last executing test programs:

3m31.780774737s ago: executing program 4 (id=730):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='pids.events\x00', 0x275a, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async)
recvmmsg(r2, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/234, 0xea}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f0000000440)=""/234, 0xea}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000600)=""/133, 0x85}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000002e00)=""/4094, 0xffe}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000a00)=""/115, 0x73}, {&(0x7f0000000340)=""/110, 0x6e}], 0x6}, 0x5db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)
write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="2d6370baa2"], 0x5) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x4000031, 0xffffffffffffffff, 0x0) (async)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) (async)
getsockopt(r1, 0x101, 0x8, &(0x7f0000001f00)=""/4096, &(0x7f0000000080)=0x1000) (async)
connect$pppoe(r1, &(0x7f0000000180)={0x18, 0x0, {0x3, @broadcast, 'rose0\x00'}}, 0xffffffffffffff41) (async)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x66, &(0x7f0000000200)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x30, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[], @time_exceed={0x91, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '%kT', 0x0, 0x0, 0x0, @mcast1, @dev}}}}}}}, 0x0) (async)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3800000003000000000000003828e1132ceb17dd050003040000000024b31dd29adfb484fa3187cec479840000000940000003ff08000640000000000400024000000000ffc03a429e8a67aab5053e3a69b91c30df9545b4a24b150d97ce98564725f7d4bb12000000"], 0x38}}, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$inet(r5, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f0000001d40)=[{&(0x7f0000000c40)="174f0309acc581c27c0835a541d5ace14751a6fb5991e1eabe613766930c5209d76188595688370a8db8878df98ad326d683f46b7b423a4583c043d396d52fafd67bbd19f7e86b03f0890da3e3e1ac30139e27351572c4c42e96f4dec4c0c9d710f16af63cc306aa379bad5c6e7ef0f71776f0abdddb9ba606e921bcb3ac6bbea2ab3a0823b23088bc5e39310f040dacfd595b4675421c0046d89f2840d233d1034173a0fe91900d926e8d3a481c32b4f6079741d13e2ebb782090c8f38a9daebb1dea84e78c216cd7f9f10bf4b35158e3b36df0c4e9e74b585fc66f7b1fe5305f073f6de409973543e731424ab0605f2f4dfd7efe495ea426a69b13b27b7497895984a1502bac0855ad2bb86e88efdd6c976bbd1cc04dc6b4e8d579f1aecdf38461db91d3661703dec17b9a22d66299cacd23fb463dbb3fd7d59674fa4c5ec8b36422965f55ae455ef5051d029fe657b3f6c79a2bbfe60b0d64870d4ca793ebf5054a40157f0c78c3337cb131700670bc7dfa1cfddb8eb2d85b97c56339f45c4ee490d259121cdccf7be5bbc0ab7a375d931c0365c9809756d4491c866161833663e49a310df546ed841572ca40e40faea56bb05216b3390d807f756db218749a1c9a1ee817b9e5e6a00ca98e185cd6f690cc9e9d1567788e572378f11f688d8133c58b727ae51f95787f7f9952b32ed1494ea7e55f21baea3c9edb8b4523bbef158c8c239d4a54faa5996eb1f3f1c06acf8cd273e298e44b5642b8a50369b152a67932f48bed55c1c01d9a0ad6b2a3540e753c16e3054d483baad028fe42b4e5ebe562b6350c3a093f7456dde046258b8bfe19494d19a66809b612ba8deefea6b7007460ad826313420ac8e3f889da3c9b01a3d1f76acbdafb990fbe8479ded245d750a534e61b6b5fe9914f3760cbe0434f0b1593579f9d124e7c90ef5a50b21aad14ecd0cd712164782cfd329175225d99f90df6d123dde263d9329317f501199ba87458c0ead4baddeef35da92fea8ac878fa84bebfce075cbf56fad7fe823198ef50ce9e24d6c888337cfecb65e6dc7a3bce8f7b2cf734a1bf52cc24b77045e94c39756cb4287777e6f7bdfa19c387565dcb5258c3758a6d8cf94fa2adde5454735f944f6fde3c61376bf65c4c65bf973e1bdcd646b5883098b9f00712ab947b5a45ae1949357a7ef580895e7201e36ae4ab14da32e0a55327d25278d07e102c4e45f6566f5394c2259baa6b5b9511751c35ad74364be8bcfb77b0eb0d3c182dd50ae9fa498d5595bce5201d43acf6411e8e6074bdf001d4e4ddae00133002d9af61c3d9b594a230511c77460e477ab5d9d3d2dbdad6a971c4d4911d877a6d9eae79196e95565994954a3904d473fb369983020b99466c804127e8baf8147b5d228a17608d3ab4c31c6ad03135929e35feb8d166f5f820e40f94dd8102c9ca76ac48c3d668b00ca76cff37dcd35ddbf63b62ecaf7934a8ede4980f3294365ea63f7584373f638134fba55526983dabf2f189c70ddec701b55256d383dd802b4b09b801fb6cbe3408c9eb6d1fd85bf93b60b966680485d4550a3aa3454d888d6f8e81f669d4d87914041ac313e39f0ae29f31dedba1c5964c6729045cbd010e4469a7220335f76983c7d22a53401cb25444b9103643843726bdbb28d4032f9258f8539b9a7dfd6558b2c524d38c9e2e1c23fd7a6a42bf4bb5ebdf0b75ecc5", 0x4c1}], 0x1, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @broadcast}}}, @ip_retopts={{0x20, 0x0, 0x7, {[@generic={0x83, 0xd, "66581ddb34253c0556c786"}]}}}], 0x40}, 0x40005) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="800000001000370401000000fddbef2500000000", @ANYRES32=r3, @ANYBLOB="890c0400000000000500100002000000580012800900010069706970000000004800028008000200e0000001060012004e2100000600100002000000060011004e230000060010000100000008000100", @ANYRES32=0x0, @ANYBLOB="04001300050005000400000005000a0000000000"], 0x80}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
socket$inet(0x2, 0x2, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r6, 0x11c, 0x2, 0x0, 0x0) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x34, r8, 0x200, 0x70bd2c, 0x8000, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_USERSPACE_MPM={0x4}, @NL80211_MESH_SETUP_IE={0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000800}, 0x4040840)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000400), 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}}}], 0x20}}], 0x1, 0x4040880) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106)

3m31.431422029s ago: executing program 4 (id=733):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={{0x14}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x24044080}, 0x20041884)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c0000000f060102000000cad5610cdd8777860a050001000700000006000b00020000000500010007000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
pwritev(r1, &(0x7f0000000500)=[{&(0x7f00000000c0)="e508fa5c28b7fe9956ef63ed51ad293bb45fc854fed7fac0913d66d42ac9cccc9576c2c52bb36b02bed3e1ad1f1e7674c97617a24acb88c421e3e9143a56bc31cb600e02ed26d8ce93a3ee23e9555df83ba87816172800fbb323986466b0de946417260b049af4d5f01f08cd8f152b27862b4a00858b488c51b2d0feeebe8376293ce1df8f15d5b0d45a0a9f6528844771f8dab474528a9cd30e932f9879a254bbd5c883266b9ccfe135a6ed2a6d8a7536cfec1680b384834e1b7f087b414d74222fbd098e39293f384a843af7f8009454d34561", 0xd4}, {&(0x7f00000001c0)="0d2b277d7a7917795aeb94908b5219614df42e9176e3964ad6876d1481a348c4b3bac6ab245d60d8a90188423d53e423508c8379b7804e13fa33c815fad916d050f34d3de1f54baaeab34a00b902684adad80a9fab633bcc2d6a702274678d234c1add9717d19dd80f25f06249262e3ed1fd5d269e20a000dc0954edae474bb7b45d2a7d577cc260e0788a46cbe56e0093e602abb319de11c895d5e43167b6243ae43181723aa5db7e03bbb1af7e3c577b540e17e4f33fbaa3845b322917267d118a176857313835b2909f05653d71c399e767fbc0c32c823111fe375155a3fe0b03fcb0fe", 0xe5}, {&(0x7f00000002c0)="d12fea316b42c9fdbd40863b67768f47d1c623546350b9ce5e87767eaea02d2b4e1a7ac1dcec1bd9f66dad0e27f7b1679e5efcde5d7b5e12a1ad819d53a438aa8ad4afbffec4adc009c3f8254df3cf14b6dbec42777278014484daaebdb3c90ee45097249536a174b0b4017b0763250c19e454767ad2ff2c54f26554cae664", 0x7f}, {&(0x7f0000000340)="b5eaf39cdd43839b12a1f66794ea904d78c68983126d5dd2938418783a75e5e403b0166645e40da3c017ce05a6fe154041df44a2e02e92d04cd7d67de5aaa73e579b0fe4d3b8e30ec5dfa091b019a5f41b5dfc7a0600795f3e22523bb0718503925e1f50f0f410b5793a51ac8f31715b08b51d8d3e6c77bd80cb6171a2c0e748380a3ceb4a79ee2b0bca4013f4f706fd79eab6f68a554f7010842925fa05700da803e378266aa3b99215e4d624759d46f52f362f77b8ac0500dda7a099052374268005c8182df4d7536fc7c02eae", 0xce}, {&(0x7f0000000440)="c540b248300e244200a18f404337e598f6d1b09cb73a8e0815a5b6b45e62b895f85dc51bae9fd7317bf51fdd7ff7ad75dfc894334d208283db3861303a8367e3368d3b6191fe494736fe573f3eec198fb5196da762fae14c4a04668c34a9aef9fe8a2c3796d85ae1a20d1aaf90b16040fae2adecba069c70f83a114913151861cc029d071fd3c0a5ddb03d69bf3e965764842ab9d8fdd685dc42f33b8c7adaf141a56b07a5523b32d1b7140d70a9fba1d39b8b8ed252796833e43f836a55bc2c", 0xc0}], 0x5, 0x0, 0x48)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000680)={0x28, 0x0, 0xffffffff, @host}, 0x10)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x3b, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x8001}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030030000b12d25a80648c2594f91124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

3m31.067212655s ago: executing program 4 (id=737):
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001680)=""/4091, 0xffb}, {&(0x7f00000003c0)=""/253, 0xfd}], 0x2}}], 0x1, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x810)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x4000084)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r2, 0x107, 0xe, 0x0, &(0x7f0000000040))
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r1, &(0x7f0000000d00)=[{{0x0, 0x1e, &(0x7f0000002c00)=[{&(0x7f0000001500)="b25b365c0254a7c6fc7ea6155a71b613b02d1645aab67271075189c3540c4dd19ebfb3c4acf87f2eeb258e62cc6ae96db360d874500cb86b4185ee533bf708", 0x3f}, {&(0x7f0000002800)="cf", 0x1}, {&(0x7f0000000380)="08e0ac8fb1d99df61d7b518d0a62071e7ec69f658d5a52d7eb7ea31db43f8cf570f335a80860ac4cc240dc149d8468493db8aad089f590d62e0bcb9d1dcee636ee311ee51839b7201745baef82209b2ab741dc5ea481ae9dcebe39b1101a42a8c82de46107541c240ad0d9ee4a9340cffd72aaea692a60993637c81d23a0d0ebbae66f1eb2771df2482c043d8715ae788b56cc91eaa4d6bbdec82d8f91eb822d0b5f3ebd86", 0x1}, {&(0x7f0000000180)="8a", 0x1}, {&(0x7f0000002b40)='-', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001580)="ce90bfdbcfb8a86a74f6799f98c36e23e210f053830ac8e978a0785884001a7099c4b9016f1a65a57390caf78c272cbf9711f94505dd525af1ff7d013438df5b844226f41b81e58eb73366", 0x4b}, {&(0x7f0000000540)="f2e659a0b00d26c2ee15", 0xa}, {&(0x7f0000002e40)="d4", 0x1}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003000)="e1", 0x1}, {&(0x7f00000010c0)="fa", 0x1}, {&(0x7f0000001680)="d8", 0x1}, {&(0x7f0000001600)="f2964dd16e01d56b414499264923beda58d7da0313c1ccafe53965750f25bdaa6b56a87307ec23d48b6f35ce49a813a2bc3cb23fdf42826bdc16788ff466919594de5bf8a1fa5d825947271ade4a95efeb170c", 0xfffffd57}, {&(0x7f0000001340)="b8", 0x1}, {&(0x7f0000000500)="01", 0x1}, {&(0x7f0000000280)="87", 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000140), 0x1}, {&(0x7f0000000340)="e4", 0xfffffec2}], 0x2, 0x0, 0xffffff84}}], 0x5f, 0x4000000)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)

3m30.508972831s ago: executing program 4 (id=742):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f00000007c0), 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000040)={@empty, @empty}, 0x8)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f00000000c0)={<r3=>0x0, 0x17e631d8, 0xe0})
ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000800)={<r4=>0x0, 0x8, 0xb, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000c00)={<r5=>0x0, 0x2, 0xbe7})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001000)={0x3, 0x1, {0xffffffff, @usage=0x80000000, r3, 0x2, 0x7fffffff, 0x0, 0x9, 0x100000000, 0x40, @struct={0x3, 0x9}, 0x6, 0xfffffffb, [0x3, 0x1ff, 0x3, 0x6, 0x8000, 0x1]}, {0x3, @usage=0x9, r4, 0x8000, 0x3, 0xe5, 0xca8e, 0x3, 0x1, @usage=0x6, 0xfffffff8, 0x9, [0x1, 0x758cf9ef, 0x10, 0x6d97, 0xfffffffffffffff2, 0x7]}, {0x4a, @usage=0xcf9d, r5, 0xfc, 0x100, 0x7, 0x4, 0x5399, 0x80, @struct={0x3, 0xffffffff}, 0x1ff, 0x10, [0x90b, 0x2, 0xc3e7, 0x80, 0x41814406, 0x382]}, {0xffffffffffffffff, 0xa, 0x6}})
syz_emit_ethernet(0xbe, &(0x7f0000000540)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x4e21, 0x17c1, 0x9c, 0x0, @wg=@initiation={0x1, 0xfffffffd, "717c72635f3b384bdfc23b7cdbd1617d39980ae0343d91a3756391fe0a9a66d4", "0838dbc96ba13dd069ce9c1099890915a06c22e110516ac8db72cf46be8a2cd2288112c641ae96fd6321aabb617c7209", "7b8d57a7c7bce1276d915e2d6d05e53c86a47b318a3ac04c5dd38853", {"7719eecd7b1f5591c287cd8bdc5cb100", "705e0032bb769f2581b5b6ae81bd7bad"}}}}}}}, 0x0)

3m30.276024168s ago: executing program 4 (id=744):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'rose0\x00', <r1=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000000c0)={{{@in6=@private1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@local}}, &(0x7f00000001c0)=0xe8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'ip6gre0\x00', &(0x7f0000000440)={'syztnl2\x00', <r6=>r2, 0x2b, 0x7, 0xf, 0x2, 0x41, @private2={0xfc, 0x2, '\x00', 0x1}, @local, 0x700, 0x20, 0x0, 0x6}})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r7)
sendmsg$NLBL_MGMT_C_REMOVE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r8, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_DOMAIN={0xc, 0x1, '+%$+(%&\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x2c000040)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000680)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000500)={0x110, r5, 0x400, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x40}, 0xc004)
r9 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10, "024000dc00"}}}]}, 0x48}}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000006c0)={0x0, 'ip6gre0\x00', {0x3}})
sendmsg$nl_route(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d80)=@ipv4_newaddr={0x20, 0x14, 0x509, 0x0, 0x1, {0x2, 0x18, 0x0, 0xff}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x20000810)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@empty, @in=@rand_addr=0x64010102, 0x4e22, 0xa, 0x4e24, 0x8000, 0x2, 0x20, 0x80, 0x4, r1, r3}, {0x401, 0xe14e, 0x81, 0xfffffffffffffffb, 0x7d7, 0x8, 0x9494, 0x6}, {0x6, 0xff, 0x8, 0x2}, 0x670b, 0x6e6bb1, 0x1, 0x0, 0x2}, {{@in=@private=0xa010100, 0x4d6, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3507, 0x1, 0x2, 0xdb, 0xfffffff8, 0x4, 0x9}}, 0xe8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x26, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

3m30.074857104s ago: executing program 4 (id=747):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r0, 0x0, 0xf69}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x4, &(0x7f00000005c0)=ANY=[@ANYRESHEX=r1, @ANYRES32=r1], &(0x7f0000000980)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000340)={<r4=>r1, 0x5000000000000000, 0x40, 0x4})
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
pipe(&(0x7f0000000580)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$netlink(0x10, 0x3, 0x12)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f00000006c0)={0x0, 0x0, 0x5, 0x0, '\x00', [{0x0, 0x219b, 0xf, 0x8, 0x5, 0x2}, {0x9, 0x2, 0x3ff, 0xfffffffffffffffc, 0x6, 0x7}], ['\x00', '\x00', '\x00', '\x00', '\x00']})
splice(r5, 0x0, r6, 0x0, 0x400000008000f28, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, &(0x7f0000000280)=[{&(0x7f0000000680)="85", 0x1}], 0x1, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a)
r10 = accept$inet6(r4, &(0x7f0000000400)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000440)=0x1c)
tee(r10, 0xffffffffffffffff, 0x1, 0xa)
r11 = epoll_create1(0x80000)
sendfile(r11, r9, 0x0, 0x1)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r12, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000100)=@raw=[@alu={0x4, 0x0, 0x7, 0x5, 0x0, 0x4, 0x8}, @alu={0x4, 0x1, 0xc, 0x4, 0x1, 0x4, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}], &(0x7f0000000240)='GPL\x00', 0x7, 0x5c, &(0x7f00000002c0)=""/92, 0x41100, 0x10, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x7, 0x7ff, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r6, r1, 0xffffffffffffffff, r8, r9, r12], 0x0, 0x10, 0xff}, 0x94)

3m15.008556113s ago: executing program 32 (id=747):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r0, 0x0, 0xf69}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x4, &(0x7f00000005c0)=ANY=[@ANYRESHEX=r1, @ANYRES32=r1], &(0x7f0000000980)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
r3 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000340)={<r4=>r1, 0x5000000000000000, 0x40, 0x4})
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
pipe(&(0x7f0000000580)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$netlink(0x10, 0x3, 0x12)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f00000006c0)={0x0, 0x0, 0x5, 0x0, '\x00', [{0x0, 0x219b, 0xf, 0x8, 0x5, 0x2}, {0x9, 0x2, 0x3ff, 0xfffffffffffffffc, 0x6, 0x7}], ['\x00', '\x00', '\x00', '\x00', '\x00']})
splice(r5, 0x0, r6, 0x0, 0x400000008000f28, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, &(0x7f0000000280)=[{&(0x7f0000000680)="85", 0x1}], 0x1, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a)
r10 = accept$inet6(r4, &(0x7f0000000400)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000440)=0x1c)
tee(r10, 0xffffffffffffffff, 0x1, 0xa)
r11 = epoll_create1(0x80000)
sendfile(r11, r9, 0x0, 0x1)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r12, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000100)=@raw=[@alu={0x4, 0x0, 0x7, 0x5, 0x0, 0x4, 0x8}, @alu={0x4, 0x1, 0xc, 0x4, 0x1, 0x4, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}], &(0x7f0000000240)='GPL\x00', 0x7, 0x5c, &(0x7f00000002c0)=""/92, 0x41100, 0x10, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0x7, 0x7ff, 0x10001}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[r6, r1, 0xffffffffffffffff, r8, r9, r12], 0x0, 0x10, 0xff}, 0x94)

2m42.200623854s ago: executing program 5 (id=1343):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @broadcast, 'ip6gretap0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
close(r1)
connect$pppoe(r2, 0x0, 0x0)

2m42.025751281s ago: executing program 5 (id=1345):
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@getspdinfo={0x14, 0x25, 0x200, 0x70bd2c, 0x25dfdbff, 0x90, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20044080}, 0x20040000) (async)
close(r0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000200)=0xd, 0x4)
nanosleep(&(0x7f0000000240)={0x0, 0x989680}, &(0x7f0000000280)) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f00000002c0)=@ethtool_drvinfo={0x3, "97bffc38aa9c2e14aeeff1ada7f4c7d8121a68e033d36ae95c528b962032efcb", "e63f381535eb0b1110f628ce41bba329571468b374c208296a1d5044da9ded8c", "ea19cc32eef1a4bcb4e843f3c416ee6de5786d36be6970ecb0a057e65b1c32f3", "aa40ff41e0bf3bb8ca371c71ece269fb8a9f445a78f021219bb2208248e3ebdb", "28bb2c8a3136dcc7ba186be201101d79bd08aade4aa2f3d8ab19a995ddb3cc53", "884c0ce0417c679d3327ade0", 0x6, 0x2, 0x4, 0x7fffffff, 0x3}})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wpan4\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000010}, 0x40) (async, rerun: 64)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) (rerun: 64)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000540)={@remote, 0x6, 0x1, 0x2, 0x6, 0x9, 0x9}, &(0x7f0000000580)=0x20) (async)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000005c0)=0x3, 0x4)
socketpair(0xb, 0x1, 0x8000, &(0x7f0000000600)={<r3=>0xffffffffffffffff})
recvfrom(r3, &(0x7f0000000640)=""/190, 0xbe, 0x40000000, &(0x7f0000000700)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2, 0x2, 0x1, 0x2}}, 0x80)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r1)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x24, r4, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x44804}, 0x1d389e0efb422e1d) (async)
nanosleep(&(0x7f00000008c0), &(0x7f0000000900)) (async, rerun: 64)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000980), r1)
sendmsg$NLBL_UNLABEL_C_ACCEPT(r5, &(0x7f0000000a80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x70, r6, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:vmware_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:apt_var_lib_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}]}, 0x70}, 0x1, 0x0, 0x0, 0x40890}, 0x5040) (async, rerun: 32)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async, rerun: 32)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b00), r1) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000b40)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEV(r7, &(0x7f0000000c00)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x40, r8, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x200008a4}, 0x8840)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r7, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x2c, r4, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r10 = socket(0x0, 0x2, 0x6)
ioctl$sock_inet_SIOCDARP(r10, 0x8953, &(0x7f0000000d40)={{0x2, 0x4e22, @multicast1}, {0x6, @random="38e5b5f71732"}, 0x40, {0x2, 0x4e20, @multicast1}, 'nicvf0\x00'}) (async, rerun: 32)
recvmmsg(r3, &(0x7f00000022c0)=[{{&(0x7f0000000dc0)=@tipc=@id, 0x80, &(0x7f0000001240)=[{&(0x7f0000000e40)=""/201, 0xc9}, {&(0x7f0000000f40)=""/245, 0xf5}, {&(0x7f0000001040)=""/176, 0xb0}, {&(0x7f0000001100)=""/86, 0x56}, {&(0x7f0000001180)=""/143, 0x8f}], 0x5, &(0x7f00000012c0)=""/4096, 0x1000}, 0xfffffeff}], 0x1, 0x2000, &(0x7f0000002300)={0x77359400}) (rerun: 32)

2m41.747475758s ago: executing program 5 (id=1351):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x4, 0x0, 0x0, 0x1, 0x25f, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x1, 0x0, 0x0, 0x11, 0x1}]}}, 0x0, 0x2a}, 0x28)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff060000000100000045000000250000001900040004", 0x25}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000100000004000480080002000100000008000b"], 0x28}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000010010000002ffebdf2530000000", @ANYRES32=r3, @ANYBLOB="20000000000000001c0012800b0001006d616373656300000c00028005000f"], 0x3c}}, 0x0)

2m41.527222396s ago: executing program 5 (id=1354):
socket$pppoe(0x18, 0x1, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
close(r0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x0, @broadcast, 'vxcan1\x00'}}, 0x1e)

