last executing test programs:

1m36.718267095s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

48.213316671s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

37.908988087s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

24.879063542s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

13.043668142s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

4.342507394s ago: executing program 1 (id=3057):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000010000100000000000400000000000000", @ANYRES32=r2, @ANYBLOB="0140000070a0628824001680200001800c0007000080000002b8000010000608b26b000003000000000000009ee4f542195f987b2a12e38b25bbafcc3fbe1051457b409b1616a07bb67d528792c0d11cb7fdf60a0863572711df4a3609cb3a018d4571a5bec7ce93c4964ae3bf93d99d17e0db1079bf28ea29d9f68abdb67ec3cb742524eb2a75f3973ebccc5c36b3078c751bd8217e37adb014ac6d5af3e71f701d"], 0x44}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x7f, 0x0, 0x0, 0xffffffff}})

3.300006471s ago: executing program 3 (id=4462):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'lo\x00'})
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x3, 0xfffffffe, 0x2000001c}, 0x10)
write(r1, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'lo\x00'}) (async)
socket(0x10, 0x3, 0x0) (async)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x3, 0x3, 0xfffffffe, 0x2000001c}, 0x10) (async)
write(r1, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18) (async)

3.018127641s ago: executing program 3 (id=4465):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xe803000000000000)

2.305189719s ago: executing program 4 (id=4473):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b70200000000e6ccbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe02000000850000001a000000b7000000100000009500000000000000455781a5fee65e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde43a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d1106fb0289ce67a66afd92c3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a060000009b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece6d311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da326018362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f707777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee23483508818b897e3b677d3d342640e328504ae2dbf8fe1d704765de74891f7c8dae85739c50409c62040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528d46362ea0d8d79c79ddca066da478c1b7d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5f001000000100008000000000ed6f6663677df37de0ec0d0f548b273940be5d1fe0aae14d1a76e0741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ce0000000000000000000000000000000064d3210f806a4877e73c19072e358da1cdbef27967e918e6f2bab4a78ce0103a91789340b00db45df429d650e2f6acfbf9bf2f1b23064f3e60a9ded23b652f110940813a14c97abc84ab3cf728efd94ba2895a0884e7f7c53bc60d1b9768a979929055be8565b8a15dffc8692476ff03963b626afbc18750629666d1f449f02271064768c0731aeccb2c342ae3fa9956354e847f086eee8cd78617ad6ae28f121b23c1128b78f521eea8c487ae31f9112db0e671dd47d95ea9653e51da8c99a996656149a65f8e88032ddf35717407"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000140)=r1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffc}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_NG_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

2.11428659s ago: executing program 2 (id=4474):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="180000003d0007ff0f00fff000000000037c000004"], 0x18}}, 0x0)

2.113166582s ago: executing program 4 (id=4475):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=@newtaction={0x5c, 0x30, 0x7, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000340)={0x14, r2, 0x313, 0x0, 0x0, {0x2f}}, 0x14}}, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r3, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000c000000180001657468315f746f5f687372000000000c0003800500038004000500000000000000711077388b637a82214db1b820489874e1bd40ddd71fc91a0f1e5134fd8935e5847a6249b220c6f44a653b7b5c7b4cc66862de1e90054bd325f901b3526730da52367385dbe74c631a1b98"], 0x38}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000000a05000000000000000000010000000900010073797a30000000000900010073797a31000000000c00044000000000000000040c00044000000000000000050c00044000000000000000020900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000008000b40000000006c0004804c0001800b0001007470726f787900003c00028008000140000000000800014000000002080003400000000008000140000000000800014000000000080002400000000408000140000000021c0001800900010068617368000000000c00028008000740000000000900010073797a30"], 0x144}}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESDEC=0x0], 0x20}}, 0x0)
r8 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$sock_int(r8, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r8, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

2.043251444s ago: executing program 3 (id=4476):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x101001, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x89e0, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\a\x00'})

1.996668278s ago: executing program 2 (id=4477):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000680)={'vxcan0\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x204, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)

1.470211645s ago: executing program 4 (id=4478):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="61123000000000006113680000000000bf2000000000000015000600071b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x70, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x3ff, 0x4000000, 0x0, 0x0, 0x1}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xfffffffe}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x8, @mcast1}}, 0x0, 0x0, 0x1, 0x0, "ddfd3b7ed7c6a1c172a987ae5ce3cafd64c9a736831a5912d606798fb75c9981c4b3ac0e06891ff18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf80c07fb1a854dad742eef6187f2304844c296"}, 0xd8) (async)
close(r1)

1.470103321s ago: executing program 0 (id=4479):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400fff01000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0003006970768a616e00000c0002800600010000000000050027"], 0x44}}, 0x814)

1.440767483s ago: executing program 3 (id=4480):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1}, 0x7e, {0x2, 0x0, @empty}, 'batadv_slave_0\x00'})
listen(r0, 0x0) (async)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

1.406201093s ago: executing program 2 (id=4481):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc250d40f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c9837d5ac03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a9b893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729a40000dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c5452f42e09b388a14b22bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66cf8aeb1f98bd67bfd38ec2beac3ca99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94d81150c68ab27987655e1dd676ceef54ad4d663f88b6f82a65f7c94a0e40cbb782ff536bd67ba81125f8e0af199094b407f630dc6eb3b79615a4e63f75ab30b1e475748cb5dce6581dc92f740a21fb8dec725b4f2a0b0972f852504245d5ce11cfdead09c9b6e094261084cd20c2294525061a4638c0bfd08dfa70d24bf85d9cfd940e1a4f1509bed8233f22506e5b000000000000862a01def6c9e879a87688ad151c14ae7ff8a090aebe7e4f936c26e565ae96d38ee5f794468caa17419e22ff13df60a95596490358a3b8121511e427d619ad87fe998702ea0b659eff3f5cd8f4094fdd6b1d45facfe6629846170d99de670a9e72e21ed7363876612bf58a17142abccbf5354f432ed1df74f8168d05de528f63a98bca22820439c567973de0077c068d1b70b6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x58, &(0x7f0000000180)}, 0x10)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

1.306137445s ago: executing program 2 (id=4482):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007000000", @ANYRES32, @ANYBLOB=' '], 0x38}}, 0xc000) (async)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="0200"})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x100}}, 0x0)
socket$rxrpc(0x21, 0x2, 0xa) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r5 = socket(0x10, 0x80002, 0x0) (rerun: 32)
sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0x0) (async)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1900000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x801, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x1000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) (async)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, r7, 0x7, 0x0, 0x0, {{0x8}, {@void, @val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r9=>0x0}) (async)
r10 = socket(0x1d, 0x2, 0x6)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r11, 0x0, 0x13, &(0x7f0000000040)=0x1000000, 0x4) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x55}]}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$inet(r11, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0}}], 0x1, 0x0) (async, rerun: 32)
setsockopt$llc_int(r10, 0x6a, 0x5, 0x0, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async)
sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000068a3eac581269dde5a9665b4148d0000000200000002000000dcc0"], 0x24}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r3, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r9}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0)

1.305481542s ago: executing program 0 (id=4483):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000004100000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)

1.255804988s ago: executing program 4 (id=4484):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
unshare(0x20000400)
r1 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000500)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bf2c, 0x25dfdbff, {0xa, 0x38, 0x0, 0xff, r3}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bind$qrtr(r1, &(0x7f0000000080)={0x2a, 0xffffffff}, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000380)="4000000000220006908a00000400", 0x10)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000140)="5f96565e14027386aa93a303c44b5b3b", 0x10)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f00000009c0)=@assoc_value={0x0, 0x800}, 0x8)
r6 = socket(0x2, 0x3, 0xff)
connect$inet(r6, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r6, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="643c87cf08d21d994efea03321af0c6c7715a604", 0x14}], 0x1}}], 0x1, 0x0)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6)

1.232443481s ago: executing program 0 (id=4485):
syz_emit_ethernet(0x86, &(0x7f0000001500)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x2000, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x40000000, 0x0, "8908981864d689ac43445c1c26e95299e94ccad8794114ae3061e328af342f99", "e4d0ce57abcb41f7f5c8ab8f63dd38a1", {"bb3ce5a4bbb68671a2892fa0317a823c", "be9d98ca816f77013a778b6c40b49ea9"}}}}}}}, 0x0)

1.094289774s ago: executing program 3 (id=4486):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030400fff0000000000000000400", @ANYRES32=r1, @ANYBLOB="e0d8010004a701001c00128009000100626f6e64000000000c000280050001"], 0x3c}, 0x1, 0x0, 0x0, 0x408d1}, 0x4000044)

1.075094319s ago: executing program 2 (id=4487):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xeffdffffffffffff)

1.054755142s ago: executing program 0 (id=4488):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000540)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7)

937.741665ms ago: executing program 4 (id=4489):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x8, 0x9, 0x8, 0xfa}})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="b498f384", 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000e80)={@random="0f539af21094", @remote, @val={@val={0x88a8, 0x0, 0x0, 0x2}, {0x8100, 0x2, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x38, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x24}, @mcast2, {[], @dest_unreach={0x4, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@srh={0x2c, 0x209e, 0x4, 0x0, 0x3, 0x0, 0x365, [@dev={0xfe, 0x80, '\x00', 0x26}]}]}}}}}}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000b40)=ANY=[@ANYBLOB="f8020000f1488bfd17c9b51a6492cafaba1fb10711abff56824e0f1b16d3e6c2fe182abaec54b81a8bc48609a541865b36f209a2b6744e6722c1c5bc63ab", @ANYRES16=r5, @ANYBLOB="000829bd7000fedbdf253b0000000c00990000000080790000000800cd000001740bc102330080340e00080211000001080211000000ffffffffffff350009000000000000008100118100060202020202020406ff08010492000602ffff05f90169024079a7c2420121ff12f1d350ef5f94ca44c7780c9d4e8a312f7ee9332e8653207a89266f37acd0a442b0385920c7fa0ce629ca67201b4398695e8d9afc0a2bbbfbf95aad0d5a5d219ae9f6eaf87cb794ae0368cb69ed9f91b4146211a6fb5cf5127c91204b2bd336a8f67ea01a14843115de0d93af908348b564910bcc835a8f189228f72ade1ac960ee993cc04130df763fe21676ed616f78be535d719c1ae5269f827753f6b2715a64a92d9329b26d43c82fe22f1da558daeb49ab84f5f0f4afc25de7efcb633b563ef60616e8facc8bd1b66d627c36f852e41bc3430ba80e49302d3af55eb0f25729971b20ec1559e258d06ef2f4250301b50072060303030303037107010000ff010c09760606043a000200dda3c6c694e28b7962a929d7cfe1c4c32c5a03b220a3b3c865785a64d5f25de04229ce8b059c9a000ab69c4e0dff336d1ee1bf343aeac8859849ddc190ffb0f9002590da22a8e2b57103808788662e8b23f45ad7b296f3bffc893c7d15a417879a8e131dc6e28580082fc691562bc1808406eafdf65653a18d2f428cda6f85ab5bfc14022dbc6290980a0b3c07b33dc2198c57d384922f1f6b84755d13c6ff03574c1b39f0dd79794a17ae78d456c0f91e27821a2ebe4e48c894981988dc0ec3473c4dc2b754ce5eb3cfbdd6ee86160be27d20a5141f1397c77d6235420553a153e4c2b42c71b048b5bd2463a6911fab86c1cf942c89dc64a1d5fb14df43ae3a55a630a379f905ace89183b989d0458c3946faf51b36acf4ecd0980f7bb26906dd4ad3e89ebfaf8e43c185f035f549a0b669870fc855fc0410495b685d540808d8aa2db6a25c339bb2a92b7d9e41ae1487a1801d04d8c8ed95a1d3b33a65341a73fbf1c71b24d5db96cf2ca50000000400870004008e0004008700"], 0x2f8}, 0x1, 0x0, 0x0, 0x10}, 0x8001)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f00000021c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000002200)={0x3c, r6, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f0000000b00)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x480, r5, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@cf_end={{}, {0x2}, @device_b}}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@ack={{}, {0x1}}}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x228, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1}, {}, @initial, @device_a, @device_b, {0xf, 0x934}, "", @void, @value=@ver_80211n={0x0, 0x7003, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}}, @a_msdu=[{@broadcast, @device_a, 0xe5, "502f1ead102c536080230179a9800f9c7e8033ef8335d6ef6b0a8fc127e8bbf20f681fc375aab7edef3fd95a9e75db1c840c966781f1c46483977766bf38cc939ea48f809d2f406cc189866a880c8a24bb844b48cb35e965bcefa2636da0a7d91186bd1f7df58da258b2c1d11ab4f5721b567f484c37bf14e9be8989a37854e81b5a6d41259fb0cafda4b805e5f1605da942679566a7cefe2a60c5bc9700350b83eda4b6ba1ca6597080411ad175aa90bdf35ef76d22cae7bcf0f8b705c508fe2b6fb095fd6c4dabb1532d96c058bb4c84e5084bb26f05a982eef072de92b69bad2add3f2b"}, {@broadcast, @device_b, 0xa, "696b16a09b3ab74225ae"}, {@device_b, @device_b, 0xeb, "124b0ce7387e0ca3f77526b3317806e9ecfc0e269cc7e77811c2df6762ce50b6071142ad006a50a4c9075d97905930eaceafb9c916cd195e6b086eccac072d7076bf846693e46fd137bab88a53518ad4e035007e4352959f7c3d643e0fe0f1c55df77fcf0a3f75113383d9474cdc7f44cd1a44aa6c454ad48fb4e3f1ba2f9fb920f6f370e6a256768f1f2e4836e1d992c82423bea3167346af377e421cbc6edd702504f50404104aa7e7570030be648a336feba62f3727f3440a21bb82cc75a8214175663521e81e5a943c152ff9a55be5229e15343b4b6fac700c14c8b1c4dadc1caa0bd956207833111c"}]}}, @NL80211_ATTR_FRAME={0xff, 0x33, @mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {}, @device_b, @device_b, @random="b2174d3421ee"}, 0x9, @random=0x6, 0x5, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xbe, 0xa9, 0x0, 0x2, 0x0, 0x1}, 0x1, 0x101, 0x3}}, @void, @void, [{0xdd, 0xa3, "c1beda822687b039fb465c2a408ae3f66faa11eb3eb71b725c283067f6908c018e29cbcef22f23361923217ad6d35847d610397a01299eb1106ece5ae312901a2a930375dadd884dee0e8f196fac418d892366c919b131b3797bc27f942290fc3ab3cabb9aa6829156589803b3771708e0ff443d428c6ed4ff029eb2031eb140bd095d20660e126008552ce71967cb4124b142bde5b6ec88f07415ae40c12fa4644534"}, {0xdd, 0x14, "dca7c33cfed7d6f2b140971c97e510ff95206ccf"}]}}, @NL80211_ATTR_FRAME={0x90, 0x33, @mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x6}, @device_b, @device_a, @random="8a7f49a8ae02", {0x4, 0x584}}, 0x55cb, @default, 0x8, @void, @val={0x1, 0x3, [{0x24}, {0x16}, {0x1b, 0x1}]}, @void, @val={0x4, 0x6, {0x7, 0x7, 0x0, 0x6df}}, @val={0x6, 0x2, 0x8000}, @val={0x2d, 0x1a, {0x800, 0x2, 0x0, 0x0, {0x8001, 0x4, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x8, 0x40, 0x6b}}, @val={0x72, 0x6}, @void, [{0xdd, 0xe, "d228dc63f15c7c3d0c06633b4e85"}, {0xdd, 0x21, "8c945eb2c9f97e9d4dcb5131594b9b86c5dd78458a42b63716672ab957dd9da500"}]}}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x6}, @broadcast, @device_b}}, @NL80211_ATTR_FRAME={0x43, 0x33, @mgmt_frame=@action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x81}, @device_a, @broadcast, @random="edf27d5bf266", {0x9, 0x8}}, @sp_mp_confirm={0xf, 0x2, {0x8, @random=0xfffd, {0x1, 0x3, [{0x60}, {0x44ea17102896c051, 0x1}, {0x18}]}, @void, @val={0x2d, 0x1a, {0x2, 0x3, 0x4, 0x0, {0x5, 0x1, 0x0, 0x40, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x80000000, 0x2}}}}}}, @NL80211_ATTR_FRAME={0x1e, 0x33, @mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7ffd}, @broadcast, @broadcast, @from_mac=@device_b, {0x9, 0x6}}, 0x32, @void}}]}, 0x480}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040045)
sendmsg$key(r7, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4, 0x0, 0x6, 0x28, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x4, 0x0, 0x6e6bb5, 0xc, {0x6, 0x33, 0xe6, 0x0, 0x0, 0x8, 0x0, @in6=@private0, @in=@empty}}, @sadb_ident={0x2, 0xa, 0x7, 0x0, 0x7}, @sadb_key={0x1c, 0x9, 0x690, 0x0, "9a07238f8d79ede05be6d6f6abcdcea80140e1a3beac8060bbc95f4c49994e9b538a21c6a1af87b6481c3929f6fb0f2eea3c3a5e1171044f2bda4d4bca906b792b0d5791a0ee08774ecd80586216062b1cc789a93753c79403d5944f8be95f3b0a6c4b772ea95bfb11b454ad7d6f395a600b9e95ecc13c3f408693c743494a993b53cb7753fbd385cc2d485dcaecb7af01d48463d8f9f73e7104c669b40131866cc4784dc5956419359f03f98b3045b427ee7adf2d353eb3ef745ec5d5db351a9a3b6e1344969b53577df5011bcc105979fd"}]}, 0x140}, 0x1, 0x7}, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r8, 0x6, 0xc, 0x0, &(0x7f0000000280))
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000380)={<r9=>r7, 0x4, 0x572, 0x7})
bind$alg(r9, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)

