last executing test programs:

9.597582944s ago: executing program 1 (id=3130):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100003e4e00000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x4}, {0x0, 0x1b}}}, 0x24}}, 0x0)
close(r1)

7.033475366s ago: executing program 1 (id=3145):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8, 0x0, {0x0, 0x20000000000000}}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8)

6.839619578s ago: executing program 1 (id=3148):
r0 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e60, 0x0, @empty}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e60, 0x0, @empty}, 0x1c)
close(0xffffffffffffffff)

6.530392993s ago: executing program 1 (id=3151):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0)
sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x5c, r1, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x8}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x19}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x80}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x9}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x80}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x5}, @IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004041}, 0xc0108c9)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="44010000", @ANYRES16=r2, @ANYBLOB="010000000000000008000100000004000480080002000100000008000100000000000400088018010c8054000b800800090000000000080009000000000008000a000000000008000a0000000000080009000000000008000a000000000008000a000000000008000a000000000008000a000000000008000900000000000c000b8008000a000000000014000b8008000900c81e173808000a0083ec000004000b8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000a00000000000800090000000000080009000000000008000a000000000008000a00000000003c000b80080009000000000008000a000000000008000a000000000008000900000000000800090080000000080009000000000008000900000000000c000b800800090000000080"], 0x144}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r3)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820f", 0x8c)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000bc0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e25, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000001440)="95", 0x1}], 0x1}}], 0x2, 0x20000004)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000740)={0x0, 0xca}, &(0x7f0000000780)=0x8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000})
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, @NFT_OBJECT_LIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x28, 0xc, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}]}, @NFT_MSG_NEWRULE={0x134, 0x6, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_USERDATA={0xdc, 0x7, 0x1, 0x0, "e22247264b875300da06908babc1cc6e1347c5e83f1acc97c505870252cb003adf743c0fd181709a7420f4c29b0ba9d059f4a3a1c3a6e8e95315a50f44b4f9e7eab3653405bff839edb988ec3b2bde83b268d1c20507f9d067e0485816a0bfa45daca11f1a5f8d114acfd8b6d3eb796e508b34223a3070c209fa4ecc969948ec7752f4a3a4d02d2351507f9ad116592fd64f32b9bee4858156a3f06c6d12667b4c78f32f7c2c761f8ba2a8def3f6d6965696efe113a0b50b179fc17066b02cfefdbb1709a217060daedca2a6dd455eae669f5ce2f5bcc908"}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x1d0}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0xb0b}, 0x14}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000006c0)=0x1, 0x4)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
sendmsg$NFT_BATCH(r9, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@newsa={0x14c, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {@in6=@loopback, 0x4d4, 0x32}, @in=@dev, {}, {0x0, 0x200000000, 0x0, 0x100000}, {}, 0x1, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @extra_flags={0x8, 0x18, 0xcd}, @offload={0xc}]}, 0x14c}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x800)

6.46713898s ago: executing program 1 (id=3154):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = socket$netlink(0x10, 0x3, 0x13)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40cc804}, 0x84)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

2.527082637s ago: executing program 4 (id=3224):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000008500000073000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.35647401s ago: executing program 3 (id=3226):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r4=>0x0})
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000004c0)={@in6={{0xa, 0x4e21, 0x1, @local, 0x81}}, 0x0, 0x0, 0x27, 0x0, "e4038470c34d959c9ccb1c2c8ede3e424801f4633bdd6529a8c80d41ed9ef550bcdf619732aeebd3de98553eed5d9c9c8176cc0b21fabd258dc5a8ba518911999fcc9e9025339e27c4c7ecaa6cbc82d1"}, 0xd8)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000800000000000008100000008000300", @ANYRES32=r4, @ANYBLOB="060066008e8800000a0006000802110000010000260033"], 0x58}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="1cfc1c4c", @ANYRES16=r6, @ANYBLOB="21082dbd7000fbdbdf252100000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20048011)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000004c0000004c00000002000000000000002f77b14097bd4591e8298abaca0800000202000000060000000300000008000000030000000e000000feffffff0f000000050000000d000000030000000f00020000000713d541664bf40000000325e35a455ced15dd3e6c1feb10744c1b446fc6f916aaa0deec5272e98b83b81101f53cfe473b8c2e5ee9d5fcf3d18d41bcfb8a2760513ca3ed794f2ee83db9f96ac4903d5a0d5c94155c91f71d75667a2cff55b461218a4758a8b249bcc95190a71c45"], 0x0, 0x66, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
r9 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r10, @ANYBLOB="48005200060005"], 0x24}}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x28, r8, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x810}, 0x0)

2.350970735s ago: executing program 4 (id=3227):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f00)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f0000000e80)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0, 0xeffd}], 0x2, 0x0, 0x0, 0x101}}, {{&(0x7f0000000900)=@file={0x0, './file0/file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x8800}}], 0x2, 0x40000)

2.184466489s ago: executing program 3 (id=3230):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c00000008000400", @ANYRES32=r1], 0x24}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c000c"], 0x24}, 0x1, 0x0, 0x3000000}, 0x0)

2.162272531s ago: executing program 4 (id=3231):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b2f113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2002045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f6b43ec83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea5919ffff72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff153d20f3681f7a3a31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000480)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000740)='GPL\x00', 0x5, 0xa00, 0x0, 0x41100, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)

2.048353388s ago: executing program 3 (id=3233):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000090, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={<r1=>0x0, 0x4c, &(0x7f0000000380)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e24, 0x3, @private0={0xfc, 0x0, '\x00', 0x80}, 0xffffffff}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={r1, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10, 0x1000, 0x6}, 0x9c)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x21, 0xff, 0x6, 0x7ff, 0x22000, r6, 0x5, '\x00', r4, r7, 0x1, 0x3, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010828bd70000000000000004c00", @ANYRES32=0x0, @ANYBLOB="210800000000000008001b0000"], 0x44}, 0x1, 0xffffa888, 0x0, 0x48000}, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000055}, 0x4000)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)

2.047091258s ago: executing program 4 (id=3234):
r0 = socket$kcm(0x2, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x2d, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="000000002a4b25c63945f0de74c83558cbc071e7d58a6daf066f6cb3427e9d8e9d9e2bae4aea8cf809e62a2ba1047287486aac417d42502b3abc9730ff10b486f18514d42261e0e8714f8b68701ed6a1167bd16cb544c3dcf30b6a0bff179b0dc3921c1e6deb12e0945de70637a59fc10a8efbeab55acfa81edc5e4a8f052609", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x100000000000000, 0x0, 0x7fffffff}, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000001db685000000230000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000a000000b703000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='percpu_free_percpu\x00', r6}, 0x18)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000100020400bf050005001201", 0x2e}], 0x1}, 0xc0010)
r8 = socket$xdp(0x2c, 0x3, 0x0)
r9 = socket$inet_dccp(0x2, 0x6, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000002b00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet_int(r9, 0x10d, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000300)={0xfffffffffffffffc, 0x1207000, 0x800, 0x10, 0x1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x10)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000280))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

1.824296427s ago: executing program 2 (id=3236):
r0 = socket(0x1e, 0x1, 0x0)
listen(r0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x7)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x268040, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x22020600)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x100000000000000, 0x2, 0x0, 0x408d7d42, 0x0, 0x2776, 0x9}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x95, 0x0, 0x0, 0xfdfffffffffffffd, 0x6}, 0x0, 0x0)

1.656521367s ago: executing program 3 (id=3237):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x2c}}, 0x0)
socket(0x26, 0xf, 0x8)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
socket(0x10, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c0000001000010400000000efffffff00002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000000000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)

1.631818082s ago: executing program 2 (id=3238):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TOS={0x5, 0x50, 0xf7}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @multicast}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x8}]}}]}, 0x50}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.583043292s ago: executing program 0 (id=3239):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000100)=ANY=[@ANYBLOB="1805000400000000000000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001801000020696c2500000000002020207b0af8ff00000000bd510000000000000701000000feffffb702000008000000b703000000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vlan0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
r4 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
setsockopt$inet_tcp_int(r4, 0x6, 0x38, &(0x7f00000001c0)=0x9f04, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000001740)={'syzkaller1\x00', &(0x7f0000001640)=@ethtool_drvinfo={0x3, "a1bdb8d44cddbf4a58777b514109144ef588e2e3c04b830c5351e8ad93e86da3", "2e9185bc319d4c57cdf5e261586c166de80ef00000000064ff9d2d851e8f00", "a0ab7e977fdac226b8c494358b1bae06393932f28a9c5dee2177def10ef1de35", "ae33fa8801e356b19c52e0cabbe4845616e7a23836e2ead91ee49871a33f433a", "14fb465c47d4dd53326129372fc8e61f9bf2178f76473e3bec9398116781fc4e", "9ab337a3ea804dcf1c1158ef", 0x40000, 0x0, 0x0, 0x1}})
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40a01, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=@newlink={0x58, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1d}}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x58}}, 0x0)

1.340657086s ago: executing program 2 (id=3240):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001e80), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0xfffffffe, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x2c}}, 0x800) (fail_nth: 11)

1.306556233s ago: executing program 0 (id=3241):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0xfffffffd, 0x1000, 0xfffffffd, 0xfffffffe}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000001300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.305901265s ago: executing program 3 (id=3242):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x1, 0xe, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@enum={0x2, 0x0, 0x0, 0xf}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x1}}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
socket$inet6(0xa, 0x2, 0x0) (async)
close(0x3) (async, rerun: 64)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async, rerun: 64)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d7"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) (async)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000002a00)="8e1d5c610bfe415d01b31f79a031b5c018e0000060ffffffffff000000010000", 0x20) (async, rerun: 64)
close(r5) (async, rerun: 64)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x1c, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) (async, rerun: 64)
listen(r7, 0xff) (async, rerun: 64)
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)

744.598224ms ago: executing program 0 (id=3243):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000001c00000000000000600a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f080003400000000714000000020a01"], 0xa0}}, 0x0)

743.64233ms ago: executing program 3 (id=3244):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r2=>0x0, 0x2f, 0x48, 0x9, 0xa25, 0x1, @loopback, @remote, 0x20, 0x10, 0x1, 0x5}})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@private0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1, 0x4, 0x81, 0x400, 0x2, 0x1800004, r2})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r3)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$team(&(0x7f0000000200), r0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r6=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x18c, r5, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{{0x8, 0x1, r6}, {0x170, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2e53}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x1}, 0x4)
r7 = socket$key(0xf, 0x3, 0x2)
getsockname$packet(r0, &(0x7f00000015c0)={0x11, 0x0, <r8=>0x0}, &(0x7f0000001600)=0x14)
sendmsg$inet(r7, &(0x7f0000001740)={&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000001580)=[{&(0x7f0000000500)="1786a877c7035c9b99da7b008fe83ae2a8455e8d72e262f6bdcf4b793c02494fed0368222036e2b48c06d47a28311f9da6a7c16b64aaa5739bc68f2ee7f65d0af37514643bf75830c7066e371d1cf2bb4a3e5a11364822e34f70c2e2dc851fe3dcbab2e1c8a1d9d8f5d555837cc18d24f8d23c89fc4a456f077dee8a05bda113a5757190746de8abe01a7bca80a14a13f40e2e309e0265382466506d97304b2ac7b2ea971e3d9db7961d4f36861ea4f9f5cfbbeeae333d5c880a1f3ff3a250ea92c9064ba4e540e615c5c378a9d33aa34dcc78f95be583a7beac6d4f1cd72d006d82ba4115df85c15534be1fbaa30548b633ab37b820b00fe37e5409bf9e0926b594593c37a1c2343d9a646059675e11af5e28caf8e9137686587e2dcc6a1eee3095fb2f19528a1ae0b70ec1f795e826da949251f9c4a53787374bb18ae38c1555754ed09590cf033d49866bab5dae4d14e6e6e3d0052891de3d4cdeba83ab2812e84e3152ae4d20a7341be9e62fa29f1ea322fb24755893e1ee55b5b01d9dbe6cd27704f870a8e7faac45c497de331fe06ef9cdc3a8c1b1553995dd52b49c9aa85cf6973f8436d24c50ee44f88b4081c21c3dc21572c5b89cef5ace56611d34bea19e548b996687b4c68dd83f75e5df0931a25ff69eac65c5e88fa2587bf3d6df493508be15783cd6f9329e68fb20c2c1908c999f2c606feb9166ce201a2a581ad50d196820571b030aae8c539537de3522f659913e9d511d5896ada345b2258715791a1f3b303f9b5358cb033b9b2e584a0931187570b3c4152930a6a212211c6bcd0539a4056059eb032d3ffc0d37f6559b14bca5a96c203f0e2ee6dedfc6d4bc5eade62da0c26b5a3edbc6f466536d7176c014b4a40beff2ad57ec2f7e90a387c54331062ae599b6697ee7cfba43652d3ddbaf9de443ad8ada2cbaf4e92794f4d235c51bd988b8c470b2fa456fe7d9026e2ce0616785430e33caca186f1d3c74fe0664ef4bbb8ef272d68fe3861506fb2a9b9fd0096d05a3519295e0888b547ac117cdde498c7f40b30f44a28fe7e50d7ad40b244e9ca22667cacfb425e774ab27aad73ce4f78c3ac7ededc5142028d5c3bb4ca67ce0262249a22fa47fc9a83c6d9a3fd124b216e0d14080dee800f1000ed5ffa3e2eeeb08a275a2303b08b1128c1f109e36c5e78334e3d3acebc855c7a28626e9b4e9deadf5c2cb4922c3cb4f91d3b67ed9e607849f689544f08e24fc875697f9a3271ae9870a46e5e296e969a190139ecf85c2fdb4a5edd456592435d8bf07d73eb21ce467f36174e50fb9b4fdd26c7ea1218d34f5858a6942fe0e7ad7a33bedacb8c504a22a36a56d82cf2734c0db2e810fba5ef819f96db88dc05f70237bbd822caae4a722f32ca1f2e77d00230c47b704194a67e870c8ff69f94e4885c08e8f9fc5151e05c3e13d3743dba5b95841f69aec906b60551035e804b26e3d1d9cf580e6e7091d4e0bf9d3c1c7294f55b22d31a7b3fa8817158388fb4b9b6338eb36ea9ba5822abc74b5c84a2709ccea77dfb8e81ea70a71c2f3fd993dac2b4b710d21574e5155fefd05059d62e00ba67d04b7f38d3a4957032758e5c2a8221253cff63f9e3143ad486977a39d17a791c8393f7a73b48b46e2143be1f29aba058352949aeb2d5b47fff672c5f23a11640d37979d1f12a7f06fabdb6455c8b97815ebc1619c62db64693016bb6c28bed1dcb0171204e0691e9df9dbf445e849758039700167b6e54978fd5b1486a2a229a5a21ce313628ef2ae70071f2559afc1f08b658ef37722dc5af0935dcc840da09916486335c8184a33c8163ab208861ac0c73aa91f5b3679c42d725d02b8d32d6858837259be9901d52000ceec62c91f5e2032d4f8459069a0a1d703bd6268418178b62a4fb5c6cd4b5b9ad5c4fb14f0381481df50e877be97a968a9c0e883682f689a5c1f3b3f1a121d2ddb611e2db1235e2ad93d2f69edd7cdd094535ce8f43606e6d610deb22296485b77b272174a73b725481ce957bc82ebc54e6d11ab583c483917cfcf000833c74c3a687960fa18f7164593e2ddf01233762af6297f3851fcf2450104f72054f7541342c2bfb87403cb01990f274e0133e34496d6fbe74505fb6eb60da3b9a0d22290ed46aa796858be014a07c402d7bd2abb1df8c52d621218998479018b1e58fe0e3570c0fb4d51dc4d0560ffbeb8b6973e6f73e4b49ccf8298a23955a33152edd1cd253490b0950267197bb2c6a3c8087dcf0f6e10d7623a7d3be1b65968099a264c4222f7d1203dcc495478a70a839f767b7e5456e7d300124ab13e87f47fad1b18fe05205db04f82653c8a4a14e5dff405b073e0df5505ded4c6467f705fc81b30b794d32b21a18c593a9a26d75e9382817e5d8f292b9f44ef275a19af7f8402fa995d1c665e9f886924cdfe0d3865ae1b7320deffcfeaa47fdc3ae1186a1839d2193bd208473b907644b23f8acc9bf22be95388f1b47d3eb6245509623d15d5df50dc7e39d9a0e69c1255a3b0139715cbfeaab8b1fff5de13f1f734adb2227f84d770db182473b5fc60dd6abc35136a37f3419cac6564e12d6f7e9cb894aadd27b8e864ed0cd1e94f8783cda18d6674736f4fda32cc7815caa86d6036aae82ed77ed15f9b3cf12ef45ebe1049fc6767aa5ae3bc0d19847394629fac7021bd517e0199151e217d1f6e812a02b466dcb0d3eb2b6e78e122a841ff3e606a14b4cb56ced0d2001129fe23652fe7204863867e99f8164be14bf0412007e6817134577e966f96a3ab0bf02c66e6f2c3182845ea7e018d8501babfc3a83fdf1c3a13c7cc4825433c2aa928d3e9c911aee8fe6c95ba0d72d9ef1e4b6f29664988e5444d654234c63f17fc9a280de0d7f4288b82e78ba918c773f170b59c1a886bfc4dff8e2bf9c2afc84489c1f1e2096724dc18a90310c2d70b6974b9f38032621049562cf7acb6a07766fdf055bd80d09bd940b422a02d6ae87b88f7f24123a0c31e53ba1ee9b732f1cec31d8eab441e616606269cac3471b4d676a7f5eadd69480b9cd76a56300dea6689d39321586207602dc463b535e4a0ba2059c3255c54a237aad5077bdb037b493c23f3c5e128739283dbc5dea7353b8f65e0d9bf98f0bb6eafc9a190ca3789ad9545bac7116921e7b0d6d2ec576aa3be56a26aedda7171334043f09e5f3dd58420fb4ef253c4fb2f18784029049842087eee1a683a7177042f232a8e38937b7b7785094f3ea81b67c5ccc3d15df2df5becc183279057792b851c44a8107667fc5a95839a27c1d1ab6973ae09f8929a6cc465fbd2fa73805daf31e4d61909129ce0b96c330bfefd037440807f9d6a1eb61d22455e20bde570b89190a1da070bcf179a4c96f23637d8e95265d69ab627cfe1b514c259f741e1ebdd9777c558e469d2d7855fa6137db242901907029671cb94f8522fd9ec0ce587e5adc8a342b68a09a8dc91c6eabb16ab1a25e1aea87b9013e59154fc8c10a16901ac247ae4266983c39eea08955822190aac5d9ee4bbfc42f8e5663733277266b16fe70b79e8c32cd7cc6da2414e21062c6e5e1740607dc51f3aae5d6778c686e748122a16c2412be31d028882d5fe83c81c40d91adf6cbc978cefd1afdc73e65b3c597409fdcf8853a875eaa880be15031dd22d113126bf03d463b762d49878b298f246233bc240ad2f0d81e372ecf3693f56b008285d0b0a20b5bcf0434b68b77447beb466b8de2b021d5349486758443ba8694ef97b85b3b5d501ef843766154c278662fbb190d2971d297ed35a8aefee594ed0c25923c658b7c1b75cd3df393ccfa779fd6fbbe9b6d2ff75c64d99aa85db328cbd3f81fceaff3189080fd1ca03dc139f763faea190d6725df316c805aee1962eba9d1178ae7c5351a0f5fa8460dd6b894a45d0d5193ec83f935437c967a4ccab33081cf0fc29c14479f9f70ea74a6192899da1b8e51cd6d1f9fca24bc5f04765a5272105a2b5f343f185c72459e67862c874b1765f9e58f2978c49b84893c418c75471f24082e75cdbc10106a27d10039651220df52827b292ed11b8db9c8b882bbab05b156a7ef9e7a10f1df778ea2b83a0e314595e5ed75808172b88d23a9d10527a62529375cd74ce849cec4b1ed04a5311084edd96d29aedab151e44ba20cfbf178ca49291a9db828b6ec60763616ca31390f963b6bfbad1145fb8da39c5301a910148d790e5e67fdf294c60e23e5bd4d9ce92dc366961f26136a09d933b6f58f4c264e9cdb43edef4607d733a7b988d7496d8548fd003e386138b6273dd54df3e2205f32bd5251b3ae4910be683363db1f882c2137d5b25131cf055f3dd239d83330de1a8e67362fe4f7040d46ecf28ebc0efab4b4b660b8f7381f7ca345f0a6d97dd97d28064fd3eb9a0530dacdbf42b3e60e3c4367de2ed7064b9bd70805b715cbb538fa07918d459cb05b24dca569ecd5d9eed54f76b6a2b5ed193c9973f3870042a0e3a4b3e645385fcdb386d98a522d83d3bf58b8ad2a16e1a5d50f70957e56b053f6a6a129f43076567f6e2106d479926750496cfeccbc5760f8cbf78ad3345b553f90a238888a7778fa07e0f46941f9c20d94d3ec31ad2b5aedbbae1888ea393cbbba0c807ad5e27008fed002a8be08e67a10ec8cee2bacc44fcd4bb53cc4d9a0beca4e31dc3e333dc704c10c9f5f50568f123bfc6c0bfc497a3c2b83a9bf8b44b1c8c2def16f804f56a1cd13f1309803e9cfd3c68ac30066f8f0ce0a09a3d42fcec40618fef51ed80157930e086d5a6d766d49cc7a65d6cff41b5f8e4276822283d2f74f094bbc64c470e221456799224899d1b649a4a136b5875ec5c408350e2dfd9be8fc311d7345b3e49b6970e5d1da5c795f7ade74915a28cde8be6a5bf9916b68d90741e7e1df3a119174c0d93b8d2587bcb7be092ed93b0926b82b1181f5da6a5ede444afa2922ca28d0692a38dac02224e115ae1149ff3f8719927946994a7d1dbaf65f186f82fcbe9d66b396666a84bde25f21847d04e048ccf1d713843239a3794ea1e2db19fe74b4d2f0459c6beb843d69d1df90c8bde1212cc86ea4e7002e91220a203f2789c86cc782f1dad0eee6390b48c4064c21193a3fdd7347c7af19ce6206a81071c807679efcd1300cfc6751b52c4cad5f4b852e67a007cfc810e8059b144ef367e66f167ea7c9f84624291e1eaaea46fe591552137217897ec9b6ad5da1f813a8061ad4beccf9b48ea683211badc0b9466abe1932fe1dd81a3064e9701f4f6f097b71debca69f517f9a4fdf52edcef9d4e1376d3a09d3431ea2cd5968093dfb8ea4e60c8209f6c16c810d14cb5d77839d264129131a0ded9ea6775d40e36198138981b49d6638af41e7a724ac9c3417e0286b155dcaba4d178488fe58a5a0e29e0bb4b26f59376ce130f65fc0bf9aaec294d1b910383fe64e94640ea4d2dbd771bd17232aeed5f378c331dbbc8ce7ebdd3002a2a6043eabe76159bc2b7b51b2d64ec9c74326578424549d457b2646756c3704cc413fab9b7e3ed89584e2f3517e5bead48ece2f29fbb48ce401d48e8b2eeb902e91b36982bb151598ae5df18c14124a55ea176bd76d354479bdb4aaf8d1a21fbea8ee9bbdca9795884fe3bf185c44732b63a0647b21e6aacab030035abe87cdf850df2a6258cea39b8bb7a24fec0636af065c427d14c4ec720aaeceb55a4468fe419037e46d557d3e323ea33b78389fc21ef4e46a66ee1145d1e23d8a660c37fc00970794182aeef91c9e6b6e39819d3bee9947dfd4d44", 0x1000}, {&(0x7f0000001500)="78edbfbc4b3efd3e14f01c7300f3a9acad8cd68fb654ad35912f018638579bcc62cdb0708d6a9ac71782070968e382ac4fc7ae88bdd79664c7a9930a543b8edafe856a32f1bcbae66aa99bdc7cddbe75e015073e0ebd7cc86cc1776f27c32775483bc0f5f8d07acfd73162a2a55befe3203b604e75857a19", 0x78}], 0x2, &(0x7f0000001640)=[@ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1b}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4}}, @ip_tos_u8={{0x11}}, @ip_retopts={{0x28, 0x0, 0x7, {[@cipso={0x86, 0x16, 0x3, [{0x0, 0x9, "e63d172eacb7b6"}, {0x1, 0x3, "f3"}, {0x1, 0x4, "ac76"}]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1a69}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @rand_addr=0x64010101, @rand_addr=0x64010100}}}], 0xf0}, 0x40)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000001780))
getpeername$inet(r1, &(0x7f00000017c0)={0x2, 0x0, @private}, &(0x7f0000001800)=0x10)
clock_gettime(0x0, &(0x7f0000001880)={<r9=>0x0, <r10=>0x0})
ppoll(&(0x7f0000001840)=[{r1, 0xd7d64252bf14649}, {r1, 0x20}, {r7, 0x8}], 0x3, &(0x7f00000018c0)={r9, r10+60000000}, &(0x7f0000001900)={[0x69]}, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001940)='./cgroup/syz1\x00', 0x1ff)
write$cgroup_subtree(r1, &(0x7f0000001980)={[{0x2d, 'net_prio'}, {0x2b, 'memory'}]}, 0x12)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001a00), r1)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000001ac0)={&(0x7f00000019c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001a40)={0x18, r11, 0x10, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x280440c4}, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001b40), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r12, &(0x7f0000001c80)={&(0x7f0000001b00)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001c40)={&(0x7f0000001b80)={0x88, r13, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x74, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4fae11dc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d19b268}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbf2f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x134c}]}, {0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x530f19ab}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd6ba}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd5a4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b645a9a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7778}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7c87b6b9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9bdb}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xed7a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6135b30c}]}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x84001}, 0xc820)
r14 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
setsockopt$ax25_SO_BINDTODEVICE(r14, 0x101, 0x19, &(0x7f0000001cc0)=@bpq0, 0x10)
r15 = getuid()
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001d00)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x4e22, 0x7, 0x4e22, 0x5, 0x2, 0x80, 0x0, 0x0, 0x0, r15}, {0x4, 0x7, 0xffffffffffffd655, 0xb, 0x7f, 0x8, 0x10001, 0x7}, {0xfffffffffffffffb, 0x9, 0x4, 0x8}, 0x2, 0x0, 0x3, 0x0, 0x1, 0x1}, {{@in6=@empty, 0x4d4, 0x2b}, 0x2, @in=@remote, 0x3507, 0x0, 0x0, 0x6, 0x8, 0x100, 0xfffffff7}}, 0xe8)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000001e00), &(0x7f0000001e40)=0x4)
select(0x40, &(0x7f0000001e80)={0xfffffffffffffffe, 0x10, 0xe846, 0x4, 0x6, 0x5, 0x9, 0x401}, &(0x7f0000001ec0)={0x9, 0x10, 0x1, 0x1, 0x3, 0x0, 0x80000000, 0x9}, &(0x7f0000001f00)={0x0, 0x6, 0x7, 0x1f9f, 0x7, 0x4, 0xab, 0x3}, &(0x7f0000001f40))

