last executing test programs:

1m6.590254249s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

55.321611271s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

43.038194545s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

30.043041494s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

15.71833491s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

4.041335099s ago: executing program 1 (id=3699):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000400)={0x1f, @none}, 0x8)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0x13, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x20}, {0x6}]}, 0x10)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x20, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000280)='_', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0), 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000140)={0x20})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'bridge0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}})
write$cgroup_int(r2, &(0x7f0000000580)=0x3, 0xfea7)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000380), 0x101bf)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000000c0)={0x0, 0x1, 0xbb3e, 0x404})
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000080)={0x0, r4, 0x2, 0x0, 0x7})
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000000)={0x2880008, r2, 0x0, 0x7, 0xa})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600000600000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000263f2b27000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c700"/376], 0x178)
write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000000d6fe341900000000000000000029000000000000"], 0x20)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)='4', 0x1}], 0x1}}], 0x1, 0x0)
sendto$inet6(r0, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a9d6480046246e60bea0cf6f54abc69ff9418b6cb9301eb6890227215b633a886fb13c89698e51e482c42ca99613b20e22e5ce15272f5bda8b18cf53d49130a94135dd8a9692c", 0x34000, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000100)={<r5=>0x0, 0x5}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000380)={r5, 0x48, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0xff, @private2, 0xf6}, @in6={0xa, 0x4e20, 0x8001, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, @in={0x2, 0x4e23, @empty}]}, &(0x7f00000003c0)=0x10)
r6 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f92c24fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x48000000}, 0x0)

3.858069895s ago: executing program 1 (id=3703):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x10000, 0x4)
sendmsg$inet6(r0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={&(0x7f0000000380)="d7ff84a181fec263f009d32fbd23de29e8851f7bf00322c0bd8f555ea3457f943bd8e76bf8d623fcc5e879f47fc12d6e29e2acce4e23f05728709d595ddf4272c39ffb8399b349bf8596fea5309923f80c0dbab95fc59ca54364674ea333838dc47fe5e3d950bac81204088db0148b639110c2f3aec25f3dbdae1eb0130c138649d52789182e4f462fbef5b6f178061c68ec97c5e5477e5de030fc35cafe2326d44566aeb28b3e2bc8502a08755cb7bf4446a7c191ee089fee1344fa90f4633b11f1223a2cd8142a8e31c4f9a110d9f348c678f4e6d1b56112536e2412b0e9178ec1e2a6850904e5b7664dbc70ab", &(0x7f00000001c0)=""/21, &(0x7f0000000200)="e3bba1f42527491cb68e9662f5bd077e61fc0756f0a65f1567cb0ceecb3356e0e29646a75ae5b64c70a2589d1f40411c39", &(0x7f0000000500)="78199b73348fd4fa10cd7e8c5baa106ad38cd4eedd26f276597737be4542989b4c37ebdadb851b2fcbb49a9c5c6e6592950ab9689555034b39aa9fb08c52b5212e8221456208bee76be4bc06dc5433b1302c659aa9a89938d944a6b4062325f4de5ba4b57ae6e6caa84ceec8a6a947773ffd6cd827e6dac9af2698b87f8d5da3345c", 0x1, 0xffffffffffffffff, 0x4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})

3.760009727s ago: executing program 1 (id=3706):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x3, 0xff)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
unshare(0x20000400)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000040)=ANY=[@ANYBLOB="d0000000080211000000080211000001ffffffffffff"], 0x3a)
r1 = socket$tipc(0x1e, 0x5, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @private=0xa010102}, 0x10)
recvfrom$inet(r3, &(0x7f0000000280)=""/124, 0x7c, 0x40000102, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0xfffc, @empty}], 0x10)
sendmmsg$inet6(r4, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000080)="88", 0x1c}], 0x1}}], 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0x4, 0x3}, 0x6)
shutdown(r4, 0x1)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f00000000c0)=ANY=[], 0x29)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, &(0x7f0000000040)=0x8, 0x4)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
recvfrom$llc(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000540)=ANY=[@ANYBLOB="ffffffffffff0180c200000e86dd606b88ef00303a00fe80000000000000000000000000001dfe80000000000000000000aa01009078000000006000000000000000fe88000000000000000000000000000000000000000000000000ffffac1414bb00000000cba8f522eeaab9dd9cabe2a846612638f62edb426509e81bbf184c0234dc9d715d393a9e"], 0x0)
sendto$inet(r2, &(0x7f0000000040)='u', 0xa792a, 0x801, 0x0, 0x0)
shutdown(r1, 0x0)
syz_80211_inject_frame(&(0x7f0000000080), &(0x7f0000000300)=ANY=[@ANYBLOB="5034ff00ffffffffffff080211000000e98f502a60ff090402000000000000000400100401013604060403010007000602050071070100ff00ffbf08dd7a9852c85a749589801dff6b29b3891d03ee3562bea6de3bfdde0b9dbd3e8d5446991377af2e8e4dcd801a9fa627e63694a22ae6382600846f086772415932f3bd58dd82847f61d575657b694bfd572f5882de2f6854e29295c9a47eabce8c72cf515859bb3b217022fea64cd8f205469ca8829351294691c258c8dd6587e87134261c42b220075012a1a7f38f9c17b23e888c7b846b0fb53f544d8170481d6d77c137815bd53dd785b310f7c4128253efdb6d97961112111d25e2c4dfd51072dbf568406c8e937d92b9275a7036d0fe6ea8ccbc40c6ad35876a3d5c317c560e0df5dd8f6c422f0c6ab5b74bf4b083b904bf44778c69eb66d8f56b9167e5a63709181fc930667d8ca7b99bf498fd0f1ea210429456d21727ba5c565a1af3954213d8a0d9c7087a6396a7d9cd04583d04ac45bd1430aa2755bc85ab9ac560f834d6bf31656992441e0096c118848869b0e01ba1affea4145f741f87df26cea1a16d7f087ae92938b6ec9b53eb2b1fb9168c5515d1d43b787387ebe67b93e1faf02deb3492d6dbdc9c9d63427923111ba042c2e00bf8c761bdec14acfb536342c0ccfe301ada3a23eff5664ed9831c229bc634397c765ef9aaeda3087bfe1f183b20cca051d72e73dcc5f557152554"], 0x1b0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4000004, 0x32, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a802b8c7494f90224fc600b00000004000400070082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

3.244701123s ago: executing program 4 (id=3716):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x10000, 0x4)
sendmsg$inet6(r0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={&(0x7f0000000380)="d7ff84a181fec263f009d32fbd23de29e8851f7bf00322c0bd8f555ea3457f943bd8e76bf8d623fcc5e879f47fc12d6e29e2acce4e23f05728709d595ddf4272c39ffb8399b349bf8596fea5309923f80c0dbab95fc59ca54364674ea333838dc47fe5e3d950bac81204088db0148b639110c2f3aec25f3dbdae1eb0130c138649d52789182e4f462fbef5b6f178061c68ec97c5e5477e5de030fc35cafe2326d44566aeb28b3e2bc8502a08755cb7bf4446a7c191ee089fee1344fa90f4633b11f1223a2cd8142a8e31c4f9a110d9f348c678f4e6d1b56112536e2412b0e9178ec1e2a6850904e5b7664dbc70ab", &(0x7f00000001c0)=""/21, &(0x7f0000000200)="e3bba1f42527491cb68e9662f5bd077e61fc0756f0a65f1567cb0ceecb3356e0e29646a75ae5b64c70a2589d1f40411c39", &(0x7f0000000500)="78199b73348fd4fa10cd7e8c5baa106ad38cd4eedd26f276597737be4542989b4c37ebdadb851b2fcbb49a9c5c6e6592950ab9689555034b39aa9fb08c52b5212e8221456208bee76be4bc06dc5433b1302c659aa9a89938d944a6b4062325f4de5ba4b57ae6e6caa84ceec8a6a947773ffd6cd827e6dac9af2698b87f8d5da3345c", 0x1, 0xffffffffffffffff, 0x4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})

3.141958649s ago: executing program 4 (id=3718):
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
close(r0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xc)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000140)={@map=<r2=>0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, 0x0, 0x0}, 0x20)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x300, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {0x6, 0xa}, {0x4}}, [""]}, 0x24}}, 0x0)
pipe(&(0x7f0000000d00))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x9}, 0x8)
socket$key(0xf, 0x3, 0x2)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00', 0x0, 0x10}, 0x18)
sendmmsg$inet(r1, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x6f3c, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000140)=@gcm_128={{0x304}, "dff336eba8b673dd", "f340ecf2e3004ea56c23fb129988001c", "52fa8b86", "50b676e6bcc2341f"}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0xf, &(0x7f0000000040)=ANY=[@ANYRES8=r2, @ANYRES8=r3, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x13, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000061109400000000009500000000000000194deb761ce12fcd550ed5f4074f54ccbf443d77c6756a2ea07f35d85bd9f17dec6e8f4e12f99650df09c661eb5c1425ed0ab855b632d74f2c7b58e381a5"], &(0x7f0000000240)='GPL\x00'}, 0x90)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0xd0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

3.112125289s ago: executing program 0 (id=3719):
r0 = socket$inet(0x2b, 0x801, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x4}, 0x6)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @private, 0x15, 0x0, 'dh\x00'}, 0x2c)
sendto$inet(r0, 0x0, 0x0, 0x24000001, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x9eff)

3.056438841s ago: executing program 0 (id=3721):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c0002"], 0x24}}, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@li, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x6, &(0x7f00000001c0)=""/231}, 0x90)
r4 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r6, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x34}}, 0x0)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00042abd7000fcdbdf250700000014f4060076657468315f766972745f77696669002f00070073797374656d5f753a6f626a656d616e6167655f7472616e735f6c6f636b5f743a73300000"], 0x58}, 0x1, 0x0, 0x0, 0x4c805}, 0x4c800)
listen(r4, 0x4)
r8 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r8, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)

3.038364968s ago: executing program 3 (id=3722):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600b24f5001c0600fe8000000009000000000000000000b9fe80000000000008"], 0x0)

3.015565981s ago: executing program 2 (id=2050):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r9, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r10, @ANYBLOB="000000009ecf6316d4f666263a4ccbfd5f47d7e56863ad5dfca141ad55b45b3cf7387769a855be6398401e6bf58d49a5bc0c3913b4b910d206662e4d6f6efb6b9d31138a02b023a3e91fa3842b45c64f952d7565dc3adf90f8d62a13817c7ee5a3fdbf4dcb028b687356825b801aeb011fb0b18a9f3bcbe87dc0ccc18afd2ff3e82b59a116f99f1291c08163c8ee16b929c18211a8c8efe67f89b225468b0cf5ddeb53e7f4cdaa5c21812a5d929846ac5ba2"], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x6b, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201f0b9de5e4761"}, {@broadcast, @device_b}]}, 0x15a)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)
r11 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r11, 0x89e2, &(0x7f0000000000)=@bcast)

2.972918797s ago: executing program 0 (id=3723):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=@framed={{}, [@map_val, @map_val={0x18, 0x0, 0x2, 0x0, r3}, @alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}]}, 0x0}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8931, &(0x7f0000000900)={'ip6gre0\x00', @random="0600002000"})

1.514377587s ago: executing program 0 (id=3724):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000000c0005006c000000000000000c0002000000000000000000040007800c000800000000000000000008000100000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r3, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100", @ANYBLOB="06"], 0x90}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @dev}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ip6tnl0\x00'}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4}}}]}, 0x64}}, 0x0)
writev(r6, &(0x7f0000000140)=[{&(0x7f00000000c0)="39000000130003470fbb65e1c3e4ffff060060001f000000560000002500000019001a001500020007fd17e5ff8e0606040020000000000000", 0x39}], 0x1)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r8=>0x0})
bind$packet(r4, &(0x7f00000000c0)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @local}, 0x14)
bind$packet(r5, &(0x7f0000000100)={0x11, 0x0, r8}, 0x14)
syz_emit_ethernet(0x22, &(0x7f00000001c0)=ANY=[], 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)={0x14}, 0x14}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x0)

1.513703378s ago: executing program 1 (id=3725):
socket$netlink(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000300))
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
write$binfmt_script(r2, 0x0, 0xfffffe5d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x0, 0x82, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_EXPECTED_FD={0x8}]}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r10}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r11, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000000000000002020207b0af8ff00004e0000bfa100000000000007010000f8ffffffb702000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r12}, 0x10)
write$cgroup_type(r3, &(0x7f0000000140), 0x9)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r13, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64"], 0x3c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14)

1.513089172s ago: executing program 3 (id=3726):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001c40)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x25}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

1.489642487s ago: executing program 4 (id=3727):
close(0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x268040, 0x0)
unshare(0x24020400)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040))
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)={@map, 0xffffffffffffffff, 0x3, 0x12, 0xffffffffffffffff, @prog_id}, 0x20)
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/107, 0x6b}, {&(0x7f0000000340)=""/201, 0xc9}, {&(0x7f0000000440)=""/226, 0xe2}], 0x3, 0x4, 0x9)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)

1.395463968s ago: executing program 3 (id=3728):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x10000, 0x4)
sendmsg$inet6(r0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={&(0x7f0000000380)="d7ff84a181fec263f009d32fbd23de29e8851f7bf00322c0bd8f555ea3457f943bd8e76bf8d623fcc5e879f47fc12d6e29e2acce4e23f05728709d595ddf4272c39ffb8399b349bf8596fea5309923f80c0dbab95fc59ca54364674ea333838dc47fe5e3d950bac81204088db0148b639110c2f3aec25f3dbdae1eb0130c138649d52789182e4f462fbef5b6f178061c68ec97c5e5477e5de030fc35cafe2326d44566aeb28b3e2bc8502a08755cb7bf4446a7c191ee089fee1344fa90f4633b11f1223a2cd8142a8e31c4f9a110d9f348c678f4e6d1b56112536e2412b0e9178ec1e2a6850904e5b7664dbc70ab", &(0x7f00000001c0)=""/21, &(0x7f0000000200)="e3bba1f42527491cb68e9662f5bd077e61fc0756f0a65f1567cb0ceecb3356e0e29646a75ae5b64c70a2589d1f40411c39", &(0x7f0000000500)="78199b73348fd4fa10cd7e8c5baa106ad38cd4eedd26f276597737be4542989b4c37ebdadb851b2fcbb49a9c5c6e6592950ab9689555034b39aa9fb08c52b5212e8221456208bee76be4bc06dc5433b1302c659aa9a89938d944a6b4062325f4de5ba4b57ae6e6caa84ceec8a6a947773ffd6cd827e6dac9af2698b87f8d5da3345c", 0x1, 0xffffffffffffffff, 0x4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})

499.807093ms ago: executing program 4 (id=3729):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x26, 0x1f, 0x4, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

438.886467ms ago: executing program 0 (id=3730):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000400)={0x1f, @none}, 0x8)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0x13, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x20}, {0x6}]}, 0x10)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x20, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000280)='_', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0), 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000140)={0x20})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'bridge0\x00', &(0x7f0000000000)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}})

385.701523ms ago: executing program 4 (id=3731):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000280000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000bc0)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r2)
sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x24, r3, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x82}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4008880)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
getgid()

364.664138ms ago: executing program 3 (id=3732):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'gre0\x00', &(0x7f0000000000)={'gre0\x00', <r1=>0x0, 0x20, 0x20, 0x80, 0xa, {{0xb, 0x4, 0x3, 0x3d, 0x2c, 0x68, 0x0, 0x77, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x23}, @loopback, {[@generic={0x94, 0xe, "0ddb683fd6a950de543fe2d4"}, @lsrr={0x83, 0x7, 0xa3, [@empty]}]}}}}})
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000000c0)={@private1, 0x38, r1})
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x2, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_EXPECT_HELP_NAME={0xe, 0x6, 'snmp_trap\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000)
r4 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r4, &(0x7f0000001280)={0x2c, 0x9, r1, 0x3a}, 0x10)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_NODELAY(r5, 0x84, 0x3, &(0x7f00000012c0), &(0x7f0000001300)=0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001380), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000001440)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x3c, r7, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0x400}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0xfffffff4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x9}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0xfffffffa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000001480)=""/248, &(0x7f0000001580)=0xf8)
r8 = accept4$netrom(0xffffffffffffffff, &(0x7f00000015c0)={{0x3, @bcast}, [@rose, @default, @rose, @bcast, @bcast, @netrom, @null, @bcast]}, &(0x7f0000001640)=0x48, 0x800)
accept$netrom(r8, &(0x7f0000001680)={{0x3, @bcast}, [@bcast, @null, @netrom, @remote, @null, @netrom, @bcast, @default]}, &(0x7f0000001700)=0x48)
r9 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_VIF(r9, 0x0, 0xcb, &(0x7f0000001740)={0x1, 0x8, 0x2, 0x6, @vifc_lcl_ifindex=r1, @local}, 0x10)
unshare(0x400)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(r8, 0x8934, &(0x7f0000001780)={'veth1_to_team\x00', 0x3})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001800), r6)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001840)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001940)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001900)={&(0x7f0000001880)={0x60, r10, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x70f}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1155}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x810}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x6}, @device_a, @device_a, @random="e28b9881062d", {0x7, 0x1}}, 0x1f, @void}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8005}, 0x2040000)
connect$packet(0xffffffffffffffff, &(0x7f0000001980)={0x11, 0x1b, r1, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x14)
socket$inet6(0xa, 0x6, 0xa69)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r8, 0x8010671f, &(0x7f00000029c0)={&(0x7f00000019c0)=""/4096, 0x1000})
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r5, 0xf507, 0x0)

