last executing test programs:

18.108318328s ago: executing program 1 (id=1819):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00'})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r1, 0x58, &(0x7f0000000080)}, 0x10)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="020e000014000000000000000000000005000600000000000a000000000000000000000000000000000000000000000000000000000000000800120002000300000000000000000010003200020100000011000000000000e0000002000000000000000000000000e000000200000000000000000000000005000500000000000a"], 0xa0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000f857fa673c5db97c3f037459997517e09164411cc601f4d5d48615082eade21bcdf5c206c699e35ad2d257015ba25f633cb802c3058656906e4cc9bcdbe3253ed47f6d5f29c42067ad6a2abd4aa8a1e5f5324dd01fdc105011565f1328ae2e91fdd331bbff4447c89cad9800db230253bfbf96be621fa9be7d98ba334f", @ANYRES32=r2, @ANYBLOB="0000000000000000660000000000000018000000000000000000000000000000950000000000000047030000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90)

17.954255704s ago: executing program 1 (id=1822):
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0xa1e, 0x4)
sendmsg$key(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000001f80)={0x2, 0x5, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)="ec", 0x1}], 0x1}}], 0x1, 0x20008084)
r3 = accept$alg(r2, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r5, &(0x7f00000001c0)=ANY=[], 0xa)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000400), r2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
r10 = socket(0xa, 0x3, 0x4)
ioctl$sock_SIOCBRDELBR(r10, 0x89a3, &(0x7f0000000000)='bridge0\x00')
r11 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), r10)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001c40)=ANY=[@ANYBLOB="84000000", @ANYRES16=r11, @ANYRES32, @ANYBLOB="080001007063690011000200303030303a30303a31302e300000000008008c0004000000080001007063690011000200303030303a30303a31302e300000000008008c0004000000"], 0x84}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000)
ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000380)={'veth1_to_bond\x00'})
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r11, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x4}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x40}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a40)={0x40, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x4, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14}]}]}]}, 0x40}}, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x13}})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="411088cfd916a08ee0c1ea5f8b041ed09bfffc64b53c7c77fd172c39919872c99620d0c1ddab7529e100785d384ea72ff527a34f987ca9e00f95c65ce62046f6a52b6dfca21d5102e78e14a1edcc1fa864e9b1380728318511d794986f0ca9", 0x5f)

17.642564618s ago: executing program 1 (id=1826):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000007b3a6d7b850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='ext4_allocate_inode\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_freezer_state(r3, &(0x7f00000000c0), 0x2, 0x0)
r5 = openat$cgroup_procs(r3, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000040), 0x12)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_freezer_state(r4, &(0x7f0000000400)='FROZEN\x00', 0x7)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r7}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)

2.556597828s ago: executing program 0 (id=2062):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, &(0x7f0000001080)=[{&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776", 0x2a}], 0x1, &(0x7f0000001d00)=ANY=[@ANYBLOB="1400000000000000010000002500000002010000000000004800000000000000080000000797dbc64107b42c556567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799ef4dca1e3c32158996e4b2abde5f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d65108006e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469deb0d81d7adee2ef7c2f058c2c262b97ecbfb32fe3e3ffcdf7b5c24d0ab0a7ae9e6be6c115c5663dd864d655a7babdcf8315dc29b6f18539abf1422502d7d53ce861d8a07dbb00c5a94e0186689f988628a0986d8f0419924348a32be8950099b4718e6109b9eed9e5b3e8ff86d22cf39479b26cc3e977df19f757432bf055090461", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b1db7295614e2a4f8711ec37ae999180cb5bbb9c5382120076e117539d423a2ec0f468db35960831f5f883472327697495b8e8ba8e2f3defbe93e1fc733b06dfc74890a3f63b154e9681d69cdd9894c914ee45c286462888ff84e401a6d8895ffda88a171b7359f815d7b6f7562fba1bbff4cba08f7a3f582d7c604013317281c5e9a8e88b66a4717b3c318f85aecbe8b5f3485f8d31bf5a57b9dd53b382ec017a33d1fabe09daf76b3b0"], 0x6b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'wlan0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x11}})
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x0, 0x8000, 0x4a9}, 0x1c)
unshare(0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, 0x0, 0x0, 0x0, 0x0, {{0x17}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, r5, 0x90d, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_PMK={0x14, 0xfe, "aaab8d6b43a6f04118397fda622ad550"}]}, 0x3c}}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c)
write$cgroup_int(r2, &(0x7f00000000c0), 0x12)
ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

2.331112338s ago: executing program 0 (id=2066):
syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
readv(r1, &(0x7f0000000200)=[{&(0x7f0000003540)=""/4096, 0x38}], 0x2)
r2 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
recvmmsg(r2, &(0x7f0000002d40)=[{{&(0x7f00000000c0)=@caif=@dbg, 0x80, &(0x7f0000000140)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1}, 0x5}, {{&(0x7f0000003440)=@can, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)=""/95, 0x5f}, {&(0x7f0000000280)=""/116, 0x74}, {&(0x7f0000000300)=""/13, 0xd}, {&(0x7f0000000340)=""/58, 0x3a}, {&(0x7f0000000380)=""/88, 0x58}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/174, 0xae}], 0x7, &(0x7f0000000580)=""/223, 0xdf}, 0x5}, {{&(0x7f0000000680)=@in={0x2, 0x0, @private}, 0x80, &(0x7f0000002ac0)=[{&(0x7f0000000700)=""/178, 0xb2}, {&(0x7f00000007c0)=""/21, 0x15}, {&(0x7f0000001840)=""/214, 0xd6}, {&(0x7f0000001940)=""/219, 0xdb}, {&(0x7f0000001a40)=""/107, 0x6b}, {&(0x7f0000001ac0)=""/4096, 0x1000}], 0x6, &(0x7f0000002b40)=""/196, 0xfffffffffffffcc1}, 0x2}, {{0x0, 0x0, &(0x7f0000002c80)=[{&(0x7f0000002c40)=""/51, 0x33}], 0x1, &(0x7f0000002cc0)=""/72, 0x48}, 0x80000000}], 0x4, 0x40010000, 0x0)
write$binfmt_aout(r2, &(0x7f00000034c0)=ANY=[@ANYBLOB="0b01640500000000feffffff0000000000000000810000000000000000000000f7ce744adb21d1462460899c11533a1c755bdc3c5241e74013f0646edb80007d451cfc49da02a13e92930ca18c03becdeb50d6f61c5e037a6138e5a00112dcc56acd55f44ef83e10419d3c0579"], 0x28)
r3 = socket$packet(0x11, 0x0, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7a}]}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002e40), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r6, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/250, 0xfa}], 0x2}, 0x8}], 0x1, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="a795168906"], 0x14}}, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10)
sendto$inet(r4, &(0x7f00000020c0)="f72bacc3ca1a9edf08e239411cbcf4b2ef918084f500db36e20f4f509b2d142d7f20570bec6d2d7fcdd876a9f6167b334b1520e2a2e62197dcbc558318f53923acd32a9cc5e539620f83a0ebc7bf4516404a2b9baa92b0c687a280d35df349", 0x5f, 0x0, &(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c)
socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_SET_OP_VERSION(r2, 0x1, 0x53, &(0x7f0000000040), &(0x7f0000000080)=0x8)
connect$can_bcm(r1, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000001bbb8389a46eb7225600dde7", @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}, 0x1, 0x0, 0x0, 0x804}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='svcrdma_decode_short_err\x00'}, 0x10)
r8 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)

1.785353156s ago: executing program 3 (id=2070):
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x34}}, 0x0)
socket(0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x35, 0x701, 0x0, 0x2, {0x6}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)

1.646764618s ago: executing program 3 (id=2071):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pim6reg1\x00', 0x1})
listen(0xffffffffffffffff, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000240), 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x325)
listen(r2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f00000002c0)=[{0x20, 0x0, 0xff, 0xfffff015}, {0x6, 0x0, 0x0, 0x5}, {0x0, 0x6, 0x0, 0xa16c}]}, 0x69)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
sendfile(0xffffffffffffffff, r6, 0x0, 0x5)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaabbbbbbbbbbbbbb88a800"], 0x178)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c00000010000104000000010000000000000000", @ANYRES32=r7, @ANYBLOB="00000000000000002c001280110001006272696467655f736c617665000000001400058006000200000000000500010001"], 0x4c}}, 0x0)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, &(0x7f0000000100)={0xffffffffffffffff, 0x1, 0x4, r7, 0x1}, 0xc)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r11, &(0x7f0000000080)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r12, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@delchain={0x24, 0x2a, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r12}}, 0x24}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002180))

1.326210116s ago: executing program 0 (id=2077):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@migrate={0x50, 0x21, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1=0xe0000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0x50}}, 0x0)

1.227099092s ago: executing program 0 (id=2078):
r0 = socket$inet(0x2, 0xa, 0x0)
bind$inet(r0, &(0x7f00000005c0)={0x2, 0x0, @private=0x500}, 0x10)

1.062677588s ago: executing program 0 (id=2079):
socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(0xffffffffffffffff, &(0x7f0000004b40)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x12}, 0x1c)
socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0xffffff7f}]}], {0x14}}, 0x6c}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'ip_vti0\x00', &(0x7f0000000580)={'sit0\x00', 0x0, 0x0, 0x7840, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
socket$inet6(0xa, 0x3, 0x6)
r5 = socket(0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(r5, 0x29, 0xcf, 0x0, 0x4)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="000e000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4, @ANYBLOB="450f69470a51decc9aa505ffe3ce691a0b679d1c8043196f63323c728082d457745085cc24054776c01c9e90e7196a5927e9ae607f0000000000000000"], 0x44}}, 0x0)

1.045243602s ago: executing program 4 (id=2080):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r1, &(0x7f0000000300)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000f, 0x12, r0, 0x0)
ioctl(r0, 0x1, &(0x7f0000000000))
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

1.026158001s ago: executing program 2 (id=2081):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x15, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

838.754296ms ago: executing program 2 (id=2082):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x3c, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}}, 0x0)

828.803173ms ago: executing program 4 (id=2083):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000003c0)={'wpan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000ac0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB], 0x40}}, 0x0)

824.774221ms ago: executing program 3 (id=2084):
r0 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x78}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRESHEX=r1], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1a}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
write(r3, &(0x7f00000000c0)="8f6a", 0x5a01)

714.671548ms ago: executing program 0 (id=2085):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0106000000000000000009000016240004801300010062726f6164636173742d6c696e6b00000c0007800800050002"], 0x38}}, 0x0)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fdfffff70f4000003000078008000200060000000c0003"], 0x44}}, 0x0)
shutdown(0xffffffffffffffff, 0x1)
ppoll(&(0x7f00000004c0)=[{}], 0x1, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x68, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x34, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r6}, @IFLA_GRE_LOCAL={0x14, 0x6, @remote}, @IFLA_GRE_REMOTE={0x14, 0x7, @local}]}}}]}, 0x68}}, 0x0)

685.179092ms ago: executing program 3 (id=2086):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140), 0x8)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340), 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x5, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300000040000085000000ad000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x6, 0xa4, &(0x7f00000002c0)=""/164}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="022000000000000014000300776f616e31000000000000000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r4}, 0x90)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10)
splice(r9, 0x0, r7, 0x0, 0xf3a, 0x0)
vmsplice(r6, &(0x7f00000001c0)=[{&(0x7f0000000640)="ec", 0x1}], 0x1, 0x0)
tee(r6, r10, 0xaf5, 0x0)
write$binfmt_elf64(r8, &(0x7f0000003380)=ANY=[], 0x18c6)
r12 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r12, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x8, 0x400, 0x100}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10)
r13 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000080)=@newtaction={0x6c, 0x30, 0x53b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x62}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f00000000c0)={0xe, 0x3f, 0x5, 0x4, 0xac, 0x81})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={0x0, 0x20004}, 0x8)
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000))
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r14)

635.412958ms ago: executing program 2 (id=2087):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x5, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000080)=0x1a43)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r4, 0x0, r6, 0x0, 0x7, 0x0)
r7 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r7, &(0x7f0000000000)={0x18, 0x0, {0xfffd, @dev, 'veth1_to_team\x00'}}, 0x1e)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000040)={0x18, 0x0, {0x2, @local, 'gre0\x00'}}, 0x1e)
r9 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r9, &(0x7f00000000c0)={0x18, 0x0, {0x2, @local, 'veth1_to_batadv\x00'}}, 0x1e)
close(r7)
write$binfmt_elf64(r5, &(0x7f0000001b80)=ANY=[], 0x7f8)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x34, r3, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x34}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x17, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x4}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)

564.595241ms ago: executing program 4 (id=2088):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x1d, 0x15, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, [@exit, @ringbuf_query, @generic={0x81, 0x0, 0x3, 0x1, 0x46f}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1f}}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10001}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}]}, &(0x7f0000000140)='syzkaller\x00', 0x8c0, 0x5c, &(0x7f0000000180)=""/92, 0x41100, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0xe, 0x401, 0x33}, 0x10, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xf}, {0x3, 0x1, 0xc, 0xc}], 0x10, 0x3ff}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x2, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x0, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x80000000}, 0x10, 0x0, r0}, 0x90)

523.397975ms ago: executing program 1 (id=1996):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) (async, rerun: 32)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async, rerun: 32)
ioctl$FITHAW(0xffffffffffffffff, 0xc0045878)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
socket$kcm(0x10, 0x2, 0x4) (async, rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=r4, @ANYBLOB="0000000000800200380012800b0001006272696467650000280002800c002300fbffffffffffffff05002400000000010500240001000000060027"], 0x58}}, 0x0)
pipe(&(0x7f0000000180)={<r5=>0xffffffffffffffff})
pipe(&(0x7f00000002c0)) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x80000003, 0x0, r5, 0x3f}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
pipe(&(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c01000000000000000000200000000000cf0800000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800140002000000"], 0x3c}}, 0x0) (async)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=<r10=>0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) (async)
write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[], 0xfffffecc) (async)
splice(r7, 0x0, r9, 0x0, 0x4ffe2, 0x0) (async)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000480)={@remote, @private, <r11=>0x0}, &(0x7f00000004c0)=0xc) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'syztnl0\x00', &(0x7f0000000600)={'syztnl1\x00', <r12=>0x0, 0x8780, 0x40, 0x4, 0x9, {{0x1d, 0x4, 0x2, 0x3, 0x74, 0x64, 0x0, 0xf8, 0x4, 0x0, @broadcast, @local, {[@ra={0x94, 0x4}, @timestamp_addr={0x44, 0x14, 0x1e, 0x1, 0x2, [{@rand_addr=0x64010101, 0x5}, {@rand_addr=0x64010101, 0x7}]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x44, 0xb5, 0x3, 0x7, [{@rand_addr=0x64010102, 0x5}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x1000}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x8}, {@empty, 0x4}, {@local, 0x5}, {@multicast1, 0x80000001}, {@remote}, {@private=0xa010102, 0x9}]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f0000000ac0)=ANY=[@ANYRES32=r10, @ANYRES16=r6, @ANYRES32, @ANYBLOB="d4619600e828f3e39aeb4e33d7474c2fd36c5bfbbb8ce4cedc214b5b0a2157f7f7775df9a70fdab0c4b3bb1c899300bb222db6d9bd3a0ec1adca70c3692cf02c6e8e5a954903d725bb28dfe9768f0432d06f2cbedf9275e27c7579e5957672de30e43a0884f9293ba13977128e86074de5e5a1545ca7a6529e7279bebae32fb4e38c", @ANYBLOB="290f5ca6757b0853077a0e3c44bc4d8c960b79725c22e3fd56ea7d0046ca6c0720af2ae24e87f3e1ad30849fbd018e7cc3d2ec72b0cde4c0700ba76b307768515f468d6d041a802bed086debb03e5a78f5b31d6b0bc1070211af97d1e3432a9d4391543d162a9197d2d02e41350286bad66daeb5398f54886f87ff6eaced", @ANYRES8=r2, @ANYRES32=r11, @ANYBLOB="14000200776c616e3100000000000000000000001800018014100200766c616e3000000000000000000000004c00018008000100", @ANYRES32=r12, @ANYBLOB="080003000300000008000300040000001400020073797a6b616c6c6572310000000000001400020076657468305f746f"], 0xe8}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) (async)
socket(0x10, 0x3, 0x0)

