last executing test programs:

4.761765677s ago: executing program 1 (id=3635):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x939e02dc105d5baa, 0x2}, {0xe}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r4, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000640)=""/211, 0xd3}, {0x0}, {&(0x7f0000003080)=""/4093, 0xffd}, {&(0x7f0000000540)=""/212, 0xd4}, {&(0x7f0000000180)=""/192, 0xc0}], 0x5}, 0x8}], 0x1, 0x0, 0x0)

4.682427565s ago: executing program 1 (id=3637):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70a0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e294aaf5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5", 0xdd}, {&(0x7f0000000a80)="d48c8225ddfdf23dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75200000000000000000000000000000000daf2eea77d37fde052788fed8f7db246f0be4929a5afc2222845e9008620c4535c6c2c96868c32", 0x7a}], 0x3}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="6a422a90b49aff66e6d57061f85cd63d581d6e27741be92c4a9081cd661ab03e82ca5e1169e5bf91b0dd79cde0d1789dffbea8280cf8", 0x36}, {&(0x7f0000000840)="f2fe84e07da72d5be0eee26e6693cc950e7080ba2900a53b969dc13369b90492865a9fb8d25a00b9c2d8e52e23e3267d15", 0x31}, {&(0x7f00000009c0)="4d25acabb0d76231f77e554a8c8c1b3afdb47d428c57725ff9b4fc3ff9300e603fd9b082e7b1dc654d7db972a680ad49a0b606b08d00b692df47c9b3d57a2ca02114cff55e05199643619f8b0e3c02546ba27d0e5eb073779970d0", 0x5b}], 0x3}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

4.518269633s ago: executing program 1 (id=3640):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0xff, @local}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=[{0xffffffa7, 0x118, 0xb, '1'}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="582b00000018110200"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000cc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@mpls_getroute={0xa0, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x14}, [@RTA_NEWDST={0x84}]}, 0xa0}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getuid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, 0x0, &(0x7f0000000580))
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @mss={0x2, 0x800}, @mss={0x2, 0x6}, @mss={0x2, 0x8000}, @timestamp, @timestamp, @mss={0x2, 0x8}, @timestamp], 0x8)
getsockopt$inet_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f00000014c0))

4.429746017s ago: executing program 3 (id=3642):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xd0, r2, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
read$nci(r3, &(0x7f0000000280)=""/72, 0x48)
r4 = socket$inet(0x2, 0x800, 0x101)
getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, &(0x7f0000000380))
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r1)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000480)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r6, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048005}, 0x4000)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x340, 0x0)
ioctl$TUNSETOFFLOAD(r8, 0x400454d0, 0x2)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f00000005c0)={0x1, {0x7, 0x7, 0x7, 0x8, 0x9}})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000600)={0x1, 'bond_slave_1\x00', {}, 0x8})
r9 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r9, 0x89e1, &(0x7f0000000640)={r1})
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000006c0)={0x2, &(0x7f0000000680)=[{0x8001, 0xe, 0xf, 0x1}, {0x6ce, 0x4, 0x7, 0x5}]})
getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000700), &(0x7f0000000740)=0x8)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_START_POLL(r10, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x5c, r6, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x84}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x88}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x82}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x44}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x2}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x42}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xc}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000041)
nanosleep(&(0x7f00000008c0), &(0x7f0000000900))
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x50, 0x0, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x884c}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8100}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000a80), &(0x7f0000000ac0)=0x8)

4.397337764s ago: executing program 1 (id=3644):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSACTIVE(r3, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
pwrite64(r3, &(0x7f00000004c0)="fdf1f6", 0x3, 0xd39)
sendto$inet6(r2, 0x0, 0x0, 0x20044849, &(0x7f00000001c0)={0xa, 0x4e21, 0x80000000, @empty, 0x4}, 0x1c)
getsockopt$inet_int(r2, 0x0, 0xe, 0x0, &(0x7f0000000500))
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000340)={@void, @void, @eth={@multicast, @remote, @val={@void, {0x8100, 0x7, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x2, 0x6, "3dda1b", 0xc1, 0x3a, 0x1, @loopback, @dev={0xfe, 0x80, '\x00', 0x17}, {[@hopopts={0x3c, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x3}]}], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @broadcast}, @local, [{0xc52189682c5fbf4, 0x11, "d6aa74b9e09165608498ea2959af7aa2ff42a2a731529b61f1e1da6bcc7abde660e5280f8c63a752ef45f2e17b7ade90e8a30afd55c2f5365bb8e824bd0037a2087665c77eac960eadd30f6c6305de1b1f1d085dd1a658176199c86bb835b52c506e382bb58a625c10d3646aaef393800530b1e617dbf4061b68caa16c6de5531bb1bed7949e57"}]}}}}}}}, 0xfb)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmmsg$sock(r0, 0x0, 0x0, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4004081)
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r7, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd}]}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1000}, 0x1c)

3.49315662s ago: executing program 3 (id=3648):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, 0x17ff, 0x1, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'srp\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'cma\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008000)

3.322332474s ago: executing program 3 (id=3650):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet_udp(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
clock_gettime(0x0, &(0x7f0000000100))
pselect6(0x40, &(0x7f0000000000)={0x8000000000000000, 0x4, 0x1, 0x0, 0x100000000, 0x46f3, 0x7, 0x97}, &(0x7f0000000040)={0x8, 0x64a, 0x0, 0x2, 0x13b8080e, 0xb, 0x2, 0x6}, &(0x7f0000000080)={0x5, 0x4, 0x7fffffffffffffff, 0xd, 0xfe, 0xe, 0x6, 0x5}, &(0x7f0000000140), &(0x7f0000000200)={&(0x7f0000000180)={[0x2]}, 0x8})
socket$inet(0x2b, 0x801, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5f8, 0x0, 0xc6, 0x0, 0x7fffffff}, 0x0, 0x0)
r1 = epoll_create(0x7)
r2 = epoll_create1(0x0)
r3 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0))
r4 = epoll_create1(0x0)
r5 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0))
r6 = socket(0x11, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r8=>0x0})
bind$packet(r6, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @dev}, 0x14)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000240)={0x2, 0x4e1e, @local}, 0x10, &(0x7f0000000600), 0x0, &(0x7f0000000680)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x65}}], 0x50}, 0x1000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000100))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r10, &(0x7f0000000080))
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f0000000200))
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10)
shutdown(r0, 0x1)

3.288273197s ago: executing program 2 (id=3651):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x0, &(0x7f0000000040)}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x9, 0xe035, 0x0, 0x0, 0x7fffffff, 0x8, 0x3, 0xa879, r1}, &(0x7f0000000240)=0x20)

3.189642736s ago: executing program 2 (id=3652):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x13c, 0x0, 0x4, 0x8b8fe30f17f3e635, 0x70bd27, 0x25dfdbfc, {0x5, 0x0, 0x8}, [@nested={0x120, 0x4c, 0x0, 0x1, [@typed={0x8, 0x133, 0x0, 0x0, @ipv4=@remote}, @nested={0x4, 0x12e}, @typed={0x8, 0x149, 0x0, 0x0, @u32=0xfff}, @generic="2c89249e03dde585045d2129f4af6fedf539a58c4708fa4cdab20501da87e83511f78c5325e9265bf787b7d4198cf2cae62397f0438f0525dab71fb9362932a9a49ff842f2677c1d365ca2c2859234241a86b2ec967515d3fa54b84cce2a64b5947ff5fa487b272419a238d5070bdeac6094fa4a64702e890accc795b538422a1ca195f500ab29888b16e3dd54e61be1937a4f7f2e826d139dc4fc594bc611df20f3fb14891d204502264f6dc7d17d1bab9343a64ea074095da2fe91dd1ad94af4b7d9e90ef2dd547a7de6ed9c9c52761d1fa232340f2ce8aaae950a", @typed={0x8, 0x35, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x1b}}, @typed={0x8, 0x131, 0x0, 0x0, @u32=0x6}, @typed={0x19, 0xa6, 0x0, 0x0, @binary="5b314ae985c4e5dd17873440f1955e27c1098194cb"}]}, @nested={0x8, 0x38, 0x0, 0x1, [@nested={0x4, 0x130}]}]}, 0x13c}}, 0x4) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) (async)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/mnt\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r2, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x50}, 0x10048111)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000003c0), r1) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000400)=<r5=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x40, r4, 0x300, 0x70bd26, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_FIRMWARE_NAME={0xe, 0x14, '!{/\')(^&-#'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_FIRMWARE_NAME={0xb, 0x14, 'ns/mnt\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x40010}, 0x44011)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
pselect6(0x40, &(0x7f0000000500)={0x10000, 0x7, 0x1, 0x1, 0xfffffffffffffffc, 0x4, 0x5, 0x7}, &(0x7f0000000540)={0xf369, 0x4, 0x1, 0x3ff, 0xfffffffffffffff9, 0x4, 0x4c, 0x7}, &(0x7f0000000580)={0x8000, 0xc7, 0x6, 0x6, 0x5, 0x4, 0x0, 0xffffffff}, &(0x7f00000005c0)={0x77359400}, &(0x7f0000000640)={&(0x7f0000000600), 0x8})
listen(r6, 0x1)
setsockopt$inet6_buf(r6, 0x29, 0xe4, &(0x7f0000000680)="e5aceb5ed47082b930a4fdb4a8d3de108773f571c823e021318f0d630c9cd0fec5f891c4a9", 0x25)
sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x34, 0x0, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010102}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x3}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004040}, 0x8044) (async)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000880)={'vlan1\x00', &(0x7f00000007c0)=@ethtool_rx_ntuple={0x35, {0xc, @usr_ip4_spec={@multicast2, @rand_addr=0x64010100, 0xe4ec, 0x81, 0x1, 0x5}, @ether_spec={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @local, 0x9}, 0x8000, 0x2, 0x1, 0x9, 0xfffffffffffffffe}}}) (async)
unshare(0x200) (async)
sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x14, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008000)
r7 = socket$alg(0x26, 0x5, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000020c0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000002080)={&(0x7f0000000a00)=@delchain={0x1680, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0xe}, {0x4, 0xc}, {0xa, 0x4}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_CHAIN={0x8, 0xb, 0x4}, @TCA_RATE={0x6, 0x5, {0xd, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS={0x8}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x8, 0x3, 0x8, 0x3}]}}]}}, @filter_kind_options=@f_flow={{0x9}, {0x1608, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1c763}, @TCA_FLOW_ACT={0x15fc, 0x9, 0x0, 0x1, [@m_vlan={0x84, 0xa, 0x0, 0x0, {{0x9}, {0x24, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x4}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x1}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x6}]}, {0x37, 0x6, "8044589dcc4bcbc4d23444d0f63b6b8d57512fcf0e0d8046ce02160063534e54f78c9303cecb69337b37a899b3a90a3f0d2bf8"}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_nat={0x10a4, 0xe, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x3ff, 0xc, 0x20000008, 0x5}, @private=0xa010102, @private=0xa010100, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xb75e, 0x6, 0x0, 0x10001, 0xb5b7}, @broadcast, @empty, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x8, 0x7, 0x7}, @dev={0xac, 0x14, 0x14, 0x36}, @local, 0xffffffff}}]}, {0x1004, 0x6, "e195c467c2ff0b6f4d4333bf037818faf671b6844d9338f77efae248bfeee8c70ff9ab1246e0fe34ebc2b301d13e064bf746f9f7217feeece9c9b83c4df9a8650d408639a5ed21439863a86051357e42cfeeb4033e75bf5d1e88adb35408a10ea86a410438199e1839269cf332bfbeb7bbb0f4ed6b33d1bba99186ff71a6554ee6812dfef33a220f82961d08a4d473e990cac7be68b555066492c1537ae9a2639d7d68fcd67c16944e22224de459e8fe34e451dbde51c3747617efb06de868857ca28b76473e68b1ddc75a86f4340c5197bb21cc92982ba76168affada6f487a05aadd064cba0ff54d3db59a3d288bc04bd54ccfe6b827fa98261aacb46e06d2a655de2ec66ea30e43e2aafa652f77c4c98ddae5962a4c8d3198a19726f1c49fb1fd167c4c1a39ed210e0a4925dcab4c562718559791f8101ecf4cb62387a74dbe839b2c1e59f4cfd86e3456aacc7bf83a16bd2ef097d384dbc52aa8824be40f045893c4701fa940a176257afe1fcd7343ec3b383fa3a6f66a68f6ab01b3068dbad1b15841b988c8483c9554cadbdad0858e1ae0a7fd7a2f3a7a1d49f4d8c3906a38ae7df2f24364c8ee4e9430b85ad77e650fedd3632f0b84a7c8edf3fe2ee4f972f34af825ef6292f45ae6e26f4952756a57e8c4a0f4f8f62d2dc952cd8766e0ea0b3d518e2a0146b2db3b90d9bc746f96055da91e468904c3d41d71cc289fad84509553343ba45af63fab0eaef33ee24a9e21d7cfdb7d211b21238ebe2b11a5e46a935937241f7a0bea4d490346babc0c2e74a8e14c6ca9797d173c02a4d8594ff36c3b12bfc188f6ef19feed1ad3fcdd90447f32239b3233a0d0868eb85d8eff7e802dfb0720c70e852e209a45da80badce158a917273a83bfe468e6e7dc6deeff81183ed891b81e69c8e907fffed3b3c9d2d82fa671920179e24e7340e7110cc8c0cec8411293e3db6f7e731a937e1f3cedf3b25062ec76a2a29dd2c60242c06a4707717b6932219bfaadb2b5ea95ed605e7ec9e198f418f4cb8d37be30d4a2684a23e7af768e1435d29dc5b61730a7a974f3a7958f9407065625323d59f1d792dcdabfb395ab2611b8775acb5d83fe602fe716a8b1bb4aa6ac9377336fe06dc0e6604081b8447ba115579b10c3ccc7b1fd2b85df86882905c4bc927d4b6499137a2eb7d69aa95f13ba3fc8c3f0aea61fd925630d57e8a3a3a38705bfc029da0b56b22241667ddc2d0600fe5382ea69e414ab7a8939b868a6ac1fe53af6d8973729fc9296383545cde4c114323e0385439613104ff76105d58d4f9154bd816fdfe72cccfe7edfc65823afca6c7afecf3ab958a14d1cd8bd8c5dba62821feb12e3ac0c9df3f1d812f0a0c26a4509ef7df8aaebae67e6d128cc9cadb43f70bb4746a21806922ad58a6dbfa6680843bfef8310489d17eaf1ac5d29ab61562150df259b67360b5e7ee29c360e7f0abbbf00c5663f0aca373d731405b7a63ec5d077495855d6793aa61631881cdccaa8da38568586543877e57244f4e3de01f0aed704038c568626386465969e7807ede16af7bc987541da5d7e7c858767677075fe3c720e6007674e274eb1527a43a20bc8fce2268ea062829f00bcc52b0ff96655fc3d4cd09a0344a3b6f0af659ff603060be00a48fe40b1b35c0ae765ed8c8df6f27fa8d2d2d8ed501ed37b6a65509b11b45f1a506731b28097deb26727fa7a7c4f68b45fc2142b5eebacf8ff3d03dac7f33c5623c42e7597f75986aa46b3f8eefe11e8c33f20053af1b6a4adb2132384191ed1be77242b4e6dbb33e74f195087af51d989b0aacecc1bdc9cc6f5d4408ccc194eb798f8d520853a08d5824c7c2a48ccd8bb73fc58d86ec2b76d90d3b331d5c722366f6d539be1bfc0da0d9e4b43837a6c35cbc78c1b45e2b999f63198574bf7aa22e61b2e3eba8ac9dbd2f8c57446d17b4c0aec016f36f4df52c4eb6fd52e2389b712c3b1f4d4e12985ea2410cbae5c22a846e5de24b45757d5efdbc0185228c32b56222c496772832db0039016813a98e1e2a7a0c56e9bd2aa559b32acd017e2b52aba7b90f3a6d83a2a8e2ba66866825cb7e50ddf8697dc06e911635e91fbe23d987b7dd10a0b9232f6169b12f1efceec5cfa73437cb86eb9e84a393b85112238bba125dac84148f86a3482036c46ead03c57eb83721c869f624de98a4008f326a689685a2ad63e1fe5e0e72438d9b642a8710bc6c048a44edf72c975d4337a40a1442525751c77f6dd4b1af9d3edceb56044f7c05a8827c81ecc8dce53cc188320bc74e945f14410bb4611bef3b22eb58064fdca75c90ad49791f98ada86db458347601574ee9a1e189562b92e83fa02f2b8d9e37df1bef32ec55d665134b15b202c582318983659c59db3c51bdf7f49518e8792e005eb8a1a926e87d21aafd9bb40251c4af502391bca9a6e1fdf78ea1c78e2ca4246201cdd355628888ff422be39840d9c4bc3ecff5067609cddcb7c41dd1e33c2b9703129f91ca6f2fb38cc2d0eadcf4d631d5b4675412bba2ee4f410a8f144ae43abad490546366286975101efd782622484ad9adcca38f3f568b63bd1e7540723d57c23c0a8da618ffc7b701e09021f47f2eb01d761c886bcf7ba60a77f17dc19c9290900d03417a4ac46d98c93657c8d6f76e26e533d202d56c92eee8890c5e2b739e5fcd2ddd7416ac7ae558583047d9e8c2013bb4257b2414e42dc20ced82b5b2af1cbc6388150ba6a704553bba23ecbcb927908e0e1bd6a7c22ac489d05d2322d8b5ef4ffbdc50165657fcd411ca9e0bd83df06b4584d66b9c6bcb05c112a48c7258b9fc892a8968aaece6db6ac6ccb0b41ed010484ab383b079d5d3965f421b2c8c068b9885f08219f6e2686a645e62135b90f9ee18adc1a74cdd31b6a1f0e73f7782211429de30eaf8c39e5ea867ed63c75acae9de4e24e360fcf5e193f2b6dbffd3a5b33d6330132b8a3f15f9956cb92bed299ca2f7c5975e36185ba8e01da353a12e6daa9f5b25b868147582412345d8c033c7b0175e99dc40f0581022dd1c4cbf994451453fc529648b26604019d1acc210bb68e831339b91c46cba9cc7dfeea888f75d1f3e392670296eb4f2238760cc499254f061aae6806ae43c906ea971f485bacf9418a3997958d8e4ae2ed739c1ce8b2eb7b82ca624a420a267d774f7d6ae03a3393ea0127d2244aab48605c8744ce4b8dab884387b1eba86a60fad09e545239360758685fc076d19b4de6507b86839907a95ab02600068b91d001b3a340e1b89064985b9aea1e106d592a3e92e741f1bb88008791577c2b0ba35b0c929d353e9207a188ba1d6baadc2b2bbe265ed638ff5274de50ec66abd0ca7fc4af65c59502fba96723b3afe8d8e948507666cd14be9e055b4dca2f8a04d25b3aa3c366c2125377d87547722a05b0c7ad8f04ec89adca8ece39ea50d63c81255dc2a6829ab309f43142bb3c8ebd94ce5560b30f4c6d8c538a127edfb0b4792c394641db3ed195dfa741cd823bb340e958eb5c698902c26f79c1275b6f4684c7ea467af42a1cb329d84fe64ec0a9b39e8a0abfc1937c82d5c722f6ab50a5d53a2b23bfc61e05f71cce974253297336f274d87f3510a3b22905b0fdc54803c9d845447b43499a6d0ed97d681db06b4e53e0ba58992f1f4a2a550bf6fb4858357fb5dd5a7aea874536cff44803e8f716e4480e9722e176ce0e3ee6f3825fcb8ff4eb26e0e6354120f2e204d692ab92f10039d44d464f721d70773b3e1dcff74be1c07288a96bf8cd4d929432b5b609da0ed1e652614aa5618986a7d460b155736fc5e8ea38c2bcaefc47712b49e92c0714e3305b71b1170d7fd893c776ca9098ca0968468eb84120e8da0b59d704c2e8d6b83c82bdddb3ba33a4b7474f85698504b45280a27ddcff1405c2748e6071e49e930b523183ae2fece2f495b1f88c27b289139a3593865f153dcab9e1fa72de4b47efbce5152420a685d445861d2f5dce12bd342b2f512eecc19b3e8c102af13c75622d2d2ec41c377123bf72432de39dd04b9b93cdc30a4c51273041a691b99107faaba607951089be81dff06e49f1e7839c60d058e8cf366efe5cc51eadb2df7071aa79eede9bd019e30b62237c93a5a379b506d6b30a790a62594f8b29218973a8b37964f3f854dfe9115dc05a64e6a16e1b91f35247e944a3137e3ddd80319623be233715318c4d33d7d719b4abccc349f5f174adc074a28b43b04eb3d8e8416f355b4d57477b35a53be4dbd61e227a7ca345d0302a93a8eb29715435303294b83f0950486bcd4ef0124acae19742613a8dede58ca2612e9d30246e8d5a7c123c22e7a21fdaea27bba96995739e179188cbfbb7aa04c8e7535681395d19b6ba6f26bd2ef2c1a7ade8f6aed294f1db83ef56574ae2edf5865772801cf7cc6ea8900c2e0f4f98d16e47d280e77ccbe4b5c7c1caacffb2de2001d40864a43b66c002d171740b11d4e66bc4a4c8e785f724ebb4f3145bec754e8100bbce72cf745ffc13e52621de5f84015da2a8c0a8d767ce239d01aa2ac84927ecfa54d73facf53990fc08c16085cf38267249cdd16c58760af4655808149124c583690bb4e4a0118f4563911d38afe1a912a79a95995ac918a0531aa4da10675af2edb5e5ef09cdddeeeb31bab13a7c4cdbc7c8a5f51a7ff102c6fe45b33f793afb77d1f57a72bdab3f04f20b7af5f614fab4075763e459cbdb29c308b4f68192ae2c7e4a57541446a8ae72dea97f2fa2dceabe62cd093a11a49a2d07c7692276571fb63385e6d520d9057acecfe91c086b0c43a9558243c59fb56f64d69c2828cdf3c5c812d372acd6efcda537b36588f238c2734d23f42e01c3a2f7d36f25f8d4ceb924fb595119e3b831925e980ef444e9b110a0bffa8fe0a8306d3087b54204336152afd213752a331133e84928185b4346bfc2495509e9e4d8f8cf842bfd451ffcac42dd03f0f8d2002922f79d86e9fffdb0585e561866f96d0b289a0930343cc92408410e437d944c6f84c322c51b4c519c875e245fd040321aff554efb89b847f93b18d9a22818f78b93e6165153b0229eb9c468ae20ecc566ae0538a662ae8cef98d31ab41832703e3d5931656d844aa1c5d3f75a16d9d9058694a9a0f7111af1f686484461ec06fb55b77c6d4038b7f994bf74c30566a7dcfd6d1a4177f867bfbc92a52a68bf8f598c914591be4092dd5a9b9f6d6481f4968d8a0ae7c14f51792ebc49b25cf3844aa5bb66d3ca69c094a8eab0a864c6a52619b50b8e103cb520b931cc299f2f4101dc785a362a81ff45077693de222ae6f053ea1e317c007eac7fc51bc77df4f6acde3b48d0c62da5f3d12d92f70454bf7677a3f859545ccf721054713c3e88d8cd9029f8abd9f4e4a18cd764ac4427be14b8abb01c1af28bfe91c0ee216792a1b8ea387bc045568ab452b222cd0780200c1db7ac9abb5f64073fcb54ad11b20afd168fae4b4efd44264a62ebba0832d74a4fa4b42453236a3aaa93b0e64548948b4003e08467bfb7100c75774b0a6031b93acff178e4122e316b526bb3c7f77221d1f38114f57e4fcaa4155d80532bc7444f0d24f3be3d8be9326ee2481cd65f9d15bc2de6d280b11f8268ceed4c8afa4cb4c732bdf2819d467b7e0b8aaede94751036be769a54e50ba2fcf76cde0e94179e04a12729f049111979236acef0cf1ea4b972106a3e73ccd073f31c8a20ebc91c03331d9f7f51a04d224776af35e61d0e85983d42066c70320be452e46ef50854456cfddf3b479473a04d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_nat={0x1e4, 0x0, 0x0, 0x0, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x83, 0xfffffffc, 0x6, 0x1, 0xe}, @remote, @private=0xa010101, 0xffffff00}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x4, 0x6, 0x5}, @private=0xa010101, @empty, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x2, 0x0, 0xffff, 0x1}, @multicast1, @loopback, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x101, 0x6, 0x0, 0x10001, 0x10001}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xa, 0x3f, 0xfffffffffffffffe, 0x9, 0x2}, @dev={0xac, 0x14, 0x14, 0x39}, @multicast2, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x0, 0x8, 0x1ff, 0xc6}, @multicast2, @private=0xa010100, 0xff000000, 0x1}}]}, {0xcc, 0x6, "640ba64bb31f21840f0a7c4cebdba48c0ff0b34a81123dab8a75b0d656e8e207a8b94a8979d3a88b0fb9aa52a5c6b6e34388e46e100e40b6801cea1342c4e3b0fd7f1d1e16b7900c0cbf1ff6a81a8625dce68471a3090863778c85643f6db4beccb8b8fbc87a8bf3b2b82eced7549cf4a500128f01025d4b609b19d59572b511db3a0a570772db0a5c1e58b841c98024a68f7896887989d1ca6c369191aefd5f03c821986b1392163e0ed521d6a587c8f09ac82e714d5f89e4eb67048c7d7f7fabdda507803a68b7"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ctinfo={0x58, 0x6, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x800}]}, {0x21, 0x6, "3085c594f66149675428cbc713c5bae28694b44a768796052992fade23"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_nat={0x294, 0xc, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x8001, 0x0, 0x20000000, 0x80000000, 0x400}, @multicast2, @broadcast, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x8, 0x20000000, 0x4, 0x5}, @multicast1, @local, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x2, 0x0, 0x7, 0x1000}, @remote, @loopback, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe, 0x0, 0x4, 0x9, 0xb}, @private=0xa010100, @remote, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x1, 0x0, 0x4, 0x7ff}, @broadcast, @loopback, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0xfffffffb, 0x0, 0x7ff, 0xf}, @dev={0xac, 0x14, 0x14, 0x14}, @broadcast, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xd2b, 0xffff, 0x3, 0x8}, @remote, @empty, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xf55, 0x7, 0x20000000, 0x7, 0x1ff}, @multicast2, @remote, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x7f, 0x8, 0x2, 0x4}, @private=0xa010102, @rand_addr=0x64010100, 0xff000000}}]}, {0x103, 0x6, "632f7aedfd14712b8bfe3e339ba6f1a105cd0e5d4e8c20b249083c77aa1ba68de3396a27135287a615c8730cc31c0edf2927b4e8d679f0373aa61c409f9273ff4bd0cc8b5677d14b65d0242be3ba9076c395d17c4cdd3c91d1b7aace2c3334932d4a30e634cb1d0052791047802f81db06440bddb14be602ea39ff1b6c8c5ae1baa8a67e595cfb0402c43ecba33723551adb2bb305ddcf0993d96c7dabc6dc4c08db83b094a7a7b05622652a35ce4572a42fcb092f5ea8efe1e6b97f65ee6ddbb7c6f5d48e087d5a00c071706c25da0204231db07ae1840b0c5d962994be7d31ba92c8caeb6a229c601a66591761e768095bd80c9e65e8423c0e53037b8486"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0x1680}, 0x1, 0x0, 0x0, 0x4004010}, 0x8000011)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000002100), r9) (async)
tee(r7, r7, 0x80, 0x6) (async)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000002180), r9) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002240)={0x1, 0x58, &(0x7f00000021c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r9, &(0x7f0000002300)={&(0x7f0000002140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000022c0)={&(0x7f0000002280)={0x40, r10, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5e}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x24, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r11}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008044}, 0x40080) (async)
unshare(0x40010400) (async)
r12 = accept$packet(r0, &(0x7f0000002340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000002380)=0x14)
listen(r12, 0x6)
sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f00000024c0)={&(0x7f00000023c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000002480)={&(0x7f0000002440)={0x38, r2, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_TX_POWER={0x8, 0xb, 0x800}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x38}, 0x1, 0x0, 0x0, 0xc0}, 0x400c0)

