NLM_F_CREATE should be set when creating new route
[  273.417086][T12028] IPv6: NLM_F_CREATE should be set when creating new route
[  273.457268][T12028] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2068'.
[  273.473135][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.500941][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.545500][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.559220][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.580666][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.612488][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.622245][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.634310][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.644752][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.654008][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.699731][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.724497][ T5847] ldm_validate_partition_table(): Disk read failed.
[  273.731320][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.764628][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.772589][ T5847] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  273.804432][ T5847] Buffer I/O error on dev nbd7, logical block 0, async page read
[  273.812701][ T5847] Dev nbd7: unable to read RDB block 0
[  273.824867][ T5847]  nbd7: unable to read partition table
[  273.837640][ T5847] ldm_validate_partition_table(): Disk read failed.
[  273.861000][ T5847] Dev nbd7: unable to read RDB block 0
[  273.873259][ T5847]  nbd7: unable to read partition table
[  273.991361][T12047] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2074'.
[  274.047680][T12040] lo speed is unknown, defaulting to 1000
[  274.055561][T12040] lo speed is unknown, defaulting to 1000
[  274.309861][T12057] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  274.326016][T12042] lo speed is unknown, defaulting to 1000
[  274.326905][T12057] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  274.348785][T12042] lo speed is unknown, defaulting to 1000
[  274.610927][T12060] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2079'.
[  275.315195][T12089] SET target dimension over the limit!
[  275.488310][T12091] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2090'.
[  275.613843][T12096] vlan2: entered promiscuous mode
[  275.835743][T12100] vlan2: entered promiscuous mode
[  275.849641][T12100] vlan2: entered allmulticast mode
[  276.466401][T12134] netlink: zone id is out of range
[  276.482018][T12134] netlink: zone id is out of range
[  276.493710][T12134] netlink: zone id is out of range
[  276.510207][T12134] netlink: zone id is out of range
[  276.515968][T12134] netlink: zone id is out of range
[  276.521581][T12134] netlink: zone id is out of range
[  276.553841][T12134] netlink: zone id is out of range
[  276.559669][T12134] netlink: zone id is out of range
[  276.619407][T12140] netlink: 'syz.3.2111': attribute type 10 has an invalid length.
[  276.648294][T12140] team0: left promiscuous mode
[  276.668385][T12140] team_slave_0: left promiscuous mode
[  276.684427][T12140] team_slave_1: left promiscuous mode
[  276.686390][T12143] netlink: 'syz.3.2111': attribute type 10 has an invalid length.
[  276.691884][T12140] bridge3: left promiscuous mode
[  276.703988][T12140] team0: left allmulticast mode
[  276.710129][T12140] team_slave_0: left allmulticast mode
[  276.735829][T12140] team_slave_1: left allmulticast mode
[  276.747980][T12140] bridge3: left allmulticast mode
[  276.809982][T12140] batman_adv: batadv0: Adding interface: team0
[  276.820347][T12140] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.864624][T12140] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  276.877559][T12143] team0: entered promiscuous mode
[  276.882745][T12143] team_slave_0: entered promiscuous mode
[  276.889177][T12143] team_slave_1: entered promiscuous mode
[  276.895494][T12143] bridge3: entered promiscuous mode
[  276.902500][T12143] 8021q: adding VLAN 0 to HW filter on device team0
[  276.909935][T12143] batman_adv: batadv0: Interface activated: team0
[  276.916941][T12143] batman_adv: batadv0: Interface deactivated: team0
[  276.924234][T12143] batman_adv: batadv0: Removing interface: team0
[  276.931696][T12143] bridge0: port 4(team0) entered blocking state
[  276.939025][T12143] bridge0: port 4(team0) entered disabled state
[  276.946071][T12143] team0: entered allmulticast mode
[  276.951380][T12143] team_slave_0: entered allmulticast mode
[  276.957869][T12143] team_slave_1: entered allmulticast mode
[  276.963770][T12143] bridge3: entered allmulticast mode
[  276.972500][T12143] bridge0: port 4(team0) entered blocking state
[  276.978926][T12143] bridge0: port 4(team0) entered forwarding state
[  277.000323][T12154] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.049618][T12153] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.250008][T12162] x_tables: duplicate underflow at hook 1
[  277.412971][T12173] __nla_validate_parse: 5 callbacks suppressed
[  277.412997][T12173] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2123'.
[  277.438413][T12172] tun0: tun_chr_ioctl cmd 2148553947
[  277.629621][T12180] netlink: 'syz.0.2126': attribute type 2 has an invalid length.
[  277.812800][T12193] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.862102][T12193] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.886857][T12196] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  277.894607][T12196] macvlan2: entered allmulticast mode
[  277.901698][T12196] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[  277.940707][T12193] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.023094][T12193] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.041631][T12200] x_tables: duplicate underflow at hook 1
[  278.110790][T12193] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.128722][T12193] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.143185][T12193] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.157450][T12193] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.333996][T12209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2136'.
[  278.594584][T12217] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2139'.
[  278.684704][T12222] x_tables: duplicate underflow at hook 1
[  278.750288][T12228] netlink: 'syz.1.2145': attribute type 8 has an invalid length.
[  278.872760][T12234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2147'.
[  278.894621][T12235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2148'.
[  278.929354][T12235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2148'.
[  279.358167][T12259] FAULT_INJECTION: forcing a failure.
[  279.358167][T12259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.379260][T12259] CPU: 1 UID: 0 PID: 12259 Comm: syz.0.2155 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  279.390097][T12259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  279.400205][T12259] Call Trace:
[  279.403523][T12259]  <TASK>
[  279.406489][T12259]  dump_stack_lvl+0x241/0x360
[  279.411222][T12259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.416477][T12259]  ? __pfx__printk+0x10/0x10
[  279.421126][T12259]  ? __pfx_lock_release+0x10/0x10
[  279.426211][T12259]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  279.432331][T12259]  should_fail_ex+0x3b0/0x4e0
[  279.437060][T12259]  _copy_from_user+0x2f/0xc0
[  279.441712][T12259]  copy_msghdr_from_user+0xae/0x680
[  279.446959][T12259]  ? exc_page_fault+0x590/0x8b0
[  279.451856][T12259]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  279.457701][T12259]  __sys_sendmmsg+0x32b/0x720
[  279.462404][T12259]  ? __pfx___sys_sendmmsg+0x10/0x10
[  279.467631][T12259]  ? __pfx_lock_release+0x10/0x10
[  279.472668][T12259]  ? kstrtouint_from_user+0x128/0x190
[  279.478074][T12259]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  279.483989][T12259]  ? ksys_write+0x22a/0x2b0
[  279.488509][T12259]  ? __pfx_lock_release+0x10/0x10
[  279.493647][T12259]  ? vfs_write+0x730/0xd30
[  279.498083][T12259]  ? __mutex_unlock_slowpath+0x21e/0x790
[  279.503796][T12259]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  279.509793][T12259]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  279.516148][T12259]  ? do_syscall_64+0x100/0x230
[  279.520935][T12259]  __x64_sys_sendmmsg+0xa0/0xb0
[  279.525804][T12259]  do_syscall_64+0xf3/0x230
[  279.530416][T12259]  ? clear_bhb_loop+0x35/0x90
[  279.535106][T12259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.541027][T12259] RIP: 0033:0x7f393ed7fed9
[  279.545450][T12259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.565068][T12259] RSP: 002b:00007f393fb53058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  279.573506][T12259] RAX: ffffffffffffffda RBX: 00007f393ef45fa0 RCX: 00007f393ed7fed9
[  279.581508][T12259] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
[  279.589490][T12259] RBP: 00007f393fb530a0 R08: 0000000000000000 R09: 0000000000000000
[  279.597472][T12259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.605474][T12259] R13: 0000000000000000 R14: 00007f393ef45fa0 R15: 00007ffcdadf6918
[  279.613468][T12259]  </TASK>
[  279.644333][ T5141] Bluetooth: hci4: command 0x0405 tx timeout
[  279.802237][T12265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2158'.
[  279.881911][T12268] netlink: 'syz.2.2159': attribute type 8 has an invalid length.
[  279.969335][T12271] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2160'.
[  280.069397][T12276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2160'.
[  280.309297][T12287] net_ratelimit: 45 callbacks suppressed
[  280.309322][T12287] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  280.525520][T12295] netlink: 'syz.1.2168': attribute type 7 has an invalid length.
[  280.533324][T12295] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2168'.
[  280.791649][T12301] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  281.371319][T12316] xt_l2tp: missing protocol rule (udp|l2tpip)
[  282.267922][T12343] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  282.288233][T12343] macvlan2: entered allmulticast mode
[  282.322383][T12343] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  282.459426][T12349] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  282.480289][T12352] netlink: 'syz.1.2188': attribute type 10 has an invalid length.
[  282.485062][T12349] macvlan3: entered allmulticast mode
[  282.491735][T12352] __nla_validate_parse: 3 callbacks suppressed
[  282.491755][T12352] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2188'.
[  282.510344][T12349] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  282.977305][T12367] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2194'.
[  283.053713][T12361] x_tables: duplicate underflow at hook 1
[  283.260890][T12367] netlink: 'syz.0.2194': attribute type 1 has an invalid length.
[  283.308219][T12367] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2194'.
[  283.710892][T12394] x_tables: duplicate underflow at hook 1
[  283.905657][T12400] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2204'.
[  283.934401][T12400] netlink: 67 bytes leftover after parsing attributes in process `syz.1.2204'.
[  283.943678][T12401] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2204'.
[  283.961606][T12401] netlink: 67 bytes leftover after parsing attributes in process `syz.1.2204'.
[  284.047018][T12401] sctp: [Deprecated]: syz.1.2204 (pid 12401) Use of int in max_burst socket option deprecated.
[  284.047018][T12401] Use struct sctp_assoc_value instead
[  284.251549][T12412] syz.0.2209 uses old SIOCAX25GETINFO
[  284.762373][T12426] SET target dimension over the limit!
[  284.940184][T12433] xt_l2tp: missing protocol rule (udp|l2tpip)
[  285.087145][T12435] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2218'.
[  285.123777][T12435] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2218'.
[  285.127815][T12443] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  285.461127][T12456] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  285.483677][T12456] macvlan2: entered allmulticast mode
[  285.513280][T12456] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  285.746921][T12472] FAULT_INJECTION: forcing a failure.
[  285.746921][T12472] name failslab, interval 1, probability 0, space 0, times 0
[  285.762927][T12472] CPU: 1 UID: 0 PID: 12472 Comm: syz.2.2229 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  285.773783][T12472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  285.784234][T12472] Call Trace:
[  285.787567][T12472]  <TASK>
[  285.790587][T12472]  dump_stack_lvl+0x241/0x360
[  285.795344][T12472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  285.800617][T12472]  ? __pfx__printk+0x10/0x10
[  285.805268][T12472]  ? netlink_broadcast_filtered+0x1260/0x12a0
[  285.811396][T12472]  should_fail_ex+0x3b0/0x4e0
[  285.816130][T12472]  should_failslab+0xac/0x100
[  285.820862][T12472]  kmem_cache_alloc_node_noprof+0x77/0x380
[  285.826714][T12472]  ? __alloc_skb+0x1c3/0x440
[  285.831326][T12472]  __alloc_skb+0x1c3/0x440
[  285.835762][T12472]  ? __pfx___alloc_skb+0x10/0x10
[  285.840713][T12472]  ? xfrm_policy_insert+0x665/0x940
[  285.845927][T12472]  ? _local_bh_enable+0x60/0xb0
[  285.850798][T12472]  ? pfkey_xfrm_policy2msg_size+0x5c5/0x7e0
[  285.856723][T12472]  pfkey_send_policy_notify+0x14c/0x920
[  285.862290][T12472]  ? __pfx_pfkey_send_policy_notify+0x10/0x10
[  285.868383][T12472]  km_policy_notify+0x126/0x210
[  285.873250][T12472]  ? km_policy_notify+0x2e/0x210
[  285.878204][T12472]  xfrm_add_policy+0x54c/0x980
[  285.882990][T12472]  ? __pfx_xfrm_add_policy+0x10/0x10
[  285.888319][T12472]  ? apparmor_capable+0x13b/0x1b0
[  285.893364][T12472]  ? __nla_parse+0x40/0x60
[  285.897803][T12472]  xfrm_user_rcv_msg+0x890/0xb90
[  285.902765][T12472]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  285.908260][T12472]  ? __mutex_trylock_common+0x183/0x2e0
[  285.913826][T12472]  ? __pfx___might_resched+0x10/0x10
[  285.919125][T12472]  ? __pfx___mutex_trylock_common+0x10/0x10
[  285.925048][T12472]  netlink_rcv_skb+0x1e3/0x430
[  285.929825][T12472]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  285.935746][T12472]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  285.941066][T12472]  xfrm_netlink_rcv+0x79/0x90
[  285.945762][T12472]  netlink_unicast+0x7f6/0x990
[  285.950558][T12472]  ? __pfx_netlink_unicast+0x10/0x10
[  285.955870][T12472]  ? __virt_addr_valid+0x183/0x530
[  285.961000][T12472]  ? __check_object_size+0x48e/0x900
[  285.966314][T12472]  netlink_sendmsg+0x8e4/0xcb0
[  285.971103][T12472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.976408][T12472]  ? aa_sock_msg_perm+0x91/0x160
[  285.981729][T12472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.987030][T12472]  __sock_sendmsg+0x221/0x270
[  285.991768][T12472]  ____sys_sendmsg+0x52a/0x7e0
[  285.996584][T12472]  ? __pfx_____sys_sendmsg+0x10/0x10
[  286.001910][T12472]  ? __fget_files+0x2a/0x410
[  286.006536][T12472]  ? __fget_files+0x2a/0x410
[  286.011157][T12472]  __sys_sendmsg+0x269/0x350
[  286.015777][T12472]  ? __pfx_lock_release+0x10/0x10
[  286.020826][T12472]  ? __pfx___sys_sendmsg+0x10/0x10
[  286.025968][T12472]  ? __pfx_vfs_write+0x10/0x10
[  286.030769][T12472]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.037112][T12472]  ? do_syscall_64+0x100/0x230
[  286.041898][T12472]  ? do_syscall_64+0xb6/0x230
[  286.046599][T12472]  do_syscall_64+0xf3/0x230
[  286.051129][T12472]  ? clear_bhb_loop+0x35/0x90
[  286.055821][T12472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.061741][T12472] RIP: 0033:0x7fb08657fed9
[  286.066171][T12472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.085800][T12472] RSP: 002b:00007fb087325058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  286.094239][T12472] RAX: ffffffffffffffda RBX: 00007fb086745fa0 RCX: 00007fb08657fed9
[  286.102230][T12472] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  286.110208][T12472] RBP: 00007fb0873250a0 R08: 0000000000000000 R09: 0000000000000000
[  286.118194][T12472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  286.126192][T12472] R13: 0000000000000000 R14: 00007fb086745fa0 R15: 00007ffc22ed6ad8
[  286.134193][T12472]  </TASK>
[  286.613370][T12497] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2237'.