2m41.283442925s ago: executing program 5 (id=1359):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x421, 0x0, 0x0, {}, [@IFLA_EVENT={0x8, 0x2c, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=@RTM_DELMDB={0x38, 0x55, 0x701, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x3, 0x0, {@in6_addr=@loopback}}}]}, 0x38}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000400)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
read(r5, &(0x7f0000000100)=""/19, 0x13)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf254a0043d6714a21c099f07464657673696d0000000f0002006ef6300000"], 0x34}, 0x1, 0x0, 0x0, 0x22000092}, 0x10)

2m40.967502166s ago: executing program 5 (id=1363):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x6c, &(0x7f00000004c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x8100, 0x2, 0x10, [0x7, 0x7], "7f1a"}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}}}, {0x8, 0x22eb, 0xfffffffc}}}}}}, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x8, 0x4, 0x20, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa}}) (async)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x4, 0x7ffe}, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x25, 0x1, 0xfffffffd, 0x0, {0x5, 0x2}}, 0x14}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_EXT_MASK={0x8, 0x1d, 0x4}]}, 0x28}}, 0x0)

2m33.379537718s ago: executing program 3 (id=1461):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002d000b12d25a80648c2594f90124fc60100c020000040000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000480)="b9ff0307683a268cb8f8ffff888e", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m33.047567083s ago: executing program 3 (id=1464):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
r3 = socket$kcm(0x2, 0x922000000001, 0x106)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x54, r5, 0x1, 0x70bd2a, 0xfffffffe, {0x6}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x958}, {0x6, 0x16, 0x794}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x24008004)
sendmsg$inet(r3, &(0x7f0000003080)={0x0, 0x0, 0x0}, 0x2404c0c5)
setsockopt$sock_attach_bpf(r3, 0x1, 0x24, &(0x7f0000000700), 0x4)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x5c4}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x83}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x4814)

2m32.835246527s ago: executing program 3 (id=1468):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r2, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r3, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000ffdbdf256700000008000300", @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004040)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x21, &(0x7f0000000040), 0x4)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x49, &(0x7f00000000c0)})
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xfeff, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000040)=ANY=[], 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000003e0007012dbd7080fcdbdf25047c000000100015002c2e7b28282640272d242300"], 0x34}}, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r8, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=@gettaction={0x58, 0x32, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x2}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3ff}, @action_gd=@TCA_ACT_TAB={0x34, 0x1, [{0x14, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
sendmsg$nl_generic(r9, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x188, 0x3d, 0x400, 0x70bd27, 0x25dfdbfe, {0x9}, [@typed={0xc, 0x5a, 0x0, 0x0, @u64=0x1}, @generic="d19bd775f5ae1afcb747b1f3d12dbc79989d483a5f59d345fc9e242f434eee5097db589d8c26e21b0936b12f2010a1a294c0859c3db47f21af81fcc7902772de5aac5206e30d228ddfdf9da304e406ea3f76ae70e8565c4b6f7ce6982204e8528b06f8ccccd1a513a5ccc5590586c68c0f6a493e3b653d727a49bc87e74d28218bb8f3610728aa91fdda6a25e2ecb22f0cf6c531a94991f72efef026fae0a15c4d981f6f99728ae2ba639afbf2f3a9a76aa29b25b8dbbac4b0b0", @typed={0xa, 0xa8, 0x0, 0x0, @str='wlan1\x00'}, @nested={0x85, 0x33, 0x0, 0x1, [@typed={0x14, 0x93, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @nested={0x4, 0xfc}, @generic="1a038234384210dcdec00b027483d98fa6dedcb30089e2667e766a3611b10272a9a810dcdeb7e3217503d08878842f1a47840ed4821626c918dbae166dd4fdad567ac78eaf116a9573", @typed={0xc, 0x59, 0x0, 0x0, @u64=0x5}, @nested={0x4, 0x102}, @nested={0x4, 0xfe}, @typed={0x8, 0x3d, 0x0, 0x0, @u32=0x31}, @nested={0x4, 0xa5}]}, @typed={0xc, 0x52, 0x0, 0x0, @u64=0xfffffffffffffffb}, @typed={0xc, 0x143, 0x0, 0x0, @str='nl80211\x00'}]}, 0x188}, 0x1, 0x0, 0x0, 0x5}, 0x4)

2m31.502006438s ago: executing program 3 (id=1483):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x28}}, 0x0)

2m31.319353385s ago: executing program 3 (id=1484):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x303}, "d5fae821a8e7a450", "567020a30401dc17bba88f0eb02e41f96d6fc8fdf8266fced412ce537fdc7d30", "4820b60c", "d6a2e66275eae4fc"}, 0x48)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x2, 0x4, 0x8, 0x3, 0x20, 0x0, 0x0, 0x0, [@sadb_key={0x1e, 0x8, 0x730, 0x0, "636472ddfef22bede770be34024ae2d95d499eefd4b5975d12387696107b1b9c3a90d89d7a3ad624c9ff58bc310e25d1709bf5e8131cbd1e86b38b3d01f1f1768a7b3063a25a213e7ae880d9cb27e5388c3486e8bbcac9d5e8eeb89900d72b96b4380c5f334dd73399870debd9a8cadf8b366f9417216f5fe623eb9b95baf17e8d2fde41152ae5b0e50343c294a0962b4e73c154c198e180f1a49a1ead3818fa1e7bae87e5450623432dfdd6886438bb3be7b6e0c02133a6b4a24bedfedf141c1e153b5aa9ca8eeb4c59c36042123fb182c2c6f78a3a3cbfce7ed81e8229ed4336ba63369fff"}]}, 0x100}, 0x1, 0x7}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f0000000040)={'wlan0\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r5=>0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r5, @ANYBLOB="0a0001"], 0x48}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0)

2m30.729637029s ago: executing program 3 (id=1493):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r1, &(0x7f0000000180)={0x24, @short}, 0xb)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000080)=@ipv4_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x14, 0x6, 0x13, 0x0, 0x0, 0x8, 0x10008}, [@FRA_TUN_ID={0xc}, @FRA_GENERIC_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0xe70}, @FRA_DST={0x8, 0x1, @remote}, @FRA_FLOW={0x8, 0xb, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000)
setsockopt$MRT_DEL_VIF(r3, 0x0, 0xcb, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1, 0xff, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}, 0x10)

2m25.889703217s ago: executing program 33 (id=1363):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x6c, &(0x7f00000004c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x8100, 0x2, 0x10, [0x7, 0x7], "7f1a"}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}}}, {0x8, 0x22eb, 0xfffffffc}}}}}}, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x8, 0x4, 0x20, 0x0, 0x1, 0x0, 0x6, 0x7, 0x0, 0xa}}) (async)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x4, 0x7ffe}, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x25, 0x1, 0xfffffffd, 0x0, {0x5, 0x2}}, 0x14}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_EXT_MASK={0x8, 0x1d, 0x4}]}, 0x28}}, 0x0)

2m15.598887994s ago: executing program 34 (id=1493):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r1, &(0x7f0000000180)={0x24, @short}, 0xb)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000080)=@ipv4_newrule={0x4c, 0x20, 0x300, 0x70bd2b, 0x25dfdbfe, {0x2, 0x0, 0x14, 0x6, 0x13, 0x0, 0x0, 0x8, 0x10008}, [@FRA_TUN_ID={0xc}, @FRA_GENERIC_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0xe70}, @FRA_DST={0x8, 0x1, @remote}, @FRA_FLOW={0x8, 0xb, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000)
setsockopt$MRT_DEL_VIF(r3, 0x0, 0xcb, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1, 0xff, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}, 0x10)

1m41.004888739s ago: executing program 2 (id=2048):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_int(r0, 0x1, 0x2e, 0x0, &(0x7f0000000500)=0x5c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
accept4(r3, &(0x7f0000000180)=@generic, &(0x7f0000000000)=0x80, 0x80000)
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x9}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x3, 0x7f, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x4004810)

1m40.519283838s ago: executing program 2 (id=2052):
socket$inet(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) (async)
write(0xffffffffffffffff, &(0x7f00000001c0)="8874ba18961a0d7ebc87681b1f877daec0cd59cd1129c3577f3c7d4304fe23681bda8da10e57425975e6e810c31e9e1792265a199b259728a1ef31a9c14b84541998dd4457dbf088678cbd7e480283267ac400a69f51813617f71ba144cf1dd8eb14c4acb18b969546dd68cf36c5b2e8ae60360f743639bcbbac3c8df58d", 0x7e) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) (async, rerun: 64)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000f7ff00002c0004802800018007000100637400001c0002800800024000000012080004400000000405000300000000000900010073797a30001000000900020073797a3200000011000100000000000000"], 0x80}}, 0x0) (async, rerun: 64)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6}}, [@TCA_RATE={0x6, 0x5, {0xf9, 0x9}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) (async, rerun: 64)
r1 = socket$alg(0x26, 0x5, 0x0) (rerun: 64)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) (async, rerun: 64)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0) (async)
r6 = socket$key(0xf, 0x3, 0x2) (async)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0) (async)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000140)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x439, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r10, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000004) (async)
sendto$packet(r7, &(0x7f0000000900)="31696ddd20c5926100ea235ce7a83eab0614", 0x12, 0x40, &(0x7f0000000200)={0x11, 0x8100, r10, 0x1, 0x7, 0x6, @random="734c594dead2"}, 0x14) (async, rerun: 64)
recvmmsg(r6, &(0x7f0000004bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=""/193, 0xc1}, 0x8}], 0x1, 0x2, 0x0) (async, rerun: 64)
setsockopt$sock_int(r7, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
bind$alg(r5, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)

1m40.057863984s ago: executing program 2 (id=2059):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32, @ANYBLOB="08000d000000000008000400080008"], 0x4c}}, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, r1, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x8408, &(0x7f0000000680)=[{&(0x7f0000000180)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1m39.011908365s ago: executing program 2 (id=2063):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x41, &(0x7f0000000100)=r1, 0x2)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001d0001000000000004086aa42d"], 0x30}}, 0x0)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="43b6bf246945dcb595892f5e9e2ff239cbf80f76656563a83b692166b49add7f18274807aa3b7a26415862d43a7dbba7acc4203e5c7d33f3fef7b1c0221a105fe6cc1ae44ad03f505a904b68db6ea90f6e879f5b2f250f3aa873ca37d9544a746f5164c3ab58adf1c79c61d33270b1265fc56fc0915c988175f8fcacd6", @ANYRES16=r7, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r3, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="414601", @ANYRES64=r3], 0x4)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r4)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$SIOCGIFHWADDR(r8, 0x8927, &(0x7f0000000000)={'team_slave_1\x00'})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x0, 0x4, 0xff, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffe}, 0x50)
socket$alg(0x26, 0x5, 0x0)
r10 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r10, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
sendto$inet6(r10, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000003c0))
getsockopt$bt_hci(r10, 0x84, 0x6d, &(0x7f0000002280)=""/4086, &(0x7f0000000040)=0xff6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x90)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r10}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m35.995083701s ago: executing program 2 (id=2078):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000180)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000300)}, {&(0x7f0000001280)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f807ee4636aad1b45472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee27010000002328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb0d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b81bcd3732736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c090000004b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac15b0d0000000000007bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca25e791c2b8c2b8988645afa2446d5218abce136c0dbbafb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a83397773cc351531070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc9fee42c3df38f4b35ccb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac56aa862f738b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d81b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e86f835663a4968c8bf5afd7cf80549f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b40101015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf416707b95457d0b77daac9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2e6f52585ffdfae76e26691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8ed531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb90800000001cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a20346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e0c1e4739b8ac4fff8f778960de1ae40d4c85c51e1c47040bb2caeaf0c71dbb67c30715b8c14d6921831d7678522eeed29444df421ee206ca3be20d1b5fd2d2baf832f097fef590290eea77f8f3ed00b39841421b61f1c0d01def54bec0348be2216a8dad60838f3ad3595a744edeb6202dbcbd9c73a126a79cbefa43c7db0493103c2aa8fecb5cde1773ad0cdd03f5b0cfb02706420be6fccad116e9140501df48cdbf725611b398eb2b9e93f8da49e601099e0b2e880a95525b5f3f2edd74ae9d664ab61634ab53a1e2f3bf56add0a7f09c16853814b03a4212b9a0119420948da26bb171b288a66a2f0a4063754c2910512aa1cead69b94b498b5d4c44ce0a4aaa7855ee1a3b7ca738756a00a435062ccb86a40cc01f666d372f323e087ef5db2bc2d17ed1f72db14c52ca6723ce92ada6ff0c4f498d42d4218a9f799a216facb7377a1532e0755b894bfc0ee99a4072ac54ee5727846631574f348bf650e7d54b0ef3a1b5cc8233e660a2f10800001f6c23e08ff0ddb488b95504fc42508449b8fdd70afb387016e8c9206482c334f37d26fa3bdb6063f8147db9363e22c4b43b89ba0f68d06641fc1eb74fec0be4f59a17b274e0db67b2c0398250da219c9caf7e0f6cb1f828b6f89a67c8cfd0fe0132bd94261410f8d8d7eb819bc783b8e66a1786285e1e429b71ccc22f7f4c216001375c7a816719e29abc98652b6752923132256cb5f0470223e2c6bf779f4211a41285c1a370b652a5ae67d3", 0xf13}], 0x2}, 0x8010)

1m35.74396813s ago: executing program 2 (id=2081):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000000000085000000ae00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3}, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)
r7 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r7, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r8 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r8, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r10, 0x0, 0xb9b}, 0x18)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

1m20.538868684s ago: executing program 35 (id=2081):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000004000000000000000000000085000000ae00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3}, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)
r7 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r7, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r8 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r8, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r10, 0x0, 0xb9b}, 0x18)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

14.663408029s ago: executing program 8 (id=2664):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="2e0386ad5c31891edac7a1f82b4e9ad10c83035ab093c413d5c3650ea03d1e5e60628a63049e599923e384d05d9e8d892ee7c82263cc1508a2c94b8ae4f0b763a4dbfb286d9027dbf3d2842c6c6a187f730ce2ea08b44bed41f5ed62aa3af898186efdabfff3ed5aa735fd104cd87e580502629b5a493048f50c4ef906dc3a3f193557829fb3a31a2b7bb311d40c", @ANYRESHEX=r1, @ANYRES8, @ANYRES32=r0, @ANYBLOB="3cb851bf555b46f6ad7f1c1c5a676376caf322ab75881cabb3a2", @ANYRES64=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40440}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)=<r4=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=<r6=>0x0)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000440)=<r10=>0x0)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYRESHEX=0x0, @ANYRESDEC=r4], 0x1c}}, 0x4001)
r11 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r11, 0x0, &(0x7f00000000c0)=<r12=>0x0)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r13)
sendmsg$NFC_CMD_DEV_UP(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r14, @ANYBLOB="010023010000000000000200000008000100", @ANYRES32=r12, @ANYBLOB], 0x1c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)=<r15=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r16=>0x0)
r17 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r17, 0x0, &(0x7f00000000c0)=<r18=>0x0)
r19 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r20 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r19)
sendmsg$NFC_CMD_DEV_UP(r19, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000006f186ba0a1199f28af14e0a011b29aabbf0fae52a21d0273a1520c50b70bb27d98bab751097b884d4b5032152195a1880dcd67ef936fcf123b8f1dc855c6c82583ead38e49ab31641fd5ee3fe652b602e89df6268010662a3841374886d771720d018fa0624ec0204c11b1dd3913ba6e09b70286acacf63f96beec9a936cff03612cc663982e63cc0722b9cc997aca52e689144f65b2b10dba172c75b4fe5dafd36fb854e220ac3f8d6b80e2d44a4feca61a179817da6bc834a85b7d6432a2b22cf656", @ANYRES16=r20, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r18, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0x0, 0x600, 0x1, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r15}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r16}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r18}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @empty, 'geneve0\x00'}}, 0x1e)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @link_local, 'geneve0\x00'}}, 0x1e)

13.878377434s ago: executing program 8 (id=2670):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000640)="98", 0x1}], 0x1)
r6 = accept4$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x44, r8, 0x1, 0x0, 0x0, {0x49}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x73}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x44}}, 0x0)
recvmsg(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)=""/70, 0x46}], 0x1}, 0x4c2103a0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macsec0\x00', <r9=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa8, &(0x7f0000000340)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000380), &(0x7f0000000400), 0x8, 0x6c, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@RTM_NEWMDB={0x58, 0x54, 0x4, 0x70bd28, 0x9, {0x7, r9}, [@MDBA_SET_ENTRY={0x20, 0x1, {r9, 0x0, 0x1, 0x0, {@ip4=@multicast2, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r10, 0x0, 0x2, 0x3, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x0)

13.604891875s ago: executing program 8 (id=2672):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000980)=@ipv6_getaddr={0x18, 0x16, 0x1, 0x70bd25, 0x0, {0xa, 0x3f, 0x0, 0xc8}}, 0x18}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
recvmsg(r1, &(0x7f0000000440)={&(0x7f00000000c0)=@qipcrtr, 0x80, &(0x7f0000000700)=[{&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/17, 0x11}, {&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f00000002c0)=""/73, 0x49}, {&(0x7f0000000180)=""/21, 0x15}, {&(0x7f0000000600)=""/237, 0xed}], 0x6, &(0x7f0000000780)=""/212, 0xd4}, 0x10020)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x14, r4, 0x331, 0x0, 0x25dfdbfb, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@tmpl={0x84, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast}, {{@in6=@mcast2, 0x0, 0x6c}, 0x0, @in=@local, 0x0, 0x5, 0x3}]}]}, 0x13c}}, 0x0)

12.547109212s ago: executing program 8 (id=2685):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000018c0)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=ANY=[@ANYBLOB="4000000010003b150c000000002e000000000000", @ANYRES32=0x0, @ANYBLOB="c1900000a1540000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r3, @ANYBLOB], 0x40}}, 0x24008810)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32=r4, @ANYBLOB="2d000e0080000000ffffffffffff08021100000008021100000000000000000000000000640000002503000000000000080026006c09"], 0x80}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_LEAVE_MESH(r5, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r1, 0x300, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x5, 0x3f}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x28054}, 0x40000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0x1d0, r1, 0x8, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0x188, 0x84, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@device_b}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x8}]}, {0xd8, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x24, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x75d}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x5}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x6}, @NL80211_BAND_LC={0x8, 0x5, 0x7fff}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x1f, 0x1, @random="acec76c2fc93da3616481eaee79f0352312a410eba1769ceff96aa"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x34, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x1}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x8}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x3522}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x1}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@broadcast}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x7}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x34, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0xd0}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x9}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x5}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xe4f6}, @NL80211_BAND_LC={0x8, 0x5, 0x6}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x7, 0x1, @random="24b2c5"}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x76}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x9}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xffffffffffffffef, 0x1, @default_ibss_ssid}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}]}]}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x5}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0xffffffff}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0xae96}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x4}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x40004}, 0x80)

12.169899675s ago: executing program 8 (id=2689):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000103000000000000000000711205000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

11.982909317s ago: executing program 8 (id=2691):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xda990a7caaf93fa7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x48, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY_END={0xc, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "688d33f2"}]}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0904000000000000000002000000540004802c0001800e000100696d6d656469617465000000180002800c0002801e000100c4000000080001400000000924000180090001006d6574610000000014000280080002400000000808000140000000100900010073797a300000000009000200737d7a3200000000cc000000030a05000000000000000000020000010900010073797a30000000000b00070066696c74657200000900030073797a320000000008000540ffff0400410008800c00024000000000000004840c00014000000000000000050c00014000000000000000000c0001400000000000000f8c0c0002400000000000000081440004803400030073797a6b616c6c65723100"], 0x174}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x25, 0x1, 0xfffffffd, 0x0, {0x3, 0x2}}, 0x14}}, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000000)="f2552b263b30f7d6976c15a1d07b3a2a", 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000003e0007012dbd7000fcdbdf25047c000004006e001c00018006000600800a0000100007"], 0x34}}, 0x0)

6.359372541s ago: executing program 0 (id=2772):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', <r2=>0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x7}}}]}, 0x38}}, 0x20008004) (async)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x7}}}]}, 0x38}}, 0x20008004)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x10, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x48, 0x2, [@TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}, @TCA_FLOWER_KEY_ENC_OPTS={0x38, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x34, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xfffffffb}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xfffffffb}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffd66, 0x1, 0x7}]}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040) (async)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x10, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x48, 0x2, [@TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}, @TCA_FLOWER_KEY_ENC_OPTS={0x38, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x34, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xfffffffb}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xfffffffb}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0xfffffd66, 0x1, 0x7}]}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="6870ef997e2ff08f0200fe1f000002000d000200000008000c01"], 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x2000c000)
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r8, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r8, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}}, 0x28}, 0x1, 0x6c00}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x8000e}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x844) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x8000e}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x844)
socket(0x10, 0x0, 0xf27) (async)
r11 = socket(0x10, 0x0, 0xf27)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtaction={0xdc, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0xc8, 0x1, [@m_sample={0xc4, 0x1d, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x3}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x2}]}, {0x66, 0x6, "1ff61c5cb9c5b34c38e2415b00800c00000000006dac1ac9d77e581907aed9adfc55154c2a3ea472bdae581323d16c14b652d651392169405d5e7516d1ddb350e4cc00000000071636957ae554357faacf012db9afb86853ccfaa686357f3d7812f2"}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x44010}, 0x0)

5.94715174s ago: executing program 0 (id=2780):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x0, 0xff}}, [@migrate={0x50, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x33, 0x0, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}}, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/214, 0xd6}], 0x1}, 0xffffffff}], 0x1, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c000000020601036c0000000000000000000000050005000a000000050001000600000005000400000000000900020073797a320000000010000300686173683a69702c6d616300140007800800120000000000080008"], 0x5c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@printk={@lld, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0xa00}}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xb, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a000000000000611177000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x1, 0x183, 0x0, 0x0, {0x0, 0x0, 0x4}, [@CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x48000)

5.003654552s ago: executing program 0 (id=2794):
close(0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
r1 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r1, &(0x7f0000000200)="dab1fa53165e89fed7f109263b950c2a13fb55f77baa5e3f09debad9e19b3724a17fd5f33e72dd60f21918a8fc8655f2867aa7318e206f35c82049dd3a2835021d22591ffda4aaacca29cd601d8cbb8b6497124544935c5feed78bbba0b142e7d08b184984be9e05e39382676d747f6f2cbf8295fc8708ed45db285e1c13033cf8d67a9af02781387f119f3588d27215d22e4dd0d4de9834cca3317972bc21a2d8b5aa3f9d18ac5b93bf26e0b7c970f9fa1ad24363b41ae2525cb181af4d3e", 0xbf, 0x880, 0x0, 0x0) (async)
r2 = socket$inet6_sctp(0xa, 0x3, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000340)=[@in={0x2, 0x4e24, @rand_addr=0x64010102}, @in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e22, @rand_addr=0x64010101}, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e22, @loopback}, @in6={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x381ae482}, @in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e20, 0xfffffff8, @empty, 0x7fffffff}], 0x98) (async, rerun: 64)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000980)=ANY=[@ANYBLOB="180000001600010000000000000000000a00c3"], 0x18}}, 0x0) (rerun: 64)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) (async, rerun: 32)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (rerun: 32)
readv(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1) (async)
write$cgroup_subtree(r4, &(0x7f0000000700)=ANY=[], 0xfe33) (async)
listen(0xffffffffffffffff, 0x0) (async)
syz_emit_ethernet(0x52, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff40f5", 0x1c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x5, 0x40, 0x4, '\x00'}]}}}}}}}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) (async)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000140), 0x4) (async)
getsockopt$bt_hci(r5, 0x11a, 0x2, 0x0, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6}, @IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x64}}, 0x0)