726.271435ms ago: executing program 2 (id=3245):
socket(0x1e, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x7)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x268040, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x100000000000000, 0x2, 0x0, 0x408d7d42, 0x0, 0x2776, 0x9}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x95, 0x0, 0x0, 0xfdfffffffffffffd, 0x6}, 0x0, 0x0)

691.678136ms ago: executing program 4 (id=3246):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20}, 0x4000000)
pipe(&(0x7f0000000300))
pipe(&(0x7f0000000100))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) (fail_nth: 43)

524.652324ms ago: executing program 0 (id=3247):
r0 = socket(0x1e, 0x1, 0x0)
listen(r0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x7)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x268040, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x22020600)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x100000000000000, 0x2, 0x0, 0x408d7d42, 0x0, 0x2776, 0x9}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x95, 0x0, 0x0, 0xfdfffffffffffffd, 0x6}, 0x0, 0x0)

507.019476ms ago: executing program 2 (id=3248):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0)
sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x5c, r1, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x8}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x19}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x80}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x9}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x80}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x5}, @IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004041}, 0xc0108c9)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="44010000", @ANYRES16=r2, @ANYBLOB="010000000000000008000100000004000480080002000100000008000100000000000400088018010c8054000b800800090000000000080009000000000008000a000000000008000a0000000000080009000000000008000a000000000008000a000000000008000a000000000008000a000000000008000900000000000c000b8008000a000000000014000b8008000900c81e173808000a0083ec000004000b8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000a00000000000800090000000000080009000000000008000a000000000008000a00000000003c000b80080009000000000008000a000000000008000a000000000008000900000000000800090080000000080009000000000008000900000000000c000b800800090000000080"], 0x144}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r3)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820f", 0x8c)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000bc0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e25, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000001440)="95", 0x1}], 0x1}}], 0x2, 0x20000004)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000740)={0x0, 0xca}, &(0x7f0000000780)=0x8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000})
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, @NFT_OBJECT_LIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x28, 0xc, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}]}, @NFT_MSG_NEWRULE={0x134, 0x6, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_USERDATA={0xdc, 0x7, 0x1, 0x0, "e22247264b875300da06908babc1cc6e1347c5e83f1acc97c505870252cb003adf743c0fd181709a7420f4c29b0ba9d059f4a3a1c3a6e8e95315a50f44b4f9e7eab3653405bff839edb988ec3b2bde83b268d1c20507f9d067e0485816a0bfa45daca11f1a5f8d114acfd8b6d3eb796e508b34223a3070c209fa4ecc969948ec7752f4a3a4d02d2351507f9ad116592fd64f32b9bee4858156a3f06c6d12667b4c78f32f7c2c761f8ba2a8def3f6d6965696efe113a0b50b179fc17066b02cfefdbb1709a217060daedca2a6dd455eae669f5ce2f5bcc908"}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x1d0}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0xb0b}, 0x14}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000006c0)=0x1, 0x4)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030080e6ff000000000200000009000100"], 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
sendmsg$NFT_BATCH(r9, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@newsa={0x14c, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {@in6=@loopback, 0x4d4, 0x32}, @in=@dev, {}, {0x0, 0x200000000, 0x0, 0x100000}, {}, 0x1, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @extra_flags={0x8, 0x18, 0xcd}, @offload={0xc}]}, 0x14c}, 0x1, 0x0, 0x0, 0x20000011}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x800)

226.14204ms ago: executing program 0 (id=3249):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0) (async)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e) (async)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffb, @local, 'geneve0\x00'}}, 0x1e) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40201, 0x0) (async)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', <r3=>0x0}) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000bc0)=@dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0)

120.529427ms ago: executing program 4 (id=3250):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x4}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TOS={0x5, 0x50, 0xf7}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @multicast}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x8}]}}]}, 0x50}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

118.41523ms ago: executing program 0 (id=3251):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000100)=ANY=[@ANYBLOB="1805000400000000000000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001801000020696c2500000000002020207b0af8ff00000000bd510000000000000701000000feffffb702000008000000b703000000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vlan0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
r4 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
setsockopt$inet_tcp_int(r4, 0x6, 0x38, &(0x7f00000001c0)=0x9f04, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000001740)={'syzkaller1\x00', &(0x7f0000001640)=@ethtool_drvinfo={0x3, "a1bdb8d44cddbf4a58777b514109144ef588e2e3c04b830c5351e8ad93e86da3", "2e9185bc319d4c57cdf5e261586c166de80ef00000000064ff9d2d851e8f00", "a0ab7e977fdac226b8c494358b1bae06393932f28a9c5dee2177def10ef1de35", "ae33fa8801e356b19c52e0cabbe4845616e7a23836e2ead91ee49871a33f433a", "14fb465c47d4dd53326129372fc8e61f9bf2178f76473e3bec9398116781fc4e", "9ab337a3ea804dcf1c1158ef", 0x40000, 0x0, 0x0, 0x1}})
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40a01, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=@newlink={0x58, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1d}}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x58}}, 0x0)

25.603531ms ago: executing program 2 (id=3252):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}]}, {0x4}, {0xc, 0x7, {0x9000000}}, {0xc}}}]}]}, 0x64}}, 0x0)

0s ago: executing program 1 (id=3158):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x880}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@delchain={0x34, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9, 0xffe0}, {0x10, 0xffff}, {0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x84ffffff}, 0x0)

kernel console output (not intermixed with test programs):