[  287.025634][T12474] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  287.500005][T12528] bridge0: port 4(team0) entered disabled state
[  287.510227][T12528] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.569117][T12543] netlink: 'syz.0.2253': attribute type 1 has an invalid length.
[  287.614500][T12528] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.621770][T12528] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.648736][T12540] bridge0: port 4(team0) entered blocking state
[  287.655204][T12540] bridge0: port 4(team0) entered forwarding state
[  287.746604][T12549] __nla_validate_parse: 5 callbacks suppressed
[  287.746629][T12549] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2255'.
[  287.779065][T12549] bridge4: entered promiscuous mode
[  287.785207][T12549] bridge4: entered allmulticast mode
[  287.791133][T12549] team0: Port device bridge4 added
[  288.919294][T12584] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2269'.
[  289.170306][T12596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2275'.
[  289.182847][T12596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2275'.
[  289.201387][T12596] netlink: 'syz.4.2275': attribute type 14 has an invalid length.
[  289.211536][T12596] netlink: 'syz.4.2275': attribute type 13 has an invalid length.
[  289.356300][T12603] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  289.542333][T12609] FAULT_INJECTION: forcing a failure.
[  289.542333][T12609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.555967][T12609] CPU: 0 UID: 0 PID: 12609 Comm: syz.2.2279 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  289.566777][T12609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  289.576851][T12609] Call Trace:
[  289.580139][T12609]  <TASK>
[  289.583081][T12609]  dump_stack_lvl+0x241/0x360
[  289.587783][T12609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.592997][T12609]  ? __pfx__printk+0x10/0x10
[  289.597629][T12609]  should_fail_ex+0x3b0/0x4e0
[  289.602352][T12609]  _copy_from_user+0x2f/0xc0
[  289.606967][T12609]  bpf_test_init+0x11f/0x180
[  289.611571][T12609]  bpf_prog_test_run_xdp+0x48e/0x11e0
[  289.616965][T12609]  ? __pfx_lock_release+0x10/0x10
[  289.622014][T12609]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  289.627832][T12609]  ? __fget_files+0x2a/0x410
[  289.632434][T12609]  ? __fget_files+0x2a/0x410
[  289.637038][T12609]  ? fput+0x21b/0x290
[  289.641026][T12609]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  289.646847][T12609]  bpf_prog_test_run+0x2e4/0x360
[  289.651809][T12609]  __sys_bpf+0x48d/0x810
[  289.656066][T12609]  ? __pfx___sys_bpf+0x10/0x10
[  289.660852][T12609]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.666847][T12609]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  289.673192][T12609]  ? do_syscall_64+0x100/0x230
[  289.677980][T12609]  __x64_sys_bpf+0x7c/0x90
[  289.682417][T12609]  do_syscall_64+0xf3/0x230
[  289.686942][T12609]  ? clear_bhb_loop+0x35/0x90
[  289.691643][T12609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.697558][T12609] RIP: 0033:0x7fb08657fed9
[  289.701987][T12609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.721676][T12609] RSP: 002b:00007fb087325058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  289.730105][T12609] RAX: ffffffffffffffda RBX: 00007fb086745fa0 RCX: 00007fb08657fed9
[  289.738111][T12609] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a
[  289.746093][T12609] RBP: 00007fb0873250a0 R08: 0000000000000000 R09: 0000000000000000
[  289.754075][T12609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.762062][T12609] R13: 0000000000000000 R14: 00007fb086745fa0 R15: 00007ffc22ed6ad8
[  289.770059][T12609]  </TASK>
[  290.122257][T12619] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2283'.
[  290.211204][T12621] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  290.228882][T12621] syzkaller0: entered promiscuous mode
[  290.243202][T12621] syzkaller0: entered allmulticast mode
[  292.219532][T12622] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  292.562241][T12648] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  292.578958][T12655] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2294'.
[  292.602767][T12655] tipc: Cannot configure node identity twice
[  293.305633][T12700] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2309'.
[  293.326451][T12701] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2309'.
[  293.425636][T12704] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode
[  293.433069][T12704] macvlan4: entered allmulticast mode
[  293.446864][T12704] mac80211_hwsim hwsim3 wlan0: left promiscuous mode
[  293.558628][T12709] xt_SECMARK: invalid mode: 0
[  293.686051][T12713] netlink: 99 bytes leftover after parsing attributes in process `syz.1.2313'.
[  293.971918][T12724] netlink: 'syz.1.2318': attribute type 1 has an invalid length.
[  294.012507][T12724] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2318'.
[  294.016782][T12693] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  294.159477][T12732] xt_hashlimit: overflow, try lower: 18446744073709551615/2047
[  294.172315][T12732] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2320'.
[  294.353156][T12743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.380808][T12743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.409907][T12744] netlink: 'syz.2.2326': attribute type 7 has an invalid length.
[  294.663405][T12753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2331'.
[  294.752146][T12759] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2333'.
[  294.774344][T12759] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2333'.
[  294.857647][T12762] FAULT_INJECTION: forcing a failure.
[  294.857647][T12762] name failslab, interval 1, probability 0, space 0, times 0
[  294.870737][T12762] CPU: 0 UID: 0 PID: 12762 Comm: syz.1.2336 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  294.881556][T12762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  294.891656][T12762] Call Trace:
[  294.894968][T12762]  <TASK>
[  294.897939][T12762]  dump_stack_lvl+0x241/0x360
[  294.902693][T12762]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.907951][T12762]  ? __pfx__printk+0x10/0x10
[  294.912696][T12762]  ? fs_reclaim_acquire+0x93/0x130
[  294.917861][T12762]  ? __pfx___might_resched+0x10/0x10
[  294.923266][T12762]  should_fail_ex+0x3b0/0x4e0
[  294.928060][T12762]  should_failslab+0xac/0x100
[  294.932761][T12762]  __kmalloc_noprof+0xdd/0x4c0
[  294.937548][T12762]  ? kstrtouint_from_user+0x128/0x190
[  294.942971][T12762]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  294.948716][T12762]  tomoyo_realpath_from_path+0xcf/0x5e0
[  294.954292][T12762]  tomoyo_path_number_perm+0x236/0x860
[  294.959792][T12762]  ? __lock_acquire+0x1397/0x2100
[  294.964836][T12762]  ? tomoyo_path_number_perm+0x206/0x860
[  294.970589][T12762]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  294.976909][T12762]  ? __fget_files+0x2a/0x410
[  294.981669][T12762]  ? __fget_files+0x2a/0x410
[  294.986290][T12762]  security_file_ioctl+0xc6/0x2a0
[  294.991343][T12762]  __se_sys_ioctl+0x46/0x170
[  294.995952][T12762]  do_syscall_64+0xf3/0x230
[  295.000479][T12762]  ? clear_bhb_loop+0x35/0x90
[  295.005177][T12762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.011095][T12762] RIP: 0033:0x7f3b2717fed9
[  295.015528][T12762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.035305][T12762] RSP: 002b:00007f3b27ef0058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  295.043769][T12762] RAX: ffffffffffffffda RBX: 00007f3b27345fa0 RCX: 00007f3b2717fed9
[  295.051791][T12762] RDX: 0000000000000000 RSI: 00000000400448c9 RDI: 0000000000000008
[  295.059802][T12762] RBP: 00007f3b27ef00a0 R08: 0000000000000000 R09: 0000000000000000
[  295.067819][T12762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.075814][T12762] R13: 0000000000000000 R14: 00007f3b27345fa0 R15: 00007ffcdf5eeb98
[  295.083820][T12762]  </TASK>
[  295.169557][T12762] ERROR: Out of memory at tomoyo_realpath_from_path.
[  295.222575][T12765] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  295.229332][T12762] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  295.270349][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2340'.
[  295.325096][T12771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2340'.
[  295.336634][T12776] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  295.380673][ T5841] block nbd8: Receive control failed (result -107)
[  295.444694][T12771] nbd8: detected capacity change from 0 to 256
[  295.494629][ T5847] block nbd8: Dead connection, failed to find a fallback
[  295.621522][T12788] sctp: [Deprecated]: syz.0.2348 (pid 12788) Use of int in max_burst socket option deprecated.
[  295.621522][T12788] Use struct sctp_assoc_value instead
[  295.788608][T12800] xt_socket: unknown flags 0x4
[  296.026335][T12807] netlink: 'syz.3.2352': attribute type 3 has an invalid length.
[  296.041678][T12807] netlink: 'syz.3.2352': attribute type 3 has an invalid length.
[  296.632220][T12821] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  296.640014][T12821] macvlan2: entered allmulticast mode
[  296.658188][T12821] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[  297.251429][T12843] FAULT_INJECTION: forcing a failure.
[  297.251429][T12843] name failslab, interval 1, probability 0, space 0, times 0
[  297.279447][T12843] CPU: 0 UID: 0 PID: 12843 Comm: syz.2.2363 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  297.290304][T12843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  297.300413][T12843] Call Trace:
[  297.303741][T12843]  <TASK>
[  297.306720][T12843]  dump_stack_lvl+0x241/0x360
[  297.311468][T12843]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.316714][T12843]  ? __pfx__printk+0x10/0x10
[  297.321362][T12843]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  297.326777][T12843]  ? __pfx___might_resched+0x10/0x10
[  297.332116][T12843]  should_fail_ex+0x3b0/0x4e0
[  297.336845][T12843]  should_failslab+0xac/0x100
[  297.341584][T12843]  __kmalloc_node_noprof+0xe1/0x4d0
[  297.346852][T12843]  ? __kasan_kmalloc+0x98/0xb0
[  297.351653][T12843]  ? __kvmalloc_node_noprof+0x72/0x190
[  297.357163][T12843]  __kvmalloc_node_noprof+0x72/0x190
[  297.362549][T12843]  page_pool_create_percpu+0x2ca/0xa00
[  297.368079][T12843]  bpf_test_run_xdp_live+0x2e6/0x21f0
[  297.373502][T12843]  ? bpf_dispatcher_change_prog+0xd96/0xf20
[  297.379453][T12843]  ? __pfx_lock_release+0x10/0x10
[  297.384526][T12843]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  297.389853][T12843]  ? __pfx___might_resched+0x10/0x10
[  297.395158][T12843]  ? __mutex_unlock_slowpath+0x21e/0x790
[  297.400870][T12843]  ? __pfx_autoremove_wake_function+0x10/0x10
[  297.407017][T12843]  ? __mutex_unlock_slowpath+0x21e/0x790
[  297.412702][T12843]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  297.418550][T12843]  ? synchronize_rcu+0x11b/0x360
[  297.423541][T12843]  ? __pfx_synchronize_rcu+0x10/0x10
[  297.428887][T12843]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
[  297.435155][T12843]  ? 0xffffffffa0000a0c
[  297.439326][T12843]  ? 0xffffffffa0000a50
[  297.443490][T12843]  ? 0xffffffffa0001108
[  297.447657][T12843]  ? 0xffffffffa00012d4
[  297.451843][T12843]  ? 0xffffffffa000130c
[  297.456009][T12843]  ? 0xffffffffa000134c
[  297.460193][T12843]  ? 0xffffffffa00013dc
[  297.464362][T12843]  ? 0xffffffffa0001bd4
[  297.468538][T12843]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  297.474462][T12843]  ? _copy_from_user+0x99/0xc0
[  297.479246][T12843]  ? bpf_test_init+0x15a/0x180
[  297.484020][T12843]  ? xdp_convert_md_to_buff+0x5b/0x330
[  297.489513][T12843]  bpf_prog_test_run_xdp+0x805/0x11e0
[  297.494909][T12843]  ? __pfx_lock_release+0x10/0x10
[  297.499962][T12843]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  297.505808][T12843]  ? __fget_files+0x2a/0x410
[  297.510411][T12843]  ? __fget_files+0x2a/0x410
[  297.515014][T12843]  ? fput+0x21b/0x290
[  297.519011][T12843]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  297.524835][T12843]  bpf_prog_test_run+0x2e4/0x360
[  297.529789][T12843]  __sys_bpf+0x48d/0x810
[  297.534050][T12843]  ? __pfx___sys_bpf+0x10/0x10
[  297.538846][T12843]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  297.544847][T12843]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  297.551189][T12843]  ? do_syscall_64+0x100/0x230
[  297.555987][T12843]  __x64_sys_bpf+0x7c/0x90
[  297.560426][T12843]  do_syscall_64+0xf3/0x230
[  297.564967][T12843]  ? clear_bhb_loop+0x35/0x90
[  297.569664][T12843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.575614][T12843] RIP: 0033:0x7fb08657fed9
[  297.580041][T12843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.599663][T12843] RSP: 002b:00007fb087325058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  297.608092][T12843] RAX: ffffffffffffffda RBX: 00007fb086745fa0 RCX: 00007fb08657fed9
[  297.616073][T12843] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a
[  297.624057][T12843] RBP: 00007fb0873250a0 R08: 0000000000000000 R09: 0000000000000000
[  297.632045][T12843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.640053][T12843] R13: 0000000000000000 R14: 00007fb086745fa0 R15: 00007ffc22ed6ad8
[  297.648055][T12843]  </TASK>
[  297.674382][T12843] page_pool_create_percpu() gave up with errno -12
[  298.104455][T12868] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  298.206514][T12871] syzkaller0: entered promiscuous mode
[  298.212168][T12871] syzkaller0: entered allmulticast mode
[  298.339722][T12878] x_tables: duplicate underflow at hook 1
[  298.478622][T12884] FAULT_INJECTION: forcing a failure.