359.288933ms ago: executing program 1 (id=3733):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c0002"], 0x24}}, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@li, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x6, &(0x7f00000001c0)=""/231}, 0x90)
r4 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r6, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x34}}, 0x0)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00042abd7000fcdbdf250700000014f4060076657468315f766972745f77696669002f00070073797374656d5f753a6f626a656d616e6167655f7472616e735f6c6f636b5f743a73300000"], 0x58}, 0x1, 0x0, 0x0, 0x4c805}, 0x4c800)
listen(r4, 0x4)
r8 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r8, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)

245.089968ms ago: executing program 0 (id=3734):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

197.705668ms ago: executing program 4 (id=3735):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) (fail_nth: 2)

162.538929ms ago: executing program 3 (id=3736):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x10, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8)
sendmmsg$inet6(r1, &(0x7f0000005180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="8252", 0x2}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)=[@tclass={{0x14, 0x29, 0x43, 0x56408b9f}}], 0x18}}], 0x2, 0x4404c000)
close(0xffffffffffffffff)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r3, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x111, 0x2, 0x0, 0x20000000)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0xb, 0x0, 0x0)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d00)=ANY=[@ANYRES16, @ANYBLOB], 0x20}}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x10)

97.750057ms ago: executing program 1 (id=3737):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getpid()
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd2832b9ac4c9693141785b844f706c8137d0ebf12347ee82f9bd1968c51803a81998a149178952f712f57c09038a8f8a2e871a1f3b026ec617a77cb2163cea2164504b5ae989034b7ceb91545c2d968b9852181505afb7422606d1db2982240a7583260c32f5e3ea677edfeffc6cb30ef79c96938f7b571a3747042c4db17296ea799f65205b5cc2bf60f5921db65d28ae0a3ce76601fb0dfc04c7fa3900aff36af6c018df195fe6e97e6aa3a81c06130489c24b82c920681d3efb1fc33c73f8645ff0baa0be3a9a92b601f9602a2ef119e527c156bd8d8c91ec92baed92c43bc153fb5c7a5b08f8c8c03b0d266bcadbb061ae5e0f15eab9ba116923a27d961377383fae7b837a448e786371140ee20733f1fc82b565f4f1dc3859c49c5e9e18180e8511ddf854609ed7fcb50ca1c43934883488c9689e0de4f05ee35a254c900b2dee53673e959ae5adbc3f793917ad556654e4df993f2bbd4b9b9259efdcbd3c3c2d315cb1c92438cdea1792c390cef68d3926d44cd9361912518732211458bdc92f855c9c018e3a7b35da0d8c8f934dbc3cfba39a9fa99e1a76759d09e705e0e4d84a32987c661b2e3f58ca446ca835fabdaf163ae94f2a59481ab62298d4350ae9358fdbd2b1b20da4afaaf2982903c2805b6caf71719d0d74852ae8414baa491363af0d20a7ad133b81356c30e77d036ba519867fe35391c36ecd0464b40a3871637dc81af3c19f59f347749cb07ac25f96e0cbf84288d32aff6dcd9cd2ebbd905d53dc87b14002cf971df0b76c5171e392f78cd002fd34a28454a32531ab9fccb16820b462bd13005da9d2fbd0ed02a4a7527b9b40b939bbf0686d16fa3070f129ae48da709408dfdb12c661148e282d50794b34b2e15236bf2f967bba67a7c650a02743ec3b852b5511c1ab32efc7d85a97bb622935b72d5c06e7bde3f389172684a6e61c852f6ec2a323858f67f8f9dde9f9eaa26cfcf958dafe5ed23b6c06f094fa1550ce0a39447769218060cb9e78a0e6f61a08b629e2512d8972a2a337b0b6b97220d292af823b8800ef45e72089659a0b1cbc750d6491d55f9bde4d1c4abe796d6951be456b8ad327794ddc74042c9e303832ccbf2d2fcb6d01007b8cf0552b568af89adc9b198cbea6b8137ef70ad16919ade2bdbd29d23c78c04cce6dedf07598d33841d8f02f7ed5a349fddbc742ea7e742636a2cb4ff663192cb1102adcc019b92caac00f5a644afc2d03b68f933aa6b8eddd6c39a0de8913034a0b48ddabd39aee173350f3dfa0329c308fb94e3528e", 0x498}, {&(0x7f00000002c0)="e4d561e9744108000000e9b4ec081c8eb4534bc5b9284f843e2bc71745", 0x1d}, {&(0x7f0000001e80)="d05d67afc746cff8fa10e483e9eaae867d31e22831b4bea09d2b9e867d06ab0eccd98dee45bbd11af441dc93334d0270f6527428cf0d1bef4f5789bf5acf2e44d415c2e774b8af25275915bdd38fe5a74b87a4d9a1848ed513f92bb0672d88425bcf9fdc7b07cdeb96451ccf522215e76dae12391d3fc0258ca86ea22eb857bfc7f9dc565f3e2dd7412060421997bb92", 0x90}, {&(0x7f0000000980)="21e35e62c07eb3b95754d4c8ae60419349648a512aab6c478d95c5f71f25ceb5079ce5da8adbc54a10dcc07e36d67d4b880ae396b5c3de2ab65094fa", 0x3c}], 0x4}}], 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000040), 0x4)
write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xbf)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000004680)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000045c0)={0x2c, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x20004890)
pipe(&(0x7f00000001c0))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff05000700263a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f"], 0x3}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r7, &(0x7f0000004540)=[{{&(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x240080e4)
setsockopt$inet_udp_int(r7, 0x11, 0x67, &(0x7f0000000040)=0xffff, 0x4)
sendmmsg$inet(r7, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000580)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}}], 0x2, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$team(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000014c0)={0x20, r9, 0x1, 0x0, 0x0, {0x2}, [{{0x8}, {0x4}}]}, 0x20}}, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r6, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x6}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @broadcast}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x850}, 0x40045)

0s ago: executing program 3 (id=3738):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000001840)=[{{&(0x7f0000000000)={0x2, 0x4e26, @remote}, 0x10, 0x0, 0xfd}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1c"], 0x20}}], 0x2, 0x0)

kernel console output (not intermixed with test programs):