937.394169ms ago: executing program 2 (id=4490):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x101001, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random=' \a\x00'})

861.398392ms ago: executing program 3 (id=4491):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000680)={'vxcan0\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x300, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)

801.638702ms ago: executing program 4 (id=4492):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfd, 0x8, 0x2000}}, 0x1c}}, 0x4000)
ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r3, @ANYBLOB="0a0001"], 0x48}}, 0x0)

77.315657ms ago: executing program 0 (id=4493):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x650, 0x1b8, 0x0, 0x428, 0x428, 0x0, 0x580, 0x580, 0x580, 0x580, 0x580, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@loopback, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {0xff}}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast1, @private2, [], [0x0, 0x0, 0x0, 0xff000000], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@frag={{0x30}, {[], 0x0, 0x0, 0x2}}, @inet=@rpfilter={{0x28}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x118, 0x158, 0x0, {}, [@common=@dst={{0x48}}, @inet=@rpfilter={{0x28}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0xfffffffe, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6b0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000200)={&(0x7f0000000180)={0x28, r1, 0x1, 0x0, 0x0, {{}, {}, {0xc, 0x14, 'broadcast-link\x00'}}}, 0x28}}, 0x0) (async, rerun: 64)
r3 = socket(0x10, 0x3, 0x0) (rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000b40)={r4, &(0x7f00000009c0)="264dd7e217fcbc8cbbcec29e92c2f0dd54f2b1dcacc16b0abab12596d14d6466fbd7a8afdcc1d62f0a417323e32d77441d5db1cfb52bb54721270dfa07562bd2f0a3eb7ec7ce106aa98e5eba589546197479caa96fb1523b6a83f572882fbe5e3f69dc4dad90ddcd56f3a3b581ae1a3a91d7dc986335903e6410148715957603bf0e32adcba02d78a912b9453bb1ede0dd393b69f0bee0ab4a9dd025af63d331fc0ead7f32f35431cf49da02493baf15931aeb4075a5c85fe49924208f02b8b28ceee8b9be12e4482b1efc76a3ad", &(0x7f0000000ac0)=""/92, 0x4}, 0x20) (async)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000680001"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @local}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0xad, 0x0, r3, 0xa6d, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x5, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb7}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2b}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4) (async)
setsockopt$inet6_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000880)=@gcm_256={{0x304}, "cf2f2d87e8107d09", "1fd036ece2fe2bf76d1b4e368d3ca2429b2601d88d84247eaf78b482a172e41a", "76e69a55", "f392eac64fb4c70b"}, 0x38) (async, rerun: 64)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x5, [@enum64={0x6, 0x4, 0x0, 0x13, 0x1, 0xc, [{0x9, 0x200, 0xffff15d2}, {0x2, 0xe97, 0x2}, {0xb, 0x3, 0x2}, {0xd, 0x9, 0x4}]}, @enum64={0x4, 0x1, 0x0, 0x13, 0x1, 0x1, [{0xa, 0x36, 0x5}]}, @volatile={0x8}, @var={0x8, 0x0, 0x0, 0xe, 0x4, 0x1}, @float={0x5, 0x0, 0x0, 0x10, 0x2}, @const={0x10, 0x0, 0x0, 0xa, 0x5}]}, {0x0, [0x0, 0x5f, 0x0]}}, &(0x7f0000000580)=""/41, 0xa5, 0x29, 0x1, 0x6, 0x0, @void, @value}, 0x28) (rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x33, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @generic={0x9, 0x5, 0x6, 0x8, 0xd861}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffff9}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @call={0x85, 0x0, 0x0, 0x8b}, @jmp={0x5, 0x1, 0x3, 0x3, 0x8, 0x80, 0x12}, @jmp={0x5, 0x0, 0xd, 0x2, 0x6, 0xffffffffffffffe0, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f0000000640)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0x9, 0x3, 0x5525afcd}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)=[{0x2, 0x2, 0x3, 0x9}], 0x10, 0x8b06, @void, @value}, 0x94) (async, rerun: 64)
r9 = socket$kcm(0x10, 0x2, 0x0) (async, rerun: 64)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r10, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="1802000005000000000000000000000085000000cd00000095000000000000002053ef12e47b07d6d5ac7081eefdd183a8ed6290e983da"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000840)={r7}, 0x4) (async)
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f00000007c0)={'\x00', @local})
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1d080006007c02e8fc55a10a0015000600142603600e120800060000000401a8000100fec0ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d", 0xa2}, {&(0x7f00000005c0)="b8cadd1b63d27c4fc2da", 0xa}, {&(0x7f0000000980)="84a33e5a63b49ad64070db02fc47dcbdcdc74d23d861c56fa46597169f24bf325d642f3daec69e6e1ba23958", 0x2c}], 0x3}, 0x0)

0s ago: executing program 0 (id=4494):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x28, r3, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x13}]}]}, 0x28}}, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
read(r5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x7, 0x0, r6, 0x4, '\x00', r7, r5, 0x1, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50)

kernel console output (not intermixed with test programs):