454.158197ms ago: executing program 4 (id=2089):
r0 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x74, 0x0, 0x4, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xad82}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xffff}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x31}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x81}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1000}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x18, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@btf_id={0x18, 0x8, 0x3, 0x0, 0x5}, @generic={0x8, 0x4, 0x9, 0x101, 0x80}, @initr0={0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xa0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xe}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='GPL\x00', 0x2, 0x9, &(0x7f0000000340)=""/9, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x5, 0x10, 0x3, 0x100}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000400)=[{0x2, 0x4, 0xe, 0xc}, {0x3, 0x2, 0x2, 0x5}, {0x5, 0x4, 0xfffffb8a, 0x2}], 0x10, 0xb84}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='io_uring_req_failed\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), r0)
sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f00000009c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000980)={&(0x7f00000006c0)={0x288, r2, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x61e}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9f710}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4723}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}]}, @TIPC_NLA_NET={0x50, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6ddf}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa84}]}, @TIPC_NLA_NODE={0x1a4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x28, 0x3, "f5f578d05fd47ce1be2882147d973f03640a2938f850913f5dfc4dbb980d69fd1e4b8f7f"}, @TIPC_NLA_NODE_ID={0x9d, 0x3, "c332d4a52e0efe25913d747a5626ce43bbba59a7123e1cc89c9fca861cb94accbe80fe32f6293c1fffc2634c0364bac98461d8f026d2aa313f3d82e2895d80091a37df71691618a32c21c8107019ca4422b9fdf84d0b02f17bcfca3644471f1c4fbf3da9ec815db6fff08f51ae6485e85436521f8114cd47bf46292b8252807cf1ea27e87edc360b4a96dff3c839c5235f90d462b84f0195b0"}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "cc5e938461eeff1c0249a2b2519cebd44de3c1ae869afc125f8e921b505d5e"}}, @TIPC_NLA_NODE_ID={0x83, 0x3, "0f969d402ee8ef00e19010c0d2d5cdf9bc8b6271d7c73fb17530ff6a0ee4d34988b8d8ac86791c26480196d75890473324fee1abf33b93e3080f460459da71d7ff6258200bcb7754e91b345feed9db66623ae1959b62f67a47b2d93faa9fea3d56da820ff133eda73387c5a20d7118e1c30a19c294219b7dfd5b7d57a9141b"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x288}, 0x1, 0x0, 0x0, 0x24008044}, 0x4000000)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000a00)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x48)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c00)={&(0x7f0000000a80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x5, [@ptr={0x3, 0x0, 0x0, 0x2, 0x3}, @ptr={0x2, 0x0, 0x0, 0x2, 0x5}, @typedef={0xa, 0x0, 0x0, 0x8, 0x5}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x5, 0x2}]}, {0x0, [0x0, 0x30, 0x61]}}, &(0x7f0000000b00)=""/208, 0x51, 0xd0, 0x0, 0x7}, 0x20)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@base={0x10, 0x7, 0x5, 0x5, 0x2400, r3, 0x6e, '\x00', 0x0, r4, 0x4, 0x2, 0x1}, 0x48)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x200001, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0xa, 0x10, &(0x7f0000000d00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3f}, [@ringbuf_query, @alu={0x0, 0x1, 0x7, 0x1, 0x3, 0x30, 0xfffffffffffffffc}, @map_fd={0x18, 0xb, 0x1, 0x0, r3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xf8f97e33}, @generic={0x8, 0x3, 0x9, 0xffff, 0x5}, @map_val={0x18, 0x8, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x80}, @alu={0x7, 0x1, 0xc, 0x1, 0x2, 0x100, 0x8}]}, &(0x7f0000000d80)='GPL\x00', 0x101, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x5, r4, 0x8, &(0x7f0000000dc0)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000e00)={0x0, 0xe, 0x9, 0x7}, 0x10, 0x0, r1, 0x3, &(0x7f0000000e40)=[r5, r5], &(0x7f0000000e80)=[{0x2, 0x5, 0x3, 0xc}, {0x2, 0x3, 0xa, 0x1}, {0x2, 0x4, 0x4, 0x1}], 0x10, 0x100}, 0x90)
r7 = openat$cgroup_ro(r4, &(0x7f0000000f80)='rdma.current\x00', 0x0, 0x0)
write$cgroup_pid(r7, &(0x7f0000001000), 0x12)
setsockopt$ax25_int(r7, 0x101, 0x6, &(0x7f0000001040)=0x6, 0x4)
getsockopt$ax25_int(r7, 0x101, 0x3, &(0x7f0000001080), &(0x7f00000010c0)=0x4)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000011c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x1c, 0xf, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x840)
socket$inet6(0xa, 0x6, 0x4)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001240), r7)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000001300)={&(0x7f0000001200), 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x1c, r8, 0x50f, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4005)
r9 = socket$kcm(0x29, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(r7, 0x84, 0xd, &(0x7f0000001340)=@assoc_value={0x0, 0x80000000}, &(0x7f0000001380)=0x8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001400)={'pim6reg0\x00', <r10=>0x0})
sendmsg$nl_route(r7, &(0x7f0000001500)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)=@ipv4_getnexthop={0x44, 0x6a, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@NHA_FDB={0x4}, @NHA_ID={0x8}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8, 0xa, 0x2}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_MASTER={0x8, 0xa, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x800)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000001540)={'geneve1\x00', 0x2000})
r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000015c0), r7)
sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000001680)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x40002}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x1c, r11, 0x8, 0x70bd29, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x10)

432.379494ms ago: executing program 1 (id=2090):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x269646d322361559}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000040)={&(0x7f0000000200)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ife={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2}}}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_PRIO={0x4, 0x2, @void}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

339.302891ms ago: executing program 2 (id=2091):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x40, r1, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x2}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x40}}, 0x0)

230.761076ms ago: executing program 3 (id=2092):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
epoll_create1(0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local, {[@cipso={0x86, 0xf, 0x3, [{0x5, 0x4, "4492"}, {0x7, 0x5, "e0f493"}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

229.101972ms ago: executing program 1 (id=2093):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r4=>0x0})
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x8847, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x0, 0x0, 0x0, {@ip4=@broadcast, 0x86dd}}}]}, 0x38}}, 0x0)

179.402744ms ago: executing program 2 (id=2094):
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x23, 0xf2ffffff, 0x0, 0x21, 0x0, 0x0, 0x2}, 0x50)

142.523667ms ago: executing program 4 (id=2095):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100], 0x0, 0x0, 0x0}, 0x2c8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@getnexthop={0x20, 0x76, 0xd11, 0x0, 0x6, {0x3}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x48}}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f00000003c0)={0x0, 0xd6, "afc823064c9cf45b2ebed39f2e394f704fc75ae6e5c9a6b6fc7b5d7a90f82f68bc967671f80959f914014c4a7616c0d36928caa675f170a3696b3d5b6aa0ba28ef751c30edd40369101cb44467b5f0ddd18a7ff75c9479cf8d3429e1d3b0b2429021963aa538d25ed7c7a274127a0ab6e32c3e05faa40bca99b0945f240bb206f6456599f924753d9ca5dfb1546b54509372d8b6402a3914c92a84f1e6c327d976e11970f0f245dbe3ced6c5d1f8157e1b6bd09bf69d07f626884739b512d023f95b9538b99260a53655fd3243ee9b665a5351b124a3"}, &(0x7f00000001c0)=0xde)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000300)={0x0, 0x19, &(0x7f0000000240)={&(0x7f00000000c0)=@migrate={0x154, 0x21, 0x0, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in=@multicast2}}, @migrate={0xe8}]}, 0x154}}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100)={r3})

78.679144ms ago: executing program 3 (id=2096):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x3c, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}}, 0x0)

63.886484ms ago: executing program 2 (id=2097):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000003c0)={'wpan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000ac0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="24002d8008000200"], 0x40}}, 0x0)

0s ago: executing program 4 (id=2098):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f00000000c0), 0x4)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x1)

kernel console output (not intermixed with test programs):