etlink: 24 bytes leftover after parsing attributes in process `syz.1.2129'.
[  235.198134][T12202] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  235.247753][T12202] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2131'.
[  235.430792][T12214] sctp: [Deprecated]: syz.4.2134 (pid 12214) Use of struct sctp_assoc_value in delayed_ack socket option.
[  235.430792][T12214] Use struct sctp_sack_info instead
[  235.863510][T12239] net_ratelimit: 12 callbacks suppressed
[  235.863530][T12239] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[  236.023858][T12251] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  236.288675][T12274] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  236.312338][T12275] dummy0: entered promiscuous mode
[  236.318821][T12275] dummy0: left promiscuous mode
[  236.434246][T12277] __nla_validate_parse: 8 callbacks suppressed
[  236.434269][T12277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2155'.
[  236.469945][T12286] netlink: 'syz.3.2158': attribute type 10 has an invalid length.
[  236.513955][T12284] netlink: 'syz.2.2157': attribute type 10 has an invalid length.
[  236.576930][T12287] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2157'.
[  236.845462][T12309] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2167'.
[  236.852872][T12313] netlink: 'syz.4.2168': attribute type 9 has an invalid length.
[  236.877667][T12316] bridge1: entered promiscuous mode
[  236.882935][T12316] bridge1: entered allmulticast mode
[  236.894287][T12313] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2168'.
[  236.925703][T12316] team0: Port device bridge1 added
[  237.241616][T12340] netlink: 'syz.4.2177': attribute type 10 has an invalid length.
[  237.259399][T12340] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2177'.
[  237.392002][T12346] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2180'.
[  237.465847][T12342] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2179'.
[  237.602471][T12362] FAULT_INJECTION: forcing a failure.
[  237.602471][T12362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  237.619597][T12362] CPU: 1 UID: 0 PID: 12362 Comm: syz.4.2187 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  237.630431][T12362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  237.640521][T12362] Call Trace:
[  237.643820][T12362]  <TASK>
[  237.646784][T12362]  dump_stack_lvl+0x241/0x360
[  237.651504][T12362]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.656748][T12362]  ? __pfx__printk+0x10/0x10
[  237.661384][T12362]  ? snprintf+0xda/0x120
[  237.665677][T12362]  should_fail_ex+0x3b0/0x4e0
[  237.670387][T12362]  _copy_to_user+0x31/0xb0
[  237.674839][T12362]  simple_read_from_buffer+0xca/0x150
[  237.680249][T12362]  proc_fail_nth_read+0x1e9/0x250
[  237.685313][T12362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  237.690903][T12362]  ? rw_verify_area+0x55e/0x6f0
[  237.695802][T12362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  237.701397][T12362]  vfs_read+0x1fc/0xb70
[  237.705612][T12362]  ? __pfx___mutex_lock+0x10/0x10
[  237.710767][T12362]  ? __pfx_vfs_read+0x10/0x10
[  237.715481][T12362]  ? __fget_files+0x2a/0x410
[  237.720114][T12362]  ? __fget_files+0x395/0x410
[  237.724830][T12362]  ? __fget_files+0x2a/0x410
[  237.729457][T12362]  ksys_read+0x18f/0x2b0
[  237.733806][T12362]  ? __pfx_ksys_read+0x10/0x10
[  237.738593][T12362]  ? do_syscall_64+0x100/0x230
[  237.743365][T12362]  ? do_syscall_64+0xb6/0x230
[  237.748045][T12362]  do_syscall_64+0xf3/0x230
[  237.752631][T12362]  ? clear_bhb_loop+0x35/0x90
[  237.757306][T12362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.763196][T12362] RIP: 0033:0x7fd908b8473c
[  237.767608][T12362] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  237.787220][T12362] RSP: 002b:00007fd90993e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  237.795642][T12362] RAX: ffffffffffffffda RBX: 00007fd908d75fa0 RCX: 00007fd908b8473c
[  237.803611][T12362] RDX: 000000000000000f RSI: 00007fd90993e0a0 RDI: 0000000000000006
[  237.811577][T12362] RBP: 00007fd90993e090 R08: 0000000000000000 R09: 0000000000000000
[  237.819543][T12362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  237.827509][T12362] R13: 0000000000000000 R14: 00007fd908d75fa0 R15: 00007ffd94b70ad8
[  237.835508][T12362]  </TASK>
[  237.846796][T12359] ebtables: ebtables: counters copy to user failed while replacing table
[  238.029158][T12374] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2190'.
[  238.132950][T12384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2194'.
[  238.142763][T12382] netlink: 'syz.3.2192': attribute type 10 has an invalid length.
[  238.154504][T12382] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2192'.
[  238.361544][T12398] Cannot find del_set index 3 as target
[  238.778018][T12422] team0: entered promiscuous mode
[  238.796787][T12422] team0: left promiscuous mode
[  238.825411][T12424] netlink: 'syz.4.2209': attribute type 10 has an invalid length.
[  239.246161][T12457] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  239.743878][T12480] FAULT_INJECTION: forcing a failure.
[  239.743878][T12480] name failslab, interval 1, probability 0, space 0, times 0
[  239.759255][T12480] CPU: 1 UID: 0 PID: 12480 Comm: syz.1.2230 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  239.770181][T12480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  239.780272][T12480] Call Trace:
[  239.783589][T12480]  <TASK>
[  239.786545][T12480]  dump_stack_lvl+0x241/0x360
[  239.791262][T12480]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.796497][T12480]  ? __pfx__printk+0x10/0x10
[  239.801120][T12480]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  239.806528][T12480]  ? __pfx___might_resched+0x10/0x10
[  239.811857][T12480]  should_fail_ex+0x3b0/0x4e0
[  239.816737][T12480]  should_failslab+0xac/0x100
[  239.821431][T12480]  __kmalloc_node_noprof+0xe1/0x4d0
[  239.826689][T12480]  ? alloc_slab_obj_exts+0x3a/0xa0
[  239.831813][T12480]  alloc_slab_obj_exts+0x3a/0xa0
[  239.837123][T12480]  __memcg_slab_post_alloc_hook+0x319/0x7e0
[  239.843033][T12480]  kmem_cache_alloc_node_noprof+0x288/0x380
[  239.848935][T12480]  ? __alloc_skb+0x1c3/0x440
[  239.853556][T12480]  __alloc_skb+0x1c3/0x440
[  239.858029][T12480]  ? __pfx___alloc_skb+0x10/0x10
[  239.863008][T12480]  ? kasan_save_track+0x51/0x80
[  239.867888][T12480]  ? kasan_save_free_info+0x40/0x50
[  239.873098][T12480]  ? __kasan_slab_free+0x59/0x70
[  239.878042][T12480]  ? kmem_cache_free+0x195/0x410
[  239.882984][T12480]  ? unix_dgram_sendmsg+0x736/0x1e00
[  239.888370][T12480]  ? __sock_sendmsg+0x221/0x270
[  239.893395][T12480]  ? ____sys_sendmsg+0x52a/0x7e0
[  239.898333][T12480]  alloc_skb_with_frags+0xc3/0x820
[  239.903447][T12480]  ? validate_chain+0x11e/0x5920
[  239.908392][T12480]  sock_alloc_send_pskb+0x91a/0xa60
[  239.913597][T12480]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  239.919322][T12480]  unix_dgram_sendmsg+0x5f1/0x1e00
[  239.924448][T12480]  ? aa_sk_perm+0x96d/0xab0
[  239.928965][T12480]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  239.934521][T12480]  ? __import_iovec+0x3a8/0x870
[  239.939385][T12480]  ? aa_sock_msg_perm+0x91/0x160
[  239.944316][T12480]  ? unix_seqpacket_sendmsg+0x110/0x1e0
[  239.949869][T12480]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[  239.955763][T12480]  __sock_sendmsg+0x221/0x270
[  239.960443][T12480]  ____sys_sendmsg+0x52a/0x7e0
[  239.965207][T12480]  ? __pfx_____sys_sendmsg+0x10/0x10
[  239.970484][T12480]  ? __fget_files+0x2a/0x410
[  239.975078][T12480]  ? __sys_sendmmsg+0x392/0x720
[  239.979924][T12480]  ? __might_fault+0xaa/0x120
[  239.984598][T12480]  __sys_sendmmsg+0x36a/0x720
[  239.989283][T12480]  ? __pfx___sys_sendmmsg+0x10/0x10
[  239.994490][T12480]  ? __pfx_lock_release+0x10/0x10
[  239.999530][T12480]  ? kstrtouint_from_user+0x128/0x190
[  240.004924][T12480]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  240.010931][T12480]  ? ksys_write+0x22a/0x2b0
[  240.015541][T12480]  ? __pfx_lock_release+0x10/0x10
[  240.020689][T12480]  ? vfs_write+0x730/0xd30
[  240.025327][T12480]  ? __mutex_unlock_slowpath+0x21e/0x790
[  240.031023][T12480]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  240.037025][T12480]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  240.043364][T12480]  ? do_syscall_64+0x100/0x230
[  240.048131][T12480]  __x64_sys_sendmmsg+0xa0/0xb0
[  240.052985][T12480]  do_syscall_64+0xf3/0x230
[  240.057661][T12480]  ? clear_bhb_loop+0x35/0x90
[  240.062340][T12480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.068232][T12480] RIP: 0033:0x7ff9c5985d29
[  240.072642][T12480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.092438][T12480] RSP: 002b:00007ff9c66d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  240.100889][T12480] RAX: ffffffffffffffda RBX: 00007ff9c5b75fa0 RCX: 00007ff9c5985d29
[  240.108872][T12480] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  240.117053][T12480] RBP: 00007ff9c66d1090 R08: 0000000000000000 R09: 0000000000000000
[  240.125154][T12480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  240.134028][T12480] R13: 0000000000000000 R14: 00007ff9c5b75fa0 R15: 00007ffc35fcb808
[  240.142034][T12480]  </TASK>
[  240.643230][T12518] ax25_connect(): syz.4.2241 uses autobind, please contact jreuter@yaina.de
[  240.690992][T12522] FAULT_INJECTION: forcing a failure.
[  240.690992][T12522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.706992][T12522] CPU: 0 UID: 0 PID: 12522 Comm: syz.3.2243 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  240.717797][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  240.727869][T12522] Call Trace:
[  240.731182][T12522]  <TASK>
[  240.734147][T12522]  dump_stack_lvl+0x241/0x360
[  240.738864][T12522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.744119][T12522]  ? __pfx__printk+0x10/0x10
[  240.748754][T12522]  ? snprintf+0xda/0x120
[  240.753048][T12522]  should_fail_ex+0x3b0/0x4e0
[  240.757767][T12522]  _copy_to_user+0x31/0xb0
[  240.762228][T12522]  simple_read_from_buffer+0xca/0x150
[  240.767639][T12522]  proc_fail_nth_read+0x1e9/0x250
[  240.772733][T12522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  240.778318][T12522]  ? rw_verify_area+0x55e/0x6f0
[  240.783201][T12522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  240.788781][T12522]  vfs_read+0x1fc/0xb70
[  240.792980][T12522]  ? __pfx___mutex_lock+0x10/0x10
[  240.798140][T12522]  ? __pfx_vfs_read+0x10/0x10
[  240.802848][T12522]  ? __fget_files+0x2a/0x410
[  240.807478][T12522]  ? __fget_files+0x395/0x410
[  240.812176][T12522]  ? __fget_files+0x2a/0x410
[  240.816792][T12522]  ksys_read+0x18f/0x2b0
[  240.821035][T12522]  ? __pfx_ksys_read+0x10/0x10
[  240.825808][T12522]  ? do_syscall_64+0x100/0x230
[  240.830571][T12522]  ? do_syscall_64+0xb6/0x230
[  240.835248][T12522]  do_syscall_64+0xf3/0x230
[  240.839749][T12522]  ? clear_bhb_loop+0x35/0x90
[  240.844474][T12522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.850470][T12522] RIP: 0033:0x7f18fe18473c
[  240.854892][T12522] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  240.874516][T12522] RSP: 002b:00007f18fbff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  240.882928][T12522] RAX: ffffffffffffffda RBX: 00007f18fe375fa0 RCX: 00007f18fe18473c
[  240.890979][T12522] RDX: 000000000000000f RSI: 00007f18fbff60a0 RDI: 0000000000000003
[  240.898944][T12522] RBP: 00007f18fbff6090 R08: 0000000000000000 R09: 0000000000000000
[  240.907000][T12522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.914980][T12522] R13: 0000000000000000 R14: 00007f18fe375fa0 R15: 00007ffc13eac9d8
[  240.922969][T12522]  </TASK>
[  241.477480][T12549] __nla_validate_parse: 16 callbacks suppressed
[  241.477501][T12549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2252'.
[  241.797713][T12563] netlink: 1268 bytes leftover after parsing attributes in process `syz.1.2258'.
[  241.807517][T12563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.811569][T12565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2259'.
[  241.835198][T12566] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2257'.
[  241.979890][T12572] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2261'.
[  241.989260][T12572] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2261'.
[  242.029193][T12574] syzkaller1: entered promiscuous mode
[  242.035041][T12574] syzkaller1: entered allmulticast mode
[  242.286783][T12581] x_tables: duplicate underflow at hook 1
[  242.478518][T12594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2272'.
[  242.502480][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2270'.
[  242.688468][T12608] netlink: 'syz.3.2276': attribute type 10 has an invalid length.
[  242.708912][T12608] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2276'.
[  243.093216][T12631] x_tables: ip_tables: icmp match: only valid for protocol 1
[  243.224966][T12629] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  243.359131][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2288'.
[  243.950832][T12665] lo speed is unknown, defaulting to 1000
[  244.014857][T12665] lo speed is unknown, defaulting to 1000
[  244.054897][T12665] lo speed is unknown, defaulting to 1000
[  244.381190][T12665] infiniband syz0: set active
[  244.388287][   T58] lo speed is unknown, defaulting to 1000
[  244.404882][T12665] infiniband syz0: added lo
[  244.514674][T12665] RDS/IB: syz0: added
[  244.520893][T12665] smc: adding ib device syz0 with port count 1
[  244.527725][T12665] smc:    ib device syz0 port 1 has pnetid 
[  244.537925][T12665] lo speed is unknown, defaulting to 1000
[  244.586740][ T5881] lo speed is unknown, defaulting to 1000
[  244.882994][T12665] lo speed is unknown, defaulting to 1000
[  245.424800][T12665] lo speed is unknown, defaulting to 1000
[  245.588627][T12665] lo speed is unknown, defaulting to 1000
[  245.781312][T12665] lo speed is unknown, defaulting to 1000
[  246.158558][T12726] FAULT_INJECTION: forcing a failure.
[  246.158558][T12726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  246.179753][T12665] lo speed is unknown, defaulting to 1000
[  246.200468][T12726] CPU: 1 UID: 0 PID: 12726 Comm: syz.2.2314 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  246.211303][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  246.221377][T12726] Call Trace:
[  246.224685][T12726]  <TASK>
[  246.227629][T12726]  dump_stack_lvl+0x241/0x360
[  246.232335][T12726]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.237558][T12726]  ? __pfx__printk+0x10/0x10
[  246.242302][T12726]  ? __pfx_lock_release+0x10/0x10
[  246.247356][T12726]  should_fail_ex+0x3b0/0x4e0
[  246.252052][T12726]  _copy_from_user+0x2f/0xc0
[  246.256666][T12726]  copy_msghdr_from_user+0xae/0x680
[  246.261905][T12726]  ? __pfx___might_resched+0x10/0x10
[  246.267304][T12726]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  246.273219][T12726]  ? __fget_files+0x2a/0x410
[  246.277856][T12726]  ? __sys_sendmmsg+0x392/0x720
[  246.282821][T12726]  ? __might_fault+0xaa/0x120
[  246.287579][T12726]  __sys_sendmmsg+0x32b/0x720
[  246.292364][T12726]  ? __pfx___sys_sendmmsg+0x10/0x10
[  246.297614][T12726]  ? __pfx_lock_release+0x10/0x10
[  246.302673][T12726]  ? kstrtouint_from_user+0x128/0x190
[  246.308220][T12726]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  246.314165][T12726]  ? ksys_write+0x22a/0x2b0
[  246.318701][T12726]  ? __pfx_lock_release+0x10/0x10
[  246.323763][T12726]  ? vfs_write+0x730/0xd30
[  246.328205][T12726]  ? __mutex_unlock_slowpath+0x21e/0x790
[  246.333883][T12726]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  246.339884][T12726]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  246.346234][T12726]  ? do_syscall_64+0x100/0x230
[  246.351024][T12726]  __x64_sys_sendmmsg+0xa0/0xb0
[  246.355960][T12726]  do_syscall_64+0xf3/0x230
[  246.360513][T12726]  ? clear_bhb_loop+0x35/0x90
[  246.365212][T12726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.371147][T12726] RIP: 0033:0x7f5528185d29
[  246.375576][T12726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.395213][T12726] RSP: 002b:00007f5528fbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  246.403653][T12726] RAX: ffffffffffffffda RBX: 00007f5528375fa0 RCX: 00007f5528185d29
[  246.411643][T12726] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  246.419631][T12726] RBP: 00007f5528fbf090 R08: 0000000000000000 R09: 0000000000000000
[  246.427790][T12726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  246.435772][T12726] R13: 0000000000000000 R14: 00007f5528375fa0 R15: 00007fffc4179cf8
[  246.443775][T12726]  </TASK>
[  246.784565][T12740] FAULT_INJECTION: forcing a failure.
[  246.784565][T12740] name failslab, interval 1, probability 0, space 0, times 0
[  246.829941][T12740] CPU: 1 UID: 0 PID: 12740 Comm: syz.4.2321 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  246.840770][T12740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  246.850969][T12740] Call Trace:
[  246.854270][T12740]  <TASK>
[  246.857226][T12740]  dump_stack_lvl+0x241/0x360
[  246.862392][T12740]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.867625][T12740]  ? __pfx__printk+0x10/0x10
[  246.872246][T12740]  ? __kmalloc_noprof+0xb5/0x4c0
[  246.877215][T12740]  ? __pfx___might_resched+0x10/0x10
[  246.882534][T12740]  ? aa_get_newest_label+0xff/0x6f0
[  246.887732][T12740]  should_fail_ex+0x3b0/0x4e0
[  246.892493][T12740]  should_failslab+0xac/0x100
[  246.897182][T12740]  __kmalloc_noprof+0xdd/0x4c0
[  246.901950][T12740]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  246.908190][T12740]  ? apparmor_capable+0x13b/0x1b0
[  246.913213][T12740]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  246.919284][T12740]  genl_rcv_msg+0x802/0xec0
[  246.923804][T12740]  ? __pfx_genl_rcv_msg+0x10/0x10
[  246.928877][T12740]  ? __pfx_lock_acquire+0x10/0x10
[  246.933983][T12740]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  246.939702][T12740]  ? __pfx___might_resched+0x10/0x10
[  246.945013][T12740]  netlink_rcv_skb+0x1e3/0x430
[  246.949773][T12740]  ? __pfx_genl_rcv_msg+0x10/0x10
[  246.954886][T12740]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  246.960188][T12740]  genl_rcv+0x28/0x40
[  246.964347][T12740]  netlink_unicast+0x7f6/0x990
[  246.969121][T12740]  ? __pfx_netlink_unicast+0x10/0x10
[  246.974403][T12740]  ? __virt_addr_valid+0x45f/0x530
[  246.979604][T12740]  ? __phys_addr_symbol+0x2f/0x70
[  246.984623][T12740]  ? __check_object_size+0x47a/0x730
[  246.989908][T12740]  netlink_sendmsg+0x8e4/0xcb0
[  246.994702][T12740]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.000100][T12740]  ? aa_sock_msg_perm+0x91/0x160
[  247.005176][T12740]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.010473][T12740]  __sock_sendmsg+0x221/0x270
[  247.015174][T12740]  ____sys_sendmsg+0x52a/0x7e0
[  247.019992][T12740]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.025282][T12740]  ? __fget_files+0x2a/0x410
[  247.029898][T12740]  ? __fget_files+0x2a/0x410
[  247.034505][T12740]  __sys_sendmsg+0x269/0x350
[  247.039175][T12740]  ? __pfx_lock_release+0x10/0x10
[  247.044210][T12740]  ? __pfx___sys_sendmsg+0x10/0x10
[  247.049336][T12740]  ? __pfx_vfs_write+0x10/0x10
[  247.054209][T12740]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  247.060540][T12740]  ? do_syscall_64+0x100/0x230
[  247.065310][T12740]  ? do_syscall_64+0xb6/0x230
[  247.069998][T12740]  do_syscall_64+0xf3/0x230
[  247.074501][T12740]  ? clear_bhb_loop+0x35/0x90
[  247.079177][T12740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.085083][T12740] RIP: 0033:0x7fd908b85d29
[  247.089501][T12740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.109197][T12740] RSP: 002b:00007fd90993e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.117614][T12740] RAX: ffffffffffffffda RBX: 00007fd908d75fa0 RCX: 00007fd908b85d29
[  247.125592][T12740] RDX: 0000000000000800 RSI: 0000000020001f40 RDI: 0000000000000004
[  247.133557][T12740] RBP: 00007fd90993e090 R08: 0000000000000000 R09: 0000000000000000
[  247.141537][T12740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.149606][T12740] R13: 0000000000000000 R14: 00007fd908d75fa0 R15: 00007ffd94b70ad8
[  247.157590][T12740]  </TASK>
[  247.431509][T12763] __nla_validate_parse: 7 callbacks suppressed
[  247.431531][T12763] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2327'.
[  247.827643][T12787] netlink: 'syz.1.2334': attribute type 10 has an invalid length.
[  247.857573][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2336'.
[  247.896154][T12796] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2334'.
[  248.099047][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2341'.
[  248.126907][T12817] netlink: 'syz.4.2344': attribute type 27 has an invalid length.
[  248.372287][T12833] netlink: 'syz.2.2351': attribute type 10 has an invalid length.