 ? __pfx_netlink_sendmsg+0x10/0x10
[  341.702667][T15991]  ? aa_sock_msg_perm+0x91/0x160
[  341.702702][T15991]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.702723][T15991]  __sock_sendmsg+0x221/0x270
[  341.702752][T15991]  ____sys_sendmsg+0x53a/0x860
[  341.702781][T15991]  ? __pfx_____sys_sendmsg+0x10/0x10
[  341.702800][T15991]  ? __fget_files+0x2a/0x410
[  341.702831][T15991]  ? __fget_files+0x2a/0x410
[  341.702867][T15991]  __sys_sendmsg+0x269/0x350
[  341.702892][T15991]  ? __pfx___sys_sendmsg+0x10/0x10
[  341.702925][T15991]  ? do_sys_openat2+0x17a/0x1d0
[  341.702986][T15991]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  341.703015][T15991]  ? do_syscall_64+0x100/0x230
[  341.703045][T15991]  ? do_syscall_64+0xb6/0x230
[  341.703074][T15991]  do_syscall_64+0xf3/0x230
[  341.703118][T15991]  ? clear_bhb_loop+0x35/0x90
[  341.703167][T15991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.703191][T15991] RIP: 0033:0x7f399f98d169
[  341.703207][T15991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.703223][T15991] RSP: 002b:00007f39a07f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  341.703242][T15991] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98d169
[  341.703256][T15991] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003
[  341.703268][T15991] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000
[  341.703280][T15991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  341.703291][T15991] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48
[  341.703319][T15991]  </TASK>
[  342.096637][T16004] FAULT_INJECTION: forcing a failure.
[  342.096637][T16004] name failslab, interval 1, probability 0, space 0, times 0
[  342.109617][T16004] CPU: 0 UID: 0 PID: 16004 Comm: syz.0.3654 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  342.109639][T16004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  342.109651][T16004] Call Trace:
[  342.109658][T16004]  <TASK>
[  342.109666][T16004]  dump_stack_lvl+0x241/0x360
[  342.109694][T16004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.109714][T16004]  ? __pfx__printk+0x10/0x10
[  342.109735][T16004]  ? fs_reclaim_acquire+0x93/0x130
[  342.109754][T16004]  ? __pfx___might_resched+0x10/0x10
[  342.109782][T16004]  should_fail_ex+0x40a/0x550
[  342.109814][T16004]  should_failslab+0xac/0x100
[  342.109840][T16004]  __kmalloc_noprof+0xdd/0x4c0
[  342.109864][T16004]  ? kstrtouint_from_user+0x128/0x190
[  342.109882][T16004]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  342.109907][T16004]  tomoyo_realpath_from_path+0xcf/0x5e0
[  342.109955][T16004]  tomoyo_path_number_perm+0x239/0x770
[  342.109982][T16004]  ? __lock_acquire+0x1397/0x2100
[  342.110014][T16004]  ? tomoyo_path_number_perm+0x209/0x770
[  342.110042][T16004]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  342.110118][T16004]  ? __fget_files+0x2a/0x410
[  342.110150][T16004]  ? __fget_files+0x2a/0x410
[  342.110183][T16004]  security_file_ioctl+0xc6/0x2a0
[  342.110210][T16004]  __se_sys_ioctl+0x46/0x170
[  342.110234][T16004]  do_syscall_64+0xf3/0x230
[  342.110264][T16004]  ? clear_bhb_loop+0x35/0x90
[  342.110295][T16004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.110321][T16004] RIP: 0033:0x7fe2a178d169
[  342.110338][T16004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.110356][T16004] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  342.110376][T16004] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169
[  342.110391][T16004] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004
[  342.110404][T16004] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000
[  342.110417][T16004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.110428][T16004] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28
[  342.110459][T16004]  </TASK>
[  342.110467][T16004] ERROR: Out of memory at tomoyo_realpath_from_path.
[  342.395289][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3657'.
[  342.598434][T16017] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  342.632697][T16017] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  342.679280][T16030] batman_adv: batadv0: Interface deactivated: dummy0
[  342.841715][T16038] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3667'.
[  343.133165][T16049] FAULT_INJECTION: forcing a failure.
[  343.133165][T16049] name failslab, interval 1, probability 0, space 0, times 0
[  343.147648][T16049] CPU: 0 UID: 0 PID: 16049 Comm: syz.0.3672 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  343.147671][T16049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  343.147683][T16049] Call Trace:
[  343.147691][T16049]  <TASK>
[  343.147698][T16049]  dump_stack_lvl+0x241/0x360
[  343.147727][T16049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  343.147748][T16049]  ? __pfx__printk+0x10/0x10
[  343.147768][T16049]  ? fs_reclaim_acquire+0x93/0x130
[  343.147788][T16049]  ? __pfx___might_resched+0x10/0x10
[  343.147811][T16049]  ? dynamic_dname+0x144/0x1b0
[  343.147833][T16049]  should_fail_ex+0x40a/0x550
[  343.147866][T16049]  should_failslab+0xac/0x100
[  343.147891][T16049]  __kmalloc_noprof+0xdd/0x4c0
[  343.147934][T16049]  ? tomoyo_encode+0x26f/0x540
[  343.147959][T16049]  tomoyo_encode+0x26f/0x540
[  343.147981][T16049]  ? __pfx_sockfs_dname+0x10/0x10
[  343.148010][T16049]  tomoyo_realpath_from_path+0x59e/0x5e0
[  343.148042][T16049]  tomoyo_path_number_perm+0x239/0x770
[  343.148070][T16049]  ? __lock_acquire+0x1397/0x2100
[  343.148102][T16049]  ? tomoyo_path_number_perm+0x209/0x770
[  343.148132][T16049]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  343.148201][T16049]  ? __fget_files+0x2a/0x410
[  343.148233][T16049]  ? __fget_files+0x2a/0x410
[  343.148290][T16049]  security_file_ioctl+0xc6/0x2a0
[  343.148318][T16049]  __se_sys_ioctl+0x46/0x170
[  343.148340][T16049]  do_syscall_64+0xf3/0x230
[  343.148369][T16049]  ? clear_bhb_loop+0x35/0x90
[  343.148398][T16049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.148423][T16049] RIP: 0033:0x7fe2a178d169
[  343.148439][T16049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.148455][T16049] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.148475][T16049] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169
[  343.148489][T16049] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004
[  343.148501][T16049] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000
[  343.148513][T16049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.148525][T16049] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28
[  343.148553][T16049]  </TASK>
[  343.148569][T16049] ERROR: Out of memory at tomoyo_realpath_from_path.
[  343.950957][T16077] openvswitch: netlink: Flow actions attr not present in new flow.
[  344.143195][T16093] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3689'.
[  344.189059][T16096] xt_CT: No such helper "netbios-ns"
[  344.303399][T16103] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3692'.
[  344.645500][T16123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3698'.
[  344.692200][T16129] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3700'.
[  344.806048][T16135] xt_CT: You must specify a L4 protocol and not use inversions on it
[  344.924909][T16143] netlink: 'syz.0.3704': attribute type 11 has an invalid length.
[  344.946143][T16143] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3704'.
[  345.344936][T16167] netlink: 71 bytes leftover after parsing attributes in process `syz.2.3712'.
[  345.744044][T16185] netlink: 'syz.0.3720': attribute type 11 has an invalid length.
[  345.752146][T16185] __nla_validate_parse: 2 callbacks suppressed
[  345.752163][T16185] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3720'.
[  345.942775][T16200] netlink: 'syz.2.3726': attribute type 10 has an invalid length.
[  345.988637][T16200] team0: Device hsr_slave_0 failed to register rx_handler
[  346.074043][T16206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3729'.
[  346.173690][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3728'.
[  346.273740][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3733'.
[  346.307940][T16220] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3733'.
[  346.312568][T16222] sch_tbf: burst 0 is lower than device lo mtu (39799) !
[  346.481120][T16230] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3736'.
[  346.739242][T16244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3743'.
[  346.859226][T16251] FAULT_INJECTION: forcing a failure.
[  346.859226][T16251] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  346.892752][T16251] CPU: 0 UID: 0 PID: 16251 Comm: syz.3.3745 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  346.892779][T16251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  346.892792][T16251] Call Trace:
[  346.892800][T16251]  <TASK>
[  346.892808][T16251]  dump_stack_lvl+0x241/0x360
[  346.892857][T16251]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.892881][T16251]  ? __pfx__printk+0x10/0x10
[  346.892902][T16251]  ? cgroup_rstat_updated+0x13b/0xc30
[  346.892946][T16251]  should_fail_ex+0x40a/0x550
[  346.892982][T16251]  prepare_alloc_pages+0x1da/0x5b0
[  346.893015][T16251]  __alloc_frozen_pages_noprof+0x16f/0x710
[  346.893044][T16251]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  346.893092][T16251]  alloc_pages_mpol+0x311/0x660
[  346.893127][T16251]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  346.893161][T16251]  ? do_raw_spin_unlock+0x13c/0x8b0
[  346.893192][T16251]  alloc_pages_noprof+0x121/0x190
[  346.893224][T16251]  __pmd_alloc+0x91/0x420
[  346.893247][T16251]  ? __pfx___pmd_alloc+0x10/0x10
[  346.893267][T16251]  ? __pfx_validate_chain+0x10/0x10
[  346.893299][T16251]  __handle_mm_fault+0xd34/0x70f0
[  346.893329][T16251]  ? mark_lock+0x9a/0x360
[  346.893379][T16251]  ? __pfx___handle_mm_fault+0x10/0x10
[  346.893422][T16251]  ? mt_find+0x2a9/0x920
[  346.893453][T16251]  ? __pfx_lock_release+0x10/0x10
[  346.893496][T16251]  ? mt_find+0x2a9/0x920
[  346.893528][T16251]  ? mt_find+0x6c8/0x920
[  346.893558][T16251]  ? mt_find+0x2a9/0x920
[  346.893592][T16251]  ? __pfx_mt_find+0x10/0x10
[  346.893644][T16251]  ? find_vma+0xf9/0x170
[  346.893668][T16251]  ? __pfx_find_vma+0x10/0x10
[  346.893686][T16251]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  346.893721][T16251]  handle_mm_fault+0x3e5/0x8d0
[  346.893764][T16251]  exc_page_fault+0x2b9/0x8b0
[  346.893801][T16251]  asm_exc_page_fault+0x26/0x30
[  346.893828][T16251] RIP: 0010:rep_movs_alternative+0x30/0x70
[  346.893852][T16251] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08
[  346.893870][T16251] RSP: 0018:ffffc900050dfa98 EFLAGS: 00050202
[  346.893890][T16251] RAX: 00007ffffffff001 RBX: 0000400000000100 RCX: 0000000000000018
[  346.893904][T16251] RDX: 0000000000000001 RSI: 0000400000000100 RDI: ffffc900050dfb90
[  346.893926][T16251] RBP: ffffc900050dfc70 R08: ffffc900050dfba7 R09: 1ffff92000a1bf74
[  346.893941][T16251] R10: dffffc0000000000 R11: fffff52000a1bf75 R12: ffffc900050dfb90
[  346.893957][T16251] R13: dffffc0000000000 R14: ffffc900050dfb90 R15: 0000000000000018
[  346.893991][T16251]  _copy_from_user+0x7b/0xb0
[  346.894020][T16251]  rfcomm_dev_ioctl+0x188/0x22f0
[  346.894055][T16251]  ? tomoyo_path_number_perm+0x209/0x770
[  346.894086][T16251]  ? __pfx_lock_release+0x10/0x10
[  346.894117][T16251]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  346.894149][T16251]  ? tomoyo_path_number_perm+0x5dd/0x770
[  346.894190][T16251]  ? tomoyo_path_number_perm+0x65d/0x770
[  346.894218][T16251]  ? __lock_acquire+0x1397/0x2100
[  346.894250][T16251]  ? bt_sock_ioctl+0xe9/0x2c0
[  346.894285][T16251]  sock_do_ioctl+0x158/0x460
[  346.894331][T16251]  ? __pfx_sock_do_ioctl+0x10/0x10
[  346.894376][T16251]  sock_ioctl+0x626/0x8e0
[  346.894403][T16251]  ? __pfx_sock_ioctl+0x10/0x10
[  346.894427][T16251]  ? __fget_files+0x2a/0x410
[  346.894459][T16251]  ? __fget_files+0x2a/0x410
[  346.894491][T16251]  ? __pfx_sock_ioctl+0x10/0x10
[  346.894516][T16251]  __se_sys_ioctl+0xf5/0x170
[  346.894540][T16251]  do_syscall_64+0xf3/0x230
[  346.894569][T16251]  ? clear_bhb_loop+0x35/0x90
[  346.894600][T16251]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.894626][T16251] RIP: 0033:0x7fa3edb8d169
[  346.894642][T16251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.894657][T16251] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.894676][T16251] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169
[  346.894690][T16251] RDX: 0000400000000100 RSI: 00000000400452c9 RDI: 0000000000000004
[  346.894703][T16251] RBP: 00007fa3ee905090 R08: 0000000000000000 R09: 0000000000000000
[  346.894715][T16251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.894726][T16251] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68
[  346.894756][T16251]  </TASK>
[  347.404169][T16259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3746'.
[  347.503336][T16264] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3748'.
[  347.598141][T16270] netlink: 'syz.0.3750': attribute type 62 has an invalid length.
[  347.729058][T16276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3755'.
[  347.773164][T16278] FAULT_INJECTION: forcing a failure.
[  347.773164][T16278] name failslab, interval 1, probability 0, space 0, times 0
[  347.810220][T16278] CPU: 1 UID: 0 PID: 16278 Comm: syz.2.3754 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  347.810247][T16278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  347.810260][T16278] Call Trace:
[  347.810267][T16278]  <TASK>
[  347.810276][T16278]  dump_stack_lvl+0x241/0x360
[  347.810304][T16278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.810327][T16278]  ? __pfx__printk+0x10/0x10
[  347.810348][T16278]  ? __kmalloc_cache_noprof+0x48/0x390
[  347.810377][T16278]  ? __pfx___might_resched+0x10/0x10
[  347.810407][T16278]  should_fail_ex+0x40a/0x550
[  347.810442][T16278]  should_failslab+0xac/0x100
[  347.810470][T16278]  __kmalloc_cache_noprof+0x70/0x390
[  347.810496][T16278]  ? genl_start+0x1cb/0x6d0
[  347.810529][T16278]  genl_start+0x1cb/0x6d0
[  347.810566][T16278]  __netlink_dump_start+0x45c/0x790
[  347.810599][T16278]  genl_rcv_msg+0x894/0xec0
[  347.810636][T16278]  ? __pfx_genl_rcv_msg+0x10/0x10
[  347.810683][T16278]  ? __pfx_genl_start+0x10/0x10
[  347.810709][T16278]  ? __pfx_genl_dumpit+0x10/0x10
[  347.810735][T16278]  ? __pfx_genl_done+0x10/0x10
[  347.810781][T16278]  ? __pfx_lock_acquire+0x10/0x10
[  347.810811][T16278]  ? __pfx_batadv_mcast_flags_dump+0x10/0x10
[  347.810841][T16278]  ? __pfx___might_resched+0x10/0x10
[  347.810878][T16278]  netlink_rcv_skb+0x206/0x480
[  347.810902][T16278]  ? __pfx_genl_rcv_msg+0x10/0x10
[  347.810932][T16278]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  347.810969][T16278]  ? __netlink_deliver_tap+0x7b0/0x7f0
[  347.811008][T16278]  genl_rcv+0x28/0x40
[  347.811034][T16278]  netlink_unicast+0x7f6/0x990
[  347.811064][T16278]  ? __pfx_netlink_unicast+0x10/0x10
[  347.811082][T16278]  ? __virt_addr_valid+0x45f/0x530
[  347.811102][T16278]  ? __phys_addr_symbol+0x2f/0x70
[  347.811119][T16278]  ? __check_object_size+0x47a/0x730
[  347.811150][T16278]  netlink_sendmsg+0x8de/0xcb0
[  347.811187][T16278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  347.811216][T16278]  ? aa_sock_msg_perm+0x91/0x160
[  347.811251][T16278]  ? __pfx_netlink_sendmsg+0x10/0x10
[  347.811272][T16278]  __sock_sendmsg+0x221/0x270
[  347.811302][T16278]  ____sys_sendmsg+0x53a/0x860
[  347.811333][T16278]  ? __pfx_____sys_sendmsg+0x10/0x10
[  347.811352][T16278]  ? __fget_files+0x2a/0x410
[  347.811384][T16278]  ? __fget_files+0x2a/0x410
[  347.811422][T16278]  __sys_sendmsg+0x269/0x350
[  347.811448][T16278]  ? __pfx___sys_sendmsg+0x10/0x10
[  347.811483][T16278]  ? do_sys_openat2+0x17a/0x1d0
[  347.811539][T16278]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  347.811571][T16278]  ? do_syscall_64+0x100/0x230
[  347.811602][T16278]  ? do_syscall_64+0xb6/0x230
[  347.811633][T16278]  do_syscall_64+0xf3/0x230
[  347.811669][T16278]  ? clear_bhb_loop+0x35/0x90
[  347.811699][T16278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.811725][T16278] RIP: 0033:0x7fdc52d8d169
[  347.811741][T16278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.811757][T16278] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  347.811778][T16278] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169
[  347.811793][T16278] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003
[  347.811805][T16278] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000
[  347.811817][T16278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.811829][T16278] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438
[  347.811861][T16278]  </TASK>
[  347.844087][T16276] netlink: 'syz.4.3755': attribute type 1 has an invalid length.
[  348.197539][T16276] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.356020][T16300] sch_tbf: burst 0 is lower than device lo mtu (39799) !
[  348.417096][T16302] netlink: 'syz.3.3762': attribute type 11 has an invalid length.
[  348.446266][T16299] openvswitch: netlink: Flow actions attr not present in new flow.
[  349.109207][T16331] geneve2: entered promiscuous mode
[  349.114805][T16331] geneve2: entered allmulticast mode
[  349.556714][T16354] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  350.431049][T16409] x_tables: duplicate underflow at hook 1
[  350.695159][T16418] xt_CT: No such helper "netbios-ns"
[  350.703054][T16425] FAULT_INJECTION: forcing a failure.
[  350.703054][T16425] name failslab, interval 1, probability 0, space 0, times 0
[  350.732746][T16425] CPU: 1 UID: 0 PID: 16425 Comm: syz.2.3812 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  350.732771][T16425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  350.732784][T16425] Call Trace:
[  350.732790][T16425]  <TASK>
[  350.732799][T16425]  dump_stack_lvl+0x241/0x360
[  350.732827][T16425]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.732847][T16425]  ? __pfx__printk+0x10/0x10
[  350.732873][T16425]  ? ref_tracker_alloc+0x332/0x490
[  350.732896][T16425]  should_fail_ex+0x40a/0x550
[  350.732928][T16425]  should_failslab+0xac/0x100
[  350.732954][T16425]  ? skb_clone+0x20c/0x390
[  350.732974][T16425]  kmem_cache_alloc_noprof+0x70/0x380
[  350.733005][T16425]  skb_clone+0x20c/0x390
[  350.733029][T16425]  __netlink_deliver_tap+0x3c4/0x7f0
[  350.733062][T16425]  ? netlink_deliver_tap+0x2e/0x1b0
[  350.733083][T16425]  netlink_deliver_tap+0x19d/0x1b0
[  350.733106][T16425]  __netlink_sendskb+0x60/0xd0
[  350.733126][T16425]  netlink_dump+0x9f0/0xe10
[  350.733158][T16425]  ? __pfx_netlink_dump+0x10/0x10
[  350.733193][T16425]  ? __asan_memset+0x23/0x50
[  350.733212][T16425]  ? genl_start+0x4ae/0x6d0
[  350.733246][T16425]  __netlink_dump_start+0x5a2/0x790
[  350.733276][T16425]  genl_rcv_msg+0x894/0xec0
[  350.733311][T16425]  ? __pfx_genl_rcv_msg+0x10/0x10
[  350.733344][T16425]  ? __pfx_genl_start+0x10/0x10
[  350.733367][T16425]  ? __pfx_genl_dumpit+0x10/0x10
[  350.733399][T16425]  ? __pfx_genl_done+0x10/0x10
[  350.733444][T16425]  ? __pfx_lock_acquire+0x10/0x10
[  350.733472][T16425]  ? __pfx_batadv_mcast_flags_dump+0x10/0x10
[  350.733500][T16425]  ? __pfx___might_resched+0x10/0x10
[  350.733536][T16425]  netlink_rcv_skb+0x206/0x480
[  350.733558][T16425]  ? __pfx_genl_rcv_msg+0x10/0x10
[  350.733587][T16425]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  350.733621][T16425]  ? __netlink_deliver_tap+0x7b0/0x7f0
[  350.733658][T16425]  genl_rcv+0x28/0x40
[  350.733683][T16425]  netlink_unicast+0x7f6/0x990
[  350.733711][T16425]  ? __pfx_netlink_unicast+0x10/0x10
[  350.733728][T16425]  ? __virt_addr_valid+0x45f/0x530
[  350.733747][T16425]  ? __phys_addr_symbol+0x2f/0x70
[  350.733763][T16425]  ? __check_object_size+0x47a/0x730
[  350.733792][T16425]  netlink_sendmsg+0x8de/0xcb0
[  350.733824][T16425]  ? __pfx_netlink_sendmsg+0x10/0x10
[  350.733849][T16425]  ? aa_sock_msg_perm+0x91/0x160
[  350.733881][T16425]  ? __pfx_netlink_sendmsg+0x10/0x10
[  350.733900][T16425]  __sock_sendmsg+0x221/0x270
[  350.733927][T16425]  ____sys_sendmsg+0x53a/0x860
[  350.733954][T16425]  ? __pfx_____sys_sendmsg+0x10/0x10
[  350.733971][T16425]  ? __fget_files+0x2a/0x410
[  350.734000][T16425]  ? __fget_files+0x2a/0x410
[  350.734033][T16425]  __sys_sendmsg+0x269/0x350
[  350.734056][T16425]  ? __pfx___sys_sendmsg+0x10/0x10
[  350.734086][T16425]  ? do_sys_openat2+0x17a/0x1d0
[  350.734135][T16425]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  350.734161][T16425]  ? do_syscall_64+0x100/0x230
[  350.734189][T16425]  ? do_syscall_64+0xb6/0x230