57][T14301] macvtap1: left promiscuous mode
[  279.693230][T14301] macvtap1: left allmulticast mode
[  279.735792][T14309] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3014'.
[  279.737567][T14306] lo speed is unknown, defaulting to 1000
[  279.931238][T14316] netlink: 'syz.1.3016': attribute type 3 has an invalid length.
[  279.939201][T14316] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.3016'.
[  280.039436][T14318] vlan3: entered promiscuous mode
[  280.048122][T14318] syz_tun: entered promiscuous mode
[  280.053984][T14318] vlan3: entered allmulticast mode
[  280.060321][T14318] syz_tun: entered allmulticast mode
[  280.085237][T14318] syz_tun: left allmulticast mode
[  280.090553][T14318] syz_tun: left promiscuous mode
[  280.182264][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.382746][T14308] syz.3.3013 uses old SIOCAX25GETINFO
[  281.215918][T14330] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3021'.
[  281.531234][T14351] netlink: 'syz.3.3029': attribute type 29 has an invalid length.
[  281.550654][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  281.568280][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  281.577851][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  281.590002][T14351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3029'.
[  281.600697][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  281.610224][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  281.618676][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  281.803924][T14352] lo speed is unknown, defaulting to 1000
[  281.829374][T14366] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3034'.
[  282.069601][T14372] netlink: 'syz.4.3037': attribute type 13 has an invalid length.
[  282.081897][T14372] netlink: 23 bytes leftover after parsing attributes in process `syz.4.3037'.
[  282.168461][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.261253][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.433452][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.526602][T14395] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3045'.
[  282.785617][T14352] chnl_net:caif_netlink_parms(): no params data found
[  282.857948][   T51] bridge_slave_1: left allmulticast mode
[  282.877647][   T51] bridge_slave_1: left promiscuous mode
[  282.908547][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.931312][   T51] bridge_slave_0: left allmulticast mode
[  282.946719][   T51] bridge_slave_0: left promiscuous mode
[  282.958560][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.409181][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  283.426918][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  283.438957][   T51] bond0 (unregistering): Released all slaves
[  283.495296][ T5106] Bluetooth: hci1: command 0x0405 tx timeout
[  283.645049][ T5106] Bluetooth: hci2: command tx timeout
[  283.804458][T14352] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.814277][T14352] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.830166][T14352] bridge_slave_0: entered allmulticast mode
[  283.842201][T14352] bridge_slave_0: entered promiscuous mode
[  283.859876][T14352] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.867478][T14453] netlink: 'syz.1.3066': attribute type 1 has an invalid length.
[  283.881933][T14352] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.891467][T14352] bridge_slave_1: entered allmulticast mode
[  283.906593][T14352] bridge_slave_1: entered promiscuous mode
[  283.928780][T14452] netlink: 'syz.1.3066': attribute type 4 has an invalid length.
[  284.092413][T14352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.117589][T14352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.275179][T14352] team0: Port device team_slave_0 added
[  284.405538][T14477] Êü: entered promiscuous mode
[  284.445677][T14352] team0: Port device team_slave_1 added
[  284.516602][T14485] __nla_validate_parse: 6 callbacks suppressed
[  284.516621][T14485] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3077'.
[  284.563144][T14476] openvswitch: Êü: Dropping previously announced user features
[  284.612852][   T51] hsr_slave_0: left promiscuous mode
[  284.644265][   T51] hsr_slave_1: left promiscuous mode
[  284.674101][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  284.687093][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  284.695747][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  284.704424][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  284.741248][   T51] veth1_macvtap: left promiscuous mode
[  284.755021][   T51] veth0_macvtap: left promiscuous mode
[  284.760684][   T51] veth1_vlan: left promiscuous mode
[  284.785624][   T51] veth0_vlan: left promiscuous mode
[  284.792432][T14501] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3083'.
[  285.232816][   T51] team0 (unregistering): Port device team_slave_1 removed
[  285.270215][   T51] team0 (unregistering): Port device team_slave_0 removed
[  285.662230][T14487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3078'.
[  285.692920][T14352] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.702984][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.744889][ T5106] Bluetooth: hci2: command tx timeout
[  285.766898][T14352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.787457][T14352] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.809997][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.847915][T14352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  286.013312][T14352] hsr_slave_0: entered promiscuous mode
[  286.036502][T14352] hsr_slave_1: entered promiscuous mode
[  286.052427][T14352] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  286.071389][T14352] Cannot create hsr debugfs directory
[  286.432120][T14540] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3095'.
[  287.031393][T14352] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  287.060292][T14352] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  287.092495][T14352] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  287.118539][T14352] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  287.128785][T14566] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3107'.
[  287.334499][T14352] 8021q: adding VLAN 0 to HW filter on device bond0
[  287.370455][T14352] 8021q: adding VLAN 0 to HW filter on device team0
[  287.404052][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.411267][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.447539][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.454731][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.587704][T14352] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  287.607504][T14352] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  287.697954][T14594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  287.761135][T14593] IPVS: Error connecting to the multicast addr
[  287.805115][ T5106] Bluetooth: hci2: command tx timeout
[  287.947532][T14352] 8021q: adding VLAN 0 to HW filter on device batadv0
[  288.009176][T14608] xt_hashlimit: size too large, truncated to 1048576
[  288.028219][T14608] xt_hashlimit: overflow, try lower: 0/0
[  288.039065][T14352] veth0_vlan: entered promiscuous mode
[  288.059041][T14609] sctp: [Deprecated]: syz.0.3122 (pid 14609) Use of struct sctp_assoc_value in delayed_ack socket option.
[  288.059041][T14609] Use struct sctp_sack_info instead
[  288.068917][T14352] veth1_vlan: entered promiscuous mode
[  288.150036][T14352] veth0_macvtap: entered promiscuous mode
[  288.164115][T14352] veth1_macvtap: entered promiscuous mode
[  288.194297][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  288.228291][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.250572][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  288.266382][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.291394][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  288.313739][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.330299][T14623] netlink: 'syz.3.3127': attribute type 29 has an invalid length.
[  288.333507][T14352] batman_adv: batadv0: Interface activated: batadv_slave_0
[  288.340536][T14623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3127'.
[  288.372752][T14621] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3126'.
[  288.388311][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.389304][T14615] netlink: 412 bytes leftover after parsing attributes in process `syz.1.3126'.
[  288.402220][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.421973][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.433799][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.450420][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.462659][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.484355][T14352] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  288.510298][T14352] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.522861][T14352] batman_adv: batadv0: Interface activated: batadv_slave_1
[  288.535293][T14352] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  288.544163][T14352] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  288.553394][T14352] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  288.563169][T14352] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  288.576786][T14623] netlink: 'syz.3.3127': attribute type 29 has an invalid length.
[  288.585642][T14623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3127'.
[  288.679456][T14631] net_ratelimit: 57 callbacks suppressed
[  288.679474][T14631] openvswitch: netlink: Missing key (keys=40, expected=80)
[  288.800347][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.838198][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  288.900405][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  288.914354][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  289.168923][T14648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3137'.
[  289.338676][T14662] netlink: 'syz.1.3141': attribute type 11 has an invalid length.
[  289.539336][T14672] __nla_validate_parse: 1 callbacks suppressed
[  289.539355][T14672] netlink: 210568 bytes leftover after parsing attributes in process `syz.1.3146'.
[  289.559733][T14672] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16)
[  289.569888][T14673] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3146'.
[  289.599053][T14673] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3146'.
[  289.604716][T14672] openvswitch: netlink: Message has 4 unknown bytes.
[  289.934049][T14696] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3156'.
[  289.952984][T14692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3154'.
[  289.966659][T14692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3154'.
[  289.996302][T14692] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3154'.
[  290.223839][T14711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3160'.
[  290.408735][T14727] sctp: [Deprecated]: syz.1.3165 (pid 14727) Use of int in max_burst socket option.
[  290.408735][T14727] Use struct sctp_assoc_value instead
[  290.600582][T14744] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3171'.
[  290.610581][T14742] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3170'.
[  291.101443][T14768] netlink: 'syz.1.3179': attribute type 9 has an invalid length.
[  291.271387][T14775] ebt_among: dst integrity fail: 102
[  291.648677][   T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.777013][T14803] FAULT_INJECTION: forcing a failure.
[  292.777013][T14803] name failslab, interval 1, probability 0, space 0, times 0
[  292.790654][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  292.793603][T14803] CPU: 1 PID: 14803 Comm: syz.0.3194 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  292.807956][T14803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  292.818036][T14803] Call Trace:
[  292.821328][T14803]  <TASK>
[  292.824272][T14803]  dump_stack_lvl+0x241/0x360
[  292.828971][T14803]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.834189][T14803]  ? __pfx__printk+0x10/0x10
[  292.835359][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  292.838793][T14803]  ? netlink_insert+0x10b7/0x14b0
[  292.838823][T14803]  should_fail_ex+0x3b0/0x4e0
[  292.852505][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  292.855397][T14803]  ? __alloc_skb+0x1c3/0x440
[  292.855427][T14803]  should_failslab+0x9/0x20
[  292.865720][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  292.866898][T14803]  kmem_cache_alloc_node_noprof+0x71/0x320
[  292.871989][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  292.878295][T14803]  __alloc_skb+0x1c3/0x440
[  292.878328][T14803]  ? __pfx___alloc_skb+0x10/0x10
[  292.884493][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  292.891033][T14803]  ? netlink_autobind+0xd6/0x2f0
[  292.891059][T14803]  ? netlink_autobind+0x2b0/0x2f0
[  292.891083][T14803]  netlink_sendmsg+0x638/0xcb0
[  292.891113][T14803]  ? __pfx_netlink_sendmsg+0x10/0x10
[  292.927383][T14803]  ? aa_sock_msg_perm+0x91/0x160
[  292.932321][T14803]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  292.937593][T14803]  ? security_socket_sendmsg+0x87/0xb0
[  292.943044][T14803]  ? __pfx_netlink_sendmsg+0x10/0x10
[  292.948414][T14803]  __sock_sendmsg+0x221/0x270
[  292.953088][T14803]  sock_write_iter+0x2dd/0x400
[  292.957848][T14803]  ? __pfx_sock_write_iter+0x10/0x10
[  292.963132][T14803]  ? bpf_lsm_file_permission+0x9/0x10
[  292.968494][T14803]  ? security_file_permission+0x7f/0xa0
[  292.974038][T14803]  vfs_write+0xa72/0xc90
[  292.978366][T14803]  ? __pfx_sock_write_iter+0x10/0x10
[  292.983641][T14803]  ? __pfx_vfs_write+0x10/0x10
[  292.988412][T14803]  ksys_write+0x1a0/0x2c0
[  292.992735][T14803]  ? __pfx_ksys_write+0x10/0x10
[  292.997578][T14803]  ? do_syscall_64+0x100/0x230
[  293.002335][T14803]  ? do_syscall_64+0xb6/0x230
[  293.007008][T14803]  do_syscall_64+0xf3/0x230
[  293.011501][T14803]  ? clear_bhb_loop+0x35/0x90
[  293.016177][T14803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.022077][T14803] RIP: 0033:0x7f2c4df75bd9
[  293.026558][T14803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.046156][T14803] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  293.054576][T14803] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  293.062558][T14803] RDX: 0000000000000024 RSI: 0000000020000800 RDI: 0000000000000003
[  293.070529][T14803] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  293.078502][T14803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.086475][T14803] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  293.094456][T14803]  </TASK>
[  293.126830][T14806] ebt_among: dst integrity fail: 102
[  293.235302][T14802] lo speed is unknown, defaulting to 1000
[  293.358724][T14819] netlink: 'syz.1.3199': attribute type 10 has an invalid length.
[  293.615372][T14819] team0: Port device netdevsim0 added
[  293.820947][T14836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.959890][   T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.006934][T14802] chnl_net:caif_netlink_parms(): no params data found
[  294.057035][   T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.171545][   T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.243450][T14802] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.254115][T14802] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.261574][T14802] bridge_slave_0: entered allmulticast mode
[  294.269326][T14802] bridge_slave_0: entered promiscuous mode
[  294.284015][T14802] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.291917][T14802] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.304273][T14802] bridge_slave_1: entered allmulticast mode
[  294.311690][T14802] bridge_slave_1: entered promiscuous mode
[  294.361965][T14802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  294.382319][T14802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.503103][T14802] team0: Port device team_slave_0 added
[  294.537268][T14802] team0: Port device team_slave_1 added
[  294.703793][T14802] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.714201][T14802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.741210][T14802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.753438][T14873] ebt_among: dst integrity fail: 102
[  294.755137][T14802] batman_adv: batadv0: Adding interface: batadv_slave_1
[  294.782972][T14802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.817378][T14802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.897650][   T35] bridge_slave_1: left allmulticast mode
[  294.904572][   T35] bridge_slave_1: left promiscuous mode
[  294.917381][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.927702][   T35] bridge_slave_0: left allmulticast mode
[  294.933464][   T35] bridge_slave_0: left promiscuous mode
[  294.946571][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.165862][ T5106] Bluetooth: hci2: command tx timeout
[  295.370044][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.382157][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.393254][   T35] bond0 (unregistering): Released all slaves
[  295.496218][T14884] __nla_validate_parse: 12 callbacks suppressed
[  295.496238][T14884] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3219'.
[  295.517659][T14888] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3221'.
[  295.559260][T14802] hsr_slave_0: entered promiscuous mode
[  295.580504][T14802] hsr_slave_1: entered promiscuous mode
[  295.603464][T14802] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.620012][T14802] Cannot create hsr debugfs directory
[  295.953972][T14910] ebt_among: dst integrity fail: 102
[  296.140524][T14916] FAULT_INJECTION: forcing a failure.
[  296.140524][T14916] name failslab, interval 1, probability 0, space 0, times 0
[  296.167264][T14916] CPU: 0 PID: 14916 Comm: syz.3.3231 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  296.177452][T14916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  296.187522][T14916] Call Trace:
[  296.190814][T14916]  <TASK>
[  296.193760][T14916]  dump_stack_lvl+0x241/0x360
[  296.198460][T14916]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.203676][T14916]  ? __pfx__printk+0x10/0x10
[  296.208291][T14916]  ? __pfx___might_resched+0x10/0x10
[  296.213589][T14916]  ? dynamic_dname+0x141/0x1b0
[  296.218368][T14916]  should_fail_ex+0x3b0/0x4e0
[  296.223050][T14916]  ? tomoyo_encode+0x26f/0x540
[  296.227804][T14916]  should_failslab+0x9/0x20
[  296.232305][T14916]  __kmalloc_noprof+0xd8/0x400
[  296.237071][T14916]  tomoyo_encode+0x26f/0x540
[  296.241652][T14916]  ? __pfx_sockfs_dname+0x10/0x10
[  296.246758][T14916]  tomoyo_realpath_from_path+0x59e/0x5e0
[  296.252394][T14916]  tomoyo_path_number_perm+0x23a/0x880
[  296.257852][T14916]  ? tomoyo_path_number_perm+0x208/0x880
[  296.263477][T14916]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  296.269480][T14916]  ? __fget_files+0x29/0x470
[  296.274065][T14916]  ? __fget_files+0x3f6/0x470
[  296.278734][T14916]  ? __fget_files+0x29/0x470
[  296.283321][T14916]  security_file_ioctl+0x75/0xb0
[  296.288257][T14916]  __se_sys_ioctl+0x47/0x170
[  296.292850][T14916]  do_syscall_64+0xf3/0x230
[  296.297350][T14916]  ? clear_bhb_loop+0x35/0x90
[  296.302023][T14916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.307910][T14916] RIP: 0033:0x7ff5b3d75bd9
[  296.312319][T14916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.331917][T14916] RSP: 002b:00007ff5b4b3f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.340327][T14916] RAX: ffffffffffffffda RBX: 00007ff5b3f03f60 RCX: 00007ff5b3d75bd9
[  296.348290][T14916] RDX: 0000000020000000 RSI: 0000000000008b04 RDI: 0000000000000003
[  296.356257][T14916] RBP: 00007ff5b4b3f0a0 R08: 0000000000000000 R09: 0000000000000000
[  296.364395][T14916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.372360][T14916] R13: 000000000000000b R14: 00007ff5b3f03f60 R15: 00007ffc11f7b4b8
[  296.380343][T14916]  </TASK>
[  296.404454][T14916] ERROR: Out of memory at tomoyo_realpath_from_path.
[  296.550575][   T35] hsr_slave_0: left promiscuous mode
[  296.557291][   T35] hsr_slave_1: left promiscuous mode
[  296.564049][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.572032][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.585163][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.592760][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  296.620385][   T35] veth1_macvtap: left promiscuous mode
[  296.626835][   T35] veth0_macvtap: left promiscuous mode
[  296.632459][   T35] veth1_vlan: left promiscuous mode