[  298.478622][T12884] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  298.519067][T12884] CPU: 0 UID: 0 PID: 12884 Comm: syz.0.2380 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  298.529915][T12884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  298.540029][T12884] Call Trace:
[  298.543348][T12884]  <TASK>
[  298.546319][T12884]  dump_stack_lvl+0x241/0x360
[  298.551056][T12884]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.556309][T12884]  ? __pfx__printk+0x10/0x10
[  298.560978][T12884]  should_fail_ex+0x3b0/0x4e0
[  298.565710][T12884]  prepare_alloc_pages+0x1da/0x5b0
[  298.570883][T12884]  __alloc_pages_noprof+0x16f/0x710
[  298.576129][T12884]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  298.581888][T12884]  alloc_pages_mpol_noprof+0x3e8/0x680
[  298.587385][T12884]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  298.593399][T12884]  vma_alloc_folio_noprof+0x12e/0x230
[  298.598794][T12884]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  298.604710][T12884]  ? do_raw_spin_unlock+0x13c/0x8b0
[  298.609928][T12884]  folio_prealloc+0x2e/0x170
[  298.614535][T12884]  do_wp_page+0x11c4/0x5160
[  298.619077][T12884]  ? __pfx_do_wp_page+0x10/0x10
[  298.623971][T12884]  ? __pfx_lock_acquire+0x10/0x10
[  298.629028][T12884]  ? rcu_is_watching+0x15/0xb0
[  298.633834][T12884]  ? do_raw_spin_lock+0x14f/0x370
[  298.638882][T12884]  ? __pfx___pte_offset_map+0x10/0x10
[  298.644305][T12884]  ? ip_finish_output2+0xa14/0x1390
[  298.649538][T12884]  handle_pte_fault+0x111e/0x68a0
[  298.654600][T12884]  ? __pfx_validate_chain+0x10/0x10
[  298.659821][T12884]  ? ip_skb_dst_mtu+0x6ba/0x9b0
[  298.664689][T12884]  ? __pfx_handle_pte_fault+0x10/0x10
[  298.670080][T12884]  ? __lock_acquire+0x1397/0x2100
[  298.675158][T12884]  ? mt_find+0x2a9/0x920
[  298.679509][T12884]  ? __pfx_lock_release+0x10/0x10
[  298.684559][T12884]  handle_mm_fault+0x1106/0x1bb0
[  298.689507][T12884]  ? mt_find+0x2a9/0x920
[  298.693787][T12884]  ? __pfx_handle_mm_fault+0x10/0x10
[  298.699105][T12884]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.705454][T12884]  ? lock_mm_and_find_vma+0x9c/0x2f0
[  298.710753][T12884]  exc_page_fault+0x2b9/0x8b0
[  298.715453][T12884]  asm_exc_page_fault+0x26/0x30
[  298.720336][T12884] RIP: 0010:__put_user_4+0x11/0x20
[  298.725466][T12884] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
[  298.745092][T12884] RSP: 0018:ffffc9000fdbf9b8 EFLAGS: 00050202
[  298.751204][T12884] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020008038
[  298.759199][T12884] RDX: 0000000020008000 RSI: ffffffff8c0aa880 RDI: ffffffff8c5f63e0
[  298.767209][T12884] RBP: ffffc9000fdbfed0 R08: ffffffff90195277 R09: 1ffffffff2032a4e
[  298.775247][T12884] R10: dffffc0000000000 R11: fffffbfff2032a4f R12: 0000000000000400
[  298.783241][T12884] R13: dffffc0000000000 R14: ffffc9000fdbfd20 R15: 1ffff92001fb7f48
[  298.791283][T12884]  __sys_sendmmsg+0x4de/0x720
[  298.796002][T12884]  ? __pfx___sys_sendmmsg+0x10/0x10
[  298.801235][T12884]  ? __pfx_lock_release+0x10/0x10
[  298.806279][T12884]  ? kstrtouint_from_user+0x128/0x190
[  298.811739][T12884]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  298.817695][T12884]  ? ksys_write+0x22a/0x2b0
[  298.822230][T12884]  ? __pfx_lock_release+0x10/0x10
[  298.827307][T12884]  ? vfs_write+0x730/0xd30
[  298.831764][T12884]  ? __mutex_unlock_slowpath+0x21e/0x790
[  298.837445][T12884]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  298.843489][T12884]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.849877][T12884]  ? do_syscall_64+0x100/0x230
[  298.854694][T12884]  __x64_sys_sendmmsg+0xa0/0xb0
[  298.859602][T12884]  do_syscall_64+0xf3/0x230
[  298.864259][T12884]  ? clear_bhb_loop+0x35/0x90
[  298.868970][T12884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.874915][T12884] RIP: 0033:0x7f393ed7fed9
[  298.879376][T12884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.899046][T12884] RSP: 002b:00007f393fb53058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  298.907515][T12884] RAX: ffffffffffffffda RBX: 00007f393ef45fa0 RCX: 00007f393ed7fed9
[  298.915517][T12884] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
[  298.923505][T12884] RBP: 00007f393fb530a0 R08: 0000000000000000 R09: 0000000000000000
[  298.931519][T12884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  298.939560][T12884] R13: 0000000000000000 R14: 00007f393ef45fa0 R15: 00007ffcdadf6918
[  298.947586][T12884]  </TASK>
[  300.215644][T12866] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  300.828288][T12865] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  301.100837][T12900] __nla_validate_parse: 7 callbacks suppressed
[  301.100863][T12900] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2388'.
[  301.134447][T12901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2386'.
[  301.170603][T12901] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  301.387086][T12911] FAULT_INJECTION: forcing a failure.
[  301.387086][T12911] name failslab, interval 1, probability 0, space 0, times 0
[  301.400218][T12911] CPU: 0 UID: 0 PID: 12911 Comm: syz.4.2393 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  301.411045][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  301.421148][T12911] Call Trace:
[  301.424465][T12911]  <TASK>
[  301.427432][T12911]  dump_stack_lvl+0x241/0x360
[  301.432172][T12911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.437441][T12911]  ? __pfx__printk+0x10/0x10
[  301.442183][T12911]  ? fs_reclaim_acquire+0x93/0x130
[  301.447351][T12911]  ? __pfx___might_resched+0x10/0x10
[  301.452690][T12911]  ? dynamic_dname+0x141/0x1b0
[  301.457506][T12911]  should_fail_ex+0x3b0/0x4e0
[  301.462211][T12911]  should_failslab+0xac/0x100
[  301.466934][T12911]  __kmalloc_noprof+0xdd/0x4c0
[  301.471718][T12911]  ? tomoyo_encode+0x26f/0x540
[  301.476503][T12911]  tomoyo_encode+0x26f/0x540
[  301.481115][T12911]  ? __pfx_sockfs_dname+0x10/0x10
[  301.486162][T12911]  tomoyo_realpath_from_path+0x59e/0x5e0
[  301.491908][T12911]  tomoyo_path_number_perm+0x236/0x860
[  301.497393][T12911]  ? __lock_acquire+0x1397/0x2100
[  301.502435][T12911]  ? tomoyo_path_number_perm+0x206/0x860
[  301.508103][T12911]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  301.514154][T12911]  ? __fget_files+0x2a/0x410
[  301.518775][T12911]  ? __fget_files+0x2a/0x410
[  301.523382][T12911]  security_file_ioctl+0xc6/0x2a0
[  301.528429][T12911]  __se_sys_ioctl+0x46/0x170
[  301.533038][T12911]  do_syscall_64+0xf3/0x230
[  301.537608][T12911]  ? clear_bhb_loop+0x35/0x90
[  301.542303][T12911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.548303][T12911] RIP: 0033:0x7fddfef7fed9
[  301.552732][T12911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.572531][T12911] RSP: 002b:00007fddffd93058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  301.580969][T12911] RAX: ffffffffffffffda RBX: 00007fddff145fa0 RCX: 00007fddfef7fed9
[  301.589042][T12911] RDX: 0000000000000000 RSI: 00000000400448c9 RDI: 0000000000000008
[  301.597027][T12911] RBP: 00007fddffd930a0 R08: 0000000000000000 R09: 0000000000000000
[  301.605099][T12911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.613175][T12911] R13: 0000000000000000 R14: 00007fddff145fa0 R15: 00007ffcdd5cff68
[  301.621177][T12911]  </TASK>
[  301.626334][T12911] ERROR: Out of memory at tomoyo_realpath_from_path.
[  301.633548][T12911] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  301.641483][T12909] x_tables: duplicate underflow at hook 1
[  301.755160][T12913] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  301.780638][T12920] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2395'.
[  302.092502][ T5141] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  302.102701][ T5141] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  302.111316][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  302.120695][ T5141] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  302.129640][ T5141] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  302.138349][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  302.161711][T12930] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  302.354631][T12936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2401'.
[  302.387021][T12936] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  302.460572][T12940] xt_SECMARK: invalid mode: 0
[  302.553100][T12931] lo speed is unknown, defaulting to 1000
[  302.562816][T12931] lo speed is unknown, defaulting to 1000
[  302.595904][T12942] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2403'.
[  302.753951][T12944] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  302.775160][T12944] macvlan3: entered allmulticast mode
[  302.798688][T12944] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  303.123168][T12957] SET target dimension over the limit!
[  303.132539][T12955] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input8
[  303.292493][T12962] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2409'.
[  303.341054][T12931] chnl_net:caif_netlink_parms(): no params data found
[  303.380014][T12966] netlink: 'syz.0.2410': attribute type 1 has an invalid length.
[  303.392657][T12968] team0: Port device bridge10 added
[  303.416350][T12966] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2410'.
[  303.651361][T12931] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.658867][T12931] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.665668][T12975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2413'.
[  303.667199][T12931] bridge_slave_0: entered allmulticast mode
[  303.682677][T12931] bridge_slave_0: entered promiscuous mode
[  303.692038][T12931] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.699665][T12931] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.707563][T12931] bridge_slave_1: entered allmulticast mode
[  303.715338][T12931] bridge_slave_1: entered promiscuous mode
[  303.733241][T12975] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  303.743011][T12980] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2415'.
[  303.903512][T12931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.916540][T12988] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2418'.
[  303.953655][T12931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.074588][T12988] ip6gretap2: entered promiscuous mode
[  304.093253][T12988] ip6gretap2: entered allmulticast mode
[  304.113051][T12984] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  304.161766][T12984] syzkaller0: entered promiscuous mode
[  304.183515][T12984] syzkaller0: entered allmulticast mode
[  304.214675][ T5841] Bluetooth: hci3: command tx timeout
[  304.215135][T12931] team0: Port device team_slave_0 added
[  304.260254][T12931] team0: Port device team_slave_1 added
[  304.425732][T13008] netlink: 'syz.3.2424': attribute type 8 has an invalid length.
[  304.999949][T13025] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  306.300428][ T5841] Bluetooth: hci3: command tx timeout
[  306.506922][T12931] batman_adv: batadv0: Adding interface: batadv_slave_0
[  306.514354][T12931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.541219][T12931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  306.569893][T13020] 8021q: adding VLAN 0 to HW filter on device macvlan6
[  306.583796][T13023] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  306.603559][T12931] batman_adv: batadv0: Adding interface: batadv_slave_1
[  306.632789][T12931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  306.676591][T12931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.712581][T13031] __nla_validate_parse: 5 callbacks suppressed
[  306.712604][T13031] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2430'.
[  306.881281][T12931] hsr_slave_0: entered promiscuous mode
[  306.898451][T12931] hsr_slave_1: entered promiscuous mode
[  306.927942][T12931] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  306.941947][T12931] Cannot create hsr debugfs directory
[  307.056286][T13035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2432'.
[  307.070429][T13037] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode
[  307.078142][T13037] macvlan7: entered allmulticast mode
[  307.096329][T13037] mac80211_hwsim hwsim3 wlan0: left promiscuous mode
[  307.426538][T13051] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2440'.
[  307.489355][T13055] netlink: 'syz.3.2441': attribute type 1 has an invalid length.
[  307.504184][T13055] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2441'.
[  307.566908][T13051] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  307.721184][T13058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2442'.
[  307.822087][T13064] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.2445'.
[  307.898592][T13067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2448'.
[  307.967870][T13070] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  307.979838][T13070] macvlan5: entered allmulticast mode
[  308.032392][T13070] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[  308.151294][T13072] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2449'.
[  308.374958][ T5841] Bluetooth: hci3: command tx timeout
[  308.382913][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2454'.
[  308.411979][T13091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2453'.
[  308.424765][T13093] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  308.460243][T12931] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  308.513352][T13091] team0: Port device bridge11 added
[  308.540088][T12931] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  308.567514][T12931] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  308.597230][T12931] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  308.679733][T13099] netlink: 'syz.0.2456': attribute type 10 has an invalid length.