[  248.393978][T12834] netlink: 'syz.0.2350': attribute type 10 has an invalid length.
[  248.410005][T12834] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2350'.
[  248.467090][T12838] hsr0: left promiscuous mode
[  248.477301][T12840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2354'.
[  248.488955][T12838] hsr0: entered promiscuous mode
[  248.494287][T12838] vlan0: entered promiscuous mode
[  248.627361][T12846] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2355'.
[  248.847782][T12862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2361'.
[  248.865020][T12862] bridge1: entered promiscuous mode
[  248.870519][T12862] bridge1: entered allmulticast mode
[  248.894836][T12862] team0: Port device bridge1 added
[  249.211880][T12879] netlink: 'syz.2.2368': attribute type 3 has an invalid length.
[  249.318118][T12895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2369'.
[  249.462009][ T5848] Bluetooth: hci4: link tx timeout
[  249.467631][ T5848] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  249.540637][T12899] netlink: 'syz.2.2374': attribute type 27 has an invalid length.
[  249.729881][T12911] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2378'.
[  249.879349][T12921] netlink: 'syz.3.2382': attribute type 3 has an invalid length.
[  250.113190][T12934] team0: No ports can be present during mode change
[  250.159086][T12937] netlink: 'syz.2.2387': attribute type 3 has an invalid length.
[  250.322747][T12939] dccp_invalid_packet: P.Data Offset(0) too small
[  251.003942][T12994] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  251.078084][T12994] xt_recent: Unsupported userspace flags (00000042)
[  251.114318][T13004] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 63
[  251.416779][T13007] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  251.526661][ T5142] Bluetooth: hci4: command 0x0401 tx timeout
[  251.848287][T13046] FAULT_INJECTION: forcing a failure.
[  251.848287][T13046] name failslab, interval 1, probability 0, space 0, times 0
[  251.862432][T13046] CPU: 0 UID: 0 PID: 13046 Comm: syz.1.2423 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  251.873252][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  251.883344][T13046] Call Trace:
[  251.886653][T13046]  <TASK>
[  251.889643][T13046]  dump_stack_lvl+0x241/0x360
[  251.894459][T13046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  251.899703][T13046]  ? __pfx__printk+0x10/0x10
[  251.904336][T13046]  ? klist_iter_exit+0x9d/0x100
[  251.909228][T13046]  ? do_raw_spin_lock+0x14f/0x370
[  251.914287][T13046]  should_fail_ex+0x3b0/0x4e0
[  251.918996][T13046]  should_failslab+0xac/0x100
[  251.923705][T13046]  kmem_cache_alloc_node_noprof+0x77/0x380
[  251.929545][T13046]  ? __alloc_skb+0x1c3/0x440
[  251.934168][T13046]  __alloc_skb+0x1c3/0x440
[  251.938624][T13046]  ? __pfx___alloc_skb+0x10/0x10
[  251.943608][T13046]  ieee802154_nl_new_reply+0x32/0xf0
[  251.948931][T13046]  ieee802154_add_iface+0x27b/0x7d0
[  251.954166][T13046]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  251.959922][T13046]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  251.966374][T13046]  genl_rcv_msg+0xb14/0xec0
[  251.970897][T13046]  ? __pfx_genl_rcv_msg+0x10/0x10
[  251.975947][T13046]  ? __pfx_lock_acquire+0x10/0x10
[  251.980975][T13046]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  251.986699][T13046]  ? __pfx___might_resched+0x10/0x10
[  251.992042][T13046]  netlink_rcv_skb+0x1e3/0x430
[  251.996845][T13046]  ? __pfx_genl_rcv_msg+0x10/0x10
[  252.001904][T13046]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  252.007222][T13046]  genl_rcv+0x28/0x40
[  252.011231][T13046]  netlink_unicast+0x7f6/0x990
[  252.016022][T13046]  ? __pfx_netlink_unicast+0x10/0x10
[  252.021489][T13046]  ? __virt_addr_valid+0x45f/0x530
[  252.026612][T13046]  ? __phys_addr_symbol+0x2f/0x70
[  252.031644][T13046]  ? __check_object_size+0x47a/0x730
[  252.036936][T13046]  netlink_sendmsg+0x8e4/0xcb0
[  252.041715][T13046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  252.047002][T13046]  ? aa_sock_msg_perm+0x91/0x160
[  252.052029][T13046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  252.057395][T13046]  __sock_sendmsg+0x221/0x270
[  252.062078][T13046]  ____sys_sendmsg+0x52a/0x7e0
[  252.066848][T13046]  ? __pfx_____sys_sendmsg+0x10/0x10
[  252.072131][T13046]  ? __fget_files+0x2a/0x410
[  252.076723][T13046]  ? __fget_files+0x2a/0x410
[  252.081325][T13046]  __sys_sendmsg+0x269/0x350
[  252.085923][T13046]  ? __pfx_lock_release+0x10/0x10
[  252.091036][T13046]  ? __pfx___sys_sendmsg+0x10/0x10
[  252.096154][T13046]  ? __pfx_vfs_write+0x10/0x10
[  252.100946][T13046]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  252.107361][T13046]  ? do_syscall_64+0x100/0x230
[  252.112128][T13046]  ? do_syscall_64+0xb6/0x230
[  252.116899][T13046]  do_syscall_64+0xf3/0x230
[  252.121415][T13046]  ? clear_bhb_loop+0x35/0x90
[  252.126093][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.131982][T13046] RIP: 0033:0x7ff9c5985d29
[  252.136397][T13046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.155997][T13046] RSP: 002b:00007ff9c66d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  252.164426][T13046] RAX: ffffffffffffffda RBX: 00007ff9c5b75fa0 RCX: 00007ff9c5985d29
[  252.172577][T13046] RDX: 0000000000000800 RSI: 0000000020001f40 RDI: 0000000000000004
[  252.180548][T13046] RBP: 00007ff9c66d1090 R08: 0000000000000000 R09: 0000000000000000
[  252.188624][T13046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.196608][T13046] R13: 0000000000000000 R14: 00007ff9c5b75fa0 R15: 00007ffc35fcb808
[  252.204605][T13046]  </TASK>
[  252.382906][T13062] netlink: 'syz.3.2429': attribute type 1 has an invalid length.
[  252.392691][T13054] syzkaller0: entered promiscuous mode
[  252.399171][T13054] syzkaller0: entered allmulticast mode
[  252.814669][T13096] netlink: 'syz.1.2437': attribute type 10 has an invalid length.
[  252.944087][T13100] __nla_validate_parse: 13 callbacks suppressed
[  252.944107][T13100] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2437'.
[  254.398594][T13085] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  254.463067][T13102] netlink: 'syz.4.2439': attribute type 1 has an invalid length.
[  254.491723][T13102] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2439'.
[  254.513201][T13104] netlink: 'syz.3.2438': attribute type 10 has an invalid length.
[  254.586415][T13108] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2440'.
[  254.763758][T13124] FAULT_INJECTION: forcing a failure.
[  254.763758][T13124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  254.786220][T13124] CPU: 1 UID: 0 PID: 13124 Comm: syz.0.2446 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  254.797046][T13124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  254.807137][T13124] Call Trace:
[  254.810440][T13124]  <TASK>
[  254.813397][T13124]  dump_stack_lvl+0x241/0x360
[  254.818129][T13124]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.823455][T13124]  ? __pfx__printk+0x10/0x10
[  254.828075][T13124]  ? __pfx_lock_release+0x10/0x10
[  254.833114][T13124]  should_fail_ex+0x3b0/0x4e0
[  254.837799][T13124]  _copy_from_user+0x2f/0xc0
[  254.842398][T13124]  copy_msghdr_from_user+0xae/0x680
[  254.847602][T13124]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  254.853407][T13124]  ? __fget_files+0x2a/0x410
[  254.858085][T13124]  ? __fget_files+0x2a/0x410
[  254.862685][T13124]  __sys_sendmmsg+0x32b/0x720
[  254.867373][T13124]  ? __pfx___sys_sendmmsg+0x10/0x10
[  254.872587][T13124]  ? group_send_sig_info+0x86/0x310
[  254.877785][T13124]  ? group_send_sig_info+0x1db/0x310
[  254.883125][T13124]  ? __pfx_group_send_sig_info+0x10/0x10
[  254.888949][T13124]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  254.894846][T13124]  ? bpf_trace_run2+0x1fc/0x540
[  254.899691][T13124]  ? __pfx_lock_release+0x10/0x10
[  254.904733][T13124]  ? __might_fault+0xc6/0x120
[  254.909411][T13124]  ? trace_sys_enter+0x74/0x120
[  254.914257][T13124]  ? rcu_is_watching+0x15/0xb0
[  254.919020][T13124]  __x64_sys_sendmmsg+0xa0/0xb0
[  254.923869][T13124]  do_syscall_64+0xf3/0x230
[  254.928394][T13124]  ? clear_bhb_loop+0x35/0x90
[  254.933091][T13124]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.938987][T13124] RIP: 0033:0x7fe0c4985d29
[  254.943395][T13124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.962994][T13124] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  254.971409][T13124] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  254.979382][T13124] RDX: 0000000000000002 RSI: 0000000020000b00 RDI: 0000000000000004
[  254.987352][T13124] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  254.995341][T13124] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  255.003337][T13124] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  255.011340][T13124]  </TASK>
[  255.088326][T13133] netlink: 'syz.4.2449': attribute type 7 has an invalid length.
[  255.096902][T13133] netlink: 'syz.4.2449': attribute type 8 has an invalid length.
[  255.263518][T13145] netlink: 'syz.2.2453': attribute type 10 has an invalid length.
[  255.276651][T13140] geneve0: left promiscuous mode
[  255.283331][T13140] bond1: left promiscuous mode
[  255.295836][T13145] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2453'.
[  255.308598][T13140] vlan3: left promiscuous mode
[  255.313806][T13140] vlan3: left allmulticast mode
[  255.319560][T13140] geneve1: left promiscuous mode
[  255.325882][T13140] geneve1: left allmulticast mode
[  255.331410][T13140] ipvlan2: left promiscuous mode
[  255.336468][T13140] ipvlan2: left allmulticast mode
[  255.341512][T13140] vlan0: left allmulticast mode
[  255.351154][T13140] bridge4: left promiscuous mode
[  255.356632][T13140] bridge4: left allmulticast mode
[  255.376094][T13140] team0: Port device bridge4 removed
[  255.383344][T13140] bridge5: left promiscuous mode
[  255.389861][T13140] bridge5: left allmulticast mode
[  255.411690][T13140] team0: Port device bridge5 removed
[  255.420638][T13145] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  255.454990][T13148] smc: net device bond0 applied user defined pnetid SYZ0
[  255.470075][T13155] smc: net device bond0 erased user defined pnetid SYZ0
[  255.600885][T13166] FAULT_INJECTION: forcing a failure.
[  255.600885][T13166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  255.619890][T13169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2461'.
[  255.629534][T13166] CPU: 1 UID: 0 PID: 13166 Comm: syz.2.2460 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  255.640337][T13166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  255.650423][T13166] Call Trace:
[  255.653729][T13166]  <TASK>
[  255.656680][T13166]  dump_stack_lvl+0x241/0x360
[  255.661391][T13166]  ? __pfx_dump_stack_lvl+0x10/0x10
[  255.666626][T13166]  ? __pfx__printk+0x10/0x10
[  255.671229][T13166]  ? __pfx_lock_release+0x10/0x10
[  255.676257][T13166]  should_fail_ex+0x3b0/0x4e0
[  255.680932][T13166]  _copy_from_user+0x2f/0xc0
[  255.685549][T13166]  copy_msghdr_from_user+0xae/0x680
[  255.690842][T13166]  ? __pfx___might_resched+0x10/0x10
[  255.696127][T13166]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  255.702073][T13166]  ? __fget_files+0x2a/0x410
[  255.706674][T13166]  ? __sys_sendmmsg+0x392/0x720
[  255.711526][T13166]  ? __might_fault+0xaa/0x120
[  255.716205][T13166]  __sys_sendmmsg+0x32b/0x720
[  255.720903][T13166]  ? __pfx___sys_sendmmsg+0x10/0x10
[  255.726108][T13166]  ? __pfx_lock_release+0x10/0x10
[  255.731127][T13166]  ? kstrtouint_from_user+0x128/0x190
[  255.736520][T13166]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  255.742411][T13166]  ? ksys_write+0x22a/0x2b0
[  255.746908][T13166]  ? __pfx_lock_release+0x10/0x10
[  255.751936][T13166]  ? vfs_write+0x730/0xd30
[  255.756357][T13166]  ? __mutex_unlock_slowpath+0x21e/0x790
[  255.762026][T13166]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  255.768096][T13166]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  255.774419][T13166]  ? do_syscall_64+0x100/0x230
[  255.779179][T13166]  __x64_sys_sendmmsg+0xa0/0xb0
[  255.784032][T13166]  do_syscall_64+0xf3/0x230
[  255.788529][T13166]  ? clear_bhb_loop+0x35/0x90
[  255.793206][T13166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.799093][T13166] RIP: 0033:0x7f5528185d29
[  255.803504][T13166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.823114][T13166] RSP: 002b:00007f5528fbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  255.831552][T13166] RAX: ffffffffffffffda RBX: 00007f5528375fa0 RCX: 00007f5528185d29
[  255.839548][T13166] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  255.847524][T13166] RBP: 00007f5528fbf090 R08: 0000000000000000 R09: 0000000000000000
[  255.855561][T13166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  255.863556][T13166] R13: 0000000000000000 R14: 00007f5528375fa0 R15: 00007fffc4179cf8
[  255.871557][T13166]  </TASK>
[  255.879935][T13170] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2459'.
[  256.126180][T13186] infiniband syz0: set down
[  256.442655][T13186] vxlan0: left promiscuous mode
[  256.448503][T13186] vxlan0: left allmulticast mode
[  256.453607][T13186] bond1: left promiscuous mode
[  256.475036][T13186] vlan1: left promiscuous mode
[  256.484592][T13186] vlan1: left allmulticast mode
[  256.496521][T13186] gretap0: left allmulticast mode
[  256.514581][T13186] vlan2: left allmulticast mode
[  256.535106][T13186] bridge1: left promiscuous mode
[  256.540134][T13186] bridge1: left allmulticast mode
[  256.575251][ T5881] lo speed is unknown, defaulting to 1000
[  256.601991][ T5881] lo speed is unknown, defaulting to 1000
[  256.733331][T13206] tipc: Invalid UDP bearer configuration
[  256.733375][T13206] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  256.849934][T13209] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  256.974810][T13209] syzkaller0: entered promiscuous mode
[  256.996938][T13209] syzkaller0: entered allmulticast mode
[  257.018789][T13209] tipc: Resetting bearer <eth:syzkaller0>
[  257.074789][T13217] macsec2: entered allmulticast mode
[  257.081474][T13217] veth1_macvtap: entered allmulticast mode
[  257.111988][T13217] veth1_macvtap: left allmulticast mode
[  257.146440][T13224] Cannot find del_set index 3 as target
[  257.218565][T13208] tipc: Resetting bearer <eth:syzkaller0>
[  257.825962][T13247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2487'.
[  257.941220][T13250] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2488'.
[  258.159547][T13252] can: request_module (can-proto-0) failed.
[  259.272471][T13208] tipc: Disabling bearer <eth:syzkaller0>
[  259.282934][T13232] syz.0.2481 (13232) used obsolete PPPIOCDETACH ioctl
[  259.290724][T13235] lo speed is unknown, defaulting to 1000
[  259.317866][T13240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2484'.
[  259.456257][T13261] team0: Port device bridge1 removed
[  259.712021][T13276] netlink: 'syz.3.2496': attribute type 10 has an invalid length.
[  259.722346][T13274] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2496'.
[  259.733770][T13275] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  259.748468][T13274] FAULT_INJECTION: forcing a failure.
[  259.748468][T13274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.779751][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2498'.
[  259.787731][T13274] CPU: 0 UID: 0 PID: 13274 Comm: syz.3.2496 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  259.799416][T13274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  259.809515][T13274] Call Trace:
[  259.812818][T13274]  <TASK>
[  259.815776][T13274]  dump_stack_lvl+0x241/0x360
[  259.820493][T13274]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.825809][T13274]  ? __pfx__printk+0x10/0x10
[  259.830530][T13274]  ? __pfx_lock_release+0x10/0x10
[  259.835625][T13274]  should_fail_ex+0x3b0/0x4e0
[  259.840327][T13274]  _copy_from_user+0x2f/0xc0
[  259.844960][T13274]  copy_msghdr_from_user+0xae/0x680
[  259.850199][T13274]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  259.856035][T13274]  ? __fget_files+0x2a/0x410
[  259.860662][T13274]  ? __fget_files+0x2a/0x410
[  259.865379][T13274]  __sys_sendmmsg+0x32b/0x720
[  259.870144][T13274]  ? __pfx___sys_sendmmsg+0x10/0x10
[  259.875486][T13274]  ? __pfx_lock_release+0x10/0x10
[  259.880555][T13274]  ? kstrtouint_from_user+0x128/0x190
[  259.885985][T13274]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  259.891911][T13274]  ? ksys_write+0x22a/0x2b0
[  259.896447][T13274]  ? __pfx_lock_release+0x10/0x10
[  259.901511][T13274]  ? vfs_write+0x730/0xd30
[  259.906049][T13274]  ? __mutex_unlock_slowpath+0x21e/0x790
[  259.911810][T13274]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  259.917807][T13274]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  259.924176][T13274]  ? do_syscall_64+0x100/0x230
[  259.929051][T13274]  __x64_sys_sendmmsg+0xa0/0xb0
[  259.934097][T13274]  do_syscall_64+0xf3/0x230
[  259.938598][T13274]  ? clear_bhb_loop+0x35/0x90
[  259.943273][T13274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.949168][T13274] RIP: 0033:0x7f18fe185d29
[  259.953575][T13274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.973192][T13274] RSP: 002b:00007f18fbff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  259.981629][T13274] RAX: ffffffffffffffda RBX: 00007f18fe375fa0 RCX: 00007f18fe185d29
[  259.989603][T13274] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004
[  259.997673][T13274] RBP: 00007f18fbff6090 R08: 0000000000000000 R09: 0000000000000000
[  260.005660][T13274] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  260.013704][T13274] R13: 0000000000000000 R14: 00007f18fe375fa0 R15: 00007ffc13eac9d8
[  260.021707][T13274]  </TASK>
[  260.691228][T13313] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2504'.
[  260.727252][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2507'.
[  260.758967][T13313] ip6gretap0: entered promiscuous mode
[  260.768613][T13311] netlink: 'syz.0.2506': attribute type 5 has an invalid length.
[  260.783135][T13313] ip6gretap0: left promiscuous mode
[  260.884108][T13321] netlink: 'syz.4.2508': attribute type 6 has an invalid length.
[  261.121830][T13333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2512'.
[  261.296827][T13342] xt_time: unknown flags 0x4
[  261.318871][T13345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2518'.
[  261.329106][T13342] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  261.436849][T13342] netlink: 'syz.0.2516': attribute type 10 has an invalid length.
[  261.506013][T13342] 8021q: adding VLAN 0 to HW filter on device bond0
[  261.523978][T13342] team0: Device bond0 failed to register rx_handler
[  261.785074][T13366] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2523'.
[  261.814824][T13366] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2523'.
[  262.156491][T13387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2532'.
[  262.278601][T13391] netlink: 'syz.3.2534': attribute type 21 has an invalid length.
[  262.304575][T13391] netlink: 'syz.3.2534': attribute type 20 has an invalid length.
[  263.036362][T13434] netlink: 'syz.1.2548': attribute type 11 has an invalid length.
[  263.097950][T13443] IPVS: Unknown mcast interface: veth°ñ
[  263.629216][T13483] netlink: 'syz.0.2567': attribute type 10 has an invalid length.
[  263.849203][T13492] lo speed is unknown, defaulting to 1000
[  263.917519][T13499] bridge0: entered promiscuous mode
[  263.935158][T13499] bridge0: entered allmulticast mode
[  263.952107][T13499] team0: Port device bridge0 added
[  263.998954][T13501] dummy0: entered promiscuous mode
[  264.022518][T13501] dummy0: left promiscuous mode
[  264.279216][T13516] netlink: 'syz.1.2581': attribute type 19 has an invalid length.
[  264.348581][T13492] lo speed is unknown, defaulting to 1000
[  264.430188][T13523] __nla_validate_parse: 8 callbacks suppressed
[  264.430209][T13523] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2583'.
[  264.466204][T13523] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2583'.
[  264.478326][T13523] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2583'.
[  264.488329][T13527] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2584'.
[  264.494771][T13523] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2583'.
[  264.995461][T13556] netlink: 'syz.0.2595': attribute type 10 has an invalid length.
[  265.104233][T13560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2594'.
[  265.400633][T13572] xt_ecn: cannot match TCP bits for non-tcp packets
[  265.704250][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2605'.
[  265.817738][T13590] netlink: 'syz.2.2607': attribute type 10 has an invalid length.
[  265.838472][T13590] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2607'.