4.630383963s ago: executing program 0 (id=2801):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000854000000800000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000107010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0x8)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000001590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@loopback, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@initdev}, 0x0, @in6}}, &(0x7f0000000640)=0xe8)
sendmsg$nl_xfrm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=@allocspi={0x104, 0x16, 0x1, 0x0, 0x0, {{{@in=@loopback, @in6=@mcast1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}, {@in6=@remote, 0x0, 0x33}, @in=@broadcast, {0x2, 0x0, 0x0, 0x0, 0x5}, {0x100000001, 0x0, 0x0, 0x3}}, 0x0, 0x5dfe}, [@mark={0xc, 0x15, {0x35075b, 0x1}}]}, 0x104}}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r3)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0xc)
write(r7, &(0x7f0000000040)="effd00001000ff00fd4344c007110000f3050a00dbfd010000000001ffdf00", 0xfe00)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r6)
sendmsg$NLBL_UNLABEL_C_STATICADD(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c00f7ccde98438fc9be001000000000000005cd4b82bcf6c17d8a965bbd282ddd9a0a39e20eb9eb93", @ANYRES16=r8, @ANYBLOB="010200000000000000000300260008000400ac35000114000600736974300000000000000000000000001400070000000000000000000000ffffac14144008000500ac141400"], 0x4c}, 0x8, 0x3000000000002}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01022bbd7000000000000300260008000500e0000001140e0300fe800000000000000000000000000040140002000000000000000000000000000000000008000500ac1414aa"], 0x4c}, 0x8, 0x3000000000002, 0x0, 0x4000}, 0x0)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r7)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r9, 0x809, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x2, 0x219f5c4a, 0x80000000, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20040081}, 0x0)

4.32055553s ago: executing program 0 (id=2805):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x12, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x280000000000000}]}}]}, 0xb0}}, 0x0)
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005800)={0x28, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @nested={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}]}]}, 0x28}], 0x1}, 0x0)

3.852058979s ago: executing program 0 (id=2808):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x0, 0x45, 0x0, 0xfffffffc, 0xa}, 0x28)

1.694295671s ago: executing program 7 (id=2827):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0x6, 0xd}, {0x10, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_COOKIE={0xc, 0xf, 0x400}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xfc}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4004054)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x8035, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r2, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r2, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff2, 0x1, 0x0}, &(0x7f00000002c0)=0x40)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000018c0)={'team0\x00', <r3=>0x0})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0xc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90c1, 0x5c81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r4}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x48010)

1.55275911s ago: executing program 6 (id=2830):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x30, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x17, 0x0, 0x1, [@generic="7839068a"]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000001c0)={0x0, ""/256, 0x0, 0x0, <r1=>0x0})
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)=r1)

1.459062568s ago: executing program 6 (id=2831):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @netrom}, [@rose, @default, @netrom, @remote, @netrom, @default, @netrom, @rose]}, &(0x7f0000000080)=0x48, 0x80800)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000140)={"1cde5be9ffffa8b0d7ee4c93634dec6e", 0x0, <r1=>0x0, {0x0, 0x6}, {0x3b51, 0x4}, 0x100, [0x100000001, 0xffff, 0x7, 0x7, 0x9, 0xfff, 0x4, 0x81, 0xfffffffffffffff7, 0x7, 0x200, 0x7, 0x6, 0x3, 0x0, 0x3]})
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000000c0)=r1)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

1.351654046s ago: executing program 7 (id=2832):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001800010000000600f9a515404c07540e0000400600060004000000100016800c0008800800018058ad300bd906003ca26a9c9e8a00"/69], 0x34}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000040), &(0x7f00000000c0)=0x68)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='macsec0\x00', 0x10)
syz_emit_ethernet(0x3a, &(0x7f0000001c00)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x2007407, 0xfffffffffffffffd}}}}}}, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x8927, &(0x7f0000000000)={0xfffffffffffffffb, 0xd93a})
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000240)={0x62, @rand_addr=0x64010102, 0x4e24, 0x1, 'sh\x00', 0x0, 0x10, 0x2f}, 0x2c)

1.350038262s ago: executing program 1 (id=2833):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010100}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt(r2, 0x84, 0x82, &(0x7f0000000480)="1a00000002000000", 0x8)
r3 = socket(0x2d, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x10)
mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x200000d, 0x10, r4, 0x34de5000)
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f00000004c0)={0x3, 0xc, @status={[0x1c4, 0x1, 0x0, 0x10000, 0xb, 0x3]}, [0xf, 0x3, 0x7a1744fb, 0x2, 0x7f, 0x8, 0x4549, 0x1, 0x6, 0x6, 0x4, 0x7fffffffffffffff, 0x401, 0x0, 0xfff, 0x100, 0xec5, 0x7, 0x800, 0x100000001, 0x9, 0x100000001, 0x7, 0x9, 0x7, 0x100, 0x0, 0x4, 0x2, 0xc90, 0x5f3, 0x1, 0x6, 0x5, 0x2, 0x8, 0x7fffffffffffffff, 0x7, 0x1800000000000000, 0x5, 0x6, 0x0, 0xb0, 0x6, 0x0, 0x8000000000000001, 0xfffffffffffffff9, 0x0, 0x80000001, 0xcb48, 0x6f88, 0xc90, 0x3, 0xffff, 0x4, 0x7, 0x3, 0x5, 0x100, 0x0, 0x9, 0x45f7, 0x0, 0x3ff]})
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd606712e900320400000000000000eaebfd2607eef2", 0x27}, {&(0x7f0000000100)="051ae2ff0d8c60c2730369b7", 0xc}, {&(0x7f0000000040)="37a8a6c41e646a566a4ce01f972bef63842ee3b291da39d1977010", 0x1b}], 0x3)

1.323674028s ago: executing program 6 (id=2834):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
syz_emit_ethernet(0xe7, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xd9, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x5, 0x0, 0x0, 0x5, 0x1, {0x2f, 0x4, 0x0, 0x9, 0x686, 0x67, 0xfff9, 0x7, 0x2f, 0x1000, @multicast1, @rand_addr=0x64010102, {[@timestamp_prespec={0x44, 0x4, 0xc7, 0x3, 0xc}, @timestamp_addr={0x44, 0x14, 0xf2, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast, 0x6}]}, @ssrr={0x89, 0x23, 0x5f, [@multicast1, @remote, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @multicast1, @remote, @local]}, @lsrr={0x83, 0x1b, 0xf7, [@remote, @multicast2, @private=0xa010102, @multicast2, @multicast1, @dev={0xac, 0x14, 0x14, 0x35}]}, @timestamp={0x44, 0x20, 0xb3, 0x0, 0xd, [0x2, 0xd, 0x8, 0x80000001, 0xffffffff, 0x5, 0xb2a0]}, @lsrr={0x83, 0x2f, 0x71, [@empty, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0x41}, @local, @dev={0xac, 0x14, 0x14, 0x32}, @multicast2, @dev={0xac, 0x14, 0x14, 0x15}, @rand_addr=0x64010100, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x39}]}]}}, "bc"}}}}}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000002000)=[{{&(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000080)='o\b', 0x2}], 0x1}}], 0x1, 0x240000c0)

1.190598447s ago: executing program 6 (id=2835):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_timeval(r3, 0x1, 0x49, 0x0, &(0x7f00000001c0))
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
r4 = socket(0x1, 0x1, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1bf90b9a2d01016edf9cd80aa630000000000000000200000000000000000000017c", @ANYRES8=r1], 0x30}], 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r8, 0x501, 0x70bd27, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0xffffffff, 0x3, 0x0, 0x40a}}}}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4098)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0x34, r8, 0x2, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x18, 0x13, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}, @in={0x2, 0x4e20, @private=0xa010101}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, @in6={0xa, 0x4e22, 0x2, @local, 0x80000000}, @in6={0xa, 0x4e22, 0xfffffffa, @mcast1, 0x12}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x78)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010400000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa8, r11, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x0, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0xffffffffffffff2c, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x0, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000800)
connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r2, 0x0, {0x2, 0xff}, 0xff}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4400000000000e0feff0085000000b200000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r4, 0x800442d3, &(0x7f0000000440)={0x81, 0x0, 0x0, @multicast, 'syzkaller0\x00'})
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000002b000b00000000000000000007000000040003000c0001"], 0x24}}, 0xc00)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

1.027618945s ago: executing program 7 (id=2836):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x3}, 0x48)
r4 = socket(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r4}, 0x20)
close(r4)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r5, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r5, &(0x7f00000000c0), 0x0}, 0x20)
r6 = socket$igmp6(0xa, 0x3, 0x2)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000006, 0x1010, r7, 0x0)

1.001518993s ago: executing program 1 (id=2837):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
pipe(&(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, 0x2}) (async, rerun: 32)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000001340)={0x0, ""/256, 0x0, <r3=>0x0}) (rerun: 32)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000000340)={0xffffffffffff405d, [{}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r4=>0x0}], 0x6, "1b50a6ff34c039"})
ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000001880)={{r4, 0x4, 0x1, 0x2, 0x0, 0x1ff, 0xf, 0x8, 0xf9, 0x7fffffff, 0x4, 0x2, 0x80000000, 0x7, 0x2}})
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)

829.506638ms ago: executing program 6 (id=2838):
r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r1, &(0x7f00000003c0)={@val={0x1c}, @val={0x0, 0x5, 0x0, 0x300}, @ipv6=@udp={0x0, 0x6, '\'\vB', 0x18, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @local}, {[], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}, 0x4e)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x24, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001090}, 0x0) (async)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x891c, &(0x7f0000000140)={@mcast2})

739.469577ms ago: executing program 1 (id=2839):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x1c)
r3 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @none, 0x701, 0x1}, 0xe)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#YP\xee\x9c2G\xf0\x81x\x97'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000600)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000400)={0x188, r8, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x80}, @NL80211_ATTR_FILS_ERP_USERNAME={0x13, 0xf9, "bb869b9deebc452c997972d78e0c69"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x5, 0xf9, '1'}, @NL80211_ATTR_FILS_ERP_USERNAME={0x12, 0xf9, "e0a0a88c1451a4ae8edcbf8cb6fd"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x5f}, @NL80211_ATTR_FILS_ERP_REALM={0xc5, 0xfa, "5d6deaaa49ca36e81cfb1c5309f41d52b4f54545e7377080dff65878624ffa32faf2a8df901521349d1d8b5456c4aff077371b9f0e8ece7f46fe7dd8be9af51c37be0ebac1190049f02cec0bd8df44592ccbdeb58d93499333779bf5ed55aa9516a9441dd5c4a00773be1af54bdd7c7aaaf47debf2d4d6bf46fb5867d59207476cda624d6a03a3e9b619deee43ab6940bf1f7fb17e9e2c015ef7a412df1c095ef64abd8daf39119252d97bf70691215febd1404a7d19e219eae32ccf2c0839da49"}], @NL80211_ATTR_DISABLE_HT={0x4}, @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0xa, 0xf9, "d06fa7f841d4"}, @NL80211_ATTR_FILS_ERP_RRK={0x3f, 0xfc, "726c6c0aaceb5d8944a766b745286b696ec3c24e46542fe55db8e49812a01915f5293c8982f4e7a5be8dd434c705129b460a0bdbefc0818e0286bd"}, @NL80211_ATTR_FILS_ERP_REALM={0x4}, @NL80211_ATTR_FILS_ERP_USERNAME={0xb, 0xf9, "a0edaf839b1e05"}], @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x188}, 0x1, 0x0, 0x0, 0x4}, 0x1)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NET_DM_CMD_START(r4, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, r9, 0x4, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40803}, 0x20000000)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r4], 0x4)

403.070409ms ago: executing program 1 (id=2840):
syz_extract_tcp_res(&(0x7f0000000080)={0x41424344, <r0=>0x41424344}, 0x6, 0x400)
syz_emit_ethernet(0x52, &(0x7f00000000c0)={@local, @local, @val={@val={0x88a8, 0x1, 0x0, 0x4}, {0x8100, 0x7, 0x1, 0x3}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, r0, 0x0, 0x0, 0x5}}}}}}}, 0x0)

292.349748ms ago: executing program 7 (id=2841):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0xfff2, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x44, 0x2, [@TCA_FLOWER_KEY_MPLS_TTL={0x5, 0x43, 0x1}, @TCA_FLOWER_KEY_VLAN_PRIO={0x5, 0x18, 0x3}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xffffffff, 0xff000000, 0xffffff00, 0xff]}, @TCA_FLOWER_KEY_ETH_DST={0xa}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0x40}]}}]}, 0x74}}, 0x4841)
sendmsg$can_bcm(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f00000000c0)={0x6, 0x10, 0x2, {0x0, 0xea60}, {0x77359400}, {0x0, 0x0, 0x1}, 0x1, @canfd={{0x3, 0x0, 0x0, 0x1}, 0xe, 0x2, 0x0, 0x0, "002fcda4e796bf3847414f1aad7080c74ad4e6a08ce2a466af4d1acbe0517ec18a6bfbcb9176f4cb32cff493fd29346537848bb314af462cd0c8c05468cd5228"}}, 0x80}, 0x1, 0x0, 0x0, 0x48000}, 0x4044)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="677406f0af7dc6b952b36426d2257c29b87c5998613243e24d7a9cc750acfdf5e514e00e59f5f4226a5d", @ANYRES32=0x0, @ANYRES16=r1, @ANYRES32, @ANYBLOB="08001b0000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

209.909667ms ago: executing program 1 (id=2842):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)

209.418965ms ago: executing program 6 (id=2843):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000140)={<r4=>r1, 0xe65, 0xffff, 0x2})
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r0, &(0x7f00000001c0)={0xc})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000003c0)={'wg2\x00', <r5=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x4, &(0x7f0000000200)=@raw=[@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, @alu={0x7, 0x0, 0x3, 0xb, 0x5, 0xfffffffffffffff0, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x8}], &(0x7f0000000240)='syzkaller\x00', 0x9ae2, 0xb1, &(0x7f0000000300)=""/177, 0x41000, 0x26, '\x00', r5, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x0, 0x4, 0x1, 0x80}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000480)=[{0x0, 0x1, 0x8, 0xa6077a0f0dbd0e0c}, {0x0, 0x4, 0x3}, {0x1, 0x5, 0xd, 0xa}, {0x0, 0x3, 0x3, 0x5}], 0x10, 0x1}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000009fb055210000100000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000880)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r9}, &(0x7f00000003c0), &(0x7f0000000080)=r6}, 0x20)
sendmsg$inet(r7, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x44804)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}], {0x14}}, 0xb4}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000300000000000086dd63269fe000283a1721010000000000000000000000000001fe"], 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
r13 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r14, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x400}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)

157.947461ms ago: executing program 7 (id=2844):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYRESDEC], 0xb8}, 0x1, 0x0, 0x0, 0xc810}, 0x4004) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x3, {{@in=@dev={0xac, 0x14, 0x14, 0x1c}, @in6=@remote, 0x0, 0xfffd, 0x0, 0x0, 0xa}, {0xfffffffffffffff8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8000000000}, 0x2000002, 0x0, 0x0, 0x1, 0x4}}, 0xb8}}, 0x4040000) (async, rerun: 32)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000200)={'vcan0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_DST_IF={0x8, 0xa, r5}, @CGW_SRC_IF={0x8, 0x9, r5}]}, 0x24}}, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r6)

80.345383ms ago: executing program 1 (id=2845):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c *:', @ANYRESOCT=r1], 0xa)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f00000001c0)={'syztnl2\x00', <r3=>0x0, 0x2f, 0x0, 0xb, 0xfffffffc, 0x11, @local, @empty, 0x7800, 0x20, 0x2, 0x2}})
bind$alg(0xffffffffffffffff, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000004c0)="ad56b6c5911f0600002300000000000000", 0x11)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x5, 0x10}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0x40}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)

0s ago: executing program 7 (id=2846):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r0, 0x0, 0xf69}, 0x18) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r1, 0x0, 0xf69}, 0x18) (async, rerun: 32)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

kernel console output (not intermixed with test programs):