94'.
[  131.320379][ T7390] bond0: entered promiscuous mode
[  131.330856][ T7390] bond_slave_0: entered promiscuous mode
[  131.349151][ T7390] bond_slave_1: entered promiscuous mode
[  131.383269][ T7390] bond0: left promiscuous mode
[  131.408075][ T7390] bond_slave_0: left promiscuous mode
[  131.428840][   T25] IPVS: starting estimator thread 0...
[  131.436926][ T7403] ax25_connect(): syz.3.495 uses autobind, please contact jreuter@yaina.de
[  131.442281][ T7390] bond_slave_1: left promiscuous mode
[  131.553105][ T7404] IPVS: using max 17 ests per chain, 40800 per kthread
[  131.651475][ T7416] __nla_validate_parse: 1 callbacks suppressed
[  131.651496][ T7416] netlink: 12 bytes leftover after parsing attributes in process `syz.4.601'.
[  131.717178][ T7420] netlink: 'syz.0.602': attribute type 1 has an invalid length.
[  131.893528][ T7424] netlink: 'syz.4.603': attribute type 2 has an invalid length.
[  132.138417][ T7437] netlink: 16 bytes leftover after parsing attributes in process `syz.1.609'.
[  132.160896][ T7437] netlink: 24 bytes leftover after parsing attributes in process `syz.1.609'.
[  132.191270][ T7433] IPVS: set_ctl: invalid protocol: 60 10.1.1.2:0
[  132.233767][ T7441] sctp: [Deprecated]: syz.4.610 (pid 7441) Use of struct sctp_assoc_value in delayed_ack socket option.
[  132.233767][ T7441] Use struct sctp_sack_info instead
[  132.567380][ T7458] netlink: 188 bytes leftover after parsing attributes in process `syz.4.615'.
[  132.635997][ T7458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.615'.
[  132.961352][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  133.393002][ T7497] tipc: Started in network mode
[  133.409747][ T7497] tipc: Node identity 5f1414, cluster identity 4711
[  133.429138][ T7497] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  133.452537][ T7500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.628'.
[  133.739875][ T7511] netlink: 'syz.4.631': attribute type 4 has an invalid length.
[  133.857659][ T7518] sctp: [Deprecated]: syz.1.630 (pid 7518) Use of int in max_burst socket option deprecated.
[  133.857659][ T7518] Use struct sctp_assoc_value instead
[  134.152702][ T7532] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'.
[  134.297910][ T7537] lo speed is unknown, defaulting to 1000
[  134.355959][ T7537] lo speed is unknown, defaulting to 1000
[  134.442763][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.645'.
[  134.488439][ T7537] lo speed is unknown, defaulting to 1000
[  134.657416][ T7553] netlink: 'syz.2.647': attribute type 1 has an invalid length.
[  134.660038][ T7555] ieee802154 phy0 wpan0: encryption failed: -22
[  134.681091][ T7553] netlink: 224 bytes leftover after parsing attributes in process `syz.2.647'.
[  134.779800][ T7558] team0: entered promiscuous mode
[  134.792233][ T7558] team_slave_0: entered promiscuous mode
[  134.801929][ T7558] team_slave_1: entered promiscuous mode
[  134.815517][ T7558] team_slave_0: entered allmulticast mode
[  134.851285][ T7558] team_slave_0: left promiscuous mode
[  134.886569][ T7558] team0: Port device team_slave_0 removed
[  134.919887][ T7556] team0: left promiscuous mode
[  134.922373][ T7537] infiniband syz0: set active
[  134.945246][ T7556] team_slave_1: left promiscuous mode
[  134.965468][  T784] lo speed is unknown, defaulting to 1000
[  134.972288][ T7537] infiniband syz0: added lo
[  134.979323][ T7537] syz0: rxe_create_cq: returned err = -12
[  135.006234][ T7537] infiniband syz0: Couldn't create ib_mad CQ
[  135.020965][ T7537] infiniband syz0: Couldn't open port 1
[  135.192208][ T7537] RDS/IB: syz0: added
[  135.207053][ T7537] smc: adding ib device syz0 with port count 1
[  135.220826][ T7537] smc:    ib device syz0 port 1 has pnetid 
[  135.226878][ T7568] netlink: 132 bytes leftover after parsing attributes in process `syz.0.653'.
[  135.291083][ T7537] lo speed is unknown, defaulting to 1000
[  135.321498][    T8] lo speed is unknown, defaulting to 1000
[  135.324737][ T7564] sctp: [Deprecated]: syz.3.651 (pid 7564) Use of int in max_burst socket option deprecated.
[  135.324737][ T7564] Use struct sctp_assoc_value instead
[  135.477045][ T7575] netlink: 'syz.0.655': attribute type 10 has an invalid length.
[  135.554446][ T7575] batman_adv: batadv0: Adding interface: team0
[  135.614339][ T7575] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.741177][ T7575] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  135.811170][ T7585] netlink: 'syz.3.657': attribute type 3 has an invalid length.
[  135.886497][ T7537] lo speed is unknown, defaulting to 1000
[  135.965990][ T4490] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  135.981466][ T4490] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  136.014795][ T4490] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  136.031168][ T4490] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  136.038936][ T4490] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  136.049255][ T4490] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  136.319216][ T7601] netlink: 'syz.4.663': attribute type 4 has an invalid length.
[  136.345959][ T7537] lo speed is unknown, defaulting to 1000
[  136.724277][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88802f2b2c00: rx timeout, send abort
[  136.756684][ T7587] lo speed is unknown, defaulting to 1000
[  136.763581][   T35] bridge_slave_1: left allmulticast mode
[  136.779636][   T35] bridge_slave_1: left promiscuous mode
[  136.798212][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.860400][   T35] bridge_slave_0: left allmulticast mode
[  136.889243][   T35] bridge_slave_0: left promiscuous mode
[  136.897180][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.970416][   T29] audit: type=1107 audit(1719654252.725:6): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ćÁr4ťŹąčmů›ş0ź×ÇI1ýé&§tĽ$ĎĄNç26éů4ůŐÔçĽHˆ—Ţ|ă5*ěœ?cŚĺYśąţv´-P€ŮŽG‚(ö­
pbü…ĂaŇşË4]ţá:ń'
[  137.233899][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88802f2b2c00: abort rx timeout. Force session deactivation
[  137.397673][ T7634] net_ratelimit: 10 callbacks suppressed
[  137.397692][ T7634] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  137.563635][ T7642] __nla_validate_parse: 4 callbacks suppressed
[  137.563669][ T7642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.674'.
[  137.588102][ T7642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.674'.
[  137.938400][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.952322][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.967434][   T35] bond0 (unregistering): Released all slaves
[  137.991146][ T7537] lo speed is unknown, defaulting to 1000
[  138.098264][   T35] Ęüä^q: left promiscuous mode
[  138.161389][ T4490] Bluetooth: hci4: command tx timeout
[  138.255068][   T35] tipc: Left network mode
[  138.334695][ T7664] netlink: 'syz.4.678': attribute type 4 has an invalid length.
[  138.551914][ T7666] netlink: 'syz.4.678': attribute type 4 has an invalid length.
[  138.622199][ T7537] lo speed is unknown, defaulting to 1000
[  138.695113][ T7683] netlink: 16 bytes leftover after parsing attributes in process `syz.3.683'.
[  139.023364][ T7697] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  139.046315][ T7587] chnl_net:caif_netlink_parms(): no params data found
[  139.263994][ T7537] lo speed is unknown, defaulting to 1000
[  139.273226][ T7709] netlink: 12 bytes leftover after parsing attributes in process `syz.0.689'.
[  139.319687][ T7709] netlink: 12 bytes leftover after parsing attributes in process `syz.0.689'.
[  139.500182][ T7587] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.530932][ T7587] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.570519][ T7587] bridge_slave_0: entered allmulticast mode
[  139.603150][ T7587] bridge_slave_0: entered promiscuous mode
[  139.648425][ T7587] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.679394][ T7587] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.702534][ T7587] bridge_slave_1: entered allmulticast mode
[  139.710476][ T7587] bridge_slave_1: entered promiscuous mode
[  139.833316][ T7733] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes.
[  139.861567][ T7587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  139.898370][ T7537] lo speed is unknown, defaulting to 1000
[  139.922268][ T7587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  139.975841][ T7735] netlink: 20 bytes leftover after parsing attributes in process `syz.3.697'.
[  140.099386][ T7587] team0: Port device team_slave_0 added
[  140.186264][ T7587] team0: Port device team_slave_1 added
[  140.231093][ T4490] Bluetooth: hci4: command tx timeout
[  140.352932][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_0
[  140.389374][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.457941][ T7587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  140.491073][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.703'.
[  140.499994][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.0.703'.
[  140.529931][ T7587] batman_adv: batadv0: Adding interface: batadv_slave_1
[  140.560191][ T7587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  140.625353][ T7587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.772753][ T7769] netlink: 100 bytes leftover after parsing attributes in process `syz.1.705'.
[  140.945468][ T7587] hsr_slave_0: entered promiscuous mode
[  140.966208][ T7587] hsr_slave_1: entered promiscuous mode
[  140.989005][ T7587] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  141.014772][ T7587] Cannot create hsr debugfs directory
[  141.020415][ T7774] netlink: 'syz.0.706': attribute type 2 has an invalid length.
[  141.214352][ T7791] netlink: 44 bytes leftover after parsing attributes in process `syz.0.711'.
[  141.419871][   T35] hsr_slave_0: left promiscuous mode
[  141.450941][   T35] hsr_slave_1: left promiscuous mode
[  141.470791][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.482116][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.501514][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.525176][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.574235][   T35] veth1_macvtap: left promiscuous mode
[  141.580085][   T35] veth0_macvtap: left promiscuous mode
[  141.611874][   T35] veth1_vlan: left promiscuous mode
[  141.623253][   T35] veth0_vlan: left promiscuous mode
[  142.148737][   T35] team0 (unregistering): Port device team_slave_1 removed
[  142.190180][   T35] team0 (unregistering): Port device team_slave_0 removed
[  142.323448][ T4490] Bluetooth: hci4: command tx timeout
[  142.845364][ T7832] netlink: 'syz.4.719': attribute type 1 has an invalid length.
[  142.877556][ T7832] __nla_validate_parse: 2 callbacks suppressed
[  142.877600][ T7832] netlink: 224 bytes leftover after parsing attributes in process `syz.4.719'.
[  142.969801][ T7836] netlink: 'syz.0.720': attribute type 7 has an invalid length.
[  143.240915][ T7850] netlink: 'syz.1.725': attribute type 75 has an invalid length.
[  144.393249][ T5095] Bluetooth: hci4: command tx timeout
[  144.743326][ T7587] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  144.792345][ T7587] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  144.831434][ T7907] netlink: 'syz.3.738': attribute type 3 has an invalid length.
[  144.846019][ T7587] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  144.859628][ T7907] netlink: 130976 bytes leftover after parsing attributes in process `syz.3.738'.
[  144.875820][ T7587] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  145.195591][ T7587] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.259601][ T7587] 8021q: adding VLAN 0 to HW filter on device team0
[  145.348290][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.355527][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.435694][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.442943][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.637730][ T7587] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  145.942699][ T7958] FAULT_INJECTION: forcing a failure.
[  145.942699][ T7958] name failslab, interval 1, probability 0, space 0, times 0
[  146.005787][ T7958] CPU: 1 PID: 7958 Comm: syz.0.754 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  146.015827][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  146.025907][ T7958] Call Trace:
[  146.029214][ T7958]  <TASK>
[  146.032174][ T7958]  dump_stack_lvl+0x241/0x360
[  146.036890][ T7958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.042203][ T7958]  ? __pfx__printk+0x10/0x10
[  146.046844][ T7958]  should_fail_ex+0x3b0/0x4e0
[  146.051557][ T7958]  ? sctp_add_bind_addr+0x89/0x3a0
[  146.056720][ T7958]  should_failslab+0x9/0x20
[  146.061263][ T7958]  kmalloc_trace_noprof+0x6c/0x2c0
[  146.066406][ T7958]  sctp_add_bind_addr+0x89/0x3a0
[  146.071374][ T7958]  sctp_copy_local_addr_list+0x311/0x500
[  146.077041][ T7958]  ? sctp_copy_local_addr_list+0xab/0x500
[  146.082792][ T7958]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  146.088975][ T7958]  ? sctp_v6_is_any+0x60/0x70
[  146.093707][ T7958]  sctp_bind_addr_copy+0xad/0x3b0
[  146.098775][ T7958]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  146.105139][ T7958]  sctp_connect_new_asoc+0x2f3/0x6c0
[  146.110451][ T7958]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  146.116294][ T7958]  ? sctp_sendmsg+0xbb9/0x3520
[  146.121107][ T7958]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  146.126688][ T7958]  ? security_sctp_bind_connect+0x90/0xb0
[  146.132441][ T7958]  sctp_sendmsg+0x219a/0x3520
[  146.137172][ T7958]  ? __pfx_sctp_sendmsg+0x10/0x10
[  146.142233][ T7958]  ? __pfx_aa_sk_perm+0x10/0x10
[  146.147126][ T7958]  ? inet_sendmsg+0x330/0x390
[  146.151050][ T7587] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.151821][ T7958]  __sock_sendmsg+0x1a6/0x270
[  146.163282][ T7958]  __sys_sendto+0x3a4/0x4f0
[  146.167839][ T7958]  ? __pfx___sys_sendto+0x10/0x10
[  146.172924][ T7958]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  146.178937][ T7958]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  146.185318][ T7958]  __x64_sys_sendto+0xde/0x100
[  146.190136][ T7958]  do_syscall_64+0xf3/0x230
[  146.194693][ T7958]  ? clear_bhb_loop+0x35/0x90
[  146.199406][ T7958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.205324][ T7958] RIP: 0033:0x7f6056975b99
[  146.209759][ T7958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.229437][ T7958] RSP: 002b:00007f60563ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  146.237895][ T7958] RAX: ffffffffffffffda RBX: 00007f6056b03fa0 RCX: 00007f6056975b99
[  146.245882][ T7958] RDX: 0000000000034000 RSI: 0000000020847fff RDI: 0000000000000003
[  146.253883][ T7958] RBP: 00007f60563ff0a0 R08: 000000002005ffe4 R09: 000000000000001c
[  146.261872][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  146.269867][ T7958] R13: 000000000000000b R14: 00007f6056b03fa0 R15: 00007ffcc8ab6958
[  146.277881][ T7958]  </TASK>
[  146.373379][ T7587] veth0_vlan: entered promiscuous mode
[  146.469735][ T7587] veth1_vlan: entered promiscuous mode
[  146.475606][ T5095] Bluetooth: hci4: command 0x0405 tx timeout
[  146.572379][ T7587] veth0_macvtap: entered promiscuous mode
[  146.595385][ T7587] veth1_macvtap: entered promiscuous mode
[  146.643187][ T7979] team0: Device vlan2 is already an upper device of the team interface
[  146.678598][ T7978] team0: Device vlan2 is already an upper device of the team interface
[  146.739164][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.760277][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.771350][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.782001][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.794529][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.817116][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.827252][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.839520][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.849446][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.859936][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.869825][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  146.895242][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.917547][ T7587] batman_adv: batadv0: Interface activated: batadv_slave_0
[  146.950200][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  146.980552][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  146.999784][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.021914][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.046654][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.064904][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.080366][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.101324][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.135329][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.151686][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.164799][ T7587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.175687][ T7587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.188769][ T7587] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.297860][ T8000] netlink: 64 bytes leftover after parsing attributes in process `syz.3.764'.
[  147.304733][ T7587] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.335551][ T7587] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.351645][ T7587] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.374134][ T7587] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.640615][ T8022] netlink: 148 bytes leftover after parsing attributes in process `syz.0.770'.
[  147.661363][ T8024] netlink: 24 bytes leftover after parsing attributes in process `syz.3.769'.
[  147.675386][ T8024] netlink: 'syz.3.769': attribute type 1 has an invalid length.
[  147.712709][ T8024] netlink: 'syz.3.769': attribute type 1 has an invalid length.
[  147.752726][ T8024] netlink: 'syz.3.769': attribute type 2 has an invalid length.
[  147.778273][ T8027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.769'.
[  147.795351][ T8024] netlink: 'syz.3.769': attribute type 1 has an invalid length.
[  147.908485][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.771'.
[  149.580849][ T8024] netlink: 28 bytes leftover after parsing attributes in process `syz.3.769'.
[  149.902453][ T2418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.980332][ T2418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.077836][ T2418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.122494][ T2418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.291313][ T8104] xt_connbytes: Forcing CT accounting to be enabled
[  150.298244][ T8104] Cannot find add_set index 0 as target
[  150.706121][ T8127] syz_tun: entered promiscuous mode
[  151.136904][ T8145] netlink: 248 bytes leftover after parsing attributes in process `syz.1.792'.
[  151.191196][ T8150] netlink: 24 bytes leftover after parsing attributes in process `syz.0.794'.
[  151.332376][   T29] audit: type=1804 audit(1719654267.095:7): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.796" name="/root/syzkaller.GkYx69/57/cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0
[  151.495914][ T8150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.794'.
[  151.738340][ T8178] netlink: 'syz.2.801': attribute type 22 has an invalid length.
[  151.778076][ T8183] netlink: 2 bytes leftover after parsing attributes in process `syz.2.801'.
[  151.966384][ T8195] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  152.625961][ T8227] FAULT_INJECTION: forcing a failure.
[  152.625961][ T8227] name failslab, interval 1, probability 0, space 0, times 0
[  152.681082][ T8227] CPU: 0 PID: 8227 Comm: syz.1.815 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  152.691111][ T8227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  152.701178][ T8227] Call Trace:
[  152.704472][ T8227]  <TASK>
[  152.707422][ T8227]  dump_stack_lvl+0x241/0x360
[  152.712127][ T8227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.717345][ T8227]  ? __pfx__printk+0x10/0x10
[  152.721969][ T8227]  ? __pfx___might_resched+0x10/0x10
[  152.727292][ T8227]  should_fail_ex+0x3b0/0x4e0
[  152.732037][ T8227]  ? ovs_flow_alloc+0xee/0x1e0
[  152.736847][ T8227]  should_failslab+0x9/0x20
[  152.741375][ T8227]  kmem_cache_alloc_node_noprof+0x71/0x320
[  152.747220][ T8227]  ovs_flow_alloc+0xee/0x1e0
[  152.751846][ T8227]  ovs_flow_cmd_new+0x225/0xe00
[  152.756744][ T8227]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  152.762198][ T8227]  ? __nla_parse+0x40/0x60
[  152.766642][ T8227]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  152.773005][ T8227]  genl_rcv_msg+0xb14/0xec0