2.476398487s ago: executing program 3 (id=3654):
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x2f, 0xce, 0x7, 0x22, 0x1, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x7800, 0x9, 0x1}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x29, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', <r2=>0x0})
r3 = accept4(r1, &(0x7f0000000040)=@ethernet={0x0, @local}, &(0x7f0000000180)=0x80, 0x80000)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000300)={<r4=>0x0, 0x7f, "2759ce16db4dfcfc6be7f041b10425782333dd33ec167c65347ed78bcd795a0ac9be43ed1943a748f732107d9a692d1c267ad44f927dd851ed5cd952e9595a3bd4c8946a9287f72de64c0cd2fd105f4517e491eb5a5c5bb1673df8cd9b74525b44f3b90d56c1a231a04bf523144e013cc723ef29904fb33eacace94b6270c4"}, &(0x7f00000001c0)=0x87)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={r4, 0x9c, &(0x7f00000003c0)=[@in6={0xa, 0x4e21, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9c}, @in6={0xa, 0x4e21, 0x200, @loopback, 0x2}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e21, 0xff, @loopback, 0xb4de}, @in6={0xa, 0x4e21, 0xfffffffa, @mcast2, 0xb781}, @in6={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xffffffff}]}, &(0x7f00000004c0)=0x10)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32=r2, @ANYBLOB="08000b000000000008000200ac14143f080009"], 0x54}}, 0x0)
pipe(&(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r8, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
write(r6, &(0x7f0000000340), 0x11000)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

2.324942887s ago: executing program 2 (id=3656):
syz_emit_ethernet(0x7a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x14, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x27, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x5, 0x2}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0xf, 0x0, [@dev, @loopback, @loopback]}, @timestamp={0x44, 0x4, 0x56}]}}}}}}}, 0x0)

2.247410594s ago: executing program 2 (id=3658):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1, 0x0, 0x2}, 0x1c)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4010)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
sendmmsg(r1, &(0x7f0000002340)=[{{0x0, 0x41, 0x0}}], 0x3e8, 0x0)

2.18606506s ago: executing program 1 (id=3660):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xd0, r2, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
read$nci(r3, &(0x7f0000000280)=""/72, 0x48)
r4 = socket$inet(0x2, 0x800, 0x101)
getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, &(0x7f0000000380))
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r1)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000480)=<r7=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r6, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048005}, 0x4000)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x340, 0x0)
ioctl$TUNSETOFFLOAD(r8, 0x400454d0, 0x2)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000600)={0x1, 'bond_slave_1\x00', {}, 0x8})
r9 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r9, 0x89e1, &(0x7f0000000640)={r1})
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000006c0)={0x2, &(0x7f0000000680)=[{0x8001, 0xe, 0xf, 0x1}, {0x6ce, 0x4, 0x7, 0x5}]})
getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000700), &(0x7f0000000740)=0x8)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_START_POLL(r10, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x5c, r6, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x84}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x88}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x82}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x44}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x2}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x42}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xc}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000041)
nanosleep(&(0x7f00000008c0), &(0x7f0000000900))
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x50, 0x0, 0x8, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x884c}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8100}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000a80), &(0x7f0000000ac0)=0x8)

2.094029283s ago: executing program 4 (id=3661):
socket$netlink(0x10, 0x3, 0x4)
socket$inet(0x10, 0x800, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x24040000}, 0x20004000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000240)=0x10000, 0x12)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3c, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffff0000000000000011fc8e31588258bbb78ee286f8caa7437a31c30001244b19e37dde470f548a4a852fef9baa329256d23190a13ac0ba309e64a6ef97196b340a4b0a895df5f49edbdd2af3bca2a63dfd9d5268054454ba24f5a86f5f97e01625056148e314afd7a781aeb1e997dac859f9bf8e08d4d251c0b683d1120f5195b96d20f5cc4ecec484b1415df01eda2fdd93557ab6302ff3df7ee2d856a45ab6fb0cecc535abb8bc3e7485fb10bea9a9a9ecb9a6189723ce9f876cd16706d630"], &(0x7f0000000140)={0x0, 0x3, [0xd83, 0x4b4a, 0xd0d, 0x9f]})
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
pipe(&(0x7f0000002e40))
socket$packet(0x11, 0x2, 0x300)
r2 = socket(0x2, 0x80802, 0x0)
getsockopt$inet_opts(r2, 0x0, 0x13, &(0x7f0000000080)=""/3, &(0x7f0000000100)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x12, 0x8, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38}, 0x94)
pipe(&(0x7f00000001c0))
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="aeaa000000000000711013000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r3, @ANYRES64=0x0], 0x20)

2.011565704s ago: executing program 4 (id=3662):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond_slave_1\x00'})
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a325bd7000fddbdf25200f07074a264e22030000002f00000001ffffffc300000006000000000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f034708000000080003"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000)

1.896144449s ago: executing program 4 (id=3663):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007500000018010000646c6c25000000000e0020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x34, 0x6, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x40004)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xf}, {}, {0xfff2, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5c, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x10, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x202, 0x510, 0x3, 0x6}, {0x6783, 0x2, 0x8801, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_INDEV={0x14, 0x8, 'bridge0\x00'}]}}]}, 0x88}}, 0x24040084)
recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000540)=""/93, 0x42, 0x1, 0x0, 0xfffffffffffffe81)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000a0000004200000040000000c0000000", @ANYRES32=0x1, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007c0f3a7fe3c3066e75e58d06f7"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r5}, 0x38)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0)={0x6, 0x40, 0x1, 0x2, 0x754d, 0x6, 0x2, 0xf, r4}, 0x20)

1.746138744s ago: executing program 2 (id=3665):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x939e02dc105d5baa, 0x2}, {0xe}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r4, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000052c0)=""/232, 0xe8}, {&(0x7f0000003080)=""/4093, 0xffd}, {&(0x7f0000000540)=""/212, 0xd4}, {&(0x7f0000000180)=""/192, 0xc0}], 0x4}, 0x8}], 0x1, 0x0, 0x0)

1.590076752s ago: executing program 0 (id=3666):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007500000018010000646c6c25000000000e0020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x34, 0x6, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x40004)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xf}, {}, {0xfff2, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5c, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x10, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x202, 0x510, 0x3, 0x6}, {0x6783, 0x2, 0x8801, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_INDEV={0x14, 0x8, 'bridge0\x00'}]}}]}, 0x88}}, 0x24040084)
recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000540)=""/93, 0x42, 0x1, 0x0, 0xfffffffffffffe81)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0)={0x6, 0x40, 0x1, 0x2, 0x754d, 0x6, 0x2, 0xf, r4}, 0x20)

1.537046096s ago: executing program 3 (id=3667):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20008000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0)

1.460630841s ago: executing program 0 (id=3668):
syz_emit_ethernet(0x7a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x14, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x27, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x5, 0x2}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0xf, 0x0, [@dev, @loopback, @loopback]}, @timestamp={0x44, 0x4, 0x56}]}}}}}}}, 0x0)

1.441675801s ago: executing program 3 (id=3669):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34aa00001000020000000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="2000010000090000140012800b000100697036746e6c000004000280"], 0x34}}, 0x40)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket(0x28, 0x4, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCDELRT(r2, 0x890c, &(0x7f0000000540)={@default, @default, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='wg2\x00', 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x62040000)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000080041401002dbd7000fedbac25080001004a93d060c66852b9624f06b80100000008000000efffffff07800100"], 0x30}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x4000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x9)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r5, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
listen(0xffffffffffffffff, 0x0)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
unshare(0x64000600)

1.428818745s ago: executing program 0 (id=3670):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) (async)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x10000002}, 0x18)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r1, 0x0, 0x3, &(0x7f0000000840)=0x6, 0x4) (async)
sendto$inet(r1, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10) (async, rerun: 64)
r2 = socket$inet_sctp(0x2, 0x5, 0x84) (rerun: 64)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, 0x0) (async)
bpf$PROG_BIND_MAP(0x1c, 0x0, 0x0) (async, rerun: 32)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 32)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, 0x0, 0x0)
socket$kcm(0x2, 0x1000000000000002, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x24, 0x11, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x13}]}}}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x2040000}, 0x40) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=@getnexthop={0x18, 0x6a, 0x101, 0x70bd2d, 0x25dfdc00}, 0x18}, 0x1, 0x0, 0x0, 0x4000850}, 0x0)

1.230019306s ago: executing program 0 (id=3671):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240))
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b7000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x6}, 0x18)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000e80)=[{{&(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000440)=""/164, 0xa4}, {&(0x7f0000000540)=""/119, 0x77}, {&(0x7f00000005c0)=""/186, 0xba}, {&(0x7f0000000680)=""/149, 0x95}, {&(0x7f0000000740)=""/69, 0x45}, {&(0x7f0000000040)=""/7, 0x7}], 0x6}, 0x5}, {{&(0x7f0000000840)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}}}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000100)=""/20, 0x14}, {&(0x7f0000000300)=""/4, 0x4}], 0x2}, 0x8000}, {{&(0x7f0000000900)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000a00)=""/66, 0x42}], 0x1, &(0x7f0000000bc0)=""/192, 0xc0}, 0x2}, {{&(0x7f0000000a80)=@can, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000c80)=""/153, 0x99}, {&(0x7f0000000d40)=""/82, 0x52}], 0x2, &(0x7f0000000e00)=""/72, 0x48}, 0x9e}], 0x4, 0x10101, &(0x7f0000000f80)={0x77359400})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x10003, 0xfffffffffffffffd, 0x0, 0x0, 0x7d, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0xfffffffffffffffe, 0x9, 0x0, 0x0, 0x80000003}, 0x0, 0x0)
close(0x3)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

941.754116ms ago: executing program 4 (id=3672):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=0x0], 0x20)

860.94755ms ago: executing program 4 (id=3673):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0xc000)
socket$inet(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffff7948}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2805}, 0x0)

326.070708ms ago: executing program 0 (id=3674):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond_slave_1\x00'})
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a325bd7000fddbdf25200f07074a264e22030000002f00000001ffffffc300000006000000000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f034708000000080003"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000)

277.915432ms ago: executing program 0 (id=3675):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x62342, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x5, 0xfff3}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x11}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4)
socket$inet(0x2, 0x3, 0x2)
socket(0x1, 0x803, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008008000b703000000009c8c850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000000080)={0x0, 0x4, 0x5, 0x6, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x3b}, @loopback}, 0x10)
setsockopt$MRT_FLUSH(r7, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x43}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000b80)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0843b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

55.236602ms ago: executing program 1 (id=3676):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x23, 0xe, 0x0, &(0x7f0000000780)="e10ea784d395f5d2e39879420a85", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x1}, 0x50)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
write(r4, &(0x7f0000000240)="94", 0x1)
vmsplice(r6, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r3, r6, 0x8f5, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r7}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r8, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001700)={0x30, 0x0, 0xb, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_COMPAT_NAME={0xc, 0x1, 'NFQUEUE\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x24040800)

14.485164ms ago: executing program 2 (id=3677):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYRES8=0x0], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x3a, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="5aee41dea43e63a3f7fb7f110000", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
shutdown(r2, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xfffffffffffffe4f, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff80}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r3, 0x0, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x1000, 0x0, 0xd8, 0xa0, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee5233188", 0x0, 0x8000}, 0x50)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000140)=@req={0x0, 0x8, 0x7, 0x8000}, 0x10)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r6, 0x401054d5, &(0x7f00000000c0))
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r10, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
socket$inet(0x2, 0x5, 0x0)
write(r10, &(0x7f0000000580)="040000100dfe00", 0x7)

0s ago: executing program 4 (id=3678):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4b, 0xa, 0x81, 0x0, 0x9, 0x1, 0x5, 0x80, 0xff, 0x4, [0x3, 0x4, 0x4000e18, 0x972d, 0x3, 0x3fb, 0x6, 0x3]}}) (fail_nth: 6)

kernel console output (not intermixed with test programs):

tooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input7
[  370.274300][T13009] IPVS: stop unused estimator thread 0...
[  370.605110][T15063] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.629285][T15238] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3046'.
[  370.709181][T15063] 8021q: adding VLAN 0 to HW filter on device team0
[  370.727020][ T6218] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.734866][ T6218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.881943][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.889203][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.987306][T15249] FAULT_INJECTION: forcing a failure.
[  370.987306][T15249] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  371.029861][T15249] CPU: 0 UID: 0 PID: 15249 Comm: syz.1.3051 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  371.029889][T15249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.029905][T15249] Call Trace:
[  371.029913][T15249]  <TASK>
[  371.029921][T15249]  dump_stack_lvl+0x189/0x250
[  371.029949][T15249]  ? __pfx____ratelimit+0x10/0x10
[  371.029977][T15249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.029999][T15249]  ? __pfx__printk+0x10/0x10
[  371.030024][T15249]  ? __might_fault+0xb0/0x130
[  371.030062][T15249]  should_fail_ex+0x414/0x560
[  371.030087][T15249]  _copy_from_user+0x2d/0xb0
[  371.030113][T15249]  do_sock_getsockopt+0x17d/0x450
[  371.030137][T15249]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  371.030167][T15249]  ? do_syscall_64+0x40/0x3b0
[  371.030195][T15249]  ? ksys_write+0x1e1/0x250
[  371.030224][T15249]  __x64_sys_getsockopt+0x1a5/0x250
[  371.030242][T15249]  ? do_syscall_64+0x40/0x3b0
[  371.030269][T15249]  ? do_syscall_64+0x40/0x3b0
[  371.030303][T15249]  do_syscall_64+0xfa/0x3b0
[  371.030327][T15249]  ? lockdep_hardirqs_on+0x9c/0x150
[  371.030351][T15249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.030368][T15249]  ? clear_bhb_loop+0x60/0xb0
[  371.030389][T15249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.030410][T15249] RIP: 0033:0x7fcb97f8e929
[  371.030425][T15249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.030441][T15249] RSP: 002b:00007fcb98e55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  371.030459][T15249] RAX: ffffffffffffffda RBX: 00007fcb981b5fa0 RCX: 00007fcb97f8e929
[  371.030472][T15249] RDX: 000000000000001d RSI: 000000000000011c RDI: 0000000000000003
[  371.030482][T15249] RBP: 00007fcb98e55090 R08: 0000000000000000 R09: 0000000000000000
[  371.030493][T15249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.030503][T15249] R13: 0000000000000000 R14: 00007fcb981b5fa0 R15: 00007ffc62587838
[  371.030532][T15249]  </TASK>
[  371.646330][T15063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.728409][T15063] veth0_vlan: entered promiscuous mode
[  371.746650][T15063] veth1_vlan: entered promiscuous mode
[  371.817366][T15063] veth0_macvtap: entered promiscuous mode
[  371.838577][T15063] veth1_macvtap: entered promiscuous mode
[  371.901166][T15279] syzkaller0: entered promiscuous mode
[  371.907163][T15279] syzkaller0: entered allmulticast mode
[  371.913840][T15281] FAULT_INJECTION: forcing a failure.
[  371.913840][T15281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  371.921927][T15063] batman_adv: batadv0: Interface activated: batadv_slave_0
[  371.935327][T15281] CPU: 1 UID: 0 PID: 15281 Comm: syz.2.3061 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  371.935365][T15281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.935382][T15281] Call Trace:
[  371.935393][T15281]  <TASK>
[  371.935404][T15281]  dump_stack_lvl+0x189/0x250
[  371.935429][T15281]  ? __pfx____ratelimit+0x10/0x10
[  371.935462][T15281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.935484][T15281]  ? __pfx__printk+0x10/0x10
[  371.935522][T15281]  should_fail_ex+0x414/0x560
[  371.935546][T15281]  _copy_to_user+0x31/0xb0
[  371.935574][T15281]  simple_read_from_buffer+0xe1/0x170
[  371.935606][T15281]  proc_fail_nth_read+0x1df/0x250
[  371.935628][T15281]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  371.935650][T15281]  ? rw_verify_area+0x258/0x650
[  371.935674][T15281]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  371.935694][T15281]  vfs_read+0x1fd/0x980
[  371.935724][T15281]  ? __pfx___mutex_lock+0x10/0x10
[  371.935752][T15281]  ? __pfx_vfs_read+0x10/0x10
[  371.935778][T15281]  ? __fget_files+0x2a/0x420
[  371.935800][T15281]  ? __fget_files+0x3a0/0x420
[  371.935815][T15281]  ? __fget_files+0x2a/0x420
[  371.935842][T15281]  ksys_read+0x145/0x250
[  371.935869][T15281]  ? __pfx_ksys_read+0x10/0x10
[  371.935890][T15281]  ? rcu_is_watching+0x15/0xb0
[  371.935918][T15281]  ? do_syscall_64+0xbe/0x3b0
[  371.935956][T15281]  do_syscall_64+0xfa/0x3b0
[  371.935982][T15281]  ? lockdep_hardirqs_on+0x9c/0x150
[  371.936007][T15281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.936025][T15281]  ? clear_bhb_loop+0x60/0xb0
[  371.936049][T15281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.936066][T15281] RIP: 0033:0x7f35b098d33c
[  371.936083][T15281] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  371.936100][T15281] RSP: 002b:00007f35b18d1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  371.936119][T15281] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098d33c
[  371.936133][T15281] RDX: 000000000000000f RSI: 00007f35b18d10a0 RDI: 000000000000001b
[  371.936145][T15281] RBP: 00007f35b18d1090 R08: 0000000000000000 R09: 0000000000000000
[  371.936157][T15281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.936169][T15281] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  371.936199][T15281]  </TASK>
[  372.192859][ T5850] Bluetooth: hci3: command tx timeout
[  372.481930][T15290] netlink: 232 bytes leftover after parsing attributes in process `syz.1.3063'.
[  372.504907][ T9255] IPVS: starting estimator thread 0...
[  372.558704][T15293] FAULT_INJECTION: forcing a failure.
[  372.558704][T15293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.574325][T15293] CPU: 1 UID: 0 PID: 15293 Comm: syz.1.3064 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  372.574351][T15293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.574362][T15293] Call Trace:
[  372.574369][T15293]  <TASK>
[  372.574377][T15293]  dump_stack_lvl+0x189/0x250
[  372.574404][T15293]  ? __pfx____ratelimit+0x10/0x10
[  372.574430][T15293]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.574453][T15293]  ? __pfx__printk+0x10/0x10
[  372.574477][T15293]  ? __might_fault+0xb0/0x130
[  372.574513][T15293]  should_fail_ex+0x414/0x560
[  372.574537][T15293]  _copy_from_iter+0x1db/0x16f0
[  372.574564][T15293]  ? rcu_is_watching+0x15/0xb0
[  372.574587][T15293]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  372.574614][T15293]  ? __pfx__copy_from_iter+0x10/0x10
[  372.574638][T15293]  ? __build_skb_around+0x257/0x3e0
[  372.574661][T15293]  ? netlink_sendmsg+0x642/0xb30
[  372.574676][T15293]  ? skb_put+0x11b/0x210
[  372.574699][T15293]  netlink_sendmsg+0x6b2/0xb30
[  372.574726][T15293]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.574746][T15293]  ? aa_sock_msg_perm+0x94/0x160
[  372.574767][T15293]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  372.574786][T15293]  ? __pfx_netlink_sendmsg+0x10/0x10
[  372.574804][T15293]  __sock_sendmsg+0x21c/0x270
[  372.574834][T15293]  ____sys_sendmsg+0x505/0x830
[  372.574861][T15293]  ? __pfx_____sys_sendmsg+0x10/0x10
[  372.574891][T15293]  ? import_iovec+0x74/0xa0
[  372.574921][T15293]  ___sys_sendmsg+0x21f/0x2a0
[  372.574944][T15293]  ? __pfx____sys_sendmsg+0x10/0x10
[  372.575003][T15293]  ? __fget_files+0x2a/0x420
[  372.575018][T15293]  ? __fget_files+0x3a0/0x420
[  372.575045][T15293]  __x64_sys_sendmsg+0x19b/0x260
[  372.575069][T15293]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  372.575100][T15293]  ? __pfx_ksys_write+0x10/0x10
[  372.575122][T15293]  ? rcu_is_watching+0x15/0xb0
[  372.575148][T15293]  ? do_syscall_64+0xbe/0x3b0
[  372.575189][T15293]  do_syscall_64+0xfa/0x3b0
[  372.575214][T15293]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.575239][T15293]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.575256][T15293]  ? clear_bhb_loop+0x60/0xb0
[  372.575278][T15293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.575295][T15293] RIP: 0033:0x7fcb97f8e929
[  372.575312][T15293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.575332][T15293] RSP: 002b:00007fcb98e55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.575352][T15293] RAX: ffffffffffffffda RBX: 00007fcb981b5fa0 RCX: 00007fcb97f8e929
[  372.575365][T15293] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  372.575377][T15293] RBP: 00007fcb98e55090 R08: 0000000000000000 R09: 0000000000000000
[  372.575388][T15293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.575399][T15293] R13: 0000000000000000 R14: 00007fcb981b5fa0 R15: 00007ffc62587838
[  372.575440][T15293]  </TASK>
[  372.630388][T15291] IPVS: using max 28 ests per chain, 67200 per kthread
[  372.685384][T15295] netlink: 388 bytes leftover after parsing attributes in process `syz.1.3065'.
[  373.298830][T15304] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.3068'.
[  373.316473][T15304] netlink: 'syz.4.3068': attribute type 3 has an invalid length.
[  373.810860][T15063] batman_adv: batadv0: Interface activated: batadv_slave_1
[  373.833466][   T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.883243][T15306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3069'.
[  373.893283][   T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.916705][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.967957][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.148443][T15317] Bluetooth: MGMT ver 1.23
[  374.201107][T15318] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3074'.
[  374.229454][T15317] netlink: 'syz.0.3072': attribute type 1 has an invalid length.
[  374.238192][T15317] netlink: 'syz.0.3072': attribute type 3 has an invalid length.
[  374.246447][T15317] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3072'.
[  374.298504][ T1040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.314202][ T1040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.343750][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.352887][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.513703][T15324] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3075'.
[  374.839410][T15332] FAULT_INJECTION: forcing a failure.
[  374.839410][T15332] name failslab, interval 1, probability 0, space 0, times 0
[  374.852328][T15332] CPU: 0 UID: 0 PID: 15332 Comm: syz.3.3078 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  374.852371][T15332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  374.852383][T15332] Call Trace:
[  374.852391][T15332]  <TASK>
[  374.852399][T15332]  dump_stack_lvl+0x189/0x250
[  374.852427][T15332]  ? __pfx____ratelimit+0x10/0x10
[  374.852454][T15332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  374.852478][T15332]  ? __pfx__printk+0x10/0x10
[  374.852517][T15332]  should_fail_ex+0x414/0x560
[  374.852542][T15332]  should_failslab+0xa8/0x100
[  374.852572][T15332]  kmem_cache_alloc_noprof+0x73/0x3c0
[  374.852618][T15332]  ? __nf_conntrack_alloc+0x99/0x380
[  374.852646][T15332]  __nf_conntrack_alloc+0x99/0x380
[  374.852676][T15332]  init_conntrack+0x155/0xef0
[  374.852707][T15332]  ? __pfx_init_conntrack+0x10/0x10
[  374.852744][T15332]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  374.852768][T15332]  ? __siphash_unaligned+0x232/0x3b0
[  374.852806][T15332]  nf_conntrack_in+0xbb7/0x15c0
[  374.852855][T15332]  ? __pfx_nf_conntrack_in+0x10/0x10
[  374.852883][T15332]  ? ip6t_do_table+0x1db/0x1560
[  374.852906][T15332]  ? __pfx_ip6t_do_table+0x10/0x10
[  374.852933][T15332]  ? NF_HOOK+0x9a/0x3a0
[  374.852957][T15332]  ? ipv6_defrag+0x2d6/0x3b0
[  374.852979][T15332]  ? __pfx_ipv6_conntrack_in+0x10/0x10
[  374.853001][T15332]  nf_hook_slow+0xc5/0x220
[  374.853038][T15332]  NF_HOOK+0x206/0x3a0
[  374.853057][T15332]  ? skb_orphan+0x4c/0xd0
[  374.853080][T15332]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  374.853100][T15332]  ? NF_HOOK+0x9a/0x3a0
[  374.853119][T15332]  ? __pfx_NF_HOOK+0x10/0x10
[  374.853143][T15332]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  374.853176][T15332]  __netif_receive_skb+0xd3/0x380
[  374.853212][T15332]  ? netif_receive_skb+0x115/0x790
[  374.853240][T15332]  netif_receive_skb+0x1cb/0x790
[  374.853262][T15332]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  374.853281][T15332]  ? __pfx_netif_receive_skb+0x10/0x10
[  374.853309][T15332]  ? tun_rx_batched+0x160/0x730
[  374.853333][T15332]  tun_rx_batched+0x1b9/0x730
[  374.853355][T15332]  ? __lock_acquire+0xab9/0xd20
[  374.853375][T15332]  ? __pfx_tun_rx_batched+0x10/0x10
[  374.853401][T15332]  ? tun_get_user+0x266c/0x3e20
[  374.853435][T15332]  tun_get_user+0x2aa2/0x3e20
[  374.853463][T15332]  ? tun_get_user+0x6f6/0x3e20
[  374.853486][T15332]  ? tun_get_user+0x266c/0x3e20
[  374.853514][T15332]  ? __pfx_tun_get_user+0x10/0x10
[  374.853537][T15332]  ? aa_file_perm+0x11f/0xed0
[  374.853555][T15332]  ? aa_file_perm+0x3e7/0xed0
[  374.853584][T15332]  ? ref_tracker_alloc+0x318/0x460
[  374.853600][T15332]  ? __lock_acquire+0xab9/0xd20
[  374.853629][T15332]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  374.853650][T15332]  ? tun_get+0x1c/0x2f0
[  374.853694][T15332]  ? tun_get+0x1c/0x2f0
[  374.853714][T15332]  ? tun_get+0x1c/0x2f0
[  374.853745][T15332]  tun_chr_write_iter+0x113/0x200
[  374.853769][T15332]  vfs_write+0x54b/0xa90
[  374.853796][T15332]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  374.853818][T15332]  ? __pfx_vfs_write+0x10/0x10
[  374.853848][T15332]  ? __fget_files+0x2a/0x420
[  374.853871][T15332]  ksys_write+0x145/0x250
[  374.853894][T15332]  ? __pfx_ksys_write+0x10/0x10
[  374.853913][T15332]  ? rcu_is_watching+0x15/0xb0
[  374.853948][T15332]  ? do_syscall_64+0xbe/0x3b0
[  374.853974][T15332]  do_syscall_64+0xfa/0x3b0
[  374.853995][T15332]  ? lockdep_hardirqs_on+0x9c/0x150
[  374.854016][T15332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.854031][T15332]  ? clear_bhb_loop+0x60/0xb0
[  374.854049][T15332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.854063][T15332] RIP: 0033:0x7f215798d3df
[  374.854095][T15332] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  374.854110][T15332] RSP: 002b:00007f215877a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  374.854126][T15332] RAX: ffffffffffffffda RBX: 00007f2157bb6080 RCX: 00007f215798d3df
[  374.854138][T15332] RDX: 000000000000004e RSI: 0000200000000000 RDI: 00000000000000c8
[  374.854148][T15332] RBP: 00007f215877a090 R08: 0000000000000000 R09: 0000000000000000
[  374.854157][T15332] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  374.854167][T15332] R13: 0000000000000001 R14: 00007f2157bb6080 R15: 00007ffffd6ae3a8
[  374.854193][T15332]  </TASK>
[  375.568430][T15343] FAULT_INJECTION: forcing a failure.
[  375.568430][T15343] name failslab, interval 1, probability 0, space 0, times 0
[  375.587022][T15343] CPU: 1 UID: 0 PID: 15343 Comm: syz.3.3083 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  375.587047][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.587058][T15343] Call Trace:
[  375.587065][T15343]  <TASK>
[  375.587073][T15343]  dump_stack_lvl+0x189/0x250
[  375.587098][T15343]  ? __pfx____ratelimit+0x10/0x10
[  375.587124][T15343]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.587146][T15343]  ? __pfx__printk+0x10/0x10
[  375.587175][T15343]  ? __pfx___might_resched+0x10/0x10
[  375.587201][T15343]  should_fail_ex+0x414/0x560
[  375.587224][T15343]  should_failslab+0xa8/0x100
[  375.587252][T15343]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  375.587277][T15343]  ? __alloc_skb+0x112/0x2d0
[  375.587299][T15343]  __alloc_skb+0x112/0x2d0
[  375.587320][T15343]  netlink_sendmsg+0x5c6/0xb30
[  375.587346][T15343]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.587366][T15343]  ? aa_sock_msg_perm+0x94/0x160
[  375.587386][T15343]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  375.587405][T15343]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.587422][T15343]  __sock_sendmsg+0x21c/0x270
[  375.587449][T15343]  ____sys_sendmsg+0x505/0x830
[  375.587475][T15343]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.587504][T15343]  ? import_iovec+0x74/0xa0
[  375.587531][T15343]  ___sys_sendmsg+0x21f/0x2a0
[  375.587554][T15343]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.587610][T15343]  ? __fget_files+0x2a/0x420
[  375.587625][T15343]  ? __fget_files+0x3a0/0x420
[  375.587651][T15343]  __x64_sys_sendmsg+0x19b/0x260
[  375.587674][T15343]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  375.587703][T15343]  ? __pfx_ksys_write+0x10/0x10
[  375.587741][T15343]  ? rcu_is_watching+0x15/0xb0
[  375.587769][T15343]  ? do_syscall_64+0xbe/0x3b0
[  375.587801][T15343]  do_syscall_64+0xfa/0x3b0
[  375.587827][T15343]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.587852][T15343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.587870][T15343]  ? clear_bhb_loop+0x60/0xb0
[  375.587893][T15343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.587911][T15343] RIP: 0033:0x7f215798e929
[  375.587934][T15343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.587956][T15343] RSP: 002b:00007f215879b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  375.587976][T15343] RAX: ffffffffffffffda RBX: 00007f2157bb5fa0 RCX: 00007f215798e929
[  375.587990][T15343] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  375.588002][T15343] RBP: 00007f215879b090 R08: 0000000000000000 R09: 0000000000000000
[  375.588019][T15343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.588030][T15343] R13: 0000000000000000 R14: 00007f2157bb5fa0 R15: 00007ffffd6ae3a8
[  375.588062][T15343]  </TASK>
[  376.034100][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  376.047655][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  376.057994][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  376.067559][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  376.077433][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  376.239539][T15361] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3086'.
[  376.496013][T15362] tipc: New replicast peer: 255.255.255.255
[  376.510895][T15362] tipc: Enabled bearer <udp:syz2>, priority 10
[  376.637841][T15363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3082'.
[  377.076759][T15350] chnl_net:caif_netlink_parms(): no params data found
[  377.161267][T15380] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3090'.
[  377.451794][T15399] netlink: 'syz.0.3097': attribute type 10 has an invalid length.
[  377.512076][T15400] netlink: 'syz.0.3097': attribute type 10 has an invalid length.
[  378.190529][ T5853] Bluetooth: hci2: command tx timeout
[  378.309279][ T1040] bond0 (unregistering): Released all slaves
[  378.324643][ T1040] bond1 (unregistering): Released all slaves
[  378.343803][T15399] team0: Port device dummy0 added
[  378.412682][T15400] team0: Port device dummy0 removed
[  378.434750][T15400] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  378.483583][T15350] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.493891][T15350] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.501791][T15350] bridge_slave_0: entered allmulticast mode
[  378.509507][T15350] bridge_slave_0: entered promiscuous mode
[  378.559321][ T1040] tipc: Left network mode
[  378.564575][T15350] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.579306][T15350] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.618813][T15350] bridge_slave_1: entered allmulticast mode
[  378.640567][T15350] bridge_slave_1: entered promiscuous mode
[  378.689220][T15411] can: request_module (can-proto-0) failed.
[  378.765578][T15416] bridge0: port 3(gretap0) entered blocking state
[  378.778770][T15416] bridge0: port 3(gretap0) entered disabled state
[  378.786601][T15416] gretap0: entered allmulticast mode
[  378.796667][T15416] gretap0: entered promiscuous mode
[  378.804899][T15416] bridge0: port 3(gretap0) entered blocking state
[  378.811472][T15416] bridge0: port 3(gretap0) entered forwarding state
[  378.845794][T15350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  378.863705][T15422] __nla_validate_parse: 3 callbacks suppressed
[  378.863721][T15422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3104'.
[  378.888474][T15350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  378.928002][T15422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3104'.
[  378.943848][T15424] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8
[  379.080956][T15350] team0: Port device team_slave_0 added
[  379.096616][T15350] team0: Port device team_slave_1 added
[  379.174992][T15435] netlink: 'syz.4.3108': attribute type 10 has an invalid length.
[  379.226778][T15436] netlink: 'syz.4.3108': attribute type 10 has an invalid length.
[  379.228054][T15435] team0: Port device dummy0 added
[  379.261853][T15440] netlink: 388 bytes leftover after parsing attributes in process `syz.0.3111'.
[  379.287025][T15350] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.307480][T15350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.356092][T15350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.380370][T15436] team0: Port device dummy0 removed
[  379.437574][T15350] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.454897][T15350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.516848][T15350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  379.653189][T15460] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input9
[  379.724882][T15449] syzkaller0: entered promiscuous mode
[  379.730496][T15449] syzkaller0: entered allmulticast mode
[  379.974811][T15473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3121'.
[  379.990800][T15473] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3121'.
[  380.007799][T15473] netlink: 38 bytes leftover after parsing attributes in process `syz.3.3121'.
[  380.272808][ T5853] Bluetooth: hci2: command tx timeout
[  381.236766][T15350] hsr_slave_0: entered promiscuous mode
[  381.262185][T15350] hsr_slave_1: entered promiscuous mode
[  381.289924][T15350] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  381.310379][T15350] Cannot create hsr debugfs directory
[  381.347327][T15478] netlink: 380 bytes leftover after parsing attributes in process `syz.3.3123'.
[  381.411242][T15482] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3126'.
[  381.421568][T15482] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3126'.
[  381.531513][T15488] sctp: [Deprecated]: syz.3.3127 (pid 15488) Use of struct sctp_assoc_value in delayed_ack socket option.
[  381.531513][T15488] Use struct sctp_sack_info instead
[  381.811563][ T1040] hsr_slave_0: left promiscuous mode
[  381.837545][ T1040] hsr_slave_1: left promiscuous mode
[  382.066676][ T1040] pimreg3 (unregistering): left allmulticast mode
[  382.199949][T15518] netlink: 380 bytes leftover after parsing attributes in process `syz.3.3136'.
[  382.350021][ T5853] Bluetooth: hci2: command tx timeout
[  383.633270][T15536] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  383.820521][T15350] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  383.883612][T15350] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  383.917553][T15350] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  383.948893][T15350] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  383.985738][T15564] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  384.055916][T15567] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  384.085368][T15567] syzkaller0: entered promiscuous mode
[  384.091607][T15567] syzkaller0: entered allmulticast mode
[  384.098791][T15571] FAULT_INJECTION: forcing a failure.