? __pfx__printk+0x10/0x10
[  246.114200][T11285]  should_fail_ex+0x414/0x560
[  246.114241][T11285]  _copy_to_user+0x31/0xb0
[  246.114275][T11285]  simple_read_from_buffer+0xe1/0x170
[  246.114314][T11285]  proc_fail_nth_read+0x1b3/0x220
[  246.114343][T11285]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.114373][T11285]  ? rw_verify_area+0x258/0x650
[  246.114408][T11285]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.114447][T11285]  vfs_read+0x1fd/0x980
[  246.114475][T11285]  ? fdget_pos+0x247/0x320
[  246.114500][T11285]  ? __pfx___mutex_lock+0x10/0x10
[  246.114532][T11285]  ? __pfx_vfs_read+0x10/0x10
[  246.114563][T11285]  ? __fget_files+0x2a/0x420
[  246.114587][T11285]  ? __fget_files+0x3a0/0x420
[  246.114605][T11285]  ? __fget_files+0x2a/0x420
[  246.114633][T11285]  ksys_read+0x145/0x250
[  246.114666][T11285]  ? __pfx_ksys_read+0x10/0x10
[  246.114692][T11285]  ? rcu_is_watching+0x15/0xb0
[  246.114731][T11285]  ? do_syscall_64+0xbe/0x3b0
[  246.114766][T11285]  do_syscall_64+0xfa/0x3b0
[  246.114795][T11285]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.114824][T11285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.114844][T11285]  ? clear_bhb_loop+0x60/0xb0
[  246.114870][T11285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.114889][T11285] RIP: 0033:0x7f0b36b8d57c
[  246.114909][T11285] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  246.114926][T11285] RSP: 002b:00007f0b379e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  246.114949][T11285] RAX: ffffffffffffffda RBX: 00007f0b36db5fa0 RCX: 00007f0b36b8d57c
[  246.114971][T11285] RDX: 000000000000000f RSI: 00007f0b379e70a0 RDI: 0000000000000003
[  246.114984][T11285] RBP: 00007f0b379e7090 R08: 0000000000000000 R09: 0000000000000000
[  246.114997][T11285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.115009][T11285] R13: 0000000000000000 R14: 00007f0b36db5fa0 R15: 00007ffdc86e9b68
[  246.115042][T11285]  </TASK>
[  246.629322][T11275] chnl_net:caif_netlink_parms(): no params data found
[  246.653203][T11299] __nla_validate_parse: 25 callbacks suppressed
[  246.653227][T11299] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1565'.
[  246.944257][T11275] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.960264][T11275] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.971555][T11275] bridge_slave_0: entered allmulticast mode
[  246.986817][T11275] bridge_slave_0: entered promiscuous mode
[  247.008420][T11275] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.029517][T11275] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.039703][T11313] FAULT_INJECTION: forcing a failure.
[  247.039703][T11313] name failslab, interval 1, probability 0, space 0, times 0
[  247.053859][T11275] bridge_slave_1: entered allmulticast mode
[  247.060912][T11313] CPU: 0 UID: 0 PID: 11313 Comm: syz.1.1570 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  247.060946][T11313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  247.060960][T11313] Call Trace:
[  247.060968][T11313]  <TASK>
[  247.060977][T11313]  dump_stack_lvl+0x189/0x250
[  247.061006][T11313]  ? __pfx____ratelimit+0x10/0x10
[  247.061038][T11313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.061061][T11313]  ? __pfx__printk+0x10/0x10
[  247.061099][T11313]  ? __pfx___might_resched+0x10/0x10
[  247.061133][T11313]  ? fs_reclaim_acquire+0x7d/0x100
[  247.061162][T11313]  should_fail_ex+0x414/0x560
[  247.061204][T11313]  should_failslab+0xa8/0x100
[  247.061226][T11313]  __kmalloc_noprof+0xcb/0x4f0
[  247.061257][T11313]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  247.061290][T11313]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  247.061325][T11313]  genl_family_rcv_msg_doit+0xb8/0x300
[  247.061359][T11313]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  247.061388][T11313]  ? rcu_is_watching+0x15/0xb0
[  247.061426][T11313]  ? apparmor_capable+0x137/0x1b0
[  247.061451][T11313]  ? bpf_lsm_capable+0x9/0x20
[  247.061481][T11313]  ? security_capable+0x7e/0x2e0
[  247.061517][T11313]  genl_rcv_msg+0x60e/0x790
[  247.061550][T11313]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.061573][T11313]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  247.061595][T11313]  ? __pfx_nl80211_connect+0x10/0x10
[  247.061627][T11313]  ? __pfx_nl80211_post_doit+0x10/0x10
[  247.061653][T11313]  ? __asan_memcpy+0x40/0x70
[  247.061680][T11313]  ? __pfx_ref_tracker_free+0x10/0x10
[  247.061711][T11313]  netlink_rcv_skb+0x208/0x470
[  247.061741][T11313]  ? __lock_acquire+0xab9/0xd20
[  247.061771][T11313]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.061798][T11313]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  247.061853][T11313]  ? down_read+0x1ad/0x2e0
[  247.061877][T11313]  genl_rcv+0x28/0x40
[  247.061899][T11313]  netlink_unicast+0x82c/0x9e0
[  247.061938][T11313]  ? __pfx_netlink_unicast+0x10/0x10
[  247.061969][T11313]  ? netlink_sendmsg+0x642/0xb30
[  247.061999][T11313]  ? skb_put+0x11b/0x210
[  247.062024][T11313]  netlink_sendmsg+0x805/0xb30
[  247.062068][T11313]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.062112][T11313]  ? aa_sock_msg_perm+0x94/0x160
[  247.062143][T11313]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  247.062166][T11313]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.062197][T11313]  __sock_sendmsg+0x21c/0x270
[  247.062225][T11313]  ____sys_sendmsg+0x505/0x830
[  247.062251][T11313]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.062279][T11313]  ? import_iovec+0x74/0xa0
[  247.062312][T11313]  ___sys_sendmsg+0x21f/0x2a0
[  247.062338][T11313]  ? __pfx____sys_sendmsg+0x10/0x10
[  247.062402][T11313]  ? __fget_files+0x2a/0x420
[  247.062422][T11313]  ? __fget_files+0x3a0/0x420
[  247.062456][T11313]  __x64_sys_sendmsg+0x19b/0x260
[  247.062482][T11313]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  247.062518][T11313]  ? __pfx_ksys_write+0x10/0x10
[  247.062546][T11313]  ? rcu_is_watching+0x15/0xb0
[  247.062584][T11313]  ? do_syscall_64+0xbe/0x3b0
[  247.062620][T11313]  do_syscall_64+0xfa/0x3b0
[  247.062650][T11313]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.062679][T11313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.062700][T11313]  ? clear_bhb_loop+0x60/0xb0
[  247.062727][T11313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.062748][T11313] RIP: 0033:0x7f5a6c58eb69
[  247.062767][T11313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.062786][T11313] RSP: 002b:00007f5a6d4ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.062811][T11313] RAX: ffffffffffffffda RBX: 00007f5a6c7b5fa0 RCX: 00007f5a6c58eb69
[  247.062826][T11313] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  247.062840][T11313] RBP: 00007f5a6d4ca090 R08: 0000000000000000 R09: 0000000000000000
[  247.062852][T11313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.062864][T11313] R13: 0000000000000000 R14: 00007f5a6c7b5fa0 R15: 00007ffd8a4b14f8
[  247.062880][T11275] bridge_slave_1: entered promiscuous mode
[  247.062897][T11313]  </TASK>
[  247.516275][   T10] IPVS: starting estimator thread 0...
[  247.586987][T11311] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1569'.
[  247.605409][T11320] IPVS: using max 26 ests per chain, 62400 per kthread
[  247.616355][T11311] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1569'.
[  247.646882][ T5847] Bluetooth: hci6: command tx timeout
[  247.696737][T11315] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  247.776895][T11332] netlink: 'syz.1.1575': attribute type 32 has an invalid length.
[  247.777976][T11275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.837083][T11332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1575'.
[  247.861327][T11332] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52)
[  247.890933][T11275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.903674][T11338] FAULT_INJECTION: forcing a failure.
[  247.903674][T11338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.926483][T11338] CPU: 1 UID: 0 PID: 11338 Comm: syz.2.1577 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  247.926516][T11338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  247.926530][T11338] Call Trace:
[  247.926538][T11338]  <TASK>
[  247.926547][T11338]  dump_stack_lvl+0x189/0x250
[  247.926576][T11338]  ? __pfx____ratelimit+0x10/0x10
[  247.926606][T11338]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.926629][T11338]  ? __pfx__printk+0x10/0x10
[  247.926656][T11338]  ? __might_fault+0xb0/0x130
[  247.926701][T11338]  should_fail_ex+0x414/0x560
[  247.926742][T11338]  _copy_from_user+0x2d/0xb0
[  247.926774][T11338]  __sys_sendto+0x25c/0x520
[  247.926810][T11338]  ? __pfx___sys_sendto+0x10/0x10
[  247.926841][T11338]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  247.926888][T11338]  ? __fget_files+0x3a0/0x420
[  247.926921][T11338]  ? ksys_write+0x22a/0x250
[  247.926955][T11338]  ? __pfx_ksys_write+0x10/0x10
[  247.926983][T11338]  ? rcu_is_watching+0x15/0xb0
[  247.927023][T11338]  __x64_sys_sendto+0xde/0x100
[  247.927062][T11338]  do_syscall_64+0xfa/0x3b0
[  247.927101][T11338]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.927132][T11338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.927154][T11338]  ? clear_bhb_loop+0x60/0xb0
[  247.927180][T11338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.927201][T11338] RIP: 0033:0x7f0b36b8eb69
[  247.927220][T11338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.927239][T11338] RSP: 002b:00007f0b379e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  247.927264][T11338] RAX: ffffffffffffffda RBX: 00007f0b36db5fa0 RCX: 00007f0b36b8eb69
[  247.927280][T11338] RDX: 000000000000e90c RSI: 00002000000000c0 RDI: 0000000000000003
[  247.927294][T11338] RBP: 00007f0b379e7090 R08: 0000200000000540 R09: 0000000000000014
[  247.927309][T11338] R10: 0000000000000b00 R11: 0000000000000246 R12: 0000000000000001
[  247.927321][T11338] R13: 0000000000000000 R14: 00007f0b36db5fa0 R15: 00007ffdc86e9b68
[  247.927354][T11338]  </TASK>
[  248.183139][T11275] team0: Port device team_slave_0 added
[  248.204123][T11275] team0: Port device team_slave_1 added
[  248.251583][T11342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1579'.
[  248.299388][T11275] batman_adv: batadv0: Adding interface: batadv_slave_0
[  248.307472][T11275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.336462][T11275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  248.351765][T11275] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.359639][T11275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.388785][T11275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.511634][T11275] hsr_slave_0: entered promiscuous mode
[  248.522540][T11275] hsr_slave_1: entered promiscuous mode
[  248.556041][T11275] debugfs: 'hsr0' already exists in 'hsr'
[  248.561846][T11275] Cannot create hsr debugfs directory
[  249.091445][T11275] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  249.111749][T11275] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  249.143225][T11275] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  249.171417][T11275] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  249.238142][T11372] FAULT_INJECTION: forcing a failure.
[  249.238142][T11372] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.252387][T11372] CPU: 1 UID: 0 PID: 11372 Comm: syz.2.1587 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  249.252419][T11372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  249.252433][T11372] Call Trace:
[  249.252441][T11372]  <TASK>
[  249.252449][T11372]  dump_stack_lvl+0x189/0x250
[  249.252476][T11372]  ? __pfx____ratelimit+0x10/0x10
[  249.252507][T11372]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.252530][T11372]  ? __pfx__printk+0x10/0x10
[  249.252569][T11372]  should_fail_ex+0x414/0x560
[  249.252609][T11372]  _copy_to_user+0x31/0xb0
[  249.252642][T11372]  simple_read_from_buffer+0xe1/0x170
[  249.252681][T11372]  proc_fail_nth_read+0x1b3/0x220
[  249.252711][T11372]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  249.252740][T11372]  ? rw_verify_area+0x258/0x650
[  249.252780][T11372]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  249.252808][T11372]  vfs_read+0x1fd/0x980
[  249.252837][T11372]  ? fdget_pos+0x247/0x320
[  249.252864][T11372]  ? __pfx___mutex_lock+0x10/0x10
[  249.252898][T11372]  ? __pfx_vfs_read+0x10/0x10
[  249.252930][T11372]  ? __fget_files+0x2a/0x420
[  249.252956][T11372]  ? __fget_files+0x3a0/0x420
[  249.252976][T11372]  ? __fget_files+0x2a/0x420
[  249.253008][T11372]  ksys_read+0x145/0x250
[  249.253041][T11372]  ? __pfx_ksys_read+0x10/0x10
[  249.253069][T11372]  ? rcu_is_watching+0x15/0xb0
[  249.253108][T11372]  ? do_syscall_64+0xbe/0x3b0
[  249.253146][T11372]  do_syscall_64+0xfa/0x3b0
[  249.253176][T11372]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.253207][T11372]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.253228][T11372]  ? clear_bhb_loop+0x60/0xb0
[  249.253255][T11372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.253277][T11372] RIP: 0033:0x7f0b36b8d57c
[  249.253296][T11372] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  249.253315][T11372] RSP: 002b:00007f0b379e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  249.253339][T11372] RAX: ffffffffffffffda RBX: 00007f0b36db5fa0 RCX: 00007f0b36b8d57c
[  249.253355][T11372] RDX: 000000000000000f RSI: 00007f0b379e70a0 RDI: 0000000000000004
[  249.253369][T11372] RBP: 00007f0b379e7090 R08: 0000000000000000 R09: 0000000000000014
[  249.253383][T11372] R10: 0000000000000b00 R11: 0000000000000246 R12: 0000000000000001
[  249.253395][T11372] R13: 0000000000000000 R14: 00007f0b36db5fa0 R15: 00007ffdc86e9b68
[  249.253430][T11372]  </TASK>
[  249.523788][T11275] 8021q: adding VLAN 0 to HW filter on device bond0
[  249.547371][T11275] 8021q: adding VLAN 0 to HW filter on device team0
[  249.571961][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.579275][ T6531] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.638917][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.646143][ T6531] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.727815][ T5847] Bluetooth: hci6: command tx timeout
[  249.749338][T11377] netlink: 'syz.2.1588': attribute type 1 has an invalid length.
[  249.793786][T11376] dvmrp0: entered allmulticast mode
[  249.970072][T11380] batadv2: entered allmulticast mode
[  249.997697][T11384] netlink: 'syz.2.1591': attribute type 1 has an invalid length.
[  250.008591][T11384] netlink: 'syz.2.1591': attribute type 4 has an invalid length.
[  250.042719][T11384] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1591'.
[  250.066767][T11389] netlink: 212296 bytes leftover after parsing attributes in process `syz.0.1590'.
[  250.115712][T11389] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1590'.
[  250.313333][T11275] 8021q: adding VLAN 0 to HW filter on device batadv0
[  250.437729][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1594'.
[  250.457176][T11400] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1594'.
[  250.917179][T11420] syzkaller1: entered promiscuous mode
[  250.922710][T11420] syzkaller1: entered allmulticast mode
[  251.308676][T11275] veth0_vlan: entered promiscuous mode
[  251.321042][T11434] netlink: 'syz.2.1606': attribute type 1 has an invalid length.
[  251.362501][T11275] veth1_vlan: entered promiscuous mode
[  251.487860][T11275] veth0_macvtap: entered promiscuous mode
[  251.521821][T11275] veth1_macvtap: entered promiscuous mode
[  251.738239][T11275] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.754182][T11450] FAULT_INJECTION: forcing a failure.
[  251.754182][T11450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  251.775516][T11450] CPU: 1 UID: 0 PID: 11450 Comm: syz.1.1611 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  251.775552][T11450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  251.775565][T11450] Call Trace:
[  251.775574][T11450]  <TASK>
[  251.775583][T11450]  dump_stack_lvl+0x189/0x250
[  251.775620][T11450]  ? __pfx____ratelimit+0x10/0x10
[  251.775652][T11450]  ? __pfx_dump_stack_lvl+0x10/0x10
[  251.775675][T11450]  ? __pfx__printk+0x10/0x10
[  251.775716][T11450]  should_fail_ex+0x414/0x560
[  251.775757][T11450]  _copy_to_user+0x31/0xb0
[  251.775790][T11450]  simple_read_from_buffer+0xe1/0x170
[  251.775829][T11450]  proc_fail_nth_read+0x1b3/0x220
[  251.775860][T11450]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  251.775889][T11450]  ? rw_verify_area+0x258/0x650
[  251.775919][T11450]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  251.775946][T11450]  vfs_read+0x1fd/0x980
[  251.775976][T11450]  ? fdget_pos+0x247/0x320
[  251.776002][T11450]  ? __pfx___mutex_lock+0x10/0x10
[  251.776034][T11450]  ? __pfx_vfs_read+0x10/0x10
[  251.776067][T11450]  ? __fget_files+0x2a/0x420
[  251.776093][T11450]  ? __fget_files+0x3a0/0x420
[  251.776112][T11450]  ? __fget_files+0x2a/0x420
[  251.776143][T11450]  ksys_read+0x145/0x250
[  251.776176][T11450]  ? __pfx_ksys_read+0x10/0x10
[  251.776208][T11450]  ? rcu_is_watching+0x15/0xb0
[  251.776247][T11450]  ? do_syscall_64+0xbe/0x3b0
[  251.776284][T11450]  do_syscall_64+0xfa/0x3b0
[  251.776314][T11450]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.776344][T11450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.776365][T11450]  ? clear_bhb_loop+0x60/0xb0
[  251.776392][T11450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.776412][T11450] RIP: 0033:0x7f5a6c58d57c
[  251.776432][T11450] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  251.776452][T11450] RSP: 002b:00007f5a6d4ca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  251.776475][T11450] RAX: ffffffffffffffda RBX: 00007f5a6c7b5fa0 RCX: 00007f5a6c58d57c
[  251.776492][T11450] RDX: 000000000000000f RSI: 00007f5a6d4ca0a0 RDI: 0000000000000004
[  251.776505][T11450] RBP: 00007f5a6d4ca090 R08: 0000000000000000 R09: 0000000000000000
[  251.776518][T11450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  251.776531][T11450] R13: 0000000000000000 R14: 00007f5a6c7b5fa0 R15: 00007ffd8a4b14f8
[  251.776565][T11450]  </TASK>
[  252.062666][ T5847] Bluetooth: hci6: command tx timeout
[  252.090403][T11275] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.104639][ T6538] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  252.148278][ T6527] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  252.157801][ T6527] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.167810][ T6527] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  252.420086][T11460] syzkaller1: entered promiscuous mode
[  252.426619][T11460] syzkaller1: entered allmulticast mode
[  252.439106][T11464] bond0: entered allmulticast mode
[  252.442649][ T6531] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.455342][ T6531] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.463915][T11464] bond_slave_0: entered allmulticast mode
[  252.480373][T11464] bond_slave_1: entered allmulticast mode
[  252.487256][T11464] bridge0: entered allmulticast mode
[  252.493441][T11464] dummy0: entered allmulticast mode
[  252.711323][ T6530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.737475][ T6530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.010415][T11484] netlink: 'syz.6.1550': attribute type 11 has an invalid length.
[  253.042380][T11484] __nla_validate_parse: 3 callbacks suppressed
[  253.042402][T11484] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1550'.
[  253.070687][T11487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1624'.
[  253.072692][T11483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  253.437832][T11505] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  253.448450][T11504] syzkaller1: entered promiscuous mode
[  253.453965][T11504] syzkaller1: entered allmulticast mode
[  254.126461][ T5847] Bluetooth: hci6: command tx timeout
[  254.217548][T11549] netlink: 'syz.0.1645': attribute type 13 has an invalid length.
[  254.337143][T11549] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.344671][T11549] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.430252][T11549] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  254.501389][ T5943] IPVS: starting estimator thread 0...
[  254.598292][T11567] IPVS: using max 25 ests per chain, 60000 per kthread
[  254.631325][T11556] syzkaller1: entered promiscuous mode
[  254.652476][T11556] syzkaller1: entered allmulticast mode
[  254.906961][T11573] syzkaller0: entered promiscuous mode
[  254.912562][T11573] syzkaller0: entered allmulticast mode
[  255.721052][ T5845] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  255.751483][ T5845] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  255.770128][ T5845] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  255.779600][ T5845] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  255.799232][ T5845] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  255.810510][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.825698][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  255.835283][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL
[  257.239712][T11615] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1665'.
[  257.261212][T11616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1663'.
[  257.271907][T11616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1663'.
[  257.288254][T11613] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1664'.
[  257.463199][T11624] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1668'.
[  257.472996][T11624] netlink: 'syz.6.1668': attribute type 26 has an invalid length.
[  257.482965][T11624] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1668'.
[  257.495983][T11624] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1668'.
[  257.506604][T11624] netlink: 'syz.6.1668': attribute type 26 has an invalid length.
[  257.516412][T11624] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1668'.
[  257.822507][T11643] netlink: 'syz.0.1672': attribute type 3 has an invalid length.
[  257.885373][ T5847] Bluetooth: hci7: command tx timeout
[  257.946724][T11594] chnl_net:caif_netlink_parms(): no params data found
[  258.131904][T11656] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  258.138458][T11656] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  258.283047][T11594] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.293810][T11594] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.304752][T11594] bridge_slave_0: entered allmulticast mode
[  258.322060][T11594] bridge_slave_0: entered promiscuous mode
[  258.331848][T11667] IPVS: length: 8 != 1152
[  258.336432][T11594] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.336546][T11594] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.336727][T11594] bridge_slave_1: entered allmulticast mode
[  258.339196][T11594] bridge_slave_1: entered promiscuous mode
[  258.429943][T11672] __nla_validate_parse: 2 callbacks suppressed
[  258.429966][T11672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1680'.
[  258.626138][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1681'.
[  258.643543][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1681'.
[  258.653696][T11677] netlink: 'syz.1.1681': attribute type 5 has an invalid length.
[  258.666910][T11594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.693878][T11594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  258.801644][T11682] openvswitch: netlink: Unknown key attributes 2
[  258.846137][T11684] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1685'.
[  259.028424][T11594] team0: Port device team_slave_0 added
[  259.115070][T11594] team0: Port device team_slave_1 added
[  259.178303][T11698] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1689'.
[  259.187621][T11698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1689'.
[  259.251538][T11702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1690'.
[  259.285300][T11698] veth5: entered allmulticast mode
[  259.306230][T11594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  259.320909][T11594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.350315][T11594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  259.386327][T11703] hsr0 speed is unknown, defaulting to 1000
[  259.386765][T11594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  259.431628][T11594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.459144][T11594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  259.471635][T11703] hsr0 speed is unknown, defaulting to 1000
[  259.490279][T11709] syzkaller1: entered promiscuous mode
[  259.513078][T11709] syzkaller1: entered allmulticast mode
[  259.542563][T11703] hsr0 speed is unknown, defaulting to 1000
[  259.568145][T11709] FAULT_INJECTION: forcing a failure.
[  259.568145][T11709] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.592279][T11703] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  259.609885][T11709] CPU: 1 UID: 0 PID: 11709 Comm: syz.2.1692 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  259.609919][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  259.609933][T11709] Call Trace:
[  259.609941][T11709]  <TASK>
[  259.609950][T11709]  dump_stack_lvl+0x189/0x250
[  259.609977][T11709]  ? __pfx____ratelimit+0x10/0x10
[  259.610009][T11709]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.610032][T11709]  ? __pfx__printk+0x10/0x10
[  259.610061][T11709]  ? __might_fault+0xb0/0x130
[  259.610115][T11709]  should_fail_ex+0x414/0x560
[  259.610157][T11709]  _copy_from_iter+0x1db/0x16f0
[  259.610188][T11709]  ? __lock_acquire+0xab9/0xd20
[  259.610227][T11709]  ? __pfx__copy_from_iter+0x10/0x10
[  259.610273][T11709]  tun_get_user+0x219/0x3e20
[  259.610323][T11709]  ? __pfx_tun_get_user+0x10/0x10
[  259.610351][T11709]  ? aa_file_perm+0x40c/0xe70
[  259.610386][T11709]  ? aa_file_perm+0x122/0xe70
[  259.610425][T11709]  ? ref_tracker_alloc+0x318/0x460
[  259.610445][T11709]  ? __lock_acquire+0xab9/0xd20
[  259.610477][T11709]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  259.610507][T11709]  ? tun_get+0x1c/0x2f0
[  259.610536][T11709]  ? tun_get+0x1c/0x2f0
[  259.610559][T11709]  ? tun_get+0x1c/0x2f0
[  259.610587][T11709]  tun_chr_write_iter+0x113/0x200
[  259.610615][T11709]  vfs_write+0x54b/0xa90
[  259.610651][T11709]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  259.610676][T11709]  ? __pfx_vfs_write+0x10/0x10
[  259.610719][T11709]  ? __fget_files+0x2a/0x420
[  259.610751][T11709]  ksys_write+0x145/0x250
[  259.610785][T11709]  ? __pfx_ksys_write+0x10/0x10
[  259.610814][T11709]  ? rcu_is_watching+0x15/0xb0
[  259.610859][T11709]  ? do_syscall_64+0xbe/0x3b0
[  259.610896][T11709]  do_syscall_64+0xfa/0x3b0
[  259.610927][T11709]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.610957][T11709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.610979][T11709]  ? clear_bhb_loop+0x60/0xb0
[  259.611006][T11709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.611027][T11709] RIP: 0033:0x7f0b36b8eb69
[  259.611046][T11709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.611065][T11709] RSP: 002b:00007f0b379e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  259.611091][T11709] RAX: ffffffffffffffda RBX: 00007f0b36db5fa0 RCX: 00007f0b36b8eb69
[  259.611113][T11709] RDX: 00000000000000ca RSI: 0000200000000080 RDI: 0000000000000003
[  259.611127][T11709] RBP: 00007f0b379e7090 R08: 0000000000000000 R09: 0000000000000000
[  259.611141][T11709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.611155][T11709] R13: 0000000000000000 R14: 00007f0b36db5fa0 R15: 00007ffdc86e9b68
[  259.611187][T11709]  </TASK>
[  259.927980][T11703] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  259.964533][ T5847] Bluetooth: hci7: command tx timeout
[  260.047239][T11713] syzkaller1: entered promiscuous mode
[  260.052785][T11713] syzkaller1: entered allmulticast mode
[  260.068570][T11594] hsr_slave_0: entered promiscuous mode