[  308.697063][T13099] team0: left allmulticast mode
[  308.702138][T13099] team_slave_0: left allmulticast mode
[  308.718166][T13099] team_slave_1: left allmulticast mode
[  308.728438][T13099] bridge4: left allmulticast mode
[  308.738409][T13099] bridge5: left allmulticast mode
[  308.749352][T13099] bridge8: left allmulticast mode
[  308.749609][T13102] netlink: 'syz.0.2456': attribute type 10 has an invalid length.
[  308.760606][T13099] team0: left promiscuous mode
[  308.785177][T13099] team_slave_0: left promiscuous mode
[  308.796127][T13099] team_slave_1: left promiscuous mode
[  308.801999][T13099] bridge4: left promiscuous mode
[  308.810672][T13099] bridge5: left promiscuous mode
[  308.822576][T13105] SET target dimension over the limit!
[  308.844694][T13099] bridge8: left promiscuous mode
[  308.850591][T13099] bridge0: port 3(team0) entered disabled state
[  308.894505][T13099] batman_adv: batadv0: Adding interface: team0
[  308.902971][T13099] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.939421][T13099] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  308.980924][T13102] team0: entered promiscuous mode
[  308.988824][T13102] team_slave_0: entered promiscuous mode
[  309.003720][T13102] team_slave_1: entered promiscuous mode
[  309.012609][T13102] bridge4: entered promiscuous mode
[  309.024464][T13102] bridge5: entered promiscuous mode
[  309.030142][T13102] bridge8: entered promiscuous mode
[  309.093766][T13102] 8021q: adding VLAN 0 to HW filter on device team0
[  309.111361][T13102] batman_adv: batadv0: Interface activated: team0
[  309.129273][T13102] batman_adv: batadv0: Interface deactivated: team0
[  309.147926][T13102] batman_adv: batadv0: Removing interface: team0
[  309.161834][T13102] bridge0: port 3(team0) entered blocking state
[  309.168685][T13102] bridge0: port 3(team0) entered disabled state
[  309.175893][T13102] team0: entered allmulticast mode
[  309.181443][T13102] team_slave_0: entered allmulticast mode
[  309.187544][T13102] team_slave_1: entered allmulticast mode
[  309.193617][T13102] bridge4: entered allmulticast mode
[  309.199230][T13102] bridge5: entered allmulticast mode
[  309.204961][T13102] bridge8: entered allmulticast mode
[  309.289614][T12931] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.356881][T12931] 8021q: adding VLAN 0 to HW filter on device team0
[  309.437144][T12538] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.444561][T12538] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.485064][T12538] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.492290][T12538] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.500666][T13128] x_tables: duplicate underflow at hook 1
[  309.908600][T13148] netlink: 'syz.3.2470': attribute type 2 has an invalid length.
[  309.952262][T13150] vlan4: entered promiscuous mode
[  309.978391][T13150] vlan4: entered allmulticast mode
[  310.093828][T12931] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.127726][T13157] netlink: 'syz.4.2474': attribute type 14 has an invalid length.
[  310.143969][T13157] netlink: 'syz.4.2474': attribute type 13 has an invalid length.
[  310.221574][T12931] veth0_vlan: entered promiscuous mode
[  310.315937][T12931] veth1_vlan: entered promiscuous mode
[  310.379417][T13163] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.454707][ T5841] Bluetooth: hci3: command tx timeout
[  310.542851][T12931] veth0_macvtap: entered promiscuous mode
[  310.567838][T12931] veth1_macvtap: entered promiscuous mode
[  310.612311][T13163] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.647794][T13170] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  310.666742][T13170] syzkaller0: entered promiscuous mode
[  310.674451][T13170] syzkaller0: entered allmulticast mode
[  310.709608][T13163] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.733640][T13177] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.846217][T13163] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.866294][T13177] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.883626][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.895039][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.906991][T12931] batman_adv: batadv0: Interface activated: batadv_slave_0
[  311.481494][ T5202] udevd[5202]: worker [5845] /devices/virtual/block/nbd4 is taking a long time
[  312.834824][T12931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.845838][T12931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.857121][T12931] batman_adv: batadv0: Interface activated: batadv_slave_1
[  312.872575][T13177] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.947866][T12931] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  312.958063][T12931] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  312.977461][T12931] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.000926][T12931] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  313.001585][T13188] __nla_validate_parse: 8 callbacks suppressed
[  313.001606][T13188] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.2485'.
[  313.042600][T13186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2486'.
[  313.082403][T13163] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.102655][T13177] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.131695][T13163] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.156163][T13163] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.191702][T13163] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  313.233025][T13191] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  313.279552][T13191] siw: device registration error -23
[  313.301409][T13177] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.346672][T13177] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.414715][T13177] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.431532][T13177] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  313.467970][T13196] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.2490'.
[  313.507561][T13198] xt_l2tp: missing protocol rule (udp|l2tpip)
[  313.534484][T12538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.542376][T12538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.611690][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.619963][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.822065][T13206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2496'.
[  314.083089][T13211] xt_bpf: check failed: parse error
[  314.100444][T13213] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2498'.
[  314.595907][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.667200][ T5141] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  314.701718][ T5141] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  314.713821][ T5141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  314.818456][ T5141] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  314.830742][ T5141] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  314.840791][ T5141] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  314.941148][T13237] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2507'.
[  314.967966][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.995276][ T5141] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  315.009286][ T5141] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  315.027511][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  315.049762][ T5141] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  315.079905][ T5141] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  315.097962][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  315.148021][T13244] vlan4: entered promiscuous mode
[  315.153138][T13244] vlan4: entered allmulticast mode
[  315.225999][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.238466][T13251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2509'.
[  315.372402][T13253] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2511'.
[  315.426497][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.539942][T13258] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2513'.
[  315.566419][T13258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2513'.
[  315.584763][T13258] netlink: 'syz.4.2513': attribute type 14 has an invalid length.
[  315.602120][T13258] netlink: 'syz.4.2513': attribute type 13 has an invalid length.
[  315.641037][T13228] lo speed is unknown, defaulting to 1000
[  315.655878][T13228] lo speed is unknown, defaulting to 1000
[  315.739823][   T52] bridge_slave_1: left allmulticast mode
[  315.754353][   T52] bridge_slave_1: left promiscuous mode
[  315.762568][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.855911][   T52] bridge_slave_0: left allmulticast mode
[  315.861762][   T52] bridge_slave_0: left promiscuous mode
[  315.894545][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.367098][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  316.379423][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  316.391819][   T52] bond0 (unregistering): Released all slaves
[  316.423902][T13239] lo speed is unknown, defaulting to 1000
[  316.472845][T13239] lo speed is unknown, defaulting to 1000
[  316.964389][ T5841] Bluetooth: hci2: command tx timeout
[  317.262068][ T5841] Bluetooth: hci3: command tx timeout
[  317.281787][T13309] xt_SECMARK: invalid mode: 0
[  317.300302][T13228] chnl_net:caif_netlink_parms(): no params data found
[  317.698237][   T52] hsr_slave_0: left promiscuous mode
[  317.725048][   T52] hsr_slave_1: left promiscuous mode
[  317.743749][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  317.754470][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  317.764018][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  317.772129][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  317.856149][   T52] veth1_macvtap: left promiscuous mode
[  317.863352][   T52] veth0_macvtap: left promiscuous mode
[  317.892661][   T52] veth1_vlan: left promiscuous mode
[  317.898573][   T52] veth0_vlan: left promiscuous mode
[  318.549194][   T52] team0 (unregistering): Port device team_slave_1 removed
[  318.596556][   T52] team0 (unregistering): Port device team_slave_0 removed
[  319.020890][ T5841] Bluetooth: hci2: command tx timeout
[  319.172298][T13239] chnl_net:caif_netlink_parms(): no params data found
[  319.293711][T13331] lo speed is unknown, defaulting to 1000
[  319.334582][ T5841] Bluetooth: hci3: command tx timeout
[  319.372111][T13347] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  319.383800][T13228] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.410222][T13228] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.424469][T13228] bridge_slave_0: entered allmulticast mode
[  319.431740][T13228] bridge_slave_0: entered promiscuous mode
[  319.455088][T13331] lo speed is unknown, defaulting to 1000
[  319.516462][T13228] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.523755][T13228] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.544703][T13355] __nla_validate_parse: 6 callbacks suppressed
[  319.544729][T13355] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2537'.
[  319.560823][T13228] bridge_slave_1: entered allmulticast mode
[  319.575115][T13228] bridge_slave_1: entered promiscuous mode
[  319.787040][T13228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.838258][T13239] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.846879][T13239] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.854374][T13239] bridge_slave_0: entered allmulticast mode
[  319.861744][T13239] bridge_slave_0: entered promiscuous mode
[  319.881110][T13228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.899351][T13239] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.917816][T13239] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.935210][T13239] bridge_slave_1: entered allmulticast mode
[  319.960831][T13239] bridge_slave_1: entered promiscuous mode
[  320.040045][T13228] team0: Port device team_slave_0 added
[  320.183865][T13228] team0: Port device team_slave_1 added
[  320.238229][T13239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.306627][T13228] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.315806][T13228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.342874][T13228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.342977][T13365] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2539'.
[  320.373909][T13239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.416802][T13228] batman_adv: batadv0: Adding interface: batadv_slave_1
[  320.425346][T13228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.453383][T13228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  320.542484][T13239] team0: Port device team_slave_0 added
[  320.579602][T13239] team0: Port device team_slave_1 added
[  320.714009][T13228] hsr_slave_0: entered promiscuous mode
[  320.745164][T13228] hsr_slave_1: entered promiscuous mode
[  320.758381][T13228] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  320.789120][T13228] Cannot create hsr debugfs directory
[  320.805951][T13239] batman_adv: batadv0: Adding interface: batadv_slave_0
[  320.813129][T13239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  320.842850][T13239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.876134][T13368] lo speed is unknown, defaulting to 1000
[  321.062176][T13239] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.086630][T13239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.097897][T13380] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2545'.
[  321.132378][ T5841] Bluetooth: hci2: command tx timeout
[  321.139765][T13239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.249049][T13368] lo speed is unknown, defaulting to 1000
[  321.322096][T13386] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2548'.
[  321.355529][T13239] hsr_slave_0: entered promiscuous mode
[  321.362726][T13239] hsr_slave_1: entered promiscuous mode
[  321.372896][T13239] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  321.389959][T13239] Cannot create hsr debugfs directory
[  321.414495][ T5841] Bluetooth: hci3: command tx timeout
[  321.768208][T13399] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2553'.
[  321.786596][T13399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2553'.
[  322.819420][T13419] xt_SECMARK: invalid mode: 0
[  322.944440][T13422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2560'.
[  323.051006][T13228] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  323.072735][T13228] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  323.100351][T13228] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  323.140215][T13228] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  323.165389][T13239] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  323.177807][T13427] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  323.194269][ T5841] Bluetooth: hci2: command tx timeout
[  323.203601][T13239] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  323.248873][T13239] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  323.260491][T13239] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  323.489746][T13228] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.504609][ T5841] Bluetooth: hci3: command tx timeout
[  323.527680][T13431] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  323.553999][T13228] 8021q: adding VLAN 0 to HW filter on device team0
[  323.582974][T13239] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.625733][T12540] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.632956][T12540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.677337][T13239] 8021q: adding VLAN 0 to HW filter on device team0
[  323.699583][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.706854][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.740608][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.748013][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.845642][T13435] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  323.871115][T13435] syzkaller0: entered promiscuous mode
[  323.903679][T13435] syzkaller0: entered allmulticast mode
[  323.940088][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.947385][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.144543][T13446] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2568'.
[  324.160851][T13228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  324.287086][T13448] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2568'.
[  326.842768][T13438] lo speed is unknown, defaulting to 1000
[  326.849417][ T5202] udevd[5202]: worker [5830] /devices/virtual/block/nbd5 is taking a long time
[  326.878349][T13438] lo speed is unknown, defaulting to 1000
[  327.243837][T13228] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.320722][T13239] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.339897][T13465] netlink: 'syz.4.2571': attribute type 8 has an invalid length.
[  327.526598][T13228] veth0_vlan: entered promiscuous mode
[  327.552801][T13228] veth1_vlan: entered promiscuous mode
[  327.586063][T13239] veth0_vlan: entered promiscuous mode
[  327.600206][T13239] veth1_vlan: entered promiscuous mode
[  327.669075][T13239] veth0_macvtap: entered promiscuous mode
[  327.692621][T13228] veth0_macvtap: entered promiscuous mode
[  327.720027][T13239] veth1_macvtap: entered promiscuous mode
[  327.842241][T13470] bond4: entered promiscuous mode
[  327.863075][T13470] bond4: entered allmulticast mode
[  327.869106][T13470] 8021q: adding VLAN 0 to HW filter on device bond4
[  327.882612][T13228] veth1_macvtap: entered promiscuous mode
[  327.909978][T13228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.921196][T13228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.935792][T13228] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.947852][T13228] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.958504][T13228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.969617][T13228] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.041734][T13228] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.051099][T13228] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.060622][T13228] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.070126][T13228] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.100084][T13239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.120596][T13239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.142817][T13239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.162715][T13239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.177591][T13239] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.246305][T13467] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  328.349947][T13239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.372647][T13239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.382998][T13239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.394053][T13239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.405468][T13239] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.427979][T13474] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2574'.
[  328.443786][  T796] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.464681][  T796] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.482297][T13239] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.493584][T13239] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.502670][T13239] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.511667][T13239] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.532781][T13474] bridge_slave_0: left allmulticast mode
[  328.539355][T13474] bridge_slave_0: left promiscuous mode
[  328.546874][T13474] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.675283][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.722781][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.857566][T12539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.878036][T12539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.927779][T12538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.936814][T12538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.432619][  T796] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.477460][T13494] netlink: 'syz.0.2578': attribute type 25 has an invalid length.
[  329.498529][T13494] netlink: 'syz.0.2578': attribute type 7 has an invalid length.
[  329.716252][  T796] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.809001][T13499] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2580'.