[  384.098791][T15571] name failslab, interval 1, probability 0, space 0, times 0
[  384.118047][T15567] tipc: Resetting bearer <eth:syzkaller0>
[  384.122800][T15571] CPU: 0 UID: 0 PID: 15571 Comm: syz.2.3154 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  384.122830][T15571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  384.122844][T15571] Call Trace:
[  384.122853][T15571]  <TASK>
[  384.122864][T15571]  dump_stack_lvl+0x189/0x250
[  384.122897][T15571]  ? __pfx____ratelimit+0x10/0x10
[  384.122927][T15571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  384.122954][T15571]  ? __pfx__printk+0x10/0x10
[  384.122989][T15571]  ? __pfx___might_resched+0x10/0x10
[  384.123030][T15571]  should_fail_ex+0x414/0x560
[  384.123057][T15571]  should_failslab+0xa8/0x100
[  384.123092][T15571]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  384.123123][T15571]  ? __alloc_skb+0x112/0x2d0
[  384.123149][T15571]  __alloc_skb+0x112/0x2d0
[  384.123175][T15571]  netlink_sendmsg+0x5c6/0xb30
[  384.123208][T15571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  384.123232][T15571]  ? aa_sock_msg_perm+0x94/0x160
[  384.123258][T15571]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  384.123279][T15571]  ? __pfx_netlink_sendmsg+0x10/0x10
[  384.123302][T15571]  __sock_sendmsg+0x21c/0x270
[  384.123336][T15571]  ____sys_sendmsg+0x505/0x830
[  384.123367][T15571]  ? __pfx_____sys_sendmsg+0x10/0x10
[  384.123402][T15571]  ? import_iovec+0x74/0xa0
[  384.123436][T15571]  ___sys_sendmsg+0x21f/0x2a0
[  384.123464][T15571]  ? __pfx____sys_sendmsg+0x10/0x10
[  384.123531][T15571]  ? __fget_files+0x2a/0x420
[  384.123549][T15571]  ? __fget_files+0x3a0/0x420
[  384.123580][T15571]  __x64_sys_sendmsg+0x19b/0x260
[  384.123608][T15571]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  384.123645][T15571]  ? __pfx_ksys_write+0x10/0x10
[  384.123671][T15571]  ? rcu_is_watching+0x15/0xb0
[  384.123703][T15571]  ? do_syscall_64+0xbe/0x3b0
[  384.123738][T15571]  do_syscall_64+0xfa/0x3b0
[  384.123768][T15571]  ? lockdep_hardirqs_on+0x9c/0x150
[  384.123794][T15571]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.123813][T15571]  ? clear_bhb_loop+0x60/0xb0
[  384.123836][T15571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.123855][T15571] RIP: 0033:0x7f35b098e929
[  384.123872][T15571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.123890][T15571] RSP: 002b:00007f35b18d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  384.123910][T15571] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098e929
[  384.123925][T15571] RDX: 0000000020000014 RSI: 00002000000001c0 RDI: 0000000000000003
[  384.123938][T15571] RBP: 00007f35b18d1090 R08: 0000000000000000 R09: 0000000000000000
[  384.123950][T15571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.123962][T15571] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  384.123995][T15571]  </TASK>
[  384.434057][ T5853] Bluetooth: hci2: command tx timeout
[  384.445074][T15350] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.460995][T15575] FAULT_INJECTION: forcing a failure.
[  384.460995][T15575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.474628][T15575] CPU: 0 UID: 0 PID: 15575 Comm: syz.2.3155 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  384.474657][T15575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  384.474671][T15575] Call Trace:
[  384.474681][T15575]  <TASK>
[  384.474690][T15575]  dump_stack_lvl+0x189/0x250
[  384.474721][T15575]  ? __pfx____ratelimit+0x10/0x10
[  384.474752][T15575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  384.474778][T15575]  ? __pfx__printk+0x10/0x10
[  384.474821][T15575]  should_fail_ex+0x414/0x560
[  384.474850][T15575]  _copy_to_user+0x31/0xb0
[  384.474882][T15575]  simple_read_from_buffer+0xe1/0x170
[  384.474919][T15575]  proc_fail_nth_read+0x1df/0x250
[  384.474945][T15575]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  384.474971][T15575]  ? rw_verify_area+0x258/0x650
[  384.475005][T15575]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  384.475029][T15575]  vfs_read+0x1fd/0x980
[  384.475075][T15575]  ? __pfx___mutex_lock+0x10/0x10
[  384.475106][T15575]  ? __pfx_vfs_read+0x10/0x10
[  384.475135][T15575]  ? __fget_files+0x2a/0x420
[  384.475159][T15575]  ? __fget_files+0x3a0/0x420
[  384.475177][T15575]  ? __fget_files+0x2a/0x420
[  384.475206][T15575]  ksys_read+0x145/0x250
[  384.475237][T15575]  ? __pfx_ksys_read+0x10/0x10
[  384.475261][T15575]  ? rcu_is_watching+0x15/0xb0
[  384.475293][T15575]  ? do_syscall_64+0xbe/0x3b0
[  384.475327][T15575]  do_syscall_64+0xfa/0x3b0
[  384.475356][T15575]  ? lockdep_hardirqs_on+0x9c/0x150
[  384.475385][T15575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.475406][T15575]  ? clear_bhb_loop+0x60/0xb0
[  384.475432][T15575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.475452][T15575] RIP: 0033:0x7f35b098d33c
[  384.475471][T15575] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  384.475489][T15575] RSP: 002b:00007f35b18d1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  384.475512][T15575] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098d33c
[  384.475528][T15575] RDX: 000000000000000f RSI: 00007f35b18d10a0 RDI: 0000000000000003
[  384.475542][T15575] RBP: 00007f35b18d1090 R08: 0000000000000000 R09: 0000000000000000
[  384.475556][T15575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.475569][T15575] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  384.475604][T15575]  </TASK>
[  384.722548][T15350] 8021q: adding VLAN 0 to HW filter on device team0
[  384.795734][T15567] tipc: Resetting bearer <eth:syzkaller0>
[  384.834802][T15567] tipc: Disabling bearer <eth:syzkaller0>
[  384.877369][T15582] __nla_validate_parse: 4 callbacks suppressed
[  384.877386][T15582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3158'.
[  384.938228][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.945424][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.956002][T15582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3158'.
[  384.970497][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.977821][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.997696][T15580] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3157'.
[  385.003222][T15589] netlink: 388 bytes leftover after parsing attributes in process `syz.4.3160'.
[  385.025034][T15582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3158'.
[  385.188998][T15597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3163'.
[  385.203582][T15597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3163'.
[  385.227695][T15597] netlink: 'syz.3.3163': attribute type 6 has an invalid length.
[  385.294439][T15600] 8021q: VLANs not supported on wg0
[  385.347429][T15607] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input10
[  385.458344][T15612] FAULT_INJECTION: forcing a failure.
[  385.458344][T15612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.494710][T15612] CPU: 0 UID: 0 PID: 15612 Comm: syz.3.3168 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  385.494738][T15612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  385.494750][T15612] Call Trace:
[  385.494758][T15612]  <TASK>
[  385.494767][T15612]  dump_stack_lvl+0x189/0x250
[  385.494795][T15612]  ? __pfx____ratelimit+0x10/0x10
[  385.494827][T15612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.494850][T15612]  ? __pfx__printk+0x10/0x10
[  385.494877][T15612]  ? __might_fault+0xb0/0x130
[  385.494915][T15612]  should_fail_ex+0x414/0x560
[  385.494948][T15612]  _copy_from_iter+0x1db/0x16f0
[  385.494977][T15612]  ? rcu_is_watching+0x15/0xb0
[  385.495002][T15612]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  385.495030][T15612]  ? __pfx__copy_from_iter+0x10/0x10
[  385.495055][T15612]  ? __build_skb_around+0x257/0x3e0
[  385.495079][T15612]  ? netlink_sendmsg+0x642/0xb30
[  385.495096][T15612]  ? skb_put+0x11b/0x210
[  385.495120][T15612]  netlink_sendmsg+0x6b2/0xb30
[  385.495149][T15612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.495172][T15612]  ? aa_sock_msg_perm+0x94/0x160
[  385.495213][T15612]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  385.495235][T15612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.495256][T15612]  __sock_sendmsg+0x21c/0x270
[  385.495288][T15612]  ____sys_sendmsg+0x505/0x830
[  385.495327][T15612]  ? __pfx_____sys_sendmsg+0x10/0x10
[  385.495359][T15612]  ? import_iovec+0x74/0xa0
[  385.495389][T15612]  ___sys_sendmsg+0x21f/0x2a0
[  385.495414][T15612]  ? __pfx____sys_sendmsg+0x10/0x10
[  385.495474][T15612]  ? __fget_files+0x2a/0x420
[  385.495490][T15612]  ? __fget_files+0x3a0/0x420
[  385.495519][T15612]  __x64_sys_sendmsg+0x19b/0x260
[  385.495544][T15612]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  385.495577][T15612]  ? __pfx_ksys_write+0x10/0x10
[  385.495600][T15612]  ? rcu_is_watching+0x15/0xb0
[  385.495628][T15612]  ? do_syscall_64+0xbe/0x3b0
[  385.495661][T15612]  do_syscall_64+0xfa/0x3b0
[  385.495686][T15612]  ? lockdep_hardirqs_on+0x9c/0x150
[  385.495712][T15612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.495731][T15612]  ? clear_bhb_loop+0x60/0xb0
[  385.495756][T15612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.495774][T15612] RIP: 0033:0x7f215798e929
[  385.495791][T15612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.495808][T15612] RSP: 002b:00007f215879b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  385.495829][T15612] RAX: ffffffffffffffda RBX: 00007f2157bb5fa0 RCX: 00007f215798e929
[  385.495844][T15612] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  385.495856][T15612] RBP: 00007f215879b090 R08: 0000000000000000 R09: 0000000000000000
[  385.495869][T15612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.495881][T15612] R13: 0000000000000000 R14: 00007f2157bb5fa0 R15: 00007ffffd6ae3a8
[  385.495911][T15612]  </TASK>
[  385.498214][T15350] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.981525][T15350] veth0_vlan: entered promiscuous mode
[  386.107919][T15350] veth1_vlan: entered promiscuous mode
[  386.197275][T15350] veth0_macvtap: entered promiscuous mode
[  386.214382][T15350] veth1_macvtap: entered promiscuous mode
[  386.229098][T15634] FAULT_INJECTION: forcing a failure.
[  386.229098][T15634] name failslab, interval 1, probability 0, space 0, times 0
[  386.258621][T15634] CPU: 0 UID: 0 PID: 15634 Comm: syz.2.3175 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  386.258648][T15634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.258660][T15634] Call Trace:
[  386.258669][T15634]  <TASK>
[  386.258678][T15634]  dump_stack_lvl+0x189/0x250
[  386.258706][T15634]  ? __pfx____ratelimit+0x10/0x10
[  386.258734][T15634]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.258758][T15634]  ? __pfx__printk+0x10/0x10
[  386.258787][T15634]  ? __pfx___might_resched+0x10/0x10
[  386.258810][T15634]  ? fs_reclaim_acquire+0x7d/0x100
[  386.258835][T15634]  should_fail_ex+0x414/0x560
[  386.258861][T15634]  should_failslab+0xa8/0x100
[  386.258892][T15634]  __kmalloc_noprof+0xcb/0x4f0
[  386.258917][T15634]  ? ethnl_default_start+0x16f/0x3f0
[  386.258953][T15634]  ethnl_default_start+0x16f/0x3f0
[  386.258979][T15634]  genl_start+0x4c0/0x6c0
[  386.259009][T15634]  __netlink_dump_start+0x469/0x7e0
[  386.259044][T15634]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  386.259071][T15634]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  386.259091][T15634]  ? genl_get_cmd+0x67f/0x910
[  386.259124][T15634]  ? __pfx_genl_start+0x10/0x10
[  386.259142][T15634]  ? __pfx_genl_dumpit+0x10/0x10
[  386.259161][T15634]  ? __pfx_genl_done+0x10/0x10
[  386.259198][T15634]  genl_rcv_msg+0x5da/0x790
[  386.259227][T15634]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.259247][T15634]  ? __pfx_ethnl_default_start+0x10/0x10
[  386.259263][T15634]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  386.259280][T15634]  ? __pfx_ethnl_default_done+0x10/0x10
[  386.259313][T15634]  netlink_rcv_skb+0x208/0x470
[  386.259341][T15634]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.259364][T15634]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  386.259410][T15634]  ? down_read+0x1ad/0x2e0
[  386.259430][T15634]  genl_rcv+0x28/0x40
[  386.259449][T15634]  netlink_unicast+0x759/0x8e0
[  386.259486][T15634]  netlink_sendmsg+0x805/0xb30
[  386.259514][T15634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.259535][T15634]  ? aa_sock_msg_perm+0x94/0x160
[  386.259556][T15634]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  386.259575][T15634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.259594][T15634]  __sock_sendmsg+0x21c/0x270
[  386.259623][T15634]  ____sys_sendmsg+0x505/0x830
[  386.259650][T15634]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.259681][T15634]  ? import_iovec+0x74/0xa0
[  386.259715][T15634]  ___sys_sendmsg+0x21f/0x2a0
[  386.259738][T15634]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.259797][T15634]  ? __fget_files+0x2a/0x420
[  386.259813][T15634]  ? __fget_files+0x3a0/0x420
[  386.259840][T15634]  __x64_sys_sendmsg+0x19b/0x260
[  386.259865][T15634]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  386.259897][T15634]  ? __pfx_ksys_write+0x10/0x10
[  386.259919][T15634]  ? rcu_is_watching+0x15/0xb0
[  386.259947][T15634]  ? do_syscall_64+0xbe/0x3b0
[  386.259978][T15634]  do_syscall_64+0xfa/0x3b0
[  386.260003][T15634]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.260028][T15634]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.260047][T15634]  ? clear_bhb_loop+0x60/0xb0
[  386.260069][T15634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.260087][T15634] RIP: 0033:0x7f35b098e929
[  386.260111][T15634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.260127][T15634] RSP: 002b:00007f35b18d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.260148][T15634] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098e929
[  386.260162][T15634] RDX: 00000000000008c4 RSI: 0000200000000000 RDI: 0000000000000003
[  386.260174][T15634] RBP: 00007f35b18d1090 R08: 0000000000000000 R09: 0000000000000000
[  386.260186][T15634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.260198][T15634] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  386.260229][T15634]  </TASK>
[  386.293338][T15350] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.602739][T15638] FAULT_INJECTION: forcing a failure.
[  386.602739][T15638] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.675511][T15638] CPU: 1 UID: 0 PID: 15638 Comm: syz.4.3176 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  386.675539][T15638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.675551][T15638] Call Trace:
[  386.675560][T15638]  <TASK>
[  386.675568][T15638]  dump_stack_lvl+0x189/0x250
[  386.675596][T15638]  ? __pfx____ratelimit+0x10/0x10
[  386.675624][T15638]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.675648][T15638]  ? __pfx__printk+0x10/0x10
[  386.675687][T15638]  should_fail_ex+0x414/0x560
[  386.675713][T15638]  _copy_to_user+0x31/0xb0
[  386.675741][T15638]  simple_read_from_buffer+0xe1/0x170
[  386.675775][T15638]  proc_fail_nth_read+0x1df/0x250
[  386.675798][T15638]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  386.675829][T15638]  ? rw_verify_area+0x258/0x650
[  386.675853][T15638]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  386.675874][T15638]  vfs_read+0x1fd/0x980
[  386.675905][T15638]  ? __pfx___mutex_lock+0x10/0x10
[  386.675933][T15638]  ? __pfx_vfs_read+0x10/0x10
[  386.675959][T15638]  ? __fget_files+0x2a/0x420
[  386.675982][T15638]  ? __fget_files+0x3a0/0x420
[  386.675998][T15638]  ? __fget_files+0x2a/0x420
[  386.676025][T15638]  ksys_read+0x145/0x250
[  386.676053][T15638]  ? __pfx_ksys_read+0x10/0x10
[  386.676075][T15638]  ? rcu_is_watching+0x15/0xb0
[  386.676104][T15638]  ? do_syscall_64+0xbe/0x3b0
[  386.676137][T15638]  do_syscall_64+0xfa/0x3b0
[  386.676163][T15638]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.676189][T15638]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.676208][T15638]  ? clear_bhb_loop+0x60/0xb0
[  386.676242][T15638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.676260][T15638] RIP: 0033:0x7f64fbb8d33c
[  386.676276][T15638] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  386.676292][T15638] RSP: 002b:00007f64fca90030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  386.676311][T15638] RAX: ffffffffffffffda RBX: 00007f64fbdb5fa0 RCX: 00007f64fbb8d33c
[  386.676324][T15638] RDX: 000000000000000f RSI: 00007f64fca900a0 RDI: 0000000000000004
[  386.676336][T15638] RBP: 00007f64fca90090 R08: 0000000000000000 R09: 0000000000000000
[  386.676348][T15638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.676359][T15638] R13: 0000000000000000 R14: 00007f64fbdb5fa0 R15: 00007ffe0b210688
[  386.676390][T15638]  </TASK>
[  386.953501][T15641] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3178'.
[  386.966360][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3178'.
[  386.976566][T15641] FAULT_INJECTION: forcing a failure.
[  386.976566][T15641] name failslab, interval 1, probability 0, space 0, times 0
[  386.989652][T15641] CPU: 1 UID: 0 PID: 15641 Comm: syz.2.3178 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  386.989679][T15641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.989692][T15641] Call Trace:
[  386.989700][T15641]  <TASK>
[  386.989714][T15641]  dump_stack_lvl+0x189/0x250
[  386.989742][T15641]  ? __pfx____ratelimit+0x10/0x10
[  386.989770][T15641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.989793][T15641]  ? __pfx__printk+0x10/0x10
[  386.989825][T15641]  ? __pfx___might_resched+0x10/0x10
[  386.989846][T15641]  ? fs_reclaim_acquire+0x7d/0x100
[  386.989870][T15641]  should_fail_ex+0x414/0x560
[  386.989895][T15641]  should_failslab+0xa8/0x100
[  386.989925][T15641]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  386.989952][T15641]  ? __alloc_skb+0x112/0x2d0
[  386.989976][T15641]  __alloc_skb+0x112/0x2d0
[  386.990000][T15641]  netlink_ack+0x146/0xa50
[  386.990026][T15641]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.990076][T15641]  netlink_rcv_skb+0x28c/0x470
[  386.990106][T15641]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.990131][T15641]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  386.990179][T15641]  ? down_read+0x1ad/0x2e0
[  386.990200][T15641]  genl_rcv+0x28/0x40
[  386.990221][T15641]  netlink_unicast+0x759/0x8e0
[  386.990260][T15641]  netlink_sendmsg+0x805/0xb30
[  386.990289][T15641]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.990310][T15641]  ? aa_sock_msg_perm+0x94/0x160
[  386.990332][T15641]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  386.990353][T15641]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.990372][T15641]  __sock_sendmsg+0x21c/0x270
[  386.990403][T15641]  ____sys_sendmsg+0x505/0x830
[  386.990432][T15641]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.990464][T15641]  ? import_iovec+0x74/0xa0
[  386.990495][T15641]  ___sys_sendmsg+0x21f/0x2a0
[  386.990519][T15641]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.990582][T15641]  ? __fget_files+0x2a/0x420
[  386.990599][T15641]  ? __fget_files+0x3a0/0x420
[  386.990629][T15641]  __x64_sys_sendmsg+0x19b/0x260
[  386.990655][T15641]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  386.990688][T15641]  ? __pfx_ksys_write+0x10/0x10
[  386.990712][T15641]  ? rcu_is_watching+0x15/0xb0
[  386.990741][T15641]  ? do_syscall_64+0xbe/0x3b0
[  386.990774][T15641]  do_syscall_64+0xfa/0x3b0
[  386.990801][T15641]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.990828][T15641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.990847][T15641]  ? clear_bhb_loop+0x60/0xb0
[  386.990871][T15641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.990890][T15641] RIP: 0033:0x7f35b098e929
[  386.990908][T15641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.990926][T15641] RSP: 002b:00007f35b18d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.990947][T15641] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098e929
[  386.990962][T15641] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  386.990974][T15641] RBP: 00007f35b18d1090 R08: 0000000000000000 R09: 0000000000000000
[  386.990986][T15641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.990997][T15641] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  386.991028][T15641]  </TASK>
[  387.304746][T15350] batman_adv: batadv0: Interface activated: batadv_slave_1
[  387.495179][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  387.504324][   T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  387.555356][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  387.600245][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  387.715090][T13009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.737243][T13009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.785300][ T6218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.797307][ T6218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.919570][T15667] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3077'.
[  388.189028][T15675] netlink: 'syz.0.3190': attribute type 13 has an invalid length.
[  388.229177][T15675] netlink: 'syz.0.3190': attribute type 17 has an invalid length.
[  388.422278][T15675] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  388.688877][T15675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.808180][T15675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.820406][ T5850] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  388.842729][ T5850] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  388.850717][ T5850] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  388.859836][ T5850] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  388.868395][ T5850] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  388.966593][T15675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  389.224968][T15700] netlink: 'syz.2.3195': attribute type 1 has an invalid length.
[  389.346695][T15691] chnl_net:caif_netlink_parms(): no params data found
[  389.539432][T15706] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  389.554423][T15711] FAULT_INJECTION: forcing a failure.
[  389.554423][T15711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.564614][T15709] vlan3: entered promiscuous mode
[  389.587862][T15709] veth0: entered promiscuous mode
[  389.590350][T15711] CPU: 0 UID: 0 PID: 15711 Comm: syz.3.3198 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  389.590379][T15711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  389.590393][T15711] Call Trace:
[  389.590403][T15711]  <TASK>
[  389.590412][T15711]  dump_stack_lvl+0x189/0x250
[  389.590444][T15711]  ? __pfx____ratelimit+0x10/0x10
[  389.590506][T15711]  ? __pfx_dump_stack_lvl+0x10/0x10
[  389.590533][T15711]  ? __pfx__printk+0x10/0x10
[  389.590564][T15711]  ? __might_fault+0xb0/0x130
[  389.590610][T15711]  should_fail_ex+0x414/0x560
[  389.590639][T15711]  _copy_from_iter+0x1db/0x16f0
[  389.590674][T15711]  ? rcu_is_watching+0x15/0xb0
[  389.590703][T15711]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  389.590738][T15711]  ? __pfx__copy_from_iter+0x10/0x10
[  389.590771][T15711]  ? __build_skb_around+0x257/0x3e0
[  389.590801][T15711]  ? netlink_sendmsg+0x642/0xb30
[  389.590828][T15711]  ? skb_put+0x11b/0x210
[  389.590858][T15711]  netlink_sendmsg+0x6b2/0xb30
[  389.590892][T15711]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.590919][T15711]  ? aa_sock_msg_perm+0x94/0x160
[  389.590944][T15711]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  389.590969][T15711]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.590993][T15711]  __sock_sendmsg+0x21c/0x270
[  389.591030][T15711]  ____sys_sendmsg+0x505/0x830
[  389.591064][T15711]  ? __pfx_____sys_sendmsg+0x10/0x10