[  260.075898][T11594] hsr_slave_1: entered promiscuous mode
[  260.082436][T11594] debugfs: 'hsr0' already exists in 'hsr'
[  260.099077][T11594] Cannot create hsr debugfs directory
[  260.107423][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.183268][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.196438][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1695'.
[  260.323315][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.380684][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.401713][T11724] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1697'.
[  260.405004][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.470441][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.570271][T11731] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  260.579270][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.648982][T11703] hsr0 speed is unknown, defaulting to 1000
[  260.885553][T11742] syzkaller1: entered promiscuous mode
[  260.893124][T11742] syzkaller1: entered allmulticast mode
[  260.901154][T11745] syzkaller1: entered promiscuous mode
[  260.910455][T11745] syzkaller1: entered allmulticast mode
[  260.916975][T11742] FAULT_INJECTION: forcing a failure.
[  260.916975][T11742] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.959226][T11742] CPU: 0 UID: 0 PID: 11742 Comm: syz.0.1705 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  260.959260][T11742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  260.959281][T11742] Call Trace:
[  260.959289][T11742]  <TASK>
[  260.959299][T11742]  dump_stack_lvl+0x189/0x250
[  260.959326][T11742]  ? __pfx____ratelimit+0x10/0x10
[  260.959362][T11742]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.959384][T11742]  ? __pfx__printk+0x10/0x10
[  260.959412][T11742]  ? __might_fault+0xb0/0x130
[  260.959457][T11742]  should_fail_ex+0x414/0x560
[  260.959497][T11742]  _copy_from_iter+0x1db/0x16f0
[  260.959528][T11742]  ? __lock_acquire+0xab9/0xd20
[  260.959565][T11742]  ? __pfx__copy_from_iter+0x10/0x10
[  260.959611][T11742]  tun_get_user+0x488/0x3e20
[  260.959661][T11742]  ? __pfx_tun_get_user+0x10/0x10
[  260.959689][T11742]  ? aa_file_perm+0x40c/0xe70
[  260.959722][T11742]  ? aa_file_perm+0x122/0xe70
[  260.959761][T11742]  ? ref_tracker_alloc+0x318/0x460
[  260.959781][T11742]  ? __lock_acquire+0xab9/0xd20
[  260.959812][T11742]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  260.959841][T11742]  ? tun_get+0x1c/0x2f0
[  260.959871][T11742]  ? tun_get+0x1c/0x2f0
[  260.959892][T11742]  ? tun_get+0x1c/0x2f0
[  260.959921][T11742]  tun_chr_write_iter+0x113/0x200
[  260.959947][T11742]  vfs_write+0x54b/0xa90
[  260.959984][T11742]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  260.960008][T11742]  ? __pfx_vfs_write+0x10/0x10
[  260.960052][T11742]  ? __fget_files+0x2a/0x420
[  260.960083][T11742]  ksys_write+0x145/0x250
[  260.960116][T11742]  ? __pfx_ksys_write+0x10/0x10
[  260.960144][T11742]  ? rcu_is_watching+0x15/0xb0
[  260.960184][T11742]  ? do_syscall_64+0xbe/0x3b0
[  260.960220][T11742]  do_syscall_64+0xfa/0x3b0
[  260.960250][T11742]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.960286][T11742]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.960307][T11742]  ? clear_bhb_loop+0x60/0xb0
[  260.960334][T11742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.960354][T11742] RIP: 0033:0x7fe6b7f8eb69
[  260.960373][T11742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.960392][T11742] RSP: 002b:00007fe6b8ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  260.960417][T11742] RAX: ffffffffffffffda RBX: 00007fe6b81b5fa0 RCX: 00007fe6b7f8eb69
[  260.960434][T11742] RDX: 00000000000000ca RSI: 0000200000000080 RDI: 0000000000000003
[  260.960447][T11742] RBP: 00007fe6b8ead090 R08: 0000000000000000 R09: 0000000000000000
[  260.960460][T11742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.960472][T11742] R13: 0000000000000000 R14: 00007fe6b81b5fa0 R15: 00007ffde0feb088
[  260.960504][T11742]  </TASK>
[  261.312939][T11594] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  261.342623][T11594] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  261.380862][T11594] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  261.410299][T11594] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  261.479545][T11753] syzkaller1: entered promiscuous mode
[  261.491172][T11753] syzkaller1: entered allmulticast mode
[  261.508238][T11757] tipc: New replicast peer: 255.255.255.255
[  261.521793][T11757] tipc: Enabled bearer <udp:syz2>, priority 10
[  261.930612][T11594] 8021q: adding VLAN 0 to HW filter on device bond0
[  262.016748][T11594] 8021q: adding VLAN 0 to HW filter on device team0
[  262.039902][ T6538] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.047368][ T6538] bridge0: port 1(bridge_slave_0) entered forwarding state
[  262.060248][ T5847] Bluetooth: hci7: command tx timeout
[  262.139737][T11784] syzkaller1: entered promiscuous mode
[  262.146160][T11784] syzkaller1: entered allmulticast mode
[  262.184148][ T6538] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.191420][ T6538] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.520859][T11797] IPVS: length: 221 != 8
[  262.540055][T11797] netlink: 'syz.6.1721': attribute type 2 has an invalid length.
[  262.549204][T11797] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1721'.
[  262.634997][ T5925] tipc: Node number set to 3378958571
[  262.906304][T11807] syzkaller1: entered promiscuous mode
[  262.935891][T11807] syzkaller1: entered allmulticast mode
[  263.115592][T11811] bridge: RTM_NEWNEIGH with invalid state 0x1
[  263.315015][T11815] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  263.367526][T11594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  264.063052][T11834] __nla_validate_parse: 3 callbacks suppressed
[  264.063081][T11834] netlink: 260 bytes leftover after parsing attributes in process `syz.6.1731'.
[  264.126514][ T5847] Bluetooth: hci7: command tx timeout
[  264.535970][T11594] veth0_vlan: entered promiscuous mode
[  264.590801][T11846] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1736'.
[  264.628041][T11594] veth1_vlan: entered promiscuous mode
[  264.668240][T11842] syzkaller1: entered promiscuous mode
[  264.673919][T11842] syzkaller1: entered allmulticast mode
[  265.074098][T11846] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.096765][T11846] bond_slave_0: left allmulticast mode
[  265.114320][T11846] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.136307][T11846] bond_slave_1: left allmulticast mode
[  265.161067][T11846] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  265.172013][T11846] bridge0: left allmulticast mode
[  265.193125][T11846] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.213568][T11862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1740'.
[  265.237964][T11846] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  265.257839][T11846] dummy0: left allmulticast mode
[  265.272439][T11846] bond0 (unregistering): Released all slaves
[  265.311877][T11860] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1740'.
[  265.361525][T11865] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  265.512849][T11594] veth0_macvtap: entered promiscuous mode
[  265.570010][T11594] veth1_macvtap: entered promiscuous mode
[  265.634174][T11594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  265.687421][T11594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  265.716379][ T6531] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  265.759731][ T6531] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  265.827950][T11876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1746'.
[  266.169318][T11891] netlink: 'syz.2.1751': attribute type 11 has an invalid length.
[  266.181789][T11891] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1751'.
[  266.202377][T11890] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.238723][T11876] vlan0 (unregistering): left allmulticast mode
[  266.249148][T11876] veth0_vlan (unregistering): left allmulticast mode
[  266.260108][T11876] vlan0 (unregistering): left promiscuous mode
[  266.535805][ T6531] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.547460][ T6531] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.567937][T11883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1746'.
[  266.581073][T11883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1746'.
[  266.607934][T11896] syzkaller1: entered promiscuous mode
[  266.644579][T11896] syzkaller1: entered allmulticast mode
[  267.057011][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.081008][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.139093][T11904] syzkaller1: entered promiscuous mode
[  267.165861][T11904] syzkaller1: entered allmulticast mode
[  267.291517][T11926] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1759'.
[  267.331211][T11928] netlink: 'syz.6.1761': attribute type 11 has an invalid length.
[  267.357192][T11928] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1761'.
[  267.369204][ T6527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.402447][T11924] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  267.413043][ T6527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.552688][T11932] netlink: 'syz.1.1763': attribute type 1 has an invalid length.
[  267.835854][T11941] syzkaller1: entered promiscuous mode
[  267.841475][T11941] syzkaller1: entered allmulticast mode
[  267.978446][T11950] netlink: 'syz.6.1769': attribute type 1 has an invalid length.
[  268.083184][T11950] 8021q: adding VLAN 0 to HW filter on device bond1
[  268.307767][T11956] tap0: tun_chr_ioctl cmd 2148553947
[  268.572951][T11969] netlink: 'syz.6.1773': attribute type 11 has an invalid length.
[  268.625319][T11968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.176037][T11993] syzkaller1: entered promiscuous mode
[  269.182322][T11993] syzkaller1: entered allmulticast mode
[  269.379467][T12011] netlink: 'syz.6.1788': attribute type 11 has an invalid length.
[  269.388294][T12011] __nla_validate_parse: 2 callbacks suppressed
[  269.388314][T12011] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1788'.
[  269.439888][T12009] syzkaller1: entered promiscuous mode
[  269.455671][T12009] syzkaller1: entered allmulticast mode
[  269.477041][T12010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.685998][T12017] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  269.689765][T12021] veth0: entered promiscuous mode
[  269.724789][T12017] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  269.817302][T12028] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1790'.
[  270.177005][T12040] netlink: 'syz.2.1797': attribute type 3 has an invalid length.
[  270.210405][T12040] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1797'.
[  270.374946][T12049] netlink: 'syz.6.1799': attribute type 11 has an invalid length.
[  270.382840][T12049] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1799'.
[  270.421597][T12050] syzkaller1: entered promiscuous mode
[  270.453201][T12050] syzkaller1: entered allmulticast mode
[  270.463728][T12047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  271.201603][T12091] erspan0: vlans aren't supported yet for dev_uc|mc_add()
[  271.312875][T12096] netlink: 'syz.7.1817': attribute type 11 has an invalid length.
[  271.322557][T12096] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.1817'.
[  271.334041][T12095] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  271.347793][T12091] bond2: entered promiscuous mode
[  271.352973][T12091] bond2: entered allmulticast mode
[  271.359789][T12091] 8021q: adding VLAN 0 to HW filter on device bond2
[  271.403297][T12098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1818'.
[  272.006828][T12091] bond2 (unregistering): Released all slaves
[  272.120845][T12104] syzkaller1: entered promiscuous mode
[  272.130726][T12104] syzkaller1: entered allmulticast mode
[  272.473241][T12128] netlink: 'syz.2.1827': attribute type 2 has an invalid length.
[  272.550921][T12131] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci7/hci7:200/input5
[  272.884306][T12145] netlink: 'syz.2.1830': attribute type 11 has an invalid length.
[  272.933410][T12145] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1830'.
[  272.956202][T12144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  273.112189][T12152] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1832'.
[  273.236361][T12152] bridge_slave_1: left allmulticast mode
[  273.242172][T12152] bridge_slave_1: left promiscuous mode
[  273.252646][T12152] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.257423][ T5845] Bluetooth: hci4: command 0x0405 tx timeout
[  273.326871][T12152] bridge_slave_0: left allmulticast mode
[  273.363321][T12152] bridge_slave_0: left promiscuous mode
[  273.393571][T12152] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.765173][T12175] syzkaller1: entered promiscuous mode
[  273.794096][T12175] syzkaller1: entered allmulticast mode
[  274.255793][T12197] netlink: 'syz.7.1845': attribute type 11 has an invalid length.
[  274.270475][T12197] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.1845'.
[  274.314116][T12195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.322623][T12202] netlink: 'syz.0.1847': attribute type 2 has an invalid length.
[  274.337324][T12202] netlink: 'syz.0.1847': attribute type 8 has an invalid length.
[  274.404459][T12202] netlink: 1148 bytes leftover after parsing attributes in process `syz.0.1847'.
[  274.465745][T12211] netlink: 'syz.6.1848': attribute type 23 has an invalid length.
[  274.999553][T12225] syzkaller1: entered promiscuous mode
[  275.022967][T12225] syzkaller1: entered allmulticast mode
[  275.251024][T12235] erspan0: entered allmulticast mode
[  275.413809][T12243] netlink: 'syz.2.1860': attribute type 11 has an invalid length.
[  275.423722][T12243] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1860'.
[  275.445563][T12242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  275.482532][T12245] (unnamed net_device) (uninitialized): down delay (33554432) is not a multiple of miimon (17024), value rounded to 33554304 ms
[  276.203306][T12272] syzkaller1: entered promiscuous mode
[  276.227072][T12274] netlink: 'syz.7.1872': attribute type 6 has an invalid length.
[  276.238334][T12272] syzkaller1: entered allmulticast mode
[  276.260699][T12276] netlink: 'syz.6.1874': attribute type 11 has an invalid length.
[  276.283445][T12276] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1874'.
[  276.320227][T12275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  276.875496][T12297] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1882'.
[  276.945874][T12305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1884'.
[  277.122880][T12305] 8021q: adding VLAN 0 to HW filter on device bond3
[  277.157150][T12311] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1886'.
[  277.236306][T12313] tipc: Enabled bearer <eth:macvlan1>, priority 10
[  277.259744][T12311] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1886'.
[  277.313513][T12318] netlink: 'syz.2.1888': attribute type 11 has an invalid length.
[  277.327679][T12318] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1888'.
[  277.340304][T12317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.473626][T12321] netlink: 'syz.2.1889': attribute type 1 has an invalid length.
[  277.923814][T12341] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1894'.
[  277.967340][T12343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1893'.
[  279.437964][T12396] __nla_validate_parse: 4 callbacks suppressed
[  279.437985][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1911'.
[  279.692040][T12409] syzkaller1: entered promiscuous mode
[  279.705102][T12409] syzkaller1: entered allmulticast mode
[  280.227183][T12434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1921'.
[  280.282242][T12437] netlink: 'syz.2.1921': attribute type 3 has an invalid length.
[  280.470688][T12440] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1924'.
[  280.537853][T12440] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1924'.
[  280.769311][T12456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1927'.
[  281.282818][T12469] netlink: 'syz.2.1931': attribute type 11 has an invalid length.
[  281.326543][T12455] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  281.350804][T12469] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1931'.
[  281.361029][T12456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1927'.
[  281.382447][T12468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  281.411048][T12456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1927'.
[  281.428129][T12456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1927'.
[  281.467115][T12456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1927'.
[  281.821469][T12495] netlink: 'syz.6.1938': attribute type 12 has an invalid length.
[  282.112725][T12511] netlink: 'syz.6.1944': attribute type 11 has an invalid length.
[  282.123833][T12510] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  282.307358][T12513] only policy match revision 0 supported
[  282.307384][T12513] unable to load match
[  282.738146][T12534] FAULT_INJECTION: forcing a failure.
[  282.738146][T12534] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.850074][T12539] openvswitch: netlink: Key type 85 is out of range max 32
[  282.866423][T12534] CPU: 1 UID: 0 PID: 12534 Comm: syz.1.1952 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  282.866459][T12534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  282.866473][T12534] Call Trace:
[  282.866482][T12534]  <TASK>
[  282.866492][T12534]  dump_stack_lvl+0x189/0x250
[  282.866519][T12534]  ? __pfx____ratelimit+0x10/0x10
[  282.866551][T12534]  ? __pfx_dump_stack_lvl+0x10/0x10
[  282.866573][T12534]  ? __pfx__printk+0x10/0x10
[  282.866614][T12534]  should_fail_ex+0x414/0x560
[  282.866655][T12534]  _copy_to_user+0x31/0xb0
[  282.866688][T12534]  simple_read_from_buffer+0xe1/0x170
[  282.866726][T12534]  proc_fail_nth_read+0x1b3/0x220
[  282.866756][T12534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.866786][T12534]  ? rw_verify_area+0x258/0x650
[  282.866815][T12534]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.866842][T12534]  vfs_read+0x1fd/0x980
[  282.866878][T12534]  ? fdget_pos+0x247/0x320
[  282.866904][T12534]  ? __pfx___mutex_lock+0x10/0x10
[  282.866937][T12534]  ? __pfx_vfs_read+0x10/0x10
[  282.866969][T12534]  ? __fget_files+0x2a/0x420
[  282.866995][T12534]  ? __fget_files+0x3a0/0x420
[  282.867014][T12534]  ? __fget_files+0x2a/0x420
[  282.867045][T12534]  ksys_read+0x145/0x250
[  282.867078][T12534]  ? __pfx_ksys_read+0x10/0x10
[  282.867114][T12534]  ? do_syscall_64+0xbe/0x3b0
[  282.867151][T12534]  do_syscall_64+0xfa/0x3b0
[  282.867181][T12534]  ? lockdep_hardirqs_on+0x9c/0x150
[  282.867210][T12534]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.867231][T12534]  ? clear_bhb_loop+0x60/0xb0
[  282.867258][T12534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.867278][T12534] RIP: 0033:0x7f5a6c58d57c
[  282.867297][T12534] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  282.867317][T12534] RSP: 002b:00007f5a6d4a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  282.867342][T12534] RAX: ffffffffffffffda RBX: 00007f5a6c7b6080 RCX: 00007f5a6c58d57c
[  282.867357][T12534] RDX: 000000000000000f RSI: 00007f5a6d4a90a0 RDI: 0000000000000004
[  282.867371][T12534] RBP: 00007f5a6d4a9090 R08: 0000000000000000 R09: 0000000000000000
[  282.867384][T12534] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  282.867397][T12534] R13: 0000000000000001 R14: 00007f5a6c7b6080 R15: 00007ffd8a4b14f8
[  282.867431][T12534]  </TASK>
[  282.878091][T12537] hsr0 speed is unknown, defaulting to 1000
[  284.457091][T12609] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  285.828581][T12665] netlink: 'syz.6.1990': attribute type 12 has an invalid length.
[  285.837451][T12665] netlink: 'syz.6.1990': attribute type 29 has an invalid length.
[  285.854869][T12665] __nla_validate_parse: 11 callbacks suppressed
[  285.854891][T12665] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1990'.
[  285.945888][T12665] netlink: 'syz.6.1990': attribute type 2 has an invalid length.
[  285.977668][T12665] netlink: 43 bytes leftover after parsing attributes in process `syz.6.1990'.
[  286.143096][T12679] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1995'.
[  286.185633][T12682] netlink: 'syz.0.1996': attribute type 11 has an invalid length.
[  286.198072][T12682] netlink: 'syz.0.1996': attribute type 1 has an invalid length.
[  286.859900][T12719] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2008'.
[  286.899442][T12719] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2008'.
[  286.979545][T12719] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2008'.
[  286.996803][T12719] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2008'.
[  287.101801][T12719] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2008'.
[  287.111994][T12719] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2008'.
[  287.187519][T12719] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2008'.
[  287.797470][T12750] IPVS: Unknown mcast interface: pim6reg0
[  288.399145][T12784] netlink: 'syz.0.2029': attribute type 11 has an invalid length.
[  288.410679][T12783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  288.529125][T12791] vlan0: entered promiscuous mode
[  288.597816][T12791] team0: Port device vlan0 added
[  288.694977][T12798] netlink: 'syz.2.2033': attribute type 1 has an invalid length.
[  288.723861][T12798] netlink: 'syz.2.2033': attribute type 2 has an invalid length.
[  288.883968][T12807] netlink: 'syz.0.2036': attribute type 1 has an invalid length.
[  289.117003][T12815] sctp: [Deprecated]: syz.0.2039 (pid 12815) Use of int in maxseg socket option.
[  289.117003][T12815] Use struct sctp_assoc_value instead
[  289.426973][T12829] vcan0: entered allmulticast mode
[  289.450924][T12829] syzkaller1: entered promiscuous mode
[  289.460697][T12829] syzkaller1: entered allmulticast mode
[  289.923100][T12836] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  289.951509][T12836] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  289.967865][T12836] bond0 (unregistering): Released all slaves
[  289.996782][T12843] netlink: 'syz.7.2049': attribute type 23 has an invalid length.
[  290.330733][T12858] netlink: 'syz.0.2053': attribute type 11 has an invalid length.
[  290.375185][T12856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  290.820473][T12885] netlink: 'syz.2.2059': attribute type 2 has an invalid length.
[  290.883264][T12874] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.891174][T12874] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.203101][T12874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  291.221057][T12874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  291.282855][T12874] vlan0: left promiscuous mode
[  291.462303][T12872] syzkaller1: entered promiscuous mode
[  291.473408][T12872] syzkaller1: entered allmulticast mode
[  291.503972][T12882] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap0
[  291.528489][T12882] gretap0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  291.553440][T12882] gretap0: entered promiscuous mode
[  291.583307][T12882] gretap0: entered allmulticast mode
[  291.600113][ T6538] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  291.617060][ T6538] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  291.699889][ T6538] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  291.728180][ T6538] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  291.817048][T12911] syzkaller0: create flow: hash 3804509226 index 1
[  292.233928][T12920] syzkaller0: delete flow: hash 3804509226 index 1
[  292.253149][T12937] netlink: 'syz.6.2068': attribute type 11 has an invalid length.
[  292.267101][T12937] __nla_validate_parse: 20 callbacks suppressed
[  292.267125][T12937] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2068'.
[  292.289651][T12936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  292.666169][T12946] netlink: zone id is out of range
[  292.671555][T12946] netlink: zone id is out of range
[  292.678541][T12946] netlink: zone id is out of range
[  292.688117][T12946] netlink: zone id is out of range
[  292.693496][T12946] netlink: zone id is out of range
[  292.702062][T12946] netlink: zone id is out of range
[  292.708713][T12946] netlink: zone id is out of range
[  292.720884][T12946] netlink: zone id is out of range
[  292.727424][T12946] netlink: zone id is out of range
[  292.732756][T12946] netlink: zone id is out of range
[  294.634148][T12967] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2076'.
[  294.702724][T12972] vlan2: entered promiscuous mode
[  294.743347][T12972] bridge0: entered promiscuous mode
[  294.795093][T12980] netlink: 'syz.0.2077': attribute type 1 has an invalid length.
[  294.962892][T12988] netlink: 'syz.7.2079': attribute type 11 has an invalid length.
[  294.999369][T12988] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.2079'.
[  295.040816][T12985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  295.454016][T13015] netlink: 212364 bytes leftover after parsing attributes in process `syz.7.2085'.
[  296.067488][T13030] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2088'.
[  296.086007][T13028] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2090'.
[  296.150484][T13028] vlan3: entered allmulticast mode
[  296.177374][T13028] veth1: entered allmulticast mode
[  296.280932][T13040] netlink: 'syz.1.2094': attribute type 36 has an invalid length.
[  296.340927][T13042] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2095'.
[  296.698221][T13059] netlink: 'syz.7.2102': attribute type 1 has an invalid length.
[  296.715911][T13059] netlink: 'syz.7.2102': attribute type 2 has an invalid length.
[  296.989935][T13066] Can't find ip_set type hash:kp,port
[  297.001722][T13065] Can't find ip_set type hash:kp,port
[  297.138320][T13081] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2109'.
[  297.214182][T13083] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  297.341261][T13090] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2111'.
[  297.538830][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2115'.
[  297.811354][T13111] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  298.037178][T13125] net_ratelimit: 16 callbacks suppressed
[  298.037305][T13125] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  298.854087][T13128] nbd: must specify a size in bytes for the device
[  298.915502][T13130] lo speed is unknown, defaulting to 1000
[  298.936606][T13130] lo speed is unknown, defaulting to 1000
[  298.943502][T13130] lo speed is unknown, defaulting to 1000
[  298.963629][T13130] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  298.975453][T13133] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2126'.
[  299.037300][T13130] lo speed is unknown, defaulting to 1000
[  299.045569][T13130] lo speed is unknown, defaulting to 1000
[  299.057759][T13130] lo speed is unknown, defaulting to 1000
[  299.067468][T13130] lo speed is unknown, defaulting to 1000
[  299.118167][T13130] lo speed is unknown, defaulting to 1000
[  299.146896][T13130] lo speed is unknown, defaulting to 1000
[  299.198027][T13130] lo speed is unknown, defaulting to 1000
[  299.227206][T13130] lo speed is unknown, defaulting to 1000
[  299.392516][T13145] dvmrp1: entered allmulticast mode
[  299.439324][T13150] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4032
[  299.484263][T13154] FAULT_INJECTION: forcing a failure.