[  350.734216][T16425]  do_syscall_64+0xf3/0x230
[  350.734240][T16425]  ? clear_bhb_loop+0x35/0x90
[  350.734268][T16425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.734291][T16425] RIP: 0033:0x7fdc52d8d169
[  350.734307][T16425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.734322][T16425] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  350.734340][T16425] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169
[  350.734354][T16425] RDX: 0000000000000000 RSI: 0000400000000240 RDI: 0000000000000003
[  350.734365][T16425] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000
[  350.734383][T16425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.734394][T16425] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438
[  350.734423][T16425]  </TASK>
[  351.169549][T16427] netlink: 'syz.4.3813': attribute type 11 has an invalid length.
[  351.182366][T16427] __nla_validate_parse: 6 callbacks suppressed
[  351.182382][T16427] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3813'.
[  351.620990][T16460] FAULT_INJECTION: forcing a failure.
[  351.620990][T16460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.661117][T16460] CPU: 0 UID: 0 PID: 16460 Comm: syz.4.3825 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  351.661142][T16460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  351.661153][T16460] Call Trace:
[  351.661161][T16460]  <TASK>
[  351.661169][T16460]  dump_stack_lvl+0x241/0x360
[  351.661197][T16460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.661218][T16460]  ? __pfx__printk+0x10/0x10
[  351.661241][T16460]  ? snprintf+0xda/0x120
[  351.661275][T16460]  should_fail_ex+0x40a/0x550
[  351.661307][T16460]  _copy_to_user+0x31/0xb0
[  351.661334][T16460]  simple_read_from_buffer+0xca/0x150
[  351.661363][T16460]  proc_fail_nth_read+0x1e9/0x250
[  351.661392][T16460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.661421][T16460]  ? rw_verify_area+0x243/0x630
[  351.661440][T16460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.661467][T16460]  vfs_read+0x1f8/0xb40
[  351.661487][T16460]  ? fdget_pos+0x254/0x320
[  351.661515][T16460]  ? __pfx___mutex_lock+0x10/0x10
[  351.661542][T16460]  ? __pfx_vfs_read+0x10/0x10
[  351.661565][T16460]  ? __fget_files+0x2a/0x410
[  351.661593][T16460]  ? __fget_files+0x395/0x410
[  351.661617][T16460]  ? __fget_files+0x2a/0x410
[  351.661652][T16460]  ksys_read+0x18f/0x2b0
[  351.661674][T16460]  ? __pfx_ksys_read+0x10/0x10
[  351.661694][T16460]  ? do_syscall_64+0x100/0x230
[  351.661724][T16460]  ? do_syscall_64+0xb6/0x230
[  351.661754][T16460]  do_syscall_64+0xf3/0x230
[  351.661781][T16460]  ? clear_bhb_loop+0x35/0x90
[  351.661809][T16460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.661834][T16460] RIP: 0033:0x7f399f98bb7c
[  351.661850][T16460] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  351.661866][T16460] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  351.661885][T16460] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c
[  351.661898][T16460] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004
[  351.661910][T16460] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000
[  351.661921][T16460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.661936][T16460] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48
[  351.661964][T16460]  </TASK>
[  351.665796][T16463] FAULT_INJECTION: forcing a failure.
[  351.665796][T16463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.751659][T16465] netlink: 'syz.4.3827': attribute type 1 has an invalid length.
[  351.800186][T16463] CPU: 1 UID: 0 PID: 16463 Comm: syz.0.3826 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  351.800212][T16463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  351.800224][T16463] Call Trace:
[  351.800231][T16463]  <TASK>
[  351.800238][T16463]  dump_stack_lvl+0x241/0x360
[  351.800268][T16463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.800290][T16463]  ? __pfx__printk+0x10/0x10
[  351.800315][T16463]  ? snprintf+0xda/0x120
[  351.800341][T16463]  should_fail_ex+0x40a/0x550
[  351.800374][T16463]  _copy_to_user+0x31/0xb0
[  351.800402][T16463]  simple_read_from_buffer+0xca/0x150
[  351.800432][T16463]  proc_fail_nth_read+0x1e9/0x250
[  351.800479][T16463]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.800522][T16463]  ? rw_verify_area+0x243/0x630
[  351.800543][T16463]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.800573][T16463]  vfs_read+0x1f8/0xb40
[  351.800596][T16463]  ? fdget_pos+0x254/0x320
[  351.800626][T16463]  ? __pfx___mutex_lock+0x10/0x10
[  351.800658][T16463]  ? __pfx_vfs_read+0x10/0x10
[  351.800682][T16463]  ? __fget_files+0x2a/0x410
[  351.800731][T16463]  ? __fget_files+0x395/0x410
[  351.800761][T16463]  ? __fget_files+0x2a/0x410
[  351.800802][T16463]  ksys_read+0x18f/0x2b0
[  351.800828][T16463]  ? __pfx_ksys_read+0x10/0x10
[  351.800852][T16463]  ? do_syscall_64+0x100/0x230
[  351.800888][T16463]  ? do_syscall_64+0xb6/0x230
[  351.800934][T16463]  do_syscall_64+0xf3/0x230
[  351.800963][T16463]  ? clear_bhb_loop+0x35/0x90
[  351.801002][T16463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.801029][T16463] RIP: 0033:0x7fe2a178bb7c
[  351.801047][T16463] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  351.801064][T16463] RSP: 002b:00007fe2a2522030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  351.801086][T16463] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178bb7c
[  351.801101][T16463] RDX: 000000000000000f RSI: 00007fe2a25220a0 RDI: 0000000000000003
[  351.801114][T16463] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000
[  351.801127][T16463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.801139][T16463] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28
[  351.801170][T16463]  </TASK>
[  352.008912][T16473] FAULT_INJECTION: forcing a failure.
[  352.008912][T16473] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  352.009437][T16465] netlink: 'syz.4.3827': attribute type 1 has an invalid length.
[  352.028596][T16473] CPU: 1 UID: 0 PID: 16473 Comm: syz.3.3828 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  352.028624][T16473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  352.028639][T16473] Call Trace:
[  352.028648][T16473]  <TASK>
[  352.028657][T16473]  dump_stack_lvl+0x241/0x360
[  352.028691][T16473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.028717][T16473]  ? __pfx__printk+0x10/0x10
[  352.028741][T16473]  ? __pfx_lock_release+0x10/0x10
[  352.028775][T16473]  ? __lock_acquire+0x1397/0x2100
[  352.028814][T16473]  should_fail_ex+0x40a/0x550
[  352.028853][T16473]  _copy_from_user+0x2d/0xb0
[  352.028883][T16473]  kstrtouint_from_user+0xc6/0x190
[  352.028911][T16473]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  352.028940][T16473]  ? __pfx_lock_acquire+0x10/0x10
[  352.028984][T16473]  proc_fail_nth_write+0xaa/0x2d0
[  352.029019][T16473]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  352.029046][T16473]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  352.029085][T16473]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  352.029117][T16473]  vfs_write+0x29f/0xd10
[  352.029143][T16473]  ? fdget_pos+0x254/0x320
[  352.029173][T16473]  ? __mutex_unlock_slowpath+0x227/0x800
[  352.029211][T16473]  ? __pfx_vfs_write+0x10/0x10
[  352.029232][T16473]  ? do_sys_openat2+0x17a/0x1d0
[  352.029275][T16473]  ? __fget_files+0x2a/0x410
[  352.029309][T16473]  ? __fget_files+0x395/0x410
[  352.029338][T16473]  ? __fget_files+0x2a/0x410
[  352.029380][T16473]  ksys_write+0x18f/0x2b0
[  352.029406][T16473]  ? __pfx_ksys_write+0x10/0x10
[  352.029431][T16473]  ? do_syscall_64+0x100/0x230
[  352.029467][T16473]  ? do_syscall_64+0xb6/0x230
[  352.029502][T16473]  do_syscall_64+0xf3/0x230
[  352.029533][T16473]  ? clear_bhb_loop+0x35/0x90
[  352.029568][T16473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.029597][T16473] RIP: 0033:0x7fa3edb8bc1f
[  352.029616][T16473] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  352.029635][T16473] RSP: 002b:00007fa3eb9f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  352.029659][T16473] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa3edb8bc1f
[  352.029675][T16473] RDX: 0000000000000001 RSI: 00007fa3eb9f60a0 RDI: 0000000000000005
[  352.029689][T16473] RBP: 00007fa3eb9f6090 R08: 0000000000000000 R09: 0000000000000000
[  352.029703][T16473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  352.029717][T16473] R13: 0000000000000000 R14: 00007fa3edda6080 R15: 00007ffee8d32d68
[  352.029753][T16473]  </TASK>
[  353.163518][T16524] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3846'.
[  353.285040][T16527] Cannot find set identified by id 0 to match
[  353.297602][T16520] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.3845'.
[  353.507057][T16535] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  353.515965][T16535] batadv_slave_1: entered promiscuous mode
[  353.532986][T16535] batadv_slave_1: entered allmulticast mode
[  354.273275][T16573] netlink: 'syz.4.3861': attribute type 11 has an invalid length.
[  354.281335][T16573] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3861'.
[  355.174490][T16632] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3882'.
[  355.355974][T16636] xt_CT: No such helper "netbios-ns"
[  355.627138][T16660] FAULT_INJECTION: forcing a failure.
[  355.627138][T16660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.655701][T16660] CPU: 1 UID: 0 PID: 16660 Comm: syz.3.3892 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  355.655726][T16660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  355.655739][T16660] Call Trace:
[  355.655746][T16660]  <TASK>
[  355.655755][T16660]  dump_stack_lvl+0x241/0x360
[  355.655784][T16660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.655806][T16660]  ? __pfx__printk+0x10/0x10
[  355.655832][T16660]  ? snprintf+0xda/0x120
[  355.655858][T16660]  should_fail_ex+0x40a/0x550
[  355.655893][T16660]  _copy_to_user+0x31/0xb0
[  355.655929][T16660]  simple_read_from_buffer+0xca/0x150
[  355.655959][T16660]  proc_fail_nth_read+0x1e9/0x250
[  355.655990][T16660]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.656019][T16660]  ? rw_verify_area+0x243/0x630
[  355.656039][T16660]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.656068][T16660]  vfs_read+0x1f8/0xb40
[  355.656090][T16660]  ? fdget_pos+0x254/0x320
[  355.656119][T16660]  ? __pfx___mutex_lock+0x10/0x10
[  355.656149][T16660]  ? __pfx_vfs_read+0x10/0x10
[  355.656166][T16660]  ? do_sys_openat2+0x17a/0x1d0
[  355.656198][T16660]  ? __fget_files+0x2a/0x410
[  355.656228][T16660]  ? __fget_files+0x395/0x410
[  355.656254][T16660]  ? __fget_files+0x2a/0x410
[  355.656291][T16660]  ksys_read+0x18f/0x2b0
[  355.656314][T16660]  ? __pfx_ksys_read+0x10/0x10
[  355.656334][T16660]  ? do_syscall_64+0x100/0x230
[  355.656385][T16660]  ? do_syscall_64+0xb6/0x230
[  355.656416][T16660]  do_syscall_64+0xf3/0x230
[  355.656443][T16660]  ? clear_bhb_loop+0x35/0x90
[  355.656472][T16660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.656505][T16660] RIP: 0033:0x7fa3edb8bb7c
[  355.656521][T16660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  355.656536][T16660] RSP: 002b:00007fa3eb9f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  355.656556][T16660] RAX: ffffffffffffffda RBX: 00007fa3edda6080 RCX: 00007fa3edb8bb7c
[  355.656570][T16660] RDX: 000000000000000f RSI: 00007fa3eb9f60a0 RDI: 0000000000000007
[  355.656582][T16660] RBP: 00007fa3eb9f6090 R08: 0000000000000000 R09: 0000000000000000
[  355.656595][T16660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.656606][T16660] R13: 0000000000000000 R14: 00007fa3edda6080 R15: 00007ffee8d32d68
[  355.656653][T16660]  </TASK>
[  356.086078][T16668] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3897'.
[  356.969652][T16725] netlink: 'syz.2.3912': attribute type 3 has an invalid length.
[  356.993147][T16725] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3912'.
[  357.217557][T16736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3918'.
[  357.254949][T16736] ipvlan3: entered allmulticast mode
[  357.260287][T16736] veth0_virt_wifi: entered allmulticast mode
[  357.501065][T16751] xt_TPROXY: Can be used only with -p tcp or -p udp
[  357.611873][T16754] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  357.646269][T16754] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  357.936893][T16768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3932'.
[  358.166126][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  358.349083][T16796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3942'.
[  358.452822][T16803] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3943'.
[  358.473854][T16800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3944'.
[  358.795156][T16820] xt_CT: No such helper "netbios-ns"
[  358.857340][T16827] netlink: 'syz.4.3954': attribute type 1 has an invalid length.
[  358.911691][T16827] 8021q: adding VLAN 0 to HW filter on device bond2
[  358.969446][T16831] Unsupported ieee802154 address type: 0
[  358.994605][T16833] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  358.998074][T16831] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3956'.
[  359.010949][T16833] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  359.056535][T16836] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3957'.
[  359.281387][T16844] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3960'.
[  359.297314][T16844] netlink: 'syz.4.3960': attribute type 7 has an invalid length.
[  359.311860][T16844] netlink: 'syz.4.3960': attribute type 8 has an invalid length.
[  359.320901][T16844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3960'.
[  359.923381][ T3410] wlan0: Trigger new scan to find an IBSS to join
[  359.938894][T16877] netlink: 'syz.2.3975': attribute type 1 has an invalid length.
[  359.964331][T16877] syzkaller0 speed is unknown, defaulting to 1000
[  360.064305][T16886] netlink: zone id is out of range
[  360.075623][T16886] netlink: zone id is out of range
[  360.080801][T16886] netlink: zone id is out of range
[  360.090712][T16886] netlink: set zone limit has 8 unknown bytes
[  360.304373][T16901] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  360.647761][T16917] veth1_vlan: left promiscuous mode
[  361.009214][T16935] FAULT_INJECTION: forcing a failure.
[  361.009214][T16935] name failslab, interval 1, probability 0, space 0, times 0
[  361.044151][T16935] CPU: 0 UID: 0 PID: 16935 Comm: syz.4.3997 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  361.044181][T16935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  361.044194][T16935] Call Trace:
[  361.044202][T16935]  <TASK>
[  361.044211][T16935]  dump_stack_lvl+0x241/0x360
[  361.044241][T16935]  ? __pfx_dump_stack_lvl+0x10/0x10
[  361.044264][T16935]  ? __pfx__printk+0x10/0x10
[  361.044287][T16935]  ? kmem_cache_alloc_lru_noprof+0x4d/0x390
[  361.044322][T16935]  ? __pfx___might_resched+0x10/0x10
[  361.044356][T16935]  should_fail_ex+0x40a/0x550
[  361.044391][T16935]  should_failslab+0xac/0x100
[  361.044420][T16935]  ? __d_alloc+0x31/0x740
[  361.044445][T16935]  kmem_cache_alloc_lru_noprof+0x75/0x390
[  361.044481][T16935]  __d_alloc+0x31/0x740
[  361.044507][T16935]  d_alloc_pseudo+0x1f/0xb0
[  361.044528][T16935]  alloc_file_pseudo+0x141/0x320
[  361.044565][T16935]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  361.044597][T16935]  ? rcu_is_watching+0x15/0xb0
[  361.044621][T16935]  ? hugetlbfs_get_inode+0x45f/0x690
[  361.044657][T16935]  hugetlb_file_setup+0x38a/0x5c0
[  361.044689][T16935]  ksys_mmap_pgoff+0x20d/0x720
[  361.044729][T16935]  do_syscall_64+0xf3/0x230
[  361.044761][T16935]  ? clear_bhb_loop+0x35/0x90
[  361.044793][T16935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.044821][T16935] RIP: 0033:0x7f399f98d169
[  361.044839][T16935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.044857][T16935] RSP: 002b:00007f39a07d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  361.044878][T16935] RAX: ffffffffffffffda RBX: 00007f399fba6080 RCX: 00007f399f98d169
[  361.044894][T16935] RDX: 0000000002000002 RSI: 0000000000c00000 RDI: 0000400000000000
[  361.044908][T16935] RBP: 00007f39a07d8090 R08: ffffffffffffffff R09: 0000000000800000
[  361.044923][T16935] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000001
[  361.044936][T16935] R13: 0000000000000001 R14: 00007f399fba6080 R15: 00007fffd708fd48
[  361.044965][T16935]  </TASK>
[  361.508023][T16943] 8021q: VLANs not supported on gre0
[  361.811669][T16954] 0ªî{X¹¦: entered promiscuous mode
[  361.842209][T16954] macvtap1: entered promiscuous mode
[  361.882199][T16954] macvtap1: entered allmulticast mode
[  361.946152][T16961] openvswitch: netlink: Flow actions attr not present in new flow.
[  362.115365][T16967] __nla_validate_parse: 5 callbacks suppressed
[  362.115386][T16967] netlink: 168 bytes leftover after parsing attributes in process `syz.2.4011'.
[  362.292139][T16981] FAULT_INJECTION: forcing a failure.
[  362.292139][T16981] name failslab, interval 1, probability 0, space 0, times 0
[  362.340732][T16981] CPU: 1 UID: 0 PID: 16981 Comm: syz.2.4015 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  362.340763][T16981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  362.340776][T16981] Call Trace:
[  362.340784][T16981]  <TASK>
[  362.340793][T16981]  dump_stack_lvl+0x241/0x360
[  362.340823][T16981]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.340847][T16981]  ? __pfx__printk+0x10/0x10
[  362.340869][T16981]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  362.340900][T16981]  ? __pfx___might_resched+0x10/0x10
[  362.340932][T16981]  should_fail_ex+0x40a/0x550
[  362.340968][T16981]  should_failslab+0xac/0x100
[  362.340998][T16981]  __kmalloc_node_noprof+0xe1/0x4d0
[  362.341025][T16981]  ? apparmor_capable+0x13b/0x1b0
[  362.341047][T16981]  ? __kvmalloc_node_noprof+0x72/0x190
[  362.341083][T16981]  __kvmalloc_node_noprof+0x72/0x190
[  362.341112][T16981]  xt_alloc_table_info+0x3d/0xa0
[  362.341140][T16981]  do_ip6t_set_ctl+0xba0/0x1270
[  362.341167][T16981]  ? nf_setsockopt+0x240/0x2c0
[  362.341194][T16981]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  362.341217][T16981]  ? rcu_is_watching+0x15/0xb0
[  362.341240][T16981]  ? trace_contention_end+0x3c/0x120
[  362.341274][T16981]  ? __mutex_unlock_slowpath+0x227/0x800
[  362.341315][T16981]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  362.341345][T16981]  ? aa_sk_perm+0x96d/0xab0
[  362.341383][T16981]  ? __pfx_aa_sk_perm+0x10/0x10
[  362.341415][T16981]  nf_setsockopt+0x295/0x2c0
[  362.341446][T16981]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  362.341475][T16981]  do_sock_setsockopt+0x3af/0x720
[  362.341502][T16981]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  362.341529][T16981]  ? __fget_files+0x395/0x410
[  362.341558][T16981]  ? __fget_files+0x2a/0x410
[  362.341605][T16981]  __x64_sys_setsockopt+0x1ee/0x280
[  362.341633][T16981]  do_syscall_64+0xf3/0x230
[  362.341664][T16981]  ? clear_bhb_loop+0x35/0x90
[  362.341697][T16981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.341730][T16981] RIP: 0033:0x7fdc52d8d169
[  362.341749][T16981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.341767][T16981] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  362.341789][T16981] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169
[  362.341805][T16981] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  362.341818][T16981] RBP: 00007fdc53ba3090 R08: 0000000000000668 R09: 0000000000000000
[  362.341831][T16981] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001
[  362.341845][T16981] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438
[  362.341876][T16981]  </TASK>
[  362.716316][T16989] netlink: 150412 bytes leftover after parsing attributes in process `syz.2.4019'.
[  362.757455][T16989] netlink: get zone limit has 8 unknown bytes
[  362.802678][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4020'.
[  362.847821][T16992] xfrm1: entered promiscuous mode
[  362.852953][T16992] xfrm1: entered allmulticast mode
[  362.863530][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4020'.
[  362.906831][   T36] wlan0: Trigger new scan to find an IBSS to join
[  363.054152][T12626] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.188844][T12626] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.290614][T12626] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.388717][T12626] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.463143][T12626] bridge_slave_1: left allmulticast mode
[  363.468821][T12626] bridge_slave_1: left promiscuous mode