[  389.591119][T15711]  ? import_iovec+0x74/0xa0
[  389.591158][T15711]  ___sys_sendmsg+0x21f/0x2a0
[  389.591188][T15711]  ? __pfx____sys_sendmsg+0x10/0x10
[  389.591261][T15711]  ? __fget_files+0x2a/0x420
[  389.591282][T15711]  ? __fget_files+0x3a0/0x420
[  389.591317][T15711]  __x64_sys_sendmsg+0x19b/0x260
[  389.591348][T15711]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  389.591389][T15711]  ? __pfx_ksys_write+0x10/0x10
[  389.591417][T15711]  ? rcu_is_watching+0x15/0xb0
[  389.591450][T15711]  ? do_syscall_64+0xbe/0x3b0
[  389.591491][T15711]  do_syscall_64+0xfa/0x3b0
[  389.591522][T15711]  ? lockdep_hardirqs_on+0x9c/0x150
[  389.591555][T15711]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.591577][T15711]  ? clear_bhb_loop+0x60/0xb0
[  389.591607][T15711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.591631][T15711] RIP: 0033:0x7f215798e929
[  389.591652][T15711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.591674][T15711] RSP: 002b:00007f215879b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  389.591699][T15711] RAX: ffffffffffffffda RBX: 00007f2157bb5fa0 RCX: 00007f215798e929
[  389.591730][T15711] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  389.591745][T15711] RBP: 00007f215879b090 R08: 0000000000000000 R09: 0000000000000000
[  389.591760][T15711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.591775][T15711] R13: 0000000000000000 R14: 00007f2157bb5fa0 R15: 00007ffffd6ae3a8
[  389.591812][T15711]  </TASK>
[  390.173593][T15691] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.199211][T15691] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.219530][T15691] bridge_slave_0: entered allmulticast mode
[  390.249263][T15691] bridge_slave_0: entered promiscuous mode
[  390.276338][T15691] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.293577][T15691] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.301942][T15691] bridge_slave_1: entered allmulticast mode
[  390.309892][T15691] bridge_slave_1: entered promiscuous mode
[  390.368616][T15691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.403216][T15691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.415175][T15728] __nla_validate_parse: 4 callbacks suppressed
[  390.415191][T15728] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3203'.
[  390.470436][T15729] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3203'.
[  390.485274][T15691] team0: Port device team_slave_0 added
[  390.505639][T15691] team0: Port device team_slave_1 added
[  390.602213][T15691] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.609372][T15691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.635925][T15691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.672238][T15691] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.689575][T15691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.768417][T15691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  390.895435][T15739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3206'.
[  390.904737][T15739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3206'.
[  390.915261][T15739] netlink: 'syz.1.3206': attribute type 1 has an invalid length.
[  390.918416][ T5850] Bluetooth: hci5: command tx timeout
[  390.954267][T15739] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3206'.
[  391.013419][T15691] hsr_slave_0: entered promiscuous mode
[  391.031995][T15691] hsr_slave_1: entered promiscuous mode
[  391.040985][T15691] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  391.055176][T15691] Cannot create hsr debugfs directory
[  391.331977][T15757] tipc: Started in network mode
[  391.339325][T15757] tipc: Node identity 8, cluster identity 5
[  391.356071][T15757] tipc: Node number set to 8
[  391.364241][T15757] tipc: Cannot configure node identity twice
[  391.378703][T15763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.571365][T15771] syzkaller0: entered promiscuous mode
[  391.577128][T15771] syzkaller0: entered allmulticast mode
[  391.635796][T15773] Cannot find add_set index 0 as target
[  391.848567][T15691] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  391.871708][T15777] batadv1: entered promiscuous mode
[  391.902499][T15691] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  391.928900][T15691] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  391.947166][T15691] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  391.964675][T15783] bridge0: port 3(gretap0) entered disabled state
[  391.971299][T15783] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.978921][T15783] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.993423][T15783] bridge0: entered allmulticast mode
[  392.100498][T15786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3225'.
[  392.144792][T15800] netlink: 'syz.0.3227': attribute type 10 has an invalid length.
[  392.224531][T15691] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.281753][T15691] 8021q: adding VLAN 0 to HW filter on device team0
[  392.304090][ T6218] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.311368][ T6218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.413178][T15804] syzkaller0: entered promiscuous mode
[  392.418816][T15804] syzkaller0: entered allmulticast mode
[  392.993034][ T5850] Bluetooth: hci5: command tx timeout
[  393.772158][T13009] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.779413][T13009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.880104][T13009] wlan0: Trigger new scan to find an IBSS to join
[  394.377376][T15829] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3237'.
[  394.451154][T15691] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.580165][T15842] netlink: 388 bytes leftover after parsing attributes in process `syz.2.3242'.
[  394.837193][T15848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3243'.
[  395.070592][ T5850] Bluetooth: hci5: command tx timeout
[  395.113769][T15855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3244'.
[  395.488237][T15691] veth0_vlan: entered promiscuous mode
[  395.529989][T15691] veth1_vlan: entered promiscuous mode
[  395.589441][T15868] __nla_validate_parse: 4 callbacks suppressed
[  395.589462][T15868] netlink: 380 bytes leftover after parsing attributes in process `syz.2.3248'.
[  395.612785][T15691] veth0_macvtap: entered promiscuous mode
[  395.637697][T15691] veth1_macvtap: entered promiscuous mode
[  395.713507][T15691] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.755741][T15691] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.892241][T13009] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.922060][T13009] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  396.016898][T13009] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  396.065271][T13009] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  396.113302][T15886] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3253'.
[  396.199348][T15890] bond0: (slave dummy0): Releasing backup interface
[  396.346308][T15890] team0: Mode changed to "activebackup"
[  396.596988][T13008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.624467][T13008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.694288][ T6218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.713743][ T6218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.032768][T15922] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3260'.
[  397.064041][T15924] FAULT_INJECTION: forcing a failure.
[  397.064041][T15924] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.121284][T15924] CPU: 1 UID: 0 PID: 15924 Comm: syz.2.3259 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  397.121313][T15924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.121325][T15924] Call Trace:
[  397.121334][T15924]  <TASK>
[  397.121343][T15924]  dump_stack_lvl+0x189/0x250
[  397.121371][T15924]  ? __pfx____ratelimit+0x10/0x10
[  397.121398][T15924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.121422][T15924]  ? __pfx__printk+0x10/0x10
[  397.121448][T15924]  ? __might_fault+0xb0/0x130
[  397.121487][T15924]  should_fail_ex+0x414/0x560
[  397.121513][T15924]  _copy_from_user+0x2d/0xb0
[  397.121541][T15924]  ipv6_flowlabel_opt+0x11a/0x23a0
[  397.121564][T15924]  ? __up_read+0x280/0x680
[  397.121597][T15924]  ? do_user_addr_fault+0xbc1/0x1390
[  397.121615][T15924]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  397.121640][T15924]  ? register_lock_class+0x51/0x320
[  397.121666][T15924]  ? __lock_acquire+0xab9/0xd20
[  397.121700][T15924]  ? __local_bh_enable_ip+0x12d/0x1c0
[  397.121723][T15924]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.121751][T15924]  ? __local_bh_enable_ip+0x12d/0x1c0
[  397.121788][T15924]  do_ipv6_setsockopt+0xdb0/0x2eb0
[  397.121820][T15924]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  397.121842][T15924]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  397.121885][T15924]  ? vfs_write+0x8d8/0xa90
[  397.121916][T15924]  ? __pfx___might_resched+0x10/0x10
[  397.121949][T15924]  ? __lock_acquire+0xab9/0xd20
[  397.121975][T15924]  ? aa_sk_perm+0x81e/0x950
[  397.122016][T15924]  ? __pfx_aa_sk_perm+0x10/0x10
[  397.122048][T15924]  ? __fget_files+0x2a/0x420
[  397.122071][T15924]  ipv6_setsockopt+0x59/0x170
[  397.122091][T15924]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  397.122123][T15924]  do_sock_setsockopt+0x179/0x1b0
[  397.122150][T15924]  __x64_sys_setsockopt+0x13f/0x1b0
[  397.122178][T15924]  do_syscall_64+0xfa/0x3b0
[  397.122205][T15924]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.122231][T15924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.122251][T15924]  ? clear_bhb_loop+0x60/0xb0
[  397.122275][T15924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.122294][T15924] RIP: 0033:0x7f35b098e929
[  397.122312][T15924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.122329][T15924] RSP: 002b:00007f35b18d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  397.122351][T15924] RAX: ffffffffffffffda RBX: 00007f35b0bb5fa0 RCX: 00007f35b098e929
[  397.122366][T15924] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000004
[  397.122378][T15924] RBP: 00007f35b18d1090 R08: 0000000000000020 R09: 0000000000000000
[  397.122391][T15924] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  397.122404][T15924] R13: 0000000000000000 R14: 00007f35b0bb5fa0 R15: 00007ffc4d7b06f8
[  397.122437][T15924]  </TASK>
[  397.152468][ T5850] Bluetooth: hci5: command tx timeout
[  397.282280][T15929] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3262'.
[  397.457256][T15934] netlink: 'syz.0.3264': attribute type 10 has an invalid length.
[  398.194061][T15966] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  398.247277][T15966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3268'.
[  398.273178][T15966] tipc: Disabling bearer <udp:syz2>
[  398.302155][T15969] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3270'.
[  398.398455][T15973] tipc: Started in network mode
[  398.411945][T15973] tipc: Node identity 8, cluster identity 5
[  398.417867][T15973] tipc: Node number set to 8
[  398.469922][T15973] tipc: Cannot configure node identity twice
[  398.579552][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  398.588769][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  398.598069][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  398.608468][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  398.617080][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  398.711942][T15980] FAULT_INJECTION: forcing a failure.
[  398.711942][T15980] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.729336][T15980] CPU: 1 UID: 0 PID: 15980 Comm: syz.3.3274 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  398.729363][T15980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.729375][T15980] Call Trace:
[  398.729383][T15980]  <TASK>
[  398.729391][T15980]  dump_stack_lvl+0x189/0x250
[  398.729418][T15980]  ? __pfx____ratelimit+0x10/0x10
[  398.729445][T15980]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.729483][T15980]  ? __pfx__printk+0x10/0x10
[  398.729523][T15980]  ? __might_fault+0xb0/0x130
[  398.729559][T15980]  should_fail_ex+0x414/0x560
[  398.729582][T15980]  _copy_from_iter+0x1db/0x16f0
[  398.729609][T15980]  ? rcu_is_watching+0x15/0xb0
[  398.729632][T15980]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  398.729659][T15980]  ? __pfx__copy_from_iter+0x10/0x10
[  398.729683][T15980]  ? __build_skb_around+0x257/0x3e0
[  398.729705][T15980]  ? netlink_sendmsg+0x642/0xb30
[  398.729721][T15980]  ? skb_put+0x11b/0x210
[  398.729746][T15980]  netlink_sendmsg+0x6b2/0xb30
[  398.729773][T15980]  ? __pfx_netlink_sendmsg+0x10/0x10
[  398.729793][T15980]  ? aa_sock_msg_perm+0x94/0x160
[  398.729814][T15980]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  398.729833][T15980]  ? __pfx_netlink_sendmsg+0x10/0x10
[  398.729851][T15980]  __sock_sendmsg+0x21c/0x270
[  398.729888][T15980]  ____sys_sendmsg+0x505/0x830
[  398.729915][T15980]  ? __pfx_____sys_sendmsg+0x10/0x10
[  398.729945][T15980]  ? import_iovec+0x74/0xa0
[  398.729973][T15980]  ___sys_sendmsg+0x21f/0x2a0
[  398.729996][T15980]  ? __pfx____sys_sendmsg+0x10/0x10
[  398.730052][T15980]  ? __fget_files+0x2a/0x420
[  398.730068][T15980]  ? __fget_files+0x3a0/0x420
[  398.730095][T15980]  __x64_sys_sendmsg+0x19b/0x260
[  398.730119][T15980]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  398.730150][T15980]  ? __pfx_ksys_write+0x10/0x10
[  398.730172][T15980]  ? rcu_is_watching+0x15/0xb0
[  398.730198][T15980]  ? do_syscall_64+0xbe/0x3b0
[  398.730228][T15980]  do_syscall_64+0xfa/0x3b0
[  398.730253][T15980]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.730277][T15980]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.730296][T15980]  ? clear_bhb_loop+0x60/0xb0
[  398.730318][T15980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.730335][T15980] RIP: 0033:0x7f215798e929
[  398.730352][T15980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.730369][T15980] RSP: 002b:00007f215879b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  398.730389][T15980] RAX: ffffffffffffffda RBX: 00007f2157bb5fa0 RCX: 00007f215798e929
[  398.730403][T15980] RDX: 00000000200c48a4 RSI: 0000200000000000 RDI: 0000000000000005
[  398.730416][T15980] RBP: 00007f215879b090 R08: 0000000000000000 R09: 0000000000000000
[  398.730428][T15980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.730439][T15980] R13: 0000000000000000 R14: 00007f2157bb5fa0 R15: 00007ffffd6ae3a8
[  398.730470][T15980]  </TASK>
[  399.032921][ T6218] wlan0: Trigger new scan to find an IBSS to join
[  399.125911][T15985] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3276'.
[  399.180471][T15983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3275'.
[  399.214657][T15983] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3275'.
[  399.226583][T15983] netlink: 38 bytes leftover after parsing attributes in process `syz.1.3275'.
[  399.451477][T15977] chnl_net:caif_netlink_parms(): no params data found
[  399.640213][T16004] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.812212][T16004] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.882378][T16024] bridge_slave_0: left allmulticast mode
[  399.888131][T16024] bridge_slave_0: left promiscuous mode
[  399.894984][T16024] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.908281][T16024] bridge_slave_1: left allmulticast mode
[  399.919949][T16024] bridge_slave_1: left promiscuous mode
[  399.925758][T16024] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.937255][T16024] bond0: (slave bond_slave_0): Releasing backup interface
[  399.953551][T16024] bond0: (slave bond_slave_1): Releasing backup interface
[  399.968920][T16024] team0: Port device team_slave_0 removed
[  399.975197][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.986706][T16024] team0: Port device team_slave_1 removed
[  399.994067][T16024] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  400.001880][T16024] batman_adv: batadv0: Removing interface: batadv_slave_0
[  400.011399][T16024] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  400.018793][T16024] batman_adv: batadv0: Removing interface: batadv_slave_1
[  400.128839][T16004] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.274732][T16031] bridge_slave_1: left allmulticast mode
[  400.286669][T16031] bridge_slave_1: left promiscuous mode
[  400.296001][T16031] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.307384][T16031] bridge_slave_0: left allmulticast mode
[  400.324914][T16031] bridge_slave_0: left promiscuous mode
[  400.331640][T16031] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.457800][T15977] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.472786][T15977] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.485073][T15977] bridge_slave_0: entered allmulticast mode
[  400.497074][T15977] bridge_slave_0: entered promiscuous mode
[  400.564819][T16004] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.593354][T15977] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.607034][T15977] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.627399][T15977] bridge_slave_1: entered allmulticast mode
[  400.638720][T15977] bridge_slave_1: entered promiscuous mode
[  400.650614][T16039] netlink: 'syz.1.3291': attribute type 29 has an invalid length.
[  400.658809][T16042] netlink: 'syz.1.3291': attribute type 29 has an invalid length.
[  400.671911][ T5850] Bluetooth: hci4: command tx timeout
[  400.732017][T15977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  400.744931][T15977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  400.761987][T16042] __nla_validate_parse: 4 callbacks suppressed
[  400.762002][T16042] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3291'.
[  400.874175][T15977] team0: Port device team_slave_0 added
[  400.932657][T15977] team0: Port device team_slave_1 added
[  400.967059][ T2916] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.980921][ T2916] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  401.068304][ T2916] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  401.088250][T15977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  401.104830][T15977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.138496][T15977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.155109][T15977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.162535][T15977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.189568][T15977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  401.238630][   T36] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.369136][T15977] hsr_slave_0: entered promiscuous mode
[  401.385327][T15977] hsr_slave_1: entered promiscuous mode
[  401.392663][T15977] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.400309][T15977] Cannot create hsr debugfs directory
[  402.438855][T15977] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  402.473189][T15977] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  402.498528][T15977] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  402.541715][T15977] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  402.661462][T16112] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3314'.
[  402.666349][T16114] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3313'.
[  402.696959][T16112] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3314'.
[  402.707174][T16112] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3314'.
[  402.714884][T16114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3313'.
[  402.751086][ T5850] Bluetooth: hci4: command tx timeout
[  402.762872][T16117] set match dimension is over the limit!
[  402.795219][T15977] 8021q: adding VLAN 0 to HW filter on device bond0
[  402.884179][T15977] 8021q: adding VLAN 0 to HW filter on device team0
[  402.959148][ T6218] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.966325][ T6218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.993725][T16123] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3316'.
[  403.015725][ T6218] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.022910][ T6218] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.048152][T16123] netlink: 'syz.4.3316': attribute type 10 has an invalid length.
[  403.051302][T16127] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  403.846263][T15977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  403.958442][T15977] veth0_vlan: entered promiscuous mode
[  403.988869][T15977] veth1_vlan: entered promiscuous mode
[  404.024735][T16162] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11
[  404.052596][T15977] veth0_macvtap: entered promiscuous mode
[  404.084100][T15977] veth1_macvtap: entered promiscuous mode
[  404.128761][T15977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  404.167027][T15977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  404.205395][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  404.229073][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  404.253909][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  404.268472][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  404.399328][T13009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.428934][T13009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.457343][T16176] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3334'.
[  404.493727][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  404.507154][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  404.626346][T16178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3335'.
[  404.682506][T16180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3265'.
[  404.842038][T16184] tap0: tun_chr_ioctl cmd 1074025677
[  404.843103][ T5850] Bluetooth: hci4: command tx timeout
[  404.866626][T16184] tap0: linktype set to 769
[  405.171762][T16200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  405.309247][T16195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  405.458066][T16188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  405.645460][T16225] netlink: 'syz.4.3349': attribute type 10 has an invalid length.
[  405.712518][T16225] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  406.090176][T16188] syz.0.3339 (16188) used greatest stack depth: 19208 bytes left
[  406.236279][T16251] __nla_validate_parse: 9 callbacks suppressed
[  406.236297][T16251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3361'.
[  406.257827][T16251] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3361'.
[  406.305902][T16251] netlink: 38 bytes leftover after parsing attributes in process `syz.4.3361'.
[  406.311429][T16256] FAULT_INJECTION: forcing a failure.
[  406.311429][T16256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.399876][T16256] CPU: 0 UID: 0 PID: 16256 Comm: syz.1.3363 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  406.399904][T16256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  406.399915][T16256] Call Trace:
[  406.399923][T16256]  <TASK>
[  406.399931][T16256]  dump_stack_lvl+0x189/0x250
[  406.399959][T16256]  ? __pfx____ratelimit+0x10/0x10
[  406.399986][T16256]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.400008][T16256]  ? __pfx__printk+0x10/0x10
[  406.400033][T16256]  ? __might_fault+0xb0/0x130
[  406.400069][T16256]  should_fail_ex+0x414/0x560
[  406.400111][T16256]  _copy_from_iter+0x1db/0x16f0
[  406.400139][T16256]  ? rcu_is_watching+0x15/0xb0
[  406.400164][T16256]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  406.400193][T16256]  ? __pfx__copy_from_iter+0x10/0x10
[  406.400219][T16256]  ? __build_skb_around+0x257/0x3e0
[  406.400243][T16256]  ? netlink_sendmsg+0x642/0xb30
[  406.400259][T16256]  ? skb_put+0x11b/0x210
[  406.400284][T16256]  netlink_sendmsg+0x6b2/0xb30
[  406.400312][T16256]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.400335][T16256]  ? aa_sock_msg_perm+0x94/0x160