[  299.484263][T13154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.500542][T13154] CPU: 0 UID: 0 PID: 13154 Comm: syz.7.2136 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  299.500583][T13154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  299.500599][T13154] Call Trace:
[  299.500607][T13154]  <TASK>
[  299.500616][T13154]  dump_stack_lvl+0x189/0x250
[  299.500645][T13154]  ? __pfx____ratelimit+0x10/0x10
[  299.500676][T13154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.500699][T13154]  ? __pfx__printk+0x10/0x10
[  299.500740][T13154]  should_fail_ex+0x414/0x560
[  299.500781][T13154]  _copy_from_user+0x2d/0xb0
[  299.500814][T13154]  sctp_setsockopt+0x19f/0x1200
[  299.500849][T13154]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  299.500883][T13154]  do_sock_setsockopt+0x179/0x1b0
[  299.500916][T13154]  __x64_sys_setsockopt+0x13f/0x1b0
[  299.500945][T13154]  do_syscall_64+0xfa/0x3b0
[  299.500977][T13154]  ? lockdep_hardirqs_on+0x9c/0x150
[  299.501007][T13154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.501029][T13154]  ? clear_bhb_loop+0x60/0xb0
[  299.501056][T13154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.501077][T13154] RIP: 0033:0x7f782758eb69
[  299.501096][T13154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.501115][T13154] RSP: 002b:00007f7828440038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  299.501140][T13154] RAX: ffffffffffffffda RBX: 00007f78277b6080 RCX: 00007f782758eb69
[  299.501156][T13154] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003
[  299.501169][T13154] RBP: 00007f7828440090 R08: 0000000000000010 R09: 0000000000000000
[  299.501182][T13154] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[  299.501196][T13154] R13: 0000000000000001 R14: 00007f78277b6080 R15: 00007fff0066cf08
[  299.501229][T13154]  </TASK>
[  299.708437][T13159] netlink: 'syz.0.2138': attribute type 1 has an invalid length.
[  299.883796][T13168] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2140'.
[  300.001277][T13173] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2142'.
[  300.079401][T13175] netlink: 'syz.1.2143': attribute type 11 has an invalid length.
[  300.088024][T13175] netlink: 'syz.1.2143': attribute type 11 has an invalid length.
[  300.096933][T13175] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2143'.
[  300.971373][T13190] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2148'.
[  301.312480][T13204] netlink: 'syz.1.2154': attribute type 11 has an invalid length.
[  301.322082][T13204] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2154'.
[  301.348302][T13205] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  301.351185][T13202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.432070][T13212] netlink: 'syz.6.2156': attribute type 1 has an invalid length.
[  301.881481][T13236] netlink: 'syz.1.2161': attribute type 21 has an invalid length.
[  301.896051][T13236] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2161'.
[  302.086353][T13246] netlink: 'syz.7.2163': attribute type 21 has an invalid length.
[  302.094250][T13246] netlink: 128 bytes leftover after parsing attributes in process `syz.7.2163'.
[  302.110288][T13246] ieee802154 phy0 wpan0: encryption failed: -22
[  302.371049][T13256] netlink: 'syz.7.2167': attribute type 11 has an invalid length.
[  302.418321][T13256] __nla_validate_parse: 1 callbacks suppressed
[  302.418342][T13256] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.2167'.
[  302.458368][T13251] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  303.026670][T13285] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.2175'.
[  303.170261][T13292] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2177'.
[  303.261246][T13296] netlink: 96 bytes leftover after parsing attributes in process `syz.6.2177'.
[  303.417890][T13301] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2178'.
[  303.427854][T13301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2178'.
[  303.523987][T13301] veth1: entered allmulticast mode
[  303.698934][T13280] Bluetooth: hci4: Opcode 0x0c20 failed: -4
[  303.931271][T13321] netlink: 'syz.6.2182': attribute type 11 has an invalid length.
[  303.983085][T13325] sch_tbf: burst 4 is lower than device ip6tnl0 mtu (1452) !
[  303.990632][T13321] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2182'.
[  304.004220][T13320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  304.191480][T13330] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2185'.
[  304.243224][T13330] bridge: RTM_NEWNEIGH with unconfigured vlan 3 on bridge0
[  304.486000][T13339] sctp: [Deprecated]: syz.7.2189 (pid 13339) Use of struct sctp_assoc_value in delayed_ack socket option.
[  304.486000][T13339] Use struct sctp_sack_info instead
[  304.934333][T13353] netlink: 'syz.6.2192': attribute type 1 has an invalid length.
[  305.005109][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  305.052262][T13358] netlink: 'syz.6.2195': attribute type 11 has an invalid length.
[  305.060895][T13358] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2195'.
[  305.077153][T13357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  305.270904][T13367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2198'.
[  305.709006][T13389] netlink: 'syz.1.2207': attribute type 11 has an invalid length.
[  305.726250][T13387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  305.899340][T13399] veth0_to_team: entered promiscuous mode
[  305.910088][T13399] veth0_to_team: entered allmulticast mode
[  306.170640][T13411] netlink: 'syz.7.2212': attribute type 8 has an invalid length.
[  306.389951][T13426] netlink: 'syz.6.2218': attribute type 11 has an invalid length.
[  306.404054][T13423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  306.571271][T13436] netlink: 'syz.0.2222': attribute type 1 has an invalid length.
[  306.735655][T13438] netlink: 'syz.7.2225': attribute type 10 has an invalid length.
[  306.759539][T13438] bridge_slave_1: left allmulticast mode
[  306.777717][T13438] bridge_slave_1: left promiscuous mode
[  306.783563][T13438] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.815291][T13438] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  307.015855][T13454] netlink: 'syz.1.2230': attribute type 11 has an invalid length.
[  307.067225][T13452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  307.265705][T13462] netlink: 'syz.6.2232': attribute type 33 has an invalid length.
[  307.342426][T13464] syzkaller0: entered promiscuous mode
[  307.348740][T13464] syzkaller0: entered allmulticast mode
[  307.416073][T13465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  307.500463][T13469] netlink: 'syz.1.2235': attribute type 1 has an invalid length.
[  307.508627][T13469] __nla_validate_parse: 11 callbacks suppressed
[  307.508649][T13469] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2235'.
[  307.568507][T13469] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  307.900904][T13482] netlink: 'syz.1.2241': attribute type 11 has an invalid length.
[  307.919027][T13482] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2241'.
[  307.965489][T13481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  308.024047][T13488] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2242'.
[  308.069083][T13491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2244'.
[  308.181410][T13495] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2245'.
[  308.278067][T13497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2246'.
[  308.291887][T13496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  309.014284][T13516] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma?
[  309.058804][T13519] netlink: 'syz.0.2252': attribute type 15 has an invalid length.
[  309.253519][T13526] netlink: 'syz.6.2254': attribute type 11 has an invalid length.
[  309.321178][T13529] macsec1: entered promiscuous mode
[  309.349472][T13526] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2254'.
[  309.367242][T13529] bridge0: entered promiscuous mode
[  309.399400][T13524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  309.533125][T13540] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2259'.
[  310.541622][T13576] netlink: 'syz.0.2269': attribute type 11 has an invalid length.
[  310.584633][T13576] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2269'.
[  310.634266][T13575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.820535][T13588] netlink: 'syz.7.2272': attribute type 2 has an invalid length.
[  311.006240][T13597] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  311.129647][T13599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2275'.
[  311.256014][ T5845] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  311.269310][ T5845] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  311.279944][ T5845] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  311.322392][ T5845] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  311.353294][ T5845] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  311.368712][T13609] hsr0 speed is unknown, defaulting to 1000
[  311.379855][T13609] lo speed is unknown, defaulting to 1000
[  311.779412][T13610] hsr0 speed is unknown, defaulting to 1000
[  311.796513][T13610] lo speed is unknown, defaulting to 1000
[  311.860636][T13629] netlink: 'syz.0.2283': attribute type 11 has an invalid length.
[  311.875822][T13628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  312.518611][T13610] chnl_net:caif_netlink_parms(): no params data found
[  312.816657][T13610] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.834186][T13610] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.852722][T13610] bridge_slave_0: entered allmulticast mode
[  312.878333][T13610] bridge_slave_0: entered promiscuous mode
[  312.898928][T13610] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.916404][T13610] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.939769][T13610] bridge_slave_1: entered allmulticast mode
[  312.940972][T13661] netlink: 'syz.1.2294': attribute type 11 has an invalid length.
[  312.949506][T13610] bridge_slave_1: entered promiscuous mode
[  312.970062][T13661] __nla_validate_parse: 7 callbacks suppressed
[  312.970085][T13661] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2294'.
[  313.097621][T13660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  313.098398][T13610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  313.109786][T13663] netlink: zone id is out of range
[  313.110599][T13663] netlink: del zone limit has 4 unknown bytes
[  313.159005][T13610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  313.173401][T13664] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2295'.
[  313.181696][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2295'.
[  313.291761][T13667] netlink: 'syz.6.2296': attribute type 11 has an invalid length.
[  313.314978][T13667] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2296'.
[  313.348980][T13610] team0: Port device team_slave_0 added
[  313.377659][T13610] team0: Port device team_slave_1 added
[  313.407153][ T5847] Bluetooth: hci8: command tx timeout
[  313.490604][T13610] batman_adv: batadv0: Adding interface: batadv_slave_0
[  313.499071][T13610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.529145][T13610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  313.562742][T13674] team0: Mode changed to "loadbalance"
[  313.608081][T13610] batman_adv: batadv0: Adding interface: batadv_slave_1
[  313.633606][T13610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.695017][T13610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  313.966780][T13688] A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check.
[  314.042430][T13610] hsr_slave_0: entered promiscuous mode
[  314.053714][T13610] hsr_slave_1: entered promiscuous mode
[  314.065159][T13610] debugfs: 'hsr0' already exists in 'hsr'
[  314.071556][T13610] Cannot create hsr debugfs directory
[  314.072156][T13666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.269511][T13703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2306'.
[  314.304978][T13704] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2307'.
[  314.914343][T13728] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  314.970698][T13730] netlink: 'syz.1.2317': attribute type 11 has an invalid length.
[  315.000483][T13730] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2317'.
[  315.057960][T13610] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  315.173547][T13729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  315.208993][T13610] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  315.236948][T13610] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  315.390039][T13610] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  315.487294][T13742] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2320'.
[  315.500598][ T5847] Bluetooth: hci8: command tx timeout
[  315.510252][T13742] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2320'.
[  315.572683][T13742] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2320'.
[  315.612753][T13751] netlink: 'syz.6.2321': attribute type 1 has an invalid length.
[  315.706953][T13610] 8021q: adding VLAN 0 to HW filter on device bond0
[  315.828366][T13610] 8021q: adding VLAN 0 to HW filter on device team0
[  315.873194][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.882582][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.939990][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.948995][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.242325][T13781] netlink: 'syz.0.2327': attribute type 1 has an invalid length.
[  316.789439][T13610] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.935882][T13809] netlink: 'syz.1.2333': attribute type 12 has an invalid length.
[  316.972288][T13810] netlink: 'syz.1.2333': attribute type 12 has an invalid length.
[  317.168023][T13814] geneve2: entered promiscuous mode
[  317.180915][T13814] geneve2: entered allmulticast mode
[  317.249730][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.263563][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL
[  317.317048][T13814] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  317.329236][T13814] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.566867][ T5847] Bluetooth: hci8: command tx timeout
[  317.587484][T13814] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  317.666141][T13814] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.908848][T13814] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  317.928196][T13814] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.045827][T13834] netlink: 'syz.6.2341': attribute type 23 has an invalid length.
[  318.103645][T13814] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  318.115885][T13814] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.176361][T13610] veth0_vlan: entered promiscuous mode
[  318.197014][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  318.222349][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  318.228301][T13610] veth1_vlan: entered promiscuous mode
[  318.291421][T13841] tipc: Enabling <eth:lo> not permitted
[  318.322360][T13841] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  318.409709][T13843] IPVS: set_ctl: invalid protocol: 94 10.1.1.2:20004
[  318.415617][T13610] veth0_macvtap: entered promiscuous mode
[  318.437067][T13845] netlink: 'syz.1.2345': attribute type 1 has an invalid length.
[  318.454153][T13845] __nla_validate_parse: 5 callbacks suppressed
[  318.454174][T13845] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2345'.
[  318.483617][T13610] veth1_macvtap: entered promiscuous mode
[  318.550599][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2347'.
[  318.606266][T13847] syzkaller1: entered promiscuous mode
[  318.632364][T13847] syzkaller1: entered allmulticast mode
[  318.636579][T13854] openvswitch: netlink: IPv6 tunnel dst address is zero
[  318.712336][T13610] batman_adv: batadv0: Interface activated: batadv_slave_0
[  318.749552][T13610] batman_adv: batadv0: Interface activated: batadv_slave_1
[  318.786823][T13861] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  318.928709][T13868] netlink: 'syz.0.2352': attribute type 21 has an invalid length.
[  318.936923][ T6527] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  318.954934][ T6527] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  318.967161][T13868] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2352'.
[  319.011291][T13868] netlink: 'syz.0.2352': attribute type 5 has an invalid length.
[  319.030755][T13868] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2352'.
[  319.074605][ T6527] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  319.092284][ T6527] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  319.332211][T13881] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2356'.
[  319.353992][T13881] netlink: 'syz.7.2356': attribute type 7 has an invalid length.
[  319.366230][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2355'.
[  319.387620][T13881] netlink: 'syz.7.2356': attribute type 8 has an invalid length.
[  319.412153][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.461615][T13881] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2356'.
[  319.475653][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.645969][ T5847] Bluetooth: hci8: command tx timeout
[  319.718901][ T6554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.733648][ T6554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.796353][T13897] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  319.892022][T13903] veth0_to_bridge: entered promiscuous mode
[  319.906842][T13905] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2366'.
[  319.915488][T13904] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2364'.
[  319.961402][T13903] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2365'.
[  320.001884][T13901] veth0_to_bridge: left promiscuous mode
[  320.113571][T13904] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  320.310080][T13918] bridge_slave_0: left allmulticast mode
[  320.317319][T13918] bridge_slave_0: left promiscuous mode
[  320.323269][T13918] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.427610][T13918] bridge_slave_1: left allmulticast mode
[  320.446879][T13918] bridge_slave_1: left promiscuous mode
[  320.453886][T13918] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.602045][T13918] team0: Port device team_slave_0 removed
[  320.717873][T13918] team0: Port device team_slave_1 removed
[  320.738208][T13918] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  320.792819][T13918] batman_adv: batadv0: Removing interface: batadv_slave_0
[  320.821093][T13918] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  320.863146][T13918] batman_adv: batadv0: Removing interface: batadv_slave_1
[  322.193819][T13998] team0: Device gtp0 is of different type
[  322.468849][T14007] validate_nla: 2 callbacks suppressed
[  322.468871][T14007] netlink: 'syz.1.2397': attribute type 8 has an invalid length.
[  322.559091][T14011] netlink: 'syz.6.2399': attribute type 11 has an invalid length.
[  322.570699][T14011] FAULT_INJECTION: forcing a failure.
[  322.570699][T14011] name failslab, interval 1, probability 0, space 0, times 0
[  322.583893][T14011] CPU: 1 UID: 0 PID: 14011 Comm: syz.6.2399 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  322.583924][T14011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  322.583937][T14011] Call Trace:
[  322.583946][T14011]  <TASK>
[  322.583954][T14011]  dump_stack_lvl+0x189/0x250
[  322.583983][T14011]  ? __pfx____ratelimit+0x10/0x10
[  322.584014][T14011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.584035][T14011]  ? __pfx__printk+0x10/0x10
[  322.584078][T14011]  should_fail_ex+0x414/0x560
[  322.584125][T14011]  should_failslab+0xa8/0x100
[  322.584148][T14011]  kmem_cache_alloc_noprof+0x73/0x3c0
[  322.584179][T14011]  ? skb_clone+0x212/0x3a0
[  322.584209][T14011]  skb_clone+0x212/0x3a0
[  322.584238][T14011]  bpf_clone_redirect+0xad/0x3d0
[  322.584272][T14011]  ? __lock_acquire+0xab9/0xd20
[  322.584302][T14011]  ? bpf_test_run+0x197/0x7b0
[  322.584333][T14011]  bpf_prog_c6f54bbad6dab1ee+0x5f/0x68
[  322.584366][T14011]  ? ktime_get+0x3e/0x1f0
[  322.584398][T14011]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  322.584421][T14011]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.584451][T14011]  ? ktime_get+0x3e/0x1f0
[  322.584472][T14011]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  322.584496][T14011]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  322.584526][T14011]  ? __local_bh_disable_ip+0xf1/0x190
[  322.584560][T14011]  ? __pfx___cant_migrate+0x10/0x10
[  322.584598][T14011]  ? read_tsc+0x9/0x20
[  322.584624][T14011]  ? ktime_get+0x1cb/0x1f0
[  322.584654][T14011]  bpf_test_run+0x318/0x7b0
[  322.584710][T14011]  ? __pfx_bpf_test_run+0x10/0x10
[  322.584770][T14011]  ? slab_build_skb+0x273/0x3e0
[  322.584802][T14011]  ? convert___skb_to_skb+0x3d/0x590
[  322.584836][T14011]  bpf_prog_test_run_skb+0xb30/0x1560
[  322.584886][T14011]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  322.584918][T14011]  bpf_prog_test_run+0x2c4/0x340
[  322.584955][T14011]  __sys_bpf+0x581/0x870
[  322.584987][T14011]  ? __pfx___sys_bpf+0x10/0x10
[  322.585033][T14011]  ? ksys_write+0x22a/0x250
[  322.585066][T14011]  ? __pfx_ksys_write+0x10/0x10
[  322.585094][T14011]  ? rcu_is_watching+0x15/0xb0
[  322.585146][T14011]  __x64_sys_bpf+0x7c/0x90
[  322.585174][T14011]  do_syscall_64+0xfa/0x3b0
[  322.585203][T14011]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.585231][T14011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.585253][T14011]  ? clear_bhb_loop+0x60/0xb0
[  322.585279][T14011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.585299][T14011] RIP: 0033:0x7ff84018eb69
[  322.585317][T14011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.585336][T14011] RSP: 002b:00007ff8410cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  322.585363][T14011] RAX: ffffffffffffffda RBX: 00007ff8403b5fa0 RCX: 00007ff84018eb69
[  322.585379][T14011] RDX: 0000000000000050 RSI: 0000200000001a00 RDI: 000000000000000a
[  322.585393][T14011] RBP: 00007ff8410cd090 R08: 0000000000000000 R09: 0000000000000000
[  322.585407][T14011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.585420][T14011] R13: 0000000000000000 R14: 00007ff8403b5fa0 R15: 00007ffe14832d78
[  322.585454][T14011]  </TASK>
[  323.031817][T14010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  323.230805][T14028] netlink: 'syz.7.2407': attribute type 1 has an invalid length.
[  323.252188][T14030] netlink: 'syz.0.2405': attribute type 1 has an invalid length.
[  323.339984][T14028] 8021q: adding VLAN 0 to HW filter on device bond2
[  323.447911][T14034] gretap1: entered promiscuous mode
[  323.528983][T14034] bond2: (slave gretap1): making interface the new active one
[  323.586912][T14034] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  323.696605][T14055] __nla_validate_parse: 4 callbacks suppressed
[  323.696626][T14055] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2410'.
[  323.758860][T14057] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2412'.
[  323.771127][T14058] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2412'.
[  323.879821][T14064] netlink: 48 bytes leftover after parsing attributes in process `syz.8.2414'.
[  324.020928][T14066] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2415'.
[  324.207301][ T5917] hid-generic 0005:07C0:0009.0001: unknown main item tag 0x0
[  324.302115][ T5917] hid-generic 0005:07C0:0009.0001: hidraw0: BLUETOOTH HID v0.09 Device [syz0] on aa:aa:aa:aa:aa:aa
[  324.522248][T14087] IPVS: Unknown mcast interface: veth0_virt_wifi
[  324.600137][T14086] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2422'.
[  324.947022][T14102] netlink: 'syz.6.2428': attribute type 11 has an invalid length.
[  325.020156][T14102] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2428'.
[  325.281116][T14101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  325.311986][T14120] syzkaller1: entered promiscuous mode
[  325.349690][T14120] syzkaller1: entered allmulticast mode
[  325.378078][T14120] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2432'.
[  325.454071][T14122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2433'.
[  325.705688][T14137] tipc: Started in network mode
[  325.711479][T14137] tipc: Node identity , cluster identity 4711
[  325.738139][T14137] tipc: Failed to obtain node identity
[  325.799372][T14137] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  325.970964][T14153] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2440'.
[  326.505655][T14187] lo: entered allmulticast mode
[  326.548795][T14187] tunl0: entered allmulticast mode
[  326.583267][T14187] gre0: entered allmulticast mode
[  326.624687][T14187] gretap0: entered allmulticast mode
[  326.634008][T14187] erspan0: entered allmulticast mode
[  326.649120][T14187] ip_vti0: entered allmulticast mode
[  326.658822][T14187] ip6_vti0: entered allmulticast mode
[  326.667715][T14187] sit0: entered allmulticast mode
[  326.673221][T14187] ip6tnl0: entered allmulticast mode
[  326.680925][T14187] ip6gre0: entered allmulticast mode
[  326.687501][T14187] syz_tun: entered allmulticast mode
[  326.693241][T14187] ip6gretap0: entered allmulticast mode
[  326.699424][T14187] bridge0: entered allmulticast mode
[  326.709175][T14187] vcan0: entered allmulticast mode
[  326.715036][T14187] bond0: entered allmulticast mode
[  326.720417][T14187] bond_slave_0: entered allmulticast mode
[  326.729492][T14187] bond_slave_1: entered allmulticast mode
[  326.736467][T14187] bridge_slave_1: entered allmulticast mode
[  326.743523][T14187] team0: entered allmulticast mode
[  326.749532][T14187] team_slave_0: entered allmulticast mode
[  326.755907][T14187] team_slave_1: entered allmulticast mode
[  326.762215][T14187] vlan0: entered allmulticast mode
[  326.767782][T14187] veth0_vlan: entered allmulticast mode
[  326.773969][T14187] dummy0: entered allmulticast mode
[  326.780834][T14187] nlmon0: entered allmulticast mode
[  326.793555][T14187] caif0: entered allmulticast mode
[  326.801881][T14187] batadv0: entered allmulticast mode
[  326.809505][T14187] vxcan0: entered allmulticast mode
[  326.819596][T14187] vxcan1: entered allmulticast mode
[  326.833001][T14187] veth0: entered allmulticast mode
[  326.844243][T14187] veth1: entered allmulticast mode
[  326.854316][T14187] wg0: entered allmulticast mode
[  326.862427][T14187] wg1: entered allmulticast mode
[  326.869067][T14187] wg2: entered allmulticast mode
[  326.875997][T14187] veth0_to_bridge: entered allmulticast mode
[  326.883441][T14187] veth1_to_bridge: entered allmulticast mode
[  326.901450][T14187] veth0_to_bond: entered allmulticast mode
[  326.911189][T14187] veth1_to_bond: entered allmulticast mode
[  326.919731][T14187] veth0_to_team: left promiscuous mode
[  326.927413][T14187] veth1_to_team: entered allmulticast mode
[  326.936398][T14187] veth0_to_batadv: entered allmulticast mode
[  326.943671][T14187] batadv_slave_0: entered allmulticast mode
[  326.952449][T14187] veth1_to_batadv: entered allmulticast mode
[  326.961322][T14187] batadv_slave_1: entered allmulticast mode
[  326.970333][T14187] xfrm0: entered allmulticast mode
[  326.978622][T14187] veth0_to_hsr: entered allmulticast mode
[  326.988385][T14187] hsr_slave_0: entered allmulticast mode
[  327.007746][T14187] veth1_to_hsr: entered allmulticast mode
[  327.023102][T14187] hsr_slave_1: entered allmulticast mode
[  327.049917][T14187] hsr0: entered allmulticast mode
[  327.066128][T14187] veth1_vlan: entered allmulticast mode
[  327.081242][T14187] vlan1: entered allmulticast mode
[  327.088693][T14187] macvlan0: entered allmulticast mode
[  327.096620][T14187] macvlan1: entered allmulticast mode
[  327.103206][T14187] ipvlan0: entered allmulticast mode
[  327.110139][T14187] ipvlan1: entered allmulticast mode