[  265.866274][T13590] FAULT_INJECTION: forcing a failure.
[  265.866274][T13590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.894872][T13590] CPU: 0 UID: 0 PID: 13590 Comm: syz.2.2607 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  265.905996][T13590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  265.916180][T13590] Call Trace:
[  265.919493][T13590]  <TASK>
[  265.922445][T13590]  dump_stack_lvl+0x241/0x360
[  265.927198][T13590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.932535][T13590]  ? __pfx__printk+0x10/0x10
[  265.937165][T13590]  ? __pfx_lock_release+0x10/0x10
[  265.942232][T13590]  should_fail_ex+0x3b0/0x4e0
[  265.946962][T13590]  _copy_from_iter+0x1e9/0x1c20
[  265.951851][T13590]  ? __virt_addr_valid+0x183/0x530
[  265.957006][T13590]  ? aa_label_sk_perm+0x4f3/0x6c0
[  265.962084][T13590]  ? __pfx__copy_from_iter+0x10/0x10
[  265.967751][T13590]  ? __virt_addr_valid+0x183/0x530
[  265.972886][T13590]  ? __virt_addr_valid+0x183/0x530
[  265.978019][T13590]  ? __virt_addr_valid+0x45f/0x530
[  265.983165][T13590]  ? __phys_addr_symbol+0x2f/0x70
[  265.988213][T13590]  ? __check_object_size+0x47a/0x730
[  265.993531][T13590]  memcpy_from_msg+0x46/0x90
[  265.998158][T13590]  isotp_sendmsg+0x893/0x18b0
[  266.002876][T13590]  ? __pfx_isotp_sendmsg+0x10/0x10
[  266.008088][T13590]  ? aa_sk_perm+0x96d/0xab0
[  266.012727][T13590]  ? __pfx_aa_sk_perm+0x10/0x10
[  266.017618][T13590]  ? __pfx_lock_release+0x10/0x10
[  266.022690][T13590]  ? __import_iovec+0x590/0x870
[  266.027586][T13590]  ? aa_sock_msg_perm+0x91/0x160
[  266.032566][T13590]  ? __pfx_isotp_sendmsg+0x10/0x10
[  266.037800][T13590]  __sock_sendmsg+0x221/0x270
[  266.042510][T13590]  ____sys_sendmsg+0x52a/0x7e0
[  266.047333][T13590]  ? __pfx_____sys_sendmsg+0x10/0x10
[  266.052649][T13590]  ? __fget_files+0x2a/0x410
[  266.057311][T13590]  ? __fget_files+0x2a/0x410
[  266.061938][T13590]  __sys_sendmmsg+0x36a/0x720
[  266.066651][T13590]  ? __pfx___sys_sendmmsg+0x10/0x10
[  266.071896][T13590]  ? __pfx_lock_release+0x10/0x10
[  266.076956][T13590]  ? kstrtouint_from_user+0x128/0x190
[  266.082388][T13590]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  266.088415][T13590]  ? ksys_write+0x22a/0x2b0
[  266.092944][T13590]  ? __pfx_lock_release+0x10/0x10
[  266.098005][T13590]  ? vfs_write+0x730/0xd30
[  266.102448][T13590]  ? __mutex_unlock_slowpath+0x21e/0x790
[  266.108142][T13590]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  266.114128][T13590]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  266.120455][T13590]  ? do_syscall_64+0x100/0x230
[  266.125221][T13590]  __x64_sys_sendmmsg+0xa0/0xb0
[  266.130074][T13590]  do_syscall_64+0xf3/0x230
[  266.134574][T13590]  ? clear_bhb_loop+0x35/0x90
[  266.139252][T13590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.145157][T13590] RIP: 0033:0x7f5528185d29
[  266.149568][T13590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.169526][T13590] RSP: 002b:00007f5528fbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  266.177940][T13590] RAX: ffffffffffffffda RBX: 00007f5528375fa0 RCX: 00007f5528185d29
[  266.185904][T13590] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004
[  266.193866][T13590] RBP: 00007f5528fbf090 R08: 0000000000000000 R09: 0000000000000000
[  266.201864][T13590] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  266.209851][T13590] R13: 0000000000000000 R14: 00007f5528375fa0 R15: 00007fffc4179cf8
[  266.217836][T13590]  </TASK>
[  266.356320][T13602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2612'.
[  266.552433][T13607] syzkaller0: entered promiscuous mode
[  266.560714][T13607] syzkaller0: entered allmulticast mode
[  266.626480][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2616'.
[  269.435387][T13704] __nla_validate_parse: 7 callbacks suppressed
[  269.435408][T13704] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2650'.
[  269.520012][T13710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2653'.
[  269.682125][T13718] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2657'.
[  269.729873][T13720] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2658'.
[  269.881603][T13731] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  269.885798][T13732] netlink: 'syz.3.2662': attribute type 1 has an invalid length.
[  269.915305][T13732] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2662'.
[  269.954016][T13731] xt_recent: Unsupported userspace flags (00000042)
[  270.143232][T13750] Cannot find del_set index 3 as target
[  270.354275][T13762] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2673'.
[  270.376043][T13765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2674'.
[  270.594985][T13783] netlink: 'syz.0.2682': attribute type 30 has an invalid length.
[  270.698816][T13789] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2684'.
[  270.725556][T13789] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2684'.
[  271.035870][T13808] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2690'.
[  271.336230][T13827] tc_dump_action: action bad kind
[  271.349159][T13827] netlink: 'syz.4.2696': attribute type 10 has an invalid length.
[  271.391848][T13830] netlink: 'syz.3.2698': attribute type 10 has an invalid length.
[  271.979350][T13868] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  272.119881][T13875] lo speed is unknown, defaulting to 1000
[  272.273300][T13880] netlink: 'syz.1.2714': attribute type 7 has an invalid length.
[  272.294478][T13880] netlink: 'syz.1.2714': attribute type 8 has an invalid length.
[  272.318021][T13880] erspan0: entered promiscuous mode
[  272.332072][T13880] batadv_slave_1: entered promiscuous mode
[  272.345796][T13880] gretap0: entered promiscuous mode
[  272.355512][T13880] debugfs: Directory 'hsr2' with parent 'hsr' already present!
[  272.374496][T13880] Cannot create hsr debugfs directory
[  272.381292][T13880] hsr2: Slave A (erspan0) is not up; please bring it up to get a fully working HSR network
[  272.404629][T13880] hsr2: Slave B (batadv_slave_1) is not up; please bring it up to get a fully working HSR network
[  272.424634][T13880] hsr2: Interlink (gretap0) is not up; please bring it up to get a fully working HSR network
[  272.631813][T13889] FAULT_INJECTION: forcing a failure.
[  272.631813][T13889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.674949][T13889] CPU: 0 UID: 0 PID: 13889 Comm: syz.0.2717 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  272.685776][T13889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  272.695900][T13889] Call Trace:
[  272.699209][T13889]  <TASK>
[  272.702192][T13889]  dump_stack_lvl+0x241/0x360
[  272.707000][T13889]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.712327][T13889]  ? __pfx__printk+0x10/0x10
[  272.716955][T13889]  ? __pfx_lock_release+0x10/0x10
[  272.722106][T13889]  should_fail_ex+0x3b0/0x4e0
[  272.726819][T13889]  _copy_from_iter+0x424/0x1c20
[  272.731711][T13889]  ? __pfx__copy_from_iter+0x10/0x10
[  272.737024][T13889]  ? __virt_addr_valid+0x183/0x530
[  272.742143][T13889]  ? __virt_addr_valid+0x183/0x530
[  272.747251][T13889]  ? __virt_addr_valid+0x45f/0x530
[  272.752389][T13889]  ? __phys_addr_symbol+0x2f/0x70
[  272.757408][T13889]  ? __check_object_size+0x47a/0x730
[  272.762779][T13889]  nfc_llcp_send_ui_frame+0x16d/0x670
[  272.768155][T13889]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  272.773884][T13889]  ? do_raw_spin_unlock+0x13c/0x8b0
[  272.779082][T13889]  ? __pfx_nfc_llcp_send_ui_frame+0x10/0x10
[  272.784981][T13889]  ? llcp_sock_sendmsg+0x237/0x3b0
[  272.790099][T13889]  ? __pfx_llcp_sock_sendmsg+0x10/0x10
[  272.795557][T13889]  __sock_sendmsg+0x221/0x270
[  272.800237][T13889]  ____sys_sendmsg+0x52a/0x7e0
[  272.805008][T13889]  ? __pfx_____sys_sendmsg+0x10/0x10
[  272.810312][T13889]  ? __fget_files+0x2a/0x410
[  272.814907][T13889]  ? __fget_files+0x2a/0x410
[  272.819501][T13889]  __sys_sendmmsg+0x36a/0x720
[  272.824180][T13889]  ? __pfx___sys_sendmmsg+0x10/0x10
[  272.829383][T13889]  ? __pfx_lock_release+0x10/0x10
[  272.834420][T13889]  ? kstrtouint_from_user+0x128/0x190
[  272.839815][T13889]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  272.845709][T13889]  ? ksys_write+0x22a/0x2b0
[  272.850216][T13889]  ? __pfx_lock_release+0x10/0x10
[  272.855386][T13889]  ? vfs_write+0x730/0xd30
[  272.859840][T13889]  ? __mutex_unlock_slowpath+0x21e/0x790
[  272.865501][T13889]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  272.871484][T13889]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  272.877812][T13889]  ? do_syscall_64+0x100/0x230
[  272.882575][T13889]  __x64_sys_sendmmsg+0xa0/0xb0
[  272.887434][T13889]  do_syscall_64+0xf3/0x230
[  272.891939][T13889]  ? clear_bhb_loop+0x35/0x90
[  272.896617][T13889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.902508][T13889] RIP: 0033:0x7fe0c4985d29
[  272.906922][T13889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.926529][T13889] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  272.935031][T13889] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  272.942998][T13889] RDX: 0000000000000002 RSI: 0000000020000b00 RDI: 0000000000000004
[  272.950988][T13889] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  272.959050][T13889] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  272.967014][T13889] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  272.975192][T13889]  </TASK>
[  273.793031][T13929] syzkaller0: entered promiscuous mode
[  273.799404][T13929] syzkaller0: entered allmulticast mode
[  273.981109][T13946] netlink: 'syz.1.2734': attribute type 10 has an invalid length.
[  276.248583][ T5142] Bluetooth: hci4: command 0x0401 tx timeout
[  276.801367][T13994] __nla_validate_parse: 14 callbacks suppressed
[  276.801388][T13994] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2751'.
[  276.898977][T14001] tipc: Enabling of bearer <Þ|i³:æ> rejected, media not registered
[  277.012069][T14004] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2755'.
[  277.290792][T14027] netlink: 'syz.4.2762': attribute type 1 has an invalid length.
[  277.301669][T14027] netlink: 1292 bytes leftover after parsing attributes in process `syz.4.2762'.
[  277.381694][T14037] netlink: 'syz.3.2765': attribute type 1 has an invalid length.
[  277.547049][T14046] netlink: 356 bytes leftover after parsing attributes in process `syz.3.2768'.
[  277.877672][T14064] Cannot find del_set index 3 as target
[  277.884149][T14066] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2778'.
[  277.902035][T14066] netlink: 'syz.2.2778': attribute type 3 has an invalid length.
[  278.175171][T14078] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2771'.
[  278.184550][T14078] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2771'.
[  278.195931][T14078] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2771'.
[  278.219158][T14078] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2771'.
[  278.397792][T14099] bridge6: entered promiscuous mode
[  278.414540][T14099] bridge6: entered allmulticast mode
[  278.431518][T14099] team0: Port device bridge6 added
[  278.448619][T14101] netlink: 'syz.3.2790': attribute type 10 has an invalid length.
[  279.118676][T14152] netlink: 'syz.1.2806': attribute type 10 has an invalid length.
[  279.153909][T14152] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  279.218414][T14155] syzkaller0: entered promiscuous mode
[  279.226595][T14155] syzkaller0: entered allmulticast mode
[  279.379973][T14163] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2810'.
[  279.932397][ T5142] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  279.954146][ T5142] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  279.977450][ T5142] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  280.009403][ T5142] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  280.026202][ T5142] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  280.034717][ T5142] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  281.419954][T14182] lo speed is unknown, defaulting to 1000
[  281.688483][T14182] chnl_net:caif_netlink_parms(): no params data found
[  281.852796][T14212] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2821'.
[  281.878828][T14212] netlink: 'syz.3.2821': attribute type 7 has an invalid length.
[  281.896282][T14212] netlink: 'syz.3.2821': attribute type 8 has an invalid length.
[  281.916451][T14212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2821'.
[  281.942546][T14182] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.950754][T14182] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.961005][T14182] bridge_slave_0: entered allmulticast mode
[  281.968395][T14182] bridge_slave_0: entered promiscuous mode
[  281.988883][T14182] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.998633][T14182] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.006891][T14182] bridge_slave_1: entered allmulticast mode
[  282.014259][T14182] bridge_slave_1: entered promiscuous mode
[  282.067864][T14222] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2825'.
[  282.082466][T14182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.092102][ T5848] Bluetooth: hci5: command tx timeout
[  282.123139][T14182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.266839][T14224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2826'.
[  282.290128][T14228] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2828'.
[  282.292588][T14182] team0: Port device team_slave_0 added
[  282.322858][T14182] team0: Port device team_slave_1 added
[  282.352949][T14228] bridge3: entered promiscuous mode
[  282.364684][T14228] macsec2: entered promiscuous mode
[  282.370343][T14228] macsec2: entered allmulticast mode
[  282.379952][T14228] bridge3: entered allmulticast mode
[  282.398671][T14228] bridge3: port 1(macsec2) entered blocking state
[  282.433292][T14228] bridge3: port 1(macsec2) entered disabled state
[  282.458069][T14228] bridge3: left allmulticast mode
[  282.463495][T14228] bridge3: left promiscuous mode
[  282.580681][T14233] syzkaller0: entered promiscuous mode
[  282.596327][T14233] syzkaller0: entered allmulticast mode
[  282.606990][T14244] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2833'.
[  282.627377][T14244] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2833'.
[  282.641180][T14182] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.650927][T14182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.680635][T14182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  284.051542][T14250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2835'.
[  284.172527][ T5848] Bluetooth: hci5: command tx timeout
[  284.189786][T14252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2835'.
[  284.966718][T14244] team0: entered promiscuous mode
[  284.974153][T14244] team0: left promiscuous mode
[  284.982335][T14182] batman_adv: batadv0: Adding interface: batadv_slave_1
[  284.989796][T14182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.017154][T14182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.163783][T14182] hsr_slave_0: entered promiscuous mode
[  285.177841][T14182] hsr_slave_1: entered promiscuous mode
[  285.204726][T14182] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  285.212360][T14182] Cannot create hsr debugfs directory
[  285.394788][T14271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2843'.
[  285.405777][T14269] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  285.680420][T14283] bridge4: entered promiscuous mode
[  285.688744][T14283] bridge4: entered allmulticast mode
[  285.707009][T14283] team0: Port device bridge4 added
[  285.713041][T14287] netlink: 'syz.3.2849': attribute type 11 has an invalid length.
[  285.752666][T14284] netlink: 'syz.2.2846': attribute type 39 has an invalid length.
[  286.035499][T14307] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  286.058029][T14182] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  286.080549][T14182] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  286.093822][T14182] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  286.105607][T14182] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  286.230107][T14182] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.245467][ T5848] Bluetooth: hci5: command tx timeout
[  286.263397][T14182] 8021q: adding VLAN 0 to HW filter on device team0
[  286.272239][T14318] netlink: 'syz.2.2860': attribute type 10 has an invalid length.
[  286.282613][ T8357] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.289758][ T8357] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.321907][ T8357] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.329079][ T8357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  286.420123][T14182] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  286.808539][T14182] 8021q: adding VLAN 0 to HW filter on device batadv0
[  286.887198][T14358] smc: net device bond0 applied user defined pnetid SYZ0
[  286.891059][T14355] __nla_validate_parse: 7 callbacks suppressed
[  286.891080][T14355] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2872'.
[  286.905339][T14359] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2871'.
[  286.919959][T14358] smc: net device bond0 erased user defined pnetid SYZ0
[  287.058797][T14366] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-105)
[  287.096206][T14368] netlink: 'syz.2.2874': attribute type 10 has an invalid length.
[  287.107733][T14368] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2874'.
[  287.247603][T14182] veth0_vlan: entered promiscuous mode
[  287.259599][T14182] veth1_vlan: entered promiscuous mode
[  287.281429][T14182] veth0_macvtap: entered promiscuous mode
[  287.292058][T14378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'.
[  287.292464][T14182] veth1_macvtap: entered promiscuous mode
[  287.325865][T14182] batman_adv: batadv0: Interface activated: batadv_slave_0
[  287.337147][T14182] batman_adv: batadv0: Interface activated: batadv_slave_1
[  287.393206][T14182] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  287.402230][T14182] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  287.411203][T14182] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  287.420131][T14182] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  287.450462][T14388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2882'.
[  287.460632][T14382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2878'.
[  287.519805][T14388] bond0: (slave bridge0): Releasing backup interface
[  287.647488][T14396] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2885'.
[  287.669091][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  287.705513][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  287.783796][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  287.794738][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  287.879539][T14403] syzkaller0: entered promiscuous mode
[  287.885344][T14403] syzkaller0: entered allmulticast mode
[  288.028622][T14414] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2892'.
[  288.059351][T14414] netlink: 'syz.3.2892': attribute type 7 has an invalid length.
[  288.077936][T14414] netlink: 'syz.3.2892': attribute type 8 has an invalid length.
[  288.085048][ T5848] Bluetooth: hci0: command 0x0406 tx timeout
[  288.096519][T14414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2892'.
[  288.148166][T14420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2895'.
[  288.162141][T14421] netlink: 'syz.4.2894': attribute type 2 has an invalid length.
[  288.331861][ T5848] Bluetooth: hci5: command tx timeout
[  290.066760][T14442] FAULT_INJECTION: forcing a failure.
[  290.066760][T14442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.124496][T14442] CPU: 1 UID: 0 PID: 14442 Comm: syz.0.2901 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  290.135322][T14442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  290.145405][T14442] Call Trace:
[  290.148717][T14442]  <TASK>
[  290.151669][T14442]  dump_stack_lvl+0x241/0x360
[  290.156383][T14442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.161705][T14442]  ? __pfx__printk+0x10/0x10
[  290.166432][T14442]  ? __pfx_lock_release+0x10/0x10
[  290.171509][T14442]  should_fail_ex+0x3b0/0x4e0
[  290.176229][T14442]  _copy_from_user+0x2f/0xc0
[  290.180903][T14442]  copy_msghdr_from_user+0xae/0x680
[  290.186147][T14442]  ? __pfx___might_resched+0x10/0x10
[  290.191469][T14442]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  290.197327][T14442]  ? __fget_files+0x2a/0x410
[  290.201986][T14442]  ? __sys_sendmmsg+0x392/0x720
[  290.206883][T14442]  ? __might_fault+0xaa/0x120
[  290.211603][T14442]  __sys_sendmmsg+0x32b/0x720
[  290.216332][T14442]  ? __pfx___sys_sendmmsg+0x10/0x10
[  290.221570][T14442]  ? __pfx_lock_release+0x10/0x10