[  406.400358][T16256]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  406.400378][T16256]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.400408][T16256]  __sock_sendmsg+0x21c/0x270
[  406.400436][T16256]  ____sys_sendmsg+0x505/0x830
[  406.400464][T16256]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.400494][T16256]  ? import_iovec+0x74/0xa0
[  406.400528][T16256]  ___sys_sendmsg+0x21f/0x2a0
[  406.400552][T16256]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.400610][T16256]  ? __fget_files+0x2a/0x420
[  406.400625][T16256]  ? __fget_files+0x3a0/0x420
[  406.400652][T16256]  __x64_sys_sendmsg+0x19b/0x260
[  406.400676][T16256]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  406.400706][T16256]  ? __pfx_ksys_write+0x10/0x10
[  406.400728][T16256]  ? rcu_is_watching+0x15/0xb0
[  406.400754][T16256]  ? do_syscall_64+0xbe/0x3b0
[  406.400785][T16256]  do_syscall_64+0xfa/0x3b0
[  406.400810][T16256]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.400834][T16256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.400853][T16256]  ? clear_bhb_loop+0x60/0xb0
[  406.400880][T16256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.400898][T16256] RIP: 0033:0x7f56cbf8e929
[  406.400914][T16256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.400931][T16256] RSP: 002b:00007f56cceae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  406.400951][T16256] RAX: ffffffffffffffda RBX: 00007f56cc1b5fa0 RCX: 00007f56cbf8e929
[  406.400965][T16256] RDX: 0000000004000040 RSI: 0000200000000140 RDI: 0000000000000003
[  406.400978][T16256] RBP: 00007f56cceae090 R08: 0000000000000000 R09: 0000000000000000
[  406.400990][T16256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.401001][T16256] R13: 0000000000000000 R14: 00007f56cc1b5fa0 R15: 00007ffd96dcfc68
[  406.401032][T16256]  </TASK>
[  406.912443][ T5850] Bluetooth: hci4: command tx timeout
[  406.993007][T16273] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3370'.
[  407.004333][ T2916] bond0: (slave dummy0): link status definitely down, disabling slave
[  407.217327][T16285] FAULT_INJECTION: forcing a failure.
[  407.217327][T16285] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.239308][T16285] CPU: 1 UID: 0 PID: 16285 Comm: syz.4.3373 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  407.239335][T16285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.239347][T16285] Call Trace:
[  407.239354][T16285]  <TASK>
[  407.239362][T16285]  dump_stack_lvl+0x189/0x250
[  407.239389][T16285]  ? __pfx____ratelimit+0x10/0x10
[  407.239424][T16285]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.239446][T16285]  ? __pfx__printk+0x10/0x10
[  407.239471][T16285]  ? __might_fault+0xb0/0x130
[  407.239507][T16285]  should_fail_ex+0x414/0x560
[  407.239531][T16285]  _copy_from_iter+0x1db/0x16f0
[  407.239557][T16285]  ? rcu_is_watching+0x15/0xb0
[  407.239581][T16285]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  407.239608][T16285]  ? __pfx__copy_from_iter+0x10/0x10
[  407.239632][T16285]  ? __build_skb_around+0x257/0x3e0
[  407.239655][T16285]  ? netlink_sendmsg+0x642/0xb30
[  407.239671][T16285]  ? skb_put+0x11b/0x210
[  407.239693][T16285]  netlink_sendmsg+0x6b2/0xb30
[  407.239724][T16285]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.239744][T16285]  ? aa_sock_msg_perm+0x94/0x160
[  407.239766][T16285]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  407.239784][T16285]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.239803][T16285]  __sock_sendmsg+0x21c/0x270
[  407.239832][T16285]  ____sys_sendmsg+0x505/0x830
[  407.239859][T16285]  ? __pfx_____sys_sendmsg+0x10/0x10
[  407.239889][T16285]  ? import_iovec+0x74/0xa0
[  407.239917][T16285]  ___sys_sendmsg+0x21f/0x2a0
[  407.239941][T16285]  ? __pfx____sys_sendmsg+0x10/0x10
[  407.239998][T16285]  ? __fget_files+0x2a/0x420
[  407.240014][T16285]  ? __fget_files+0x3a0/0x420
[  407.240041][T16285]  __x64_sys_sendmsg+0x19b/0x260
[  407.240060][T16285]  ? schedule+0x165/0x360
[  407.240085][T16285]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  407.240124][T16285]  ? do_syscall_64+0xbe/0x3b0
[  407.240155][T16285]  do_syscall_64+0xfa/0x3b0
[  407.240182][T16285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.240199][T16285]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  407.240218][T16285]  ? clear_bhb_loop+0x60/0xb0
[  407.240240][T16285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.240258][T16285] RIP: 0033:0x7fa87d98e929
[  407.240274][T16285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.240290][T16285] RSP: 002b:00007fa87e8e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.240309][T16285] RAX: ffffffffffffffda RBX: 00007fa87dbb5fa0 RCX: 00007fa87d98e929
[  407.240323][T16285] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  407.240335][T16285] RBP: 00007fa87e8e2090 R08: 0000000000000000 R09: 0000000000000000
[  407.240347][T16285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.240358][T16285] R13: 0000000000000000 R14: 00007fa87dbb5fa0 R15: 00007ffc0a847988
[  407.240389][T16285]  </TASK>
[  407.575551][T16291] FAULT_INJECTION: forcing a failure.
[  407.575551][T16291] name failslab, interval 1, probability 0, space 0, times 0
[  407.593611][T16291] CPU: 0 UID: 0 PID: 16291 Comm: syz.4.3376 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  407.593639][T16291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.593652][T16291] Call Trace:
[  407.593660][T16291]  <TASK>
[  407.593669][T16291]  dump_stack_lvl+0x189/0x250
[  407.593698][T16291]  ? __pfx____ratelimit+0x10/0x10
[  407.593727][T16291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.593750][T16291]  ? __pfx__printk+0x10/0x10
[  407.593784][T16291]  ? ref_tracker_alloc+0x318/0x460
[  407.593809][T16291]  should_fail_ex+0x414/0x560
[  407.593834][T16291]  should_failslab+0xa8/0x100
[  407.593874][T16291]  kmem_cache_alloc_noprof+0x73/0x3c0
[  407.593898][T16291]  ? skb_clone+0x212/0x3a0
[  407.593925][T16291]  skb_clone+0x212/0x3a0
[  407.593950][T16291]  __netlink_deliver_tap+0x404/0x850
[  407.593990][T16291]  ? netlink_deliver_tap+0x2e/0x1b0
[  407.594020][T16291]  netlink_deliver_tap+0x19c/0x1b0
[  407.594048][T16291]  netlink_unicast+0x730/0x8e0
[  407.594085][T16291]  netlink_sendmsg+0x805/0xb30
[  407.594112][T16291]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.594140][T16291]  ? aa_sock_msg_perm+0x94/0x160
[  407.594162][T16291]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  407.594181][T16291]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.594200][T16291]  __sock_sendmsg+0x21c/0x270
[  407.594229][T16291]  ____sys_sendmsg+0x505/0x830
[  407.594256][T16291]  ? __pfx_____sys_sendmsg+0x10/0x10
[  407.594286][T16291]  ? import_iovec+0x74/0xa0
[  407.594313][T16291]  ___sys_sendmsg+0x21f/0x2a0
[  407.594335][T16291]  ? __pfx____sys_sendmsg+0x10/0x10
[  407.594391][T16291]  ? __fget_files+0x2a/0x420
[  407.594408][T16291]  ? __fget_files+0x3a0/0x420
[  407.594435][T16291]  __x64_sys_sendmsg+0x19b/0x260
[  407.594459][T16291]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  407.594490][T16291]  ? __pfx_ksys_write+0x10/0x10
[  407.594512][T16291]  ? rcu_is_watching+0x15/0xb0
[  407.594538][T16291]  ? do_syscall_64+0xbe/0x3b0
[  407.594568][T16291]  do_syscall_64+0xfa/0x3b0
[  407.594597][T16291]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.594621][T16291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.594640][T16291]  ? clear_bhb_loop+0x60/0xb0
[  407.594662][T16291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.594680][T16291] RIP: 0033:0x7fa87d98e929
[  407.594696][T16291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.594712][T16291] RSP: 002b:00007fa87e8e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.594731][T16291] RAX: ffffffffffffffda RBX: 00007fa87dbb5fa0 RCX: 00007fa87d98e929
[  407.594745][T16291] RDX: 0000000004000040 RSI: 0000200000000140 RDI: 0000000000000003
[  407.594758][T16291] RBP: 00007fa87e8e2090 R08: 0000000000000000 R09: 0000000000000000
[  407.594769][T16291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.594781][T16291] R13: 0000000000000000 R14: 00007fa87dbb5fa0 R15: 00007ffc0a847988
[  407.594811][T16291]  </TASK>
[  408.109478][T16296] netlink: 'syz.4.3377': attribute type 10 has an invalid length.
[  408.113287][T16294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3378'.
[  408.127063][T16294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3378'.
[  408.136446][T16294] netlink: 38 bytes leftover after parsing attributes in process `syz.0.3378'.
[  408.416298][T16312] x_tables: unsorted underflow at hook 2
[  408.432938][T16312] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3383'.
[  408.451600][T16317] FAULT_INJECTION: forcing a failure.
[  408.451600][T16317] name failslab, interval 1, probability 0, space 0, times 0
[  408.489823][T16317] CPU: 0 UID: 0 PID: 16317 Comm: syz.2.3386 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  408.489851][T16317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.489863][T16317] Call Trace:
[  408.489871][T16317]  <TASK>
[  408.489879][T16317]  dump_stack_lvl+0x189/0x250
[  408.489908][T16317]  ? __pfx____ratelimit+0x10/0x10
[  408.489936][T16317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.489960][T16317]  ? __pfx__printk+0x10/0x10
[  408.489993][T16317]  ? __pfx___might_resched+0x10/0x10
[  408.490015][T16317]  ? fs_reclaim_acquire+0x7d/0x100
[  408.490039][T16317]  should_fail_ex+0x414/0x560
[  408.490065][T16317]  should_failslab+0xa8/0x100
[  408.490102][T16317]  kmem_cache_alloc_noprof+0x73/0x3c0
[  408.490128][T16317]  ? vm_area_alloc+0x24/0x140
[  408.490163][T16317]  vm_area_alloc+0x24/0x140
[  408.490193][T16317]  mmap_region+0xcc7/0x1f30
[  408.490215][T16317]  ? __lock_acquire+0xab9/0xd20
[  408.490249][T16317]  ? __lock_acquire+0xab9/0xd20
[  408.490273][T16317]  ? __pfx_mmap_region+0x10/0x10
[  408.490367][T16317]  ? __pfx_aa_get_newest_label+0x10/0x10
[  408.490406][T16317]  ? bpf_lsm_capable+0x9/0x20
[  408.490431][T16317]  ? security_capable+0x7e/0x2e0
[  408.490456][T16317]  ? shmem_mapping+0xd/0x50
[  408.490475][T16317]  ? memfd_check_seals_mmap+0xc5/0x200
[  408.490500][T16317]  do_mmap+0xc45/0x10d0
[  408.490538][T16317]  ? __pfx_do_mmap+0x10/0x10
[  408.490560][T16317]  ? down_write_killable+0x178/0x230
[  408.490581][T16317]  ? end_current_label_crit_section+0x152/0x180
[  408.490603][T16317]  ? __pfx_down_write_killable+0x10/0x10
[  408.490632][T16317]  vm_mmap_pgoff+0x31b/0x4c0
[  408.490664][T16317]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  408.490689][T16317]  ? __fget_files+0x2a/0x420
[  408.490712][T16317]  ? __fget_files+0x3a0/0x420
[  408.490728][T16317]  ? __fget_files+0x2a/0x420
[  408.490751][T16317]  ksys_mmap_pgoff+0x51f/0x760
[  408.490785][T16317]  do_syscall_64+0xfa/0x3b0
[  408.490812][T16317]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.490839][T16317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.490858][T16317]  ? clear_bhb_loop+0x60/0xb0
[  408.490883][T16317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.490901][T16317] RIP: 0033:0x7feb1fd8e929
[  408.490918][T16317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.490936][T16317] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  408.490957][T16317] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  408.490971][T16317] RDX: 0000000002000001 RSI: 0000000000200000 RDI: 0000200000001000
[  408.490985][T16317] RBP: 00007feb20ba1090 R08: 0000000000000003 R09: 0000000000000000
[  408.490998][T16317] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000001
[  408.491011][T16317] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  408.491042][T16317]  </TASK>
[  408.826456][T16319] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  408.928379][T16326] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  409.059113][T16335] netlink: 'syz.3.3391': attribute type 10 has an invalid length.
[  409.137842][T16335] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  409.506886][T16356] FAULT_INJECTION: forcing a failure.
[  409.506886][T16356] name failslab, interval 1, probability 0, space 0, times 0
[  409.520049][T16356] CPU: 0 UID: 0 PID: 16356 Comm: syz.2.3401 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  409.520076][T16356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  409.520088][T16356] Call Trace:
[  409.520097][T16356]  <TASK>
[  409.520106][T16356]  dump_stack_lvl+0x189/0x250
[  409.520133][T16356]  ? __pfx____ratelimit+0x10/0x10
[  409.520171][T16356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.520193][T16356]  ? __pfx__printk+0x10/0x10
[  409.520223][T16356]  ? __pfx___might_resched+0x10/0x10
[  409.520243][T16356]  ? fs_reclaim_acquire+0x7d/0x100
[  409.520271][T16356]  should_fail_ex+0x414/0x560
[  409.520294][T16356]  should_failslab+0xa8/0x100
[  409.520322][T16356]  __kmalloc_noprof+0xcb/0x4f0
[  409.520345][T16356]  ? bpf_test_init+0xc2/0x170
[  409.520375][T16356]  bpf_test_init+0xc2/0x170
[  409.520422][T16356]  bpf_prog_test_run_flow_dissector+0x1e1/0x5c0
[  409.520467][T16356]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  409.520499][T16356]  ? __fget_files+0x2a/0x420
[  409.520519][T16356]  ? __fget_files+0x2a/0x420
[  409.520534][T16356]  ? __fget_files+0x3a0/0x420
[  409.520549][T16356]  ? __fget_files+0x2a/0x420
[  409.520571][T16356]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  409.520613][T16356]  bpf_prog_test_run+0x2c7/0x340
[  409.520635][T16356]  __sys_bpf+0x4a4/0x860
[  409.520664][T16356]  ? __pfx___sys_bpf+0x10/0x10
[  409.520704][T16356]  ? ksys_write+0x22a/0x250
[  409.520730][T16356]  ? __pfx_ksys_write+0x10/0x10
[  409.520769][T16356]  ? rcu_is_watching+0x15/0xb0
[  409.520799][T16356]  __x64_sys_bpf+0x7c/0x90
[  409.520827][T16356]  do_syscall_64+0xfa/0x3b0
[  409.520864][T16356]  ? lockdep_hardirqs_on+0x9c/0x150
[  409.520889][T16356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.520907][T16356]  ? clear_bhb_loop+0x60/0xb0
[  409.520930][T16356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.520947][T16356] RIP: 0033:0x7feb1fd8e929
[  409.520964][T16356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.520982][T16356] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  409.521002][T16356] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  409.521016][T16356] RDX: 0000000000000069 RSI: 00002000000002c0 RDI: 000000000000000a
[  409.521046][T16356] RBP: 00007feb20ba1090 R08: 0000000000000000 R09: 0000000000000000
[  409.521059][T16356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.521071][T16356] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  409.521102][T16356]  </TASK>
[  409.898598][T16361] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  410.007602][T16367] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3406'.
[  410.139630][T16378] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3408'.
[  410.903975][T16397] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  410.931272][T16397] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.951505][T16397] syzkaller0: entered promiscuous mode
[  410.970678][T16397] syzkaller0: entered allmulticast mode
[  411.012364][T16397] tipc: Resetting bearer <eth:syzkaller0>
[  411.068687][T16396] tipc: Resetting bearer <eth:syzkaller0>
[  411.142562][T16396] tipc: Disabling bearer <eth:syzkaller0>
[  411.282348][T16411] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  411.458570][T16422] FAULT_INJECTION: forcing a failure.
[  411.458570][T16422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.473407][T16422] CPU: 1 UID: 0 PID: 16422 Comm: syz.2.3420 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  411.473432][T16422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.473444][T16422] Call Trace:
[  411.473452][T16422]  <TASK>
[  411.473460][T16422]  dump_stack_lvl+0x189/0x250
[  411.473487][T16422]  ? __pfx____ratelimit+0x10/0x10
[  411.473513][T16422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.473535][T16422]  ? __pfx__printk+0x10/0x10
[  411.473571][T16422]  should_fail_ex+0x414/0x560
[  411.473595][T16422]  _copy_to_user+0x31/0xb0
[  411.473622][T16422]  simple_read_from_buffer+0xe1/0x170
[  411.473653][T16422]  proc_fail_nth_read+0x1df/0x250
[  411.473676][T16422]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  411.473698][T16422]  ? rw_verify_area+0x258/0x650
[  411.473720][T16422]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  411.473741][T16422]  vfs_read+0x1fd/0x980
[  411.473772][T16422]  ? __pfx_vfs_read+0x10/0x10
[  411.473795][T16422]  ? __get_user_nocheck_8+0x20/0x20
[  411.473818][T16422]  ? rds_getsockopt+0xab/0x500
[  411.473837][T16422]  ? __pfx_rds_getsockopt+0x10/0x10
[  411.473867][T16422]  ? do_sock_getsockopt+0x36f/0x450
[  411.473898][T16422]  ksys_read+0x145/0x250
[  411.473925][T16422]  ? __pfx_ksys_read+0x10/0x10
[  411.473953][T16422]  ? do_syscall_64+0xbe/0x3b0
[  411.473983][T16422]  do_syscall_64+0xfa/0x3b0
[  411.474008][T16422]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.474032][T16422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.474050][T16422]  ? clear_bhb_loop+0x60/0xb0
[  411.474073][T16422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.474091][T16422] RIP: 0033:0x7feb1fd8d33c
[  411.474108][T16422] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  411.474124][T16422] RSP: 002b:00007feb20ba1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  411.474143][T16422] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8d33c
[  411.474157][T16422] RDX: 000000000000000f RSI: 00007feb20ba10a0 RDI: 0000000000000004
[  411.474169][T16422] RBP: 00007feb20ba1090 R08: 0000000000000000 R09: 0000000000000000
[  411.474181][T16422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.474192][T16422] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  411.474221][T16422]  </TASK>
[  411.779341][T16426] __nla_validate_parse: 2 callbacks suppressed
[  411.779354][T16426] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3421'.
[  411.948822][T16439] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3424'.
[  412.313942][T16457] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3431'.
[  412.325431][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3431'.
[  412.484377][T16465] netlink: 'syz.0.3434': attribute type 1 has an invalid length.
[  412.546011][T16465] 8021q: adding VLAN 0 to HW filter on device bond1
[  412.638715][T16471] veth7: entered promiscuous mode
[  412.650343][T16471] bond1: (slave veth7): Enslaving as an active interface with a down link
[  412.658041][T16465] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3434'.
[  412.978976][T16493] netlink: 388 bytes leftover after parsing attributes in process `syz.2.3442'.
[  413.171871][T16503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3447'.
[  413.204342][T16503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3447'.
[  413.217881][T16503] netlink: 38 bytes leftover after parsing attributes in process `syz.1.3447'.
[  413.383758][T16516] Bluetooth: MGMT ver 1.23
[  413.686001][T16533] netlink: 388 bytes leftover after parsing attributes in process `syz.4.3456'.
[  414.002354][T16547] netlink: 'syz.0.3462': attribute type 3 has an invalid length.
[  414.040659][T16549] vlan1: entered allmulticast mode
[  414.045818][T16549] veth0_vlan: entered allmulticast mode
[  414.359574][T16564] netlink: 'syz.3.3469': attribute type 10 has an invalid length.
[  414.401313][T16565] netlink: 'syz.2.3470': attribute type 10 has an invalid length.
[  414.446479][T16565] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  414.741658][T16586] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  414.780102][T16586] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  414.806204][T16588] FAULT_INJECTION: forcing a failure.
[  414.806204][T16588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.825250][T16588] CPU: 1 UID: 0 PID: 16588 Comm: syz.4.3482 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  414.825272][T16588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.825282][T16588] Call Trace:
[  414.825289][T16588]  <TASK>
[  414.825297][T16588]  dump_stack_lvl+0x189/0x250
[  414.825320][T16588]  ? __pfx____ratelimit+0x10/0x10
[  414.825344][T16588]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.825366][T16588]  ? __pfx__printk+0x10/0x10
[  414.825390][T16588]  ? __might_fault+0xb0/0x130
[  414.825420][T16588]  should_fail_ex+0x414/0x560
[  414.825442][T16588]  _copy_from_user+0x2d/0xb0
[  414.825468][T16588]  ___sys_sendmsg+0x158/0x2a0
[  414.825495][T16588]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.825555][T16588]  ? __fget_files+0x2a/0x420
[  414.825591][T16588]  ? __fget_files+0x3a0/0x420
[  414.825618][T16588]  __x64_sys_sendmsg+0x19b/0x260
[  414.825643][T16588]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  414.825675][T16588]  ? __pfx_ksys_write+0x10/0x10
[  414.825698][T16588]  ? rcu_is_watching+0x15/0xb0
[  414.825727][T16588]  ? do_syscall_64+0xbe/0x3b0
[  414.825758][T16588]  do_syscall_64+0xfa/0x3b0
[  414.825784][T16588]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.825809][T16588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.825827][T16588]  ? clear_bhb_loop+0x60/0xb0
[  414.825859][T16588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.825881][T16588] RIP: 0033:0x7fa87d98e929
[  414.825898][T16588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.825915][T16588] RSP: 002b:00007fa87e8e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.825935][T16588] RAX: ffffffffffffffda RBX: 00007fa87dbb5fa0 RCX: 00007fa87d98e929
[  414.825947][T16588] RDX: 0000000000040000 RSI: 0000200000000280 RDI: 0000000000000003
[  414.825959][T16588] RBP: 00007fa87e8e2090 R08: 0000000000000000 R09: 0000000000000000
[  414.825970][T16588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.825981][T16588] R13: 0000000000000000 R14: 00007fa87dbb5fa0 R15: 00007ffc0a847988
[  414.826008][T16588]  </TASK>
[  415.269105][T16598] netlink: 'syz.1.3486': attribute type 10 has an invalid length.
[  415.553534][T16618] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12
[  415.847183][T16635] FAULT_INJECTION: forcing a failure.
[  415.847183][T16635] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.863282][T16635] CPU: 1 UID: 0 PID: 16635 Comm: syz.2.3501 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  415.863310][T16635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  415.863322][T16635] Call Trace:
[  415.863330][T16635]  <TASK>
[  415.863338][T16635]  dump_stack_lvl+0x189/0x250
[  415.863366][T16635]  ? __pfx____ratelimit+0x10/0x10
[  415.863393][T16635]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.863417][T16635]  ? __pfx__printk+0x10/0x10
[  415.863444][T16635]  ? __might_fault+0xb0/0x130
[  415.863482][T16635]  should_fail_ex+0x414/0x560
[  415.863513][T16635]  _copy_from_user+0x2d/0xb0
[  415.863540][T16635]  ___sys_sendmsg+0x158/0x2a0
[  415.863566][T16635]  ? __pfx____sys_sendmsg+0x10/0x10
[  415.863627][T16635]  ? __fget_files+0x2a/0x420
[  415.863644][T16635]  ? __fget_files+0x3a0/0x420
[  415.863672][T16635]  __x64_sys_sendmsg+0x19b/0x260
[  415.863698][T16635]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  415.863731][T16635]  ? __pfx_ksys_write+0x10/0x10
[  415.863755][T16635]  ? rcu_is_watching+0x15/0xb0
[  415.863783][T16635]  ? do_syscall_64+0xbe/0x3b0
[  415.863815][T16635]  do_syscall_64+0xfa/0x3b0
[  415.863842][T16635]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.863868][T16635]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.863887][T16635]  ? clear_bhb_loop+0x60/0xb0
[  415.863911][T16635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.863930][T16635] RIP: 0033:0x7feb1fd8e929
[  415.863947][T16635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.863964][T16635] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.863985][T16635] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  415.864000][T16635] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 000000000000000c