[  329.941634][  T796] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.973297][T13507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2580'.
[  329.986817][T13506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2582'.
[  330.233329][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  330.238955][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  330.252764][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  330.253674][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  330.262095][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  330.270339][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  330.277149][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  330.282818][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  330.289046][ T5848] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  330.297473][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  330.305726][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  330.310181][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  330.371394][T13513] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2584'.
[  330.385967][  T796] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.421810][T13504] xfrm0: left allmulticast mode
[  330.463419][T13503] xfrm0: entered allmulticast mode
[  330.663727][T13519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2585'.
[  330.927292][  T796] bridge_slave_1: left allmulticast mode
[  330.933020][  T796] bridge_slave_1: left promiscuous mode
[  330.961134][  T796] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.983338][  T796] bridge_slave_0: left allmulticast mode
[  331.004393][  T796] bridge_slave_0: left promiscuous mode
[  331.010265][  T796] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.544662][  T796] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  331.558372][  T796] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  331.570299][  T796] bond0 (unregistering): Released all slaves
[  331.582770][T13509] lo speed is unknown, defaulting to 1000
[  331.623128][T13528] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  331.632176][T13528] macvlan6: entered allmulticast mode
[  331.641396][T13528] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[  331.775913][T13509] lo speed is unknown, defaulting to 1000
[  331.858266][T13533] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2591'.
[  332.009869][T13508] lo speed is unknown, defaulting to 1000
[  332.037548][T13533] netlink: 'syz.3.2591': attribute type 1 has an invalid length.
[  332.052336][T13533] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2591'.
[  332.062618][T13508] lo speed is unknown, defaulting to 1000
[  332.105202][T13540] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2593'.
[  332.134728][T12539] wlan0: Trigger new scan to find an IBSS to join
[  332.236900][T13540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2593'.
[  332.384482][ T5838] Bluetooth: hci3: command tx timeout
[  332.391891][ T5141] Bluetooth: hci2: command tx timeout
[  332.644839][T13509] chnl_net:caif_netlink_parms(): no params data found
[  332.949721][T13559] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  332.970475][T13559] macvlan3: entered allmulticast mode
[  332.995202][T13559] mac80211_hwsim hwsim6 wlan0: left promiscuous mode
[  333.155381][  T796] hsr_slave_0: left promiscuous mode
[  333.171534][  T796] hsr_slave_1: left promiscuous mode
[  333.184977][  T796] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  333.203947][  T796] batman_adv: batadv0: Removing interface: batadv_slave_0
[  333.244705][  T796] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  333.252405][  T796] batman_adv: batadv0: Removing interface: batadv_slave_1
[  333.325884][  T796] veth1_macvtap: left promiscuous mode
[  333.348569][  T796] veth0_macvtap: left promiscuous mode
[  333.360610][  T796] veth1_vlan: left promiscuous mode
[  333.370792][  T796] veth0_vlan: left promiscuous mode
[  333.473100][T13575] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  333.885665][T13586] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2608'.
[  334.006270][T13588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2608'.
[  334.257616][  T796] team0 (unregistering): Port device team_slave_1 removed
[  334.310913][  T796] team0 (unregistering): Port device team_slave_0 removed
[  334.464499][ T5838] Bluetooth: hci3: command tx timeout
[  334.467038][ T5141] Bluetooth: hci2: command tx timeout
[  334.869644][T13578] netlink: 'syz.0.2603': attribute type 6 has an invalid length.
[  335.136093][T13509] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.148705][T13599] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2612'.
[  335.149966][T13509] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.168051][T13509] bridge_slave_0: entered allmulticast mode
[  335.175324][T13509] bridge_slave_0: entered promiscuous mode
[  335.175493][T12540] wlan0: Trigger new scan to find an IBSS to join
[  335.239725][T13509] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.247085][T13509] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.254828][T13509] bridge_slave_1: entered allmulticast mode
[  335.262783][T13509] bridge_slave_1: entered promiscuous mode
[  335.333839][T13596] FAULT_INJECTION: forcing a failure.
[  335.333839][T13596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.348197][T13596] CPU: 0 UID: 0 PID: 13596 Comm: syz.0.2609 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  335.359125][T13596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  335.369236][T13596] Call Trace:
[  335.372558][T13596]  <TASK>
[  335.375534][T13596]  dump_stack_lvl+0x241/0x360
[  335.380288][T13596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.385558][T13596]  ? __pfx__printk+0x10/0x10
[  335.390206][T13596]  ? __pfx_lock_release+0x10/0x10
[  335.395295][T13596]  ? __lock_acquire+0x1397/0x2100
[  335.400383][T13596]  should_fail_ex+0x3b0/0x4e0
[  335.405114][T13596]  _copy_from_user+0x2f/0xc0
[  335.409762][T13596]  kstrtouint_from_user+0xc6/0x190
[  335.414947][T13596]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  335.420721][T13596]  ? __pfx_lock_acquire+0x10/0x10
[  335.425800][T13596]  proc_fail_nth_write+0xaa/0x2d0
[  335.430873][T13596]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  335.435490][T13603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  335.436796][T13596]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  335.452234][T13596]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  335.457930][T13596]  vfs_write+0x2a3/0xd30
[  335.462250][T13596]  ? __pfx_vfs_write+0x10/0x10
[  335.467256][T13596]  ? __fget_files+0x2a/0x410
[  335.471895][T13596]  ? __fget_files+0x395/0x410
[  335.476630][T13596]  ? __fget_files+0x2a/0x410
[  335.481282][T13596]  ksys_write+0x18f/0x2b0
[  335.485670][T13596]  ? __pfx_ksys_write+0x10/0x10
[  335.490592][T13596]  ? do_syscall_64+0x100/0x230
[  335.495421][T13596]  ? do_syscall_64+0xb6/0x230
[  335.500162][T13596]  do_syscall_64+0xf3/0x230
[  335.501797][T13603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  335.504705][T13596]  ? clear_bhb_loop+0x35/0x90
[  335.504738][T13596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.504773][T13596] RIP: 0033:0x7f393ed7e98f
[  335.504795][T13596] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  335.504816][T13596] RSP: 002b:00007f393fb53050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  335.504844][T13596] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f393ed7e98f
[  335.504862][T13596] RDX: 0000000000000001 RSI: 00007f393fb530b0 RDI: 0000000000000005
[  335.504878][T13596] RBP: 00007f393fb530a0 R08: 0000000000000000 R09: 0000000000000000
[  335.504895][T13596] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  335.504911][T13596] R13: 0000000000000000 R14: 00007f393ef45fa0 R15: 00007ffcdadf6918
[  335.597738][T13596]  </TASK>
[  335.626525][T13508] chnl_net:caif_netlink_parms(): no params data found
[  335.689860][T13509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  335.729713][T13509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  335.729796][T13612] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2615'.
[  335.916519][T13612] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2615'.
[  335.976231][T13509] team0: Port device team_slave_0 added
[  335.996084][T13509] team0: Port device team_slave_1 added
[  336.003844][T13508] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.019585][T13508] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.044532][T13508] bridge_slave_0: entered allmulticast mode
[  336.073532][T13508] bridge_slave_0: entered promiscuous mode
[  336.165341][T13508] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.172604][T13508] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.204570][T13508] bridge_slave_1: entered allmulticast mode
[  336.211608][T13508] bridge_slave_1: entered promiscuous mode
[  336.287272][T13509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  336.303137][T13509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.361501][T13509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  336.397379][T13509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  336.414536][T13509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.450411][T13509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  336.474919][T12540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  336.539734][  T796] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.540639][ T5141] Bluetooth: hci2: command tx timeout
[  336.551177][ T5838] Bluetooth: hci3: command tx timeout
[  336.593780][T13508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  336.608816][T13610] lo speed is unknown, defaulting to 1000
[  336.608832][T13624] netlink: 'syz.0.2619': attribute type 12 has an invalid length.
[  336.625166][T13626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2620'.
[  336.628210][T13508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  336.719908][  T796] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.737662][T13610] lo speed is unknown, defaulting to 1000
[  336.855502][  T796] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.893010][T13508] team0: Port device team_slave_0 added
[  336.953670][T13508] team0: Port device team_slave_1 added
[  337.019664][T13628] siw: device registration error -23
[  337.046580][T13509] hsr_slave_0: entered promiscuous mode
[  337.057664][T13509] hsr_slave_1: entered promiscuous mode
[  337.071989][T13509] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  337.084145][T13509] Cannot create hsr debugfs directory
[  337.211795][  T796] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.276531][T13508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  337.283549][T13508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  337.344543][T13508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  337.423689][T13508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  337.434646][T13508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  337.468783][T13508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  337.494511][T13636] lo speed is unknown, defaulting to 1000
[  337.512928][T13636] lo speed is unknown, defaulting to 1000
[  337.526720][T13650] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2627'.
[  337.549416][T13650] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2627'.
[  337.662732][T13508] hsr_slave_0: entered promiscuous mode
[  337.673882][T13508] hsr_slave_1: entered promiscuous mode
[  337.691241][T13508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  337.704016][T13508] Cannot create hsr debugfs directory
[  338.130538][T13659] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  338.268310][  T796] bridge_slave_1: left allmulticast mode
[  338.274036][  T796] bridge_slave_1: left promiscuous mode
[  338.285324][  T796] bridge0: port 2(bridge_slave_1) entered disabled state
[  338.315822][  T796] bridge_slave_0: left allmulticast mode
[  338.341310][  T796] bridge_slave_0: left promiscuous mode
[  338.354845][  T796] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.379959][T13665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2633'.
[  338.553018][T13670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2632'.
[  338.621750][ T5838] Bluetooth: hci3: command tx timeout
[  338.627350][ T5838] Bluetooth: hci2: command tx timeout
[  338.909612][  T796] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.921284][  T796] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.933905][  T796] bond0 (unregistering): Released all slaves
[  338.977607][T13665] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  339.785849][T13690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2641'.
[  339.832194][T13692] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2642'.
[  339.871811][T13690] 8021q: adding VLAN 0 to HW filter on device macvlan6
[  339.964597][T13692] vlan0: entered promiscuous mode
[  339.974458][T13692] gretap0: entered promiscuous mode
[  340.000778][T13692] gretap0: left promiscuous mode
[  340.398858][  T796] hsr_slave_0: left promiscuous mode
[  340.406108][  T796] hsr_slave_1: left promiscuous mode
[  340.412269][  T796] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  340.420893][  T796] batman_adv: batadv0: Removing interface: batadv_slave_0
[  340.432695][  T796] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  340.460679][  T796] batman_adv: batadv0: Removing interface: batadv_slave_1
[  340.507966][  T796] veth1_macvtap: left promiscuous mode
[  340.513776][  T796] veth0_macvtap: left promiscuous mode
[  340.523069][  T796] veth1_vlan: left promiscuous mode
[  340.529155][  T796] veth0_vlan: left promiscuous mode
[  340.596699][T13707] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2644'.
[  341.716139][  T796] team0 (unregistering): Port device team_slave_1 removed
[  341.854709][  T796] team0 (unregistering): Port device team_slave_0 removed
[  342.670197][T13718] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  342.816557][T13724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  342.837691][T13724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.091514][T13734] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2650'.
[  343.103637][T13509] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  343.172427][T13509] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  343.200094][T13509] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  343.250159][T13508] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  343.272471][T13508] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  343.286714][T13509] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  343.297310][T13739] netlink: 'syz.4.2652': attribute type 11 has an invalid length.
[  343.305581][T13739] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2652'.
[  343.321019][T13508] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  343.342534][T13736] GUP no longer grows the stack in syz.0.2651 (13736): 20006000-2000a000 (20005000)
[  343.352886][T13736] CPU: 0 UID: 0 PID: 13736 Comm: syz.0.2651 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  343.363724][T13736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  343.373867][T13736] Call Trace:
[  343.377192][T13736]  <TASK>
[  343.380168][T13736]  dump_stack_lvl+0x241/0x360
[  343.384917][T13736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  343.390184][T13736]  ? __pfx__printk+0x10/0x10
[  343.394833][T13736]  ? find_vma+0xf9/0x170
[  343.395791][T13508] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  343.399103][T13736]  ? __sanitizer_cov_trace_const_cmp8+0x2f/0x90
[  343.412126][T13736]  ? check_vma_flags+0x52b/0x5a0
[  343.417139][T13736]  __get_user_pages+0x4385/0x49e0
[  343.422176][T13736]  ? 0xffffffffa0000948
[  343.426403][T13736]  ? __pfx___get_user_pages+0x10/0x10
[  343.431835][T13736]  __gup_longterm_locked+0x49a/0x17f0
[  343.437261][T13736]  ? __pfx___might_resched+0x10/0x10
[  343.442596][T13736]  ? __pfx___gup_longterm_locked+0x10/0x10
[  343.448443][T13736]  ? down_read+0x82b/0xa40
[  343.452915][T13736]  ? is_valid_gup_args+0x124/0x200
[  343.458068][T13736]  pin_user_pages+0x137/0x1f0
[  343.462759][T13736]  ? __pfx_pin_user_pages+0x10/0x10
[  343.467990][T13736]  ? trace_kmalloc+0x1f/0xd0
[  343.472633][T13736]  xdp_umem_create+0x978/0xf30
[  343.477448][T13736]  xsk_setsockopt+0x732/0x950
[  343.482167][T13736]  ? __pfx_xsk_setsockopt+0x10/0x10
[  343.487425][T13736]  ? __pfx_lock_acquire+0x10/0x10
[  343.492499][T13736]  ? aa_sock_opt_perm+0x79/0x120
[  343.497492][T13736]  ? __pfx_xsk_setsockopt+0x10/0x10
[  343.502748][T13736]  do_sock_setsockopt+0x3af/0x720
[  343.507837][T13736]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  343.513456][T13736]  ? __fget_files+0x395/0x410
[  343.518279][T13736]  ? __fget_files+0x2a/0x410
[  343.522936][T13736]  __x64_sys_setsockopt+0x1ee/0x280
[  343.528207][T13736]  do_syscall_64+0xf3/0x230
[  343.532775][T13736]  ? clear_bhb_loop+0x35/0x90
[  343.537601][T13736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.543556][T13736] RIP: 0033:0x7f393ed7fed9
[  343.548069][T13736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.567907][T13736] RSP: 002b:00007f393fb53058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  343.576395][T13736] RAX: ffffffffffffffda RBX: 00007f393ef45fa0 RCX: 00007f393ed7fed9
[  343.582340][T13746] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2654'.