[  296.639232][   T35] veth0_vlan: left promiscuous mode
[  297.084852][   T35] team0 (unregistering): Port device team_slave_1 removed
[  297.130134][   T35] team0 (unregistering): Port device team_slave_0 removed
[  297.245013][ T5106] Bluetooth: hci2: command tx timeout
[  297.578908][T14929] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3235'.
[  297.677876][T14936] netlink: 'syz.3.3238': attribute type 10 has an invalid length.
[  297.701808][T14936] batman_adv: batadv0: Adding interface: team0
[  297.716159][T14936] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.773193][T14936] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  297.881674][T14946] netlink: 'syz.3.3240': attribute type 10 has an invalid length.
[  297.981635][T14952] FAULT_INJECTION: forcing a failure.
[  297.981635][T14952] name failslab, interval 1, probability 0, space 0, times 0
[  298.017062][T14952] CPU: 1 PID: 14952 Comm: syz.0.3242 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  298.027247][T14952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  298.037299][T14952] Call Trace:
[  298.040574][T14952]  <TASK>
[  298.043494][T14952]  dump_stack_lvl+0x241/0x360
[  298.048176][T14952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.048778][T14802] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  298.053372][T14952]  ? __pfx__printk+0x10/0x10
[  298.053407][T14952]  ? netlink_insert+0x10b7/0x14b0
[  298.053430][T14952]  should_fail_ex+0x3b0/0x4e0
[  298.067603][T14954] ebt_among: dst integrity fail: 102
[  298.069652][T14952]  ? __alloc_skb+0x1c3/0x440
[  298.069683][T14952]  should_failslab+0x9/0x20
[  298.088725][T14952]  kmem_cache_alloc_node_noprof+0x71/0x320
[  298.094543][T14952]  __alloc_skb+0x1c3/0x440
[  298.098960][T14952]  ? __pfx___alloc_skb+0x10/0x10
[  298.103894][T14952]  ? netlink_autobind+0xd6/0x2f0
[  298.108833][T14952]  ? netlink_autobind+0x2b0/0x2f0
[  298.113852][T14952]  netlink_sendmsg+0x638/0xcb0
[  298.118618][T14952]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.123896][T14952]  ? __import_iovec+0x536/0x820
[  298.128741][T14952]  ? aa_sock_msg_perm+0x91/0x160
[  298.133680][T14952]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  298.138959][T14952]  ? security_socket_sendmsg+0x87/0xb0
[  298.144413][T14952]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.149694][T14952]  __sock_sendmsg+0x221/0x270
[  298.154365][T14952]  ____sys_sendmsg+0x525/0x7d0
[  298.159148][T14952]  ? __pfx_____sys_sendmsg+0x10/0x10
[  298.164439][T14952]  __sys_sendmsg+0x2b0/0x3a0
[  298.169027][T14952]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.174130][T14952]  ? vfs_write+0x7c4/0xc90
[  298.178571][T14952]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  298.184891][T14952]  ? do_syscall_64+0x100/0x230
[  298.189656][T14952]  ? do_syscall_64+0xb6/0x230
[  298.194329][T14952]  do_syscall_64+0xf3/0x230
[  298.198822][T14952]  ? clear_bhb_loop+0x35/0x90
[  298.203491][T14952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.209374][T14952] RIP: 0033:0x7f2c4df75bd9
[  298.213780][T14952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.233376][T14952] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.241782][T14952] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  298.249748][T14952] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  298.257713][T14952] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  298.265685][T14952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.273644][T14952] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  298.281620][T14952]  </TASK>
[  298.309683][T14802] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  298.584426][T14963] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3244'.
[  298.612567][T14802] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  298.638974][T14802] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  298.743071][T14970] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3248'.
[  298.805733][T14802] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.883953][T14802] 8021q: adding VLAN 0 to HW filter on device team0
[  298.918716][T14973] batadv_slave_1: entered promiscuous mode
[  298.935627][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.942797][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  298.967414][T14983] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3253'.
[  298.997000][T14981] netlink: 'syz.4.3253': attribute type 8 has an invalid length.
[  299.053218][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.060458][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.153197][T14995] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3256'.
[  299.316666][T14971] batadv_slave_1: left promiscuous mode
[  299.326454][ T5106] Bluetooth: hci2: command tx timeout
[  299.450760][T15008] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3262'.
[  299.532037][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3261'.
[  299.541416][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3261'.
[  299.572728][T14802] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.670035][T14802] veth0_vlan: entered promiscuous mode
[  299.690759][T14802] veth1_vlan: entered promiscuous mode
[  299.721976][T14802] veth0_macvtap: entered promiscuous mode
[  299.749649][T14802] veth1_macvtap: entered promiscuous mode
[  299.759648][T15025] FAULT_INJECTION: forcing a failure.
[  299.759648][T15025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.788952][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.799593][T15025] CPU: 1 PID: 15025 Comm: syz.3.3264 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  299.809766][T15025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  299.819834][T15025] Call Trace:
[  299.823127][T15025]  <TASK>
[  299.826076][T15025]  dump_stack_lvl+0x241/0x360
[  299.830778][T15025]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.835995][T15025]  ? __pfx__printk+0x10/0x10
[  299.840609][T15025]  ? __pfx_lock_release+0x10/0x10
[  299.845662][T15025]  should_fail_ex+0x3b0/0x4e0
[  299.850370][T15025]  _copy_from_user+0x2f/0xe0
[  299.854981][T15025]  copy_msghdr_from_user+0xae/0x680
[  299.860198][T15025]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  299.866013][T15025]  __sys_recvmsg+0x252/0x3e0
[  299.870608][T15025]  ? __pfx___sys_recvmsg+0x10/0x10
[  299.875736][T15025]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  299.882060][T15025]  ? do_syscall_64+0x100/0x230
[  299.886826][T15025]  ? do_syscall_64+0xb6/0x230
[  299.891505][T15025]  do_syscall_64+0xf3/0x230
[  299.896002][T15025]  ? clear_bhb_loop+0x35/0x90
[  299.900678][T15025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.906567][T15025] RIP: 0033:0x7ff5b3d75bd9
[  299.910973][T15025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.930570][T15025] RSP: 002b:00007ff5b4b1e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  299.938978][T15025] RAX: ffffffffffffffda RBX: 00007ff5b3f04038 RCX: 00007ff5b3d75bd9
[  299.946941][T15025] RDX: 0000000000000700 RSI: 0000000020000580 RDI: 0000000000000003
[  299.954907][T15025] RBP: 00007ff5b4b1e0a0 R08: 0000000000000000 R09: 0000000000000000
[  299.962869][T15025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.970830][T15025] R13: 000000000000006e R14: 00007ff5b3f04038 R15: 00007ffc11f7b4b8
[  299.978806][T15025]  </TASK>
[  299.983515][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.993795][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.004300][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.014488][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.030824][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.053434][T14802] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.087993][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.099623][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.110285][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.120937][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.131487][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.156655][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.167178][T14802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.178036][T14802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.189820][T14802] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.207376][T14802] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.217797][T14802] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.227461][T14802] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.236482][T14802] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.250465][T15031] batman_adv: batadv1: Adding interface: netdevsim0
[  300.261400][T15031] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.290705][T15031] batman_adv: batadv1: Interface activated: netdevsim0
[  300.457177][ T1047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.481383][ T1047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.562227][ T1047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.580758][ T1047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.963704][T15056] __nla_validate_parse: 1 callbacks suppressed
[  300.963723][T15056] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3279'.
[  300.993438][T15061] netlink: 'syz.1.3280': attribute type 7 has an invalid length.
[  301.019940][T15061] netlink: 'syz.1.3280': attribute type 3 has an invalid length.
[  301.041224][T15061] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3280'.
[  301.051621][T15056] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3279'.
[  301.141968][T15067] FAULT_INJECTION: forcing a failure.
[  301.141968][T15067] name failslab, interval 1, probability 0, space 0, times 0
[  301.185814][T15067] CPU: 1 PID: 15067 Comm: syz.4.3281 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  301.196007][T15067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  301.206076][T15067] Call Trace:
[  301.209377][T15067]  <TASK>
[  301.212323][T15067]  dump_stack_lvl+0x241/0x360
[  301.217033][T15067]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.222252][T15067]  ? __pfx__printk+0x10/0x10
[  301.226869][T15067]  ? ref_tracker_alloc+0x332/0x490
[  301.232009][T15067]  should_fail_ex+0x3b0/0x4e0
[  301.236716][T15067]  ? skb_clone+0x20c/0x390
[  301.241149][T15067]  should_failslab+0x9/0x20
[  301.245656][T15067]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  301.251045][T15067]  skb_clone+0x20c/0x390
[  301.255329][T15067]  __netlink_deliver_tap+0x3cc/0x7c0
[  301.260624][T15067]  ? netlink_deliver_tap+0x2e/0x1b0
[  301.265816][T15067]  netlink_deliver_tap+0x19d/0x1b0
[  301.270921][T15067]  netlink_unicast+0x7be/0x990
[  301.275683][T15067]  ? __pfx_netlink_unicast+0x10/0x10
[  301.280958][T15067]  ? __virt_addr_valid+0x183/0x520
[  301.286069][T15067]  ? __check_object_size+0x49c/0x900
[  301.291353][T15067]  ? bpf_lsm_netlink_send+0x9/0x10
[  301.296471][T15067]  netlink_sendmsg+0x8e4/0xcb0
[  301.301244][T15067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  301.306525][T15067]  ? __import_iovec+0x536/0x820
[  301.311373][T15067]  ? aa_sock_msg_perm+0x91/0x160
[  301.316313][T15067]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  301.321591][T15067]  ? security_socket_sendmsg+0x87/0xb0
[  301.327046][T15067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  301.332324][T15067]  __sock_sendmsg+0x221/0x270
[  301.337000][T15067]  ____sys_sendmsg+0x525/0x7d0
[  301.341770][T15067]  ? __pfx_____sys_sendmsg+0x10/0x10
[  301.347067][T15067]  __sys_sendmsg+0x2b0/0x3a0
[  301.351656][T15067]  ? __pfx___sys_sendmsg+0x10/0x10
[  301.356763][T15067]  ? vfs_write+0x7c4/0xc90
[  301.361206][T15067]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  301.367548][T15067]  ? do_syscall_64+0x100/0x230
[  301.372330][T15067]  ? do_syscall_64+0xb6/0x230
[  301.377013][T15067]  do_syscall_64+0xf3/0x230
[  301.381514][T15067]  ? clear_bhb_loop+0x35/0x90
[  301.386195][T15067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.392089][T15067] RIP: 0033:0x7f9e3eb75bd9
[  301.396504][T15067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.416110][T15067] RSP: 002b:00007f9e3f8a0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  301.424522][T15067] RAX: ffffffffffffffda RBX: 00007f9e3ed03f60 RCX: 00007f9e3eb75bd9
[  301.432497][T15067] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  301.440460][T15067] RBP: 00007f9e3f8a00a0 R08: 0000000000000000 R09: 0000000000000000
[  301.448427][T15067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.456390][T15067] R13: 000000000000000b R14: 00007f9e3ed03f60 R15: 00007ffce0529438
[  301.464366][T15067]  </TASK>
[  301.503362][T15056] team0: Port device bridge0 added
[  301.512763][T15071] netlink: 'syz.1.3282': attribute type 5 has an invalid length.
[  301.548942][T15063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3279'.
[  301.651715][T15074] trusted_key: syz.4.3283 sent an empty control message without MSG_MORE.
[  301.760643][T15080] netlink: 'syz.0.3286': attribute type 9 has an invalid length.
[  302.378128][T15121] FAULT_INJECTION: forcing a failure.
[  302.378128][T15121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  302.392288][T15121] CPU: 1 PID: 15121 Comm: syz.0.3303 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  302.402461][T15121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  302.412521][T15121] Call Trace:
[  302.415810][T15121]  <TASK>
[  302.418745][T15121]  dump_stack_lvl+0x241/0x360
[  302.423417][T15121]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.428605][T15121]  ? __pfx__printk+0x10/0x10
[  302.433189][T15121]  ? __pfx_lock_release+0x10/0x10
[  302.438225][T15121]  should_fail_ex+0x3b0/0x4e0
[  302.442923][T15121]  _copy_from_user+0x2f/0xe0
[  302.447521][T15121]  copy_msghdr_from_user+0xae/0x680
[  302.452747][T15121]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  302.458591][T15121]  __sys_sendmsg+0x23d/0x3a0
[  302.463206][T15121]  ? __pfx___sys_sendmsg+0x10/0x10
[  302.468340][T15121]  ? vfs_write+0x7c4/0xc90
[  302.472789][T15121]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  302.479109][T15121]  ? do_syscall_64+0x100/0x230
[  302.483891][T15121]  ? do_syscall_64+0xb6/0x230
[  302.488562][T15121]  do_syscall_64+0xf3/0x230
[  302.493060][T15121]  ? clear_bhb_loop+0x35/0x90
[  302.497746][T15121]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.503655][T15121] RIP: 0033:0x7f2c4df75bd9
[  302.508080][T15121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.527692][T15121] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  302.536107][T15121] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  302.544086][T15121] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  302.552060][T15121] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  302.560028][T15121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.567997][T15121] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  302.575982][T15121]  </TASK>
[  302.608914][T15126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3304'.
[  302.617721][T15123] netlink: 'syz.3.3301': attribute type 3 has an invalid length.
[  302.925335][T15147] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3312'.
[  303.040743][T15155] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3316'.
[  303.058352][T15155] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3316'.
[  303.070524][T15155] netlink: 'syz.1.3316': attribute type 5 has an invalid length.
[  303.083783][T15155] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3316'.
[  303.827064][   T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.061261][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  304.077667][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  304.090187][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  304.100432][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  304.109642][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  304.118752][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  304.161549][T15189] lo speed is unknown, defaulting to 1000
[  304.362704][T15189] chnl_net:caif_netlink_parms(): no params data found
[  304.428117][T15189] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.435894][T15189] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.443007][T15189] bridge_slave_0: entered allmulticast mode
[  304.451161][T15189] bridge_slave_0: entered promiscuous mode
[  304.459595][T15189] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.468145][T15189] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.477233][T15189] bridge_slave_1: entered allmulticast mode
[  304.483910][T15189] bridge_slave_1: entered promiscuous mode
[  304.511999][T15189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.523323][T15189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.555972][T15189] team0: Port device team_slave_0 added
[  304.563397][T15189] team0: Port device team_slave_1 added
[  304.593632][T15189] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.601050][T15189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.627677][T15189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.641106][T15189] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.648146][T15189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.675029][T15189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  304.724230][T15189] hsr_slave_0: entered promiscuous mode
[  304.734486][T15189] hsr_slave_1: entered promiscuous mode
[  304.741042][T15189] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  304.748997][T15189] Cannot create hsr debugfs directory
[  304.865038][T15189] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  304.875948][T15189] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.962775][T15189] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  304.973423][T15189] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.036182][T15202] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3329'.
[  305.075174][T15202] IPv6: Can't replace route, no match found
[  305.158716][T15189] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  305.181428][T15189] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.209634][T15206] sch_tbf: burst 0 is lower than device team0 mtu (1514) !
[  305.419091][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  305.428883][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  305.437334][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  305.450286][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  305.468353][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  305.476306][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  305.484521][T15189] team0: Port device netdevsim0 removed
[  305.493065][T15189] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  305.503407][T15189] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.621194][   T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.718775][   T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.837414][T15216] lo speed is unknown, defaulting to 1000
[  305.923515][   T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.191579][T15189] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  306.205270][ T5106] Bluetooth: hci0: command tx timeout
[  306.230668][T15189] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  306.256775][T15189] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  306.293998][T15189] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  306.575053][   T35] bridge_slave_1: left allmulticast mode
[  306.580962][   T35] bridge_slave_1: left promiscuous mode
[  306.587548][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.601278][   T35] bridge_slave_0: left allmulticast mode
[  306.608532][   T35] bridge_slave_0: left promiscuous mode
[  306.615664][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.132370][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  307.157735][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  307.172993][   T35] bond0 (unregistering): Released all slaves
[  307.336000][T15216] chnl_net:caif_netlink_parms(): no params data found
[  307.421918][T15277] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  307.427230][T15280] netlink: 'syz.0.3353': attribute type 18 has an invalid length.
[  307.440804][T15189] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.453731][T15277] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  307.468568][T15280] __nla_validate_parse: 3 callbacks suppressed
[  307.468585][T15280] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.3353'.
[  307.495183][T15277] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  307.524069][T15282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3354'.