[  363.474961][T12626] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.484458][T12626] bridge_slave_0: left allmulticast mode
[  363.490349][T12626] bridge_slave_0: left promiscuous mode
[  363.496392][T12626] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.724613][T17009] netlink: 256 bytes leftover after parsing attributes in process `syz.4.4028'.
[  363.873016][ T3410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.084073][T17027] netlink: 'syz.3.4032': attribute type 11 has an invalid length.
[  364.122673][T17027] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4032'.
[  364.180839][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  364.198969][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  364.207785][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  364.217532][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  364.226713][ T5847] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  364.234553][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  364.331974][T12626] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  364.345470][T12626] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  364.365064][T12626] bond0 (unregistering): Released all slaves
[  364.382699][T17037] FAULT_INJECTION: forcing a failure.
[  364.382699][T17037] name failslab, interval 1, probability 0, space 0, times 0
[  364.395734][T17037] CPU: 1 UID: 0 PID: 17037 Comm: syz.3.4036 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  364.395760][T17037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  364.395772][T17037] Call Trace:
[  364.395780][T17037]  <TASK>
[  364.395789][T17037]  dump_stack_lvl+0x241/0x360
[  364.395818][T17037]  ? __pfx_dump_stack_lvl+0x10/0x10
[  364.395841][T17037]  ? __pfx__printk+0x10/0x10
[  364.395862][T17037]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  364.395890][T17037]  ? __pfx___might_resched+0x10/0x10
[  364.395912][T17037]  ? stack_trace_save+0x118/0x1d0
[  364.395940][T17037]  should_fail_ex+0x40a/0x550
[  364.395976][T17037]  should_failslab+0xac/0x100
[  364.396005][T17037]  __kmalloc_node_noprof+0xe1/0x4d0
[  364.396032][T17037]  ? __kvmalloc_node_noprof+0x72/0x190
[  364.396069][T17037]  __kvmalloc_node_noprof+0x72/0x190
[  364.396103][T17037]  translate_table+0x179/0x2490
[  364.396148][T17037]  ? __pfx_translate_table+0x10/0x10
[  364.396169][T17037]  ? __might_fault+0xaa/0x120
[  364.396189][T17037]  ? __pfx_lock_release+0x10/0x10
[  364.396224][T17037]  ? __virt_addr_valid+0x183/0x530
[  364.396244][T17037]  ? __might_fault+0xaa/0x120
[  364.396263][T17037]  ? __might_fault+0xc6/0x120
[  364.396288][T17037]  ? copy_from_sockptr_offset+0x6b/0xb0
[  364.396312][T17037]  do_ip6t_set_ctl+0xe4c/0x1270
[  364.396339][T17037]  ? nf_setsockopt+0x240/0x2c0
[  364.396366][T17037]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  364.396397][T17037]  ? rcu_is_watching+0x15/0xb0
[  364.396422][T17037]  ? trace_contention_end+0x3c/0x120
[  364.396456][T17037]  ? __mutex_unlock_slowpath+0x227/0x800
[  364.396497][T17037]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  364.396527][T17037]  ? aa_sk_perm+0x96d/0xab0
[  364.396564][T17037]  ? __pfx_aa_sk_perm+0x10/0x10
[  364.396596][T17037]  nf_setsockopt+0x295/0x2c0
[  364.396626][T17037]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  364.396656][T17037]  do_sock_setsockopt+0x3af/0x720
[  364.396684][T17037]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  364.396710][T17037]  ? __fget_files+0x395/0x410
[  364.396740][T17037]  ? __fget_files+0x2a/0x410
[  364.396778][T17037]  __x64_sys_setsockopt+0x1ee/0x280
[  364.396807][T17037]  do_syscall_64+0xf3/0x230
[  364.396838][T17037]  ? clear_bhb_loop+0x35/0x90
[  364.396871][T17037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.396899][T17037] RIP: 0033:0x7fa3edb8d169
[  364.396917][T17037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.396936][T17037] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  364.396958][T17037] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169
[  364.396974][T17037] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  364.396987][T17037] RBP: 00007fa3ee905090 R08: 0000000000000668 R09: 0000000000000000
[  364.397011][T17037] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001
[  364.397025][T17037] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68
[  364.397057][T17037]  </TASK>
[  364.722279][T17030] syzkaller0 speed is unknown, defaulting to 1000
[  364.732018][T17030] lo speed is unknown, defaulting to 1000
[  364.844106][T17044] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4038'.
[  365.143392][T17056] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  365.241803][T17063] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4045'.
[  365.255942][T17030] chnl_net:caif_netlink_parms(): no params data found
[  365.287700][T17067] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4046'.
[  365.326517][T17064] sch_tbf: burst 4398 is lower than device lo mtu (39799) !
[  365.362810][ T5839] Bluetooth: hci4: command 0x0405 tx timeout
[  365.386856][T17072] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4044'.
[  365.450606][T12626] hsr_slave_0: left promiscuous mode
[  365.464711][T12626] hsr_slave_1: left promiscuous mode
[  365.470526][T12626] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.485046][T12626] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.494708][T12626] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.502145][T12626] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.537100][T12626] veth1_macvtap: left promiscuous mode
[  365.542833][T12626] veth0_macvtap: left promiscuous mode
[  365.548448][T12626] veth1_vlan: left promiscuous mode
[  365.553843][T12626] veth0_vlan: left promiscuous mode
[  365.620338][T17077] FAULT_INJECTION: forcing a failure.
[  365.620338][T17077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.662757][T17077] CPU: 1 UID: 0 PID: 17077 Comm: syz.4.4049 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  365.662782][T17077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  365.662794][T17077] Call Trace:
[  365.662801][T17077]  <TASK>
[  365.662810][T17077]  dump_stack_lvl+0x241/0x360
[  365.662839][T17077]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.662860][T17077]  ? __pfx__printk+0x10/0x10
[  365.662886][T17077]  ? snprintf+0xda/0x120
[  365.662912][T17077]  should_fail_ex+0x40a/0x550
[  365.662946][T17077]  _copy_to_user+0x31/0xb0
[  365.662974][T17077]  simple_read_from_buffer+0xca/0x150
[  365.663004][T17077]  proc_fail_nth_read+0x1e9/0x250
[  365.663035][T17077]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  365.663073][T17077]  ? rw_verify_area+0x243/0x630
[  365.663093][T17077]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  365.663123][T17077]  vfs_read+0x1f8/0xb40
[  365.663145][T17077]  ? fdget_pos+0x254/0x320
[  365.663175][T17077]  ? __pfx___mutex_lock+0x10/0x10
[  365.663205][T17077]  ? __pfx_vfs_read+0x10/0x10
[  365.663228][T17077]  ? __fget_files+0x2a/0x410
[  365.663258][T17077]  ? __fget_files+0x395/0x410
[  365.663284][T17077]  ? __fget_files+0x2a/0x410
[  365.663322][T17077]  ksys_read+0x18f/0x2b0
[  365.663345][T17077]  ? __pfx_ksys_read+0x10/0x10
[  365.663367][T17077]  ? do_syscall_64+0x100/0x230
[  365.663398][T17077]  ? do_syscall_64+0xb6/0x230
[  365.663430][T17077]  do_syscall_64+0xf3/0x230
[  365.663458][T17077]  ? clear_bhb_loop+0x35/0x90
[  365.663488][T17077]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.663514][T17077] RIP: 0033:0x7f399f98bb7c
[  365.663531][T17077] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  365.663549][T17077] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  365.663569][T17077] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c
[  365.663584][T17077] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004
[  365.663596][T17077] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000
[  365.663608][T17077] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000001
[  365.663620][T17077] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48
[  365.663651][T17077]  </TASK>
[  366.323064][   T55] Bluetooth: hci3: command tx timeout
[  366.393419][T12626] team0 (unregistering): Port device team_slave_1 removed
[  366.431537][T12626] team0 (unregistering): Port device team_slave_0 removed
[  366.846909][T17090] netlink: 'syz.2.4053': attribute type 12 has an invalid length.
[  366.862880][T17090] netlink: 'syz.2.4053': attribute type 29 has an invalid length.
[  367.045000][T17103] netlink: 'syz.2.4057': attribute type 11 has an invalid length.
[  367.084405][T17030] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.101422][T17030] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.139338][T17030] bridge_slave_0: entered allmulticast mode
[  367.163998][T17030] bridge_slave_0: entered promiscuous mode
[  367.192945][T17030] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.200052][T17030] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.222472][T17030] bridge_slave_1: entered allmulticast mode
[  367.245382][T17030] bridge_slave_1: entered promiscuous mode
[  367.266215][T17109] __nla_validate_parse: 2 callbacks suppressed
[  367.266230][T17109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4060'.
[  367.283224][T17107] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4058'.
[  367.370471][T17106] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.392134][T17116] Cannot find map_set index 0 as target
[  367.399954][T17109] macsec0: entered promiscuous mode
[  367.410087][T17030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.441660][T17030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.605350][T17123] FAULT_INJECTION: forcing a failure.
[  367.605350][T17123] name failslab, interval 1, probability 0, space 0, times 0
[  367.641713][T17123] CPU: 1 UID: 0 PID: 17123 Comm: syz.3.4062 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  367.641736][T17123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  367.641752][T17123] Call Trace:
[  367.641759][T17123]  <TASK>
[  367.641767][T17123]  dump_stack_lvl+0x241/0x360
[  367.641793][T17123]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.641812][T17123]  ? __pfx__printk+0x10/0x10
[  367.641834][T17123]  ? kmem_cache_alloc_noprof+0x48/0x380
[  367.641860][T17123]  ? __pfx___might_resched+0x10/0x10
[  367.641885][T17123]  should_fail_ex+0x40a/0x550
[  367.641911][T17123]  should_failslab+0xac/0x100
[  367.641933][T17123]  ? vm_area_dup+0x61/0x290
[  367.641948][T17123]  kmem_cache_alloc_noprof+0x70/0x380
[  367.641972][T17123]  vm_area_dup+0x61/0x290
[  367.641989][T17123]  __split_vma+0x1bf/0xbf0
[  367.642036][T17123]  ? __pfx___split_vma+0x10/0x10
[  367.642066][T17123]  ? mas_find+0x950/0xbb0
[  367.642105][T17123]  vms_gather_munmap_vmas+0x4c1/0x1600
[  367.642147][T17123]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  367.642177][T17123]  ? mas_find+0x8c0/0xbb0
[  367.642207][T17123]  mmap_region+0xa50/0x2fa0
[  367.642253][T17123]  ? validate_chain+0x11e/0x5920
[  367.642289][T17123]  ? __pfx_mmap_region+0x10/0x10
[  367.642338][T17123]  ? mark_lock+0x9a/0x360
[  367.642401][T17123]  ? aa_get_newest_label+0xff/0x6f0
[  367.642437][T17123]  ? __pfx_aa_get_newest_label+0x10/0x10
[  367.642466][T17123]  ? mm_get_unmapped_area_vmflags+0xb9/0xf0
[  367.642499][T17123]  ? rcu_is_watching+0x15/0xb0
[  367.642524][T17123]  ? apparmor_capable+0x13b/0x1b0
[  367.642548][T17123]  ? bpf_lsm_capable+0x9/0x10
[  367.642578][T17123]  ? shmem_mapping+0xd/0x50
[  367.642610][T17123]  do_mmap+0xecc/0x13a0
[  367.642645][T17123]  ? ima_file_mmap+0x17e/0x220
[  367.642678][T17123]  ? __pfx_do_mmap+0x10/0x10
[  367.642704][T17123]  ? down_write_killable+0x19e/0x260
[  367.642724][T17123]  ? vm_mmap_pgoff+0x182/0x430
[  367.642743][T17123]  ? __pfx_down_write_killable+0x10/0x10
[  367.642761][T17123]  ? common_file_perm+0x1a6/0x210
[  367.642797][T17123]  vm_mmap_pgoff+0x214/0x430
[  367.642827][T17123]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  367.642854][T17123]  ? hugetlb_file_setup+0x3dc/0x5c0
[  367.642884][T17123]  ksys_mmap_pgoff+0x53e/0x720
[  367.642920][T17123]  do_syscall_64+0xf3/0x230
[  367.642948][T17123]  ? clear_bhb_loop+0x35/0x90
[  367.642979][T17123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.643015][T17123] RIP: 0033:0x7fa3edb8d169
[  367.643033][T17123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.643049][T17123] RSP: 002b:00007fa3eb9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  367.643068][T17123] RAX: ffffffffffffffda RBX: 00007fa3edda6080 RCX: 00007fa3edb8d169
[  367.643082][T17123] RDX: 0000000002000002 RSI: 0000000000c00000 RDI: 0000400000000000
[  367.643101][T17123] RBP: 00007fa3eb9f6090 R08: ffffffffffffffff R09: 0000000000800000
[  367.643115][T17123] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000001
[  367.643126][T17123] R13: 0000000000000001 R14: 00007fa3edda6080 R15: 00007ffee8d32d68
[  367.643155][T17123]  </TASK>
[  367.662978][T17106] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.755166][T17126] FAULT_INJECTION: forcing a failure.
[  367.755166][T17126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.992735][T17126] CPU: 1 UID: 0 PID: 17126 Comm: syz.0.4064 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  367.992763][T17126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  367.992776][T17126] Call Trace:
[  367.992783][T17126]  <TASK>
[  367.992792][T17126]  dump_stack_lvl+0x241/0x360
[  367.992820][T17126]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.992842][T17126]  ? __pfx__printk+0x10/0x10
[  367.992867][T17126]  ? snprintf+0xda/0x120
[  367.992892][T17126]  should_fail_ex+0x40a/0x550
[  367.992925][T17126]  _copy_to_user+0x31/0xb0
[  367.992953][T17126]  simple_read_from_buffer+0xca/0x150
[  367.992987][T17126]  proc_fail_nth_read+0x1e9/0x250
[  367.993017][T17126]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.993048][T17126]  ? rw_verify_area+0x243/0x630
[  367.993075][T17126]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.993104][T17126]  vfs_read+0x1f8/0xb40
[  367.993125][T17126]  ? fdget_pos+0x254/0x320
[  367.993155][T17126]  ? __pfx___mutex_lock+0x10/0x10
[  367.993184][T17126]  ? __pfx_vfs_read+0x10/0x10
[  367.993201][T17126]  ? do_sys_openat2+0x17a/0x1d0
[  367.993233][T17126]  ? __fget_files+0x2a/0x410
[  367.993262][T17126]  ? __fget_files+0x395/0x410
[  367.993288][T17126]  ? __fget_files+0x2a/0x410
[  367.993325][T17126]  ksys_read+0x18f/0x2b0
[  367.993347][T17126]  ? __pfx_ksys_read+0x10/0x10
[  367.993372][T17126]  ? do_syscall_64+0x100/0x230
[  367.993404][T17126]  ? do_syscall_64+0xb6/0x230
[  367.993436][T17126]  do_syscall_64+0xf3/0x230
[  367.993464][T17126]  ? clear_bhb_loop+0x35/0x90
[  367.993496][T17126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.993522][T17126] RIP: 0033:0x7fe2a178bb7c
[  367.993538][T17126] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  367.993554][T17126] RSP: 002b:00007fe29f5f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  367.993573][T17126] RAX: ffffffffffffffda RBX: 00007fe2a19a6160 RCX: 00007fe2a178bb7c
[  367.993588][T17126] RDX: 000000000000000f RSI: 00007fe29f5f60a0 RDI: 0000000000000005
[  367.993600][T17126] RBP: 00007fe29f5f6090 R08: 0000000000000000 R09: 0000000000000000
[  367.993612][T17126] R10: 0000400000000780 R11: 0000000000000246 R12: 0000000000000001
[  367.993624][T17126] R13: 0000000000000001 R14: 00007fe2a19a6160 R15: 00007ffe66a63e28
[  367.993654][T17126]  </TASK>
[  368.249111][T17030] team0: Port device team_slave_0 added
[  368.264774][T17030] team0: Port device team_slave_1 added
[  368.288120][T17124] bridge0: port 3(team0) entered blocking state
[  368.294513][T17124] bridge0: port 3(team0) entered listening state
[  368.301070][T17124] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.308250][T17124] bridge0: port 2(bridge_slave_1) entered listening state
[  368.315569][T17124] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.322730][T17124] bridge0: port 1(bridge_slave_0) entered listening state
[  368.340536][T17124] bridge0: port 3(team0) entered disabled state
[  368.350029][T17124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  368.404676][   T55] Bluetooth: hci3: command tx timeout
[  368.428998][T17130] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4066'.
[  368.520619][T17106] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.611017][T17030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.622574][T17030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.656156][T17030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.668432][T17135] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  368.715811][T17106] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.726920][T17135] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  368.742135][T17030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.749304][T17030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.829286][T17030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.943761][T17156] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4073'.
[  368.957218][T17030] hsr_slave_0: entered promiscuous mode
[  368.971963][T17030] hsr_slave_1: entered promiscuous mode
[  368.978787][T17030] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.986961][T17030] Cannot create hsr debugfs directory
[  369.001795][T17106] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.204836][T17106] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.452621][T17170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  369.502719][T17172] xt_CT: No such helper "netbios-ns"
[  369.612212][T17180] Cannot find del_set index 17 as target
[  369.708625][T17182] netlink: 'syz.4.4082': attribute type 2 has an invalid length.
[  369.727141][T17182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4082'.
[  369.969752][T17030] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  369.993601][T17196] FAULT_INJECTION: forcing a failure.
[  369.993601][T17196] name failslab, interval 1, probability 0, space 0, times 0
[  369.998462][T17030] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  370.024358][T17196] CPU: 1 UID: 0 PID: 17196 Comm: syz.0.4085 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  370.024382][T17196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  370.024394][T17196] Call Trace:
[  370.024401][T17196]  <TASK>
[  370.024409][T17196]  dump_stack_lvl+0x241/0x360
[  370.024435][T17196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.024456][T17196]  ? __pfx__printk+0x10/0x10
[  370.024487][T17196]  should_fail_ex+0x40a/0x550
[  370.024519][T17196]  should_failslab+0xac/0x100
[  370.024545][T17196]  ? skb_clone+0x20c/0x390
[  370.024564][T17196]  kmem_cache_alloc_noprof+0x70/0x380
[  370.024595][T17196]  skb_clone+0x20c/0x390
[  370.024618][T17196]  __netlink_deliver_tap+0x3c4/0x7f0
[  370.024651][T17196]  ? netlink_deliver_tap+0x2e/0x1b0
[  370.024672][T17196]  netlink_deliver_tap+0x19d/0x1b0
[  370.024694][T17196]  netlink_unicast+0x7c4/0x990
[  370.024721][T17196]  ? __pfx_netlink_unicast+0x10/0x10
[  370.024738][T17196]  ? __virt_addr_valid+0x45f/0x530
[  370.024757][T17196]  ? __phys_addr_symbol+0x2f/0x70
[  370.024774][T17196]  ? __check_object_size+0x47a/0x730
[  370.024821][T17196]  netlink_sendmsg+0x8de/0xcb0
[  370.024861][T17196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.024894][T17196]  ? aa_sock_msg_perm+0x91/0x160
[  370.024930][T17196]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.024951][T17196]  __sock_sendmsg+0x221/0x270
[  370.024980][T17196]  ____sys_sendmsg+0x53a/0x860
[  370.025010][T17196]  ? __pfx_____sys_sendmsg+0x10/0x10
[  370.025029][T17196]  ? __fget_files+0x2a/0x410
[  370.025060][T17196]  ? __fget_files+0x2a/0x410
[  370.025097][T17196]  __sys_sendmsg+0x269/0x350
[  370.025123][T17196]  ? __pfx___sys_sendmsg+0x10/0x10
[  370.025157][T17196]  ? do_sys_openat2+0x17a/0x1d0
[  370.025212][T17196]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  370.025244][T17196]  ? do_syscall_64+0x100/0x230
[  370.025276][T17196]  ? do_syscall_64+0xb6/0x230
[  370.025307][T17196]  do_syscall_64+0xf3/0x230
[  370.025335][T17196]  ? clear_bhb_loop+0x35/0x90
[  370.025365][T17196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.025391][T17196] RIP: 0033:0x7fe2a178d169
[  370.025408][T17196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.025424][T17196] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.025444][T17196] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169
[  370.025458][T17196] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 0000000000000003
[  370.025470][T17196] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000