[  152.777535][ T8227]  ? mark_lock+0x9a/0x350
[  152.781902][ T8227]  ? __pfx_genl_rcv_msg+0x10/0x10
[  152.787000][ T8227]  ? __pfx_lock_acquire+0x10/0x10
[  152.792056][ T8227]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  152.797452][ T8227]  ? __pfx___might_resched+0x10/0x10
[  152.802771][ T8227]  netlink_rcv_skb+0x1e3/0x430
[  152.807601][ T8227]  ? __pfx_genl_rcv_msg+0x10/0x10
[  152.812671][ T8227]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  152.817997][ T8227]  ? __netlink_deliver_tap+0x77e/0x7c0
[  152.823493][ T8227]  genl_rcv+0x28/0x40
[  152.827513][ T8227]  netlink_unicast+0x7f0/0x990
[  152.832339][ T8227]  ? __pfx_netlink_unicast+0x10/0x10
[  152.837637][ T8227]  ? __virt_addr_valid+0x183/0x520
[  152.842760][ T8227]  ? __check_object_size+0x49c/0x900
[  152.848060][ T8227]  ? bpf_lsm_netlink_send+0x9/0x10
[  152.853190][ T8227]  netlink_sendmsg+0x8e4/0xcb0
[  152.857965][ T8227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.863249][ T8227]  ? __import_iovec+0x536/0x820
[  152.868100][ T8227]  ? aa_sock_msg_perm+0x91/0x160
[  152.873056][ T8227]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  152.878432][ T8227]  ? security_socket_sendmsg+0x87/0xb0
[  152.883901][ T8227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.889185][ T8227]  __sock_sendmsg+0x221/0x270
[  152.893870][ T8227]  ____sys_sendmsg+0x525/0x7d0
[  152.898641][ T8227]  ? __pfx_____sys_sendmsg+0x10/0x10
[  152.903938][ T8227]  __sys_sendmsg+0x2b0/0x3a0
[  152.908534][ T8227]  ? __pfx___sys_sendmsg+0x10/0x10
[  152.913660][ T8227]  ? vfs_write+0x7c4/0xc90
[  152.918106][ T8227]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  152.924429][ T8227]  ? do_syscall_64+0x100/0x230
[  152.929200][ T8227]  ? do_syscall_64+0xb6/0x230
[  152.933904][ T8227]  do_syscall_64+0xf3/0x230
[  152.938401][ T8227]  ? clear_bhb_loop+0x35/0x90
[  152.943078][ T8227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.948969][ T8227] RIP: 0033:0x7fe6a1f75b99
[  152.953383][ T8227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.972987][ T8227] RSP: 002b:00007fe6a2e1c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.981399][ T8227] RAX: ffffffffffffffda RBX: 00007fe6a2103fa0 RCX: 00007fe6a1f75b99
[  152.989375][ T8227] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  152.997354][ T8227] RBP: 00007fe6a2e1c0a0 R08: 0000000000000000 R09: 0000000000000000
[  153.005354][ T8227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  153.013323][ T8227] R13: 000000000000000b R14: 00007fe6a2103fa0 R15: 00007ffc541e52a8
[  153.021321][ T8227]  </TASK>
[  153.353903][ T8258] netlink: 'syz.1.821': attribute type 25 has an invalid length.
[  153.393874][ T8258] netlink: 'syz.1.821': attribute type 7 has an invalid length.
[  153.436327][ T8262] netlink: 'syz.4.826': attribute type 4 has an invalid length.
[  154.066838][ T8295] xt_time: invalid argument - start or stop time greater than 23:59:59
[  154.381855][ T8309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  154.670121][ T8320] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  154.948625][ T8339] lo speed is unknown, defaulting to 1000
[  154.965724][ T8343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  155.136032][ T8358] trusted_key: syz.4.853 sent an empty control message without MSG_MORE.
[  155.158443][ T8356] IPVS: set_ctl: invalid protocol: 12 127.0.0.1:20002
[  156.073600][ T8384] FAULT_INJECTION: forcing a failure.
[  156.073600][ T8384] name failslab, interval 1, probability 0, space 0, times 0
[  156.099530][ T8384] CPU: 1 PID: 8384 Comm: syz.3.863 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  156.109562][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  156.119649][ T8384] Call Trace:
[  156.122962][ T8384]  <TASK>
[  156.125971][ T8384]  dump_stack_lvl+0x241/0x360
[  156.130678][ T8384]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.135901][ T8384]  ? __pfx__printk+0x10/0x10
[  156.140512][ T8384]  ? netlink_insert+0x10b7/0x14b0
[  156.145542][ T8384]  should_fail_ex+0x3b0/0x4e0
[  156.150228][ T8384]  ? __alloc_skb+0x1c3/0x440
[  156.154861][ T8384]  should_failslab+0x9/0x20
[  156.159383][ T8384]  kmem_cache_alloc_node_noprof+0x71/0x320
[  156.165228][ T8384]  __alloc_skb+0x1c3/0x440
[  156.169691][ T8384]  ? __pfx___alloc_skb+0x10/0x10
[  156.174639][ T8384]  ? netlink_autobind+0xd6/0x2f0
[  156.179576][ T8384]  ? netlink_autobind+0x2b0/0x2f0
[  156.184608][ T8384]  netlink_sendmsg+0x638/0xcb0
[  156.189385][ T8384]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.194678][ T8384]  ? __import_iovec+0x536/0x820
[  156.199529][ T8384]  ? aa_sock_msg_perm+0x91/0x160
[  156.204481][ T8384]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  156.209765][ T8384]  ? security_socket_sendmsg+0x87/0xb0
[  156.215232][ T8384]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.220545][ T8384]  __sock_sendmsg+0x221/0x270
[  156.225236][ T8384]  ____sys_sendmsg+0x525/0x7d0
[  156.230018][ T8384]  ? __pfx_____sys_sendmsg+0x10/0x10
[  156.235331][ T8384]  __sys_sendmsg+0x2b0/0x3a0
[  156.239938][ T8384]  ? __pfx___sys_sendmsg+0x10/0x10
[  156.245058][ T8384]  ? vfs_write+0x7c4/0xc90
[  156.249511][ T8384]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  156.255845][ T8384]  ? do_syscall_64+0x100/0x230
[  156.260629][ T8384]  ? do_syscall_64+0xb6/0x230
[  156.265300][ T8384]  do_syscall_64+0xf3/0x230
[  156.269811][ T8384]  ? clear_bhb_loop+0x35/0x90
[  156.274495][ T8384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.280390][ T8384] RIP: 0033:0x7effb2d75b99
[  156.284802][ T8384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.304402][ T8384] RSP: 002b:00007effb3a61048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.312816][ T8384] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d75b99
[  156.320794][ T8384] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  156.328757][ T8384] RBP: 00007effb3a610a0 R08: 0000000000000000 R09: 0000000000000000
[  156.336723][ T8384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.344713][ T8384] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  156.352709][ T8384]  </TASK>
[  156.441085][ T8393] ipvlan0: entered promiscuous mode
[  156.657434][ T8402] netlink: 14 bytes leftover after parsing attributes in process `syz.2.868'.
[  156.668716][ T8402] netlink: 14 bytes leftover after parsing attributes in process `syz.2.868'.
[  156.828597][ T8339] syz.1.846 (8339) used greatest stack depth: 18128 bytes left
[  157.061615][ T8420] erspan0: entered promiscuous mode
[  157.101399][ T8420] batadv_slave_0: entered promiscuous mode
[  157.258230][ T8390] ipvlan0: left promiscuous mode
[  157.324201][ T8434] netlink: 830 bytes leftover after parsing attributes in process `syz.1.878'.
[  157.430830][ T4490] Bluetooth: hci4: command 0x0405 tx timeout
[  157.917811][ T8474] netlink: 28 bytes leftover after parsing attributes in process `syz.1.887'.
[  158.253269][ T8489] netlink: 'syz.4.893': attribute type 10 has an invalid length.
[  158.358523][ T8489] batman_adv: batadv0: Adding interface: team0
[  158.380830][ T8489] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.452793][ T8489] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  158.494062][ T8499] veth1_to_bridge: entered promiscuous mode
[  158.506910][ T8499] veth1_to_bridge: entered allmulticast mode
[  158.556834][ T5137] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.809028][ T8521] FAULT_INJECTION: forcing a failure.
[  158.809028][ T8521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.825726][ T8521] CPU: 0 PID: 8521 Comm: syz.3.904 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  158.835748][ T8521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  158.845866][ T8521] Call Trace:
[  158.849167][ T8521]  <TASK>
[  158.852123][ T8521]  dump_stack_lvl+0x241/0x360
[  158.856830][ T8521]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.862055][ T8521]  ? __pfx__printk+0x10/0x10
[  158.866702][ T8521]  ? snprintf+0xda/0x120
[  158.870987][ T8521]  should_fail_ex+0x3b0/0x4e0
[  158.875726][ T8521]  _copy_to_user+0x2f/0xb0
[  158.880166][ T8521]  simple_read_from_buffer+0xca/0x150
[  158.885600][ T8521]  proc_fail_nth_read+0x1e9/0x250
[  158.890646][ T8521]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  158.896218][ T8521]  ? rw_verify_area+0x514/0x6b0
[  158.901105][ T8521]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  158.906678][ T8521]  vfs_read+0x204/0xbd0
[  158.910858][ T8521]  ? __pfx_lock_release+0x10/0x10
[  158.915900][ T8521]  ? __pfx_vfs_read+0x10/0x10
[  158.920698][ T8521]  ? __fget_files+0x29/0x470
[  158.925319][ T8521]  ? __fget_files+0x3f6/0x470
[  158.930048][ T8521]  ksys_read+0x1a0/0x2c0
[  158.934328][ T8521]  ? __pfx_ksys_read+0x10/0x10
[  158.939141][ T8521]  ? do_syscall_64+0x100/0x230
[  158.943939][ T8521]  ? do_syscall_64+0xb6/0x230
[  158.948631][ T8521]  do_syscall_64+0xf3/0x230
[  158.953160][ T8521]  ? clear_bhb_loop+0x35/0x90
[  158.957859][ T8521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.963773][ T8521] RIP: 0033:0x7effb2d7467c
[  158.968208][ T8521] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  158.987864][ T8521] RSP: 002b:00007effb3a61040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  158.996315][ T8521] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d7467c
[  159.004319][ T8521] RDX: 000000000000000f RSI: 00007effb3a610b0 RDI: 0000000000000004
[  159.012314][ T8521] RBP: 00007effb3a610a0 R08: 0000000000000000 R09: 0000000000000000
[  159.020294][ T8521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.028335][ T8521] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  159.036353][ T8521]  </TASK>
[  159.176289][ T8529] vlan2: entered promiscuous mode
[  159.492074][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888028af5400: rx timeout, send abort
[  159.626433][ T8546] netlink: 3 bytes leftover after parsing attributes in process `syz.3.913'.
[  159.642710][ T8546] 0ŞXšŚŔ: renamed from caif0
[  159.690451][ T8546] 0ŞXšŚŔ: entered allmulticast mode
[  159.720773][ T8546] A link change request failed with some changes committed already. Interface 
60ŞXšŚŔ may have been left with an inconsistent configuration, please check.
[  159.818625][ T8560] netlink: 'syz.2.911': attribute type 10 has an invalid length.
[  159.842641][ T8564] netlink: 56 bytes leftover after parsing attributes in process `syz.0.912'.
[  159.860532][ T8560] netlink: 55 bytes leftover after parsing attributes in process `syz.2.911'.
[  160.000440][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888028af5400: abort rx timeout. Force session deactivation
[  160.127528][ T8572] Bluetooth: MGMT ver 1.22
[  160.147893][ T8572] netlink: 36 bytes leftover after parsing attributes in process `syz.3.917'.
[  160.365645][ T8591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.924'.
[  160.570059][ T8598] netlink: 72 bytes leftover after parsing attributes in process `syz.2.927'.
[  160.630927][ T4490] Bluetooth: hci4: command 0x0405 tx timeout
[  160.785483][ T8617] syzkaller1: entered promiscuous mode
[  160.805402][ T8617] syzkaller1: entered allmulticast mode
[  162.335386][ T8694] __nla_validate_parse: 2 callbacks suppressed
[  162.335500][ T8694] netlink: 16 bytes leftover after parsing attributes in process `syz.4.951'.
[  162.400784][ T8703] netlink: 24 bytes leftover after parsing attributes in process `syz.1.956'.
[  162.410206][ T8714] netlink: 60 bytes leftover after parsing attributes in process `syz.0.953'.
[  162.454620][ T8717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.957'.
[  162.844731][ T8734] netlink: 20 bytes leftover after parsing attributes in process `syz.3.963'.
[  163.053056][ T8742] bridge0: entered promiscuous mode
[  163.059911][ T8742] bridge0: entered allmulticast mode
[  163.268428][ T8747] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.955631][ T8788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.978'.
[  164.019427][ T8795] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.982'.
[  164.060392][ T8795] openvswitch: netlink: Multiple metadata blocks provided
[  164.203856][   T29] audit: type=1804 audit(1719654279.955:8): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.984" name="/root/syzkaller.bV9ltI/80/memory.events" dev="sda1" ino=1975 res=1 errno=0
[  164.212338][ T8809] netlink: 'syz.3.986': attribute type 4 has an invalid length.
[  164.248534][ T8809] netlink: 'syz.3.986': attribute type 1 has an invalid length.
[  164.256359][ T8809] netlink: 88156 bytes leftover after parsing attributes in process `syz.3.986'.
[  164.605614][ T8797] netlink: 16 bytes leftover after parsing attributes in process `syz.1.980'.
[  164.627875][ T8824] netlink: 4 bytes leftover after parsing attributes in process `syz.4.988'.
[  164.913690][ T8844] netlink: 'syz.2.995': attribute type 10 has an invalid length.
[  164.928005][ T8844] hsr0: entered promiscuous mode
[  164.944081][ T8844] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  164.994151][ T8844] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  165.031403][ T8844] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  165.047330][ T8844] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  165.273595][ T8862] FAULT_INJECTION: forcing a failure.
[  165.273595][ T8862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.288011][ T8862] CPU: 0 PID: 8862 Comm: syz.1.1001 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  165.298105][ T8862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  165.308175][ T8862] Call Trace:
[  165.311465][ T8862]  <TASK>
[  165.314422][ T8862]  dump_stack_lvl+0x241/0x360
[  165.319140][ T8862]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.324394][ T8862]  ? __pfx__printk+0x10/0x10
[  165.329015][ T8862]  ? __pfx_lock_release+0x10/0x10
[  165.334110][ T8862]  should_fail_ex+0x3b0/0x4e0
[  165.338832][ T8862]  _copy_from_iter+0x1f6/0x1960
[  165.343707][ T8862]  ? __virt_addr_valid+0x183/0x520
[  165.348846][ T8862]  ? __pfx_lock_release+0x10/0x10
[  165.353904][ T8862]  ? __pfx__copy_from_iter+0x10/0x10
[  165.359213][ T8862]  ? __virt_addr_valid+0x183/0x520
[  165.364379][ T8862]  ? __virt_addr_valid+0x183/0x520
[  165.369529][ T8862]  ? __virt_addr_valid+0x44e/0x520
[  165.374696][ T8862]  ? __check_object_size+0x49c/0x900
[  165.380034][ T8862]  netlink_sendmsg+0x73d/0xcb0
[  165.384848][ T8862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.390171][ T8862]  ? __import_iovec+0x536/0x820
[  165.395067][ T8862]  ? aa_sock_msg_perm+0x91/0x160
[  165.400053][ T8862]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  165.405372][ T8862]  ? security_socket_sendmsg+0x87/0xb0
[  165.410876][ T8862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.416191][ T8862]  __sock_sendmsg+0x221/0x270
[  165.420916][ T8862]  ____sys_sendmsg+0x525/0x7d0
[  165.425716][ T8862]  ? __pfx_____sys_sendmsg+0x10/0x10
[  165.431056][ T8862]  __sys_sendmsg+0x2b0/0x3a0
[  165.435704][ T8862]  ? __pfx___sys_sendmsg+0x10/0x10
[  165.440838][ T8862]  ? vfs_write+0x7c4/0xc90
[  165.445323][ T8862]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  165.451673][ T8862]  ? do_syscall_64+0x100/0x230
[  165.456463][ T8862]  ? do_syscall_64+0xb6/0x230
[  165.461161][ T8862]  do_syscall_64+0xf3/0x230
[  165.465697][ T8862]  ? clear_bhb_loop+0x35/0x90
[  165.470370][ T8862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.476265][ T8862] RIP: 0033:0x7fe6a1f75b99
[  165.480699][ T8862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.500319][ T8862] RSP: 002b:00007fe6a2e1c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  165.508728][ T8862] RAX: ffffffffffffffda RBX: 00007fe6a2103fa0 RCX: 00007fe6a1f75b99
[  165.516721][ T8862] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
[  165.524714][ T8862] RBP: 00007fe6a2e1c0a0 R08: 0000000000000000 R09: 0000000000000000
[  165.532700][ T8862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.540689][ T8862] R13: 000000000000000b R14: 00007fe6a2103fa0 R15: 00007ffc541e52a8
[  165.548700][ T8862]  </TASK>
[  165.952016][ T8887] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 4294967295 (only 8 groups)
[  166.027773][ T8886] netlink: 'syz.0.1010': attribute type 6 has an invalid length.
[  166.133814][ T8890] EXT4-fs (sda1): Can't modify superblock whileperforming online resize
[  166.249397][ T8892] netlink: 'syz.3.1011': attribute type 1 has an invalid length.
[  166.710327][ T8915] ipt_REJECT: ECHOREPLY no longer supported.
[  167.218468][ T8941] hsr0: entered promiscuous mode
[  167.245060][ T8941] macsec1: entered promiscuous mode
[  167.569578][ T8963] __nla_validate_parse: 6 callbacks suppressed
[  167.569599][ T8963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1039'.
[  167.773430][   T29] audit: type=1107 audit(1719654283.535:9): pid=8973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='îORM
ć'|1>š7÷!4Ş*Z>ă_݁‡ćßSĎč}gĽŸ{™1Š-ľ|(ŹÎˆmĆíŢHËÝkŠť“Žß'
[  168.688735][ T9030] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1059'.
[  168.904960][ T9038] syz_tun: entered allmulticast mode
[  168.933292][ T9038] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1061'.
[  169.328142][ T9064] netlink: 'syz.3.1065': attribute type 1 has an invalid length.
[  169.351529][ T9064] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1065'.
[  169.760915][ T9089] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1070'.
[  170.214128][ T9110] netlink: 'syz.0.1079': attribute type 2 has an invalid length.
[  170.639180][ T5095] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  170.660702][ T5095] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  170.669663][ T5095] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  170.681419][ T5095] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  170.689822][ T5095] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  170.699372][ T5095] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  170.740458][ T9128] lo speed is unknown, defaulting to 1000
[  171.402568][ T9162] netlink: 'syz.1.1094': attribute type 3 has an invalid length.
[  171.443838][ T9128] chnl_net:caif_netlink_parms(): no params data found
[  171.482973][ T9162] netlink: 'syz.1.1094': attribute type 3 has an invalid length.
[  171.779021][ T9128] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.818311][ T9128] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.852891][ T9128] bridge_slave_0: entered allmulticast mode
[  171.882025][ T9128] bridge_slave_0: entered promiscuous mode
[  171.916720][ T9128] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.950060][ T9128] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.968845][ T9128] bridge_slave_1: entered allmulticast mode
[  171.985089][ T9128] bridge_slave_1: entered promiscuous mode
[  172.067500][ T9128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  172.084967][ T9128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.207116][ T9128] team0: Port device team_slave_0 added
[  172.421545][ T9128] team0: Port device team_slave_1 added
[  172.496043][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  172.508906][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.581085][ T9128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.604114][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.640974][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.711458][ T9128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.791275][ T4490] Bluetooth: hci4: command tx timeout
[  172.936939][ T9002] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.100993][ T9241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1117'.
[  173.110097][ T9241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1117'.
[  173.163741][ T9002] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.187331][ T9244] vxcan1: tx drop: invalid sa for name 0x0000000000000002
[  173.291904][ T9002] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.370554][ T9246] tipc: Started in network mode
[  173.380843][ T9246] tipc: Node identity 1, cluster identity 4711
[  173.387139][ T9246] tipc: Node number set to 1
[  173.456599][ T9128] hsr_slave_0: entered promiscuous mode
[  173.466198][ T9128] hsr_slave_1: entered promiscuous mode
[  173.466266][ T9250] x_tables: duplicate underflow at hook 3
[  173.500791][ T9128] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  173.528196][ T9128] Cannot create hsr debugfs directory
[  173.659148][ T9002] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.691992][ T9258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1123'.