[  343.584396][T13736] RDX: 0000000000000004 RSI: 000000000000011b RDI: 000000000000000a
[  343.584419][T13736] RBP: 00007f393edf3cc8 R08: 0000000000000020 R09: 0000000000000000
[  343.584435][T13736] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  343.584453][T13736] R13: 0000000000000000 R14: 00007f393ef45fa0 R15: 00007ffcdadf6918
[  343.584492][T13736]  </TASK>
[  343.614241][T13736] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2651'.
[  343.643436][T13746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2654'.
[  343.655773][T13746] netlink: 'syz.3.2654': attribute type 14 has an invalid length.
[  343.663668][T13746] netlink: 'syz.3.2654': attribute type 13 has an invalid length.
[  343.958448][T13509] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.999225][T13509] 8021q: adding VLAN 0 to HW filter on device team0
[  344.005197][T13753] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2657'.
[  344.033374][T13509] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  344.044180][T13509] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  344.070559][T13755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2657'.
[  344.129692][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.137159][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.229882][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.237101][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.391697][T13508] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.488861][T13508] 8021q: adding VLAN 0 to HW filter on device team0
[  344.513981][T13766] nbd: must specify a size in bytes for the device
[  344.613517][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.620788][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.696209][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.703407][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.779630][T13508] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  344.797434][T13508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  344.815259][T13509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.837415][T13776] netlink: 'syz.4.2662': attribute type 8 has an invalid length.
[  345.074758][T13784] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check.
[  345.143432][T13509] veth0_vlan: entered promiscuous mode
[  345.174746][T13788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2665'.
[  345.192592][T13509] veth1_vlan: entered promiscuous mode
[  345.215046][T13788] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2665'.
[  345.286976][T13508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  345.340707][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2667'.
[  345.362822][T13509] veth0_macvtap: entered promiscuous mode
[  345.406613][T13509] veth1_macvtap: entered promiscuous mode
[  345.430185][T13796] netlink: 'syz.0.2668': attribute type 2 has an invalid length.
[  345.450713][T13509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  345.474430][T13509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.497023][T13509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  345.508567][T13508] veth0_vlan: entered promiscuous mode
[  345.527332][T13796] netlink: 'syz.0.2668': attribute type 1 has an invalid length.
[  345.540537][T13795] netlink: 'syz.0.2668': attribute type 1 has an invalid length.
[  345.544871][T13796] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2668'.
[  345.570702][T13509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.570748][T13795] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2668'.
[  345.599632][T13509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.621430][T13509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  345.643169][T13508] veth1_vlan: entered promiscuous mode
[  345.712633][T13509] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.721632][T13509] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.731082][T13509] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  345.740429][T13509] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  345.764610][T13805] netlink: 'syz.4.2671': attribute type 7 has an invalid length.
[  345.773084][T13805] netlink: 'syz.4.2671': attribute type 8 has an invalid length.
[  345.781524][T13805] netlink: 'syz.4.2671': attribute type 13 has an invalid length.
[  345.899597][T13508] veth0_macvtap: entered promiscuous mode
[  346.021675][T13508] veth1_macvtap: entered promiscuous mode
[  346.160510][T12540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.194443][T12540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.220933][T13508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.240235][T13508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.256423][T13508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  346.268088][T13508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.279985][T13824] ax25_connect(): syz.3.2677 uses autobind, please contact jreuter@yaina.de
[  346.292536][T13508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  346.316024][T13824] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2677'.
[  346.336296][T13508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  346.349196][T13824] netlink: 'syz.3.2677': attribute type 4 has an invalid length.
[  346.357298][T13508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.367990][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2677'.
[  346.379549][T13508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  346.400400][T13508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  346.421921][T13508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  346.463832][T12540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.466161][T13828] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2678'.
[  346.487920][T13828] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  346.492560][T12540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.495242][T13828] IPv6: NLM_F_CREATE should be set when creating new route
[  346.495289][T13828] IPv6: NLM_F_CREATE should be set when creating new route
[  346.557190][T13830] SET target dimension over the limit!
[  346.573178][T13831] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2680'.
[  346.590550][T13508] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  346.610639][T13508] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  346.633304][T13508] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  346.664435][T13508] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.096764][T12538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.129601][T12538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.221914][T12540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.239679][T12540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.489492][T13860] x_tables: duplicate underflow at hook 1
[  347.577934][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.729502][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.835286][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.935924][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.965247][T13849] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  348.113869][T13867] netlink: 300 bytes leftover after parsing attributes in process `syz.0.2691'.
[  348.284947][ T5141] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  348.299890][ T5141] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  348.308598][ T5141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  348.317285][ T5141] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  348.329977][ T5141] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  348.337984][ T5141] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  348.600860][T13870] lo speed is unknown, defaulting to 1000
[  348.649117][T13870] lo speed is unknown, defaulting to 1000
[  348.739652][   T52] bridge_slave_1: left allmulticast mode
[  348.747191][   T52] bridge_slave_1: left promiscuous mode
[  348.752972][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.784810][   T52] bridge_slave_0: left allmulticast mode
[  348.790538][   T52] bridge_slave_0: left promiscuous mode
[  348.814597][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.010352][ T5141] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  349.046611][ T5141] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  349.055998][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  349.065605][ T5141] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  349.077476][ T5141] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  349.085222][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  349.380506][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  349.392403][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  349.404487][   T52] bond0 (unregistering): Released all slaves
[  349.804618][T13901] bond5: entered promiscuous mode
[  349.809765][T13901] bond5: entered allmulticast mode
[  349.816358][T13901] 8021q: adding VLAN 0 to HW filter on device bond5
[  349.823735][T13903] netlink: 'syz.4.2701': attribute type 21 has an invalid length.
[  349.832341][T13903] IPv6: NLM_F_CREATE should be specified when creating new route
[  349.841402][T13903] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  349.848720][T13903] IPv6: NLM_F_CREATE should be set when creating new route
[  349.856052][T13903] IPv6: NLM_F_CREATE should be set when creating new route
[  349.863310][T13903] IPv6: NLM_F_CREATE should be set when creating new route
[  349.875686][T13895] lo speed is unknown, defaulting to 1000
[  349.957220][T13895] lo speed is unknown, defaulting to 1000
[  350.111830][T13913] netlink: 'syz.3.2705': attribute type 21 has an invalid length.
[  350.233875][T13870] chnl_net:caif_netlink_parms(): no params data found
[  350.299673][T13927] __nla_validate_parse: 2 callbacks suppressed
[  350.299697][T13927] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2707'.
[  350.378581][ T5141] Bluetooth: hci2: command tx timeout
[  350.398176][T13930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2708'.
[  350.408364][T13931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2707'.
[  350.443659][T13930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2708'.
[  350.625562][   T52] hsr_slave_0: left promiscuous mode
[  350.632586][   T52] hsr_slave_1: left promiscuous mode
[  350.642141][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  350.658602][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  350.690819][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  350.714976][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  350.781435][   T52] veth1_macvtap: left promiscuous mode
[  350.795048][   T52] veth0_macvtap: left promiscuous mode
[  350.801252][   T52] veth1_vlan: left promiscuous mode
[  350.806793][   T52] veth0_vlan: left promiscuous mode
[  351.174762][ T5141] Bluetooth: hci3: command tx timeout
[  351.237404][T13949] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2714'.
[  351.271370][T13951] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2715'.
[  351.517863][T13957] netlink: 'syz.3.2718': attribute type 30 has an invalid length.
[  351.660307][T13960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2719'.
[  351.714952][   T52] team0 (unregistering): Port device team_slave_1 removed
[  351.769983][   T52] team0 (unregistering): Port device team_slave_0 removed
[  351.779183][T13963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2719'.
[  352.475162][T13967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2721'.
[  352.488566][ T5141] Bluetooth: hci2: command tx timeout
[  352.504007][T13968] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2720'.
[  352.560804][T13967] vlan0: entered promiscuous mode
[  352.566180][T13967] gretap0: entered promiscuous mode
[  352.576229][T13967] gretap0: left promiscuous mode
[  352.661702][T13870] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.669404][T13870] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.678141][T13870] bridge_slave_0: entered allmulticast mode
[  352.685720][T13870] bridge_slave_0: entered promiscuous mode
[  352.709294][T13870] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.744273][T13870] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.751640][T13870] bridge_slave_1: entered allmulticast mode
[  352.775206][T13870] bridge_slave_1: entered promiscuous mode
[  352.933564][T13870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.983298][T13870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  353.179653][T13895] chnl_net:caif_netlink_parms(): no params data found
[  353.208945][T13870] team0: Port device team_slave_0 added
[  353.259000][T13870] team0: Port device team_slave_1 added
[  353.278032][ T5141] Bluetooth: hci3: command 0x041b tx timeout
[  353.324469][T13994] SET target dimension over the limit!
[  353.417906][T13870] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.425107][T13870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.466195][T14002] FAULT_INJECTION: forcing a failure.
[  353.466195][T14002] name failslab, interval 1, probability 0, space 0, times 0
[  353.479376][T14002] CPU: 0 UID: 0 PID: 14002 Comm: syz.0.2730 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  353.490195][T14002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  353.494690][T13870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.500265][T14002] Call Trace:
[  353.500279][T14002]  <TASK>
[  353.517018][T14002]  dump_stack_lvl+0x241/0x360
[  353.521731][T14002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.526951][T14002]  ? __pfx__printk+0x10/0x10
[  353.531561][T14002]  ? __kmalloc_cache_noprof+0x48/0x390
[  353.537044][T14002]  ? __pfx___might_resched+0x10/0x10
[  353.542356][T14002]  should_fail_ex+0x3b0/0x4e0
[  353.547053][T14002]  should_failslab+0xac/0x100
[  353.551749][T14002]  __kmalloc_cache_noprof+0x70/0x390
[  353.557075][T14002]  ? nf_tables_newtable+0x52c/0x1e40
[  353.562372][T14002]  nf_tables_newtable+0x52c/0x1e40
[  353.567497][T14002]  ? nfnl_pernet+0x23/0x240
[  353.572017][T14002]  ? __pfx_nf_tables_newtable+0x10/0x10
[  353.577606][T14002]  ? __nla_parse+0x40/0x60
[  353.582302][T14002]  nfnetlink_rcv+0x14e3/0x2ab0
[  353.587181][T14002]  ? __pfx_validate_chain+0x10/0x10
[  353.592426][T14002]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  353.597571][T14002]  ? __lock_acquire+0x1397/0x2100
[  353.602644][T14002]  ? netlink_deliver_tap+0x2e/0x1b0
[  353.607858][T14002]  ? __pfx_lock_release+0x10/0x10
[  353.612907][T14002]  ? netlink_deliver_tap+0x2e/0x1b0
[  353.618120][T14002]  netlink_unicast+0x7f6/0x990
[  353.622911][T14002]  ? __pfx_netlink_unicast+0x10/0x10
[  353.628215][T14002]  ? __virt_addr_valid+0x183/0x530
[  353.633348][T14002]  ? __check_object_size+0x48e/0x900
[  353.638715][T14002]  netlink_sendmsg+0x8e4/0xcb0
[  353.643501][T14002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  353.648809][T14002]  ? aa_sock_msg_perm+0x91/0x160
[  353.653765][T14002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  353.659068][T14002]  __sock_sendmsg+0x221/0x270
[  353.663768][T14002]  ____sys_sendmsg+0x52a/0x7e0
[  353.668562][T14002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  353.673863][T14002]  ? __fget_files+0x2a/0x410
[  353.678465][T14002]  ? __fget_files+0x2a/0x410
[  353.683071][T14002]  __sys_sendmsg+0x269/0x350
[  353.687676][T14002]  ? __pfx_lock_release+0x10/0x10
[  353.692719][T14002]  ? __pfx___sys_sendmsg+0x10/0x10
[  353.697856][T14002]  ? __pfx_vfs_write+0x10/0x10
[  353.702656][T14002]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  353.708995][T14002]  ? do_syscall_64+0x100/0x230
[  353.713786][T14002]  ? do_syscall_64+0xb6/0x230
[  353.718488][T14002]  do_syscall_64+0xf3/0x230
[  353.723009][T14002]  ? clear_bhb_loop+0x35/0x90
[  353.727698][T14002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.733615][T14002] RIP: 0033:0x7f393ed7fed9
[  353.738044][T14002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.757662][T14002] RSP: 002b:00007f393fb53058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  353.766098][T14002] RAX: ffffffffffffffda RBX: 00007f393ef45fa0 RCX: 00007f393ed7fed9
[  353.774092][T14002] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  353.782079][T14002] RBP: 00007f393fb530a0 R08: 0000000000000000 R09: 0000000000000000
[  353.790059][T14002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.798045][T14002] R13: 0000000000000000 R14: 00007f393ef45fa0 R15: 00007ffcdadf6918
[  353.806048][T14002]  </TASK>
[  353.852562][T14000] IPv6: NLM_F_CREATE should be specified when creating new route
[  353.861171][T14000] IPv6: Can't replace route, no match found
[  353.875632][T13870] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.882670][T13870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.909297][T13870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  354.118896][   T52] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.182295][T13870] hsr_slave_0: entered promiscuous mode
[  354.190799][T13870] hsr_slave_1: entered promiscuous mode
[  354.205245][T13870] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  354.214182][T13870] Cannot create hsr debugfs directory
[  354.357963][   T52] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.376400][T14018] netlink: 'syz.3.2734': attribute type 18 has an invalid length.