[  307.554399][T15282] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3354'.
[  307.566591][ T5106] Bluetooth: hci2: command tx timeout
[  307.573244][T15282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3354'.
[  307.867864][T15216] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.919216][T15216] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.954789][T15216] bridge_slave_0: entered allmulticast mode
[  307.994579][T15216] bridge_slave_0: entered promiscuous mode
[  308.009417][T15216] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.016905][T15216] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.024179][T15216] bridge_slave_1: entered allmulticast mode
[  308.035701][T15216] bridge_slave_1: entered promiscuous mode
[  308.044186][T15189] 8021q: adding VLAN 0 to HW filter on device team0
[  308.083340][   T35] hsr_slave_0: left promiscuous mode
[  308.095606][   T35] hsr_slave_1: left promiscuous mode
[  308.105964][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.113692][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.122540][T15298] FAULT_INJECTION: forcing a failure.
[  308.122540][T15298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.136841][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.138180][T15298] CPU: 0 PID: 15298 Comm: syz.0.3360 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  308.151395][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.154331][T15298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  308.154346][T15298] Call Trace:
[  308.154354][T15298]  <TASK>
[  308.154363][T15298]  dump_stack_lvl+0x241/0x360
[  308.182386][T15298]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.187580][T15298]  ? __pfx__printk+0x10/0x10
[  308.192168][T15298]  ? __pfx_lock_release+0x10/0x10
[  308.197196][T15298]  should_fail_ex+0x3b0/0x4e0
[  308.201872][T15298]  _copy_from_user+0x2f/0xe0
[  308.206459][T15298]  copy_msghdr_from_user+0xae/0x680
[  308.211651][T15298]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  308.217457][T15298]  __sys_sendmsg+0x23d/0x3a0
[  308.222044][T15298]  ? __pfx___sys_sendmsg+0x10/0x10
[  308.227147][T15298]  ? vfs_write+0x7c4/0xc90
[  308.231586][T15298]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  308.237908][T15298]  ? do_syscall_64+0x100/0x230
[  308.242662][T15298]  ? do_syscall_64+0xb6/0x230
[  308.247329][T15298]  do_syscall_64+0xf3/0x230
[  308.251822][T15298]  ? clear_bhb_loop+0x35/0x90
[  308.256494][T15298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.262462][T15298] RIP: 0033:0x7f2c4df75bd9
[  308.266873][T15298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.286470][T15298] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  308.294882][T15298] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  308.302859][T15298] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  308.310825][T15298] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  308.318790][T15298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.326751][T15298] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  308.334731][T15298]  </TASK>
[  308.343449][ T5106] Bluetooth: hci0: command tx timeout
[  308.391588][   T35] veth1_macvtap: left promiscuous mode
[  308.422362][   T35] veth0_macvtap: left promiscuous mode
[  308.431973][   T35] veth1_vlan: left promiscuous mode
[  308.448013][   T35] veth0_vlan: left promiscuous mode
[  308.988411][   T35] team0 (unregistering): Port device team_slave_1 removed
[  309.030647][   T35] team0 (unregistering): Port device team_slave_0 removed
[  309.386091][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.393284][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.494140][T15216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.527734][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.534892][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.577462][T15216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.647013][ T5106] Bluetooth: hci2: command tx timeout
[  309.684332][T15216] team0: Port device team_slave_0 added
[  309.716373][T15216] team0: Port device team_slave_1 added
[  309.831322][T15216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.838963][T15216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.867771][T15216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.905325][T15216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.924990][T15216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.955232][T15216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.030119][T15216] hsr_slave_0: entered promiscuous mode
[  310.038008][T15216] hsr_slave_1: entered promiscuous mode
[  310.044486][T15216] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  310.053395][T15216] Cannot create hsr debugfs directory
[  310.344311][T15189] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.375001][ T5106] Bluetooth: hci0: command tx timeout
[  310.513764][T15189] veth0_vlan: entered promiscuous mode
[  310.572859][T15189] veth1_vlan: entered promiscuous mode
[  310.688053][T15189] veth0_macvtap: entered promiscuous mode
[  310.726580][T15189] veth1_macvtap: entered promiscuous mode
[  310.825385][T15216] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  310.859831][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.871180][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.888897][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.904884][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.918067][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  310.930458][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.941621][T15189] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.949417][T15216] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  310.969922][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  310.982303][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  310.993224][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.035059][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.054323][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.069714][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.088023][T15189] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  311.112847][T15189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  311.127339][T15189] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.145752][T15216] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  311.220732][T15216] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  311.250215][T15189] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  311.261952][T15189] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.273034][T15189] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.286602][T15189] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.475178][T14948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.503959][T14948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.552101][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.569720][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.613821][T15216] 8021q: adding VLAN 0 to HW filter on device bond0
[  311.652755][T15216] 8021q: adding VLAN 0 to HW filter on device team0
[  311.690547][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  311.720562][ T5196] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.725577][ T5106] Bluetooth: hci2: command tx timeout
[  311.727717][ T5196] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.743567][ T5196] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.750747][ T5196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.846361][T15379] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3327'.
[  311.862946][T15373] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3327'.
[  311.869274][T15216] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  311.883212][T15216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  312.014903][T15385] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3394'.
[  312.133061][T15216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.244194][T15216] veth0_vlan: entered promiscuous mode
[  312.252587][T15394] Cannot find add_set index 0 as target
[  312.260115][T15216] veth1_vlan: entered promiscuous mode
[  312.346287][T15216] veth0_macvtap: entered promiscuous mode
[  312.371663][T15216] veth1_macvtap: entered promiscuous mode
[  312.426682][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  312.448853][ T5106] Bluetooth: hci0: command tx timeout
[  312.482672][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.495180][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  312.509418][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.519755][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  312.531146][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.542145][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  312.553184][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.570030][T15216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  312.590631][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.602606][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.613803][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.626965][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.637389][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.648511][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.659313][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.670029][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.681738][T15216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  312.694198][T15216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  312.707391][T15216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  312.742536][T15216] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  312.752179][T15216] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  312.763511][T15216] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  312.774102][T15216] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  312.812167][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3403'.
[  312.821456][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3403'.
[  312.935745][T15415] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.3404'.
[  312.952874][T14944] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  312.964313][T15417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3405'.
[  312.968072][T14944] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.017599][T15417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3405'.
[  313.037135][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  313.045978][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  313.058559][T15420] FAULT_INJECTION: forcing a failure.
[  313.058559][T15420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  313.102312][T15420] CPU: 1 PID: 15420 Comm: syz.1.3406 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  313.112516][T15420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  313.122586][T15420] Call Trace:
[  313.125883][T15420]  <TASK>
[  313.128828][T15420]  dump_stack_lvl+0x241/0x360
[  313.133520][T15420]  ? __pfx_dump_stack_lvl+0x10/0x10
[  313.138717][T15420]  ? __pfx__printk+0x10/0x10
[  313.143307][T15420]  ? __pfx_lock_release+0x10/0x10
[  313.148335][T15420]  should_fail_ex+0x3b0/0x4e0
[  313.153097][T15420]  _copy_from_user+0x2f/0xe0
[  313.157680][T15420]  copy_msghdr_from_user+0xae/0x680
[  313.162877][T15420]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  313.168687][T15420]  __sys_sendmsg+0x23d/0x3a0
[  313.173275][T15420]  ? __pfx___sys_sendmsg+0x10/0x10
[  313.178375][T15420]  ? vfs_write+0x7c4/0xc90
[  313.182815][T15420]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  313.189141][T15420]  ? do_syscall_64+0x100/0x230
[  313.193909][T15420]  ? do_syscall_64+0xb6/0x230
[  313.198579][T15420]  do_syscall_64+0xf3/0x230
[  313.203079][T15420]  ? clear_bhb_loop+0x35/0x90
[  313.207748][T15420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.213645][T15420] RIP: 0033:0x7fb841f75bd9
[  313.218058][T15420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.237661][T15420] RSP: 002b:00007fb842e03048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  313.246090][T15420] RAX: ffffffffffffffda RBX: 00007fb842103f60 RCX: 00007fb841f75bd9
[  313.254064][T15420] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  313.262032][T15420] RBP: 00007fb842e030a0 R08: 0000000000000000 R09: 0000000000000000
[  313.270002][T15420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.277966][T15420] R13: 000000000000000b R14: 00007fb842103f60 R15: 00007ffdb106d408
[  313.285945][T15420]  </TASK>
[  313.681806][T15448] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3418'.
[  313.707499][T15447] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3417'.
[  313.774735][T15452] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3419'.
[  314.053545][T15463] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3425'.
[  314.170794][T15469] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3428'.
[  314.291290][T15483] FAULT_INJECTION: forcing a failure.
[  314.291290][T15483] name failslab, interval 1, probability 0, space 0, times 0
[  314.336554][T15483] CPU: 0 PID: 15483 Comm: syz.3.3433 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  314.346741][T15483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  314.356808][T15483] Call Trace:
[  314.360100][T15483]  <TASK>
[  314.363048][T15483]  dump_stack_lvl+0x241/0x360
[  314.367747][T15483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.372964][T15483]  ? __pfx__printk+0x10/0x10
[  314.377577][T15483]  ? __pfx___might_resched+0x10/0x10
[  314.382889][T15483]  should_fail_ex+0x3b0/0x4e0
[  314.387591][T15483]  ? ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  314.392989][T15483]  should_failslab+0x9/0x20
[  314.397511][T15483]  kmalloc_trace_noprof+0x6c/0x2c0
[  314.402646][T15483]  ovs_ct_limit_cmd_set+0x2f9/0xaf0
[  314.407878][T15483]  genl_rcv_msg+0xb14/0xec0
[  314.412399][T15483]  ? mark_lock+0x9a/0x350
[  314.416754][T15483]  ? __pfx_genl_rcv_msg+0x10/0x10
[  314.421823][T15483]  ? __pfx_lock_acquire+0x10/0x10
[  314.426860][T15483]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  314.432601][T15483]  ? __pfx___might_resched+0x10/0x10
[  314.437912][T15483]  netlink_rcv_skb+0x1e3/0x430
[  314.442699][T15483]  ? __pfx_genl_rcv_msg+0x10/0x10
[  314.447746][T15483]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  314.453059][T15483]  ? __netlink_deliver_tap+0x77e/0x7c0
[  314.458547][T15483]  genl_rcv+0x28/0x40
[  314.462549][T15483]  netlink_unicast+0x7f0/0x990
[  314.467335][T15483]  ? __pfx_netlink_unicast+0x10/0x10
[  314.472629][T15483]  ? __virt_addr_valid+0x183/0x520
[  314.477761][T15483]  ? __check_object_size+0x49c/0x900
[  314.483067][T15483]  ? bpf_lsm_netlink_send+0x9/0x10
[  314.488202][T15483]  netlink_sendmsg+0x8e4/0xcb0
[  314.492997][T15483]  ? __pfx_netlink_sendmsg+0x10/0x10
[  314.498293][T15483]  ? __import_iovec+0x536/0x820
[  314.503156][T15483]  ? aa_sock_msg_perm+0x91/0x160
[  314.508112][T15483]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  314.513409][T15483]  ? security_socket_sendmsg+0x87/0xb0
[  314.518887][T15483]  ? __pfx_netlink_sendmsg+0x10/0x10
[  314.524186][T15483]  __sock_sendmsg+0x221/0x270
[  314.528886][T15483]  ____sys_sendmsg+0x525/0x7d0
[  314.533682][T15483]  ? __pfx_____sys_sendmsg+0x10/0x10
[  314.539006][T15483]  __sys_sendmsg+0x2b0/0x3a0
[  314.543617][T15483]  ? __pfx___sys_sendmsg+0x10/0x10
[  314.548747][T15483]  ? vfs_write+0x7c4/0xc90
[  314.553227][T15483]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  314.559577][T15483]  ? do_syscall_64+0x100/0x230
[  314.564358][T15483]  ? do_syscall_64+0xb6/0x230
[  314.569056][T15483]  do_syscall_64+0xf3/0x230
[  314.573568][T15483]  ? clear_bhb_loop+0x35/0x90
[  314.578248][T15483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.584156][T15483] RIP: 0033:0x7ff5b3d75bd9
[  314.588573][T15483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.608174][T15483] RSP: 002b:00007ff5b4b3f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  314.616604][T15483] RAX: ffffffffffffffda RBX: 00007ff5b3f03f60 RCX: 00007ff5b3d75bd9
[  314.624588][T15483] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  314.632570][T15483] RBP: 00007ff5b4b3f0a0 R08: 0000000000000000 R09: 0000000000000000
[  314.640549][T15483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  314.648540][T15483] R13: 000000000000000b R14: 00007ff5b3f03f60 R15: 00007ffc11f7b4b8
[  314.656528][T15483]  </TASK>
[  315.051262][T15517] netlink: 'syz.1.3444': attribute type 1 has an invalid length.
[  315.133243][T15523] FAULT_INJECTION: forcing a failure.
[  315.133243][T15523] name failslab, interval 1, probability 0, space 0, times 0
[  315.148744][T15523] CPU: 1 PID: 15523 Comm: syz.3.3448 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  315.158926][T15523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  315.169000][T15523] Call Trace:
[  315.172292][T15523]  <TASK>
[  315.175232][T15523]  dump_stack_lvl+0x241/0x360
[  315.179919][T15523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.185117][T15523]  ? __pfx__printk+0x10/0x10
[  315.189711][T15523]  ? ref_tracker_alloc+0x332/0x490
[  315.194819][T15523]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  315.200271][T15523]  should_fail_ex+0x3b0/0x4e0
[  315.204951][T15523]  ? skb_clone+0x20c/0x390
[  315.209376][T15523]  should_failslab+0x9/0x20
[  315.213875][T15523]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  315.219247][T15523]  skb_clone+0x20c/0x390
[  315.223489][T15523]  __netlink_deliver_tap+0x3cc/0x7c0
[  315.228778][T15523]  ? netlink_deliver_tap+0x2e/0x1b0
[  315.233962][T15523]  netlink_deliver_tap+0x19d/0x1b0
[  315.239065][T15523]  netlink_sendskb+0x68/0x140
[  315.243732][T15523]  netlink_unicast+0x39d/0x990
[  315.248493][T15523]  ? __pfx_netlink_unicast+0x10/0x10
[  315.253767][T15523]  ? __pfx___alloc_skb+0x10/0x10
[  315.258705][T15523]  rtnl_unicast+0x50/0x60
[  315.263028][T15523]  inet6_rtm_getroute+0x12a2/0x1a80
[  315.268215][T15523]  ? mark_lock+0x9a/0x350
[  315.272541][T15523]  ? __pfx_inet6_rtm_getroute+0x10/0x10
[  315.278097][T15523]  ? rcu_read_unlock+0x87/0xa0
[  315.282855][T15523]  ? __pfx_lock_release+0x10/0x10
[  315.287880][T15523]  ? __pfx_inet6_rtm_getroute+0x10/0x10
[  315.293414][T15523]  rtnetlink_rcv_msg+0x8f0/0x1180
[  315.298431][T15523]  ? rtnetlink_rcv_msg+0x208/0x1180
[  315.303621][T15523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  315.309072][T15523]  ? __local_bh_enable_ip+0x168/0x200
[  315.314452][T15523]  ? lockdep_hardirqs_on+0x99/0x150
[  315.319664][T15523]  ? __local_bh_enable_ip+0x168/0x200
[  315.325043][T15523]  ? dev_hard_start_xmit+0x773/0x7e0
[  315.330325][T15523]  ? __dev_queue_xmit+0x2da/0x3e90
[  315.335434][T15523]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  315.341150][T15523]  ? __dev_queue_xmit+0x2da/0x3e90
[  315.346266][T15523]  ? __dev_queue_xmit+0x1763/0x3e90
[  315.351465][T15523]  ? kasan_save_track+0x51/0x80
[  315.356318][T15523]  ? do_syscall_64+0xf3/0x230
[  315.360991][T15523]  ? __dev_queue_xmit+0x2da/0x3e90
[  315.366100][T15523]  ? __pfx___dev_queue_xmit+0x10/0x10
[  315.371480][T15523]  ? ref_tracker_free+0x643/0x7e0
[  315.376505][T15523]  netlink_rcv_skb+0x1e3/0x430
[  315.381262][T15523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  315.386726][T15523]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  315.392032][T15523]  ? netlink_deliver_tap+0x2e/0x1b0
[  315.397226][T15523]  netlink_unicast+0x7f0/0x990
[  315.401993][T15523]  ? __pfx_netlink_unicast+0x10/0x10
[  315.407272][T15523]  ? __virt_addr_valid+0x183/0x520
[  315.412384][T15523]  ? __check_object_size+0x49c/0x900
[  315.417666][T15523]  ? bpf_lsm_netlink_send+0x9/0x10
[  315.422778][T15523]  netlink_sendmsg+0x8e4/0xcb0
[  315.427546][T15523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.432843][T15523]  ? __import_iovec+0x536/0x820
[  315.437693][T15523]  ? aa_sock_msg_perm+0x91/0x160
[  315.442632][T15523]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  315.447923][T15523]  ? security_socket_sendmsg+0x87/0xb0
[  315.453393][T15523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  315.458675][T15523]  __sock_sendmsg+0x221/0x270
[  315.463346][T15523]  ____sys_sendmsg+0x525/0x7d0
[  315.468111][T15523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  315.473402][T15523]  __sys_sendmsg+0x2b0/0x3a0
[  315.477992][T15523]  ? __pfx___sys_sendmsg+0x10/0x10
[  315.483101][T15523]  ? vfs_write+0x7c4/0xc90