[  327.116656][T14187] veth1_macvtap: entered allmulticast mode
[  327.123056][T14187] veth0_macvtap: entered allmulticast mode
[  327.131206][T14187] macvtap0: entered allmulticast mode
[  327.137479][T14187] macsec0: entered allmulticast mode
[  327.143292][T14187] geneve0: entered allmulticast mode
[  327.149215][T14187] geneve1: entered allmulticast mode
[  327.156337][T14187] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[  327.166757][T14187] netdevsim netdevsim7 netdevsim1: entered allmulticast mode
[  327.176217][T14187] netdevsim netdevsim7 netdevsim2: entered allmulticast mode
[  327.184323][T14187] netdevsim netdevsim7 netdevsim3: entered allmulticast mode
[  327.195802][T14187] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  327.199641][T14206] netlink: 'syz.1.2453': attribute type 12 has an invalid length.
[  327.203354][T14187] mac80211_hwsim hwsim22 wlan1: entered allmulticast mode
[  327.219342][T14187] bond1: entered allmulticast mode
[  327.225589][T14187] bridge1: entered allmulticast mode
[  327.232067][T14187] bridge0: left promiscuous mode
[  327.237465][T14187] macsec1: left promiscuous mode
[  327.242657][T14187] macsec1: entered allmulticast mode
[  327.251587][T14187] syztnl2: entered allmulticast mode
[  327.257292][T14187] bridge2: entered allmulticast mode
[  327.262896][T14187] mac80211_hwsim hwsim27 wlan2: entered allmulticast mode
[  327.277020][T14187] bond2: entered allmulticast mode
[  327.282597][T14187] gretap1: entered allmulticast mode
[  327.291206][T14187] gretap1: left promiscuous mode
[  327.301139][T14187] bridge3: entered allmulticast mode
[  327.375239][T14206] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (255)
[  327.573773][T14212] IPVS: set_ctl: invalid protocol: 135 255.255.255.255:20002
[  328.216470][T14236] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  328.243734][T14236] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  328.410356][T14236] syzkaller0: entered promiscuous mode
[  328.416834][T14236] syzkaller0: entered allmulticast mode
[  328.487008][T14243] tipc: Resetting bearer <eth:syzkaller0>
[  328.540910][T14235] tipc: Resetting bearer <eth:syzkaller0>
[  328.719671][T14252] __nla_validate_parse: 6 callbacks suppressed
[  328.719692][T14252] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2470'.
[  330.761096][T14235] tipc: Disabling bearer <eth:syzkaller0>
[  331.028165][T14280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2480'.
[  331.177111][T14285] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  331.467899][T14311] C: renamed from lo (while UP)
[  331.528338][T14311] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  331.578267][T14311] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2487'.
[  331.623159][T14311] netlink: 136 bytes leftover after parsing attributes in process `syz.8.2487'.
[  331.647873][T14321] syz.6.2489 uses old SIOCAX25GETINFO
[  347.974887][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  356.092958][T14345] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2497'.
[  356.151434][T14351] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  356.185196][T14362] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2497'.
[  356.552324][T14379] IPv6: Can't replace route, no match found
[  356.695996][T14388] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2509'.
[  356.724574][T14388] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2509'.
[  356.920652][T14394] vcan0: entered allmulticast mode
[  356.928075][T14399] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2514'.
[  356.978285][T14399] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2514'.
[  357.120169][T14407] netlink: 3648 bytes leftover after parsing attributes in process `syz.8.2516'.
[  357.133697][T14407] netlink: 3648 bytes leftover after parsing attributes in process `syz.8.2516'.
[  357.398604][T14416] netlink: 324 bytes leftover after parsing attributes in process `syz.0.2517'.
[  357.510963][T14429] netlink: 'syz.6.2521': attribute type 21 has an invalid length.
[  358.140385][T14453] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2526'.
[  358.754238][T14449] infiniband syz!: set active
[  358.760122][T14449] infiniband syz!: added team_slave_0
[  358.806794][T14482] netlink: 'syz.7.2531': attribute type 11 has an invalid length.
[  358.831183][T14478] sctp: [Deprecated]: syz.6.2533 (pid 14478) Use of int in maxseg socket option.
[  358.831183][T14478] Use struct sctp_assoc_value instead
[  358.831989][T14449] RDS/IB: syz!: added
[  358.864801][T14449] smc: adding ib device syz! with port count 1
[  358.871417][T14449] smc:    ib device syz! port 1 has pnetid 
[  359.036810][T14478] team0: Cannot enslave team device to itself
[  359.049836][T14486] ieee802154 phy0 wpan0: encryption failed: -22
[  359.658501][T14508] netlink: 'syz.7.2542': attribute type 7 has an invalid length.
[  359.788186][T14508] : entered promiscuous mode
[  360.064083][T14520] netlink: 'syz.7.2545': attribute type 3 has an invalid length.
[  360.531191][T14541] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  360.683572][T14538] xfrm0: left allmulticast mode
[  360.739119][T14551] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  360.787351][T14551] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  360.798632][T14551] gretap1: entered promiscuous mode
[  360.804502][T14551] gretap1: entered allmulticast mode
[  361.107491][T14563] __nla_validate_parse: 8 callbacks suppressed
[  361.107513][T14563] netlink: 252 bytes leftover after parsing attributes in process `syz.8.2560'.
[  361.165843][T14571] netlink: 'syz.8.2560': attribute type 3 has an invalid length.
[  361.526882][T14584] tipc: Started in network mode
[  361.554523][T14584] tipc: Node identity 6a992dacb1ed, cluster identity 4711
[  361.561981][T14584] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  361.592846][T14586] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2566'.
[  361.647578][T14584] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2564'.
[  361.689205][T14590] syzkaller0: entered promiscuous mode
[  361.698736][T14590] syzkaller0: entered allmulticast mode
[  361.712459][T14590] tipc: Resetting bearer <eth:syzkaller0>
[  361.770750][T14582] tipc: Resetting bearer <eth:syzkaller0>
[  362.636012][ T5917] tipc: Node number set to 3681824172
[  363.858792][T14582] tipc: Disabling bearer <eth:syzkaller0>
[  363.893982][T14607] syzkaller1: entered promiscuous mode
[  363.910010][T14607] syzkaller1: entered allmulticast mode
[  364.224201][T14634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2577'.
[  364.243285][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2578'.
[  364.271408][T14634] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  364.280837][T14634] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  364.352430][T14637] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2578'.
[  364.719423][T14650] vlan0: entered allmulticast mode
[  364.743066][T14650] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  365.297680][T14676] netlink: 88 bytes leftover after parsing attributes in process `syz.7.2592'.
[  365.326781][T14676] netlink: 'syz.7.2592': attribute type 1 has an invalid length.
[  365.343941][T14676] netlink: 16150 bytes leftover after parsing attributes in process `syz.7.2592'.
[  366.141814][T14708] netlink: 'syz.6.2598': attribute type 4 has an invalid length.
[  366.161158][T14708] netlink: 'syz.6.2598': attribute type 4 has an invalid length.
[  366.298890][T14713] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2599'.
[  366.315422][T14713] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2599'.
[  366.356207][T14713] netlink: 'syz.8.2599': attribute type 11 has an invalid length.
[  367.552248][T14753] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2606'.
[  367.563141][T14753] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2606'.
[  367.582828][T14753] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2606'.
[  367.652592][T14762] netlink: 'syz.6.2609': attribute type 1 has an invalid length.
[  367.833102][T14769] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2611'.
[  367.860491][T14769] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2611'.
[  367.906110][T14769] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2611'.
[  368.001702][T14782] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  368.029221][T14769] netlink: 56 bytes leftover after parsing attributes in process `syz.7.2611'.
[  368.158999][T14787] netlink: 'syz.6.2616': attribute type 1 has an invalid length.
[  368.488405][T14808] netlink: 'syz.0.2623': attribute type 1 has an invalid length.
[  368.496594][T14808] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2623'.
[  368.552837][T14812] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5
[  368.739567][T14819] bridge0: left allmulticast mode
[  368.833651][T14825] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614)
[  368.857366][T14825] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[  369.156262][T14832] af_packet: tpacket_rcv: packet too big, clamped from 18 to 4294967272. macoff=96
[  370.048945][ T5158] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  370.063446][ T5158] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  370.077818][ T5158] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  370.089156][ T5158] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  370.106452][ T5158] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  370.524851][ T5845] Bluetooth: hci6: command 0x0406 tx timeout
[  372.079452][T14869] syz.8.2641: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  372.087495][T14860] syzkaller0: entered promiscuous mode
[  372.100410][T14860] syzkaller0: entered allmulticast mode
[  372.117915][T14869] CPU: 1 UID: 0 PID: 14869 Comm: syz.8.2641 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  372.117955][T14869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  372.117975][T14869] Call Trace:
[  372.117984][T14869]  <TASK>
[  372.117997][T14869]  dump_stack_lvl+0x189/0x250
[  372.118031][T14869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.118055][T14869]  ? __pfx__printk+0x10/0x10
[  372.118083][T14869]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  372.118109][T14869]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  372.118136][T14869]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  372.118181][T14869]  warn_alloc+0x214/0x310
[  372.118204][T14869]  ? stack_depot_save_flags+0x40/0x900
[  372.118231][T14869]  ? __pfx_warn_alloc+0x10/0x10
[  372.118263][T14869]  ? kasan_save_track+0x4f/0x80
[  372.118294][T14869]  ? xskq_create+0x56/0x170
[  372.118322][T14869]  ? xsk_init_queue+0xb0/0x110
[  372.118347][T14869]  ? xsk_setsockopt+0x4dc/0x8d0
[  372.118372][T14869]  ? do_sock_setsockopt+0x179/0x1b0
[  372.118392][T14869]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  372.118411][T14869]  ? do_syscall_64+0xfa/0x3b0
[  372.118441][T14869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.118472][T14869]  __vmalloc_node_range_noprof+0x125/0x12f0
[  372.118531][T14869]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  372.118555][T14869]  ? xskq_create+0x56/0x170
[  372.118587][T14869]  ? __kasan_kmalloc+0x93/0xb0
[  372.118623][T14869]  vmalloc_user_noprof+0xad/0xf0
[  372.118644][T14869]  ? xskq_create+0xbf/0x170
[  372.118675][T14869]  xskq_create+0xbf/0x170
[  372.118709][T14869]  xsk_init_queue+0xb0/0x110
[  372.118740][T14869]  xsk_setsockopt+0x4dc/0x8d0
[  372.118771][T14869]  ? __pfx_xsk_setsockopt+0x10/0x10
[  372.118799][T14869]  ? __pfx_aa_sk_perm+0x10/0x10
[  372.118832][T14869]  ? aa_sock_opt_perm+0x74/0x110
[  372.118863][T14869]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  372.118888][T14869]  ? __pfx_xsk_setsockopt+0x10/0x10
[  372.118919][T14869]  do_sock_setsockopt+0x179/0x1b0
[  372.118946][T14869]  __x64_sys_setsockopt+0x13f/0x1b0
[  372.118974][T14869]  do_syscall_64+0xfa/0x3b0
[  372.119004][T14869]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.119034][T14869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.119055][T14869]  ? clear_bhb_loop+0x60/0xb0
[  372.119082][T14869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.119103][T14869] RIP: 0033:0x7f1c5bd8eb69
[  372.119124][T14869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.119142][T14869] RSP: 002b:00007f1c5cbee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  372.119175][T14869] RAX: ffffffffffffffda RBX: 00007f1c5bfb5fa0 RCX: 00007f1c5bd8eb69
[  372.119190][T14869] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  372.119203][T14869] RBP: 00007f1c5be11df1 R08: 0000000000000004 R09: 0000000000000000
[  372.119217][T14869] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  372.119231][T14869] R13: 0000000000000000 R14: 00007f1c5bfb5fa0 R15: 00007ffefa2dd238
[  372.119265][T14869]  </TASK>
[  372.436270][ T5847] Bluetooth: hci9: command tx timeout
[  372.483480][T14869] Mem-Info:
[  372.495488][T14869] active_anon:9521 inactive_anon:0 isolated_anon:0
[  372.495488][T14869]  active_file:1762 inactive_file:39966 isolated_file:0
[  372.495488][T14869]  unevictable:768 dirty:64 writeback:0
[  372.495488][T14869]  slab_reclaimable:12243 slab_unreclaimable:136329
[  372.495488][T14869]  mapped:51852 shmem:5527 pagetables:1197
[  372.495488][T14869]  sec_pagetables:0 bounce:0
[  372.495488][T14869]  kernel_misc_reclaimable:0
[  372.495488][T14869]  free:1229777 free_pcp:16827 free_cma:0
[  372.624531][T14869] Node 0 active_anon:38284kB inactive_anon:0kB active_file:7048kB inactive_file:159664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:207408kB dirty:256kB writeback:0kB shmem:20572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13976kB pagetables:4652kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  372.713737][T14869] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  372.761069][T14869] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  372.792720][T14869] lowmem_reserve[]: 0 2500 2502 2502 2502
[  372.798751][T14869] Node 0 DMA32 free:1010780kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38040kB inactive_anon:0kB active_file:7048kB inactive_file:157840kB unevictable:1536kB writepending:256kB present:3129332kB managed:2560292kB mlocked:0kB bounce:0kB free_pcp:68404kB local_pcp:47248kB free_cma:0kB
[  372.832658][T14869] lowmem_reserve[]: 0 0 1 1 1
[  372.837536][T14869] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1824kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  372.875488][T14869] lowmem_reserve[]: 0 0 0 0 0
[  372.880389][T14869] Node 1 Normal free:3901720kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18336kB local_pcp:4672kB free_cma:0kB
[  372.907903][T14878] __nla_validate_parse: 4 callbacks suppressed
[  372.907928][T14878] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2643'.
[  372.914297][T14869] lowmem_reserve[]: 0 0 0 0 0
[  372.936479][T14869] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  372.949833][T14869] Node 0 DMA32: 1600*4kB (UM) 295*8kB (UM) 80*16kB (UME) 35*32kB (UM) 47*64kB (UME) 71*128kB (UM) 22*256kB (UM) 16*512kB (UME) 3*1024kB (UME) 5*2048kB (UM) 235*4096kB (UM) = 1012952kB
[  372.972731][T14869] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  372.986050][T14869] Node 1 Normal: 190*4kB (UME) 58*8kB (UME) 43*16kB (UME) 121*32kB (UME) 42*64kB (UME) 8*128kB (UM) 4*256kB (UM) 4*512kB (UME) 2*1024kB (UM) 0*2048kB 949*4096kB (M) = 3901720kB
[  373.010750][T14869] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  373.021140][T14869] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  373.038420][T14882] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2643'.
[  373.070181][T14882] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2643'.
[  373.084995][T14869] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  373.112832][T14869] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  373.130604][T14869] 47250 total pagecache pages
[  373.151601][T14869] 0 pages in swap cache
[  373.158541][T14869] Free swap  = 124996kB
[  373.163030][T14869] Total swap = 124996kB
[  373.167374][T14869] 2097051 pages RAM
[  373.172845][T14869] 0 pages HighMem/MovableOnly
[  373.179073][T14869] 424872 pages reserved
[  373.183267][T14869] 0 pages cma reserved
[  374.446939][ T5847] Bluetooth: hci9: command tx timeout
[  374.862503][T14890] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2646'.
[  374.907225][T14890] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2646'.
[  374.934880][T14865] hsr0 speed is unknown, defaulting to 1000
[  374.942672][T14865] lo speed is unknown, defaulting to 1000
[  374.975529][T14890] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2646'.
[  375.364178][T14911] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2652'.
[  375.536448][T14918] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2656'.
[  375.645951][T14918] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.692421][T14919] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2657'.
[  375.738280][T14922] macvlan2: entered promiscuous mode
[  375.755159][T14922] macvlan2: entered allmulticast mode
[  375.770558][T14922] bond0: (slave macvlan2): Opening slave failed
[  375.800959][T14931] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2660'.
[  375.868343][T14931] geneve2: entered promiscuous mode
[  375.877417][T14931] geneve2: entered allmulticast mode
[  376.530626][ T5847] Bluetooth: hci9: command tx timeout
[  376.850583][T14980] C: renamed from team_slave_0
[  376.906907][T14980] netlink: 'syz.6.2669': attribute type 1 has an invalid length.
[  376.952355][T14980] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  376.991507][T14865] chnl_net:caif_netlink_parms(): no params data found
[  377.169195][T14991] netlink: zone id is out of range
[  377.203202][T14991] netlink: zone id is out of range
[  377.209917][T14991] netlink: zone id is out of range
[  377.216431][T14991] netlink: zone id is out of range
[  377.222856][T14991] netlink: zone id is out of range
[  377.228713][T14991] netlink: zone id is out of range
[  377.237057][T14991] netlink: zone id is out of range
[  377.242222][T14991] netlink: zone id is out of range
[  377.248448][T14991] netlink: zone id is out of range
[  377.322694][T14865] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.337730][T14865] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.354698][T14865] bridge_slave_0: entered allmulticast mode
[  377.364013][T14865] bridge_slave_0: entered promiscuous mode
[  377.374215][T14865] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.381691][T14865] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.393319][T14865] bridge_slave_1: entered allmulticast mode
[  377.402020][T14865] bridge_slave_1: entered promiscuous mode
[  377.547640][T14865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  377.562435][T14865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  377.715770][T14865] team0: Port device team_slave_0 added
[  377.740061][T14865] team0: Port device team_slave_1 added
[  377.857111][T15020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  377.877612][T14865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  377.889232][T15023] netlink: 'syz.7.2683': attribute type 10 has an invalid length.
[  377.903629][T14865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  377.946986][T14865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  377.966319][T15026] netlink: 'syz.7.2683': attribute type 10 has an invalid length.
[  377.984161][T15023] dummy0: left allmulticast mode
[  377.995601][T15023] dummy0: entered allmulticast mode
[  378.001752][T15023] team0: Port device dummy0 added
[  378.058480][T15026] dummy0: left allmulticast mode
[  378.100120][T15026] team0: Port device dummy0 removed
[  378.146719][T15026] dummy0: entered allmulticast mode
[  378.154216][T15026] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  378.167324][T14865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  378.180454][T14865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  378.242800][T14865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  378.279642][T15038] __nla_validate_parse: 4 callbacks suppressed
[  378.279663][T15038] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2685'.
[  378.306481][T15036] team0: Device wireguard0 is of different type
[  378.331473][T15040] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2686'.
[  378.478292][T14865] hsr_slave_0: entered promiscuous mode
[  378.522968][T14865] hsr_slave_1: entered promiscuous mode
[  378.530217][T14865] debugfs: 'hsr0' already exists in 'hsr'
[  378.542016][T14865] Cannot create hsr debugfs directory
[  378.604743][ T5847] Bluetooth: hci9: command tx timeout
[  378.678621][T15054] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2691'.
[  378.694297][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.698132][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL
[  379.199817][T15070] netlink: 'syz.7.2698': attribute type 1 has an invalid length.
[  379.285442][T15068] nbd2: detected capacity change from 0 to 127
[  379.301987][ T5847] block nbd2: Receive control failed (result -104)
[  379.314287][T15070] 8021q: adding VLAN 0 to HW filter on device bond4
[  379.345781][T15070] bond3: (slave bond4): making interface the new active one
[  379.353911][T15070] bond3: (slave bond4): Enslaving as an active interface with an up link
[  379.366510][T15071] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  379.385729][T15075] bond3: (slave gretap2): Enslaving as a backup interface with an up link
[  379.422279][T14865] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  379.497919][T14865] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  379.534250][T14865] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  379.579302][T14865] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  379.714731][T15103] netlink: 'syz.6.2705': attribute type 33 has an invalid length.
[  379.723682][T15103] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2705'.
[  379.882725][T14865] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.930704][T15108] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2707'.
[  379.945151][T15108] netlink: 'syz.6.2707': attribute type 10 has an invalid length.
[  380.038766][T14865] 8021q: adding VLAN 0 to HW filter on device team0
[  380.089895][ T6554] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.097273][ T6554] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.120696][T15120] netlink: 'syz.6.2709': attribute type 1 has an invalid length.
[  380.134631][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2709'.
[  380.156985][ T6554] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.164207][ T6554] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.179696][T15120] netlink: 84 bytes leftover after parsing attributes in process `syz.6.2709'.
[  380.921211][T14865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.057898][T14865] veth0_vlan: entered promiscuous mode
[  381.088638][T14865] veth1_vlan: entered promiscuous mode
[  381.150051][T14865] veth0_macvtap: entered promiscuous mode
[  381.176115][T14865] veth1_macvtap: entered promiscuous mode
[  381.201063][T14865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.243601][T14865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  381.301551][ T6538] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.317465][ T6538] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.367716][ T6538] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.422480][ T6538] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.605590][ T6530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.613727][ T6530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.672267][T15182] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2727'.
[  381.680788][ T6538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.702821][ T6538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.712561][T15182] team0: No ports can be present during mode change
[  382.029505][T15195] netlink: 'syz.6.2732': attribute type 1 has an invalid length.
[  382.105962][T15198] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2732'.
[  382.182761][T15203] tipc: Failed to remove unknown binding: 66,1,1/0:2696420965/2696420967
[  382.203375][T15203] tipc: Failed to remove unknown binding: 66,1,1/0:2696420965/2696420967
[  382.215140][T15203] tipc: Failed to remove unknown binding: 66,1,1/0:2696420965/2696420967
[  382.347435][T15211] netlink: 'syz.1.2737': attribute type 1 has an invalid length.
[  382.459266][T15214] veth3: entered promiscuous mode
[  382.485536][T15211] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2737'.
[  383.639114][T15278] __nla_validate_parse: 5 callbacks suppressed
[  383.639178][T15278] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2760'.
[  383.667114][T15278] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:1
[  383.869361][T15288] netlink: 3 bytes leftover after parsing attributes in process `syz.7.2764'.
[  383.888101][T15288] net_ratelimit: 220 callbacks suppressed
[  383.888125][T15288] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  384.034932][T15292] netlink: 'syz.6.2765': attribute type 10 has an invalid length.
[  384.079516][T15292] batman_adv: batadv0: Adding interface: team0
[  384.145499][T15292] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  384.169257][T15292] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  384.354165][T15310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2772'.
[  384.383229][T15311] dvmrp0: entered allmulticast mode
[  384.399740][T15312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2772'.
[  384.421179][T15312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2772'.
[  384.427098][T15315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2772'.
[  384.848257][T15338] tc_dump_action: action bad kind
[  385.001359][T15344] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2783'.
[  385.179416][T15350] 8021q: adding VLAN 0 to HW filter on device bond2
[  385.286964][T15356] netlink: 'syz.1.2787': attribute type 1 has an invalid length.
[  385.298080][T15356] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2787'.
[  385.379087][T15360] IPVS: wrr: UDP 224.0.0.2:65535 - no destination available
[  385.685904][T15372] netlink: 'syz.6.2793': attribute type 3 has an invalid length.
[  385.824633][T15381] netlink: 'syz.7.2795': attribute type 1 has an invalid length.
[  385.838508][T15381] netlink: 244 bytes leftover after parsing attributes in process `syz.7.2795'.
[  385.892372][ T5845] Bluetooth: hci5: command 0x0405 tx timeout
[  385.909512][T15388] batadv_slave_1: entered allmulticast mode
[  385.981642][T15389] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2798'.
[  386.061920][T15392] openvswitch: netlink: Message has 5 unknown bytes.
[  386.121304][T15396] netlink: 'syz.0.2801': attribute type 1 has an invalid length.
[  386.721756][T15385] batadv_slave_1: left allmulticast mode
[  387.328348][T15441] netlink: 'syz.6.2812': attribute type 4 has an invalid length.
[  387.443223][T15450] netlink: 'syz.7.2814': attribute type 12 has an invalid length.
[  387.743963][T15462] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  388.090028][ T6530] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  388.115063][ T6530] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  388.116202][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  388.139022][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  388.156066][T15466] tipc: Started in network mode
[  388.161134][T15466] tipc: Node identity 0a9343e5ab6d, cluster identity 4711