[  415.864013][T16635] RBP: 00007feb20ba1090 R08: 0000000000000000 R09: 0000000000000000
[  415.864026][T16635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.864038][T16635] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  415.864069][T16635]  </TASK>
[  416.080276][T16636] netlink: del zone limit has 4 unknown bytes
[  416.878285][T16675] __nla_validate_parse: 6 callbacks suppressed
[  416.878304][T16675] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3514'.
[  417.098806][T16685] netlink: 388 bytes leftover after parsing attributes in process `syz.1.3517'.
[  417.429440][T16702] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3523'.
[  417.450189][T16704] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3524'.
[  417.718663][T16718] netlink: 'syz.3.3532': attribute type 1 has an invalid length.
[  417.753907][ T5897] IPVS: starting estimator thread 0...
[  417.850007][T16719] IPVS: using max 28 ests per chain, 67200 per kthread
[  417.881611][T16729] netlink: 'syz.2.3534': attribute type 21 has an invalid length.
[  417.895623][T16718] 8021q: adding VLAN 0 to HW filter on device bond1
[  417.930208][T16723] veth5: entered promiscuous mode
[  417.940409][T16723] bond1: (slave veth5): Enslaving as an active interface with a down link
[  417.954098][T16718] erspan0: entered allmulticast mode
[  417.988520][T16718] bond1: (slave erspan0): making interface the new active one
[  418.022251][T16718] erspan0: entered promiscuous mode
[  418.040284][T16718] bond1: (slave erspan0): Enslaving as an active interface with an up link
[  418.069346][T16729] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3534'.
[  418.350480][T16750] netlink: 'syz.4.3541': attribute type 10 has an invalid length.
[  418.542684][T16761] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  418.550002][T16761] IPv6: NLM_F_CREATE should be set when creating new route
[  418.598615][T16763] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3545'.
[  418.625018][T16763] netlink: 'syz.1.3545': attribute type 1 has an invalid length.
[  418.640159][T16763] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3545'.
[  418.649224][T16763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3545'.
[  418.702900][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3549'.
[  418.730443][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3549'.
[  418.740738][T16765] netlink: 'syz.4.3549': attribute type 1 has an invalid length.
[  419.040376][T16781] netlink: 'syz.4.3555': attribute type 10 has an invalid length.
[  419.619006][T16776] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  419.632562][T16776] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  420.366542][T16785] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  420.404815][T16790] hsr0: mtu greater than device maximum
[  420.414795][   T36] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.448485][   T36] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.480767][T16808] FAULT_INJECTION: forcing a failure.
[  420.480767][T16808] name failslab, interval 1, probability 0, space 0, times 0
[  420.493714][T16808] CPU: 0 UID: 0 PID: 16808 Comm: syz.0.3560 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  420.493738][T16808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  420.493750][T16808] Call Trace:
[  420.493758][T16808]  <TASK>
[  420.493766][T16808]  dump_stack_lvl+0x189/0x250
[  420.493795][T16808]  ? __pfx____ratelimit+0x10/0x10
[  420.493823][T16808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.493847][T16808]  ? __pfx__printk+0x10/0x10
[  420.493878][T16808]  ? xfd_validate_state+0x6d/0x150
[  420.493909][T16808]  should_fail_ex+0x414/0x560
[  420.493934][T16808]  should_failslab+0xa8/0x100
[  420.493965][T16808]  kmem_cache_alloc_noprof+0x73/0x3c0
[  420.493991][T16808]  ? fdb_create+0x1b8/0x14c0
[  420.494020][T16808]  fdb_create+0x1b8/0x14c0
[  420.494047][T16808]  ? fdb_find_rcu+0x6e3/0x770
[  420.494087][T16808]  ? br_fdb_find+0x82/0x210
[  420.494110][T16808]  ? __pfx_fdb_create+0x10/0x10
[  420.494132][T16808]  ? br_fdb_find+0x82/0x210
[  420.494159][T16808]  ? br_fdb_find+0x82/0x210
[  420.494176][T16808]  ? br_fdb_find+0x82/0x210
[  420.494202][T16808]  __br_fdb_add+0x656/0xcb0
[  420.494234][T16808]  br_fdb_add+0x73a/0xc20
[  420.494268][T16808]  ? __pfx_br_fdb_add+0x10/0x10
[  420.494292][T16808]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  420.494318][T16808]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.494353][T16808]  rtnl_fdb_add+0x74a/0xa50
[  420.494384][T16808]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  420.494434][T16808]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  420.494452][T16808]  rtnetlink_rcv_msg+0x779/0xb70
[  420.494482][T16808]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  420.494509][T16808]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  420.494551][T16808]  netlink_rcv_skb+0x208/0x470
[  420.494579][T16808]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  420.494608][T16808]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  420.494648][T16808]  ? netlink_deliver_tap+0x2e/0x1b0
[  420.494674][T16808]  ? netlink_deliver_tap+0x2e/0x1b0
[  420.494707][T16808]  netlink_unicast+0x759/0x8e0
[  420.494743][T16808]  netlink_sendmsg+0x805/0xb30
[  420.494771][T16808]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.494792][T16808]  ? aa_sock_msg_perm+0x94/0x160
[  420.494814][T16808]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  420.494834][T16808]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.494852][T16808]  __sock_sendmsg+0x21c/0x270
[  420.494881][T16808]  ____sys_sendmsg+0x505/0x830
[  420.494909][T16808]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.494940][T16808]  ? import_iovec+0x74/0xa0
[  420.494968][T16808]  ___sys_sendmsg+0x21f/0x2a0
[  420.494992][T16808]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.495052][T16808]  ? __fget_files+0x2a/0x420
[  420.495067][T16808]  ? __fget_files+0x3a0/0x420
[  420.495095][T16808]  __x64_sys_sendmsg+0x19b/0x260
[  420.495119][T16808]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  420.495162][T16808]  ? __pfx_ksys_write+0x10/0x10
[  420.495203][T16808]  ? rcu_is_watching+0x15/0xb0
[  420.495231][T16808]  ? do_syscall_64+0xbe/0x3b0
[  420.495263][T16808]  do_syscall_64+0xfa/0x3b0
[  420.495290][T16808]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.495316][T16808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.495336][T16808]  ? clear_bhb_loop+0x60/0xb0
[  420.495360][T16808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.495380][T16808] RIP: 0033:0x7fa02a38e929
[  420.495398][T16808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.495414][T16808] RSP: 002b:00007fa02b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.495434][T16808] RAX: ffffffffffffffda RBX: 00007fa02a5b5fa0 RCX: 00007fa02a38e929
[  420.495449][T16808] RDX: 0000000024040040 RSI: 00002000000004c0 RDI: 0000000000000003
[  420.495462][T16808] RBP: 00007fa02b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  420.495475][T16808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.495487][T16808] R13: 0000000000000000 R14: 00007fa02a5b5fa0 R15: 00007ffef5c23828
[  420.495520][T16808]  </TASK>
[  420.525766][   T36] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.907431][   T36] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.965816][T16818] netlink: 'syz.0.3564': attribute type 1 has an invalid length.
[  421.019379][T16818] 8021q: adding VLAN 0 to HW filter on device bond2
[  421.209511][T16831] macsec1: entered promiscuous mode
[  421.239076][T16831] macsec1: entered allmulticast mode
[  421.353735][T16845] netlink: 'syz.3.3572': attribute type 10 has an invalid length.
[  422.258798][T16864] FAULT_INJECTION: forcing a failure.
[  422.258798][T16864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.276240][T16864] CPU: 1 UID: 0 PID: 16864 Comm: syz.0.3580 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  422.276268][T16864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  422.276287][T16864] Call Trace:
[  422.276295][T16864]  <TASK>
[  422.276304][T16864]  dump_stack_lvl+0x189/0x250
[  422.276333][T16864]  ? __pfx____ratelimit+0x10/0x10
[  422.276362][T16864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.276386][T16864]  ? __pfx__printk+0x10/0x10
[  422.276412][T16864]  ? __might_fault+0xb0/0x130
[  422.276451][T16864]  should_fail_ex+0x414/0x560
[  422.276486][T16864]  _copy_from_user+0x2d/0xb0
[  422.276512][T16864]  ___sys_recvmsg+0x12e/0x510
[  422.276541][T16864]  ? __pfx____sys_recvmsg+0x10/0x10
[  422.276594][T16864]  ? __might_fault+0xb0/0x130
[  422.276623][T16864]  do_recvmmsg+0x307/0x770
[  422.276653][T16864]  ? __pfx_do_recvmmsg+0x10/0x10
[  422.276688][T16864]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  422.276733][T16864]  __x64_sys_recvmmsg+0x190/0x240
[  422.276759][T16864]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  422.276779][T16864]  ? rcu_is_watching+0x15/0xb0
[  422.276806][T16864]  ? do_syscall_64+0xbe/0x3b0
[  422.276838][T16864]  do_syscall_64+0xfa/0x3b0
[  422.276862][T16864]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.276887][T16864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.276905][T16864]  ? clear_bhb_loop+0x60/0xb0
[  422.276928][T16864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.276945][T16864] RIP: 0033:0x7fa02a38e929
[  422.276962][T16864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.276977][T16864] RSP: 002b:00007fa02b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  422.276996][T16864] RAX: ffffffffffffffda RBX: 00007fa02a5b5fa0 RCX: 00007fa02a38e929
[  422.277011][T16864] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003
[  422.277022][T16864] RBP: 00007fa02b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  422.277034][T16864] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001
[  422.277046][T16864] R13: 0000000000000000 R14: 00007fa02a5b5fa0 R15: 00007ffef5c23828
[  422.277075][T16864]  </TASK>
[  422.667965][T16872] netlink: 'syz.1.3583': attribute type 10 has an invalid length.
[  422.950860][T16885] __nla_validate_parse: 3 callbacks suppressed
[  422.950897][T16885] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3591'.
[  423.040543][T16889] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3592'.
[  423.276774][T16908] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3600'.
[  423.286663][T16908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3600'.
[  423.301153][T16908] netlink: 'syz.2.3600': attribute type 1 has an invalid length.
[  423.309102][T16908] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3600'.
[  423.490124][T16924] FAULT_INJECTION: forcing a failure.
[  423.490124][T16924] name failslab, interval 1, probability 0, space 0, times 0
[  423.502855][T16924] CPU: 1 UID: 0 PID: 16924 Comm: syz.2.3604 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  423.502892][T16924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  423.502909][T16924] Call Trace:
[  423.502917][T16924]  <TASK>
[  423.502925][T16924]  dump_stack_lvl+0x189/0x250
[  423.502953][T16924]  ? __pfx____ratelimit+0x10/0x10
[  423.502978][T16924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.503000][T16924]  ? __pfx__printk+0x10/0x10
[  423.503040][T16924]  should_fail_ex+0x414/0x560
[  423.503064][T16924]  should_failslab+0xa8/0x100
[  423.503094][T16924]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  423.503119][T16924]  ? nf_ct_ext_add+0x1ab/0x450
[  423.503139][T16924]  ? rcu_is_watching+0x15/0xb0
[  423.503167][T16924]  ? nf_ct_ext_add+0x1ab/0x450
[  423.503186][T16924]  krealloc_noprof+0x124/0x340
[  423.503215][T16924]  nf_ct_ext_add+0x1ab/0x450
[  423.503242][T16924]  init_conntrack+0x680/0xef0
[  423.503271][T16924]  ? __pfx_init_conntrack+0x10/0x10
[  423.503296][T16924]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  423.503318][T16924]  ? __siphash_unaligned+0x232/0x3b0
[  423.503352][T16924]  nf_conntrack_in+0xbb7/0x15c0
[  423.503396][T16924]  ? __pfx_nf_conntrack_in+0x10/0x10
[  423.503420][T16924]  ? ip6t_do_table+0x1db/0x1560
[  423.503441][T16924]  ? __pfx_ip6t_do_table+0x10/0x10
[  423.503465][T16924]  ? NF_HOOK+0x9a/0x3a0
[  423.503488][T16924]  ? ipv6_defrag+0x2d6/0x3b0
[  423.503508][T16924]  ? __pfx_ipv6_conntrack_in+0x10/0x10
[  423.503528][T16924]  nf_hook_slow+0xc5/0x220
[  423.503561][T16924]  NF_HOOK+0x206/0x3a0
[  423.503578][T16924]  ? skb_orphan+0x4c/0xd0
[  423.503599][T16924]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  423.503617][T16924]  ? NF_HOOK+0x9a/0x3a0
[  423.503635][T16924]  ? __pfx_NF_HOOK+0x10/0x10
[  423.503657][T16924]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  423.503688][T16924]  __netif_receive_skb+0xd3/0x380
[  423.503721][T16924]  ? netif_receive_skb+0x115/0x790
[  423.503745][T16924]  netif_receive_skb+0x1cb/0x790
[  423.503769][T16924]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  423.503791][T16924]  ? __pfx_netif_receive_skb+0x10/0x10
[  423.503822][T16924]  ? tun_rx_batched+0x160/0x730
[  423.503850][T16924]  tun_rx_batched+0x1b9/0x730
[  423.503873][T16924]  ? __lock_acquire+0xab9/0xd20
[  423.503897][T16924]  ? __pfx_tun_rx_batched+0x10/0x10
[  423.503926][T16924]  ? tun_get_user+0x266c/0x3e20
[  423.503966][T16924]  tun_get_user+0x2aa2/0x3e20
[  423.504000][T16924]  ? tun_get_user+0x6f6/0x3e20
[  423.504025][T16924]  ? tun_get_user+0x266c/0x3e20
[  423.504056][T16924]  ? __pfx_tun_get_user+0x10/0x10
[  423.504082][T16924]  ? aa_file_perm+0x11f/0xed0
[  423.504103][T16924]  ? aa_file_perm+0x3e7/0xed0
[  423.504136][T16924]  ? ref_tracker_alloc+0x318/0x460
[  423.504159][T16924]  ? __lock_acquire+0xab9/0xd20
[  423.504179][T16924]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  423.504205][T16924]  ? tun_get+0x1c/0x2f0
[  423.504236][T16924]  ? tun_get+0x1c/0x2f0
[  423.504259][T16924]  ? tun_get+0x1c/0x2f0
[  423.504289][T16924]  tun_chr_write_iter+0x113/0x200
[  423.504316][T16924]  vfs_write+0x54b/0xa90
[  423.504346][T16924]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  423.504372][T16924]  ? __pfx_vfs_write+0x10/0x10
[  423.504406][T16924]  ? __fget_files+0x2a/0x420
[  423.504432][T16924]  ksys_write+0x145/0x250
[  423.504459][T16924]  ? __pfx_ksys_write+0x10/0x10
[  423.504489][T16924]  ? do_syscall_64+0xbe/0x3b0
[  423.504520][T16924]  do_syscall_64+0xfa/0x3b0
[  423.504544][T16924]  ? lockdep_hardirqs_on+0x9c/0x150
[  423.504569][T16924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.504587][T16924]  ? clear_bhb_loop+0x60/0xb0
[  423.504610][T16924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.504628][T16924] RIP: 0033:0x7feb1fd8d3df
[  423.504645][T16924] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  423.504661][T16924] RSP: 002b:00007feb20b80000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  423.504681][T16924] RAX: ffffffffffffffda RBX: 00007feb1ffb6080 RCX: 00007feb1fd8d3df
[  423.504694][T16924] RDX: 000000000000004e RSI: 0000200000000000 RDI: 00000000000000c8
[  423.504706][T16924] RBP: 00007feb20b80090 R08: 0000000000000000 R09: 0000000000000000
[  423.504718][T16924] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  423.504728][T16924] R13: 0000000000000001 R14: 00007feb1ffb6080 R15: 00007ffdcc781cd8
[  423.504759][T16924]  </TASK>
[  423.996688][T16928] FAULT_INJECTION: forcing a failure.
[  423.996688][T16928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.012002][T16928] CPU: 1 UID: 0 PID: 16928 Comm: syz.2.3606 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  424.012027][T16928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  424.012039][T16928] Call Trace:
[  424.012046][T16928]  <TASK>
[  424.012054][T16928]  dump_stack_lvl+0x189/0x250
[  424.012081][T16928]  ? __pfx____ratelimit+0x10/0x10
[  424.012107][T16928]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.012130][T16928]  ? __pfx__printk+0x10/0x10
[  424.012154][T16928]  ? __might_fault+0xb0/0x130
[  424.012189][T16928]  should_fail_ex+0x414/0x560
[  424.012213][T16928]  _copy_from_iter+0x1db/0x16f0
[  424.012247][T16928]  ? rcu_is_watching+0x15/0xb0
[  424.012270][T16928]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  424.012296][T16928]  ? __pfx__copy_from_iter+0x10/0x10
[  424.012320][T16928]  ? __build_skb_around+0x257/0x3e0
[  424.012343][T16928]  ? netlink_sendmsg+0x642/0xb30
[  424.012359][T16928]  ? skb_put+0x11b/0x210
[  424.012381][T16928]  netlink_sendmsg+0x6b2/0xb30
[  424.012406][T16928]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.012427][T16928]  ? aa_sock_msg_perm+0x94/0x160
[  424.012448][T16928]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  424.012465][T16928]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.012482][T16928]  __sock_sendmsg+0x21c/0x270
[  424.012511][T16928]  ____sys_sendmsg+0x505/0x830
[  424.012541][T16928]  ? __pfx_____sys_sendmsg+0x10/0x10
[  424.012571][T16928]  ? import_iovec+0x74/0xa0
[  424.012598][T16928]  ___sys_sendmsg+0x21f/0x2a0
[  424.012621][T16928]  ? __pfx____sys_sendmsg+0x10/0x10
[  424.012677][T16928]  ? __fget_files+0x2a/0x420
[  424.012693][T16928]  ? __fget_files+0x3a0/0x420
[  424.012719][T16928]  __x64_sys_sendmsg+0x19b/0x260
[  424.012743][T16928]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  424.012774][T16928]  ? __pfx_ksys_write+0x10/0x10
[  424.012795][T16928]  ? rcu_is_watching+0x15/0xb0
[  424.012822][T16928]  ? do_syscall_64+0xbe/0x3b0
[  424.012852][T16928]  do_syscall_64+0xfa/0x3b0
[  424.012894][T16928]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.012919][T16928]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.012937][T16928]  ? clear_bhb_loop+0x60/0xb0
[  424.012958][T16928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.012976][T16928] RIP: 0033:0x7feb1fd8e929
[  424.012992][T16928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.013009][T16928] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.013029][T16928] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  424.013043][T16928] RDX: 0000000000044000 RSI: 0000200000000540 RDI: 0000000000000003
[  424.013055][T16928] RBP: 00007feb20ba1090 R08: 0000000000000000 R09: 0000000000000000
[  424.013067][T16928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.013079][T16928] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  424.013108][T16928]  </TASK>
[  424.343294][T16930] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3607'.
[  424.413827][T16936] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input13
[  424.459260][T16941] FAULT_INJECTION: forcing a failure.
[  424.459260][T16941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  424.479451][T16941] CPU: 1 UID: 0 PID: 16941 Comm: syz.2.3611 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  424.479479][T16941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  424.479491][T16941] Call Trace:
[  424.479498][T16941]  <TASK>
[  424.479507][T16941]  dump_stack_lvl+0x189/0x250
[  424.479536][T16941]  ? __pfx____ratelimit+0x10/0x10
[  424.479564][T16941]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.479588][T16941]  ? __pfx__printk+0x10/0x10
[  424.479614][T16941]  ? __might_fault+0xb0/0x130
[  424.479652][T16941]  should_fail_ex+0x414/0x560
[  424.479677][T16941]  _copy_from_iter+0x1db/0x16f0
[  424.479709][T16941]  ? rcu_is_watching+0x15/0xb0
[  424.479734][T16941]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  424.479762][T16941]  ? __pfx__copy_from_iter+0x10/0x10
[  424.479787][T16941]  ? __build_skb_around+0x257/0x3e0
[  424.479811][T16941]  ? netlink_sendmsg+0x642/0xb30
[  424.479829][T16941]  ? skb_put+0x11b/0x210
[  424.479853][T16941]  netlink_sendmsg+0x6b2/0xb30
[  424.479882][T16941]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.479903][T16941]  ? aa_sock_msg_perm+0x94/0x160
[  424.479926][T16941]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  424.479947][T16941]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.479966][T16941]  __sock_sendmsg+0x21c/0x270
[  424.479996][T16941]  ____sys_sendmsg+0x505/0x830
[  424.480025][T16941]  ? __pfx_____sys_sendmsg+0x10/0x10
[  424.480058][T16941]  ? import_iovec+0x74/0xa0
[  424.480088][T16941]  ___sys_sendmsg+0x21f/0x2a0
[  424.480120][T16941]  ? __pfx____sys_sendmsg+0x10/0x10
[  424.480181][T16941]  ? __fget_files+0x2a/0x420
[  424.480198][T16941]  ? __fget_files+0x3a0/0x420
[  424.480226][T16941]  __x64_sys_sendmsg+0x19b/0x260
[  424.480252][T16941]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  424.480285][T16941]  ? __pfx_ksys_write+0x10/0x10
[  424.480308][T16941]  ? rcu_is_watching+0x15/0xb0
[  424.480336][T16941]  ? do_syscall_64+0xbe/0x3b0
[  424.480369][T16941]  do_syscall_64+0xfa/0x3b0
[  424.480395][T16941]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.480421][T16941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.480441][T16941]  ? clear_bhb_loop+0x60/0xb0
[  424.480464][T16941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.480483][T16941] RIP: 0033:0x7feb1fd8e929
[  424.480510][T16941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.480526][T16941] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.480546][T16941] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  424.480559][T16941] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000003
[  424.480571][T16941] RBP: 00007feb20ba1090 R08: 0000000000000000 R09: 0000000000000000
[  424.480583][T16941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.480594][T16941] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  424.480624][T16941]  </TASK>
[  425.028388][T16956] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3619'.
[  425.045245][T16956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3619'.
[  425.054471][T16956] netlink: 'syz.3.3619': attribute type 1 has an invalid length.
[  425.075973][T16956] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3619'.
[  425.085256][T16959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3616'.
[  425.502839][T16982] syzkaller0: entered promiscuous mode
[  425.516318][T16982] syzkaller0: entered allmulticast mode
[  425.528290][T16982] netlink: 'syz.4.3627': attribute type 9 has an invalid length.
[  426.919486][T17027] syzkaller0: entered promiscuous mode
[  426.945331][T17027] syzkaller0: entered allmulticast mode
[  428.523875][T17041] macvlan2: entered promiscuous mode
[  428.539478][T17041] bond0: entered promiscuous mode
[  428.561850][T17041] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  428.618941][T17070] netlink: 'syz.3.3654': attribute type 11 has an invalid length.
[  428.633626][T17070] __nla_validate_parse: 3 callbacks suppressed
[  428.633641][T17070] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3654'.
[  428.653712][T17072] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14
[  428.890627][T17086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3659'.
[  428.938413][T17086] xt_CT: You must specify a L4 protocol and not use inversions on it
[  429.323653][T17107] syzkaller0: entered promiscuous mode
[  429.329183][T17107] syzkaller0: entered allmulticast mode
[  430.889122][T17133] tipc: Started in network mode
[  430.915072][T17133] tipc: Node identity 8, cluster identity 5
[  430.949827][T17133] tipc: Node number set to 8
[  431.032736][T17138] pimreg: entered allmulticast mode
[  431.038781][T17138] pimreg: left allmulticast mode
[  431.132618][T17147] syz.2.3677: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  431.145229][T17151] FAULT_INJECTION: forcing a failure.
[  431.145229][T17151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.146458][T17151] 
[  431.146468][T17151] ======================================================
[  431.146478][T17151] WARNING: possible circular locking dependency detected
[  431.146493][T17151] 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 Not tainted