[  315.487557][T15523]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  315.493886][T15523]  ? do_syscall_64+0x100/0x230
[  315.498646][T15523]  ? do_syscall_64+0xb6/0x230
[  315.503315][T15523]  do_syscall_64+0xf3/0x230
[  315.507827][T15523]  ? clear_bhb_loop+0x35/0x90
[  315.512506][T15523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.518391][T15523] RIP: 0033:0x7ff5b3d75bd9
[  315.522796][T15523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.542402][T15523] RSP: 002b:00007ff5b4b3f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.550814][T15523] RAX: ffffffffffffffda RBX: 00007ff5b3f03f60 RCX: 00007ff5b3d75bd9
[  315.558781][T15523] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  315.566745][T15523] RBP: 00007ff5b4b3f0a0 R08: 0000000000000000 R09: 0000000000000000
[  315.574704][T15523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.582665][T15523] R13: 000000000000000b R14: 00007ff5b3f03f60 R15: 00007ffc11f7b4b8
[  315.590644][T15523]  </TASK>
[  316.699032][   T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.571409][ T1246] ieee802154 phy0 wpan0: encryption failed: -22
[  317.577820][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  318.017030][T15599] netlink: 'syz.4.3483': attribute type 7 has an invalid length.
[  318.017672][T15602] __nla_validate_parse: 5 callbacks suppressed
[  318.017687][T15602] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3482'.
[  318.246683][T15613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3484'.
[  318.322455][T15619] vxcan0: entered promiscuous mode
[  318.336293][T15619] vlan2: entered promiscuous mode
[  318.341513][T15619] vlan2: entered allmulticast mode
[  318.360842][T15619] vxcan0: entered allmulticast mode
[  318.388211][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  318.397643][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  318.405759][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  318.457255][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  318.481250][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  318.489275][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  318.551476][T15624] lo speed is unknown, defaulting to 1000
[  318.759063][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3494'.
[  318.795478][T15641] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3494'.
[  318.873186][   T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.968964][T15649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3497'.
[  319.002738][   T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.132363][   T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.546354][T15677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3508'.
[  319.606818][   T35] bridge_slave_1: left allmulticast mode
[  319.628329][   T35] bridge_slave_1: left promiscuous mode
[  319.634101][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.663758][   T35] bridge_slave_0: left allmulticast mode
[  319.682499][   T35] bridge_slave_0: left promiscuous mode
[  319.696706][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.698461][T15691] FAULT_INJECTION: forcing a failure.
[  319.698461][T15691] name failslab, interval 1, probability 0, space 0, times 0
[  319.726801][T15691] CPU: 0 PID: 15691 Comm: syz.1.3513 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  319.736982][T15691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  319.747049][T15691] Call Trace:
[  319.750342][T15691]  <TASK>
[  319.753287][T15691]  dump_stack_lvl+0x241/0x360
[  319.757981][T15691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.763175][T15691]  ? __pfx__printk+0x10/0x10
[  319.767766][T15691]  ? __lock_acquire+0x1346/0x1fd0
[  319.772783][T15691]  should_fail_ex+0x3b0/0x4e0
[  319.777458][T15691]  ? __alloc_skb+0x1c3/0x440
[  319.782043][T15691]  should_failslab+0x9/0x20
[  319.786543][T15691]  kmem_cache_alloc_node_noprof+0x71/0x320
[  319.792346][T15691]  __alloc_skb+0x1c3/0x440
[  319.796762][T15691]  ? __pfx___alloc_skb+0x10/0x10
[  319.801693][T15691]  ? __mutex_trylock_common+0x183/0x2e0
[  319.807238][T15691]  netlink_dump+0x2cd/0xd80
[  319.811741][T15691]  ? trace_contention_end+0x3c/0x120
[  319.817020][T15691]  ? __pfx_netlink_dump+0x10/0x10
[  319.822057][T15691]  __netlink_dump_start+0x59f/0x780
[  319.827252][T15691]  ? __pfx_nldev_port_get_dumpit+0x10/0x10
[  319.833050][T15691]  rdma_nl_rcv+0x796/0x9e0
[  319.837468][T15691]  ? __pfx_rdma_nl_rcv+0x10/0x10
[  319.842392][T15691]  ? __pfx_nldev_port_get_dumpit+0x10/0x10
[  319.848214][T15691]  ? netlink_deliver_tap+0x2e/0x1b0
[  319.853404][T15691]  netlink_unicast+0x7f0/0x990
[  319.858171][T15691]  ? __pfx_netlink_unicast+0x10/0x10
[  319.863444][T15691]  ? __virt_addr_valid+0x183/0x520
[  319.868553][T15691]  ? __check_object_size+0x49c/0x900
[  319.873834][T15691]  ? bpf_lsm_netlink_send+0x9/0x10
[  319.878941][T15691]  netlink_sendmsg+0x8e4/0xcb0
[  319.883706][T15691]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.888984][T15691]  ? __import_iovec+0x536/0x820
[  319.893821][T15691]  ? aa_sock_msg_perm+0x91/0x160
[  319.898755][T15691]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  319.904030][T15691]  ? security_socket_sendmsg+0x87/0xb0
[  319.909483][T15691]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.914758][T15691]  __sock_sendmsg+0x221/0x270
[  319.919432][T15691]  ____sys_sendmsg+0x525/0x7d0
[  319.924195][T15691]  ? __pfx_____sys_sendmsg+0x10/0x10
[  319.929485][T15691]  __sys_sendmsg+0x2b0/0x3a0
[  319.934069][T15691]  ? __pfx___sys_sendmsg+0x10/0x10
[  319.939171][T15691]  ? vfs_write+0x7c4/0xc90
[  319.943612][T15691]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  319.949930][T15691]  ? do_syscall_64+0x100/0x230
[  319.954692][T15691]  ? do_syscall_64+0xb6/0x230
[  319.959368][T15691]  do_syscall_64+0xf3/0x230
[  319.963862][T15691]  ? clear_bhb_loop+0x35/0x90
[  319.968535][T15691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.974422][T15691] RIP: 0033:0x7fb841f75bd9
[  319.978828][T15691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.998421][T15691] RSP: 002b:00007fb842e03048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  320.006826][T15691] RAX: ffffffffffffffda RBX: 00007fb842103f60 RCX: 00007fb841f75bd9
[  320.014787][T15691] RDX: 0000000000000040 RSI: 0000000020000480 RDI: 0000000000000003
[  320.022750][T15691] RBP: 00007fb842e030a0 R08: 0000000000000000 R09: 0000000000000000
[  320.030709][T15691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.038670][T15691] R13: 000000000000000b R14: 00007fb842103f60 R15: 00007ffdb106d408
[  320.046645][T15691]  </TASK>
[  320.307347][T15701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3516'.
[  320.451370][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  320.464113][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  320.475375][   T35] bond0 (unregistering): Released all slaves
[  320.518000][T15698] bridge2: entered promiscuous mode
[  320.523255][T15698] bridge2: entered allmulticast mode
[  320.529648][   T53] Bluetooth: hci2: command tx timeout
[  320.605396][T15624] chnl_net:caif_netlink_parms(): no params data found
[  320.851445][T15721] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3523'.
[  321.152856][T15624] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.176892][T15624] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.184093][T15624] bridge_slave_0: entered allmulticast mode
[  321.203629][T15624] bridge_slave_0: entered promiscuous mode
[  321.222367][T15624] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.231615][T15624] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.246913][T15624] bridge_slave_1: entered allmulticast mode
[  321.253882][T15624] bridge_slave_1: entered promiscuous mode
[  321.382077][T15624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.430551][T15624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.528435][   T35] hsr_slave_0: left promiscuous mode
[  321.538309][   T35] hsr_slave_1: left promiscuous mode
[  321.561328][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.569342][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.579058][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.588286][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.633541][   T35] veth1_macvtap: left promiscuous mode
[  321.643423][   T35] veth0_macvtap: left promiscuous mode
[  321.665660][   T35] veth1_vlan: left promiscuous mode
[  321.671005][   T35] veth0_vlan: left promiscuous mode
[  322.208419][   T35] team0 (unregistering): Port device team_slave_1 removed
[  322.248665][   T35] team0 (unregistering): Port device team_slave_0 removed
[  322.606095][   T53] Bluetooth: hci2: command tx timeout
[  322.665517][T15624] team0: Port device team_slave_0 added
[  322.675868][T15754] IPv6: sit2: Disabled Multicast RS
[  322.727090][T15624] team0: Port device team_slave_1 added
[  322.795121][T15758] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3534'.
[  322.836877][T15761] FAULT_INJECTION: forcing a failure.
[  322.836877][T15761] name failslab, interval 1, probability 0, space 0, times 0
[  322.854036][T15624] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.876254][T15761] CPU: 0 PID: 15761 Comm: syz.4.3535 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  322.884854][T15624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  322.886419][T15761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  322.886433][T15761] Call Trace:
[  322.886441][T15761]  <TASK>
[  322.886450][T15761]  dump_stack_lvl+0x241/0x360
[  322.933236][T15761]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.938455][T15761]  ? __pfx__printk+0x10/0x10
[  322.943082][T15761]  ? netlink_insert+0x10b7/0x14b0
[  322.948135][T15761]  should_fail_ex+0x3b0/0x4e0
[  322.952811][T15761]  ? __alloc_skb+0x1c3/0x440
[  322.957415][T15761]  should_failslab+0x9/0x20
[  322.961911][T15761]  kmem_cache_alloc_node_noprof+0x71/0x320
[  322.967715][T15761]  __alloc_skb+0x1c3/0x440
[  322.972127][T15761]  ? __pfx___alloc_skb+0x10/0x10
[  322.977092][T15761]  ? netlink_autobind+0xd6/0x2f0
[  322.982118][T15761]  ? netlink_autobind+0x2b0/0x2f0
[  322.987135][T15761]  netlink_sendmsg+0x638/0xcb0
[  322.991897][T15761]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.997175][T15761]  ? __import_iovec+0x536/0x820
[  323.002011][T15761]  ? aa_sock_msg_perm+0x91/0x160
[  323.006948][T15761]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  323.012221][T15761]  ? security_socket_sendmsg+0x87/0xb0
[  323.017673][T15761]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.022952][T15761]  __sock_sendmsg+0x221/0x270
[  323.027628][T15761]  ____sys_sendmsg+0x525/0x7d0
[  323.032401][T15761]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.037693][T15761]  __sys_sendmsg+0x2b0/0x3a0
[  323.042281][T15761]  ? __pfx___sys_sendmsg+0x10/0x10
[  323.047388][T15761]  ? vfs_write+0x7c4/0xc90
[  323.051828][T15761]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  323.058146][T15761]  ? do_syscall_64+0x100/0x230
[  323.062901][T15761]  ? do_syscall_64+0xb6/0x230
[  323.067571][T15761]  do_syscall_64+0xf3/0x230
[  323.072064][T15761]  ? clear_bhb_loop+0x35/0x90
[  323.076733][T15761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.082613][T15761] RIP: 0033:0x7f9e3eb75bd9
[  323.087040][T15761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.106632][T15761] RSP: 002b:00007f9e3f8a0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  323.115039][T15761] RAX: ffffffffffffffda RBX: 00007f9e3ed03f60 RCX: 00007f9e3eb75bd9
[  323.123001][T15761] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000000005
[  323.130979][T15761] RBP: 00007f9e3f8a00a0 R08: 0000000000000000 R09: 0000000000000000
[  323.138937][T15761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.146896][T15761] R13: 000000000000000b R14: 00007f9e3ed03f60 R15: 00007ffce0529438
[  323.154871][T15761]  </TASK>
[  323.159354][T15624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  323.203453][T15758] lo speed is unknown, defaulting to 1000
[  323.209998][T15624] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.217244][T15624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.285504][T15624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.691777][T15624] hsr_slave_0: entered promiscuous mode
[  323.730724][T15624] hsr_slave_1: entered promiscuous mode
[  323.766410][T15624] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  323.774007][T15624] Cannot create hsr debugfs directory
[  324.302598][T15783] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3541'.
[  324.689665][   T53] Bluetooth: hci2: command tx timeout
[  325.059700][T15624] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  325.077497][T15624] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  325.081992][T15810] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3548'.
[  325.111907][T15624] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  325.149787][T15624] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  325.328569][T15624] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.354400][T15624] 8021q: adding VLAN 0 to HW filter on device team0
[  325.364455][T15820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3552'.
[  325.405075][  T931] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.412236][  T931] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.436925][  T931] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.444150][  T931] bridge0: port 2(bridge_slave_1) entered forwarding state
[  325.469521][T15824] x_tables: duplicate underflow at hook 2
[  325.523101][T15624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  325.554871][T15624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  325.688543][T15830] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3555'.
[  325.697247][T15835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3558'.
[  325.743870][T15835] vxcan0: left allmulticast mode
[  325.764153][T15839] FAULT_INJECTION: forcing a failure.
[  325.764153][T15839] name failslab, interval 1, probability 0, space 0, times 0
[  325.778496][T15839] CPU: 1 PID: 15839 Comm: syz.3.3560 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  325.788676][T15839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  325.798741][T15839] Call Trace:
[  325.802029][T15839]  <TASK>
[  325.804968][T15839]  dump_stack_lvl+0x241/0x360
[  325.809666][T15839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.814877][T15839]  ? __pfx__printk+0x10/0x10
[  325.819484][T15839]  ? ref_tracker_alloc+0x332/0x490
[  325.824614][T15839]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  325.830087][T15839]  should_fail_ex+0x3b0/0x4e0
[  325.834784][T15839]  ? skb_clone+0x20c/0x390
[  325.839209][T15839]  should_failslab+0x9/0x20
[  325.843710][T15839]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  325.849081][T15839]  skb_clone+0x20c/0x390
[  325.853321][T15839]  __netlink_deliver_tap+0x3cc/0x7c0
[  325.858605][T15839]  ? netlink_deliver_tap+0x2e/0x1b0
[  325.863793][T15839]  netlink_deliver_tap+0x19d/0x1b0
[  325.868896][T15839]  netlink_sendskb+0x68/0x140
[  325.873560][T15839]  netlink_unicast+0x39d/0x990
[  325.878311][T15839]  ? __asan_memcpy+0x40/0x70
[  325.882900][T15839]  ? __pfx_netlink_unicast+0x10/0x10
[  325.888188][T15839]  netlink_rcv_skb+0x262/0x430
[  325.892947][T15839]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  325.898403][T15839]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  325.903690][T15839]  ? apparmor_capable+0x138/0x1b0
[  325.908708][T15839]  ? bpf_lsm_capable+0x9/0x10
[  325.913377][T15839]  ? security_capable+0x90/0xb0
[  325.918229][T15839]  nfnetlink_rcv+0x297/0x2a90
[  325.922905][T15839]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  325.928616][T15839]  ? __dev_queue_xmit+0x2da/0x3e90
[  325.933720][T15839]  ? __dev_queue_xmit+0x1763/0x3e90
[  325.938914][T15839]  ? kasan_save_track+0x51/0x80
[  325.943759][T15839]  ? do_syscall_64+0xf3/0x230
[  325.948425][T15839]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  325.953526][T15839]  ? __dev_queue_xmit+0x2da/0x3e90
[  325.958632][T15839]  ? __pfx___dev_queue_xmit+0x10/0x10
[  325.964009][T15839]  ? ref_tracker_free+0x643/0x7e0
[  325.969026][T15839]  ? __asan_memcpy+0x40/0x70
[  325.973604][T15839]  ? __pfx_ref_tracker_free+0x10/0x10
[  325.978987][T15839]  ? netlink_deliver_tap+0x2e/0x1b0
[  325.984175][T15839]  ? skb_clone+0x240/0x390
[  325.988586][T15839]  ? __pfx_lock_release+0x10/0x10
[  325.993604][T15839]  ? __netlink_deliver_tap+0x77e/0x7c0
[  325.999067][T15839]  ? netlink_deliver_tap+0x2e/0x1b0
[  326.004260][T15839]  netlink_unicast+0x7f0/0x990
[  326.009019][T15839]  ? __pfx_netlink_unicast+0x10/0x10
[  326.014289][T15839]  ? __virt_addr_valid+0x183/0x520
[  326.019392][T15839]  ? __check_object_size+0x49c/0x900
[  326.024669][T15839]  ? bpf_lsm_netlink_send+0x9/0x10
[  326.029777][T15839]  netlink_sendmsg+0x8e4/0xcb0
[  326.034539][T15839]  ? __pfx_netlink_sendmsg+0x10/0x10
[  326.039820][T15839]  ? __import_iovec+0x536/0x820
[  326.044663][T15839]  ? aa_sock_msg_perm+0x91/0x160
[  326.049595][T15839]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  326.054869][T15839]  ? security_socket_sendmsg+0x87/0xb0
[  326.060322][T15839]  ? __pfx_netlink_sendmsg+0x10/0x10
[  326.065596][T15839]  __sock_sendmsg+0x221/0x270
[  326.070269][T15839]  ____sys_sendmsg+0x525/0x7d0
[  326.075033][T15839]  ? __pfx_____sys_sendmsg+0x10/0x10
[  326.080322][T15839]  __sys_sendmsg+0x2b0/0x3a0
[  326.084911][T15839]  ? __pfx___sys_sendmsg+0x10/0x10
[  326.090015][T15839]  ? vfs_write+0x7c4/0xc90
[  326.094458][T15839]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  326.100780][T15839]  ? do_syscall_64+0x100/0x230
[  326.105538][T15839]  ? do_syscall_64+0xb6/0x230
[  326.110208][T15839]  do_syscall_64+0xf3/0x230
[  326.114699][T15839]  ? clear_bhb_loop+0x35/0x90
[  326.119371][T15839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.125254][T15839] RIP: 0033:0x7ff5b3d75bd9
[  326.129659][T15839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.149255][T15839] RSP: 002b:00007ff5b4b3f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  326.157661][T15839] RAX: ffffffffffffffda RBX: 00007ff5b3f03f60 RCX: 00007ff5b3d75bd9
[  326.165621][T15839] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  326.173577][T15839] RBP: 00007ff5b4b3f0a0 R08: 0000000000000000 R09: 0000000000000000
[  326.181533][T15839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.189493][T15839] R13: 000000000000000b R14: 00007ff5b3f03f60 R15: 00007ffc11f7b4b8
[  326.197472][T15839]  </TASK>
[  326.382544][T15845] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3559'.
[  326.525756][T15830] lo speed is unknown, defaulting to 1000
[  326.616712][T15624] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.673948][T15858] netlink: 'syz.3.3564': attribute type 3 has an invalid length.
[  326.722124][T15624] veth0_vlan: entered promiscuous mode
[  326.765419][   T53] Bluetooth: hci2: command tx timeout
[  326.785435][T15624] veth1_vlan: entered promiscuous mode
[  326.892164][T15624] veth0_macvtap: entered promiscuous mode
[  326.931226][T15624] veth1_macvtap: entered promiscuous mode
[  327.011760][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.043963][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.066304][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.084831][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.112741][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.144722][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.161525][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.193602][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.219210][T15624] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.255579][T15881] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3569'.
[  327.303261][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.322983][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.334729][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.355847][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.372522][T15891] netlink: 'syz.3.3573': attribute type 2 has an invalid length.
[  327.374222][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.381401][T15891] netlink: 'syz.3.3573': attribute type 1 has an invalid length.
[  327.391390][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.409752][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.418320][T15891] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.3573'.