[  290.226618][T14442]  ? kstrtouint_from_user+0x128/0x190
[  290.232037][T14442]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  290.238140][T14442]  ? ksys_write+0x22a/0x2b0
[  290.242673][T14442]  ? __pfx_lock_release+0x10/0x10
[  290.247731][T14442]  ? vfs_write+0x730/0xd30
[  290.252173][T14442]  ? __mutex_unlock_slowpath+0x21e/0x790
[  290.257866][T14442]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  290.263907][T14442]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  290.270285][T14442]  ? do_syscall_64+0x100/0x230
[  290.275179][T14442]  __x64_sys_sendmmsg+0xa0/0xb0
[  290.280059][T14442]  do_syscall_64+0xf3/0x230
[  290.284591][T14442]  ? clear_bhb_loop+0x35/0x90
[  290.289297][T14442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.295326][T14442] RIP: 0033:0x7fe0c4985d29
[  290.299763][T14442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.319832][T14442] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  290.328298][T14442] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  290.336305][T14442] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  290.344302][T14442] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  290.352321][T14442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  290.360417][T14442] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  290.368449][T14442]  </TASK>
[  290.404590][ T5848] Bluetooth: hci5: command tx timeout
[  291.093678][T14484] syzkaller0: entered promiscuous mode
[  291.127851][T14484] syzkaller0: entered allmulticast mode
[  292.866400][T14549] netlink: 'syz.0.2938': attribute type 6 has an invalid length.
[  292.883427][T14549] __nla_validate_parse: 4 callbacks suppressed
[  292.883451][T14549] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2938'.
[  293.667862][T14555] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2939'.
[  293.681013][T14555] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2939'.
[  293.732587][T14555] team0: entered promiscuous mode
[  293.744560][T14555] team_slave_0: entered promiscuous mode
[  293.750396][T14555] team_slave_1: entered promiscuous mode
[  293.871212][T14555] team0: left promiscuous mode
[  293.876139][T14555] team_slave_0: left promiscuous mode
[  293.881837][T14555] team_slave_1: left promiscuous mode
[  294.301140][T14596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2955'.
[  294.332513][T14597] vlan2: entered promiscuous mode
[  294.343714][T14597] vlan2: entered allmulticast mode
[  294.643416][T14615] bridge0: port 3(vlan3) entered blocking state
[  294.650257][T14615] bridge0: port 3(vlan3) entered disabled state
[  294.657139][T14615] vlan3: entered allmulticast mode
[  294.662590][T14615] bond0: entered allmulticast mode
[  294.668054][T14615] bond_slave_0: entered allmulticast mode
[  294.674078][T14615] bond_slave_1: entered allmulticast mode
[  294.682188][T14615] vlan3: entered promiscuous mode
[  294.692609][T14615] bond0: entered promiscuous mode
[  294.712063][T14615] bond_slave_0: entered promiscuous mode
[  294.749293][T14615] bond_slave_1: entered promiscuous mode
[  294.772045][T14615] bridge0: port 3(vlan3) entered blocking state
[  294.778659][T14615] bridge0: port 3(vlan3) entered forwarding state
[  294.792310][ T5142] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  294.802573][ T5142] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  294.833540][ T5142] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  294.864034][ T5142] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  294.876763][ T5142] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  294.886016][ T5142] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  294.972106][T14617] lo speed is unknown, defaulting to 1000
[  295.209181][T14637] bridge0: entered promiscuous mode
[  295.215391][T14637] bridge0: entered allmulticast mode
[  295.225982][T14637] team0: Port device bridge0 added
[  295.278906][T14642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2969'.
[  295.322934][T14617] chnl_net:caif_netlink_parms(): no params data found
[  295.511864][T14655] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2974'.
[  295.542742][T14617] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.563177][T14617] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.570997][T14617] bridge_slave_0: entered allmulticast mode
[  295.578112][T14617] bridge_slave_0: entered promiscuous mode
[  295.586419][T14617] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.594756][T14617] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.602054][T14617] bridge_slave_1: entered allmulticast mode
[  295.610315][T14617] bridge_slave_1: entered promiscuous mode
[  295.688398][T14617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.706401][T14617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.753905][T14669] netlink: 'syz.3.2980': attribute type 10 has an invalid length.
[  295.763317][T14665] x_tables: unsorted entry at hook 2
[  295.837796][T14617] team0: Port device team_slave_0 added
[  295.847228][T14617] team0: Port device team_slave_1 added
[  295.919034][T14617] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.926633][T14617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.953956][T14617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.970636][T14617] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.977690][T14617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.004436][T14617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.082752][T14617] hsr_slave_0: entered promiscuous mode
[  296.096366][T14617] hsr_slave_1: entered promiscuous mode
[  296.106656][T14617] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  296.114270][T14617] Cannot create hsr debugfs directory
[  296.431651][T14703] netlink: 'syz.1.2992': attribute type 5 has an invalid length.
[  296.443374][T14617] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.445172][T14703] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2992'.
[  296.487449][T14708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2991'.
[  296.633364][T14617] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.750296][T14617] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.897908][T14617] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  296.953264][T14734] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3003'.
[  296.957658][T14736] Cannot find del_set index 3 as target
[  296.963414][T14734] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3003'.
[  296.978998][ T5142] Bluetooth: hci4: command tx timeout
[  297.091816][T14617] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  297.105067][T14617] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  297.118075][T14617] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  297.130594][T14617] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  297.239164][T14617] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.288053][T14617] 8021q: adding VLAN 0 to HW filter on device team0
[  297.308860][ T6594] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.316151][ T6594] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.341757][ T6594] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.348976][ T6594] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.403671][T14752] FAULT_INJECTION: forcing a failure.
[  297.403671][T14752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.408081][T14748] syzkaller0: entered promiscuous mode
[  297.422684][T14748] syzkaller0: entered allmulticast mode
[  297.451238][T14752] CPU: 0 UID: 0 PID: 14752 Comm: syz.3.3009 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  297.462091][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  297.472358][T14752] Call Trace:
[  297.475755][T14752]  <TASK>
[  297.478801][T14752]  dump_stack_lvl+0x241/0x360
[  297.483530][T14752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.488864][T14752]  ? __pfx__printk+0x10/0x10
[  297.493511][T14752]  ? __pfx_lock_release+0x10/0x10
[  297.498668][T14752]  should_fail_ex+0x3b0/0x4e0
[  297.503532][T14752]  _copy_from_user+0x2f/0xc0
[  297.508142][T14752]  copy_msghdr_from_user+0xae/0x680
[  297.513353][T14752]  ? __pfx___might_resched+0x10/0x10
[  297.518642][T14752]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  297.524454][T14752]  ? __fget_files+0x2a/0x410
[  297.529048][T14752]  ? __sys_sendmmsg+0x392/0x720
[  297.533908][T14752]  ? __might_fault+0xaa/0x120
[  297.538584][T14752]  __sys_sendmmsg+0x32b/0x720
[  297.543270][T14752]  ? __pfx___sys_sendmmsg+0x10/0x10
[  297.548471][T14752]  ? __pfx_lock_release+0x10/0x10
[  297.553491][T14752]  ? kstrtouint_from_user+0x128/0x190
[  297.558970][T14752]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  297.564893][T14752]  ? ksys_write+0x22a/0x2b0
[  297.569393][T14752]  ? __pfx_lock_release+0x10/0x10
[  297.574419][T14752]  ? vfs_write+0x730/0xd30
[  297.578832][T14752]  ? __mutex_unlock_slowpath+0x21e/0x790
[  297.584491][T14752]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  297.590484][T14752]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  297.596837][T14752]  ? do_syscall_64+0x100/0x230
[  297.601603][T14752]  __x64_sys_sendmmsg+0xa0/0xb0
[  297.606454][T14752]  do_syscall_64+0xf3/0x230
[  297.610960][T14752]  ? clear_bhb_loop+0x35/0x90
[  297.615638][T14752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.621623][T14752] RIP: 0033:0x7f18fe185d29
[  297.626032][T14752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.645716][T14752] RSP: 002b:00007f18fbff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  297.654406][T14752] RAX: ffffffffffffffda RBX: 00007f18fe375fa0 RCX: 00007f18fe185d29
[  297.662383][T14752] RDX: 0000000000000002 RSI: 0000000020000b00 RDI: 0000000000000004
[  297.670347][T14752] RBP: 00007f18fbff6090 R08: 0000000000000000 R09: 0000000000000000
[  297.678310][T14752] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  297.686367][T14752] R13: 0000000000000000 R14: 00007f18fe375fa0 R15: 00007ffc13eac9d8
[  297.694433][T14752]  </TASK>
[  297.816653][T14760] netlink: 'syz.3.3011': attribute type 10 has an invalid length.
[  297.899963][T14765] __nla_validate_parse: 5 callbacks suppressed
[  297.899982][T14765] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3014'.
[  298.794703][T14773] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3015'.
[  299.044949][ T5142] Bluetooth: hci4: command tx timeout
[  299.809371][T14617] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.897246][T14617] veth0_vlan: entered promiscuous mode
[  299.929620][T14617] veth1_vlan: entered promiscuous mode
[  299.993607][T14789] netlink: 'syz.0.3021': attribute type 5 has an invalid length.
[  300.003105][T14617] veth0_macvtap: entered promiscuous mode
[  300.030188][T14617] veth1_macvtap: entered promiscuous mode
[  300.071222][T14617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.096693][T14617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.096735][T14791] netlink: 'syz.1.3022': attribute type 11 has an invalid length.
[  300.120042][T14617] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.156746][T14617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.195783][T14617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.215551][T14617] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.231553][T14617] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.240519][T14617] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.249672][T14617] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.258791][T14617] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.302337][T14802] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3026'.
[  300.339054][T14802] ip6gre1: entered allmulticast mode
[  300.477820][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3027'.
[  300.502770][ T8357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.512383][ T8357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.590326][ T6594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.604625][ T6594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.750227][T14826] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3034'.
[  301.124736][ T5848] Bluetooth: hci4: command tx timeout
[  301.537603][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  301.549381][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  301.558785][T14855] ebtables: ebtables: counters copy to user failed while replacing table
[  301.575819][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  301.594634][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  301.606817][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  301.614255][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  301.666234][T14861] lo speed is unknown, defaulting to 1000
[  301.702744][T14871] nbd: must specify at least one socket
[  301.992965][T14882] ebtables: ebtables: counters copy to user failed while replacing table
[  302.182448][T14900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3058'.
[  302.290541][T14906] FAULT_INJECTION: forcing a failure.
[  302.290541][T14906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.336867][T14906] CPU: 0 UID: 0 PID: 14906 Comm: syz.2.3058 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  302.347750][T14906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  302.357829][T14906] Call Trace:
[  302.361141][T14906]  <TASK>
[  302.364199][T14906]  dump_stack_lvl+0x241/0x360
[  302.368927][T14906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.374242][T14906]  ? __pfx__printk+0x10/0x10
[  302.378842][T14906]  ? __pfx_lock_release+0x10/0x10
[  302.383888][T14906]  should_fail_ex+0x3b0/0x4e0
[  302.388728][T14906]  _copy_from_iter+0x1e9/0x1c20
[  302.393605][T14906]  ? __virt_addr_valid+0x183/0x530
[  302.398919][T14906]  ? __pfx__copy_from_iter+0x10/0x10
[  302.404244][T14906]  ? __virt_addr_valid+0x183/0x530
[  302.409392][T14906]  ? __virt_addr_valid+0x183/0x530
[  302.414519][T14906]  ? __virt_addr_valid+0x45f/0x530
[  302.419652][T14906]  ? __phys_addr_symbol+0x2f/0x70
[  302.424676][T14906]  ? __check_object_size+0x47a/0x730
[  302.429965][T14906]  netlink_sendmsg+0x73d/0xcb0
[  302.434743][T14906]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.440029][T14906]  ? aa_sock_msg_perm+0x91/0x160
[  302.444969][T14906]  ? __pfx_netlink_sendmsg+0x10/0x10
[  302.450257][T14906]  __sock_sendmsg+0x221/0x270
[  302.454939][T14906]  ____sys_sendmsg+0x52a/0x7e0
[  302.459793][T14906]  ? __pfx_____sys_sendmsg+0x10/0x10
[  302.465093][T14906]  ? __fget_files+0x2a/0x410
[  302.469719][T14906]  ? __fget_files+0x2a/0x410
[  302.474336][T14906]  __sys_sendmsg+0x269/0x350
[  302.478943][T14906]  ? __pfx_lock_release+0x10/0x10
[  302.484042][T14906]  ? __pfx___sys_sendmsg+0x10/0x10
[  302.489292][T14906]  ? __pfx_vfs_write+0x10/0x10
[  302.494102][T14906]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  302.500457][T14906]  ? do_syscall_64+0x100/0x230
[  302.505249][T14906]  ? do_syscall_64+0xb6/0x230
[  302.509937][T14906]  do_syscall_64+0xf3/0x230
[  302.514441][T14906]  ? clear_bhb_loop+0x35/0x90
[  302.519169][T14906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.525161][T14906] RIP: 0033:0x7fa930f85d29
[  302.529664][T14906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.549357][T14906] RSP: 002b:00007fa931cdd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.557841][T14906] RAX: ffffffffffffffda RBX: 00007fa931176080 RCX: 00007fa930f85d29
[  302.565837][T14906] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  302.574245][T14906] RBP: 00007fa931cdd090 R08: 0000000000000000 R09: 0000000000000000
[  302.582242][T14906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.590332][T14906] R13: 0000000000000001 R14: 00007fa931176080 R15: 00007fff7ed8b798
[  302.598343][T14906]  </TASK>
[  302.669167][T14861] chnl_net:caif_netlink_parms(): no params data found
[  302.865874][T14926] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  302.872352][T14861] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.893667][T14861] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.914120][T14861] bridge_slave_0: entered allmulticast mode
[  302.935869][T14861] bridge_slave_0: entered promiscuous mode
[  302.964930][T14930] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3066'.
[  302.975705][T14861] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.983462][T14861] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.996613][T14861] bridge_slave_1: entered allmulticast mode
[  303.003878][T14861] bridge_slave_1: entered promiscuous mode
[  303.098467][T14861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.129664][T14861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  303.206192][ T5832] Bluetooth: hci4: command 0x0419 tx timeout
[  303.264989][T14943] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3068'.
[  303.312349][T14861] team0: Port device team_slave_0 added
[  303.335026][T14861] team0: Port device team_slave_1 added
[  303.370771][T14945] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3070'.
[  303.417579][T14955] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3072'.
[  303.428767][T14861] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.437718][T14955] netlink: 'syz.2.3072': attribute type 7 has an invalid length.
[  303.446595][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.473707][T14955] netlink: 'syz.2.3072': attribute type 8 has an invalid length.
[  303.482080][T14955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3072'.
[  303.493026][T14861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.510194][T14955] erspan0: entered promiscuous mode
[  303.517243][T14955] batadv_slave_1: entered promiscuous mode
[  303.527726][T14955] gretap0: entered promiscuous mode
[  303.533531][T14955] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  303.541512][T14955] Cannot create hsr debugfs directory
[  303.548065][T14957] FAULT_INJECTION: forcing a failure.
[  303.548065][T14957] name failslab, interval 1, probability 0, space 0, times 0
[  303.561087][T14957] CPU: 1 UID: 0 PID: 14957 Comm: syz.0.3073 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  303.571903][T14957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  303.582043][T14957] Call Trace:
[  303.585344][T14957]  <TASK>
[  303.588286][T14957]  dump_stack_lvl+0x241/0x360
[  303.592988][T14957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.598222][T14957]  ? __pfx__printk+0x10/0x10
[  303.603100][T14957]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  303.609556][T14957]  ? __pfx___might_resched+0x10/0x10
[  303.614897][T14957]  should_fail_ex+0x3b0/0x4e0
[  303.619620][T14957]  should_failslab+0xac/0x100
[  303.624505][T14957]  __kmalloc_node_noprof+0xe1/0x4d0
[  303.629865][T14957]  ? __kvmalloc_node_noprof+0x72/0x190
[  303.635643][T14957]  ? __raw_spin_lock_init+0x45/0x100
[  303.642239][T14957]  __kvmalloc_node_noprof+0x72/0x190
[  303.648418][T14957]  alloc_netdev_mqs+0x8d4/0x1080
[  303.653894][T14957]  ieee802154_if_add+0x11a/0x1160
[  303.658973][T14957]  ? __mutex_lock+0x5ef/0xee0
[  303.663877][T14957]  ? __pfx_ieee802154_if_add+0x10/0x10
[  303.669467][T14957]  ? __pfx___mutex_lock+0x10/0x10
[  303.675836][T14957]  ? genlmsg_put+0x145/0x2e0
[  303.680571][T14957]  ieee802154_add_iface_deprecated+0x44/0x70
[  303.687019][T14957]  ieee802154_add_iface+0x431/0x7d0
[  303.693686][T14957]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  303.700639][T14957]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  303.707278][T14957]  genl_rcv_msg+0xb14/0xec0
[  303.712537][T14957]  ? __pfx_genl_rcv_msg+0x10/0x10
[  303.718061][T14957]  ? __pfx_lock_acquire+0x10/0x10
[  303.723453][T14957]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  303.729201][T14957]  ? __pfx___might_resched+0x10/0x10
[  303.734512][T14957]  netlink_rcv_skb+0x1e3/0x430
[  303.739308][T14957]  ? __pfx_genl_rcv_msg+0x10/0x10
[  303.744342][T14957]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  303.749655][T14957]  genl_rcv+0x28/0x40
[  303.753640][T14957]  netlink_unicast+0x7f6/0x990
[  303.758522][T14957]  ? __pfx_netlink_unicast+0x10/0x10
[  303.763907][T14957]  ? __virt_addr_valid+0x45f/0x530
[  303.769160][T14957]  ? __phys_addr_symbol+0x2f/0x70
[  303.774274][T14957]  ? __check_object_size+0x47a/0x730
[  303.779589][T14957]  netlink_sendmsg+0x8e4/0xcb0
[  303.784397][T14957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  303.789704][T14957]  ? aa_sock_msg_perm+0x91/0x160
[  303.794661][T14957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  303.799947][T14957]  __sock_sendmsg+0x221/0x270
[  303.804635][T14957]  ____sys_sendmsg+0x52a/0x7e0
[  303.809406][T14957]  ? __pfx_____sys_sendmsg+0x10/0x10
[  303.814733][T14957]  ? __fget_files+0x2a/0x410
[  303.819343][T14957]  ? __fget_files+0x2a/0x410
[  303.823941][T14957]  __sys_sendmsg+0x269/0x350
[  303.828566][T14957]  ? __pfx_lock_release+0x10/0x10