[  173.982366][ T9277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1132'.
[  174.020861][ T9277] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1132'.
[  174.107251][ T9002] bridge_slave_1: left allmulticast mode
[  174.120337][ T9002] bridge_slave_1: left promiscuous mode
[  174.135032][ T9002] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.160767][ T9002] bridge_slave_0: left allmulticast mode
[  174.179431][ T9002] bridge_slave_0: left promiscuous mode
[  174.191606][ T9002] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.407754][ T9002] erspan0 (unregistering): left promiscuous mode
[  174.676864][ T9002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.690126][ T9002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.705460][ T9002] bond0 (unregistering): Released all slaves
[  174.870904][ T4490] Bluetooth: hci4: command tx timeout
[  175.051176][ T9310] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1139'.
[  175.153660][ T9303] netlink: 'syz.3.1139': attribute type 10 has an invalid length.
[  175.154236][ T9316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.178368][ T9303] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1139'.
[  175.189507][ T9303] bridge0: port 3(syz_tun) entered blocking state
[  175.203779][ T9303] bridge0: port 3(syz_tun) entered disabled state
[  175.213529][ T9303] syz_tun: entered allmulticast mode
[  175.220586][ T9303] syz_tun: entered promiscuous mode
[  175.228121][ T9303] bridge0: port 3(syz_tun) entered blocking state
[  175.234772][ T9303] bridge0: port 3(syz_tun) entered forwarding state
[  175.269086][ T9319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1146'.
[  175.715715][ T9338] netlink: 'syz.1.1149': attribute type 4 has an invalid length.
[  175.732373][ T9341] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1151'.
[  175.863620][ T9338] infiniband syz0: set down
[  175.951014][   T58] lo speed is unknown, defaulting to 1000
[  175.961438][ T9002] batadv_slave_0: left promiscuous mode
[  176.069319][ T9002] hsr_slave_0: left promiscuous mode
[  176.121785][ T9002] hsr_slave_1: left promiscuous mode
[  176.160126][ T4490] Bluetooth: hci0: command tx timeout
[  176.171470][ T9002] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  176.178954][ T9002] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.237065][ T9002] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  176.263349][ T9002] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.327631][ T9002] veth1_macvtap: left promiscuous mode
[  176.333541][ T9002] veth0_macvtap: left promiscuous mode
[  176.339289][ T9002] veth1_vlan: left promiscuous mode
[  176.344725][ T9002] veth0_vlan: left promiscuous mode
[  176.844935][ T9002] team0 (unregistering): Port device team_slave_1 removed
[  176.897522][ T9002] team0 (unregistering): Port device team_slave_0 removed
[  176.950885][ T4490] Bluetooth: hci4: command tx timeout
[  177.366662][ T9128] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  177.379003][   T58] lo speed is unknown, defaulting to 1000
[  177.380740][ T9128] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  177.445796][ T9128] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  177.511589][ T9128] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  177.611926][ T9384] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1162'.
[  177.651058][ T9388] netlink: 'syz.1.1163': attribute type 4 has an invalid length.
[  177.672269][ T9391] Bluetooth: MGMT ver 1.22
[  177.676781][ T9391] Bluetooth: hci3: expected 2 bytes, got 7 bytes
[  177.700539][ T9391] IPv6: NLM_F_REPLACE set, but no existing node found!
[  177.753175][ T9391] Bluetooth: hci3: expected 2 bytes, got 7 bytes
[  177.808893][ T9395] IPv6: NLM_F_REPLACE set, but no existing node found!
[  178.027752][ T9414] FAULT_INJECTION: forcing a failure.
[  178.027752][ T9414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.060849][ T9414] CPU: 0 PID: 9414 Comm: syz.4.1168 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  178.070972][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  178.081043][ T9414] Call Trace:
[  178.084337][ T9414]  <TASK>
[  178.087286][ T9414]  dump_stack_lvl+0x241/0x360
[  178.091989][ T9414]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.097206][ T9414]  ? __pfx__printk+0x10/0x10
[  178.101841][ T9414]  ? __pfx_lock_release+0x10/0x10
[  178.106913][ T9414]  should_fail_ex+0x3b0/0x4e0
[  178.111608][ T9414]  _copy_from_iter+0x1f6/0x1960
[  178.116482][ T9414]  ? __virt_addr_valid+0x183/0x520
[  178.121622][ T9414]  ? __pfx_lock_release+0x10/0x10
[  178.126720][ T9414]  ? __alloc_skb+0x28f/0x440
[  178.131324][ T9414]  ? __pfx__copy_from_iter+0x10/0x10
[  178.136626][ T9414]  ? __virt_addr_valid+0x183/0x520
[  178.141763][ T9414]  ? __virt_addr_valid+0x183/0x520
[  178.146919][ T9414]  ? __virt_addr_valid+0x44e/0x520
[  178.152055][ T9414]  ? __check_object_size+0x49c/0x900
[  178.157370][ T9414]  netlink_sendmsg+0x73d/0xcb0
[  178.162182][ T9414]  ? __pfx_netlink_sendmsg+0x10/0x10
[  178.167494][ T9414]  ? __import_iovec+0x536/0x820
[  178.172346][ T9414]  ? aa_sock_msg_perm+0x91/0x160
[  178.177302][ T9414]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  178.182590][ T9414]  ? security_socket_sendmsg+0x87/0xb0
[  178.188075][ T9414]  ? __pfx_netlink_sendmsg+0x10/0x10
[  178.193388][ T9414]  __sock_sendmsg+0x221/0x270
[  178.198095][ T9414]  ____sys_sendmsg+0x525/0x7d0
[  178.202895][ T9414]  ? __pfx_____sys_sendmsg+0x10/0x10
[  178.208239][ T9414]  __sys_sendmsg+0x2b0/0x3a0
[  178.212884][ T9414]  ? __pfx___sys_sendmsg+0x10/0x10
[  178.218027][ T9414]  ? vfs_write+0x7c4/0xc90
[  178.222512][ T9414]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  178.228862][ T9414]  ? do_syscall_64+0x100/0x230
[  178.233671][ T9414]  ? do_syscall_64+0xb6/0x230
[  178.238404][ T9414]  do_syscall_64+0xf3/0x230
[  178.242927][ T9414]  ? clear_bhb_loop+0x35/0x90
[  178.247626][ T9414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.253543][ T9414] RIP: 0033:0x7f3313375b99
[  178.257987][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.277615][ T9414] RSP: 002b:00007f331414f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.286063][ T9414] RAX: ffffffffffffffda RBX: 00007f3313503fa0 RCX: 00007f3313375b99
[  178.294072][ T9414] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  178.302062][ T9414] RBP: 00007f331414f0a0 R08: 0000000000000000 R09: 0000000000000000
[  178.310059][ T9414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.318055][ T9414] R13: 000000000000000b R14: 00007f3313503fa0 R15: 00007fffea2037a8
[  178.326072][ T9414]  </TASK>
[  178.341056][ T9128] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.362318][ T9128] 8021q: adding VLAN 0 to HW filter on device team0
[  178.405338][ T9128] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.415838][ T9128] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.454050][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.461312][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.547079][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.554350][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.741022][ T9431] __nla_validate_parse: 2 callbacks suppressed
[  178.741044][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1170'.
[  178.793541][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1170'.
[  178.987066][ T9128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.032410][ T4490] Bluetooth: hci4: command tx timeout
[  179.060259][ T9447] netlink: 'syz.0.1175': attribute type 4 has an invalid length.
[  179.210040][ T9457] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1173'.
[  179.402132][ T9462] netlink: 'syz.0.1177': attribute type 21 has an invalid length.
[  179.410107][ T9462] netlink: 'syz.0.1177': attribute type 20 has an invalid length.
[  179.429599][ T9462] netlink: 'syz.0.1177': attribute type 4 has an invalid length.
[  179.445722][ T9462] IPv6: NLM_F_CREATE should be specified when creating new route
[  179.509464][ T9128] veth0_vlan: entered promiscuous mode
[  179.569204][ T9128] veth1_vlan: entered promiscuous mode
[  179.664293][ T9128] veth0_macvtap: entered promiscuous mode
[  179.684381][ T9472] bond0: option primary_reselect: invalid value (128)
[  179.709831][ T9128] veth1_macvtap: entered promiscuous mode
[  179.748500][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.792385][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.817547][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.841103][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.858455][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.874530][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.886358][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.897083][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.938335][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.955511][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.980659][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.994182][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.006399][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.017864][ T9484] netlink: 'syz.0.1186': attribute type 4 has an invalid length.
[  180.035379][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.047981][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.069165][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.104028][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.117418][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.128903][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.139369][ T9490] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma?
[  180.149398][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.160156][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.179753][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.192221][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.218599][ T9128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  180.231128][ T9128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  180.248840][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.264192][ T9492] IPVS: Error connecting to the multicast addr
[  180.307708][ T9128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.348307][ T9128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.375323][ T9128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.408551][ T9128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.520339][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.555096][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.605438][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.661458][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.763479][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.787036][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.940841][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  180.988342][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  180.998006][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  181.005937][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  181.015924][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  181.024037][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  181.031660][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  181.269530][ T9504] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.277243][ T9504] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.301216][ T9504] bridge0: left promiscuous mode
[  181.306313][ T9504] bridge0: left allmulticast mode
[  181.775066][ T9504] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.801993][ T9504] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.190990][ T9504] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  182.209117][ T9504] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  182.228364][ T9504] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  182.240021][ T9504] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  182.373154][ T9502] netlink: 'syz.4.1195': attribute type 21 has an invalid length.
[  182.387502][ T9502] netlink: 'syz.4.1195': attribute type 20 has an invalid length.
[  182.401169][ T9502] netlink: 'syz.4.1195': attribute type 4 has an invalid length.
[  182.421741][ T9502] IPv6: NLM_F_CREATE should be specified when creating new route
[  182.669083][ T9510] lo speed is unknown, defaulting to 1000
[  182.682773][ T2410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  182.696893][ T2410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  182.822623][ T2410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  182.847185][ T2410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  182.934186][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.111283][ T4490] Bluetooth: hci3: command tx timeout
[  183.199139][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.250525][ T9541] netlink: 'syz.3.1207': attribute type 21 has an invalid length.
[  183.278552][ T9541] netlink: 'syz.3.1207': attribute type 20 has an invalid length.
[  183.286990][ T9541] netlink: 'syz.3.1207': attribute type 4 has an invalid length.
[  183.294983][ T9541] IPv6: NLM_F_CREATE should be specified when creating new route
[  183.349445][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.439669][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.742156][ T9573] FAULT_INJECTION: forcing a failure.
[  183.742156][ T9573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.776464][ T9573] CPU: 0 PID: 9573 Comm: syz.3.1218 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  183.786695][ T9573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  183.796771][ T9573] Call Trace:
[  183.800077][ T9573]  <TASK>
[  183.803079][ T9573]  dump_stack_lvl+0x241/0x360
[  183.807782][ T9573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.813007][ T9573]  ? __pfx__printk+0x10/0x10
[  183.817647][ T9573]  ? snprintf+0xda/0x120
[  183.821919][ T9573]  should_fail_ex+0x3b0/0x4e0
[  183.826630][ T9573]  _copy_to_user+0x2f/0xb0
[  183.831069][ T9573]  simple_read_from_buffer+0xca/0x150
[  183.836532][ T9573]  proc_fail_nth_read+0x1e9/0x250
[  183.841587][ T9573]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  183.847160][ T9573]  ? rw_verify_area+0x514/0x6b0
[  183.852032][ T9573]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  183.857601][ T9573]  vfs_read+0x204/0xbd0
[  183.861780][ T9573]  ? __pfx_lock_release+0x10/0x10
[  183.866810][ T9573]  ? do_sock_setsockopt+0x3e2/0x720
[  183.872041][ T9573]  ? __pfx_vfs_read+0x10/0x10
[  183.876722][ T9573]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  183.882281][ T9573]  ? __fget_files+0x29/0x470
[  183.886877][ T9573]  ? __fget_files+0x3f6/0x470
[  183.891568][ T9573]  ksys_read+0x1a0/0x2c0
[  183.895817][ T9573]  ? __pfx_ksys_read+0x10/0x10
[  183.900579][ T9573]  ? do_syscall_64+0x100/0x230
[  183.905354][ T9573]  ? do_syscall_64+0xb6/0x230
[  183.910040][ T9573]  do_syscall_64+0xf3/0x230
[  183.914549][ T9573]  ? clear_bhb_loop+0x35/0x90
[  183.919235][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.925143][ T9573] RIP: 0033:0x7effb2d7467c
[  183.929562][ T9573] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  183.949173][ T9573] RSP: 002b:00007effb3a61040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  183.957593][ T9573] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d7467c
[  183.965567][ T9573] RDX: 000000000000000f RSI: 00007effb3a610b0 RDI: 0000000000000004
[  183.973542][ T9573] RBP: 00007effb3a610a0 R08: 0000000000000000 R09: 0000000000000000
[  183.981525][ T9573] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  183.989507][ T9573] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  183.997499][ T9573]  </TASK>
[  184.091328][   T11] bridge_slave_1: left allmulticast mode
[  184.097023][   T11] bridge_slave_1: left promiscuous mode
[  184.122643][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.171481][   T11] bridge_slave_0: left allmulticast mode
[  184.177186][   T11] bridge_slave_0: left promiscuous mode
[  184.202368][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.712708][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.728541][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.740333][   T11] bond0 (unregistering): Released all slaves
[  184.763084][ T9510] chnl_net:caif_netlink_parms(): no params data found
[  185.081490][ T9612] __nla_validate_parse: 68 callbacks suppressed
[  185.081511][ T9612] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1228'.
[  185.190756][ T4490] Bluetooth: hci3: command tx timeout
[  185.449325][ T9510] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.511638][ T9510] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.552166][ T9510] bridge_slave_0: entered allmulticast mode
[  185.608532][ T9510] bridge_slave_0: entered promiscuous mode
[  185.872784][ T9510] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.915654][ T9510] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.934884][ T9510] bridge_slave_1: entered allmulticast mode
[  185.959361][ T9510] bridge_slave_1: entered promiscuous mode
[  186.123371][ T9658] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1236'.
[  186.157297][ T9510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.208184][ T9660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  186.225509][ T9510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.456847][ T9510] team0: Port device team_slave_0 added
[  186.482336][   T11] hsr_slave_0: left promiscuous mode
[  186.502592][   T11] hsr_slave_1: left promiscuous mode
[  186.522149][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.542861][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  186.563429][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  186.579317][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  186.646730][   T11] veth1_macvtap: left promiscuous mode
[  186.653156][   T11] veth0_macvtap: left promiscuous mode
[  186.663507][   T11] veth1_vlan: left promiscuous mode
[  186.675413][   T11] veth0_vlan: left promiscuous mode
[  187.273792][ T4490] Bluetooth: hci3: command tx timeout
[  187.424511][   T29] audit: type=1800 audit(1719654303.185:10): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1246" name="memory.events" dev="sda1" ino=1978 res=0 errno=0
[  187.453022][   T29] audit: type=1804 audit(1719654303.185:11): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1246" name="/root/syzkaller.GkYx69/172/memory.events" dev="sda1" ino=1978 res=1 errno=0
[  187.477899][   T29] audit: type=1804 audit(1719654303.185:12): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1246" name="/root/syzkaller.GkYx69/172/memory.events" dev="sda1" ino=1978 res=1 errno=0
[  187.501477][   T29] audit: type=1804 audit(1719654303.185:13): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1246" name="/root/syzkaller.GkYx69/172/memory.events" dev="sda1" ino=1978 res=1 errno=0
[  187.527926][   T29] audit: type=1804 audit(1719654303.285:14): pid=9707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1246" name="/root/syzkaller.GkYx69/172/memory.events" dev="sda1" ino=1978 res=1 errno=0
[  187.551148][   T29] audit: type=1804 audit(1719654303.285:15): pid=9707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1246" name="/root/syzkaller.GkYx69/172/memory.events" dev="sda1" ino=1978 res=1 errno=0
[  187.603925][ T9707] Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!
[  187.616546][ T9707] File: /root/syzkaller.GkYx69/172/memory.events PID: 9707 Comm: syz.3.1246
[  187.648745][   T11] team0 (unregistering): Port device team_slave_1 removed
[  187.697276][   T11] team0 (unregistering): Port device team_slave_0 removed
[  188.014459][ T9002] smc: removing ib device syz0
[  188.023915][ T9510] team0: Port device team_slave_1 added
[  188.302338][ T9705] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1246'.
[  188.339201][ T9712] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  188.580258][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.605826][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.632547][ T9510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.717050][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.756785][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.824994][ T9510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.108472][ T9738] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1256'.
[  189.206655][ T9510] hsr_slave_0: entered promiscuous mode
[  189.237449][ T9510] hsr_slave_1: entered promiscuous mode
[  189.308289][ T9510] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  189.319996][ T9510] Cannot create hsr debugfs directory