[  327.421997][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.442627][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.453295][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.474911][T15624] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.501048][T15895] xt_TCPMSS: Only works on TCP SYN packets
[  327.507389][T15892] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  327.528594][T15892] syzkaller0: entered promiscuous mode
[  327.534096][T15892] syzkaller0: entered allmulticast mode
[  328.982969][T15624] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.992126][T15624] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.008890][T15624] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.018335][T15624] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.332641][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.357708][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.526742][T14947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.552443][T14947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.554495][T15922] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3581'.
[  329.936486][T15938] ebt_among: dst integrity fail: 200
[  330.234506][T15958] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3594'.
[  330.358480][T15968] Bluetooth: MGMT ver 1.22
[  330.550580][T15981] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3602'.
[  330.583357][T15981] lo speed is unknown, defaulting to 1000
[  330.958513][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.475063][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.538178][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.599662][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.713573][   T51] bridge_slave_1: left allmulticast mode
[  331.725455][   T51] bridge_slave_1: left promiscuous mode
[  331.731210][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.751147][   T51] bridge_slave_0: left allmulticast mode
[  331.757012][   T51] bridge_slave_0: left promiscuous mode
[  331.762675][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.053523][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  332.064456][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  332.079577][   T51] bond0 (unregistering): Released all slaves
[  332.607017][T16009] netlink: 'syz.3.3608': attribute type 3 has an invalid length.
[  332.668456][T16009] netlink: 'syz.3.3608': attribute type 1 has an invalid length.
[  332.707037][T16009] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.3608'.
[  332.735992][   T51] hsr_slave_0: left promiscuous mode
[  332.763872][   T51] hsr_slave_1: left promiscuous mode
[  332.791973][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  332.813042][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  332.828022][T16015] can: request_module (can-proto-0) failed.
[  332.835913][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  332.848997][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  332.942240][   T51] veth1_macvtap: left promiscuous mode
[  332.962366][   T51] veth0_macvtap: left promiscuous mode
[  332.986279][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  332.996453][   T51] veth1_vlan: left promiscuous mode
[  333.008654][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  333.017374][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  333.032123][   T51] veth0_vlan: left promiscuous mode
[  333.040912][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  333.049255][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  333.058790][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  333.569245][   T51] team0 (unregistering): Port device team_slave_1 removed
[  333.606561][   T51] team0 (unregistering): Port device team_slave_0 removed
[  334.031866][T16023] lo speed is unknown, defaulting to 1000
[  334.175121][T16037] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3618'.
[  334.235887][T16039] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3619'.
[  334.370555][T16042] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3620'.
[  334.406906][T16046] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3617'.
[  334.472147][T16046] IPv6: Can't replace route, no match found
[  334.584119][T16042] lo speed is unknown, defaulting to 1000
[  334.650112][T16057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3625'.
[  335.041333][T16023] chnl_net:caif_netlink_parms(): no params data found
[  335.085148][   T53] Bluetooth: hci2: command tx timeout
[  335.244085][T16023] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.259537][T16023] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.267362][T16023] bridge_slave_0: entered allmulticast mode
[  335.274245][T16023] bridge_slave_0: entered promiscuous mode
[  335.316860][T16023] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.323984][T16023] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.332162][T16023] bridge_slave_1: entered allmulticast mode
[  335.340172][T16023] bridge_slave_1: entered promiscuous mode
[  335.403586][T16023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  335.417883][T16023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  335.460039][T16023] team0: Port device team_slave_0 added
[  335.493885][T16023] team0: Port device team_slave_1 added
[  335.649511][T16023] batman_adv: batadv0: Adding interface: batadv_slave_0
[  335.665821][T16023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.692901][T16023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  335.735714][T16023] batman_adv: batadv0: Adding interface: batadv_slave_1
[  335.742681][T16023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  335.771514][T16023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  335.851846][T16023] hsr_slave_0: entered promiscuous mode
[  335.876360][T16023] hsr_slave_1: entered promiscuous mode
[  335.891758][T16023] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  335.901597][T16023] Cannot create hsr debugfs directory
[  335.952916][T16083] FAULT_INJECTION: forcing a failure.
[  335.952916][T16083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.967007][T16083] CPU: 0 PID: 16083 Comm: syz.0.3633 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  335.977174][T16083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  335.987228][T16083] Call Trace:
[  335.990600][T16083]  <TASK>
[  335.993531][T16083]  dump_stack_lvl+0x241/0x360
[  335.998197][T16083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.003384][T16083]  ? __pfx__printk+0x10/0x10
[  336.007979][T16083]  ? __pfx_lock_release+0x10/0x10
[  336.013004][T16083]  ? vfs_write+0x7c4/0xc90
[  336.017411][T16083]  should_fail_ex+0x3b0/0x4e0
[  336.022081][T16083]  _copy_from_user+0x2f/0xe0
[  336.026677][T16083]  get_timespec64+0x97/0x280
[  336.031287][T16083]  ? __pfx_get_timespec64+0x10/0x10
[  336.036497][T16083]  __x64_sys_recvmmsg+0x140/0x250
[  336.041517][T16083]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  336.047061][T16083]  ? do_syscall_64+0x100/0x230
[  336.051828][T16083]  ? do_syscall_64+0xb6/0x230
[  336.056487][T16083]  do_syscall_64+0xf3/0x230
[  336.060977][T16083]  ? clear_bhb_loop+0x35/0x90
[  336.065659][T16083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.071558][T16083] RIP: 0033:0x7f2c4df75bd9
[  336.075974][T16083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.095567][T16083] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  336.103966][T16083] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  336.111932][T16083] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003
[  336.119929][T16083] RBP: 00007f2c4edb60a0 R08: 0000000020003700 R09: 0000000000000000
[  336.127898][T16083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.135868][T16083] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  336.143835][T16083]  </TASK>
[  336.546738][T16101] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3639'.
[  336.714098][T16113] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3644'.
[  337.022889][T16023] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  337.083798][T16023] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  337.099826][T16023] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  337.119290][T16023] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  337.146892][T16136] netlink: 'syz.3.3651': attribute type 4 has an invalid length.
[  337.157632][T16136] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  337.174879][   T53] Bluetooth: hci2: command tx timeout
[  337.213509][T16138] lo speed is unknown, defaulting to 1000
[  337.413758][T16023] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.463447][T16023] 8021q: adding VLAN 0 to HW filter on device team0
[  337.509602][ T5214] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.516818][ T5214] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.566121][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.573315][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  337.640882][T16023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  337.906647][T16154] FAULT_INJECTION: forcing a failure.
[  337.906647][T16154] name failslab, interval 1, probability 0, space 0, times 0
[  337.962230][T16154] CPU: 0 PID: 16154 Comm: syz.4.3657 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  337.972426][T16154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  337.982495][T16154] Call Trace:
[  337.985786][T16154]  <TASK>
[  337.988728][T16154]  dump_stack_lvl+0x241/0x360
[  337.993435][T16154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.998653][T16154]  ? __pfx__printk+0x10/0x10
[  338.003262][T16154]  ? __pfx___might_resched+0x10/0x10
[  338.008579][T16154]  should_fail_ex+0x3b0/0x4e0
[  338.013279][T16154]  ? sk_prot_alloc+0xe0/0x210
[  338.017971][T16154]  should_failslab+0x9/0x20
[  338.022490][T16154]  __kmalloc_noprof+0xd8/0x400
[  338.027279][T16154]  sk_prot_alloc+0xe0/0x210
[  338.031797][T16154]  ? sk_alloc+0x26/0x370
[  338.036059][T16154]  sk_alloc+0x38/0x370
[  338.040143][T16154]  ? bpf_test_init+0x15a/0x180
[  338.043730][T16142] lo speed is unknown, defaulting to 1000
[  338.044988][T16154]  ? bpf_ctx_init+0x162/0x1b0
[  338.045015][T16154]  bpf_prog_test_run_skb+0x38f/0x13b0
[  338.045036][T16154]  ? __pfx_lock_release+0x10/0x10
[  338.045072][T16154]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  338.045098][T16154]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  338.045120][T16154]  bpf_prog_test_run+0x33a/0x3b0
[  338.045144][T16154]  __sys_bpf+0x48d/0x810
[  338.045172][T16154]  ? __pfx___sys_bpf+0x10/0x10
[  338.045210][T16154]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  338.045234][T16154]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  338.045255][T16154]  ? do_syscall_64+0x100/0x230
[  338.045281][T16154]  __x64_sys_bpf+0x7c/0x90
[  338.045304][T16154]  do_syscall_64+0xf3/0x230
[  338.045323][T16154]  ? clear_bhb_loop+0x35/0x90
[  338.045347][T16154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.045365][T16154] RIP: 0033:0x7f9e3eb75bd9
[  338.045383][T16154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.045401][T16154] RSP: 002b:00007f9e3f8a0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  338.045423][T16154] RAX: ffffffffffffffda RBX: 00007f9e3ed03f60 RCX: 00007f9e3eb75bd9
[  338.045438][T16154] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a
[  338.045450][T16154] RBP: 00007f9e3f8a00a0 R08: 0000000000000000 R09: 0000000000000000
[  338.045462][T16154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.045473][T16154] R13: 000000000000000b R14: 00007f9e3ed03f60 R15: 00007ffce0529438
[  338.045502][T16154]  </TASK>
[  338.285154][T16143] FAULT_INJECTION: forcing a failure.
[  338.285154][T16143] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  338.302795][T16162] netlink: 'syz.4.3659': attribute type 3 has an invalid length.
[  338.315092][T16143] CPU: 1 PID: 16143 Comm: syz.3.3653 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  338.325269][T16143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  338.335317][T16143] Call Trace:
[  338.338587][T16143]  <TASK>
[  338.341510][T16143]  dump_stack_lvl+0x241/0x360
[  338.346190][T16143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  338.351378][T16143]  ? __pfx__printk+0x10/0x10
[  338.355988][T16143]  ? __pfx_lock_release+0x10/0x10
[  338.361020][T16143]  should_fail_ex+0x3b0/0x4e0
[  338.365703][T16143]  _copy_from_iter+0x1f6/0x1960
[  338.370568][T16143]  ? __virt_addr_valid+0x183/0x520
[  338.375686][T16143]  ? __pfx_lock_release+0x10/0x10
[  338.380716][T16143]  ? __alloc_skb+0x28f/0x440
[  338.385304][T16143]  ? __pfx__copy_from_iter+0x10/0x10
[  338.390608][T16143]  ? __virt_addr_valid+0x183/0x520
[  338.395721][T16143]  ? __virt_addr_valid+0x183/0x520
[  338.400828][T16143]  ? __virt_addr_valid+0x44e/0x520
[  338.405933][T16143]  ? __check_object_size+0x49c/0x900
[  338.411218][T16143]  netlink_sendmsg+0x73d/0xcb0
[  338.415989][T16143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  338.421293][T16143]  ? __import_iovec+0x536/0x820
[  338.426140][T16143]  ? aa_sock_msg_perm+0x91/0x160
[  338.431077][T16143]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  338.436359][T16143]  ? security_socket_sendmsg+0x87/0xb0
[  338.441838][T16143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  338.447120][T16143]  __sock_sendmsg+0x221/0x270
[  338.451799][T16143]  ____sys_sendmsg+0x525/0x7d0
[  338.456569][T16143]  ? __pfx_____sys_sendmsg+0x10/0x10
[  338.461880][T16143]  __sys_sendmsg+0x2b0/0x3a0
[  338.466480][T16143]  ? __pfx___sys_sendmsg+0x10/0x10
[  338.471587][T16143]  ? vfs_write+0x7c4/0xc90
[  338.476026][T16143]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  338.482372][T16143]  do_syscall_64+0xf3/0x230
[  338.486879][T16143]  ? clear_bhb_loop+0x35/0x90
[  338.491553][T16143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.497440][T16143] RIP: 0033:0x7ff5b3d75bd9
[  338.501848][T16143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.521460][T16143] RSP: 002b:00007ff5b4b1e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  338.529867][T16143] RAX: ffffffffffffffda RBX: 00007ff5b3f04038 RCX: 00007ff5b3d75bd9
[  338.537848][T16143] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  338.545831][T16143] RBP: 00007ff5b4b1e0a0 R08: 0000000000000000 R09: 0000000000000000
[  338.553812][T16143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.561786][T16143] R13: 000000000000006e R14: 00007ff5b3f04038 R15: 00007ffc11f7b4b8
[  338.569771][T16143]  </TASK>
[  338.574290][T16023] 8021q: adding VLAN 0 to HW filter on device batadv0
[  338.574916][T16162] netlink: 209096 bytes leftover after parsing attributes in process `syz.4.3659'.
[  338.752443][T16023] veth0_vlan: entered promiscuous mode
[  338.807419][T16023] veth1_vlan: entered promiscuous mode
[  339.244986][   T53] Bluetooth: hci2: command tx timeout
[  339.465704][T16174] lo speed is unknown, defaulting to 1000
[  339.511570][T16023] veth0_macvtap: entered promiscuous mode
[  339.551667][T16023] veth1_macvtap: entered promiscuous mode
[  339.666999][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.696039][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.714672][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.727114][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.741403][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.761105][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.773852][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.788168][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.808913][T16023] batman_adv: batadv0: Interface activated: batadv_slave_0
[  339.872037][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  339.878554][T16184] FAULT_INJECTION: forcing a failure.
[  339.878554][T16184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.902993][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.916854][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  339.927817][T16184] CPU: 0 PID: 16184 Comm: syz.0.3666 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  339.937978][T16184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  339.948022][T16184] Call Trace:
[  339.951289][T16184]  <TASK>
[  339.954210][T16184]  dump_stack_lvl+0x241/0x360
[  339.958884][T16184]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.964073][T16184]  ? __pfx__printk+0x10/0x10
[  339.968664][T16184]  ? __pfx_lock_release+0x10/0x10
[  339.973684][T16184]  should_fail_ex+0x3b0/0x4e0
[  339.978361][T16184]  _copy_from_iter+0x1f6/0x1960
[  339.983198][T16184]  ? __virt_addr_valid+0x183/0x520
[  339.988305][T16184]  ? __pfx_lock_release+0x10/0x10
[  339.993324][T16184]  ? __pfx__copy_from_iter+0x10/0x10
[  339.998607][T16184]  ? __virt_addr_valid+0x183/0x520
[  340.003710][T16184]  ? __virt_addr_valid+0x183/0x520
[  340.008813][T16184]  ? __virt_addr_valid+0x44e/0x520
[  340.013915][T16184]  ? __check_object_size+0x49c/0x900
[  340.019198][T16184]  netlink_sendmsg+0x73d/0xcb0
[  340.023964][T16184]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.029252][T16184]  ? __import_iovec+0x536/0x820
[  340.034097][T16184]  ? aa_sock_msg_perm+0x91/0x160
[  340.039032][T16184]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  340.044304][T16184]  ? security_socket_sendmsg+0x87/0xb0
[  340.049754][T16184]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.055033][T16184]  __sock_sendmsg+0x221/0x270
[  340.059701][T16184]  ____sys_sendmsg+0x525/0x7d0
[  340.064464][T16184]  ? __pfx_____sys_sendmsg+0x10/0x10
[  340.069756][T16184]  __sys_sendmsg+0x2b0/0x3a0
[  340.074340][T16184]  ? __pfx___sys_sendmsg+0x10/0x10
[  340.079442][T16184]  ? vfs_write+0x7c4/0xc90
[  340.083881][T16184]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  340.090197][T16184]  ? do_syscall_64+0x100/0x230
[  340.094954][T16184]  ? do_syscall_64+0xb6/0x230
[  340.099621][T16184]  do_syscall_64+0xf3/0x230
[  340.104111][T16184]  ? clear_bhb_loop+0x35/0x90
[  340.108782][T16184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.114664][T16184] RIP: 0033:0x7f2c4df75bd9
[  340.119066][T16184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.138664][T16184] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  340.147071][T16184] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  340.155031][T16184] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  340.162995][T16184] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  340.170954][T16184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.178914][T16184] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  340.186892][T16184]  </TASK>
[  340.192697][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.202916][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.213488][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.223932][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.234784][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.244643][T16023] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.264622][T16023] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.300884][T16023] batman_adv: batadv0: Interface activated: batadv_slave_1
[  340.388737][T16186] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.3667'.
[  340.413808][T16023] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.417985][T16189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3667'.
[  340.428583][T16023] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.449586][T16023] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.460830][T16023] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.596663][T16194] FAULT_INJECTION: forcing a failure.
[  340.596663][T16194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.613201][T16194] CPU: 1 PID: 16194 Comm: syz.0.3668 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  340.623374][T16194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  340.633419][T16194] Call Trace:
[  340.636687][T16194]  <TASK>
[  340.639602][T16194]  dump_stack_lvl+0x241/0x360
[  340.644268][T16194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.649616][T16194]  ? __pfx__printk+0x10/0x10
[  340.654204][T16194]  ? __pfx_lock_release+0x10/0x10
[  340.659221][T16194]  should_fail_ex+0x3b0/0x4e0
[  340.663894][T16194]  _copy_from_iter+0x1f6/0x1960
[  340.668747][T16194]  ? __virt_addr_valid+0x183/0x520
[  340.673868][T16194]  ? __pfx_lock_release+0x10/0x10
[  340.678883][T16194]  ? __alloc_skb+0x28f/0x440
[  340.683460][T16194]  ? __pfx__copy_from_iter+0x10/0x10
[  340.688735][T16194]  ? __virt_addr_valid+0x183/0x520
[  340.693835][T16194]  ? __virt_addr_valid+0x183/0x520
[  340.698932][T16194]  ? __virt_addr_valid+0x44e/0x520
[  340.704035][T16194]  ? __check_object_size+0x49c/0x900