[  354.391111][T13895] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.398607][T13895] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.407503][T13895] bridge_slave_0: entered allmulticast mode
[  354.416845][T13895] bridge_slave_0: entered promiscuous mode
[  354.428666][T13895] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.436734][T13895] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.452764][T13895] bridge_slave_1: entered allmulticast mode
[  354.462626][T13895] bridge_slave_1: entered promiscuous mode
[  354.534313][ T5838] Bluetooth: hci2: command tx timeout
[  354.542406][T14031] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  354.607480][   T52] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.676667][T13895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  354.690654][T14038] FAULT_INJECTION: forcing a failure.
[  354.690654][T14038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.704825][T14038] CPU: 0 UID: 0 PID: 14038 Comm: syz.0.2740 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  354.715648][T14038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  354.725747][T14038] Call Trace:
[  354.729051][T14038]  <TASK>
[  354.731999][T14038]  dump_stack_lvl+0x241/0x360
[  354.736715][T14038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.741948][T14038]  ? __pfx__printk+0x10/0x10
[  354.746592][T14038]  ? snprintf+0xda/0x120
[  354.750862][T14038]  should_fail_ex+0x3b0/0x4e0
[  354.755562][T14038]  _copy_to_user+0x31/0xb0
[  354.760038][T14038]  simple_read_from_buffer+0xca/0x150
[  354.765461][T14038]  proc_fail_nth_read+0x1e9/0x250
[  354.770538][T14038]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  354.776112][T14038]  ? rw_verify_area+0x55e/0x6f0
[  354.781013][T14038]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  354.786589][T14038]  vfs_read+0x1fc/0xb70
[  354.790776][T14038]  ? __pfx___mutex_lock+0x10/0x10
[  354.795827][T14038]  ? __pfx_vfs_read+0x10/0x10
[  354.800532][T14038]  ? __fget_files+0x2a/0x410
[  354.805151][T14038]  ? __fget_files+0x395/0x410
[  354.809848][T14038]  ? __fget_files+0x2a/0x410
[  354.814464][T14038]  ksys_read+0x18f/0x2b0
[  354.818747][T14038]  ? __pfx_ksys_read+0x10/0x10
[  354.823558][T14038]  ? do_syscall_64+0x100/0x230
[  354.828374][T14038]  ? do_syscall_64+0xb6/0x230
[  354.833105][T14038]  do_syscall_64+0xf3/0x230
[  354.837645][T14038]  ? clear_bhb_loop+0x35/0x90
[  354.842388][T14038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.848321][T14038] RIP: 0033:0x7f393ed7e8ec
[  354.852768][T14038] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  354.872392][T14038] RSP: 002b:00007f393fb32050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  354.880833][T14038] RAX: ffffffffffffffda RBX: 00007f393ef46080 RCX: 00007f393ed7e8ec
[  354.888829][T14038] RDX: 000000000000000f RSI: 00007f393fb320b0 RDI: 0000000000000004
[  354.896871][T14038] RBP: 00007f393fb320a0 R08: 0000000000000000 R09: 0000000000000000
[  354.904880][T14038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.912896][T14038] R13: 0000000000000001 R14: 00007f393ef46080 R15: 00007ffcdadf6918
[  354.920896][T14038]  </TASK>
[  355.045872][   T52] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.082471][T13895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.179747][T14052] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  355.246249][T13895] team0: Port device team_slave_0 added
[  355.334493][ T5838] Bluetooth: hci3: command 0x041b tx timeout
[  355.357672][T13895] team0: Port device team_slave_1 added
[  355.363743][T14059] __nla_validate_parse: 8 callbacks suppressed
[  355.363757][T14059] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2745'.
[  355.416076][T14058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2745'.
[  355.581419][   T52] bridge_slave_1: left allmulticast mode
[  355.594390][   T52] bridge_slave_1: left promiscuous mode
[  355.608116][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.626765][   T52] bridge_slave_0: left allmulticast mode
[  355.633779][   T52] bridge_slave_0: left promiscuous mode
[  355.652104][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.957346][T14077] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2751'.
[  356.249000][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.260800][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.272003][   T52] bond0 (unregistering): Released all slaves
[  356.296136][T13895] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.303160][T13895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  356.334608][T13895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.367877][T14081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2753'.
[  356.490699][T13895] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.505081][T13895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  356.542455][T13895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.614224][ T5838] Bluetooth: hci2: command tx timeout
[  356.765426][T14090] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2756'.
[  356.790365][T14091] FAULT_INJECTION: forcing a failure.
[  356.790365][T14091] name failslab, interval 1, probability 0, space 0, times 0
[  356.790417][T13895] hsr_slave_0: entered promiscuous mode
[  356.809959][T13895] hsr_slave_1: entered promiscuous mode
[  356.821750][T13895] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  356.825076][T14091] CPU: 1 UID: 0 PID: 14091 Comm: syz.4.2757 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  356.837897][T13895] Cannot create hsr debugfs directory
[  356.840094][T14091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  356.840113][T14091] Call Trace:
[  356.840123][T14091]  <TASK>
[  356.840134][T14091]  dump_stack_lvl+0x241/0x360
[  356.866522][T14091]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.871779][T14091]  ? __pfx__printk+0x10/0x10
[  356.876423][T14091]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  356.882473][T14091]  ? __pfx___might_resched+0x10/0x10
[  356.887793][T14091]  should_fail_ex+0x3b0/0x4e0
[  356.892496][T14091]  should_failslab+0xac/0x100
[  356.897215][T14091]  kmem_cache_alloc_node_noprof+0x77/0x380
[  356.903059][T14091]  ? __alloc_skb+0x1c3/0x440
[  356.907677][T14091]  __alloc_skb+0x1c3/0x440
[  356.912110][T14091]  ? __pfx___alloc_skb+0x10/0x10
[  356.917060][T14091]  ? netlink_autobind+0xd6/0x2f0
[  356.922043][T14091]  ? netlink_autobind+0x2b0/0x2f0
[  356.927101][T14091]  netlink_sendmsg+0x638/0xcb0
[  356.931916][T14091]  ? __pfx_netlink_sendmsg+0x10/0x10
[  356.937246][T14091]  ? aa_sock_msg_perm+0x91/0x160
[  356.942208][T14091]  ? __pfx_netlink_sendmsg+0x10/0x10
[  356.947517][T14091]  __sock_sendmsg+0x221/0x270
[  356.952236][T14091]  ____sys_sendmsg+0x52a/0x7e0
[  356.957040][T14091]  ? __pfx_____sys_sendmsg+0x10/0x10
[  356.962416][T14091]  ? __fget_files+0x2a/0x410
[  356.967055][T14091]  ? __fget_files+0x2a/0x410
[  356.971665][T14091]  __sys_sendmsg+0x269/0x350
[  356.976282][T14091]  ? __pfx_lock_release+0x10/0x10
[  356.981350][T14091]  ? __pfx___sys_sendmsg+0x10/0x10
[  356.986508][T14091]  ? __pfx_vfs_write+0x10/0x10
[  356.991305][T14091]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  356.997652][T14091]  ? do_syscall_64+0x100/0x230
[  357.002430][T14091]  ? do_syscall_64+0xb6/0x230
[  357.007123][T14091]  do_syscall_64+0xf3/0x230
[  357.011641][T14091]  ? clear_bhb_loop+0x35/0x90
[  357.016337][T14091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.022263][T14091] RIP: 0033:0x7fddfef7fed9
[  357.026738][T14091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.046381][T14091] RSP: 002b:00007fddffd93058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.054829][T14091] RAX: ffffffffffffffda RBX: 00007fddff145fa0 RCX: 00007fddfef7fed9
[  357.062808][T14091] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005
[  357.070815][T14091] RBP: 00007fddffd930a0 R08: 0000000000000000 R09: 0000000000000000
[  357.078813][T14091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.086819][T14091] R13: 0000000000000000 R14: 00007fddff145fa0 R15: 00007ffcdd5cff68
[  357.094817][T14091]  </TASK>
[  357.103193][T14090] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2756'.
[  357.113021][   T30] INFO: task udevd:5846 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  357.134271][   T30]       Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  357.154382][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  357.163186][T14090] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  357.179502][   T30] task:udevd           state:D stack:21392 pid:5846  tgid:5846  ppid:5202   flags:0x00004002
[  357.202335][   T30] Call Trace:
[  357.211468][   T30]  <TASK>
[  357.221331][   T30]  __schedule+0x1850/0x4c30
[  357.245488][   T30]  ? __pfx___schedule+0x10/0x10
[  357.295416][   T30]  ? __blk_flush_plug+0x449/0x500
[  357.300582][   T30]  ? __pfx_lock_release+0x10/0x10
[  357.315787][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  357.335592][   T30]  ? schedule+0x90/0x320
[  357.346705][   T30]  schedule+0x14b/0x320
[  357.350976][   T30]  schedule_timeout+0x15a/0x290
[  357.370818][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  357.382662][   T30]  ? __pfx_process_timeout+0x10/0x10
[  357.388185][   T30]  ? prepare_to_wait_event+0x3bd/0x400
[  357.393870][   T30]  nbd_queue_rq+0x7d9/0x2ef0
[  357.398936][   T30]  ? validate_chain+0x11e/0x5920
[  357.403955][   T30]  ? mark_lock+0x9a/0x360
[  357.408474][   T30]  ? __pfx_nbd_queue_rq+0x10/0x10
[  357.413715][   T30]  ? __lock_acquire+0x1397/0x2100
[  357.418992][ T5841] Bluetooth: hci3: command 0x041b tx timeout
[  357.419104][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  357.431310][   T30]  blk_mq_dispatch_rq_list+0xad3/0x19d0
[  357.437158][   T30]  ? sbitmap_get+0x289/0x3f0
[  357.442082][   T30]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  357.448713][   T30]  ? __blk_mq_alloc_driver_tag+0x32d/0x730
[  357.454788][   T30]  __blk_mq_sched_dispatch_requests+0xb8a/0x1840
[  357.461184][   T30]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  357.468223][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  357.473277][   T30]  ? __pfx___might_resched+0x10/0x10
[  357.478950][   T30]  ? sbitmap_any_bit_set+0x155/0x190
[  357.484405][   T30]  ? blk_mq_hw_queue_need_run+0x14d/0x6d0
[  357.490350][   T30]  blk_mq_sched_dispatch_requests+0xd6/0x190
[  357.496771][   T30]  ? blk_mq_run_hw_queue+0x32b/0x500
[  357.502085][   T30]  blk_mq_run_hw_queue+0x354/0x500
[  357.507301][   T30]  blk_mq_flush_plug_list+0x118e/0x1870
[  357.513059][   T30]  ? __pfx_update_io_ticks+0x10/0x10
[  357.518738][   T30]  ? blk_add_rq_to_plug+0x308/0x4b0
[  357.524003][   T30]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  357.530075][   T30]  ? blk_mq_submit_bio+0xf74/0x2390
[  357.535632][   T30]  __blk_flush_plug+0x420/0x500
[  357.540526][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  357.546621][   T30]  ? __pfx___blk_flush_plug+0x10/0x10
[  357.552046][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  357.558703][   T30]  __submit_bio+0x46a/0x560
[  357.563267][   T30]  ? __pfx___submit_bio+0x10/0x10
[  357.568473][   T30]  submit_bio_noacct_nocheck+0x4d3/0xe30
[  357.574302][   T30]  ? bio_associate_blkg_from_css+0x182/0xc70
[  357.580375][   T30]  ? __pfx___might_resched+0x10/0x10
[  357.585819][   T30]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  357.592045][   T30]  block_read_full_folio+0x93b/0xcd0
[  357.597744][   T30]  ? __pfx_blkdev_get_block+0x10/0x10
[  357.603249][   T30]  ? __pfx_block_read_full_folio+0x10/0x10
[  357.609506][   T30]  ? folio_add_lru+0x28f/0x870
[  357.614660][   T30]  filemap_read_folio+0x14b/0x630
[  357.619729][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  357.625549][   T30]  ? __pfx_filemap_read_folio+0x10/0x10
[  357.631143][   T30]  do_read_cache_folio+0x3f5/0x850
[  357.636716][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  357.642228][   T30]  read_part_sector+0xb3/0x330
[  357.647313][   T30]  adfspart_check_ICS+0xd9/0x9a0
[  357.652302][   T30]  ? __pfx_vsnprintf+0x10/0x10
[  357.657270][   T30]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  357.662864][   T30]  ? snprintf+0xda/0x120
[  357.667238][   T30]  ? alloc_pages_mpol_noprof+0x417/0x680
[  357.672918][   T30]  ? vsnprintf+0x1cc3/0x1da0
[  357.677747][   T30]  ? vsnprintf+0x184/0x1da0
[  357.682349][   T30]  ? __pfx_snprintf+0x10/0x10
[  357.687214][   T30]  ? __kasan_kmalloc+0x98/0xb0
[  357.692024][   T30]  bdev_disk_changed+0x72c/0x13f0
[  357.697271][   T30]  ? __pfx___might_resched+0x10/0x10
[  357.702602][   T30]  ? __pfx_bdev_disk_changed+0x10/0x10
[  357.708952][   T30]  ? wait_on_inode+0xc1/0x230
[  357.713705][   T30]  ? __pfx_wait_on_inode+0x10/0x10
[  357.719585][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  357.724922][   T30]  blkdev_get_whole+0x2d2/0x450
[  357.729821][   T30]  bdev_open+0x2d4/0xc50
[  357.735057][   T30]  blkdev_open+0x389/0x4f0
[  357.739562][   T30]  ? __pfx_blkdev_open+0x10/0x10
[  357.744617][   T30]  do_dentry_open+0xbe1/0x1b70
[  357.749673][   T30]  vfs_open+0x3e/0x330
[  357.753790][   T30]  path_openat+0x2c84/0x3590
[  357.758601][   T30]  ? __pfx_path_openat+0x10/0x10
[  357.763598][   T30]  do_filp_open+0x27f/0x4e0
[  357.768186][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  357.773246][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  357.778499][   T30]  do_sys_openat2+0x13e/0x1d0