[  303.833599][T14957]  ? __pfx___sys_sendmsg+0x10/0x10
[  303.838753][T14957]  ? __pfx_vfs_write+0x10/0x10
[  303.843544][T14957]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  303.849880][T14957]  ? do_syscall_64+0x100/0x230
[  303.854653][T14957]  ? do_syscall_64+0xb6/0x230
[  303.859348][T14957]  do_syscall_64+0xf3/0x230
[  303.863850][T14957]  ? clear_bhb_loop+0x35/0x90
[  303.868547][T14957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.874458][T14957] RIP: 0033:0x7fe0c4985d29
[  303.878912][T14957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.898693][T14957] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  303.907114][T14957] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  303.915096][T14957] RDX: 0000000000000800 RSI: 0000000020001f40 RDI: 0000000000000004
[  303.923067][T14957] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  303.931050][T14957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  303.939058][T14957] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  303.947133][T14957]  </TASK>
[  303.971582][ T5142] Bluetooth: hci1: command tx timeout
[  304.005234][T14861] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.022639][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.062670][T14962] FAULT_INJECTION: forcing a failure.
[  304.062670][T14962] name failslab, interval 1, probability 0, space 0, times 0
[  304.089153][T14962] CPU: 0 UID: 0 PID: 14962 Comm: syz.2.3075 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  304.100071][T14962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  304.110165][T14962] Call Trace:
[  304.113478][T14962]  <TASK>
[  304.116456][T14962]  dump_stack_lvl+0x241/0x360
[  304.121369][T14962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  304.126619][T14962]  ? __pfx__printk+0x10/0x10
[  304.131336][T14962]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  304.137445][T14962]  ? __pfx___might_resched+0x10/0x10
[  304.142765][T14962]  ? unwind_get_return_address+0x4d/0x90
[  304.144898][T14861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  304.148543][T14962]  should_fail_ex+0x3b0/0x4e0
[  304.148582][T14962]  should_failslab+0xac/0x100
[  304.148608][T14962]  kmem_cache_alloc_node_noprof+0x77/0x380
[  304.174614][T14962]  ? __alloc_skb+0x1c3/0x440
[  304.179251][T14962]  ? validate_chain+0x11e/0x5920
[  304.184238][T14962]  __alloc_skb+0x1c3/0x440
[  304.188699][T14962]  ? __pfx___alloc_skb+0x10/0x10
[  304.193673][T14962]  ? kasan_save_track+0x51/0x80
[  304.198567][T14962]  ? kasan_save_free_info+0x40/0x50
[  304.203895][T14962]  ? __kasan_slab_free+0x59/0x70
[  304.208959][T14962]  ? kmem_cache_free+0x195/0x410
[  304.214025][T14962]  ? unix_dgram_sendmsg+0x736/0x1e00
[  304.219350][T14962]  ? __sock_sendmsg+0x221/0x270
[  304.224243][T14962]  ? ____sys_sendmsg+0x52a/0x7e0
[  304.229218][T14962]  alloc_skb_with_frags+0xc3/0x820
[  304.234369][T14962]  ? validate_chain+0x11e/0x5920
[  304.239366][T14962]  sock_alloc_send_pskb+0x91a/0xa60
[  304.240057][T14968] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3079'.
[  304.244685][T14962]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  304.244730][T14962]  unix_dgram_sendmsg+0x5f1/0x1e00
[  304.244767][T14962]  ? aa_sk_perm+0x96d/0xab0
[  304.244796][T14962]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  304.244822][T14962]  ? __import_iovec+0x3a8/0x870
[  304.244846][T14962]  ? aa_sock_msg_perm+0x91/0x160
[  304.244866][T14962]  ? unix_seqpacket_sendmsg+0x110/0x1e0
[  304.244901][T14962]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[  304.244928][T14962]  __sock_sendmsg+0x221/0x270
[  304.244956][T14962]  ____sys_sendmsg+0x52a/0x7e0
[  304.244986][T14962]  ? __pfx_____sys_sendmsg+0x10/0x10
[  304.245004][T14962]  ? __fget_files+0x2a/0x410
[  304.245030][T14962]  ? __sys_sendmmsg+0x392/0x720
[  304.320851][T14962]  ? __might_fault+0xaa/0x120
[  304.325586][T14962]  __sys_sendmmsg+0x36a/0x720
[  304.330449][T14962]  ? __pfx___sys_sendmmsg+0x10/0x10
[  304.336035][T14962]  ? __pfx_lock_release+0x10/0x10
[  304.341161][T14962]  ? kstrtouint_from_user+0x128/0x190
[  304.346589][T14962]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  304.352525][T14962]  ? ksys_write+0x22a/0x2b0
[  304.357072][T14962]  ? __pfx_lock_release+0x10/0x10
[  304.362207][T14962]  ? vfs_write+0x730/0xd30
[  304.366750][T14962]  ? __mutex_unlock_slowpath+0x21e/0x790
[  304.372430][T14962]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  304.378457][T14962]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  304.384849][T14962]  ? do_syscall_64+0x100/0x230
[  304.389749][T14962]  __x64_sys_sendmmsg+0xa0/0xb0
[  304.394626][T14962]  do_syscall_64+0xf3/0x230
[  304.399172][T14962]  ? clear_bhb_loop+0x35/0x90
[  304.403856][T14962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.409890][T14962] RIP: 0033:0x7fa930f85d29
[  304.414510][T14962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.434167][T14962] RSP: 002b:00007fa931cfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  304.442620][T14962] RAX: ffffffffffffffda RBX: 00007fa931175fa0 RCX: 00007fa930f85d29
[  304.450812][T14962] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  304.458961][T14962] RBP: 00007fa931cfe090 R08: 0000000000000000 R09: 0000000000000000
[  304.466992][T14962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  304.474976][T14962] R13: 0000000000000000 R14: 00007fa931175fa0 R15: 00007fff7ed8b798
[  304.482960][T14962]  </TASK>
[  304.597247][T14861] hsr_slave_0: entered promiscuous mode
[  304.608871][T14978] xt_time: unknown flags 0x4
[  304.628953][T14978] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  304.635315][T14861] hsr_slave_1: entered promiscuous mode
[  304.674606][T14861] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  304.696740][T14861] Cannot create hsr debugfs directory
[  304.802340][T14990] veth1_macvtap: left promiscuous mode
[  304.815039][T14985] netlink: 'syz.1.3081': attribute type 10 has an invalid length.
[  304.833157][T14990] macsec0: entered promiscuous mode
[  304.845967][T14990] macsec0: entered allmulticast mode
[  304.915951][T14985] 8021q: adding VLAN 0 to HW filter on device bond0
[  304.935373][T14985] team0: Port device bond0 added
[  304.945180][T14991] veth1_macvtap: entered promiscuous mode
[  304.952057][T14991] veth1_macvtap: entered allmulticast mode
[  304.970212][T14991] macsec0: left promiscuous mode
[  304.983456][T14991] macsec0: left allmulticast mode
[  304.989206][T14991] veth1_macvtap: left allmulticast mode
[  305.284956][ T5142] Bluetooth: hci4: command 0x0419 tx timeout
[  305.296921][T14998] syzkaller0: entered promiscuous mode
[  305.302649][T14998] syzkaller0: entered allmulticast mode
[  305.389857][T14996] syzkaller0: entered promiscuous mode
[  305.407559][T14996] syzkaller0: entered allmulticast mode
[  305.464691][T14861] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.005991][ T5142] Bluetooth: hci1: command tx timeout
[  307.368041][ T5832] Bluetooth: hci4: command 0x0419 tx timeout
[  307.671129][T15028] netlink: 228 bytes leftover after parsing attributes in process `syz.2.3099'.
[  308.088849][ T5142] Bluetooth: hci1: command tx timeout
[  309.233510][T14861] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.378348][T14861] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.519386][T15045] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3105'.
[  309.523587][T14861] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.541123][T15045] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3105'.
[  309.560490][T15040] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3103'.
[  309.576626][T15045] team0: entered promiscuous mode
[  309.591981][T15045] team_slave_0: entered promiscuous mode
[  309.604615][T15045] team_slave_1: entered promiscuous mode
[  309.631211][T15045] team0: left promiscuous mode
[  309.637458][T15045] team_slave_0: left promiscuous mode
[  309.649436][T15045] team_slave_1: left promiscuous mode
[  309.649659][T15047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3106'.
[  309.739563][T15052] syzkaller0: entered promiscuous mode
[  309.745780][T15052] syzkaller0: entered allmulticast mode
[  309.805678][T15047] nbd: socks must be embedded in a SOCK_ITEM attr
[  310.169939][ T5142] Bluetooth: hci1: command tx timeout
[  310.181623][T15072] FAULT_INJECTION: forcing a failure.
[  310.181623][T15072] name failslab, interval 1, probability 0, space 0, times 0
[  310.199599][T15072] CPU: 1 UID: 0 PID: 15072 Comm: syz.0.3115 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  310.210638][T15072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  310.220729][T15072] Call Trace:
[  310.224018][T15072]  <TASK>
[  310.226962][T15072]  dump_stack_lvl+0x241/0x360
[  310.231665][T15072]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.236917][T15072]  ? __pfx__printk+0x10/0x10
[  310.241555][T15072]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  310.247643][T15072]  ? __pfx___might_resched+0x10/0x10
[  310.252980][T15072]  ? validate_chain+0x11e/0x5920
[  310.257969][T15072]  ? __lock_acquire+0x1397/0x2100
[  310.263148][T15072]  should_fail_ex+0x3b0/0x4e0
[  310.267879][T15072]  should_failslab+0xac/0x100
[  310.272600][T15072]  kmem_cache_alloc_node_noprof+0x77/0x380
[  310.278461][T15072]  ? __alloc_skb+0x1c3/0x440
[  310.283068][T15072]  __alloc_skb+0x1c3/0x440
[  310.287693][T15072]  ? validate_chain+0x11e/0x5920
[  310.292646][T15072]  ? __pfx___alloc_skb+0x10/0x10
[  310.297685][T15072]  alloc_skb_with_frags+0xc3/0x820
[  310.302894][T15072]  ? l2cap_sock_alloc_skb_cb+0xe4/0x5b0
[  310.308485][T15072]  ? __pfx_lock_release+0x10/0x10
[  310.313526][T15072]  sock_alloc_send_pskb+0x91a/0xa60
[  310.318809][T15072]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  310.324561][T15072]  l2cap_sock_alloc_skb_cb+0xfc/0x5b0
[  310.329964][T15072]  ? __pfx_l2cap_sock_alloc_skb_cb+0x10/0x10
[  310.335967][T15072]  ? __pfx_l2cap_sock_alloc_skb_cb+0x10/0x10
[  310.341990][T15072]  l2cap_chan_send+0x1d1/0x2690
[  310.346876][T15072]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  310.352893][T15072]  ? l2cap_sock_sendmsg+0x1a4/0x2c0
[  310.358118][T15072]  ? __pfx_l2cap_chan_send+0x10/0x10
[  310.363523][T15072]  ? do_raw_spin_unlock+0x13c/0x8b0
[  310.368871][T15072]  l2cap_sock_sendmsg+0x1b4/0x2c0
[  310.373914][T15072]  ? __pfx_l2cap_sock_sendmsg+0x10/0x10
[  310.379538][T15072]  __sock_sendmsg+0x221/0x270
[  310.384342][T15072]  sock_write_iter+0x2d7/0x3f0
[  310.389138][T15072]  ? __pfx_sock_write_iter+0x10/0x10
[  310.394466][T15072]  do_iter_readv_writev+0x600/0x880
[  310.399703][T15072]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  310.405456][T15072]  ? bpf_lsm_file_permission+0x9/0x10
[  310.410840][T15072]  ? security_file_permission+0x74/0x280
[  310.416568][T15072]  ? rw_verify_area+0x1c3/0x6f0
[  310.421436][T15072]  vfs_writev+0x376/0xba0
[  310.425898][T15072]  ? __pfx_lock_acquire+0x10/0x10
[  310.430984][T15072]  ? __pfx_vfs_writev+0x10/0x10
[  310.435845][T15072]  ? __pfx_vfs_write+0x10/0x10
[  310.440621][T15072]  ? __fget_files+0x2a/0x410
[  310.445269][T15072]  ? __fget_files+0x395/0x410
[  310.449980][T15072]  ? __fget_files+0x2a/0x410
[  310.454706][T15072]  do_writev+0x1b6/0x360
[  310.459046][T15072]  ? __pfx_do_writev+0x10/0x10
[  310.463934][T15072]  ? do_syscall_64+0x100/0x230
[  310.468746][T15072]  ? do_syscall_64+0xb6/0x230
[  310.473446][T15072]  do_syscall_64+0xf3/0x230
[  310.477975][T15072]  ? clear_bhb_loop+0x35/0x90
[  310.482684][T15072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.488593][T15072] RIP: 0033:0x7fe0c4985d29
[  310.493034][T15072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.512653][T15072] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  310.521119][T15072] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  310.529111][T15072] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004
[  310.537110][T15072] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  310.545139][T15072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.553121][T15072] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  310.561151][T15072]  </TASK>
[  310.789550][T15078] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3118'.
[  312.201333][T15056] lo speed is unknown, defaulting to 1000
[  312.243562][T15056] lo speed is unknown, defaulting to 1000
[  312.280064][T15056] lo speed is unknown, defaulting to 1000
[  312.282705][T14861] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  312.290151][T15056] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  312.303957][T14861] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  312.329870][T15056] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  312.379298][T14861] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  312.409614][T14861] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  312.432548][T15084] netlink: 'syz.4.3120': attribute type 10 has an invalid length.
[  312.443551][T15056] lo speed is unknown, defaulting to 1000
[  312.464681][T15056] lo speed is unknown, defaulting to 1000
[  312.472394][T15056] lo speed is unknown, defaulting to 1000
[  312.502248][T15056] lo speed is unknown, defaulting to 1000
[  312.526385][T15056] lo speed is unknown, defaulting to 1000
[  312.558618][T15056] lo speed is unknown, defaulting to 1000
[  312.588726][T14861] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.607277][T14861] 8021q: adding VLAN 0 to HW filter on device team0
[  312.637385][T14861] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  312.648274][T14861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  312.670903][T15056] lo speed is unknown, defaulting to 1000
[  312.682859][ T3499] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.690170][ T3499] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.727512][ T3499] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.734836][ T3499] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.788936][T15056] lo speed is unknown, defaulting to 1000
[  312.829693][T15090] 8021q: adding VLAN 0 to HW filter on device bond2
[  312.970809][T14861] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.126495][T14861] veth0_vlan: entered promiscuous mode
[  313.158467][T14861] veth1_vlan: entered promiscuous mode
[  313.211119][T14861] veth0_macvtap: entered promiscuous mode
[  313.276755][T15115] syzkaller0: entered promiscuous mode
[  313.282263][T15115] syzkaller0: entered allmulticast mode
[  313.296885][T14861] veth1_macvtap: entered promiscuous mode
[  313.626337][T15145] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3136'.
[  313.691051][T15147] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3136'.
[  313.851771][T15155] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3136'.
[  315.493496][T15140] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3136'.
[  315.503114][T15140] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3136'.
[  315.512250][T15140] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3136'.
[  315.586970][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.600644][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.613930][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.638141][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.675992][T14861] batman_adv: batadv0: Interface activated: batadv_slave_0
[  315.696171][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.706859][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.717243][T14861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.728102][T14861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.742680][T14861] batman_adv: batadv0: Interface activated: batadv_slave_1
[  315.755849][T15160] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.790554][T15168] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3146'.
[  315.867112][T15172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3146'.
[  315.884195][T15173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3147'.
[  315.908302][T14861] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  315.919207][T14861] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.929251][T14861] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.939743][T14861] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  316.075520][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.087216][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.130820][ T8357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.149333][ T8357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.450793][T15205] netlink: 'syz.3.3157': attribute type 10 has an invalid length.
[  316.475423][T15205] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.500148][T15205] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  316.539530][T15205] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3157'.
[  316.585306][T15208] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3159'.
[  316.708878][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  316.723659][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  316.754648][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  316.763201][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  316.771935][ T5832] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  316.785047][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  316.835161][T15213] lo speed is unknown, defaulting to 1000
[  317.060998][T15213] lo speed is unknown, defaulting to 1000
[  317.100080][T15228] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3165'.
[  317.232005][T15213] chnl_net:caif_netlink_parms(): no params data found
[  317.509407][T15213] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.527282][T15213] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.536394][T15213] bridge_slave_0: entered allmulticast mode
[  317.544055][T15213] bridge_slave_0: entered promiscuous mode
[  317.563691][T15213] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.571927][T15213] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.579972][T15213] bridge_slave_1: entered allmulticast mode
[  317.587527][T15213] bridge_slave_1: entered promiscuous mode
[  317.693114][T15213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.721706][T15213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.819171][T15213] team0: Port device team_slave_0 added
[  317.845545][T15213] team0: Port device team_slave_1 added
[  317.885087][T15213] batman_adv: batadv0: Adding interface: batadv_slave_0
[  317.892095][T15213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.925919][ T5832] Bluetooth: hci1: command tx timeout
[  317.974625][T15213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  317.988184][T15213] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.995355][T15213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  318.025495][T15213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  318.166193][T15213] hsr_slave_0: entered promiscuous mode
[  318.180832][T15283] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3186'.
[  318.183619][T15213] hsr_slave_1: entered promiscuous mode
[  318.204502][T15213] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  318.212207][T15213] Cannot create hsr debugfs directory
[  318.553950][T15305] FAULT_INJECTION: forcing a failure.
[  318.553950][T15305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  318.579084][T15305] CPU: 1 UID: 0 PID: 15305 Comm: syz.0.3193 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  318.589912][T15305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  318.599996][T15305] Call Trace:
[  318.603308][T15305]  <TASK>
[  318.606253][T15305]  dump_stack_lvl+0x241/0x360
[  318.610961][T15305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.616263][T15305]  ? __pfx__printk+0x10/0x10
[  318.620875][T15305]  ? __pfx_lock_release+0x10/0x10
[  318.625905][T15305]  should_fail_ex+0x3b0/0x4e0
[  318.630577][T15305]  _copy_from_user+0x2f/0xc0
[  318.635186][T15305]  copy_msghdr_from_user+0xae/0x680
[  318.640419][T15305]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  318.646235][T15305]  ? __fget_files+0x2a/0x410
[  318.650837][T15305]  ? __fget_files+0x2a/0x410
[  318.655437][T15305]  __sys_sendmmsg+0x32b/0x720
[  318.660148][T15305]  ? __pfx___sys_sendmmsg+0x10/0x10
[  318.665456][T15305]  ? __pfx_lock_release+0x10/0x10
[  318.670498][T15305]  ? kstrtouint_from_user+0x128/0x190
[  318.675920][T15305]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  318.681850][T15305]  ? ksys_write+0x22a/0x2b0
[  318.686355][T15305]  ? __pfx_lock_release+0x10/0x10
[  318.691409][T15305]  ? vfs_write+0x730/0xd30
[  318.695847][T15305]  ? __mutex_unlock_slowpath+0x21e/0x790
[  318.701517][T15305]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  318.707497][T15305]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  318.713831][T15305]  ? do_syscall_64+0x100/0x230