[  340.709313][T16194]  netlink_sendmsg+0x73d/0xcb0
[  340.714070][T16194]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.719346][T16194]  ? __import_iovec+0x536/0x820
[  340.724191][T16194]  ? aa_sock_msg_perm+0x91/0x160
[  340.729126][T16194]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  340.734403][T16194]  ? security_socket_sendmsg+0x87/0xb0
[  340.739867][T16194]  ? __pfx_netlink_sendmsg+0x10/0x10
[  340.745146][T16194]  __sock_sendmsg+0x221/0x270
[  340.749822][T16194]  ____sys_sendmsg+0x525/0x7d0
[  340.754596][T16194]  ? __pfx_____sys_sendmsg+0x10/0x10
[  340.759888][T16194]  __sys_sendmsg+0x2b0/0x3a0
[  340.764477][T16194]  ? __pfx___sys_sendmsg+0x10/0x10
[  340.769581][T16194]  ? vfs_write+0x7c4/0xc90
[  340.774018][T16194]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  340.780335][T16194]  ? do_syscall_64+0x100/0x230
[  340.785092][T16194]  ? do_syscall_64+0xb6/0x230
[  340.789760][T16194]  do_syscall_64+0xf3/0x230
[  340.794250][T16194]  ? clear_bhb_loop+0x35/0x90
[  340.798919][T16194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.804802][T16194] RIP: 0033:0x7f2c4df75bd9
[  340.809206][T16194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.828800][T16194] RSP: 002b:00007f2c4edb6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  340.837210][T16194] RAX: ffffffffffffffda RBX: 00007f2c4e103f60 RCX: 00007f2c4df75bd9
[  340.845176][T16194] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
[  340.853134][T16194] RBP: 00007f2c4edb60a0 R08: 0000000000000000 R09: 0000000000000000
[  340.861095][T16194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.869071][T16194] R13: 000000000000000b R14: 00007f2c4e103f60 R15: 00007ffd4508b8c8
[  340.877045][T16194]  </TASK>
[  340.928803][T16195] netlink: 'syz.4.3669': attribute type 3 has an invalid length.
[  340.940298][T16195] netlink: 91672 bytes leftover after parsing attributes in process `syz.4.3669'.
[  341.080656][T14947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  341.100190][T14947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  341.178919][T16198] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3670'.
[  341.189407][T16197] netlink: 'syz.0.3670': attribute type 1 has an invalid length.
[  341.219666][T16197] netlink: 236 bytes leftover after parsing attributes in process `syz.0.3670'.
[  341.230230][T14947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  341.242762][T14947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  341.326030][   T53] Bluetooth: hci2: command tx timeout
[  341.506256][T16209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3675'.
[  341.516509][T16205] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3673'.
[  341.653625][T16213] netlink: 264 bytes leftover after parsing attributes in process `syz.3.3677'.
[  341.946320][T16222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3681'.
[  341.962989][T16215] pim6reg: entered allmulticast mode
[  341.984533][T16224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3682'.
[  342.148869][T16233] netlink: 'syz.0.3685': attribute type 3 has an invalid length.
[  342.155009][T16226] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614)
[  342.172806][T16226] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  342.578918][T16261] nbd: nbd0 already in use
[  342.720593][T16265] netlink: 'syz.1.3699': attribute type 3 has an invalid length.
[  342.811810][T16276] netlink: 'syz.3.3702': attribute type 4 has an invalid length.
[  342.911871][T16282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.068672][T16294] x_tables: duplicate underflow at hook 1
[  343.106212][T16292] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.212554][T16299] nbd: nbd0 already in use
[  343.385769][T16306] netlink: 'syz.3.3715': attribute type 4 has an invalid length.
[  343.446066][T16307] netlink: 'syz.0.3714': attribute type 3 has an invalid length.
[  343.545550][  T931] IPVS: starting estimator thread 0...
[  343.645265][T16316] IPVS: using max 21 ests per chain, 50400 per kthread
[  343.716688][ T2444] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.918341][ T2444] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.990701][ T2444] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.063975][ T2444] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.175408][ T2444] bridge_slave_1: left allmulticast mode
[  344.181062][ T2444] bridge_slave_1: left promiscuous mode
[  344.187296][ T2444] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.196941][ T2444] bridge_slave_0: left allmulticast mode
[  344.202582][ T2444] bridge_slave_0: left promiscuous mode
[  344.208866][ T2444] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.541268][ T2444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  344.553776][ T2444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  344.568290][ T2444] bond0 (unregistering): Released all slaves
[  344.879791][ T2444] hsr_slave_0: left promiscuous mode
[  344.893538][ T2444] hsr_slave_1: left promiscuous mode
[  344.900269][ T2444] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  344.908147][ T2444] batman_adv: batadv0: Removing interface: batadv_slave_0
[  344.916589][ T2444] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  344.924014][ T2444] batman_adv: batadv0: Removing interface: batadv_slave_1
[  344.944482][ T2444] veth1_macvtap: left promiscuous mode
[  344.950228][ T2444] veth0_macvtap: left promiscuous mode
[  344.956179][ T2444] veth1_vlan: left promiscuous mode
[  344.961456][ T2444] veth0_vlan: left promiscuous mode
[  345.212827][T16332] nbd: nbd0 already in use
[  345.428644][ T5092] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  345.438911][ T5092] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  345.452211][ T5092] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  345.462600][ T5092] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  345.471578][ T5092] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  345.489018][ T5092] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  345.654814][ T2444] team0 (unregistering): Port device team_slave_1 removed
[  345.694295][ T2444] team0 (unregistering): Port device team_slave_0 removed
[  346.061141][T16328] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  346.069237][T16328] batman_adv: batadv0: Removing interface: batadv_slave_0
[  346.078863][T16334] netlink: 'syz.4.3727': attribute type 4 has an invalid length.
[  346.101093][T16339] __nla_validate_parse: 21 callbacks suppressed
[  346.101110][T16339] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3724'.
[  346.154470][T16339] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3724'.
[  346.172941][T16337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3725'.
[  346.194552][T16337] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  346.293053][T16342] lo speed is unknown, defaulting to 1000
[  346.306642][T16350] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3731'.
[  346.573795][T16365] FAULT_INJECTION: forcing a failure.
[  346.573795][T16365] name failslab, interval 1, probability 0, space 0, times 0
[  346.606202][T16364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3737'.
[  346.628029][T16365] CPU: 0 PID: 16365 Comm: syz.4.3735 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  346.638214][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  346.648283][T16365] Call Trace:
[  346.651577][T16365]  <TASK>
[  346.654526][T16365]  dump_stack_lvl+0x241/0x360
[  346.655420][ T2471] ==================================================================
[  346.659206][T16365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.667241][ T2471] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[  346.672413][T16365]  ? __pfx__printk+0x10/0x10
[  346.680441][ T2471] Read of size 8 at addr ffff88802f3f70b8 by task kworker/u8:10/2471
[  346.685010][T16365]  ? __phys_addr+0xba/0x170
[  346.693030][ T2471] 
[  346.699881][T16365]  should_fail_ex+0x3b0/0x4e0
[  346.704563][T16365]  ? __build_skb+0x4b/0x90
[  346.708983][T16365]  should_failslab+0x9/0x20
[  346.713485][T16365]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  346.718862][T16365]  __build_skb+0x4b/0x90
[  346.723105][T16365]  netlink_alloc_large_skb+0x65/0x100
[  346.728474][T16365]  netlink_sendmsg+0x638/0xcb0
[  346.733245][T16365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  346.738526][T16365]  ? __mutex_trylock_common+0x183/0x2e0
[  346.744072][T16365]  ? aa_sock_msg_perm+0x91/0x160
[  346.749013][T16365]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  346.754293][T16365]  ? security_socket_sendmsg+0x87/0xb0
[  346.759752][T16365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  346.765031][T16365]  __sock_sendmsg+0x221/0x270
[  346.769709][T16365]  sock_sendmsg+0x134/0x200
[  346.774211][T16365]  ? __pfx_sock_sendmsg+0x10/0x10
[  346.779247][T16365]  ? iov_iter_bvec+0x4e/0x180
[  346.783922][T16365]  splice_to_socket+0xa13/0x10b0
[  346.788857][T16365]  ? __pfx_lock_release+0x10/0x10
[  346.793897][T16365]  ? __pfx_splice_to_socket+0x10/0x10
[  346.799286][T16365]  ? __lock_acquire+0x1346/0x1fd0
[  346.804320][T16365]  ? bpf_lsm_file_permission+0x9/0x10
[  346.809686][T16365]  ? security_file_permission+0x7f/0xa0
[  346.815233][T16365]  ? rw_verify_area+0x1d2/0x6b0
[  346.820083][T16365]  ? __pfx_splice_to_socket+0x10/0x10
[  346.825450][T16365]  do_splice+0xd77/0x1900
[  346.829781][T16365]  ? __pfx_lock_release+0x10/0x10
[  346.834797][T16365]  ? vfs_write+0x7c4/0xc90
[  346.839216][T16365]  ? __mutex_unlock_slowpath+0x21d/0x750
[  346.844852][T16365]  ? pipe_clear_nowait+0x196/0x220
[  346.849963][T16365]  ? __pfx_do_splice+0x10/0x10
[  346.854731][T16365]  __se_sys_splice+0x331/0x4a0
[  346.859499][T16365]  ? __pfx___se_sys_splice+0x10/0x10
[  346.864782][T16365]  ? do_syscall_64+0x100/0x230
[  346.869802][T16365]  ? __x64_sys_splice+0x21/0xf0
[  346.874654][T16365]  do_syscall_64+0xf3/0x230
[  346.879153][T16365]  ? clear_bhb_loop+0x35/0x90
[  346.883828][T16365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.889716][T16365] RIP: 0033:0x7f9e3eb75bd9
[  346.894127][T16365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.913729][T16365] RSP: 002b:00007f9e3f87f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  346.922140][T16365] RAX: ffffffffffffffda RBX: 00007f9e3ed04038 RCX: 00007f9e3eb75bd9
[  346.930107][T16365] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  346.938069][T16365] RBP: 00007f9e3f87f0a0 R08: 000000000004ffe2 R09: 0000000000000000
[  346.946035][T16365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.953999][T16365] R13: 000000000000006e R14: 00007f9e3ed04038 R15: 00007ffce0529438
[  346.961978][T16365]  </TASK>
[  346.964991][ T2471] CPU: 1 PID: 2471 Comm: kworker/u8:10 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  346.975321][ T2471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  346.985375][ T2471] Workqueue: l2tp l2tp_tunnel_del_work
[  346.990820][ T2471] Call Trace:
[  346.994080][ T2471]  <TASK>
[  346.996994][ T2471]  dump_stack_lvl+0x241/0x360
[  347.001651][ T2471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.006853][ T2471]  ? __pfx__printk+0x10/0x10
[  347.011450][ T2471]  ? _printk+0xd5/0x120
[  347.015599][ T2471]  ? __virt_addr_valid+0x183/0x520
[  347.020703][ T2471]  ? __virt_addr_valid+0x183/0x520
[  347.025808][ T2471]  print_report+0x169/0x550
[  347.030298][ T2471]  ? __virt_addr_valid+0x183/0x520
[  347.035397][ T2471]  ? __virt_addr_valid+0x183/0x520
[  347.040495][ T2471]  ? __virt_addr_valid+0x44e/0x520
[  347.045594][ T2471]  ? __phys_addr+0xba/0x170
[  347.050085][ T2471]  ? l2tp_tunnel_del_work+0xe5/0x330
[  347.055359][ T2471]  kasan_report+0x143/0x180
[  347.059852][ T2471]  ? l2tp_tunnel_del_work+0xe5/0x330
[  347.065125][ T2471]  l2tp_tunnel_del_work+0xe5/0x330
[  347.070225][ T2471]  ? process_scheduled_works+0x945/0x1830
[  347.075930][ T2471]  process_scheduled_works+0xa2c/0x1830
[  347.081471][ T2471]  ? __pfx_process_scheduled_works+0x10/0x10
[  347.087441][ T2471]  ? assign_work+0x364/0x3d0
[  347.092022][ T2471]  worker_thread+0x86d/0xd50
[  347.096602][ T2471]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  347.102483][ T2471]  ? __kthread_parkme+0x169/0x1d0
[  347.107537][ T2471]  ? __pfx_worker_thread+0x10/0x10
[  347.112633][ T2471]  kthread+0x2f0/0x390
[  347.116692][ T2471]  ? __pfx_worker_thread+0x10/0x10
[  347.121788][ T2471]  ? __pfx_kthread+0x10/0x10
[  347.126376][ T2471]  ret_from_fork+0x4b/0x80
[  347.130780][ T2471]  ? __pfx_kthread+0x10/0x10
[  347.135363][ T2471]  ret_from_fork_asm+0x1a/0x30
[  347.140121][ T2471]  </TASK>
[  347.143127][ T2471] 
[  347.145437][ T2471] Allocated by task 16363:
[  347.149842][ T2471]  kasan_save_track+0x3f/0x80
[  347.154511][ T2471]  __kasan_kmalloc+0x98/0xb0
[  347.159092][ T2471]  __kmalloc_noprof+0x1f9/0x400
[  347.163931][ T2471]  l2tp_session_create+0x3b/0xc20
[  347.168938][ T2471]  pppol2tp_connect+0xca3/0x17a0
[  347.173860][ T2471]  __sys_connect+0x2df/0x310
[  347.178435][ T2471]  __x64_sys_connect+0x7a/0x90
[  347.183183][ T2471]  do_syscall_64+0xf3/0x230
[  347.187713][ T2471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.193592][ T2471] 
[  347.195903][ T2471] Freed by task 4548:
[  347.199864][ T2471]  kasan_save_track+0x3f/0x80
[  347.204526][ T2471]  kasan_save_free_info+0x40/0x50
[  347.209539][ T2471]  poison_slab_object+0xe0/0x150
[  347.214460][ T2471]  __kasan_slab_free+0x37/0x60
[  347.219208][ T2471]  kfree+0x149/0x360
[  347.223092][ T2471]  __sk_destruct+0x58/0x5f0
[  347.227583][ T2471]  rcu_core+0xafd/0x1830
[  347.231807][ T2471]  handle_softirqs+0x2c4/0x970
[  347.236554][ T2471]  __irq_exit_rcu+0xf4/0x1c0
[  347.241126][ T2471]  irq_exit_rcu+0x9/0x30
[  347.245352][ T2471]  common_interrupt+0xaa/0xd0
[  347.250013][ T2471]  asm_common_interrupt+0x26/0x40
[  347.255024][ T2471] 
[  347.257330][ T2471] Last potentially related work creation:
[  347.263026][ T2471]  kasan_save_stack+0x3f/0x60
[  347.267690][ T2471]  __kasan_record_aux_stack+0xac/0xc0
[  347.273052][ T2471]  call_rcu+0x167/0xa70
[  347.277196][ T2471]  pppol2tp_release+0x24b/0x350
[  347.282033][ T2471]  sock_close+0xbc/0x240
[  347.286259][ T2471]  __fput+0x24a/0x8a0
[  347.290226][ T2471]  task_work_run+0x24f/0x310
[  347.294807][ T2471]  syscall_exit_to_user_mode+0x168/0x360
[  347.300442][ T2471]  do_syscall_64+0x100/0x230
[  347.305016][ T2471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.310894][ T2471] 
[  347.313220][ T2471] The buggy address belongs to the object at ffff88802f3f7000
[  347.313220][ T2471]  which belongs to the cache kmalloc-1k of size 1024
[  347.327281][ T2471] The buggy address is located 184 bytes inside of
[  347.327281][ T2471]  freed 1024-byte region [ffff88802f3f7000, ffff88802f3f7400)
[  347.341167][ T2471] 
[  347.343480][ T2471] The buggy address belongs to the physical page:
[  347.349879][ T2471] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f3f0
[  347.358624][ T2471] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  347.367195][ T2471] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  347.374724][ T2471] page_type: 0xffffefff(slab)
[  347.379401][ T2471] raw: 00fff00000000040 ffff888015041dc0 ffffea0001968600 0000000000000002
[  347.387978][ T2471] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  347.396552][ T2471] head: 00fff00000000040 ffff888015041dc0 ffffea0001968600 0000000000000002
[  347.405212][ T2471] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000
[  347.413881][ T2471] head: 00fff00000000003 ffffea0000bcfc01 ffffffffffffffff 0000000000000000
[  347.422554][ T2471] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  347.431207][ T2471] page dumped because: kasan: bad access detected
[  347.437627][ T2471] page_owner tracks the page as allocated
[  347.443328][ T2471] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 51, tgid 51 (kworker/u8:3), ts 333182916168, free_ts 332206430516
[  347.465291][ T2471]  post_alloc_hook+0x1f3/0x230
[  347.470052][ T2471]  get_page_from_freelist+0x2e4c/0x2f10
[  347.475591][ T2471]  __alloc_pages_noprof+0x256/0x6c0
[  347.480791][ T2471]  alloc_slab_page+0x5f/0x120
[  347.485461][ T2471]  allocate_slab+0x5a/0x2f0
[  347.489965][ T2471]  ___slab_alloc+0xcd1/0x14b0
[  347.494640][ T2471]  __slab_alloc+0x58/0xa0
[  347.498964][ T2471]  kmalloc_node_track_caller_noprof+0x281/0x440
[  347.505209][ T2471]  kmalloc_reserve+0x111/0x2a0
[  347.509981][ T2471]  __alloc_skb+0x1f3/0x440
[  347.514393][ T2471]  inet6_rt_notify+0xdf/0x290
[  347.519059][ T2471]  fib6_del+0x10c5/0x1600
[  347.523378][ T2471]  fib6_clean_node+0x2f7/0x5e0
[  347.528132][ T2471]  fib6_walk_continue+0x658/0x8f0
[  347.533145][ T2471]  fib6_walk+0x168/0x2b0
[  347.537413][ T2471]  __fib6_clean_all+0x31f/0x4b0
[  347.542262][ T2471] page last free pid 5139 tgid 5139 stack trace:
[  347.548569][ T2471]  free_unref_page+0xd22/0xea0
[  347.553326][ T2471]  __put_partials+0xeb/0x130
[  347.557902][ T2471]  put_cpu_partial+0x17c/0x250
[  347.562654][ T2471]  __slab_free+0x2ea/0x3d0
[  347.567062][ T2471]  qlist_free_all+0x9e/0x140
[  347.571640][ T2471]  kasan_quarantine_reduce+0x14f/0x170
[  347.577090][ T2471]  __kasan_slab_alloc+0x23/0x80
[  347.581927][ T2471]  kmalloc_trace_noprof+0x132/0x2c0
[  347.587117][ T2471]  nsim_fib_event_work+0xe17/0x4130
[  347.592301][ T2471]  process_scheduled_works+0xa2c/0x1830
[  347.597835][ T2471]  worker_thread+0x86d/0xd50
[  347.602432][ T2471]  kthread+0x2f0/0x390
[  347.606503][ T2471]  ret_from_fork+0x4b/0x80
[  347.610914][ T2471]  ret_from_fork_asm+0x1a/0x30
[  347.615673][ T2471] 
[  347.617984][ T2471] Memory state around the buggy address:
[  347.623603][ T2471]  ffff88802f3f6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  347.631663][ T2471]  ffff88802f3f7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  347.639710][ T2471] >ffff88802f3f7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  347.647761][ T2471]                                         ^
[  347.653638][ T2471]  ffff88802f3f7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  347.661714][ T2471]  ffff88802f3f7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  347.669760][ T2471] ==================================================================
[  347.677921][ T2471] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  347.685121][ T2471] CPU: 1 PID: 2471 Comm: kworker/u8:10 Not tainted 6.10.0-rc6-syzkaller-01230-gc7f79f2620b7 #0
[  347.695449][ T2471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  347.705510][ T2471] Workqueue: l2tp l2tp_tunnel_del_work
[  347.710989][ T2471] Call Trace:
[  347.714272][ T2471]  <TASK>
[  347.717203][ T2471]  dump_stack_lvl+0x241/0x360
[  347.721896][ T2471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.727109][ T2471]  ? __pfx__printk+0x10/0x10
[  347.731716][ T2471]  ? vscnprintf+0x5d/0x90
[  347.736056][ T2471]  panic+0x349/0x860
[  347.739965][ T2471]  ? check_panic_on_warn+0x21/0xb0
[  347.745087][ T2471]  ? __pfx_panic+0x10/0x10
[  347.749515][ T2471]  ? mark_lock+0x9a/0x350
[  347.753855][ T2471]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  347.759761][ T2471]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  347.765664][ T2471]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  347.771998][ T2471]  ? print_report+0x502/0x550
[  347.776694][ T2471]  check_panic_on_warn+0x86/0xb0
[  347.781655][ T2471]  ? l2tp_tunnel_del_work+0xe5/0x330
[  347.786949][ T2471]  end_report+0x77/0x160
[  347.791210][ T2471]  kasan_report+0x154/0x180
[  347.795731][ T2471]  ? l2tp_tunnel_del_work+0xe5/0x330
[  347.801032][ T2471]  l2tp_tunnel_del_work+0xe5/0x330
[  347.806155][ T2471]  ? process_scheduled_works+0x945/0x1830
[  347.811878][ T2471]  process_scheduled_works+0xa2c/0x1830
[  347.817482][ T2471]  ? __pfx_process_scheduled_works+0x10/0x10
[  347.823482][ T2471]  ? assign_work+0x364/0x3d0
[  347.828086][ T2471]  worker_thread+0x86d/0xd50
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  347.832694][ T2471]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  347.838604][ T2471]  ? __kthread_parkme+0x169/0x1d0
[  347.843657][ T2471]  ? __pfx_worker_thread+0x10/0x10
[  347.848779][ T2471]  kthread+0x2f0/0x390
[  347.852857][ T2471]  ? __pfx_worker_thread+0x10/0x10
[  347.857978][ T2471]  ? __pfx_kthread+0x10/0x10
[  347.862586][ T2471]  ret_from_fork+0x4b/0x80
[  347.867021][ T2471]  ? __pfx_kthread+0x10/0x10
[  347.871621][ T2471]  ret_from_fork_asm+0x1a/0x30
[  347.876407][ T2471]  </TASK>
[  347.879652][ T2471] Kernel Offset: disabled
[  347.883973][ T2471] Rebooting in 86400 seconds..