[  431.146505][T17151] ------------------------------------------------------
[  431.146514][T17151] syz.4.3678/17151 is trying to acquire lock:
[  431.146527][T17151] ffffffff8e133380 (console_owner){-.-.}-{0:0}, at: vprintk_emit+0x444/0x7a0
[  431.146590][T17151] 
[  431.146590][T17151] but task is already holding lock:
[  431.146598][T17151] ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  431.146646][T17151] 
[  431.146646][T17151] which lock already depends on the new lock.
[  431.146646][T17151] 
[  431.146654][T17151] 
[  431.146654][T17151] the existing dependency chain (in reverse order) is:
[  431.146662][T17151] 
[  431.146662][T17151] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  431.146691][T17151]        lock_acquire+0x120/0x360
[  431.146711][T17151]        _raw_spin_lock_nested+0x32/0x50
[  431.146738][T17151]        raw_spin_rq_lock_nested+0x2a/0x140
[  431.146759][T17151]        task_rq_lock+0xbc/0x470
[  431.146778][T17151]        cgroup_move_task+0x9a/0x590
[  431.146802][T17151]        css_set_move_task+0x658/0x9e0
[  431.146844][T17151]        cgroup_post_fork+0x1ef/0x790
[  431.146870][T17151]        copy_process+0x37e6/0x3b80
[  431.146894][T17151]        kernel_clone+0x21e/0x870
[  431.146919][T17151]        user_mode_thread+0xdd/0x140
[  431.146945][T17151]        rest_init+0x23/0x300
[  431.146966][T17151]        start_kernel+0x47d/0x500
[  431.146996][T17151]        x86_64_start_reservations+0x24/0x30
[  431.147021][T17151]        x86_64_start_kernel+0x143/0x1c0
[  431.147045][T17151]        common_startup_64+0x13e/0x147
[  431.147073][T17151] 
[  431.147073][T17151] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  431.147101][T17151]        lock_acquire+0x120/0x360
[  431.147122][T17151]        _raw_spin_lock_irqsave+0xa7/0xf0
[  431.147148][T17151]        try_to_wake_up+0x6e/0x1290
[  431.147175][T17151]        __wake_up_common_lock+0x137/0x1f0
[  431.147205][T17151]        tty_port_default_wakeup+0xa2/0xf0
[  431.147238][T17151]        serial8250_tx_chars+0x72e/0x970
[  431.147266][T17151]        serial8250_handle_irq+0x633/0xbb0
[  431.147293][T17151]        serial8250_default_handle_irq+0xbf/0x1b0
[  431.147310][T17151]        serial8250_interrupt+0xa5/0x1d0
[  431.147331][T17151]        __handle_irq_event_percpu+0x28c/0x980
[  431.147358][T17151]        handle_irq_event+0x8b/0x1e0
[  431.147383][T17151]        handle_edge_irq+0x267/0x9c0
[  431.147405][T17151]        __common_interrupt+0x140/0x250
[  431.147421][T17151]        common_interrupt+0xb6/0xe0
[  431.147439][T17151]        asm_common_interrupt+0x26/0x40
[  431.147452][T17151]        pv_native_safe_halt+0x13/0x20
[  431.147471][T17151]        default_idle+0x13/0x20
[  431.147483][T17151]        default_idle_call+0x74/0xb0
[  431.147496][T17151]        do_idle+0x1e8/0x510
[  431.147511][T17151]        cpu_startup_entry+0x44/0x60
[  431.147527][T17151]        rest_init+0x2de/0x300
[  431.147540][T17151]        start_kernel+0x47d/0x500
[  431.147566][T17151]        x86_64_start_reservations+0x24/0x30
[  431.147583][T17151]        x86_64_start_kernel+0x143/0x1c0
[  431.147599][T17151]        common_startup_64+0x13e/0x147
[  431.147618][T17151] 
[  431.147618][T17151] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  431.147638][T17151]        lock_acquire+0x120/0x360
[  431.147652][T17151]        _raw_spin_lock_irqsave+0xa7/0xf0
[  431.147669][T17151]        __wake_up_common_lock+0x2f/0x1f0
[  431.147689][T17151]        tty_port_default_wakeup+0xa2/0xf0
[  431.147710][T17151]        serial8250_tx_chars+0x72e/0x970
[  431.147729][T17151]        serial8250_handle_irq+0x633/0xbb0
[  431.147748][T17151]        serial8250_default_handle_irq+0xbf/0x1b0
[  431.147762][T17151]        serial8250_interrupt+0xa5/0x1d0
[  431.147778][T17151]        __handle_irq_event_percpu+0x28c/0x980
[  431.147797][T17151]        handle_irq_event+0x8b/0x1e0
[  431.147816][T17151]        handle_edge_irq+0x267/0x9c0
[  431.147832][T17151]        __common_interrupt+0x140/0x250
[  431.147844][T17151]        common_interrupt+0xb6/0xe0
[  431.147858][T17151]        asm_common_interrupt+0x26/0x40
[  431.147871][T17151]        pv_native_safe_halt+0x13/0x20
[  431.147889][T17151]        default_idle+0x13/0x20
[  431.147901][T17151]        default_idle_call+0x74/0xb0
[  431.147913][T17151]        do_idle+0x1e8/0x510
[  431.147928][T17151]        cpu_startup_entry+0x44/0x60
[  431.147944][T17151]        rest_init+0x2de/0x300
[  431.147957][T17151]        start_kernel+0x47d/0x500
[  431.147977][T17151]        x86_64_start_reservations+0x24/0x30
[  431.147994][T17151]        x86_64_start_kernel+0x143/0x1c0
[  431.148010][T17151]        common_startup_64+0x13e/0x147
[  431.148040][T17151] 
[  431.148040][T17151] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  431.148058][T17151]        lock_acquire+0x120/0x360
[  431.148070][T17151]        _raw_spin_lock_irqsave+0xa7/0xf0
[  431.148086][T17151]        serial8250_console_write+0x17e/0x1ba0
[  431.148105][T17151]        console_flush_all+0x728/0xc40
[  431.148122][T17151]        console_unlock+0xc4/0x270
[  431.148137][T17151]        vprintk_emit+0x5b7/0x7a0
[  431.148152][T17151]        _printk+0xcf/0x120
[  431.148169][T17151]        register_console+0xa8b/0xf90
[  431.148186][T17151]        univ8250_console_init+0x52/0x90
[  431.148200][T17151]        console_init+0x1a1/0x670
[  431.148214][T17151]        start_kernel+0x2cc/0x500
[  431.148233][T17151]        x86_64_start_reservations+0x24/0x30
[  431.148248][T17151]        x86_64_start_kernel+0x143/0x1c0
[  431.148264][T17151]        common_startup_64+0x13e/0x147
[  431.148281][T17151] 
[  431.148281][T17151] -> #0 (console_owner){-.-.}-{0:0}:
[  431.148299][T17151]        validate_chain+0xb9b/0x2140
[  431.148316][T17151]        __lock_acquire+0xab9/0xd20
[  431.148345][T17151]        lock_acquire+0x120/0x360
[  431.148358][T17151]        vprintk_emit+0x460/0x7a0
[  431.148374][T17151]        _printk+0xcf/0x120
[  431.148391][T17151]        should_fail_ex+0x3f5/0x560
[  431.148404][T17151]        strncpy_from_user+0x36/0x290
[  431.148424][T17151]        strncpy_from_user_nofault+0x72/0x150
[  431.148440][T17151]        bpf_probe_read_compat_str+0xe2/0x180
[  431.148456][T17151]        bpf_prog_c1796171ffc7efef+0x3e/0x44
[  431.148468][T17151]        bpf_trace_run4+0x28b/0x4a0
[  431.148487][T17151]        __bpf_trace_sched_switch+0x17a/0x1e0
[  431.148508][T17151]        __traceiter_sched_switch+0x9d/0xd0
[  431.148527][T17151]        __schedule+0x2328/0x4d00
[  431.148545][T17151]        schedule+0x165/0x360
[  431.148566][T17151]        schedule_preempt_disabled+0x13/0x30
[  431.148585][T17151]        __mutex_lock+0x724/0xe80
[  431.148605][T17151]        dev_ethtool+0x1d0/0x19b0
[  431.148620][T17151]        dev_ioctl+0x392/0x1150
[  431.148639][T17151]        sock_do_ioctl+0x22c/0x300
[  431.148658][T17151]        sock_ioctl+0x576/0x790
[  431.148675][T17151]        __se_sys_ioctl+0xfc/0x170
[  431.148691][T17151]        do_syscall_64+0xfa/0x3b0
[  431.148711][T17151]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.148725][T17151] 
[  431.148725][T17151] other info that might help us debug this:
[  431.148725][T17151] 
[  431.148730][T17151] Chain exists of:
[  431.148730][T17151]   console_owner --> &p->pi_lock --> &rq->__lock
[  431.148730][T17151] 
[  431.148752][T17151]  Possible unsafe locking scenario:
[  431.148752][T17151] 
[  431.148757][T17151]        CPU0                    CPU1
[  431.148762][T17151]        ----                    ----
[  431.148767][T17151]   lock(&rq->__lock);
[  431.148776][T17151]                                lock(&p->pi_lock);
[  431.148787][T17151]                                lock(&rq->__lock);
[  431.148797][T17151]   lock(console_owner);
[  431.148807][T17151] 
[  431.148807][T17151]  *** DEADLOCK ***
[  431.148807][T17151] 
[  431.148812][T17151] 3 locks held by syz.4.3678/17151:
[  431.148821][T17151]  #0: ffffffff8f51e988 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x19b0
[  431.148866][T17151]  #1: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  431.148898][T17151]  #2: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
[  431.148934][T17151] 
[  431.148934][T17151] stack backtrace:
[  431.148942][T17151] CPU: 0 UID: 0 PID: 17151 Comm: syz.4.3678 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  431.148958][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.148967][T17151] Call Trace:
[  431.148973][T17151]  <TASK>
[  431.148979][T17151]  dump_stack_lvl+0x189/0x250
[  431.148997][T17151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.149013][T17151]  ? __pfx__printk+0x10/0x10
[  431.149032][T17151]  ? print_lock_name+0xde/0x100
[  431.149052][T17151]  print_circular_bug+0x2ee/0x310
[  431.149071][T17151]  check_noncircular+0x134/0x160
[  431.149091][T17151]  validate_chain+0xb9b/0x2140
[  431.149118][T17151]  __lock_acquire+0xab9/0xd20
[  431.149134][T17151]  ? vprintk_emit+0x444/0x7a0
[  431.149150][T17151]  lock_acquire+0x120/0x360
[  431.149164][T17151]  ? vprintk_emit+0x444/0x7a0
[  431.149183][T17151]  ? do_raw_spin_unlock+0x122/0x240
[  431.149202][T17151]  ? vprintk_emit+0x444/0x7a0
[  431.149219][T17151]  vprintk_emit+0x460/0x7a0
[  431.149235][T17151]  ? vprintk_emit+0x444/0x7a0
[  431.149253][T17151]  ? __pfx_vprintk_emit+0x10/0x10
[  431.149272][T17151]  ? trace_event_raw_event_bpf_trace_printk+0x187/0x260
[  431.149291][T17151]  ? __pfx_trace_event_raw_event_bpf_trace_printk+0x10/0x10
[  431.149314][T17151]  _printk+0xcf/0x120
[  431.149330][T17151]  ? __pfx____ratelimit+0x10/0x10
[  431.149350][T17151]  ? __pfx__printk+0x10/0x10
[  431.149369][T17151]  ? bpf_trace_run1+0x181/0x4b0
[  431.149390][T17151]  should_fail_ex+0x3f5/0x560
[  431.149404][T17151]  strncpy_from_user+0x36/0x290
[  431.149426][T17151]  strncpy_from_user_nofault+0x72/0x150
[  431.149442][T17151]  bpf_probe_read_compat_str+0xe2/0x180
[  431.149459][T17151]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  431.149471][T17151]  bpf_trace_run4+0x28b/0x4a0
[  431.149490][T17151]  ? bpf_trace_run4+0x19c/0x4a0
[  431.149509][T17151]  ? __pfx_bpf_trace_run4+0x10/0x10
[  431.149527][T17151]  ? kvm_sched_clock_read+0x11/0x20
[  431.149546][T17151]  ? sched_clock_cpu+0x74/0x430
[  431.149567][T17151]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  431.149588][T17151]  __bpf_trace_sched_switch+0x17a/0x1e0
[  431.149608][T17151]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  431.149626][T17151]  ? trace_save_cmdline+0x35b/0x500
[  431.149645][T17151]  ? rcu_read_lock_sched_held+0x89/0x100
[  431.149662][T17151]  ? __pfx_trace_save_cmdline+0x10/0x10
[  431.149681][T17151]  ? psi_task_switch+0x39a/0x6d0
[  431.149705][T17151]  ? tracing_record_taskinfo_sched_switch+0x274/0x370
[  431.149727][T17151]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  431.149746][T17151]  __traceiter_sched_switch+0x9d/0xd0
[  431.149767][T17151]  __schedule+0x2328/0x4d00
[  431.149789][T17151]  ? __lock_acquire+0xab9/0xd20
[  431.149803][T17151]  ? schedule+0x165/0x360
[  431.149821][T17151]  ? __pfx___schedule+0x10/0x10
[  431.149844][T17151]  ? schedule+0x91/0x360
[  431.149862][T17151]  schedule+0x165/0x360
[  431.149880][T17151]  schedule_preempt_disabled+0x13/0x30
[  431.149898][T17151]  __mutex_lock+0x724/0xe80
[  431.149917][T17151]  ? __mutex_lock+0x51b/0xe80
[  431.149939][T17151]  ? dev_ethtool+0x1d0/0x19b0
[  431.149954][T17151]  ? __pfx___mutex_lock+0x10/0x10
[  431.149976][T17151]  ? __kasan_kmalloc+0x93/0xb0
[  431.149995][T17151]  ? dev_ethtool+0x126/0x19b0
[  431.150011][T17151]  dev_ethtool+0x1d0/0x19b0
[  431.150026][T17151]  ? __lock_acquire+0xab9/0xd20
[  431.150042][T17151]  ? __pfx_dev_ethtool+0x10/0x10
[  431.150060][T17151]  ? dev_load+0x21/0x1f0
[  431.150079][T17151]  ? dev_load+0x21/0x1f0
[  431.150098][T17151]  dev_ioctl+0x392/0x1150
[  431.150119][T17151]  sock_do_ioctl+0x22c/0x300
[  431.150138][T17151]  ? __pfx_sock_do_ioctl+0x10/0x10
[  431.150154][T17151]  ? __lock_acquire+0xab9/0xd20
[  431.150173][T17151]  sock_ioctl+0x576/0x790
[  431.150191][T17151]  ? __pfx_sock_ioctl+0x10/0x10
[  431.150208][T17151]  ? __fget_files+0x2a/0x420
[  431.150220][T17151]  ? __fget_files+0x3a0/0x420
[  431.150231][T17151]  ? __fget_files+0x2a/0x420
[  431.150243][T17151]  ? bpf_lsm_file_ioctl+0x9/0x20
[  431.150260][T17151]  ? __pfx_sock_ioctl+0x10/0x10
[  431.150277][T17151]  __se_sys_ioctl+0xfc/0x170
[  431.150294][T17151]  do_syscall_64+0xfa/0x3b0
[  431.150314][T17151]  ? lockdep_hardirqs_on+0x9c/0x150
[  431.150332][T17151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.150345][T17151]  ? clear_bhb_loop+0x60/0xb0
[  431.150361][T17151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.150374][T17151] RIP: 0033:0x7fa87d98e929
[  431.150385][T17151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.150398][T17151] RSP: 002b:00007fa87e8e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  431.150412][T17151] RAX: ffffffffffffffda RBX: 00007fa87dbb5fa0 RCX: 00007fa87d98e929
[  431.150423][T17151] RDX: 00002000000001c0 RSI: 0000000000008946 RDI: 0000000000000003
[  431.150433][T17151] RBP: 00007fa87e8e2090 R08: 0000000000000000 R09: 0000000000000000
[  431.150441][T17151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.150450][T17151] R13: 0000000000000000 R14: 00007fa87dbb5fa0 R15: 00007ffc0a847988
[  431.150466][T17151]  </TASK>
[  432.423335][T17151] CPU: 0 UID: 0 PID: 17151 Comm: syz.4.3678 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  432.423356][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.423365][T17151] Call Trace:
[  432.423373][T17151]  <TASK>
[  432.423382][T17151]  dump_stack_lvl+0x189/0x250
[  432.423402][T17151]  ? __pfx____ratelimit+0x10/0x10
[  432.423422][T17151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.423438][T17151]  ? __pfx__printk+0x10/0x10
[  432.423458][T17151]  ? bpf_trace_run1+0x181/0x4b0
[  432.423479][T17151]  should_fail_ex+0x414/0x560
[  432.423495][T17151]  strncpy_from_user+0x36/0x290
[  432.423517][T17151]  strncpy_from_user_nofault+0x72/0x150
[  432.423535][T17151]  bpf_probe_read_compat_str+0xe2/0x180
[  432.423553][T17151]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  432.423566][T17151]  bpf_trace_run4+0x28b/0x4a0
[  432.423585][T17151]  ? bpf_trace_run4+0x19c/0x4a0
[  432.423605][T17151]  ? __pfx_bpf_trace_run4+0x10/0x10
[  432.423623][T17151]  ? kvm_sched_clock_read+0x11/0x20
[  432.423641][T17151]  ? sched_clock_cpu+0x74/0x430
[  432.423658][T17151]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  432.423679][T17151]  __bpf_trace_sched_switch+0x17a/0x1e0
[  432.423700][T17151]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  432.423718][T17151]  ? trace_save_cmdline+0x35b/0x500
[  432.423736][T17151]  ? rcu_read_lock_sched_held+0x89/0x100
[  432.423753][T17151]  ? __pfx_trace_save_cmdline+0x10/0x10
[  432.423771][T17151]  ? psi_task_switch+0x39a/0x6d0
[  432.423790][T17151]  ? tracing_record_taskinfo_sched_switch+0x274/0x370
[  432.423809][T17151]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  432.423828][T17151]  __traceiter_sched_switch+0x9d/0xd0
[  432.423849][T17151]  __schedule+0x2328/0x4d00
[  432.423872][T17151]  ? __lock_acquire+0xab9/0xd20
[  432.423886][T17151]  ? schedule+0x165/0x360
[  432.423905][T17151]  ? __pfx___schedule+0x10/0x10
[  432.423928][T17151]  ? schedule+0x91/0x360
[  432.423946][T17151]  schedule+0x165/0x360
[  432.423963][T17151]  schedule_preempt_disabled+0x13/0x30
[  432.423981][T17151]  __mutex_lock+0x724/0xe80
[  432.424001][T17151]  ? __mutex_lock+0x51b/0xe80
[  432.424022][T17151]  ? dev_ethtool+0x1d0/0x19b0
[  432.424039][T17151]  ? __pfx___mutex_lock+0x10/0x10
[  432.424061][T17151]  ? __kasan_kmalloc+0x93/0xb0
[  432.424080][T17151]  ? dev_ethtool+0x126/0x19b0
[  432.424096][T17151]  dev_ethtool+0x1d0/0x19b0
[  432.424112][T17151]  ? __lock_acquire+0xab9/0xd20
[  432.424127][T17151]  ? __pfx_dev_ethtool+0x10/0x10
[  432.424145][T17151]  ? dev_load+0x21/0x1f0
[  432.424165][T17151]  ? dev_load+0x21/0x1f0
[  432.424184][T17151]  dev_ioctl+0x392/0x1150
[  432.424214][T17151]  sock_do_ioctl+0x22c/0x300
[  432.424238][T17151]  ? __pfx_sock_do_ioctl+0x10/0x10
[  432.424255][T17151]  ? __lock_acquire+0xab9/0xd20
[  432.424274][T17151]  sock_ioctl+0x576/0x790
[  432.424292][T17151]  ? __pfx_sock_ioctl+0x10/0x10
[  432.424309][T17151]  ? __fget_files+0x2a/0x420
[  432.424320][T17151]  ? __fget_files+0x3a0/0x420
[  432.424331][T17151]  ? __fget_files+0x2a/0x420
[  432.424344][T17151]  ? bpf_lsm_file_ioctl+0x9/0x20
[  432.424361][T17151]  ? __pfx_sock_ioctl+0x10/0x10
[  432.424377][T17151]  __se_sys_ioctl+0xfc/0x170
[  432.424405][T17151]  do_syscall_64+0xfa/0x3b0
[  432.424424][T17151]  ? lockdep_hardirqs_on+0x9c/0x150
[  432.424441][T17151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.424454][T17151]  ? clear_bhb_loop+0x60/0xb0
[  432.424468][T17151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.424481][T17151] RIP: 0033:0x7fa87d98e929
[  432.424494][T17151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.424506][T17151] RSP: 002b:00007fa87e8e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  432.424520][T17151] RAX: ffffffffffffffda RBX: 00007fa87dbb5fa0 RCX: 00007fa87d98e929
[  432.424530][T17151] RDX: 00002000000001c0 RSI: 0000000000008946 RDI: 0000000000000003
[  432.424539][T17151] RBP: 00007fa87e8e2090 R08: 0000000000000000 R09: 0000000000000000
[  432.424547][T17151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.424556][T17151] R13: 0000000000000000 R14: 00007fa87dbb5fa0 R15: 00007ffc0a847988
[  432.424571][T17151]  </TASK>
[  432.436830][T17147] CPU: 1 UID: 0 PID: 17147 Comm: syz.2.3677 Not tainted 6.16.0-rc5-syzkaller-01485-g8a2a6bb01664 #0 PREEMPT(full) 
[  432.436868][T17147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.436885][T17147] Call Trace:
[  432.436895][T17147]  <TASK>
[  432.436904][T17147]  dump_stack_lvl+0x189/0x250
[  432.436943][T17147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.436972][T17147]  ? __pfx__printk+0x10/0x10
[  432.437005][T17147]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  432.437036][T17147]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  432.437069][T17147]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  432.437103][T17147]  warn_alloc+0x214/0x310
[  432.437124][T17147]  ? stack_depot_save_flags+0x40/0x900
[  432.437152][T17147]  ? __pfx_warn_alloc+0x10/0x10
[  432.437176][T17147]  ? kasan_save_track+0x4f/0x80
[  432.437206][T17147]  ? xskq_create+0x56/0x170
[  432.437236][T17147]  ? xsk_init_queue+0xb0/0x110
[  432.437264][T17147]  ? xsk_setsockopt+0x4dc/0x8d0
[  432.437292][T17147]  ? do_sock_setsockopt+0x179/0x1b0
[  432.437316][T17147]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  432.437346][T17147]  ? do_syscall_64+0xfa/0x3b0
[  432.437380][T17147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.437409][T17147]  __vmalloc_node_range_noprof+0x125/0x12f0
[  432.437465][T17147]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  432.437514][T17147]  ? __kasan_kmalloc+0x93/0xb0
[  432.437549][T17147]  vmalloc_user_noprof+0xad/0xf0
[  432.437585][T17147]  ? xskq_create+0xbf/0x170
[  432.437616][T17147]  xskq_create+0xbf/0x170
[  432.437650][T17147]  xsk_init_queue+0xb0/0x110
[  432.437682][T17147]  xsk_setsockopt+0x4dc/0x8d0
[  432.437725][T17147]  ? __pfx_xsk_setsockopt+0x10/0x10
[  432.437753][T17147]  ? __pfx_aa_sk_perm+0x10/0x10
[  432.437791][T17147]  ? aa_sock_opt_perm+0x74/0x110
[  432.437816][T17147]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  432.437841][T17147]  ? __pfx_xsk_setsockopt+0x10/0x10
[  432.437882][T17147]  do_sock_setsockopt+0x179/0x1b0
[  432.437909][T17147]  __x64_sys_setsockopt+0x13f/0x1b0
[  432.437935][T17147]  do_syscall_64+0xfa/0x3b0
[  432.437964][T17147]  ? lockdep_hardirqs_on+0x9c/0x150
[  432.437994][T17147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.438016][T17147]  ? clear_bhb_loop+0x60/0xb0
[  432.438039][T17147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.438061][T17147] RIP: 0033:0x7feb1fd8e929
[  432.438080][T17147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.438100][T17147] RSP: 002b:00007feb20ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  432.438123][T17147] RAX: ffffffffffffffda RBX: 00007feb1ffb5fa0 RCX: 00007feb1fd8e929
[  432.438139][T17147] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  432.438154][T17147] RBP: 00007feb1fe10ca1 R08: 0000000000000004 R09: 0000000000000000
[  432.438168][T17147] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  432.438182][T17147] R13: 0000000000000000 R14: 00007feb1ffb5fa0 R15: 00007ffdcc781cd8
[  432.438207][T17147]  </TASK>
[  432.438463][T17147] Mem-Info:
[  432.468938][   T12] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  433.147730][T17147] active_anon:19536 inactive_anon:0 isolated_anon:0
[  433.147730][T17147]  active_file:2567 inactive_file:39976 isolated_file:0
[  433.147730][T17147]  unevictable:768 dirty:394 writeback:0
[  433.147730][T17147]  slab_reclaimable:12210 slab_unreclaimable:140466
[  433.147730][T17147]  mapped:35445 shmem:1490 pagetables:1231
[  433.147730][T17147]  sec_pagetables:0 bounce:0
[  433.147730][T17147]  kernel_misc_reclaimable:0
[  433.147730][T17147]  free:1272771 free_pcp:14219 free_cma:0
[  433.198916][T17147] Node 0 active_anon:78144kB inactive_anon:0kB active_file:10268kB inactive_file:159696kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141780kB dirty:1572kB writeback:0kB shmem:4424kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14400kB pagetables:4768kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  433.203208][T17150] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  433.242665][T17147] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  433.275075][T17147] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  433.304375][T17147] lowmem_reserve[]: 0 2498 2500 2500 2500
[  433.310390][T17147] Node 0 DMA32 free:1171520kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:78000kB inactive_anon:0kB active_file:10268kB inactive_file:158116kB unevictable:1536kB writepending:1568kB present:3129332kB managed:2558376kB mlocked:0kB bounce:0kB free_pcp:42212kB local_pcp:21660kB free_cma:0kB
[  433.342820][T17147] lowmem_reserve[]: 0 0 1 1 1
[  433.347806][T17147] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  433.377332][T17147] lowmem_reserve[]: 0 0 0 0 0
[  433.382254][T17147] Node 1 Normal free:3904320kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14368kB local_pcp:6432kB free_cma:0kB
[  433.413470][T17147] lowmem_reserve[]: 0 0 0 0 0
[  433.418307][T17147] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  433.431344][T17147] Node 0 DMA32: 1650*4kB (UME) 1129*8kB (UME) 323*16kB (UME) 114*32kB (UM) 99*64kB (UME) 39*128kB (UME) 165*256kB (UM) 162*512kB (UM) 103*1024kB (UM) 54*2048kB (UME) 194*4096kB (UM) = 1171648kB
[  433.450630][T17147] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  433.463028][T17147] Node 1 Normal: 202*4kB (UME) 55*8kB (UME) 54*16kB (UME) 194*32kB (UME) 71*64kB (UME) 12*128kB (UME) 3*256kB (UM) 4*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 948*4096kB (M) = 3904320kB
[  433.482167][T17147] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  433.492528][T17147] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  433.502402][T17147] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  433.512277][T17147] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  433.521668][T17147] 44029 total pagecache pages
[  433.526372][T17147] 0 pages in swap cache
[  433.530755][T17147] Free swap  = 124996kB
[  433.535018][T17147] Total swap = 124996kB
[  433.539252][T17147] 2097051 pages RAM
[  433.543267][T17147] 0 pages HighMem/MovableOnly
[  433.547941][T17147] 425415 pages reserved
[  433.552508][T17147] 0 pages cma reserved
[  433.680702][   T12] erspan0: left promiscuous mode