[  370.025481][T17196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.025492][T17196] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28
[  370.025533][T17196]  </TASK>
[  370.025769][T17196] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4085'.
[  370.030300][T17030] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  370.333819][T17030] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  370.426486][T17203] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  370.462891][T17203] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  370.483680][   T55] Bluetooth: hci3: command tx timeout
[  370.528406][T17030] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.551152][T17030] 8021q: adding VLAN 0 to HW filter on device team0
[  370.564251][T12626] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.571370][T12626] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.607306][T12626] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.614443][T12626] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.763797][T17220] netlink: 256 bytes leftover after parsing attributes in process `syz.0.4089'.
[  370.929185][T17030] 8021q: adding VLAN 0 to HW filter on device batadv0
[  370.998954][T17030] veth0_vlan: entered promiscuous mode
[  371.017587][T17030] veth1_vlan: entered promiscuous mode
[  371.058350][T17230] batman_adv: batadv0: Interface activated: dummy0
[  371.068400][T17230] batadv0: mtu less than device minimum
[  371.080761][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.093242][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.105931][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.118279][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.130707][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.143207][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.155558][T17230] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  371.231031][T17232] xt_CT: No such helper "netbios-ns"
[  371.279594][T17030] veth0_macvtap: entered promiscuous mode
[  371.301962][T17030] veth1_macvtap: entered promiscuous mode
[  371.427927][T17030] batman_adv: batadv0: Interface activated: batadv_slave_0
[  371.481014][T17030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  371.523041][T17030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  371.553781][T17030] batman_adv: batadv0: Interface activated: batadv_slave_1
[  371.592586][T17030] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.601370][T17030] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.654959][T17030] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.683153][T17030] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  371.831967][T17254] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4099'.
[  371.894747][ T5906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.909244][ T5906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  371.936639][   T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.945514][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.004319][T17257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4100'.
[  372.454457][T17270] veth1_vlan: left promiscuous mode
[  372.481396][T17268] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  372.507905][T17268] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  373.305417][ T5906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.847949][T17259] syz.3.4101: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  373.866091][T17259] CPU: 1 UID: 0 PID: 17259 Comm: syz.3.4101 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  373.866117][T17259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  373.866129][T17259] Call Trace:
[  373.866137][T17259]  <TASK>
[  373.866145][T17259]  dump_stack_lvl+0x241/0x360
[  373.866173][T17259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.866194][T17259]  ? __pfx__printk+0x10/0x10
[  373.866217][T17259]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  373.866243][T17259]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  373.866271][T17259]  warn_alloc+0x278/0x410
[  373.866305][T17259]  ? __pfx_warn_alloc+0x10/0x10
[  373.866330][T17259]  ? translate_table+0x179/0x2490
[  373.866349][T17259]  ? __get_vm_area_node+0x1c8/0x2d0
[  373.866378][T17259]  ? __get_vm_area_node+0x25c/0x2d0
[  373.866412][T17259]  __vmalloc_node_range_noprof+0x62f/0x1380
[  373.866459][T17259]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  373.866480][T17259]  ? rcu_is_watching+0x15/0xb0
[  373.866503][T17259]  ? trace_kmalloc+0x1f/0xd0
[  373.866527][T17259]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[  373.866553][T17259]  ? __kvmalloc_node_noprof+0x72/0x190
[  373.866587][T17259]  __kvmalloc_node_noprof+0x142/0x190
[  373.866618][T17259]  ? translate_table+0x179/0x2490
[  373.866638][T17259]  translate_table+0x179/0x2490
[  373.866683][T17259]  ? __pfx_translate_table+0x10/0x10
[  373.866703][T17259]  ? __might_fault+0xaa/0x120
[  373.866723][T17259]  ? __pfx_lock_release+0x10/0x10
[  373.866769][T17259]  ? __virt_addr_valid+0x183/0x530
[  373.866788][T17259]  ? __might_fault+0xaa/0x120
[  373.866805][T17259]  ? __might_fault+0xc6/0x120
[  373.866846][T17259]  ? copy_from_sockptr_offset+0x6b/0xb0
[  373.866870][T17259]  do_ip6t_set_ctl+0xe4c/0x1270
[  373.866896][T17259]  ? nf_setsockopt+0x240/0x2c0
[  373.866920][T17259]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  373.866941][T17259]  ? rcu_is_watching+0x15/0xb0
[  373.866963][T17259]  ? trace_contention_end+0x3c/0x120
[  373.866994][T17259]  ? __mutex_unlock_slowpath+0x227/0x800
[  373.867033][T17259]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  373.867060][T17259]  ? aa_sk_perm+0x96d/0xab0
[  373.867095][T17259]  ? __pfx_aa_sk_perm+0x10/0x10
[  373.867126][T17259]  nf_setsockopt+0x295/0x2c0
[  373.867155][T17259]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  373.867183][T17259]  do_sock_setsockopt+0x3af/0x720
[  373.867209][T17259]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  373.867234][T17259]  ? __fget_files+0x395/0x410
[  373.867262][T17259]  ? __fget_files+0x2a/0x410
[  373.867305][T17259]  __x64_sys_setsockopt+0x1ee/0x280
[  373.867332][T17259]  do_syscall_64+0xf3/0x230
[  373.867360][T17259]  ? clear_bhb_loop+0x35/0x90
[  373.867391][T17259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.867417][T17259] RIP: 0033:0x7fa3edb8d169
[  373.867434][T17259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.867451][T17259] RSP: 002b:00007fa3ee905038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  373.867471][T17259] RAX: ffffffffffffffda RBX: 00007fa3edda5fa0 RCX: 00007fa3edb8d169
[  373.867485][T17259] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  373.867498][T17259] RBP: 00007fa3edc0e2a0 R08: 0000000000000668 R09: 0000000000000000
[  373.867510][T17259] R10: 0000400000000640 R11: 0000000000000246 R12: 0000000000000000
[  373.867523][T17259] R13: 0000000000000000 R14: 00007fa3edda5fa0 R15: 00007ffee8d32d68
[  373.867551][T17259]  </TASK>
[  373.867559][T17259] Mem-Info:
[  374.218263][T17259] active_anon:3937 inactive_anon:0 isolated_anon:0
[  374.218263][T17259]  active_file:2012 inactive_file:38430 isolated_file:0
[  374.218263][T17259]  unevictable:768 dirty:479 writeback:0
[  374.218263][T17259]  slab_reclaimable:11189 slab_unreclaimable:108785
[  374.218263][T17259]  mapped:24806 shmem:1427 pagetables:696
[  374.218263][T17259]  sec_pagetables:0 bounce:0
[  374.218263][T17259]  kernel_misc_reclaimable:0
[  374.218263][T17259]  free:1321014 free_pcp:1692 free_cma:0
[  374.387116][T17259] Node 0 active_anon:15748kB inactive_anon:0kB active_file:8048kB inactive_file:153648kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107124kB dirty:1912kB writeback:0kB shmem:4172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11344kB pagetables:2884kB sec_pagetables:0kB all_unreclaimable? no
[  374.463102][T17259] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  374.516536][ T5906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.565731][T17259] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  374.601420][T17292] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4111'.
[  374.645989][T17259] lowmem_reserve[]: 0 2490 2490 2490 2490
[  374.652268][T17259] Node 0 DMA32 free:1330628kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:15908kB inactive_anon:0kB active_file:8048kB inactive_file:153344kB unevictable:1536kB writepending:1908kB present:3129332kB managed:2549828kB mlocked:0kB bounce:0kB free_pcp:10912kB local_pcp:10116kB free_cma:0kB
[  374.750933][T17259] lowmem_reserve[]: 0 0 0 0 0
[  374.755421][ T5906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.776197][T17259] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  374.870326][T17259] lowmem_reserve[]: 0 0 0 0 0
[  374.883356][T17259] Node 1 Normal free:3907192kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  374.950164][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  374.953960][ T5906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  374.960383][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  374.968571][T17259] lowmem_reserve[]:
[  374.976679][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  374.989526][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  374.989894][T17259]  0
[  374.997163][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  375.007059][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  375.019152][T17259]  0 0 0 0
[  375.029378][T17259] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  375.049982][T17259] Node 0 DMA32: 2*4kB (UE) 29*8kB (ME) 46*16kB (ME) 65*32kB (ME) 65*64kB (UME) 31*128kB (UM) 16*256kB (UME) 63*512kB (UM) 84*1024kB (UME) 39*2048kB (UME) 272*4096kB (UM) = 1327536kB
[  375.080681][T17313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4115'.
[  375.092333][T17313] batman_adv: batadv0: Removing interface: dummy0
[  375.111346][T17313] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.121439][T17259] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  375.147315][T17313] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.162617][T17259] Node 1 Normal: 226*4kB (UME) 86*8kB (UME) 60*16kB (UME) 246*32kB (UME) 121*64kB (UME) 29*128kB (UME) 15*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 4*2048kB (UE) 944*4096kB (UM) = 3907192kB
[  375.214379][T17259] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  375.224525][T17259] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  375.241260][T17259] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  375.280246][T17259] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  375.309063][T17304] syzkaller0 speed is unknown, defaulting to 1000
[  375.318722][T17259] 41870 total pagecache pages
[  375.325096][T17259] 0 pages in swap cache
[  375.329365][T17259] Free swap  = 124996kB
[  375.334030][T17259] Total swap = 124996kB
[  375.338227][T17259] 2097051 pages RAM
[  375.342145][T17259] 0 pages HighMem/MovableOnly
[  375.347973][T17259] 427872 pages reserved
[  375.352162][T17259] 0 pages cma reserved
[  375.370391][T17304] lo speed is unknown, defaulting to 1000
[  375.464184][ T5906] bridge_slave_1: left allmulticast mode
[  375.470249][ T5906] bridge_slave_1: left promiscuous mode
[  375.496859][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.518669][ T5906] bridge_slave_0: left allmulticast mode
[  375.557625][ T5906] bridge_slave_0: left promiscuous mode
[  375.595010][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.929692][T17338] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4123'.
[  376.568996][T17364] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4126'.
[  376.784433][ T5906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  376.803882][ T5906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  376.836609][ T5906] bond0 (unregistering): Released all slaves
[  377.042896][   T55] Bluetooth: hci3: command tx timeout
[  377.056296][T17383] net_ratelimit: 13 callbacks suppressed
[  377.056308][T17383] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  377.125410][ T5928] lo speed is unknown, defaulting to 1000
[  377.219700][T17304] chnl_net:caif_netlink_parms(): no params data found
[  377.447337][ T5906] hsr_slave_0: left promiscuous mode
[  377.454893][ T5906] hsr_slave_1: left promiscuous mode
[  377.460849][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  377.470099][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_0
[  377.483131][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  377.490782][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_1
[  377.527195][ T5906] veth1_macvtap: left promiscuous mode
[  377.537049][T17400] x_tables: duplicate underflow at hook 1
[  377.540572][ T5906] veth0_macvtap: left promiscuous mode
[  377.549155][ T5906] veth1_vlan: left promiscuous mode
[  377.555105][ T5906] veth0_vlan: left promiscuous mode
[  377.976398][T17408] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  377.977983][T17410] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  378.295993][ T5906] team0 (unregistering): Port device team_slave_1 removed
[  378.340234][ T5906] team0 (unregistering): Port device team_slave_0 removed
[  378.646072][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  379.084150][T17304] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.091293][T17304] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.122797][   T55] Bluetooth: hci3: command tx timeout
[  379.165385][T17304] bridge_slave_0: entered allmulticast mode
[  379.191490][T17304] bridge_slave_0: entered promiscuous mode
[  379.220548][T17304] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.242365][T17304] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.289562][T17304] bridge_slave_1: entered allmulticast mode
[  379.312069][T17304] bridge_slave_1: entered promiscuous mode
[  379.399806][T17431] netlink: 'syz.3.4147': attribute type 3 has an invalid length.
[  379.501736][T17304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.536559][T17304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.552336][T17444] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  379.662210][T17304] team0: Port device team_slave_0 added
[  379.764878][T17439] syzkaller0 speed is unknown, defaulting to 1000
[  379.768788][T17304] team0: Port device team_slave_1 added
[  379.832165][T17439] lo speed is unknown, defaulting to 1000
[  379.862197][T17304] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.919174][T17304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.969891][T17304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.030579][T17304] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.055164][T17304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  380.119346][T17304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.386243][T17304] hsr_slave_0: entered promiscuous mode
[  380.409592][T17473] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4155'.
[  380.412940][T17304] hsr_slave_1: entered promiscuous mode
[  380.436827][T17304] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  380.452621][T17304] Cannot create hsr debugfs directory
[  380.529009][T17474] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  380.574460][T17475] Cannot find map_set index 0 as target
[  380.623953][T17473] xt_CT: No such helper "netbios-ns"
[  380.853884][T17486] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4157'.
[  380.858106][T17485] set match dimension is over the limit!
[  381.015735][T17489] netlink: 256 bytes leftover after parsing attributes in process `syz.2.4159'.
[  381.067081][T17491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4160'.
[  381.162052][T17496] Bluetooth: MGMT ver 1.23
[  381.203262][   T55] Bluetooth: hci3: command tx timeout
[  381.847791][T17531] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4172'.
[  383.282828][   T55] Bluetooth: hci3: command tx timeout
[  383.338692][T17529] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4170'.
[  383.437198][T17304] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  383.473301][T17304] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  383.508301][T17534] x_tables: ip6_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING
[  383.509484][T17304] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  383.559500][T17304] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  383.763291][    C0] bridge0: port 1(bridge_slave_0) entered learning state
[  383.770526][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[  383.881760][T17304] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.926440][T17304] 8021q: adding VLAN 0 to HW filter on device team0
[  383.957018][T17558] netlink: 'syz.4.4182': attribute type 2 has an invalid length.
[  383.975095][ T3410] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.982206][ T3410] bridge0: port 1(bridge_slave_0) entered forwarding state
[  383.995118][ T3410] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.002288][ T3410] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.375364][T17581] openvswitch: netlink: Flow actions attr not present in new flow.
[  384.472410][T17304] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.508620][T17588] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4188'.
[  384.562274][T17588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4188'.
[  384.562322][T17596] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4188'.
[  384.588817][T17304] veth0_vlan: entered promiscuous mode
[  384.610006][T17588] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4188'.
[  384.612962][T17304] veth1_vlan: entered promiscuous mode
[  384.631929][T17590] xt_CT: No such helper "netbios-ns"
[  384.685596][T17304] veth0_macvtap: entered promiscuous mode
[  384.707252][T17304] veth1_macvtap: entered promiscuous mode
[  384.727645][T17304] batman_adv: batadv0: Interface activated: batadv_slave_0
[  384.742244][T17304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  384.762704][T17304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.781650][T17304] batman_adv: batadv0: Interface activated: batadv_slave_1
[  384.808256][T17304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  384.835227][T17304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  384.853618][T17304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.862375][T17304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  385.084381][ T3410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.092222][ T3410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.215005][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.232932][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.360615][T17625] Cannot find map_set index 0 as target
[  385.535474][T17629] openvswitch: netlink: Flow actions attr not present in new flow.
[  385.546425][T17632] __nla_validate_parse: 3 callbacks suppressed
[  385.546442][T17632] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4202'.
[  385.766473][T17640] xt_CT: No such helper "netbios-ns"
[  385.790467][T17646] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  385.817790][T17646] Cannot find set identified by id 65535 to match
[  386.291455][T17672] openvswitch: netlink: Flow actions attr not present in new flow.
[  386.388000][   T54] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.090091][   T54] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.196404][T17681] netlink: 'syz.0.4215': attribute type 11 has an invalid length.
[  387.226099][T17681] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4215'.
[  387.423622][T17692] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4221'.
[  387.546918][T17691] xt_CT: No such helper "netbios-ns"
[  387.603919][   T54] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.770764][   T54] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.850725][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  387.861511][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  387.884543][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  387.894956][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  387.907717][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  387.917774][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  387.949256][T17720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  387.980907][T17722] openvswitch: netlink: Flow actions attr not present in new flow.
[  388.092742][T17725] xt_CT: No such helper "netbios-ns"
[  388.180268][T17716] syzkaller0 speed is unknown, defaulting to 1000
[  388.195107][T17716] lo speed is unknown, defaulting to 1000
[  388.261836][T17732] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4230'.