[  357.783328][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  357.788632][   T30]  __x64_sys_openat+0x247/0x2a0
[  357.793517][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  357.799146][   T30]  ? do_syscall_64+0x100/0x230
[  357.803971][   T30]  ? do_syscall_64+0xb6/0x230
[  357.808772][   T30]  do_syscall_64+0xf3/0x230
[  357.813322][   T30]  ? clear_bhb_loop+0x35/0x90
[  357.818600][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.824904][   T30] RIP: 0033:0x7f14747169a4
[  357.829367][   T30] RSP: 002b:00007ffe82240980 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  357.837918][   T30] RAX: ffffffffffffffda RBX: 000055cced1dfd30 RCX: 00007f14747169a4
[  357.845982][   T30] RDX: 00000000000a0800 RSI: 000055cced1dda40 RDI: 00000000ffffff9c
[  357.853984][   T30] RBP: 000055cced1dda40 R08: 0000000000000001 R09: 7fffffffffffffff
[  357.862082][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800
[  357.870215][   T30] R13: 000055cced1d0890 R14: 0000000000000001 R15: 000055cced1b9910
[  357.878330][   T30]  </TASK>
[  357.881634][   T30] 
[  357.881634][   T30] Showing all locks held in the system:
[  357.889588][   T30] 3 locks held by kworker/u8:1/12:
[  357.904427][   T30] 1 lock held by rcu_exp_gp_kthr/19:
[  357.909795][   T30] 1 lock held by khungtaskd/30:
[  357.944222][   T30]  #0: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  357.974355][   T30] 4 locks held by kworker/u8:3/52:
[  357.979553][   T30]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  358.024163][   T30]  #1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  358.044291][   T30]  #2: ffffffff8fca3910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x16a/0xcc0
[  358.054185][   T30]  #3: ffffffff8fcafd88 (rtnl_mutex){+.+.}-{4:4}, at: ppp_exit_net+0xe3/0x3d0
[  358.063171][   T30] 3 locks held by kworker/u8:5/796:
[  358.084418][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  358.106170][   T30]  #1: ffffc900032c7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  358.134816][   T30]  #2: ffffffff8fcafd88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  358.143963][   T30] 2 locks held by getty/5583:
[  358.164319][   T30]  #0: ffff88814d9820a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  358.194300][   T30]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00
[  358.224341][   T30] 3 locks held by udevd/5830:
[  358.229091][   T30]  #0: ffff8880261eb4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  358.268298][   T30]  #1: ffff8881423e1110 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  358.281551][   T30]  #2: ffff88802632e178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  358.291724][   T30] 1 lock held by syz-executor/5831:
[  358.297745][   T30] 2 locks held by syz-executor/5842:
[  358.303084][   T30] 3 locks held by udevd/5845:
[  358.308519][   T30]  #0: ffff8880262274c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  358.318310][   T30]  #1: ffff888026112b10 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  358.328592][   T30]  #2: ffff8880262f7178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  358.338327][   T30] 3 locks held by udevd/5846:
[  358.343038][   T30]  #0: ffff888143b194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  358.352505][   T30]  #1: ffff888025f35a90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  358.362517][   T30]  #2: ffff8880262c7178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  358.371707][   T30] 3 locks held by udevd/5847:
[  358.378694][   T30]  #0: ffff8880262474c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  358.388150][   T30]  #1: ffff888026138910 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  358.397931][   T30]  #2: ffff888026467178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  358.407053][   T30] 3 locks held by kworker/1:7/9887:
[  358.412282][   T30]  #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  358.423490][   T30]  #1: ffffc9001b15fd00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  358.433934][   T30]  #2: ffffffff8e93cfb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830
[  358.445020][   T30] 5 locks held by kworker/u8:18/12540:
[  358.450517][   T30] 7 locks held by syz-executor/13870:
[  358.456144][   T30]  #0: ffff888035fbc420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x225/0xd30
[  358.465249][   T30]  #1: ffff888028717888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1ea/0x500
[  358.475158][   T30]  #2: ffff8881447bcc38 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  358.485443][   T30]  #3: ffffffff8f55c368 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xfc/0x480
[  358.495861][   T30]  #4: ffff8880558200e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xce/0x7c0
[  358.506645][   T30]  #5: ffff88805c487250 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160
[  358.516839][   T30]  #6: ffffffff8fcafd88 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x71/0x5c0
[  358.525959][   T30] 2 locks held by syz-executor/13895:
[  358.531377][   T30]  #0: ffffffff8f526ba0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250
[  358.541134][   T30]  #1: ffffffff8fcafd88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xbb0/0x20e0
[  358.550394][   T30] 1 lock held by syz.3.2756/14092:
[  358.555630][   T30]  #0: ffffffff8fcafd88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3b/0x1b0
[  358.564965][   T30] 
[  358.567335][   T30] =============================================
[  358.567335][   T30] 
[  358.591302][   T30] NMI backtrace for cpu 0
[  358.595704][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  358.606250][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  358.616358][   T30] Call Trace:
[  358.619670][   T30]  <TASK>
[  358.622637][   T30]  dump_stack_lvl+0x241/0x360
[  358.627375][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.632652][   T30]  ? __pfx__printk+0x10/0x10
[  358.637311][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  358.642296][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  358.647795][   T30]  ? _printk+0xd5/0x120
[  358.651989][   T30]  ? __pfx__printk+0x10/0x10
[  358.656612][   T30]  ? __wake_up_klogd+0xcc/0x110
[  358.661589][   T30]  ? __pfx__printk+0x10/0x10
[  358.666240][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  358.671317][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  358.677315][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  358.683330][   T30]  watchdog+0xff6/0x1040
[  358.687593][   T30]  ? watchdog+0x1ea/0x1040
[  358.692039][   T30]  ? __pfx_watchdog+0x10/0x10
[  358.696730][   T30]  kthread+0x2f0/0x390
[  358.700813][   T30]  ? __pfx_watchdog+0x10/0x10
[  358.705531][   T30]  ? __pfx_kthread+0x10/0x10
[  358.710165][   T30]  ret_from_fork+0x4b/0x80
[  358.714592][   T30]  ? __pfx_kthread+0x10/0x10
[  358.719195][   T30]  ret_from_fork_asm+0x1a/0x30
[  358.723982][   T30]  </TASK>
[  358.727714][   T30] Sending NMI from CPU 0 to CPUs 1:
[  358.732987][    C1] NMI backtrace for cpu 1
[  358.733003][    C1] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  358.733024][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  358.733037][    C1] Workqueue: bat_events batadv_nc_worker
[  358.733063][    C1] RIP: 0010:validate_chain+0x1b9/0x5920
[  358.733092][    C1] Code: b8 eb 83 b5 80 46 86 c8 61 49 0f af c6 48 c1 e8 2d 48 8d 1c c5 c0 a7 e2 93 48 89 d8 48 c1 e8 03 48 89 44 24 68 42 80 3c 20 00 <74> 08 48 89 df e8 2d f4 8e 00 48 89 5c 24 48 48 8b 1b 48 85 db 74
[  358.733107][    C1] RSP: 0018:ffffc90001547320 EFLAGS: 00000046
[  358.733122][    C1] RAX: 1ffffffff281d10a RBX: ffffffff940e8850 RCX: ffffffff817b651e
[  358.733137][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff942ba888
[  358.733150][    C1] RBP: ffffc90001547620 R08: ffffffff942ba88f R09: 1ffffffff2857511
[  358.733170][    C1] R10: dffffc0000000000 R11: fffffbfff2857512 R12: dffffc0000000000
[  358.733184][    C1] R13: ffff88801c7c0b50 R14: d5b524e6a07d6eaa R15: 0000000000000000
[  358.733197][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  358.733213][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  358.733227][    C1] CR2: 0000001b3020cff8 CR3: 00000000337c4000 CR4: 00000000003526f0
[  358.733243][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  358.733254][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  358.733266][    C1] Call Trace:
[  358.733273][    C1]  <NMI>
[  358.733280][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  358.733302][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  358.733324][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  358.733354][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  358.733371][    C1]  ? nmi_handle+0x14f/0x5a0
[  358.733392][    C1]  ? nmi_handle+0x2a/0x5a0
[  358.733415][    C1]  ? validate_chain+0x1b9/0x5920
[  358.733439][    C1]  ? default_do_nmi+0x63/0x160
[  358.733460][    C1]  ? exc_nmi+0x123/0x1f0
[  358.733479][    C1]  ? end_repeat_nmi+0xf/0x53
[  358.733500][    C1]  ? validate_chain+0x11e/0x5920
[  358.733525][    C1]  ? validate_chain+0x1b9/0x5920
[  358.733549][    C1]  ? validate_chain+0x1b9/0x5920
[  358.733575][    C1]  ? validate_chain+0x1b9/0x5920
[  358.733599][    C1]  </NMI>
[  358.733605][    C1]  <TASK>
[  358.733613][    C1]  ? __pfx_validate_chain+0x10/0x10
[  358.733639][    C1]  ? validate_chain+0x11e/0x5920
[  358.733668][    C1]  ? __pfx_validate_chain+0x10/0x10
[  358.733691][    C1]  ? validate_chain+0x11e/0x5920
[  358.733714][    C1]  ? __pfx_validate_chain+0x10/0x10
[  358.733739][    C1]  ? validate_chain+0x11e/0x5920
[  358.733763][    C1]  ? __pfx_validate_chain+0x10/0x10
[  358.733791][    C1]  ? mark_lock+0x9a/0x360
[  358.733814][    C1]  ? __lock_acquire+0x1397/0x2100
[  358.733840][    C1]  ? mark_lock+0x9a/0x360
[  358.733863][    C1]  __lock_acquire+0x1397/0x2100
[  358.733892][    C1]  lock_acquire+0x1ed/0x550
[  358.733911][    C1]  ? lock_timer_base+0x112/0x240
[  358.733934][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  358.733954][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  358.733978][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  358.734007][    C1]  ? debug_object_assert_init+0x2dd/0x4b0
[  358.734037][    C1]  _raw_spin_lock_irqsave+0xd5/0x120
[  358.734064][    C1]  ? lock_timer_base+0x112/0x240
[  358.734083][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  358.734115][    C1]  lock_timer_base+0x112/0x240
[  358.734137][    C1]  __mod_timer+0x1ca/0xeb0
[  358.734169][    C1]  ? __pfx___mod_timer+0x10/0x10
[  358.734188][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  358.734219][    C1]  ? __pfx_lock_release+0x10/0x10
[  358.734242][    C1]  ? batadv_nc_purge_paths+0x312/0x3b0
[  358.734269][    C1]  ? __queue_delayed_work+0x1ae/0x250
[  358.734294][    C1]  queue_delayed_work_on+0x1ca/0x390
[  358.734317][    C1]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  358.734337][    C1]  ? batadv_nc_process_nc_paths+0xb5/0x3a0
[  358.734360][    C1]  ? batadv_nc_worker+0x52c/0x610
[  358.734381][    C1]  ? process_scheduled_works+0x976/0x1840
[  358.734399][    C1]  process_scheduled_works+0xa66/0x1840
[  358.734432][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  358.734454][    C1]  ? assign_work+0x364/0x3d0
[  358.734474][    C1]  worker_thread+0x870/0xd30
[  358.734500][    C1]  ? __kthread_parkme+0x169/0x1d0
[  358.734521][    C1]  ? __pfx_worker_thread+0x10/0x10
[  358.734539][    C1]  kthread+0x2f0/0x390
[  358.734560][    C1]  ? __pfx_worker_thread+0x10/0x10
[  358.734578][    C1]  ? __pfx_kthread+0x10/0x10
[  358.734599][    C1]  ret_from_fork+0x4b/0x80
[  358.734617][    C1]  ? __pfx_kthread+0x10/0x10
[  358.734638][    C1]  ret_from_fork_asm+0x1a/0x30
[  358.734662][    C1]  </TASK>
[  359.183314][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  359.190206][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00263-g3ca459eaba1b #0
[  359.200721][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  359.210786][   T30] Call Trace:
[  359.214160][   T30]  <TASK>
[  359.217103][   T30]  dump_stack_lvl+0x241/0x360
[  359.221806][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.227023][   T30]  ? __pfx__printk+0x10/0x10
[  359.231646][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.237761][   T30]  ? vscnprintf+0x5d/0x90
[  359.242114][   T30]  panic+0x349/0x880
[  359.246028][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  359.252200][   T30]  ? __pfx_panic+0x10/0x10
[  359.256709][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  359.262104][   T30]  ? __irq_work_queue_local+0x137/0x410
[  359.267666][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  359.273052][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  359.279221][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  359.285404][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  359.291575][   T30]  watchdog+0x1035/0x1040
[  359.295920][   T30]  ? watchdog+0x1ea/0x1040
[  359.300354][   T30]  ? __pfx_watchdog+0x10/0x10
[  359.305049][   T30]  kthread+0x2f0/0x390
[  359.309133][   T30]  ? __pfx_watchdog+0x10/0x10
[  359.313821][   T30]  ? __pfx_kthread+0x10/0x10
[  359.318427][   T30]  ret_from_fork+0x4b/0x80
[  359.322852][   T30]  ? __pfx_kthread+0x10/0x10
[  359.327456][   T30]  ret_from_fork_asm+0x1a/0x30
[  359.332240][   T30]  </TASK>
[  359.335629][   T30] Kernel Offset: disabled
[  359.339994][   T30] Rebooting in 86400 seconds..