[  388.169875][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  388.170012][T15466] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.192438][ T6530] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  388.203132][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  388.212923][ T6530] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  388.224200][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  388.227685][T15466] syzkaller0: entered promiscuous mode
[  388.239047][T15466] syzkaller0: entered allmulticast mode
[  388.272361][T15464] tipc: Resetting bearer <eth:syzkaller0>
[  388.309095][T15464] tipc: Disabling bearer <eth:syzkaller0>
[  388.342658][T15473] hsr0 speed is unknown, defaulting to 1000
[  388.351493][T15473] lo speed is unknown, defaulting to 1000
[  388.895724][T15490] __nla_validate_parse: 12 callbacks suppressed
[  388.895745][T15490] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2824'.
[  388.916472][T15489] netlink: 120 bytes leftover after parsing attributes in process `syz.6.2826'.
[  388.935782][T15490] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2824'.
[  389.035835][T15495] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  389.119780][T15495] team0: Device gtp0 is of different type
[  389.159638][T15502] openvswitch: netlink: Message has 4 unknown bytes.
[  389.166852][T15502] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  389.213728][T15473] chnl_net:caif_netlink_parms(): no params data found
[  389.439691][T15516] IPVS: set_ctl: invalid protocol: 98 100.1.1.2:20004
[  389.588687][T15473] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.607499][T15473] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.629230][T15473] bridge_slave_0: entered allmulticast mode
[  389.658681][T15473] bridge_slave_0: entered promiscuous mode
[  389.689928][T15473] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.715340][T15473] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.739696][T15473] bridge_slave_1: entered allmulticast mode
[  389.762491][T15473] bridge_slave_1: entered promiscuous mode
[  389.980961][T15473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.008657][T15473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.247654][T15473] team0: Port device team_slave_0 added
[  390.275246][T15473] team0: Port device team_slave_1 added
[  390.285609][ T5845] Bluetooth: hci0: command tx timeout
[  390.427248][T15473] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.434514][T15473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.501617][T15473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.530704][T15473] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.548224][T15473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.647430][T15473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  390.672694][T15560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2845'.
[  390.711706][T15560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2845'.
[  390.721748][T15553] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  390.731834][T15552] syzkaller0: entered promiscuous mode
[  390.734709][T15560] netlink: 'syz.1.2845': attribute type 14 has an invalid length.
[  390.737777][T15552] syzkaller0: entered allmulticast mode
[  390.753904][T15560] netlink: 'syz.1.2845': attribute type 13 has an invalid length.
[  390.855354][   T31] INFO: task syz.5.1363:10678 blocked for more than 143 seconds.
[  390.857924][T15473] hsr_slave_0: entered promiscuous mode
[  390.873510][   T31]       Not tainted 6.16.0-syzkaller-06589-g010510128873 #0
[  390.885411][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  390.895097][T15473] hsr_slave_1: entered promiscuous mode
[  390.910429][   T31] task:syz.5.1363      state:D stack:27272 pid:10678 tgid:10674 ppid:9338   task_flags:0x400040 flags:0x00004004
[  390.915423][T15473] debugfs: 'hsr0' already exists in 'hsr'
[  390.938825][   T31] Call Trace:
[  390.944028][T15473] Cannot create hsr debugfs directory
[  390.944483][   T31]  <TASK>
[  390.952775][   T31]  __schedule+0x1737/0x4d30
[  390.974387][   T31]  ? __lock_acquire+0xab9/0xd20
[  390.979486][   T31]  ? schedule+0x165/0x360
[  390.984192][   T31]  ? __lock_acquire+0xab9/0xd20
[  390.993198][   T31]  ? __pfx___schedule+0x10/0x10
[  390.999373][   T31]  ? schedule+0x91/0x360
[  391.003985][   T31]  schedule+0x165/0x360
[  391.008498][   T31]  schedule_preempt_disabled+0x13/0x30
[  391.014118][   T31]  __mutex_lock+0x7e3/0x1340
[  391.018903][   T31]  ? __mutex_lock+0x5b6/0x1340
[  391.023814][   T31]  ? nfsd_nl_version_get_doit+0x16e/0xb60
[  391.030327][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  391.035576][   T31]  ? __nlmsg_put+0xef/0x1b0
[  391.040325][   T31]  ? genlmsg_put+0x137/0x2e0
[  391.045233][   T31]  nfsd_nl_version_get_doit+0x16e/0xb60
[  391.050966][   T31]  ? __local_bh_enable_ip+0x12d/0x1c0
[  391.058713][   T31]  ? __pfx_nfsd_nl_version_get_doit+0x10/0x10
[  391.065113][   T31]  genl_family_rcv_msg_doit+0x215/0x300
[  391.070998][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  391.078355][   T31]  genl_rcv_msg+0x60e/0x790
[  391.083033][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  391.092597][   T31]  ? __pfx_nfsd_nl_version_get_doit+0x10/0x10
[  391.100215][   T31]  ? __asan_memcpy+0x40/0x70
[  391.106063][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  391.111536][   T31]  netlink_rcv_skb+0x208/0x470
[  391.117118][   T31]  ? __lock_acquire+0xab9/0xd20
[  391.122028][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  391.127435][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  391.132871][   T31]  ? down_read+0x1ad/0x2e0
[  391.137397][   T31]  genl_rcv+0x28/0x40
[  391.141425][   T31]  netlink_unicast+0x82c/0x9e0
[  391.146992][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  391.152518][   T31]  ? netlink_sendmsg+0x642/0xb30
[  391.157809][   T31]  ? skb_put+0x11b/0x210
[  391.162316][   T31]  netlink_sendmsg+0x805/0xb30
[  391.167635][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  391.172992][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  391.178751][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  391.184107][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  391.190386][   T31]  __sock_sendmsg+0x21c/0x270
[  391.197427][   T31]  ____sys_sendmsg+0x505/0x830
[  391.202384][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  391.210374][   T31]  ? import_iovec+0x74/0xa0
[  391.216244][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  391.221084][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  391.226878][   T31]  ? __fget_files+0x2a/0x420
[  391.231631][   T31]  ? __fget_files+0x3a0/0x420
[  391.236727][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  391.241904][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  391.247794][   T31]  ? rcu_is_watching+0x15/0xb0
[  391.252790][   T31]  ? do_syscall_64+0xbe/0x3b0
[  391.257727][   T31]  do_syscall_64+0xfa/0x3b0
[  391.262375][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  391.268068][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.274871][   T31]  ? clear_bhb_loop+0x60/0xb0
[  391.279611][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.285650][   T31] RIP: 0033:0x7ff8fa98eb69
[  391.290924][   T31] RSP: 002b:00007ff8fb86d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.300560][   T31] RAX: ffffffffffffffda RBX: 00007ff8fabb6080 RCX: 00007ff8fa98eb69
[  391.308743][   T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[  391.317291][   T31] RBP: 00007ff8faa11df1 R08: 0000000000000000 R09: 0000000000000000
[  391.327501][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  391.337358][   T31] R13: 0000000000000000 R14: 00007ff8fabb6080 R15: 00007fffbb549b98
[  391.346428][   T31]  </TASK>
[  391.349853][   T31] INFO: task syz.3.1493:11077 blocked for more than 143 seconds.
[  391.359502][   T31]       Not tainted 6.16.0-syzkaller-06589-g010510128873 #0
[  391.367257][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  391.376382][   T31] task:syz.3.1493      state:D stack:27016 pid:11077 tgid:11076 ppid:5843   task_flags:0x400140 flags:0x00004004
[  391.388925][   T31] Call Trace:
[  391.392863][   T31]  <TASK>
[  391.397841][   T31]  __schedule+0x1737/0x4d30
[  391.402681][   T31]  ? __lock_acquire+0xab9/0xd20
[  391.407995][   T31]  ? schedule+0x165/0x360
[  391.412520][   T31]  ? __lock_acquire+0xab9/0xd20
[  391.417619][   T31]  ? __pfx___schedule+0x10/0x10
[  391.422551][   T31]  ? schedule+0x91/0x360
[  391.427285][   T31]  schedule+0x165/0x360
[  391.431701][   T31]  schedule_preempt_disabled+0x13/0x30
[  391.437362][   T31]  __mutex_lock+0x7e3/0x1340
[  391.442099][   T31]  ? __mutex_lock+0x5b6/0x1340
[  391.447059][   T31]  ? nfsd_nl_listener_set_doit+0x137/0x1690
[  391.453029][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  391.459357][   T31]  ? __asan_memset+0x22/0x50
[  391.464171][   T31]  ? ____sys_sendmsg+0x505/0x830
[  391.470196][   T31]  ? ___sys_sendmsg+0x21f/0x2a0
[  391.475251][   T31]  ? __x64_sys_sendmsg+0x19b/0x260
[  391.480515][   T31]  nfsd_nl_listener_set_doit+0x137/0x1690
[  391.487109][   T31]  ? __pfx___nla_validate_parse+0x10/0x10
[  391.492992][   T31]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  391.502028][   T31]  ? __nla_parse+0x40/0x60
[  391.506678][   T31]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  391.513087][   T31]  genl_family_rcv_msg_doit+0x215/0x300
[  391.519020][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  391.525918][   T31]  ? bpf_lsm_capable+0x9/0x20
[  391.530761][   T31]  ? security_capable+0x7e/0x2e0
[  391.536024][   T31]  genl_rcv_msg+0x60e/0x790
[  391.540591][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  391.545986][   T31]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  391.552198][   T31]  netlink_rcv_skb+0x208/0x470
[  391.557986][   T31]  ? __lock_acquire+0xab9/0xd20
[  391.562998][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[  391.570165][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  391.576164][   T31]  ? down_read+0x1ad/0x2e0
[  391.580707][   T31]  genl_rcv+0x28/0x40
[  391.585567][   T31]  netlink_unicast+0x82c/0x9e0
[  391.590779][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[  391.596215][   T31]  ? netlink_sendmsg+0x642/0xb30
[  391.602730][   T31]  ? skb_put+0x11b/0x210
[  391.607301][   T31]  netlink_sendmsg+0x805/0xb30
[  391.612223][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  391.619144][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  391.624147][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  391.629597][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  391.635213][   T31]  __sock_sendmsg+0x21c/0x270
[  391.639941][   T31]  ____sys_sendmsg+0x505/0x830
[  391.647017][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  391.652388][   T31]  ? import_iovec+0x74/0xa0
[  391.657234][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  391.662142][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  391.667611][   T31]  ? __fget_files+0x2a/0x420
[  391.672284][   T31]  ? __fget_files+0x3a0/0x420
[  391.677785][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  391.682775][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  391.688549][   T31]  ? rcu_is_watching+0x15/0xb0
[  391.693474][   T31]  ? do_syscall_64+0xbe/0x3b0
[  391.698326][   T31]  do_syscall_64+0xfa/0x3b0
[  391.702883][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  391.710669][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.717735][   T31]  ? clear_bhb_loop+0x60/0xb0
[  391.722643][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.729052][   T31] RIP: 0033:0x7fbf97d8eb69
[  391.733852][   T31] RSP: 002b:00007fbf98c78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.743034][   T31] RAX: ffffffffffffffda RBX: 00007fbf97fb5fa0 RCX: 00007fbf97d8eb69
[  391.751276][   T31] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  391.760203][   T31] RBP: 00007fbf97e11df1 R08: 0000000000000000 R09: 0000000000000000
[  391.769089][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  391.777412][   T31] R13: 0000000000000000 R14: 00007fbf97fb5fa0 R15: 00007fff53732278
[  391.785582][   T31]  </TASK>
[  391.788791][   T31] 
[  391.788791][   T31] Showing all locks held in the system:
[  391.797441][   T31] 2 locks held by ksoftirqd/0/15:
[  391.802778][   T31] 1 lock held by khungtaskd/31:
[  391.809468][   T31]  #0: ffffffff8e13c4e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  391.820638][   T31] 2 locks held by kworker/u8:8/3470:
[  391.826990][   T31] 2 locks held by getty/5600:
[  391.831838][   T31]  #0: ffff88814d25d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  391.842017][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  391.852311][   T31] 3 locks held by kworker/u8:11/6530:
[  391.858481][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  391.871072][   T31]  #1: ffffc9001b9bfbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  391.882911][   T31]  #2: ffffffff8f509008 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  391.894809][   T31] 2 locks held by syz.4.747/8688:
[  391.899988][   T31]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  391.909996][   T31]  #1: ffffffff8e418c48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690
[  391.921308][   T31] 2 locks held by syz.5.1363/10678:
[  391.927868][   T31]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  391.937270][   T31]  #1: ffffffff8e418c48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x16e/0xb60
[  391.947760][   T31] 2 locks held by syz.3.1493/11077:
[  391.953163][   T31]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  391.963013][   T31]  #1: ffffffff8e418c48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690
[  391.974061][   T31] 2 locks held by syz.2.2081/13000:
[  391.979569][   T31]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  391.988746][   T31]  #1: ffffffff8e418c48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x137/0x1690
[  391.999492][   T31] 1 lock held by udevd/14867:
[  392.004454][   T31]  #0: ffff88802583f358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  392.016126][   T31] 2 locks held by syz.8.2691/15054:
[  392.021544][   T31]  #0: ffffffff8f56e3f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  392.030169][   T31]  #1: ffffffff8e418c48 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_get_doit+0x1b6/0x6f0
[  392.040477][   T31] 3 locks held by syz-executor/15473:
[  392.046883][   T31]  #0: ffffffff8eca3ba0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  392.057946][   T31]  #1: ffffffff8f509008 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  392.067582][   T31]  #2: ffffffff8e141f38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  392.079423][   T31] 1 lock held by syz.6.2843/15551:
[  392.085845][   T31]  #0: ffffffff8f509008 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  392.095161][   T31] 
[  392.097710][   T31] =============================================
[  392.097710][   T31] 
[  392.107966][   T31] NMI backtrace for cpu 1
[  392.107989][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  392.108014][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.108027][   T31] Call Trace:
[  392.108036][   T31]  <TASK>
[  392.108046][   T31]  dump_stack_lvl+0x189/0x250
[  392.108077][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.108100][   T31]  ? __pfx__printk+0x10/0x10
[  392.108142][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  392.108172][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  392.108202][   T31]  ? __pfx__printk+0x10/0x10
[  392.108235][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  392.108269][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  392.108299][   T31]  watchdog+0xf93/0xfe0
[  392.108335][   T31]  ? watchdog+0x1de/0xfe0
[  392.108371][   T31]  kthread+0x70e/0x8a0
[  392.108400][   T31]  ? __pfx_watchdog+0x10/0x10
[  392.108428][   T31]  ? __pfx_kthread+0x10/0x10
[  392.108454][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  392.108483][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.108510][   T31]  ? __pfx_kthread+0x10/0x10
[  392.108536][   T31]  ret_from_fork+0x3fc/0x770
[  392.108572][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  392.108612][   T31]  ? __switch_to_asm+0x39/0x70
[  392.108643][   T31]  ? __switch_to_asm+0x33/0x70
[  392.108666][   T31]  ? __pfx_kthread+0x10/0x10
[  392.108692][   T31]  ret_from_fork_asm+0x1a/0x30
[  392.108735][   T31]  </TASK>
[  392.108745][   T31] Sending NMI from CPU 1 to CPUs 0:
[  392.121254][T15551] tipc: Resetting bearer <eth:syzkaller0>
[  392.127436][    C0] NMI backtrace for cpu 0
[  392.127457][    C0] CPU: 0 UID: 0 PID: 15551 Comm: syz.6.2843 Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  392.127481][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.127492][    C0] RIP: 0010:lock_acquire+0x58/0x360
[  392.127523][    C0] Code: 8b 05 0c 90 fc 10 48 89 44 24 58 0f 1f 44 00 00 65 8b 05 0f 90 fc 10 83 f8 08 0f 83 b8 01 00 00 89 c0 48 0f a3 05 b8 0a 03 0e <73> 16 e8 d1 ef 08 00 84 c0 75 0d f6 05 a2 fa ec 0d 01 0f 84 d7 01
[  392.127540][    C0] RSP: 0018:ffffc900000070f0 EFLAGS: 00000293
[  392.127559][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002
[  392.127570][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e13c4e0
[  392.127582][    C0] RBP: ffffffff81cea0a6 R08: 0000000000000000 R09: 0000000000000000
[  392.127594][    C0] R10: ffffc90000007278 R11: ffffffff81ac3450 R12: 0000000000000002
[  392.127606][    C0] R13: ffffffff8e13c4e0 R14: 0000000000000000 R15: 0000000000000000
[  392.127618][    C0] FS:  0000555560fc1500(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[  392.127634][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  392.127646][    C0] CR2: 00007fff0066bfc8 CR3: 0000000022bea000 CR4: 00000000003526f0
[  392.127663][    C0] Call Trace:
[  392.127669][    C0]  <IRQ>
[  392.127685][    C0]  is_bpf_text_address+0x47/0x2b0
[  392.127727][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  392.127754][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  392.127784][    C0]  kernel_text_address+0xa5/0xe0
[  392.127808][    C0]  __kernel_text_address+0xd/0x40
[  392.127830][    C0]  unwind_get_return_address+0x4d/0x90
[  392.127850][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  392.127870][    C0]  arch_stack_walk+0xfc/0x150
[  392.127904][    C0]  stack_trace_save+0x9c/0xe0
[  392.127923][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  392.127941][    C0]  ? kasan_save_free_info+0x46/0x50
[  392.127963][    C0]  ? __dev_queue_xmit+0x21d3/0x3b50
[  392.127984][    C0]  ? lapb_data_transmit+0x8d/0xb0
[  392.128000][    C0]  ? lapb_transmit_buffer+0x163/0x200
[  392.128028][    C0]  ? __lock_acquire+0xab9/0xd20
[  392.128053][    C0]  kasan_save_track+0x3e/0x80
[  392.128076][    C0]  ? kasan_save_track+0x3e/0x80
[  392.128099][    C0]  ? kasan_save_free_info+0x46/0x50
[  392.128119][    C0]  ? __kasan_slab_free+0x62/0x70
[  392.128142][    C0]  ? kfree+0x18e/0x440
[  392.128165][    C0]  ? skb_release_data+0x62d/0x7c0
[  392.128182][    C0]  ? kfree_skb_list_reason+0x25d/0x460
[  392.128198][    C0]  ? __dev_queue_xmit+0x21d3/0x3b50
[  392.128218][    C0]  ? mrp_join_timer+0xa3/0x170
[  392.128239][    C0]  ? call_timer_fn+0x17e/0x5f0
[  392.128263][    C0]  ? __run_timer_base+0x61a/0x860
[  392.128282][    C0]  ? run_timer_softirq+0xb7/0x180
[  392.128303][    C0]  ? handle_softirqs+0x283/0x870
[  392.128329][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  392.128354][    C0]  ? irq_exit_rcu+0x9/0x30
[  392.128379][    C0]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  392.128403][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  392.128422][    C0]  ? vprintk_emit+0x58f/0x7a0
[  392.128438][    C0]  ? _printk+0xcf/0x120
[  392.128458][    C0]  ? tipc_reset_bearer+0x1e/0x70
[  392.128485][    C0]  ? tipc_l2_device_event+0x471/0x650
[  392.128501][    C0]  ? notifier_call_chain+0x1b3/0x3e0
[  392.128517][    C0]  ? __dev_close_many+0x106/0x6f0
[  392.128540][    C0]  ? netif_close_many+0x225/0x410
[  392.128564][    C0]  ? unregister_netdevice_many_notify+0x7b9/0x1ff0
[  392.128587][    C0]  ? unregister_netdevice_queue+0x33c/0x380
[  392.128607][    C0]  ? __tun_detach+0xda4/0x1560
[  392.128628][    C0]  ? tun_chr_close+0x10a/0x1c0
[  392.128646][    C0]  ? __fput+0x449/0xa70
[  392.128665][    C0]  ? task_work_run+0x1d4/0x260
[  392.128685][    C0]  ? exit_to_user_mode_loop+0xec/0x110
[  392.128708][    C0]  ? do_syscall_64+0x2bd/0x3b0
[  392.128734][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.128770][    C0]  kasan_save_free_info+0x46/0x50
[  392.128790][    C0]  __kasan_slab_free+0x62/0x70
[  392.128816][    C0]  ? skb_release_data+0x62d/0x7c0
[  392.128833][    C0]  kfree+0x18e/0x440
[  392.128856][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  392.128885][    C0]  skb_release_data+0x62d/0x7c0
[  392.128909][    C0]  kfree_skb_list_reason+0x25d/0x460
[  392.128927][    C0]  ? stack_depot_save_flags+0x40/0x900
[  392.128947][    C0]  ? __pfx_kfree_skb_list_reason+0x10/0x10
[  392.128964][    C0]  ? __lock_acquire+0xab9/0xd20
[  392.129001][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  392.129024][    C0]  __dev_queue_xmit+0x21d3/0x3b50
[  392.129051][    C0]  ? __dev_queue_xmit+0x27b/0x3b50
[  392.129080][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  392.129106][    C0]  ? do_raw_spin_lock+0x121/0x290
[  392.129144][    C0]  ? skb_dequeue+0x10e/0x150
[  392.129169][    C0]  mrp_join_timer+0xa3/0x170
[  392.129192][    C0]  call_timer_fn+0x17e/0x5f0
[  392.129216][    C0]  ? __pfx_mrp_join_timer+0x10/0x10
[  392.129237][    C0]  ? call_timer_fn+0xbe/0x5f0
[  392.129260][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  392.129291][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  392.129314][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.129337][    C0]  ? __pfx_mrp_join_timer+0x10/0x10
[  392.129361][    C0]  __run_timer_base+0x61a/0x860
[  392.129382][    C0]  ? ktime_get+0x3e/0x1f0
[  392.129407][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  392.129427][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  392.129457][    C0]  run_timer_softirq+0xb7/0x180
[  392.129480][    C0]  handle_softirqs+0x283/0x870
[  392.129509][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  392.129539][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  392.129569][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  392.129593][    C0]  __irq_exit_rcu+0xca/0x1f0
[  392.129619][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  392.129653][    C0]  irq_exit_rcu+0x9/0x30
[  392.129678][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  392.129702][    C0]  </IRQ>
[  392.129708][    C0]  <TASK>
[  392.129715][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  392.129734][    C0] RIP: 0010:vprintk_emit+0x58f/0x7a0
[  392.129751][    C0] Code: 85 32 01 00 00 e8 01 78 1f 00 41 89 df 4d 85 f6 48 8b 1c 24 75 07 e8 f0 77 1f 00 eb 06 e8 e9 77 1f 00 fb 48 c7 c7 80 07 13 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 f9 36
[  392.129766][    C0] RSP: 0018:ffffc9001bdbf5c0 EFLAGS: 00000293
[  392.129782][    C0] RAX: ffffffff81a038c7 RBX: ffffffff81a03784 RCX: ffff8880506d8000
[  392.129796][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e130780
[  392.129808][    C0] RBP: ffffc9001bdbf6d0 R08: ffffffff8fa07af7 R09: 1ffffffff1f40f5e
[  392.129821][    C0] R10: dffffc0000000000 R11: fffffbfff1f40f5f R12: dffffc0000000000
[  392.129834][    C0] R13: 1ffff920037b7ebc R14: 0000000000000200 R15: 0000000000000027
[  392.129849][    C0]  ? vprintk_emit+0x444/0x7a0
[  392.129866][    C0]  ? vprintk_emit+0x587/0x7a0
[  392.129893][    C0]  ? vprintk_emit+0x444/0x7a0
[  392.129911][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  392.129927][    C0]  ? __lock_acquire+0xab9/0xd20
[  392.129955][    C0]  ? dsa_user_netdevice_event+0x703/0x2780
[  392.129988][    C0]  _printk+0xcf/0x120
[  392.130012][    C0]  ? __pfx__printk+0x10/0x10
[  392.130032][    C0]  ? packet_notifier+0xc63/0xcb0
[  392.130059][    C0]  tipc_reset_bearer+0x1e/0x70
[  392.130087][    C0]  tipc_l2_device_event+0x471/0x650
[  392.130105][    C0]  notifier_call_chain+0x1b3/0x3e0
[  392.130126][    C0]  __dev_close_many+0x106/0x6f0
[  392.130155][    C0]  ? __pfx___dev_close_many+0x10/0x10
[  392.130200][    C0]  netif_close_many+0x225/0x410
[  392.130229][    C0]  ? __pfx_netif_close_many+0x10/0x10
[  392.130254][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  392.130280][    C0]  unregister_netdevice_many_notify+0x7b9/0x1ff0
[  392.130311][    C0]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  392.130335][    C0]  ? __queue_work+0xc80/0xfe0
[  392.130355][    C0]  ? queue_delayed_work_on+0x11a/0x280
[  392.130372][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.130402][    C0]  unregister_netdevice_queue+0x33c/0x380
[  392.130423][    C0]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  392.130442][    C0]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  392.130461][    C0]  ? linkwatch_urgent_event+0x318/0x3a0
[  392.130488][    C0]  __tun_detach+0xda4/0x1560
[  392.130516][    C0]  ? __pfx_tun_chr_close+0x10/0x10
[  392.130535][    C0]  tun_chr_close+0x10a/0x1c0
[  392.130554][    C0]  __fput+0x449/0xa70
[  392.130581][    C0]  task_work_run+0x1d4/0x260
[  392.130604][    C0]  ? __pfx_task_work_run+0x10/0x10
[  392.130630][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  392.130656][    C0]  exit_to_user_mode_loop+0xec/0x110
[  392.130681][    C0]  do_syscall_64+0x2bd/0x3b0
[  392.130708][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.130725][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  392.130743][    C0]  ? clear_bhb_loop+0x60/0xb0
[  392.130764][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.130781][    C0] RIP: 0033:0x7ff84018eb69
[  392.130797][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.130814][    C0] RSP: 002b:00007ffe14832ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  392.130831][    C0] RAX: 0000000000000000 RBX: 000000000005f541 RCX: 00007ff84018eb69
[  392.130843][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  392.130853][    C0] RBP: 00007ff8403b7ba0 R08: 0000000000000001 R09: 0000001e148331cf
[  392.130865][    C0] R10: 00007ff840000000 R11: 0000000000000246 R12: 00007ff8403b5fac
[  392.130919][    C0] R13: 00007ff8403b5fa0 R14: ffffffffffffffff R15: 00007ffe14832ff0
[  392.130942][    C0]  </TASK>
[  392.140403][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  392.140433][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-06589-g010510128873 #0 PREEMPT(full) 
[  392.140468][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.140485][   T31] Call Trace:
[  392.140498][   T31]  <TASK>
[  392.140513][   T31]  dump_stack_lvl+0x99/0x250
[  392.140546][   T31]  ? __asan_memcpy+0x40/0x70
[  392.140580][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.140608][   T31]  ? __pfx__printk+0x10/0x10
[  392.140658][   T31]  panic+0x2db/0x790
[  392.140699][   T31]  ? __pfx_panic+0x10/0x10
[  392.140727][   T31]  ? __pfx___x2apic_send_IPI_mask+0x10/0x10
[  392.140772][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  392.140813][   T31]  watchdog+0xfd2/0xfe0
[  392.140857][   T31]  ? watchdog+0x1de/0xfe0
[  392.140899][   T31]  kthread+0x70e/0x8a0
[  392.140935][   T31]  ? __pfx_watchdog+0x10/0x10
[  392.140966][   T31]  ? __pfx_kthread+0x10/0x10
[  392.140999][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  392.141031][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.141065][   T31]  ? __pfx_kthread+0x10/0x10
[  392.141096][   T31]  ret_from_fork+0x3fc/0x770
[  392.141139][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  392.141185][   T31]  ? __switch_to_asm+0x39/0x70
[  392.141213][   T31]  ? __switch_to_asm+0x33/0x70
[  392.141241][   T31]  ? __pfx_kthread+0x10/0x10
[  392.141271][   T31]  ret_from_fork_asm+0x1a/0x30
[  392.141323][   T31]  </TASK>
[  392.141923][   T31] Kernel Offset: disabled