[  189.364247][ T4490] Bluetooth: hci3: command tx timeout
[  190.036619][ T9797] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1272'.
[  190.354851][ T9804] sctp: [Deprecated]: syz.4.1273 (pid 9804) Use of int in maxseg socket option.
[  190.354851][ T9804] Use struct sctp_assoc_value instead
[  191.379171][ T9831] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1281'.
[  191.410254][ T9831] netlink: 'syz.0.1281': attribute type 28 has an invalid length.
[  191.428788][ T9831] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1281'.
[  191.452758][ T9836] netlink: 'syz.4.1283': attribute type 9 has an invalid length.
[  191.476090][ T9836] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.1283'.
[  191.504811][ T9841] sctp: [Deprecated]: syz.4.1283 (pid 9841) Use of int in maxseg socket option.
[  191.504811][ T9841] Use struct sctp_assoc_value instead
[  191.711100][ T9837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  191.735712][ T9845] netlink: 'syz.4.1283': attribute type 9 has an invalid length.
[  191.745366][ T9845] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.1283'.
[  191.929175][ T9853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1288'.
[  191.971643][ T9510] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  192.009497][ T9510] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  192.029531][ T9510] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  192.050372][ T9510] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  192.328222][ T9510] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.402936][ T9510] 8021q: adding VLAN 0 to HW filter on device team0
[  192.464765][ T9515] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.472127][ T9515] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.512836][ T9515] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.520069][ T9515] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.637684][ T9510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  193.046574][ T9892] FAULT_INJECTION: forcing a failure.
[  193.046574][ T9892] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.089602][ T9892] CPU: 1 PID: 9892 Comm: syz.0.1298 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  193.099724][ T9892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  193.109813][ T9892] Call Trace:
[  193.113114][ T9892]  <TASK>
[  193.116063][ T9892]  dump_stack_lvl+0x241/0x360
[  193.120769][ T9892]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.125996][ T9892]  ? __pfx__printk+0x10/0x10
[  193.130621][ T9892]  ? __pfx_lock_release+0x10/0x10
[  193.135681][ T9892]  ? __lock_acquire+0x1346/0x1fd0
[  193.140732][ T9892]  should_fail_ex+0x3b0/0x4e0
[  193.145478][ T9892]  _copy_from_user+0x2f/0xe0
[  193.150100][ T9892]  kstrtouint_from_user+0xc6/0x190
[  193.155253][ T9892]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  193.160985][ T9892]  ? __pfx_lock_acquire+0x10/0x10
[  193.166030][ T9892]  proc_fail_nth_write+0xaa/0x2d0
[  193.171060][ T9892]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  193.176967][ T9892]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  193.182654][ T9892]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  193.188287][ T9892]  vfs_write+0x2a2/0xc90
[  193.192540][ T9892]  ? __pfx_vfs_write+0x10/0x10
[  193.197321][ T9892]  ? __fget_files+0x29/0x470
[  193.201921][ T9892]  ? __fget_files+0x3f6/0x470
[  193.206611][ T9892]  ksys_write+0x1a0/0x2c0
[  193.210946][ T9892]  ? __pfx_ksys_write+0x10/0x10
[  193.215806][ T9892]  ? do_syscall_64+0x100/0x230
[  193.220574][ T9892]  ? do_syscall_64+0xb6/0x230
[  193.225266][ T9892]  do_syscall_64+0xf3/0x230
[  193.229781][ T9892]  ? clear_bhb_loop+0x35/0x90
[  193.234467][ T9892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.240356][ T9892] RIP: 0033:0x7f605697471f
[  193.244772][ T9892] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  193.264381][ T9892] RSP: 002b:00007f60563ff040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  193.272813][ T9892] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f605697471f
[  193.280802][ T9892] RDX: 0000000000000001 RSI: 00007f60563ff0b0 RDI: 0000000000000004
[  193.288781][ T9892] RBP: 00007f60563ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  193.296751][ T9892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  193.304731][ T9892] R13: 000000000000000b R14: 00007f6056b03fa0 R15: 00007ffcc8ab6958
[  193.312721][ T9892]  </TASK>
[  193.323067][ T9510] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.399106][ T9510] veth0_vlan: entered promiscuous mode
[  193.464181][ T9510] veth1_vlan: entered promiscuous mode
[  193.557156][ T9898] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  193.617637][ T9510] veth0_macvtap: entered promiscuous mode
[  193.649933][ T9510] veth1_macvtap: entered promiscuous mode
[  193.705378][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.728567][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.794832][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.829045][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.864163][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.900321][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.915179][ T9913] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1305'.
[  193.934848][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.945358][ T9913] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  193.993348][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.025999][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  194.059275][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.084040][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_0
[  194.128705][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.155171][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.199629][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.233584][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.264676][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.286830][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.305063][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.327464][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.349915][ T9510] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.395925][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  194.408928][ T9510] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.467387][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_1
[  194.516317][ T9510] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.546874][ T9510] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.581130][ T9510] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.615706][ T9510] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.912353][ T9002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.920307][ T9002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  195.031802][  T962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.060180][  T962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.319411][T10042] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1336'.
[  197.377205][T10042] pim6reg: entered allmulticast mode
[  197.427667][T10042] pim6reg: left allmulticast mode
[  198.177640][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1341'.
[  198.334119][T10081] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1345'.
[  198.607104][T10094] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  198.814709][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  199.058227][T10114] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1358'.
[  199.970175][T10143] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  199.982519][T10143] tipc: Enabled bearer <udp:syz1>, priority 0
[  200.529123][T10166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1384'.
[  201.004813][T10194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1397'.
[  201.035486][T10198] No such timeout policy "syz0"
[  201.437049][T10217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  201.524854][T10217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  201.576552][T10217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  201.595138][ T5095] Bluetooth: hci2: command 0x0406 tx timeout
[  201.988857][T10252] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1427'.
[  202.248686][T10267] syz.0.1435[10267] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.248838][T10267] syz.0.1435[10267] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.758123][T10297] netlink: 'syz.0.1448': attribute type 4 has an invalid length.
[  202.797954][T10297] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  203.072440][T10316] tipc: New replicast peer: 4.0.255.255
[  203.092373][T10316] tipc: Enabled bearer <udp:s>, priority 0
[  203.160201][ T5140] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.577123][T10340] netlink: 'syz.2.1470': attribute type 10 has an invalid length.
[  203.597987][T10340] batman_adv: batadv0: Adding interface: hsr_slave_0
[  203.627288][T10340] batman_adv: batadv0: The MTU of interface hsr_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.666115][T10340] batman_adv: batadv0: Not using interface hsr_slave_0 (retrying later): interface not active
[  204.108854][T10357] Bluetooth: MGMT ver 1.22
[  204.301077][T10369] syzkaller1: entered promiscuous mode
[  204.331139][T10369] syzkaller1: entered allmulticast mode
[  204.648208][T10389] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1493'.
[  204.658916][T10388] syzkaller1: entered promiscuous mode
[  204.672114][T10388] syzkaller1: entered allmulticast mode
[  204.789087][T10393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1495'.
[  204.808880][T10393] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1495'.
[  206.442428][T10454] FAULT_INJECTION: forcing a failure.
[  206.442428][T10454] name failslab, interval 1, probability 0, space 0, times 0
[  206.496521][T10454] CPU: 1 PID: 10454 Comm: syz.3.1517 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  206.506935][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  206.507950][T10457] Cannot find add_set index 0 as target
[  206.517043][T10454] Call Trace:
[  206.523350][T10456] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[  206.525897][T10454]  <TASK>
[  206.536313][T10454]  dump_stack_lvl+0x241/0x360
[  206.541015][T10454]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.546233][T10454]  ? __pfx__printk+0x10/0x10
[  206.550854][T10454]  should_fail_ex+0x3b0/0x4e0
[  206.555546][T10454]  ? sctp_add_bind_addr+0x89/0x3a0
[  206.560675][T10454]  should_failslab+0x9/0x20
[  206.565213][T10454]  kmalloc_trace_noprof+0x6c/0x2c0
[  206.570342][T10454]  sctp_add_bind_addr+0x89/0x3a0
[  206.575287][T10454]  sctp_copy_local_addr_list+0x311/0x500
[  206.580943][T10454]  ? sctp_copy_local_addr_list+0xab/0x500
[  206.586668][T10454]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  206.592863][T10454]  ? sctp_v4_is_any+0x35/0x60
[  206.597577][T10454]  sctp_bind_addr_copy+0xad/0x3b0
[  206.602616][T10454]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  206.608954][T10454]  sctp_connect_new_asoc+0x2f3/0x6c0
[  206.614242][T10454]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  206.620059][T10454]  ? sctp_sendmsg+0xbb9/0x3520
[  206.624847][T10454]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  206.630398][T10454]  ? security_sctp_bind_connect+0x90/0xb0
[  206.636128][T10454]  sctp_sendmsg+0x219a/0x3520
[  206.640832][T10454]  ? __pfx_sctp_sendmsg+0x10/0x10
[  206.645877][T10454]  ? __pfx_aa_sk_perm+0x10/0x10
[  206.650746][T10454]  ? inet_sendmsg+0x330/0x390
[  206.655434][T10454]  __sock_sendmsg+0x1a6/0x270
[  206.660131][T10454]  ____sys_sendmsg+0x525/0x7d0
[  206.664924][T10454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  206.670247][T10454]  __sys_sendmmsg+0x3b2/0x740
[  206.674963][T10454]  ? __pfx___sys_sendmmsg+0x10/0x10
[  206.680216][T10454]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  206.686127][T10454]  ? ksys_write+0x23e/0x2c0
[  206.690650][T10454]  ? __pfx_lock_release+0x10/0x10
[  206.695687][T10454]  ? vfs_write+0x7c4/0xc90
[  206.700116][T10454]  ? __mutex_unlock_slowpath+0x21d/0x750
[  206.705762][T10454]  ? __pfx_vfs_write+0x10/0x10
[  206.710569][T10454]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  206.716605][T10454]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  206.722962][T10454]  ? do_syscall_64+0x100/0x230
[  206.727746][T10454]  __x64_sys_sendmmsg+0xa0/0xb0
[  206.732622][T10454]  do_syscall_64+0xf3/0x230
[  206.737148][T10454]  ? clear_bhb_loop+0x35/0x90
[  206.741841][T10454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.747735][T10454] RIP: 0033:0x7effb2d75b99
[  206.752151][T10454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.771753][T10454] RSP: 002b:00007effb3a61048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  206.780172][T10454] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d75b99
[  206.788158][T10454] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000005
[  206.796158][T10454] RBP: 00007effb3a610a0 R08: 0000000000000000 R09: 0000000000000000
[  206.804152][T10454] R10: 00000000000000fc R11: 0000000000000246 R12: 0000000000000002
[  206.812125][T10454] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  206.820112][T10454]  </TASK>
[  207.055383][T10470] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1522'.
[  208.858821][T10588] FAULT_INJECTION: forcing a failure.
[  208.858821][T10588] name failslab, interval 1, probability 0, space 0, times 0
[  208.888861][T10588] CPU: 0 PID: 10588 Comm: syz.4.1556 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  208.899088][T10588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  208.909204][T10588] Call Trace:
[  208.912507][T10588]  <TASK>
[  208.915452][T10588]  dump_stack_lvl+0x241/0x360
[  208.920177][T10588]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.925425][T10588]  ? __pfx__printk+0x10/0x10
[  208.930053][T10588]  ? __pfx___might_resched+0x10/0x10
[  208.935409][T10588]  should_fail_ex+0x3b0/0x4e0
[  208.940132][T10588]  ? ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  208.945559][T10588]  should_failslab+0x9/0x20
[  208.950098][T10588]  kmalloc_trace_noprof+0x6c/0x2c0
[  208.955243][T10588]  ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  208.960487][T10588]  genl_rcv_msg+0xb14/0xec0
[  208.965018][T10588]  ? mark_lock+0x9a/0x350
[  208.966313][T10591] netlink: 872 bytes leftover after parsing attributes in process `syz.0.1557'.
[  208.969366][T10588]  ? __pfx_genl_rcv_msg+0x10/0x10
[  208.969433][T10588]  ? __pfx_lock_acquire+0x10/0x10
[  208.988508][T10588]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  208.994254][T10588]  ? __pfx___might_resched+0x10/0x10
[  208.999578][T10588]  netlink_rcv_skb+0x1e3/0x430
[  209.004385][T10588]  ? __pfx_genl_rcv_msg+0x10/0x10
[  209.009453][T10588]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  209.014781][T10588]  ? __netlink_deliver_tap+0x77e/0x7c0
[  209.020291][T10588]  genl_rcv+0x28/0x40
[  209.024305][T10588]  netlink_unicast+0x7f0/0x990
[  209.029130][T10588]  ? __pfx_netlink_unicast+0x10/0x10
[  209.034479][T10588]  ? __virt_addr_valid+0x183/0x520
[  209.039625][T10588]  ? __check_object_size+0x49c/0x900
[  209.044962][T10588]  ? bpf_lsm_netlink_send+0x9/0x10
[  209.050124][T10588]  netlink_sendmsg+0x8e4/0xcb0
[  209.054958][T10588]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.060279][T10588]  ? __import_iovec+0x536/0x820
[  209.065201][T10588]  ? aa_sock_msg_perm+0x91/0x160
[  209.070177][T10588]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  209.075503][T10588]  ? security_socket_sendmsg+0x87/0xb0
[  209.080991][T10588]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.086288][T10588]  __sock_sendmsg+0x221/0x270
[  209.090977][T10588]  ____sys_sendmsg+0x525/0x7d0
[  209.095759][T10588]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.101070][T10588]  __sys_sendmsg+0x2b0/0x3a0
[  209.105699][T10588]  ? __pfx___sys_sendmsg+0x10/0x10
[  209.110816][T10588]  ? vfs_write+0x7c4/0xc90
[  209.115277][T10588]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  209.121628][T10588]  ? do_syscall_64+0x100/0x230
[  209.126422][T10588]  ? do_syscall_64+0xb6/0x230
[  209.131119][T10588]  do_syscall_64+0xf3/0x230
[  209.135642][T10588]  ? clear_bhb_loop+0x35/0x90
[  209.140346][T10588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.146260][T10588] RIP: 0033:0x7f3313375b99
[  209.150697][T10588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.170332][T10588] RSP: 002b:00007f331414f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.178797][T10588] RAX: ffffffffffffffda RBX: 00007f3313503fa0 RCX: 00007f3313375b99
[  209.186843][T10588] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  209.194834][T10588] RBP: 00007f331414f0a0 R08: 0000000000000000 R09: 0000000000000000
[  209.202824][T10588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  209.210801][T10588] R13: 000000000000000b R14: 00007f3313503fa0 R15: 00007fffea2037a8
[  209.218789][T10588]  </TASK>
[  209.273614][T10582] team0: Port device veth0_to_hsr added
[  209.972118][T10628] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  210.030041][T10628] batman_adv: batadv0: Adding interface: ip6gretap1
[  210.067569][T10628] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.144998][T10628] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  210.168011][T10645] netlink: 'syz.1.1574': attribute type 10 has an invalid length.
[  210.275295][T10645] team0: Device veth1_vlan failed to register rx_handler
[  210.317748][T10643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  210.383661][T10658] netlink: 'syz.2.1581': attribute type 29 has an invalid length.
[  210.439936][T10662] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1582'.
[  210.459663][T10662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  210.476568][T10662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'.
[  210.967760][T10688] vlan2: entered promiscuous mode
[  210.993154][T10688] vlan2: entered allmulticast mode
[  211.402627][T10717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  211.741789][T10743] (unnamed net_device) (uninitialized): option lacp_active: invalid value (252)
[  212.339186][T10769] FAULT_INJECTION: forcing a failure.
[  212.339186][T10769] name failslab, interval 1, probability 0, space 0, times 0
[  212.410686][T10769] CPU: 0 PID: 10769 Comm: syz.4.1619 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  212.420906][T10769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  212.431003][T10769] Call Trace:
[  212.434309][T10769]  <TASK>
[  212.437270][T10769]  dump_stack_lvl+0x241/0x360
[  212.441984][T10769]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.447232][T10769]  ? __pfx__printk+0x10/0x10
[  212.451874][T10769]  ? __pfx___might_resched+0x10/0x10
[  212.457227][T10769]  should_fail_ex+0x3b0/0x4e0
[  212.461944][T10769]  should_failslab+0x9/0x20
[  212.466550][T10769]  kmalloc_node_track_caller_noprof+0xda/0x440
[  212.472722][T10769]  ? xfrm_do_migrate+0x8c4/0xba0
[  212.477706][T10769]  ? stack_depot_save_flags+0x29/0x830
[  212.483232][T10769]  kmemdup_noprof+0x2a/0x60
[  212.487769][T10769]  xfrm_do_migrate+0x8c4/0xba0
[  212.492553][T10769]  ? kasan_save_track+0x3f/0x80
[  212.497437][T10769]  ? __pfx_xfrm_do_migrate+0x10/0x10
[  212.502783][T10769]  ? __nla_parse+0x40/0x60
[  212.507227][T10769]  xfrm_user_rcv_msg+0x75d/0xa80
[  212.512193][T10769]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  212.517737][T10769]  ? __mutex_trylock_common+0x183/0x2e0
[  212.523299][T10769]  ? __pfx___might_resched+0x10/0x10
[  212.528607][T10769]  netlink_rcv_skb+0x1e3/0x430
[  212.533386][T10769]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  212.538865][T10769]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  212.544187][T10769]  xfrm_netlink_rcv+0x79/0x90
[  212.548900][T10769]  netlink_unicast+0x7f0/0x990
[  212.553700][T10769]  ? __pfx_netlink_unicast+0x10/0x10
[  212.558992][T10769]  ? __virt_addr_valid+0x183/0x520
[  212.564123][T10769]  ? __check_object_size+0x49c/0x900
[  212.569430][T10769]  ? bpf_lsm_netlink_send+0x9/0x10
[  212.574564][T10769]  netlink_sendmsg+0x8e4/0xcb0
[  212.579352][T10769]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.584646][T10769]  ? __import_iovec+0x536/0x820
[  212.589497][T10769]  ? aa_sock_msg_perm+0x91/0x160
[  212.594480][T10769]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  212.599768][T10769]  ? security_socket_sendmsg+0x87/0xb0
[  212.605235][T10769]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.610575][T10769]  __sock_sendmsg+0x221/0x270