[  388.263343][   T54] bridge_slave_1: left allmulticast mode
[  388.282962][   T54] bridge_slave_1: left promiscuous mode
[  388.293121][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.314725][   T54] bridge_slave_0: left allmulticast mode
[  388.320852][   T54] bridge_slave_0: left promiscuous mode
[  388.336901][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.424729][T17740] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4230'.
[  388.737481][T17751] xt_CT: No such helper "netbios-ns"
[  388.762079][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.796167][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.824066][   T54] bond0 (unregistering): Released all slaves
[  389.415036][T17716] chnl_net:caif_netlink_parms(): no params data found
[  389.574895][   T54] hsr_slave_0: left promiscuous mode
[  389.591905][   T54] hsr_slave_1: left promiscuous mode
[  389.603230][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.610827][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.631686][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.639341][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.698154][   T54] veth1_macvtap: left promiscuous mode
[  389.707799][   T54] veth0_macvtap: left promiscuous mode
[  389.717883][   T54] veth1_vlan: left promiscuous mode
[  389.726724][   T54] veth0_vlan: left promiscuous mode
[  389.941702][T17794] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4248'.
[  390.003139][   T55] Bluetooth: hci3: command tx timeout
[  390.264053][T17802] xt_CT: No such helper "netbios-ns"
[  390.483636][   T54] team0 (unregistering): Port device team_slave_1 removed
[  390.521876][   T54] team0 (unregistering): Port device team_slave_0 removed
[  390.919775][T17801] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  391.101521][T17716] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.132235][T17716] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.160995][T17716] bridge_slave_0: entered allmulticast mode
[  391.169181][T17716] bridge_slave_0: entered promiscuous mode
[  391.219587][T17819] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  391.259520][T17716] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.267153][T17716] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.274483][T17716] bridge_slave_1: entered allmulticast mode
[  391.281200][T17716] bridge_slave_1: entered promiscuous mode
[  391.355448][T17716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  391.376657][T17716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  391.434097][T17822] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4258'.
[  391.463410][T17716] team0: Port device team_slave_0 added
[  391.510658][T17716] team0: Port device team_slave_1 added
[  391.609787][T17832] FAULT_INJECTION: forcing a failure.
[  391.609787][T17832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.642839][T17832] CPU: 1 UID: 0 PID: 17832 Comm: syz.0.4260 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  391.642867][T17832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  391.642880][T17832] Call Trace:
[  391.642888][T17832]  <TASK>
[  391.642896][T17832]  dump_stack_lvl+0x241/0x360
[  391.642927][T17832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.642950][T17832]  ? __pfx__printk+0x10/0x10
[  391.642977][T17832]  ? snprintf+0xda/0x120
[  391.643005][T17832]  should_fail_ex+0x40a/0x550
[  391.643048][T17832]  _copy_to_user+0x31/0xb0
[  391.643078][T17832]  simple_read_from_buffer+0xca/0x150
[  391.643110][T17832]  proc_fail_nth_read+0x1e9/0x250
[  391.643143][T17832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.643176][T17832]  ? rw_verify_area+0x243/0x630
[  391.643197][T17832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.643229][T17832]  vfs_read+0x1f8/0xb40
[  391.643252][T17832]  ? fdget_pos+0x254/0x320
[  391.643283][T17832]  ? __pfx___mutex_lock+0x10/0x10
[  391.643315][T17832]  ? __pfx_vfs_read+0x10/0x10
[  391.643340][T17832]  ? __fget_files+0x2a/0x410
[  391.643372][T17832]  ? __fget_files+0x395/0x410
[  391.643400][T17832]  ? __fget_files+0x2a/0x410
[  391.643440][T17832]  ksys_read+0x18f/0x2b0
[  391.643465][T17832]  ? __pfx_ksys_read+0x10/0x10
[  391.643488][T17832]  ? do_syscall_64+0x100/0x230
[  391.643522][T17832]  ? do_syscall_64+0xb6/0x230
[  391.643555][T17832]  do_syscall_64+0xf3/0x230
[  391.643586][T17832]  ? clear_bhb_loop+0x35/0x90
[  391.643618][T17832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.643646][T17832] RIP: 0033:0x7fe2a178bb7c
[  391.643664][T17832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  391.643681][T17832] RSP: 002b:00007fe2a2501030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  391.643703][T17832] RAX: ffffffffffffffda RBX: 00007fe2a19a6080 RCX: 00007fe2a178bb7c
[  391.643718][T17832] RDX: 000000000000000f RSI: 00007fe2a25010a0 RDI: 0000000000000005
[  391.643731][T17832] RBP: 00007fe2a2501090 R08: 0000000000000000 R09: 0000000000800000
[  391.643745][T17832] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000002
[  391.643758][T17832] R13: 0000000000000001 R14: 00007fe2a19a6080 R15: 00007ffe66a63e28
[  391.643792][T17832]  </TASK>
[  391.903195][T17716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.910209][T17716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.959266][T17716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.983829][T17839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4264'.
[  392.008519][T17839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4264'.
[  392.035962][T17716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  392.041478][T17845] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4265'.
[  392.043052][T17716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  392.078745][T17716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  392.080483][T17837] xt_CT: No such helper "netbios-ns"
[  392.089559][   T55] Bluetooth: hci3: command tx timeout
[  392.216316][T17716] hsr_slave_0: entered promiscuous mode
[  392.250953][T17716] hsr_slave_1: entered promiscuous mode
[  392.279886][T17716] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  392.288063][T17716] Cannot create hsr debugfs directory
[  392.290693][T17850] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  392.298304][T17854] FAULT_INJECTION: forcing a failure.
[  392.298304][T17854] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.302747][T17853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4269'.
[  392.321789][T17854] CPU: 1 UID: 0 PID: 17854 Comm: syz.4.4268 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  392.321816][T17854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  392.321830][T17854] Call Trace:
[  392.321838][T17854]  <TASK>
[  392.321847][T17854]  dump_stack_lvl+0x241/0x360
[  392.321877][T17854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.321901][T17854]  ? __pfx__printk+0x10/0x10
[  392.321928][T17854]  ? snprintf+0xda/0x120
[  392.321956][T17854]  should_fail_ex+0x40a/0x550
[  392.321992][T17854]  _copy_to_user+0x31/0xb0
[  392.322022][T17854]  simple_read_from_buffer+0xca/0x150
[  392.322054][T17854]  proc_fail_nth_read+0x1e9/0x250
[  392.322086][T17854]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  392.322118][T17854]  ? rw_verify_area+0x243/0x630
[  392.322139][T17854]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  392.322170][T17854]  vfs_read+0x1f8/0xb40
[  392.322192][T17854]  ? fdget_pos+0x254/0x320
[  392.322223][T17854]  ? __pfx___mutex_lock+0x10/0x10
[  392.322254][T17854]  ? __pfx_vfs_read+0x10/0x10
[  392.322278][T17854]  ? __fget_files+0x2a/0x410
[  392.322309][T17854]  ? __fget_files+0x395/0x410
[  392.322337][T17854]  ? __fget_files+0x2a/0x410
[  392.322376][T17854]  ksys_read+0x18f/0x2b0
[  392.322399][T17854]  ? __pfx_ksys_read+0x10/0x10
[  392.322432][T17854]  ? do_syscall_64+0x100/0x230
[  392.322464][T17854]  ? do_syscall_64+0xb6/0x230
[  392.322499][T17854]  do_syscall_64+0xf3/0x230
[  392.322545][T17854]  ? clear_bhb_loop+0x35/0x90
[  392.322577][T17854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.322605][T17854] RIP: 0033:0x7f399f98bb7c
[  392.322623][T17854] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  392.322640][T17854] RSP: 002b:00007f39a07f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  392.322662][T17854] RAX: ffffffffffffffda RBX: 00007f399fba5fa0 RCX: 00007f399f98bb7c
[  392.322678][T17854] RDX: 000000000000000f RSI: 00007f39a07f90a0 RDI: 0000000000000004
[  392.322690][T17854] RBP: 00007f39a07f9090 R08: 0000000000000000 R09: 0000000000000000
[  392.322703][T17854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.322715][T17854] R13: 0000000000000000 R14: 00007f399fba5fa0 R15: 00007fffd708fd48
[  392.322754][T17854]  </TASK>
[  392.556998][T17859] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4271'.
[  392.601936][T17860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  392.710129][T17860] xt_CT: No such helper "netbios-ns"
[  393.111483][T17880] ip6_vti0: Master is either lo or non-ether device
[  393.211842][T17884] xt_CT: No such helper "netbios-ns"
[  393.337458][T17716] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  393.395436][T17716] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  393.414985][T17716] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  393.437377][T17716] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  393.628575][T17716] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.671695][T17716] 8021q: adding VLAN 0 to HW filter on device team0
[  393.672158][T17913] xt_hashlimit: invalid interval
[  393.700930][T17913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4289'.
[  393.712357][T17913] xt_hashlimit: invalid interval
[  393.715900][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.724455][ T5906] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.734318][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.741425][ T5906] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.001988][T17935] netlink: 'syz.0.4292': attribute type 11 has an invalid length.
[  394.031874][T17716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.122288][T17716] veth0_vlan: entered promiscuous mode
[  394.140376][T17716] veth1_vlan: entered promiscuous mode
[  394.162647][ T5839] Bluetooth: hci3: command tx timeout
[  394.187442][T17716] veth0_macvtap: entered promiscuous mode
[  394.198092][T17716] veth1_macvtap: entered promiscuous mode
[  394.216403][T17716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  394.227636][T17716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  394.238588][T17716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.250632][T17716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  394.277602][T17716] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.286699][T17716] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.295994][T17716] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.322546][T17716] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.337325][T17941] Cannot find add_set index 0 as target
[  394.449928][T12626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.488547][T12626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.545249][T17948] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  394.555127][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.563027][T17948] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  394.588634][T17950] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4299'.
[  394.598440][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.711032][T17956] bond0: option mode: unable to set because the bond device has slaves
[  394.894890][T17962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  395.094282][T17973] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4309'.
[  395.344516][T17985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4315'.
[  395.558921][T17994] openvswitch: netlink: Flow actions attr not present in new flow.
[  395.787181][T18007] xt_CT: No such helper "netbios-ns"
[  395.981099][T18016] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  396.013270][T18016] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  396.252737][ T5839] Bluetooth: hci3: command 0x0419 tx timeout
[  396.947206][T18040] __nla_validate_parse: 2 callbacks suppressed
[  396.947226][T18040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4335'.
[  397.699047][T18042] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4336'.
[  397.861258][T18023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4329'.
[  397.876199][T18032] vlan2: entered allmulticast mode
[  397.946287][T18046] bond4: entered promiscuous mode
[  397.951375][T18046] bond4: entered allmulticast mode
[  397.957483][T18046] 8021q: adding VLAN 0 to HW filter on device bond4
[  397.997061][T18044] vlan1: entered allmulticast mode
[  397.997924][T18049] sctp: [Deprecated]: syz.4.4338 (pid 18049) Use of struct sctp_assoc_value in delayed_ack socket option.
[  397.997924][T18049] Use struct sctp_sack_info instead
[  398.020395][T18044] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  398.020525][T18049] sctp: [Deprecated]: syz.4.4338 (pid 18049) Use of struct sctp_assoc_value in delayed_ack socket option.
[  398.020525][T18049] Use struct sctp_sack_info instead
[  398.047841][T18044] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[  398.098391][T18053] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4340'.
[  398.112363][T18049] netlink: 71 bytes leftover after parsing attributes in process `syz.4.4338'.
[  398.280284][ T3410] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.338304][ T3410] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.390351][ T3410] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.426487][ T3410] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.496004][ T3410] bridge_slave_1: left allmulticast mode
[  398.501694][ T3410] bridge_slave_1: left promiscuous mode
[  398.514974][ T3410] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.525990][ T3410] bridge_slave_0: left allmulticast mode
[  398.531634][ T3410] bridge_slave_0: left promiscuous mode
[  398.540176][ T3410] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.856075][ T3410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  398.869960][ T3410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  398.880293][ T3410] bond0 (unregistering): Released all slaves
[  399.113508][T18062] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4344'.
[  399.133045][    C0] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.140305][    C0] bridge0: topology change detected, propagating
[  399.146913][    C0] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.154175][    C0] bridge0: topology change detected, propagating
[  399.222129][T18063] veth1_to_team: entered promiscuous mode
[  399.587125][ T3410] hsr_slave_0: left promiscuous mode
[  399.631083][ T3410] hsr_slave_1: left promiscuous mode
[  399.641718][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  399.672835][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_0
[  399.690424][ T3410] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  399.710448][ T3410] batman_adv: batadv0: Removing interface: batadv_slave_1
[  399.734024][T18079] netlink: 'syz.3.4348': attribute type 11 has an invalid length.
[  399.772593][T18079] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4348'.
[  399.789390][ T3410] veth1_macvtap: left promiscuous mode
[  399.801872][ T3410] veth0_macvtap: left promiscuous mode
[  399.818879][ T3410] veth1_vlan: left promiscuous mode
[  399.834483][ T3410] veth0_vlan: left promiscuous mode
[  399.896361][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  399.919300][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  399.933691][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  399.980343][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  399.990097][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  400.000754][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  400.603644][T18101] xt_ecn: cannot match TCP bits for non-tcp packets
[  400.620812][T18101] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4354'.
[  400.680233][ T3410] team0 (unregistering): Port device team_slave_1 removed
[  400.722683][ T3410] team0 (unregistering): Port device team_slave_0 removed
[  401.111000][T18089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4349'.
[  401.169800][T18085] syzkaller0 speed is unknown, defaulting to 1000
[  401.212217][T18085] lo speed is unknown, defaulting to 1000
[  401.701439][T18085] chnl_net:caif_netlink_parms(): no params data found
[  401.740688][T18132] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4365'.
[  401.987228][T18085] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.001981][T18085] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.012108][T18085] bridge_slave_0: entered allmulticast mode
[  402.036475][T18085] bridge_slave_0: entered promiscuous mode
[  402.054211][T18085] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.061783][T18085] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.076650][T18085] bridge_slave_1: entered allmulticast mode
[  402.083243][   T55] Bluetooth: hci3: command tx timeout
[  402.097653][T18085] bridge_slave_1: entered promiscuous mode
[  402.109541][T18160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4373'.
[  402.190580][T18085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.213526][T18085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.343923][T18085] team0: Port device team_slave_0 added
[  402.390279][T18085] team0: Port device team_slave_1 added
[  402.510923][T18181] hsr0: entered promiscuous mode
[  402.549534][T18085] batman_adv: batadv0: Adding interface: batadv_slave_0
[  402.562905][T18085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  402.632610][T18085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  402.656544][T18085] batman_adv: batadv0: Adding interface: batadv_slave_1
[  402.693553][T18085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  402.700408][T18192] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  402.726875][T18085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  402.757460][T18180] hsr0: left promiscuous mode
[  402.807436][T18197] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4386'.
[  402.833349][T18195] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4387'.
[  402.849810][T18197] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4386'.
[  402.865123][T18200] netlink: 204 bytes leftover after parsing attributes in process `syz.0.4386'.
[  402.889803][T18199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4388'.
[  402.980411][T18085] hsr_slave_0: entered promiscuous mode
[  402.989460][T18085] hsr_slave_1: entered promiscuous mode
[  402.996687][T18085] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.012845][T18085] Cannot create hsr debugfs directory
[  403.070984][T18207] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  403.082980][T18210] xt_TCPMSS: Only works on TCP SYN packets
[  403.091291][T18209] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4391'.
[  403.114166][T18207] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  403.260230][T18213] netlink: 5460 bytes leftover after parsing attributes in process `syz.2.4392'.
[  403.289560][T18213] netlink: 204 bytes leftover after parsing attributes in process `syz.2.4392'.
[  403.357314][T18218] tipc: Enabling of bearer <dth:sy> rejected, media not registered
[  403.424008][T18222] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4396'.
[  403.475574][T18222] IPVS: persistence engine module ip_vs_pe_• not found
[  403.648706][T18085] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  403.664907][T18085] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  403.685264][T18085] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  403.695541][T18085] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  403.862577][T18085] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.903778][T18085] 8021q: adding VLAN 0 to HW filter on device team0
[  403.941289][ T3410] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.948520][ T3410] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.982747][T12626] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.989901][T12626] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.080282][T18245] Cannot find del_set index 17 as target
[  404.086976][T18085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  404.163534][   T55] Bluetooth: hci3: command tx timeout
[  404.246608][T18251] netlink: 'syz.3.4408': attribute type 11 has an invalid length.