[  318.718596][T15305]  __x64_sys_sendmmsg+0xa0/0xb0
[  318.723448][T15305]  do_syscall_64+0xf3/0x230
[  318.727947][T15305]  ? clear_bhb_loop+0x35/0x90
[  318.732637][T15305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.738526][T15305] RIP: 0033:0x7fe0c4985d29
[  318.742945][T15305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.762551][T15305] RSP: 002b:00007fe0c5711038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  318.770972][T15305] RAX: ffffffffffffffda RBX: 00007fe0c4b75fa0 RCX: 00007fe0c4985d29
[  318.778941][T15305] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 000000000000000c
[  318.786916][T15305] RBP: 00007fe0c5711090 R08: 0000000000000000 R09: 0000000000000000
[  318.794885][T15305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.802937][T15305] R13: 0000000000000000 R14: 00007fe0c4b75fa0 R15: 00007fff77d17378
[  318.810914][T15305]  </TASK>
[  318.820785][ T5832] Bluetooth: hci3: command tx timeout
[  319.072399][T15324] xt_l2tp: missing protocol rule (udp|l2tpip)
[  319.268505][T15331] vlan2: entered promiscuous mode
[  319.273631][T15331] vlan2: entered allmulticast mode
[  319.329980][T15331] vlan0: entered allmulticast mode
[  319.335784][T15331] veth0_vlan: entered allmulticast mode
[  319.342181][T15331] vlan0: entered promiscuous mode
[  319.356951][T15331] team0: Port device vlan2 added
[  319.575730][T15350] macsec2: entered allmulticast mode
[  319.581220][T15350] macvlan0: entered allmulticast mode
[  319.588419][T15350] ip6gretap0: entered allmulticast mode
[  319.632357][T15350] macvlan0: left allmulticast mode
[  319.638085][T15350] ip6gretap0: left allmulticast mode
[  319.694676][T15213] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  319.707837][T15362] xt_CT: You must specify a L4 protocol and not use inversions on it
[  319.739760][T15349] macsec2: entered allmulticast mode
[  319.746820][T15360] ebtables: ebtables: counters copy to user failed while replacing table
[  319.764592][T15349] macvlan0: entered allmulticast mode
[  319.775587][T15349] ip6gretap0: entered allmulticast mode
[  319.797660][T15349] macvlan0: left allmulticast mode
[  319.813580][T15349] ip6gretap0: left allmulticast mode
[  319.849396][T15213] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  319.885909][T15213] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  319.890308][T15367] netlink: 'syz.4.3216': attribute type 10 has an invalid length.
[  319.961307][T15367] 8021q: adding VLAN 0 to HW filter on device batadv0
[  319.989363][T15367] batadv0: entered promiscuous mode
[  319.997659][T15367] batadv0: entered allmulticast mode
[  320.006003][T15367] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  320.030037][T15213] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  320.223023][T15381] vlan2: entered promiscuous mode
[  320.237406][T15381] vlan2: entered allmulticast mode
[  320.245382][T15381] vlan0: entered allmulticast mode
[  320.254134][T15381] veth0_vlan: entered allmulticast mode
[  320.268189][T15381] vlan0: entered promiscuous mode
[  320.284188][T15381] team0: Port device vlan2 added
[  320.379911][T15213] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.435930][T15213] 8021q: adding VLAN 0 to HW filter on device team0
[  320.529534][ T8357] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.536719][ T8357] bridge0: port 1(bridge_slave_0) entered forwarding state
[  320.547119][ T8357] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.554383][ T8357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  320.741894][T15405] __nla_validate_parse: 1 callbacks suppressed
[  320.741922][T15405] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3233'.
[  320.810101][T15405] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  320.885868][ T5832] Bluetooth: hci3: command tx timeout
[  320.912634][T15213] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.975819][T15414] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3235'.
[  320.976677][T15415] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  320.994696][T15415] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.006614][T15415] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.023003][T15415] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.057856][T15420] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  321.099332][T15421] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3237'.
[  321.116539][T15415] bond0: (slave batadv0): Releasing backup interface
[  321.128923][T15415] batadv0 (unregistering): left promiscuous mode
[  321.140518][T15415] batadv0 (unregistering): left allmulticast mode
[  321.178186][T15421] ip6gretap0: entered promiscuous mode
[  321.197904][T15421] batman_adv: batadv0: Adding interface: macvlan2
[  321.206818][T15421] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[  321.230570][T15421] batman_adv: batadv0: Interface activated: macvlan2
[  321.288052][T15213] veth0_vlan: entered promiscuous mode
[  321.309534][T15213] veth1_vlan: entered promiscuous mode
[  321.426027][T15213] veth0_macvtap: entered promiscuous mode
[  321.438865][T15430] FAULT_INJECTION: forcing a failure.
[  321.438865][T15430] name failslab, interval 1, probability 0, space 0, times 0
[  321.465416][T15430] CPU: 0 UID: 0 PID: 15430 Comm: syz.2.3240 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  321.476550][T15430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  321.486700][T15430] Call Trace:
[  321.490009][T15430]  <TASK>
[  321.492938][T15430]  dump_stack_lvl+0x241/0x360
[  321.497624][T15430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.502834][T15430]  ? __pfx__printk+0x10/0x10
[  321.507422][T15430]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  321.512797][T15430]  ? __pfx___might_resched+0x10/0x10
[  321.518086][T15430]  should_fail_ex+0x3b0/0x4e0
[  321.522779][T15430]  should_failslab+0xac/0x100
[  321.527455][T15430]  __kmalloc_node_noprof+0xe1/0x4d0
[  321.532657][T15430]  ? __kvmalloc_node_noprof+0x72/0x190
[  321.538117][T15430]  __kvmalloc_node_noprof+0x72/0x190
[  321.543401][T15430]  alloc_netdev_mqs+0xa72/0x1080
[  321.548359][T15430]  ieee802154_if_add+0x11a/0x1160
[  321.553646][T15430]  ? __mutex_lock+0x5ef/0xee0
[  321.558326][T15430]  ? __pfx_ieee802154_if_add+0x10/0x10
[  321.563789][T15430]  ? __pfx___mutex_lock+0x10/0x10
[  321.568821][T15430]  ? genlmsg_put+0x145/0x2e0
[  321.573416][T15430]  ieee802154_add_iface_deprecated+0x44/0x70
[  321.579396][T15430]  ieee802154_add_iface+0x431/0x7d0
[  321.584687][T15430]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  321.590407][T15430]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  321.596739][T15430]  genl_rcv_msg+0xb14/0xec0
[  321.601254][T15430]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.606305][T15430]  ? __pfx_lock_acquire+0x10/0x10
[  321.611326][T15430]  ? __pfx_ieee802154_add_iface+0x10/0x10
[  321.617053][T15430]  ? __pfx___might_resched+0x10/0x10
[  321.622346][T15430]  netlink_rcv_skb+0x1e3/0x430
[  321.627114][T15430]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.632148][T15430]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  321.637454][T15430]  genl_rcv+0x28/0x40
[  321.641441][T15430]  netlink_unicast+0x7f6/0x990
[  321.646214][T15430]  ? __pfx_netlink_unicast+0x10/0x10
[  321.651492][T15430]  ? __virt_addr_valid+0x45f/0x530
[  321.656612][T15430]  ? __phys_addr_symbol+0x2f/0x70
[  321.661640][T15430]  ? __check_object_size+0x47a/0x730
[  321.666943][T15430]  netlink_sendmsg+0x8e4/0xcb0
[  321.671753][T15430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.677132][T15430]  ? aa_sock_msg_perm+0x91/0x160
[  321.682069][T15430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.687348][T15430]  __sock_sendmsg+0x221/0x270
[  321.692117][T15430]  ____sys_sendmsg+0x52a/0x7e0
[  321.696885][T15430]  ? __pfx_____sys_sendmsg+0x10/0x10
[  321.702165][T15430]  ? __fget_files+0x2a/0x410
[  321.706842][T15430]  ? __fget_files+0x2a/0x410
[  321.711438][T15430]  __sys_sendmsg+0x269/0x350
[  321.716031][T15430]  ? __pfx_lock_release+0x10/0x10
[  321.721055][T15430]  ? __pfx___sys_sendmsg+0x10/0x10
[  321.726173][T15430]  ? __pfx_vfs_write+0x10/0x10
[  321.730952][T15430]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  321.737275][T15430]  ? do_syscall_64+0x100/0x230
[  321.742039][T15430]  ? do_syscall_64+0xb6/0x230
[  321.746738][T15430]  do_syscall_64+0xf3/0x230
[  321.751267][T15430]  ? clear_bhb_loop+0x35/0x90
[  321.755957][T15430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.761873][T15430] RIP: 0033:0x7fa930f85d29
[  321.766285][T15430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.785989][T15430] RSP: 002b:00007fa931cfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  321.794400][T15430] RAX: ffffffffffffffda RBX: 00007fa931175fa0 RCX: 00007fa930f85d29
[  321.802363][T15430] RDX: 0000000000000800 RSI: 0000000020001f40 RDI: 0000000000000004
[  321.810326][T15430] RBP: 00007fa931cfe090 R08: 0000000000000000 R09: 0000000000000000
[  321.818291][T15430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  321.826254][T15430] R13: 0000000000000000 R14: 00007fa931175fa0 R15: 00007fff7ed8b798
[  321.834257][T15430]  </TASK>
[  321.867609][T15213] veth1_macvtap: entered promiscuous mode
[  321.924115][T15213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.939927][T15213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.950059][T15213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.960966][T15213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.972373][T15213] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.993497][T15213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.004238][T15213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.014638][T15213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  322.025548][T15213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.038254][T15213] batman_adv: batadv0: Interface activated: batadv_slave_1
[  322.048557][T15213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.057681][T15213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  322.066706][T15213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  322.075691][T15213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  322.130383][T15446] FAULT_INJECTION: forcing a failure.
[  322.130383][T15446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.168352][T15446] CPU: 0 UID: 0 PID: 15446 Comm: syz.4.3246 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  322.179185][T15446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  322.189280][T15446] Call Trace:
[  322.192586][T15446]  <TASK>
[  322.195557][T15446]  dump_stack_lvl+0x241/0x360
[  322.200713][T15446]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.206027][T15446]  ? __pfx__printk+0x10/0x10
[  322.210658][T15446]  ? __pfx_lock_release+0x10/0x10
[  322.215717][T15446]  should_fail_ex+0x3b0/0x4e0
[  322.220419][T15446]  _copy_from_user+0x2f/0xc0
[  322.225042][T15446]  copy_msghdr_from_user+0xae/0x680
[  322.230263][T15446]  ? __pfx___might_resched+0x10/0x10
[  322.235580][T15446]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  322.241387][T15446]  ? __fget_files+0x2a/0x410
[  322.245979][T15446]  ? __sys_sendmmsg+0x392/0x720
[  322.250835][T15446]  ? __might_fault+0xaa/0x120
[  322.255522][T15446]  __sys_sendmmsg+0x32b/0x720
[  322.260211][T15446]  ? __pfx___sys_sendmmsg+0x10/0x10
[  322.265424][T15446]  ? __pfx_lock_release+0x10/0x10
[  322.270465][T15446]  ? kstrtouint_from_user+0x128/0x190
[  322.275852][T15446]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  322.281749][T15446]  ? ksys_write+0x22a/0x2b0
[  322.286249][T15446]  ? __pfx_lock_release+0x10/0x10
[  322.291282][T15446]  ? vfs_write+0x730/0xd30
[  322.295711][T15446]  ? __mutex_unlock_slowpath+0x21e/0x790
[  322.301359][T15446]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  322.307334][T15446]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  322.313661][T15446]  ? do_syscall_64+0x100/0x230
[  322.318448][T15446]  __x64_sys_sendmmsg+0xa0/0xb0
[  322.323334][T15446]  do_syscall_64+0xf3/0x230
[  322.327854][T15446]  ? clear_bhb_loop+0x35/0x90
[  322.332548][T15446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.338467][T15446] RIP: 0033:0x7f0ded785d29
[  322.342920][T15446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.362725][T15446] RSP: 002b:00007f0dee5fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  322.371158][T15446] RAX: ffffffffffffffda RBX: 00007f0ded975fa0 RCX: 00007f0ded785d29
[  322.379150][T15446] RDX: 0000000004000190 RSI: 0000000020000180 RDI: 0000000000000007
[  322.387137][T15446] RBP: 00007f0dee5fb090 R08: 0000000000000000 R09: 0000000000000000
[  322.395109][T15446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  322.403075][T15446] R13: 0000000000000000 R14: 00007f0ded975fa0 R15: 00007fffd20f3ad8
[  322.411139][T15446]  </TASK>
[  322.479488][ T8357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.503342][ T8357] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.550480][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.555705][T15451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3248'.
[  322.559645][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.721847][T15467] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3158'.
[  322.791973][T15440] ------------[ cut here ]------------
[  322.798110][T15440] refcount_t: decrement hit 0; leaking memory.
[  322.815250][T15440] WARNING: CPU: 0 PID: 15440 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0
[  322.824830][T15440] Modules linked in:
[  322.828762][T15440] CPU: 0 UID: 0 PID: 15440 Comm: syz.3.3244 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  322.840006][T15440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  322.850194][T15440] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  322.856755][T15440] Code: b2 00 00 00 e8 37 3b dd fc 5b 5d c3 cc cc cc cc e8 2b 3b dd fc c6 05 4e 2b 42 0b 01 90 48 c7 c7 a0 6a 5f 8c e8 d7 de 9d fc 90 <0f> 0b 90 90 eb d9 e8 0b 3b dd fc c6 05 2b 2b 42 0b 01 90 48 c7 c7
[  322.877457][T15440] RSP: 0018:ffffc9000427fb48 EFLAGS: 00010246
[  322.884440][T15440] RAX: 1360ab38a82a9a00 RBX: ffff8880217ae64c RCX: ffff888037058000
[  322.892693][T15440] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  322.900789][T15440] RBP: 0000000000000004 R08: ffffffff81601a42 R09: fffffbfff1cfa210
[  322.908890][T15440] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff8880217ae608
[  322.916963][T15440] R13: 0000000000000000 R14: ffff8880217ae64c R15: dffffc0000000000
[  322.925038][T15440] FS:  000055558d026500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  322.933989][T15440] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  322.940692][T15440] CR2: 00007f8a84b48178 CR3: 000000003dcbc000 CR4: 00000000003526f0
[  322.948839][T15440] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  322.956914][T15440] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  322.965326][T15440] Call Trace:
[  322.968661][T15440]  <TASK>
[  322.971620][T15440]  ? __warn+0x165/0x4d0
[  322.975992][T15440]  ? refcount_warn_saturate+0xfa/0x1d0
[  322.982407][T15440]  ? report_bug+0x2b3/0x500
[  322.984548][ T5832] Bluetooth: hci3: command tx timeout
[  322.987621][T15440]  ? refcount_warn_saturate+0xfa/0x1d0
[  322.998075][T15440]  ? handle_bug+0x60/0x90
[  323.002432][T15440]  ? exc_invalid_op+0x1a/0x50
[  323.007269][T15440]  ? asm_exc_invalid_op+0x1a/0x20
[  323.012335][T15440]  ? __warn_printk+0x292/0x360
[  323.017262][T15440]  ? refcount_warn_saturate+0xfa/0x1d0
[  323.022771][T15440]  ? refcount_warn_saturate+0xf9/0x1d0
[  323.028382][T15440]  ref_tracker_free+0x6af/0x7e0
[  323.033271][T15440]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  323.039299][T15440]  ? __pfx_ref_tracker_free+0x10/0x10
[  323.045009][T15440]  ? ax25_destroy_socket+0x551/0x5c0
[  323.050321][T15440]  ax25_release+0x368/0x950
[  323.055024][T15440]  sock_close+0xbc/0x240
[  323.059293][T15440]  ? __pfx_sock_close+0x10/0x10
[  323.064249][T15440]  __fput+0x23c/0xa50
[  323.068355][T15440]  task_work_run+0x24f/0x310
[  323.073404][T15440]  ? _raw_spin_unlock+0x28/0x50
[  323.078417][T15440]  ? __pfx_task_work_run+0x10/0x10
[  323.085062][T15440]  ? syscall_exit_to_user_mode+0xa3/0x340
[  323.090831][T15440]  syscall_exit_to_user_mode+0x13f/0x340
[  323.096680][T15440]  do_syscall_64+0x100/0x230
[  323.101313][T15440]  ? clear_bhb_loop+0x35/0x90
[  323.106144][T15440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.112077][T15440] RIP: 0033:0x7f331ad85d29
[  323.116737][T15440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.136653][T15440] RSP: 002b:00007ffeef3d1778 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  323.145184][T15440] RAX: 0000000000000000 RBX: 00007f331af77ba0 RCX: 00007f331ad85d29
[  323.153197][T15440] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  323.161352][T15440] RBP: 00007f331af77ba0 R08: 0000000000000234 R09: 00007ffeef3d1a6f
[  323.169420][T15440] R10: 00007f331af77ac0 R11: 0000000000000246 R12: 000000000004ecba
[  323.177531][T15440] R13: 00007f331af76160 R14: 0000000000000032 R15: ffffffffffffffff
[  323.186568][T15440]  </TASK>
[  323.189645][T15440] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  323.196945][T15440] CPU: 0 UID: 0 PID: 15440 Comm: syz.3.3244 Not tainted 6.13.0-rc3-syzkaller-00691-gae418e95dd93 #0
[  323.207724][T15440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  323.217829][T15440] Call Trace:
[  323.221129][T15440]  <TASK>
[  323.224080][T15440]  dump_stack_lvl+0x241/0x360
[  323.228801][T15440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.234037][T15440]  ? __pfx__printk+0x10/0x10
[  323.238667][T15440]  ? _printk+0xd5/0x120
[  323.242850][T15440]  ? __init_begin+0x41000/0x41000
[  323.247903][T15440]  ? vscnprintf+0x5d/0x90
[  323.252268][T15440]  panic+0x349/0x880
[  323.256196][T15440]  ? __warn+0x174/0x4d0
[  323.260381][T15440]  ? __pfx_panic+0x10/0x10
[  323.264825][T15440]  __warn+0x344/0x4d0
[  323.268806][T15440]  ? refcount_warn_saturate+0xfa/0x1d0
[  323.274275][T15440]  report_bug+0x2b3/0x500
[  323.278605][T15440]  ? refcount_warn_saturate+0xfa/0x1d0
[  323.284080][T15440]  handle_bug+0x60/0x90
[  323.288275][T15440]  exc_invalid_op+0x1a/0x50
[  323.292804][T15440]  asm_exc_invalid_op+0x1a/0x20
[  323.297778][T15440] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  323.304489][T15440] Code: b2 00 00 00 e8 37 3b dd fc 5b 5d c3 cc cc cc cc e8 2b 3b dd fc c6 05 4e 2b 42 0b 01 90 48 c7 c7 a0 6a 5f 8c e8 d7 de 9d fc 90 <0f> 0b 90 90 eb d9 e8 0b 3b dd fc c6 05 2b 2b 42 0b 01 90 48 c7 c7
[  323.324101][T15440] RSP: 0018:ffffc9000427fb48 EFLAGS: 00010246
[  323.330178][T15440] RAX: 1360ab38a82a9a00 RBX: ffff8880217ae64c RCX: ffff888037058000
[  323.338149][T15440] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  323.346298][T15440] RBP: 0000000000000004 R08: ffffffff81601a42 R09: fffffbfff1cfa210
[  323.354273][T15440] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff8880217ae608
[  323.362239][T15440] R13: 0000000000000000 R14: ffff8880217ae64c R15: dffffc0000000000
[  323.370299][T15440]  ? __warn_printk+0x292/0x360
[  323.375339][T15440]  ? refcount_warn_saturate+0xf9/0x1d0
[  323.380989][T15440]  ref_tracker_free+0x6af/0x7e0
[  323.385842][T15440]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  323.391750][T15440]  ? __pfx_ref_tracker_free+0x10/0x10
[  323.397142][T15440]  ? ax25_destroy_socket+0x551/0x5c0
[  323.402611][T15440]  ax25_release+0x368/0x950
[  323.407135][T15440]  sock_close+0xbc/0x240
[  323.411383][T15440]  ? __pfx_sock_close+0x10/0x10
[  323.416317][T15440]  __fput+0x23c/0xa50
[  323.420306][T15440]  task_work_run+0x24f/0x310
[  323.424894][T15440]  ? _raw_spin_unlock+0x28/0x50
[  323.429748][T15440]  ? __pfx_task_work_run+0x10/0x10
[  323.434865][T15440]  ? syscall_exit_to_user_mode+0xa3/0x340
[  323.440583][T15440]  syscall_exit_to_user_mode+0x13f/0x340
[  323.446213][T15440]  do_syscall_64+0x100/0x230
[  323.450801][T15440]  ? clear_bhb_loop+0x35/0x90
[  323.455485][T15440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.461375][T15440] RIP: 0033:0x7f331ad85d29
[  323.465785][T15440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.485751][T15440] RSP: 002b:00007ffeef3d1778 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  323.494168][T15440] RAX: 0000000000000000 RBX: 00007f331af77ba0 RCX: 00007f331ad85d29
[  323.502141][T15440] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  323.510194][T15440] RBP: 00007f331af77ba0 R08: 0000000000000234 R09: 00007ffeef3d1a6f
[  323.518163][T15440] R10: 00007f331af77ac0 R11: 0000000000000246 R12: 000000000004ecba
[  323.526129][T15440] R13: 00007f331af76160 R14: 0000000000000032 R15: ffffffffffffffff
[  323.534106][T15440]  </TASK>
[  323.537381][T15440] Kernel Offset: disabled
[  323.541749][T15440] Rebooting in 86400 seconds..