[  212.615285][T10769]  ____sys_sendmsg+0x525/0x7d0
[  212.620092][T10769]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.625409][T10769]  __sys_sendmsg+0x2b0/0x3a0
[  212.630010][T10769]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.635154][T10769]  ? vfs_write+0x7c4/0xc90
[  212.639618][T10769]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  212.645953][T10769]  ? do_syscall_64+0x100/0x230
[  212.650727][T10769]  ? do_syscall_64+0xb6/0x230
[  212.655422][T10769]  do_syscall_64+0xf3/0x230
[  212.659944][T10769]  ? clear_bhb_loop+0x35/0x90
[  212.664645][T10769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.670560][T10769] RIP: 0033:0x7f3313375b99
[  212.674975][T10769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.694580][T10769] RSP: 002b:00007f331414f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  212.703008][T10769] RAX: ffffffffffffffda RBX: 00007f3313503fa0 RCX: 00007f3313375b99
[  212.710980][T10769] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  212.718944][T10769] RBP: 00007f331414f0a0 R08: 0000000000000000 R09: 0000000000000000
[  212.726907][T10769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.734872][T10769] R13: 000000000000000b R14: 00007f3313503fa0 R15: 00007fffea2037a8
[  212.742858][T10769]  </TASK>
[  212.871126][T10780] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1624'.
[  213.139243][T10798] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1629'.
[  213.221414][T10804] bridge0: port 3(syz_tun) entered disabled state
[  213.228195][T10804] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.235907][T10804] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.254011][T10804] bridge0: entered allmulticast mode
[  213.298593][T10804] bridge0: port 3(syz_tun) entered blocking state
[  213.305793][T10804] bridge0: port 3(syz_tun) entered forwarding state
[  213.312860][T10804] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.320054][T10804] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.327615][T10804] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.334872][T10804] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.358149][T10804] bridge0: entered promiscuous mode
[  213.552022][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1635'.
[  214.052730][T10844] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1645'.
[  214.362870][T10857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1649'.
[  214.646581][T10873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1657'.
[  214.676227][T10873] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1657'.
[  214.943952][T10897] team0: Port device team_slave_0 removed
[  215.169654][T10905] IPv6: sit1: Disabled Multicast RS
[  215.501568][T10930] netlink: 'syz.3.1677': attribute type 1 has an invalid length.
[  215.668716][T10939] netlink: 'syz.3.1677': attribute type 6 has an invalid length.
[  215.832463][T10949] netlink: 'syz.1.1680': attribute type 7 has an invalid length.
[  215.870378][T10949] netlink: 'syz.1.1680': attribute type 39 has an invalid length.
[  215.931074][T10960] netlink: 'syz.1.1680': attribute type 7 has an invalid length.
[  215.980323][T10960] netlink: 'syz.1.1680': attribute type 39 has an invalid length.
[  216.019216][T10956] bridge1: port 1(gretap1) entered blocking state
[  216.079852][T10956] bridge1: port 1(gretap1) entered disabled state
[  216.114717][T10970] __nla_validate_parse: 2 callbacks suppressed
[  216.114738][T10970] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1687'.
[  216.117834][T10956] gretap1: entered allmulticast mode
[  216.150453][T10970] EXT4-fs warning (device sda1): ext4_group_extend:1869: need to use ext2online to resize further
[  216.165701][T10973] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1689'.
[  216.191741][T10956] gretap1: entered promiscuous mode
[  216.740315][T10997] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1694'.
[  216.774537][T10997] openvswitch: netlink: Flow actions attr not present in new flow.
[  216.933178][T11012] netlink: 'syz.0.1702': attribute type 21 has an invalid length.
[  216.971644][T11012] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1702'.
[  217.032223][T11012] netlink: 'syz.0.1702': attribute type 5 has an invalid length.
[  217.040092][T11012] netlink: 'syz.0.1702': attribute type 6 has an invalid length.
[  217.071674][T11019] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1705'.
[  217.084087][T11012] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1702'.
[  217.292805][T11038] netlink: 'syz.2.1710': attribute type 10 has an invalid length.
[  217.384290][T11051] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1708'.
[  217.446416][T11051] pim6reg: entered allmulticast mode
[  217.506757][T11059] xt_TCPMSS: Only works on TCP SYN packets
[  217.960533][   T29] audit: type=1804 audit(1719654333.715:16): pid=11085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1724" name="/root/syzkaller.GkYx69/272/cgroup.controllers" dev="sda1" ino=1978 res=1 errno=0
[  219.530564][T11150] tipc: Enabling of bearer <éb:b> rejected, media not registered
[  219.926764][T11175] ip6tnl0: entered promiscuous mode
[  219.936331][T11172] ip6tnl0: left promiscuous mode
[  220.044491][ T2432] bridge_slave_1: left allmulticast mode
[  220.055488][ T2432] bridge_slave_1: left promiscuous mode
[  220.077689][ T2432] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.116615][ T2432] bridge_slave_0: left allmulticast mode
[  220.134134][ T2432] bridge_slave_0: left promiscuous mode
[  220.154906][ T2432] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.448346][T11201] xt_TCPMSS: Only works on TCP SYN packets
[  220.464489][T11201] Bluetooth: MGMT ver 1.22
[  220.553452][T11204] Bluetooth: hci3: invalid length 0, exp 2 for type 0
[  220.690286][ T2432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.703975][ T2432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.728497][ T2432] bond0 (unregistering): Released all slaves
[  220.750227][T11193] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1761'.
[  220.851609][T11206] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1766'.
[  220.951036][ T2432] tipc: Left network mode
[  220.977263][T11216] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1767'.
[  221.095483][T11222] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  221.142311][T11222] __nla_validate_parse: 2 callbacks suppressed
[  221.142329][T11222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1770'.
[  221.328591][T11228] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1776'.
[  221.611489][ T2432] hsr_slave_0: left promiscuous mode
[  221.642628][ T2432] hsr_slave_1: left promiscuous mode
[  221.679439][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.690902][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.705084][ T2432] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.714020][ T2432] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.818681][ T2432] veth1_macvtap: left promiscuous mode
[  221.830861][ T2432] veth0_macvtap: left promiscuous mode
[  221.844447][ T2432] veth1_vlan: left promiscuous mode
[  221.857935][ T2432] veth0_vlan: left promiscuous mode
[  222.058738][ T2432] team0 (unregistering): Port device batadv1 removed
[  222.066914][T11267] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  222.418928][ T2432] team0 (unregistering): Port device team_slave_1 removed
[  222.461400][ T2432] team0 (unregistering): Port device team_slave_0 removed
[  223.187586][T11288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1791'.
[  223.197023][T11294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1793'.
[  223.243990][T11290] validate_nla: 1 callbacks suppressed
[  223.244009][T11290] netlink: 'syz.3.1792': attribute type 10 has an invalid length.
[  223.271265][T11290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1792'.
[  223.356412][T11295] netlink: 'syz.3.1792': attribute type 10 has an invalid length.
[  223.373318][T11295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1792'.
[  223.888082][T11329] 8021q: adding VLAN 0 to HW filter on device batadv1
[  223.924109][T11329] team0: Port device batadv1 added
[  224.103923][T11344] syz.2.1810[11344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.104159][T11344] syz.2.1810[11344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.356907][T11359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1817'.
[  224.435668][T11359] xt_CT: You must specify a L4 protocol and not use inversions on it
[  225.376790][T11426] dccp_close: ABORT with 190 bytes unread
[  225.543997][T11440] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1842'.
[  225.748468][T11455] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1848'.
[  226.407162][T11499] xt_cgroup: invalid path, errno=-2
[  226.414539][T11498] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1863'.
[  226.814731][T11522] FAULT_INJECTION: forcing a failure.
[  226.814731][T11522] name failslab, interval 1, probability 0, space 0, times 0
[  226.827911][T11522] CPU: 1 PID: 11522 Comm: syz.2.1872 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  226.838093][T11522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  226.848169][T11522] Call Trace:
[  226.851484][T11522]  <TASK>
[  226.854442][T11522]  dump_stack_lvl+0x241/0x360
[  226.859161][T11522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  226.864399][T11522]  ? __pfx__printk+0x10/0x10
[  226.869027][T11522]  ? ip_mc_add_src+0x3f/0xf00
[  226.873732][T11522]  should_fail_ex+0x3b0/0x4e0
[  226.878444][T11522]  ? ip_mc_add_src+0x826/0xf00
[  226.883274][T11522]  should_failslab+0x9/0x20
[  226.887816][T11522]  kmalloc_trace_noprof+0x6c/0x2c0
[  226.892955][T11522]  ip_mc_add_src+0x826/0xf00
[  226.897588][T11522]  ip_mc_msfilter+0x6b8/0xca0
[  226.902309][T11522]  ? __pfx_ip_mc_msfilter+0x10/0x10
[  226.907537][T11522]  ? rcu_is_watching+0x15/0xb0
[  226.912330][T11522]  ? set_mcast_msfilter+0x3d/0x370
[  226.917487][T11522]  ? trace_kmalloc+0x1f/0xd0
[  226.922137][T11522]  set_mcast_msfilter+0x276/0x370
[  226.927203][T11522]  ip_set_mcast_msfilter+0x326/0x3f0
[  226.932525][T11522]  do_ip_setsockopt+0x2033/0x3cd0
[  226.937615][T11522]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  226.943018][T11522]  ? aa_sk_perm+0x967/0xab0
[  226.947570][T11522]  ? __pfx_aa_sk_perm+0x10/0x10
[  226.952454][T11522]  ? __pfx_lock_acquire+0x10/0x10
[  226.957499][T11522]  ? aa_sock_opt_perm+0x79/0x120
[  226.962475][T11522]  ip_setsockopt+0x63/0x100
[  226.967010][T11522]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  226.972930][T11522]  do_sock_setsockopt+0x3af/0x720
[  226.977991][T11522]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  226.983568][T11522]  ? __fget_files+0x29/0x470
[  226.988197][T11522]  ? __fget_files+0x3f6/0x470
[  226.992912][T11522]  __sys_setsockopt+0x1ae/0x250
[  226.997800][T11522]  __x64_sys_setsockopt+0xb5/0xd0
[  227.002865][T11522]  do_syscall_64+0xf3/0x230
[  227.007404][T11522]  ? clear_bhb_loop+0x35/0x90
[  227.012118][T11522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.018034][T11522] RIP: 0033:0x7f5272575b99
[  227.022470][T11522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.042123][T11522] RSP: 002b:00007f527339f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  227.050565][T11522] RAX: ffffffffffffffda RBX: 00007f5272703fa0 RCX: 00007f5272575b99
[  227.058612][T11522] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000003
[  227.066611][T11522] RBP: 00007f527339f0a0 R08: 0000000000000590 R09: 0000000000000000
[  227.074599][T11522] R10: 00000000200012c0 R11: 0000000000000246 R12: 0000000000000001
[  227.082591][T11522] R13: 000000000000000b R14: 00007f5272703fa0 R15: 00007ffd5a21a218
[  227.090621][T11522]  </TASK>
[  227.558315][T11546] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1883'.
[  227.700402][T11553] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1885'.
[  227.775759][T11555] netlink: 'syz.2.1886': attribute type 4 has an invalid length.
[  228.033404][   T29] audit: type=1804 audit(1719654343.795:17): pid=11566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1889" name="/root/syzkaller.GkYx69/312/cgroup.controllers" dev="sda1" ino=1979 res=1 errno=0
[  229.487852][T11638] tipc: Failed to remove unknown binding: 66,1,1/1:917234645/917234647
[  229.499499][T11639] tipc: Failed to remove unknown binding: 66,1,1/1:917234645/917234647
[  229.508116][T11638] tipc: Failed to remove unknown binding: 66,1,1/1:917234645/917234647
[  229.520023][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1917'.
[  229.613134][T11648] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1919'.
[  229.764298][T11656] pim6reg: entered allmulticast mode
[  229.821742][T11662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1924'.
[  229.949947][T11670] rose0: tun_chr_ioctl cmd 21731
[  230.204053][T11684] netlink: 'syz.0.1931': attribute type 4 has an invalid length.
[  230.221635][T11684] netlink: 'syz.0.1931': attribute type 4 has an invalid length.
[  230.248806][T11686] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1932'.
[  230.410119][T11696] ipvlan2: entered promiscuous mode
[  230.425868][T11696] ipvlan2: entered allmulticast mode
[  230.437847][T11696] bond0: entered allmulticast mode
[  230.445708][T11696] bond_slave_0: entered allmulticast mode
[  230.452488][T11696] bond_slave_1: entered allmulticast mode
[  230.465607][T11696] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  230.542311][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.710151][T11713] rose0: tun_chr_ioctl cmd 21731
[  230.727995][T11715] netlink: 'syz.4.1942': attribute type 4 has an invalid length.
[  231.306621][T11725] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1945'.
[  231.431652][T11727] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  231.781331][T11746] FAULT_INJECTION: forcing a failure.
[  231.781331][T11746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.809511][T11746] CPU: 1 PID: 11746 Comm: syz.2.1951 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  231.819723][T11746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  231.822445][T11749] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1952'.
[  231.829787][T11746] Call Trace:
[  231.829802][T11746]  <TASK>
[  231.829813][T11746]  dump_stack_lvl+0x241/0x360
[  231.829848][T11746]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.829874][T11746]  ? __pfx__printk+0x10/0x10
[  231.859802][T11746]  ? __pfx_lock_release+0x10/0x10
[  231.864871][T11746]  should_fail_ex+0x3b0/0x4e0
[  231.869600][T11746]  _copy_from_iter+0x1f6/0x1960
[  231.874484][T11746]  ? __virt_addr_valid+0x183/0x520
[  231.879628][T11746]  ? __pfx_lock_release+0x10/0x10
[  231.884692][T11746]  ? __alloc_skb+0x28f/0x440
[  231.889314][T11746]  ? __pfx__copy_from_iter+0x10/0x10
[  231.894629][T11746]  ? __virt_addr_valid+0x183/0x520
[  231.899802][T11746]  ? __virt_addr_valid+0x183/0x520
[  231.904951][T11746]  ? __virt_addr_valid+0x44e/0x520
[  231.910109][T11746]  ? __check_object_size+0x49c/0x900
[  231.915441][T11746]  netlink_sendmsg+0x73d/0xcb0
[  231.920259][T11746]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.925603][T11746]  ? __import_iovec+0x536/0x820
[  231.930484][T11746]  ? aa_sock_msg_perm+0x91/0x160
[  231.935458][T11746]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  231.940750][T11746]  ? security_socket_sendmsg+0x87/0xb0
[  231.946222][T11746]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.951526][T11746]  __sock_sendmsg+0x221/0x270
[  231.956204][T11746]  ____sys_sendmsg+0x525/0x7d0
[  231.961023][T11746]  ? __pfx_____sys_sendmsg+0x10/0x10
[  231.966329][T11746]  __sys_sendmsg+0x2b0/0x3a0
[  231.970939][T11746]  ? __pfx___sys_sendmsg+0x10/0x10
[  231.976076][T11746]  ? vfs_write+0x7c4/0xc90
[  231.980536][T11746]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  231.986873][T11746]  ? do_syscall_64+0x100/0x230
[  231.991644][T11746]  ? do_syscall_64+0xb6/0x230
[  231.996329][T11746]  do_syscall_64+0xf3/0x230
[  232.000834][T11746]  ? clear_bhb_loop+0x35/0x90
[  232.005518][T11746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.011414][T11746] RIP: 0033:0x7f5272575b99
[  232.015827][T11746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.035443][T11746] RSP: 002b:00007f527339f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.043864][T11746] RAX: ffffffffffffffda RBX: 00007f5272703fa0 RCX: 00007f5272575b99
[  232.051849][T11746] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  232.059822][T11746] RBP: 00007f527339f0a0 R08: 0000000000000000 R09: 0000000000000000
[  232.067799][T11746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.075774][T11746] R13: 000000000000000b R14: 00007f5272703fa0 R15: 00007ffd5a21a218
[  232.083762][T11746]  </TASK>
[  232.225509][T11759] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1957'.
[  232.349856][T11768] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1959'.
[  232.480120][   T58] IPVS: starting estimator thread 0...
[  232.500526][T11775] bridge0: port 3(syz_tun) entered disabled state
[  232.507253][T11775] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.527019][T11775] bridge0: left promiscuous mode
[  232.535301][T11775] bridge0: left allmulticast mode
[  232.580689][T11777] IPVS: using max 23 ests per chain, 55200 per kthread
[  232.588217][T11783] syz_tun: left allmulticast mode
[  232.597832][T11783] syz_tun: left promiscuous mode
[  232.609406][T11783] bridge0: port 3(syz_tun) entered disabled state
[  232.659016][T11783] bridge_slave_1: left allmulticast mode
[  232.679840][T11783] bridge_slave_1: left promiscuous mode
[  232.686721][T11783] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.708868][T11783] bridge_slave_0: left allmulticast mode
[  232.720982][T11783] bridge_slave_0: left promiscuous mode
[  232.735082][T11783] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.887796][T11797] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1969'.
[  233.207198][T11822] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1971'.
[  233.339255][T11814] GUP no longer grows the stack in syz.3.1975 (11814): 20006000-2000a000 (20005000)
[  233.352248][T11829] netlink: 'syz.4.1977': attribute type 3 has an invalid length.
[  233.360938][T11829] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.1977'.
[  233.370387][T11814] CPU: 1 PID: 11814 Comm: syz.3.1975 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  233.380553][T11814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  233.390612][T11814] Call Trace:
[  233.393903][T11814]  <TASK>
[  233.396880][T11814]  dump_stack_lvl+0x241/0x360
[  233.401565][T11814]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.406884][T11814]  ? __pfx__printk+0x10/0x10
[  233.411482][T11814]  ? find_vma+0xf9/0x170
[  233.415737][T11814]  __get_user_pages+0x10e3/0x1590
[  233.420801][T11814]  ? __gup_longterm_locked+0x1ec9/0x2a80
[  233.426484][T11814]  ? __pfx___get_user_pages+0x10/0x10
[  233.431883][T11814]  ? __lock_acquire+0x1346/0x1fd0
[  233.436923][T11814]  __gup_longterm_locked+0x1ff6/0x2a80
[  233.442419][T11814]  ? __pfx___gup_longterm_locked+0x10/0x10
[  233.448240][T11814]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  233.454240][T11814]  ? sanity_check_pinned_pages+0x12bb/0x13c0
[  233.460272][T11814]  gup_fast_fallback+0x2732/0x2b40
[  233.465431][T11814]  ? __pfx_gup_fast_fallback+0x10/0x10
[  233.470898][T11814]  ? __pfx_validate_chain+0x10/0x10
[  233.476121][T11814]  ? unwind_get_return_address+0x91/0xc0
[  233.481769][T11814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.487845][T11814]  ? arch_stack_walk+0x16d/0x1b0
[  233.492807][T11814]  ? __lock_acquire+0x1346/0x1fd0
[  233.497834][T11814]  ? is_valid_gup_args+0x124/0x200
[  233.502952][T11814]  pin_user_pages_fast+0xcc/0x160
[  233.507974][T11814]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  233.513625][T11814]  iov_iter_extract_pages+0x3db/0x720
[  233.519012][T11814]  bio_iov_iter_get_pages+0x541/0x1930
[  233.524479][T11814]  ? bio_associate_blkg+0x6c/0x230
[  233.529601][T11814]  ? bio_associate_blkg_from_css+0xb0c/0xc70
[  233.535607][T11814]  ? bio_associate_blkg_from_css+0xa4/0xc70
[  233.541532][T11814]  ? __pfx_bio_iov_iter_get_pages+0x10/0x10
[  233.547453][T11814]  ? bio_alloc_bioset+0x6d7/0x1130
[  233.552583][T11814]  iomap_dio_bio_iter+0xc8e/0x1670
[  233.557735][T11814]  __iomap_dio_rw+0x1295/0x2370
[  233.562607][T11814]  ? do_syscall_64+0xf3/0x230