[  404.386616][T18259] gre3: entered promiscuous mode
[  404.410968][T18259] gre3: entered allmulticast mode
[  404.438602][T18265] netlink: 'syz.0.4414': attribute type 30 has an invalid length.
[  404.490625][T18085] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.541325][T18261] openvswitch: netlink: Flow actions attr not present in new flow.
[  404.662109][T18085] veth0_vlan: entered promiscuous mode
[  404.686732][T18085] veth1_vlan: entered promiscuous mode
[  404.751079][T18085] veth0_macvtap: entered promiscuous mode
[  404.758680][T18283] openvswitch: netlink: Missing valid actions attribute.
[  404.767055][T18283] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  404.791480][T18085] veth1_macvtap: entered promiscuous mode
[  404.831440][T18085] batman_adv: batadv0: Interface activated: batadv_slave_0
[  404.858146][T18085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  404.880955][T18085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  404.905834][T18288] netlink: 'syz.2.4421': attribute type 11 has an invalid length.
[  404.907446][T18085] batman_adv: batadv0: Interface activated: batadv_slave_1
[  404.949087][T18085] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  404.971579][T18085] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  404.981856][T18085] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  404.999161][T18085] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.120878][T14398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.151662][T14398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.197131][ T4768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.217773][ T4768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.683104][T18320] netlink: 'syz.2.4434': attribute type 1 has an invalid length.
[  405.879306][T18334] netlink: 'syz.3.4440': attribute type 1 has an invalid length.
[  405.898227][T18334] syzkaller0 speed is unknown, defaulting to 1000
[  406.012321][T18340] FAULT_INJECTION: forcing a failure.
[  406.012321][T18340] name failslab, interval 1, probability 0, space 0, times 0
[  406.019105][T18343] netlink: 'syz.2.4444': attribute type 5 has an invalid length.
[  406.031662][T18340] CPU: 0 UID: 0 PID: 18340 Comm: syz.0.4442 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  406.031704][T18340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  406.031718][T18340] Call Trace:
[  406.031743][T18340]  <TASK>
[  406.031753][T18340]  dump_stack_lvl+0x241/0x360
[  406.031796][T18340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.031822][T18340]  ? __pfx__printk+0x10/0x10
[  406.031846][T18340]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  406.031879][T18340]  ? __pfx___might_resched+0x10/0x10
[  406.031913][T18340]  should_fail_ex+0x40a/0x550
[  406.031960][T18340]  should_failslab+0xac/0x100
[  406.031989][T18340]  kmem_cache_alloc_node_noprof+0x77/0x380
[  406.032018][T18340]  ? __alloc_skb+0x1c3/0x440
[  406.032053][T18340]  __alloc_skb+0x1c3/0x440
[  406.032090][T18340]  ? __pfx___alloc_skb+0x10/0x10
[  406.032125][T18340]  ? netlink_autobind+0xd6/0x2f0
[  406.032149][T18340]  ? netlink_autobind+0x2b0/0x2f0
[  406.032179][T18340]  netlink_sendmsg+0x634/0xcb0
[  406.032215][T18340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.032243][T18340]  ? aa_sock_msg_perm+0x91/0x160
[  406.032281][T18340]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.032303][T18340]  __sock_sendmsg+0x221/0x270
[  406.032334][T18340]  ____sys_sendmsg+0x53a/0x860
[  406.032364][T18340]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.032384][T18340]  ? __fget_files+0x2a/0x410
[  406.032417][T18340]  ? __fget_files+0x2a/0x410
[  406.032455][T18340]  __sys_sendmsg+0x269/0x350
[  406.032502][T18340]  ? __pfx___sys_sendmsg+0x10/0x10
[  406.032546][T18340]  ? do_sys_openat2+0x17a/0x1d0
[  406.032598][T18340]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  406.032629][T18340]  ? do_syscall_64+0x100/0x230
[  406.032661][T18340]  ? do_syscall_64+0xb6/0x230
[  406.032691][T18340]  do_syscall_64+0xf3/0x230
[  406.032718][T18340]  ? clear_bhb_loop+0x35/0x90
[  406.032748][T18340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.032773][T18340] RIP: 0033:0x7fe2a178d169
[  406.032788][T18340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.032803][T18340] RSP: 002b:00007fe2a2522038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  406.032821][T18340] RAX: ffffffffffffffda RBX: 00007fe2a19a5fa0 RCX: 00007fe2a178d169
[  406.032834][T18340] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000003
[  406.032845][T18340] RBP: 00007fe2a2522090 R08: 0000000000000000 R09: 0000000000000000
[  406.032856][T18340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.032867][T18340] R13: 0000000000000000 R14: 00007fe2a19a5fa0 R15: 00007ffe66a63e28
[  406.032893][T18340]  </TASK>
[  406.536550][T18360] netlink: 'syz.2.4449': attribute type 11 has an invalid length.
[  406.842968][T18384] netlink: 'syz.0.4457': attribute type 33 has an invalid length.
[  406.942571][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.767805][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.908607][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.935988][T18389] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode
[  407.962772][T18389] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode
[  407.979331][ T5913] syzkaller0 speed is unknown, defaulting to 1000
[  408.052968][T18401] __nla_validate_parse: 17 callbacks suppressed
[  408.052988][T18401] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4464'.
[  408.074211][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.118727][T18404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4464'.
[  408.145480][T18393] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4463'.
[  408.441937][   T36] bridge_slave_1: left allmulticast mode
[  408.463305][   T36] bridge_slave_1: left promiscuous mode
[  408.475226][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.480278][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  408.492344][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  408.504491][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  408.524015][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  408.531886][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  408.539349][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  408.548843][   T36] bridge_slave_0: left allmulticast mode
[  408.554505][T18424] FAULT_INJECTION: forcing a failure.
[  408.554505][T18424] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.554542][T18424] CPU: 0 UID: 0 PID: 18424 Comm: syz.2.4469 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  408.554583][T18424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  408.554596][T18424] Call Trace:
[  408.554604][T18424]  <TASK>
[  408.554613][T18424]  dump_stack_lvl+0x241/0x360
[  408.554642][T18424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.554666][T18424]  ? __pfx__printk+0x10/0x10
[  408.554688][T18424]  ? __pfx_lock_release+0x10/0x10
[  408.554728][T18424]  should_fail_ex+0x40a/0x550
[  408.554763][T18424]  _copy_from_iter+0x1df/0x1c40
[  408.554788][T18424]  ? __virt_addr_valid+0x183/0x530
[  408.554809][T18424]  ? __pfx_lock_release+0x10/0x10
[  408.554847][T18424]  ? __alloc_skb+0x28f/0x440
[  408.554879][T18424]  ? __pfx__copy_from_iter+0x10/0x10
[  408.554906][T18424]  ? __virt_addr_valid+0x183/0x530
[  408.554927][T18424]  ? __virt_addr_valid+0x183/0x530
[  408.554958][T18424]  ? __virt_addr_valid+0x45f/0x530
[  408.554980][T18424]  ? __phys_addr_symbol+0x2f/0x70
[  408.554999][T18424]  ? __check_object_size+0x47a/0x730
[  408.555051][T18424]  netlink_sendmsg+0x742/0xcb0
[  408.555090][T18424]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.555121][T18424]  ? aa_sock_msg_perm+0x91/0x160
[  408.555160][T18424]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.555183][T18424]  __sock_sendmsg+0x221/0x270
[  408.555216][T18424]  ____sys_sendmsg+0x53a/0x860
[  408.555248][T18424]  ? __pfx_____sys_sendmsg+0x10/0x10
[  408.555270][T18424]  ? __fget_files+0x2a/0x410
[  408.555304][T18424]  ? __fget_files+0x2a/0x410
[  408.555346][T18424]  __sys_sendmsg+0x269/0x350
[  408.555374][T18424]  ? __pfx___sys_sendmsg+0x10/0x10
[  408.555411][T18424]  ? do_sys_openat2+0x17a/0x1d0
[  408.555471][T18424]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  408.555505][T18424]  ? do_syscall_64+0x100/0x230
[  408.555549][T18424]  ? do_syscall_64+0xb6/0x230
[  408.555583][T18424]  do_syscall_64+0xf3/0x230
[  408.555615][T18424]  ? clear_bhb_loop+0x35/0x90
[  408.555650][T18424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.555678][T18424] RIP: 0033:0x7fdc52d8d169
[  408.555698][T18424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.555716][T18424] RSP: 002b:00007fdc53ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.555740][T18424] RAX: ffffffffffffffda RBX: 00007fdc52fa5fa0 RCX: 00007fdc52d8d169
[  408.555756][T18424] RDX: 0000000000000000 RSI: 0000400000000480 RDI: 0000000000000003
[  408.555770][T18424] RBP: 00007fdc53ba3090 R08: 0000000000000000 R09: 0000000000000000
[  408.555783][T18424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.555797][T18424] R13: 0000000000000000 R14: 00007fdc52fa5fa0 R15: 00007fff00837438
[  408.555831][T18424]  </TASK>
[  408.870971][   T36] bridge_slave_0: left promiscuous mode
[  408.877083][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.398791][T18456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4477'.
[  409.472131][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  409.488149][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.499430][   T36] bond0 (unregistering): Released all slaves
[  409.531237][T18421] syzkaller0 speed is unknown, defaulting to 1000
[  409.539169][T18421] lo speed is unknown, defaulting to 1000
[  409.932251][T18421] chnl_net:caif_netlink_parms(): no params data found
[  410.022328][T18483] sctp: [Deprecated]: syz.4.4484 (pid 18483) Use of struct sctp_assoc_value in delayed_ack socket option.
[  410.022328][T18483] Use struct sctp_sack_info instead
[  410.208088][T18485] bond0: option mode: unable to set because the bond device has slaves
[  410.263111][   T36] hsr_slave_0: left promiscuous mode
[  410.289012][   T36] hsr_slave_1: left promiscuous mode
[  410.295005][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  410.302449][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.311559][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  410.319200][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.356902][   T36] veth1_macvtap: left promiscuous mode
[  410.362463][   T36] veth0_macvtap: left promiscuous mode
[  410.382212][   T36] veth1_vlan: left promiscuous mode
[  410.394514][   T36] veth0_vlan: left promiscuous mode
[  410.510999][T18513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4491'.
[  410.722708][ T5839] Bluetooth: hci3: command tx timeout
[  410.868019][   T36] team0 (unregistering): Port device team_slave_1 removed
[  410.910088][   T36] team0 (unregistering): Port device team_slave_0 removed
[  411.386934][T18511] ------------[ cut here ]------------
[  411.393397][T18511] WARNING: CPU: 0 PID: 18511 at net/mac80211/key.c:1162 ieee80211_free_keys+0x567/0x680
[  411.403342][T18511] Modules linked in:
[  411.407256][T18511] CPU: 0 UID: 0 PID: 18511 Comm: syz.2.4490 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  411.418363][T18511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  411.428699][T18511] RIP: 0010:ieee80211_free_keys+0x567/0x680
[  411.434832][T18511] Code: 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 d8 e7 3e f6 90 0f 0b 90 e9 17 fc ff ff e8 ca e7 3e f6 90 <0f> 0b 90 4c 8b 64 24 20 e9 77 fe ff ff e8 b7 e7 3e f6 e9 2d fe ff
[  411.454930][T18511] RSP: 0018:ffffc900033a7620 EFLAGS: 00010287
[  411.461038][T18511] RAX: ffffffff8b82f746 RBX: 0000000000000001 RCX: 0000000000080000
[  411.469231][T18511] RDX: ffffc9001256a000 RSI: 0000000000000b87 RDI: 0000000000000b88
[  411.477416][T18511] RBP: ffffc900033a76f0 R08: ffffffff8b82f547 R09: 1ffff92000674e78
[  411.485671][T18511] R10: dffffc0000000000 R11: fffff52000674e79 R12: 0000000000000002
[  411.494041][T18511] R13: ffff888057438d80 R14: 1ffff1100ae8753a R15: dffffc0000000000
[  411.502034][T18511] FS:  00007fdc53b1f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  411.511196][T18511] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  411.518019][T18511] CR2: 00007fe2a2500f98 CR3: 0000000045358000 CR4: 00000000003526f0
[  411.526196][T18511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  411.534395][T18511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  411.542395][T18511] Call Trace:
[  411.545890][T18511]  <TASK>
[  411.548844][T18511]  ? __warn+0x165/0x4d0
[  411.553238][T18511]  ? ieee80211_free_keys+0x567/0x680
[  411.558579][T18511]  ? report_bug+0x2b3/0x500
[  411.563310][T18511]  ? ieee80211_free_keys+0x567/0x680
[  411.568638][T18511]  ? handle_bug+0x60/0x90
[  411.573236][T18511]  ? exc_invalid_op+0x1a/0x50
[  411.578214][T18511]  ? asm_exc_invalid_op+0x1a/0x20
[  411.583493][T18511]  ? ieee80211_free_keys+0x367/0x680
[  411.588802][T18511]  ? ieee80211_free_keys+0x566/0x680
[  411.594201][T18511]  ? ieee80211_free_keys+0x567/0x680
[  411.599579][T18511]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  411.605584][T18511]  ? lockdep_hardirqs_on+0x99/0x150
[  411.610832][T18511]  ? __pfx_ieee80211_free_keys+0x10/0x10
[  411.616608][T18511]  ? wiphy_work_cancel+0x1f0/0x3e0
[  411.621762][T18511]  ieee80211_do_stop+0x1085/0x2380
[  411.627016][T18511]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  411.632574][T18511]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  411.638514][T18511]  ? lockdep_hardirqs_on+0x99/0x150
[  411.643873][T18511]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  411.650235][T18511]  ? wiphy_work_cancel+0x1f0/0x3e0
[  411.655430][T18511]  ieee80211_stop+0x43b/0x490
[  411.660206][T18511]  ? __pfx_ieee80211_stop+0x10/0x10
[  411.665472][T18511]  __dev_close_many+0x216/0x350
[  411.670355][T18511]  ? __pfx___dev_close_many+0x10/0x10
[  411.675798][T18511]  ? dev_set_rx_mode+0x233/0x2e0
[  411.680770][T18511]  __dev_change_flags+0x30e/0x6f0
[  411.685903][T18511]  ? __pfx___dev_change_flags+0x10/0x10
[  411.691497][T18511]  ? __mutex_lock+0xba3/0x1010
[  411.696374][T18511]  ? __mutex_lock+0x602/0x1010
[  411.701173][T18511]  dev_change_flags+0x8b/0x1a0
[  411.706058][T18511]  dev_ifsioc+0x7c2/0xe70
[  411.710434][T18511]  ? __pfx_dev_ifsioc+0x10/0x10
[  411.715411][T18511]  ? dev_load+0x21/0x1f0
[  411.719677][T18511]  dev_ioctl+0x719/0x1340
[  411.724090][T18511]  sock_do_ioctl+0x240/0x460
[  411.728750][T18511]  ? __pfx_sock_do_ioctl+0x10/0x10
[  411.733978][T18511]  sock_ioctl+0x626/0x8e0
[  411.738346][T18511]  ? __pfx_sock_ioctl+0x10/0x10
[  411.743272][T18511]  ? __fget_files+0x2a/0x410
[  411.747903][T18511]  ? __fget_files+0x2a/0x410
[  411.752576][T18511]  ? __pfx_sock_ioctl+0x10/0x10
[  411.757453][T18511]  __se_sys_ioctl+0xf5/0x170
[  411.762058][T18511]  do_syscall_64+0xf3/0x230
[  411.766622][T18511]  ? clear_bhb_loop+0x35/0x90
[  411.771321][T18511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.777282][T18511] RIP: 0033:0x7fdc52d8d169
[  411.781705][T18511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.801392][T18511] RSP: 002b:00007fdc53b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  411.809895][T18511] RAX: ffffffffffffffda RBX: 00007fdc52fa6320 RCX: 00007fdc52d8d169
[  411.817943][T18511] RDX: 0000400000002280 RSI: 0000000000008914 RDI: 0000000000000009
[  411.825983][T18511] RBP: 00007fdc52e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  411.834067][T18511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  411.842048][T18511] R13: 0000000000000000 R14: 00007fdc52fa6320 R15: 00007fff00837438
[  411.850126][T18511]  </TASK>
[  411.853255][T18511] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  411.860548][T18511] CPU: 0 UID: 0 PID: 18511 Comm: syz.2.4490 Not tainted 6.14.0-rc6-syzkaller-00104-g5f079290e591 #0
[  411.871303][T18511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  411.881357][T18511] Call Trace:
[  411.884638][T18511]  <TASK>
[  411.887578][T18511]  dump_stack_lvl+0x241/0x360
[  411.892284][T18511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.897506][T18511]  ? __pfx__printk+0x10/0x10
[  411.902121][T18511]  ? _printk+0xd5/0x120
[  411.906322][T18511]  ? __init_begin+0x41000/0x41000
[  411.911382][T18511]  ? vscnprintf+0x5d/0x90
[  411.915742][T18511]  panic+0x349/0x880
[  411.919671][T18511]  ? __warn+0x174/0x4d0
[  411.923863][T18511]  ? __pfx_panic+0x10/0x10
[  411.928321][T18511]  __warn+0x344/0x4d0
[  411.932325][T18511]  ? ieee80211_free_keys+0x567/0x680
[  411.937623][T18511]  report_bug+0x2b3/0x500
[  411.941968][T18511]  ? ieee80211_free_keys+0x567/0x680
[  411.947271][T18511]  handle_bug+0x60/0x90
[  411.951425][T18511]  exc_invalid_op+0x1a/0x50
[  411.955927][T18511]  asm_exc_invalid_op+0x1a/0x20
[  411.960785][T18511] RIP: 0010:ieee80211_free_keys+0x567/0x680
[  411.966690][T18511] Code: 01 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 d8 e7 3e f6 90 0f 0b 90 e9 17 fc ff ff e8 ca e7 3e f6 90 <0f> 0b 90 4c 8b 64 24 20 e9 77 fe ff ff e8 b7 e7 3e f6 e9 2d fe ff
[  411.986306][T18511] RSP: 0018:ffffc900033a7620 EFLAGS: 00010287
[  411.992381][T18511] RAX: ffffffff8b82f746 RBX: 0000000000000001 RCX: 0000000000080000
[  412.000356][T18511] RDX: ffffc9001256a000 RSI: 0000000000000b87 RDI: 0000000000000b88
[  412.008337][T18511] RBP: ffffc900033a76f0 R08: ffffffff8b82f547 R09: 1ffff92000674e78
[  412.016312][T18511] R10: dffffc0000000000 R11: fffff52000674e79 R12: 0000000000000002
[  412.024285][T18511] R13: ffff888057438d80 R14: 1ffff1100ae8753a R15: dffffc0000000000
[  412.032264][T18511]  ? ieee80211_free_keys+0x367/0x680
[  412.037555][T18511]  ? ieee80211_free_keys+0x566/0x680
[  412.042857][T18511]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  412.048849][T18511]  ? lockdep_hardirqs_on+0x99/0x150
[  412.054068][T18511]  ? __pfx_ieee80211_free_keys+0x10/0x10
[  412.059717][T18511]  ? wiphy_work_cancel+0x1f0/0x3e0
[  412.064840][T18511]  ieee80211_do_stop+0x1085/0x2380
[  412.069986][T18511]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  412.075468][T18511]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  412.081378][T18511]  ? lockdep_hardirqs_on+0x99/0x150
[  412.086595][T18511]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  412.092944][T18511]  ? wiphy_work_cancel+0x1f0/0x3e0
[  412.098063][T18511]  ieee80211_stop+0x43b/0x490
[  412.102775][T18511]  ? __pfx_ieee80211_stop+0x10/0x10
[  412.107990][T18511]  __dev_close_many+0x216/0x350
[  412.112882][T18511]  ? __pfx___dev_close_many+0x10/0x10
[  412.118265][T18511]  ? dev_set_rx_mode+0x233/0x2e0
[  412.123230][T18511]  __dev_change_flags+0x30e/0x6f0
[  412.128276][T18511]  ? __pfx___dev_change_flags+0x10/0x10
[  412.133836][T18511]  ? __mutex_lock+0xba3/0x1010
[  412.138614][T18511]  ? __mutex_lock+0x602/0x1010
[  412.143395][T18511]  dev_change_flags+0x8b/0x1a0
[  412.148186][T18511]  dev_ifsioc+0x7c2/0xe70
[  412.152534][T18511]  ? __pfx_dev_ifsioc+0x10/0x10
[  412.157401][T18511]  ? dev_load+0x21/0x1f0
[  412.161653][T18511]  dev_ioctl+0x719/0x1340
[  412.166000][T18511]  sock_do_ioctl+0x240/0x460
[  412.170603][T18511]  ? __pfx_sock_do_ioctl+0x10/0x10
[  412.175758][T18511]  sock_ioctl+0x626/0x8e0
[  412.180113][T18511]  ? __pfx_sock_ioctl+0x10/0x10
[  412.185008][T18511]  ? __fget_files+0x2a/0x410
[  412.189619][T18511]  ? __fget_files+0x2a/0x410
[  412.194248][T18511]  ? __pfx_sock_ioctl+0x10/0x10
[  412.199112][T18511]  __se_sys_ioctl+0xf5/0x170
[  412.203713][T18511]  do_syscall_64+0xf3/0x230
[  412.208231][T18511]  ? clear_bhb_loop+0x35/0x90
[  412.212923][T18511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.218834][T18511] RIP: 0033:0x7fdc52d8d169
[  412.223261][T18511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.242877][T18511] RSP: 002b:00007fdc53b1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  412.251318][T18511] RAX: ffffffffffffffda RBX: 00007fdc52fa6320 RCX: 00007fdc52d8d169
[  412.259306][T18511] RDX: 0000400000002280 RSI: 0000000000008914 RDI: 0000000000000009
[  412.267287][T18511] RBP: 00007fdc52e0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  412.275268][T18511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  412.283248][T18511] R13: 0000000000000000 R14: 00007fdc52fa6320 R15: 00007fff00837438
[  412.291250][T18511]  </TASK>
[  412.294600][T18511] Kernel Offset: disabled
[  412.299002][T18511] Rebooting in 86400 seconds..