[  233.567304][T11814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.573438][T11814]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  233.579442][T11814]  ? __pfx___iomap_dio_rw+0x10/0x10
[  233.584686][T11814]  ? jbd2_journal_stop+0x902/0xd80
[  233.589829][T11814]  ? __pfx_jbd2_journal_stop+0x10/0x10
[  233.595316][T11814]  ? __pfx_ext4_orphan_add+0x10/0x10
[  233.600626][T11814]  iomap_dio_rw+0x46/0xa0
[  233.604974][T11814]  ext4_file_write_iter+0x15e5/0x1a10
[  233.610393][T11814]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  233.616125][T11814]  vfs_write+0xa72/0xc90
[  233.620392][T11814]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  233.626116][T11814]  ? __pfx_vfs_write+0x10/0x10
[  233.630903][T11814]  ? do_futex+0x33b/0x560
[  233.635249][T11814]  ksys_write+0x1a0/0x2c0
[  233.639589][T11814]  ? __pfx_ksys_write+0x10/0x10
[  233.644457][T11814]  ? do_syscall_64+0x100/0x230
[  233.649230][T11814]  ? do_syscall_64+0xb6/0x230
[  233.653920][T11814]  do_syscall_64+0xf3/0x230
[  233.658451][T11814]  ? clear_bhb_loop+0x35/0x90
[  233.663138][T11814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.669036][T11814] RIP: 0033:0x7effb2d75b99
[  233.673556][T11814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.693187][T11814] RSP: 002b:00007effb3a61048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  233.701615][T11814] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d75b99
[  233.709644][T11814] RDX: 0000000000043400 RSI: 0000000020000200 RDI: 0000000000000008
[  233.717630][T11814] RBP: 00007effb2df677e R08: 0000000000000000 R09: 0000000000000000
[  233.725612][T11814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.733588][T11814] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  233.741595][T11814]  </TASK>
[  233.766208][T11831] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1978'.
[  233.937826][T11840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1981'.
[  234.080442][T11843] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1983'.
[  235.166555][T11899] netlink: 'syz.3.1999': attribute type 68 has an invalid length.
[  235.292349][T11902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2002'.
[  235.562068][T11913] netdevsim netdevsim2 : renamed from netdevsim0 (while UP)
[  235.635813][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  235.650821][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  235.661297][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  235.670448][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  235.680247][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  235.689293][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  235.697937][T11921] nbd: socks must be embedded in a SOCK_ITEM attr
[  236.074725][T11919] chnl_net:caif_netlink_parms(): no params data found
[  236.252845][T11919] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.267849][T11919] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.291184][T11919] bridge_slave_0: entered allmulticast mode
[  236.313315][T11919] bridge_slave_0: entered promiscuous mode
[  236.344725][T11919] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.360772][T11919] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.370509][T11919] bridge_slave_1: entered allmulticast mode
[  236.378315][T11919] bridge_slave_1: entered promiscuous mode
[  236.454864][T11919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.478741][T11919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.625332][T11919] team0: Port device team_slave_0 added
[  236.635687][T11919] team0: Port device team_slave_1 added
[  236.789487][T11919] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.812814][T11919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.890342][T11919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.908956][T11919] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.916540][T11919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.956433][T11919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.069346][T11919] hsr_slave_0: entered promiscuous mode
[  237.086728][T11919] hsr_slave_1: entered promiscuous mode
[  237.107578][   T29] audit: type=1804 audit(1719654352.865:18): pid=11996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2028" name="/root/syzkaller.bV9ltI/311/cgroup.controllers" dev="sda1" ino=1987 res=1 errno=0
[  237.424386][T11919] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.596248][T11919] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.752157][ T4490] Bluetooth: hci5: command tx timeout
[  237.763988][T11919] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.878722][T12011] __nla_validate_parse: 2 callbacks suppressed
[  237.878741][T12011] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2032'.
[  238.025486][T11919] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.139574][T12033] macvlan3: entered allmulticast mode
[  238.164129][T12033] mac80211_hwsim hwsim13 wlan0: entered promiscuous mode
[  238.180302][T12033] mac80211_hwsim hwsim13 wlan0: entered allmulticast mode
[  238.198769][T12033] team0: Port device macvlan3 added
[  238.207075][T12032] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2039'.
[  238.367752][T12044] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0
[  238.383833][T11919] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  238.399186][T12039] IPVS: stopping backup sync thread 12044 ...
[  238.424980][T11919] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  238.458535][T11919] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  238.467911][T12039] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2041'.
[  238.491133][T11919] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  238.510761][T12039] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes.
[  238.792284][T12060] 8021q: VLANs not supported on lo
[  238.843383][T11919] 8021q: adding VLAN 0 to HW filter on device bond0
[  238.851941][T12061] 
: renamed from gretap0
[  238.990140][T11919] 8021q: adding VLAN 0 to HW filter on device team0
[  239.085403][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.092634][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.142454][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.149716][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.366588][T12088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2055'.
[  239.434425][T12088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2055'.
[  239.450425][T11919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  239.549425][T11919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  239.633105][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2055'.
[  239.834026][ T4490] Bluetooth: hci5: command tx timeout
[  240.290983][T11919] 8021q: adding VLAN 0 to HW filter on device batadv0
[  240.477690][T11919] veth0_vlan: entered promiscuous mode
[  240.528453][T11919] veth1_vlan: entered promiscuous mode
[  240.764238][T11919] veth0_macvtap: entered promiscuous mode
[  240.793556][T11919] veth1_macvtap: entered promiscuous mode
[  240.837177][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.848543][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.858580][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.887003][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.898235][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.909040][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.920170][T12161] IPVS: set_ctl: invalid protocol: 29 172.20.20.39:20000
[  240.922175][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.937887][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.950120][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  240.974883][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  240.994964][T11919] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.052285][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.069147][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.080656][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.091657][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.101973][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.119354][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.154097][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.165096][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.197747][T11919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.230496][T11919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.267554][T11919] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.312254][T11919] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.331483][T11919] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.351212][T11919] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.370805][T11919] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.582333][T12193] macvlan2: entered allmulticast mode
[  241.588149][T12193] mac80211_hwsim hwsim20 wlan0: entered allmulticast mode
[  241.621880][T12193] team0: Port device macvlan2 added
[  241.634379][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.671344][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.745592][  T949] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.766165][T12202] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2083'.
[  241.777038][  T949] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.800410][T12203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2085'.
[  241.831232][T12203] tipc: Started in network mode
[  241.837622][T12203] tipc: Node identity 6, cluster identity 4711
[  241.868053][T12203] tipc: Node number set to 6
[  241.910911][ T5094] Bluetooth: hci5: command tx timeout
[  242.451174][T12247] ------------[ cut here ]------------
[  242.457036][T12247] WARNING: CPU: 0 PID: 12247 at net/mac80211/rate.c:48 rate_control_rate_init+0x588/0x5f0
[  242.467019][T12247] Modules linked in:
[  242.471344][T12247] CPU: 0 PID: 12247 Comm: syz.3.2096 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  242.481897][T12247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  242.492061][T12247] RIP: 0010:rate_control_rate_init+0x588/0x5f0
[  242.498245][T12247] Code: 00 00 00 e8 ea e9 01 f7 f0 41 80 8d 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 09 19 9c f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d eb 65 89 e9 80
[  242.518033][T12247] RSP: 0018:ffffc9000c317058 EFLAGS: 00010283
[  242.524190][T12247] RAX: ffffffff8afa0df7 RBX: ffff88806aff6b78 RCX: 0000000000040000
[  242.532405][T12247] RDX: ffffc9000bbea000 RSI: 00000000000016d4 RDI: 00000000000016d5
[  242.540418][T12247] RBP: 0000000000000001 R08: ffffffff8afa0a62 R09: 1ffffffff25f74b0
[  242.548488][T12247] R10: dffffc0000000000 R11: fffffbfff25f74b1 R12: ffff88801e9f0e20
[  242.550994][ T5094] Bluetooth: hci0: command 0x0406 tx timeout
[  242.557621][T12247] R13: ffff888065d84000 R14: 1ffff1100cbb080a R15: 0000000000000000
[  242.564076][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  242.571599][T12247] FS:  00007effb3a616c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  242.586598][T12247] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  242.593268][T12247] CR2: 0000000020001080 CR3: 0000000061054000 CR4: 00000000003506f0
[  242.601366][T12247] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  242.609436][T12247] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  242.617476][T12247] Call Trace:
[  242.620812][T12247]  <TASK>
[  242.623770][T12247]  ? __warn+0x163/0x4e0
[  242.627963][T12247]  ? rate_control_rate_init+0x588/0x5f0
[  242.633884][T12247]  ? report_bug+0x2b3/0x500
[  242.638427][T12247]  ? rate_control_rate_init+0x588/0x5f0
[  242.644064][T12247]  ? handle_bug+0x3e/0x70
[  242.648443][T12247]  ? exc_invalid_op+0x1a/0x50
[  242.653223][T12247]  ? asm_exc_invalid_op+0x1a/0x20
[  242.658942][T12247]  ? rate_control_rate_init+0x1f2/0x5f0
[  242.664741][T12247]  ? rate_control_rate_init+0x587/0x5f0
[  242.670341][T12247]  ? rate_control_rate_init+0x588/0x5f0
[  242.676002][T12247]  ? rate_control_rate_init+0x587/0x5f0
[  242.681609][T12247]  ? rate_control_rate_init+0xe3/0x5f0
[  242.687126][T12247]  sta_apply_auth_flags+0x1b6/0x410
[  242.692411][T12247]  sta_apply_parameters+0xe23/0x1550
[  242.697753][T12247]  ieee80211_add_station+0x3da/0x630
[  242.703162][T12247]  rdev_add_station+0x11b/0x2b0
[  242.708059][T12247]  nl80211_new_station+0x1d53/0x2550
[  242.713610][T12247]  ? __pfx_nl80211_new_station+0x10/0x10
[  242.719287][T12247]  ? netdev_run_todo+0xf88/0x1000
[  242.724436][T12247]  genl_rcv_msg+0xb14/0xec0
[  242.728980][T12247]  ? mark_lock+0x9a/0x350
[  242.733414][T12247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  242.738501][T12247]  ? __pfx_lock_acquire+0x10/0x10
[  242.743682][T12247]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  242.749110][T12247]  ? __pfx_nl80211_new_station+0x10/0x10
[  242.754892][T12247]  ? __pfx_nl80211_post_doit+0x10/0x10
[  242.758974][T12255] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2099'.
[  242.760840][T12247]  ? __pfx___might_resched+0x10/0x10
[  242.774979][T12247]  netlink_rcv_skb+0x1e3/0x430
[  242.779785][T12247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  242.784952][T12247]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  242.790328][T12247]  ? __netlink_deliver_tap+0x77e/0x7c0
[  242.796196][T12247]  genl_rcv+0x28/0x40
[  242.800242][T12247]  netlink_unicast+0x7f0/0x990
[  242.805089][T12247]  ? __pfx_netlink_unicast+0x10/0x10
[  242.810402][T12247]  ? __virt_addr_valid+0x183/0x520
[  242.815600][T12247]  ? __check_object_size+0x49c/0x900
[  242.820985][T12247]  ? bpf_lsm_netlink_send+0x9/0x10
[  242.826149][T12247]  netlink_sendmsg+0x8e4/0xcb0
[  242.831005][T12247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  242.836323][T12247]  ? __import_iovec+0x536/0x820
[  242.841662][T12247]  ? aa_sock_msg_perm+0x91/0x160
[  242.846651][T12247]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  242.852013][T12247]  ? security_socket_sendmsg+0x87/0xb0
[  242.857512][T12247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  242.863200][T12247]  __sock_sendmsg+0x221/0x270
[  242.867910][T12247]  ____sys_sendmsg+0x525/0x7d0
[  242.873388][T12247]  ? __pfx_____sys_sendmsg+0x10/0x10
[  242.878733][T12247]  __sys_sendmsg+0x2b0/0x3a0
[  242.883410][T12247]  ? __pfx___sys_sendmsg+0x10/0x10
[  242.888610][T12247]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  242.895058][T12247]  ? do_syscall_64+0x100/0x230
[  242.899858][T12247]  ? do_syscall_64+0xb6/0x230
[  242.904628][T12247]  do_syscall_64+0xf3/0x230
[  242.909192][T12247]  ? clear_bhb_loop+0x35/0x90
[  242.913976][T12247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.919902][T12247] RIP: 0033:0x7effb2d75b99
[  242.924382][T12247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.944061][T12247] RSP: 002b:00007effb3a61048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  242.952674][T12247] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d75b99
[  242.960726][T12247] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  242.969119][T12247] RBP: 00007effb2df677e R08: 0000000000000000 R09: 0000000000000000
[  242.977406][T12247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  242.985437][T12247] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  242.993514][T12247]  </TASK>
[  242.996547][T12247] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  243.003826][T12247] CPU: 0 PID: 12247 Comm: syz.3.2096 Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0
[  243.013999][T12247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  243.024070][T12247] Call Trace:
[  243.027351][T12247]  <TASK>
[  243.030295][T12247]  dump_stack_lvl+0x241/0x360
[  243.035008][T12247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.040222][T12247]  ? __pfx__printk+0x10/0x10
[  243.044843][T12247]  ? _printk+0xd5/0x120
[  243.049025][T12247]  ? vscnprintf+0x5d/0x90
[  243.053362][T12247]  panic+0x349/0x860
[  243.057282][T12247]  ? __warn+0x172/0x4e0
[  243.061449][T12247]  ? __pfx_panic+0x10/0x10
[  243.065881][T12247]  ? show_trace_log_lvl+0x4e6/0x520
[  243.071125][T12247]  __warn+0x346/0x4e0
[  243.075127][T12247]  ? rate_control_rate_init+0x588/0x5f0
[  243.080688][T12247]  report_bug+0x2b3/0x500
[  243.085043][T12247]  ? rate_control_rate_init+0x588/0x5f0
[  243.090598][T12247]  handle_bug+0x3e/0x70
[  243.094772][T12247]  exc_invalid_op+0x1a/0x50
[  243.099276][T12247]  asm_exc_invalid_op+0x1a/0x20
[  243.104129][T12247] RIP: 0010:rate_control_rate_init+0x588/0x5f0
[  243.110290][T12247] Code: 00 00 00 e8 ea e9 01 f7 f0 41 80 8d 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 09 19 9c f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d eb 65 89 e9 80
[  243.129902][T12247] RSP: 0018:ffffc9000c317058 EFLAGS: 00010283
[  243.135979][T12247] RAX: ffffffff8afa0df7 RBX: ffff88806aff6b78 RCX: 0000000000040000
[  243.143948][T12247] RDX: ffffc9000bbea000 RSI: 00000000000016d4 RDI: 00000000000016d5
[  243.151913][T12247] RBP: 0000000000000001 R08: ffffffff8afa0a62 R09: 1ffffffff25f74b0
[  243.159885][T12247] R10: dffffc0000000000 R11: fffffbfff25f74b1 R12: ffff88801e9f0e20
[  243.167863][T12247] R13: ffff888065d84000 R14: 1ffff1100cbb080a R15: 0000000000000000
[  243.175862][T12247]  ? rate_control_rate_init+0x1f2/0x5f0
[  243.181415][T12247]  ? rate_control_rate_init+0x587/0x5f0
[  243.186973][T12247]  ? rate_control_rate_init+0x587/0x5f0
[  243.192516][T12247]  ? rate_control_rate_init+0xe3/0x5f0
[  243.197977][T12247]  sta_apply_auth_flags+0x1b6/0x410
[  243.203181][T12247]  sta_apply_parameters+0xe23/0x1550
[  243.208477][T12247]  ieee80211_add_station+0x3da/0x630
[  243.213806][T12247]  rdev_add_station+0x11b/0x2b0
[  243.218659][T12247]  nl80211_new_station+0x1d53/0x2550
[  243.223957][T12247]  ? __pfx_nl80211_new_station+0x10/0x10
[  243.229592][T12247]  ? netdev_run_todo+0xf88/0x1000
[  243.234651][T12247]  genl_rcv_msg+0xb14/0xec0
[  243.239173][T12247]  ? mark_lock+0x9a/0x350
[  243.243516][T12247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  243.248562][T12247]  ? __pfx_lock_acquire+0x10/0x10
[  243.253585][T12247]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  243.258956][T12247]  ? __pfx_nl80211_new_station+0x10/0x10
[  243.264589][T12247]  ? __pfx_nl80211_post_doit+0x10/0x10
[  243.270060][T12247]  ? __pfx___might_resched+0x10/0x10
[  243.275363][T12247]  netlink_rcv_skb+0x1e3/0x430
[  243.280167][T12247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  243.285220][T12247]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  243.290519][T12247]  ? __netlink_deliver_tap+0x77e/0x7c0
[  243.295989][T12247]  genl_rcv+0x28/0x40
[  243.299974][T12247]  netlink_unicast+0x7f0/0x990
[  243.304750][T12247]  ? __pfx_netlink_unicast+0x10/0x10
[  243.310044][T12247]  ? __virt_addr_valid+0x183/0x520
[  243.315167][T12247]  ? __check_object_size+0x49c/0x900
[  243.320472][T12247]  ? bpf_lsm_netlink_send+0x9/0x10
[  243.325607][T12247]  netlink_sendmsg+0x8e4/0xcb0
[  243.330379][T12247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.335664][T12247]  ? __import_iovec+0x536/0x820
[  243.340512][T12247]  ? aa_sock_msg_perm+0x91/0x160
[  243.345463][T12247]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  243.350745][T12247]  ? security_socket_sendmsg+0x87/0xb0
[  243.356221][T12247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.361528][T12247]  __sock_sendmsg+0x221/0x270
[  243.366212][T12247]  ____sys_sendmsg+0x525/0x7d0
[  243.370985][T12247]  ? __pfx_____sys_sendmsg+0x10/0x10
[  243.376284][T12247]  __sys_sendmsg+0x2b0/0x3a0
[  243.380910][T12247]  ? __pfx___sys_sendmsg+0x10/0x10
[  243.386105][T12247]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  243.392440][T12247]  ? do_syscall_64+0x100/0x230
[  243.397203][T12247]  ? do_syscall_64+0xb6/0x230
[  243.401908][T12247]  do_syscall_64+0xf3/0x230
[  243.406422][T12247]  ? clear_bhb_loop+0x35/0x90
[  243.411135][T12247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.417034][T12247] RIP: 0033:0x7effb2d75b99
[  243.421455][T12247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.441068][T12247] RSP: 002b:00007effb3a61048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  243.449493][T12247] RAX: ffffffffffffffda RBX: 00007effb2f03fa0 RCX: 00007effb2d75b99
[  243.457484][T12247] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
[  243.465464][T12247] RBP: 00007effb2df677e R08: 0000000000000000 R09: 0000000000000000
[  243.473456][T12247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  243.481456][T12247] R13: 000000000000000b R14: 00007effb2f03fa0 R15: 00007ffd4e124a38
[  243.489461][T12247]  </TASK>
[  243.492801][T12247] Kernel Offset: disabled
[  243.497220][T12247] Rebooting in 86400 seconds..