last executing test programs:

30.835854198s ago: executing program 1 (id=6055):
r0 = socket$netlink(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
syz_genetlink_get_family_id$fou(&(0x7f0000000380), r0) (async)
connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0x8000) (async)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5f8, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (async)
connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in6=@mcast1, 0x0, 0x9, 0x0, 0x0, 0x2}, {0xffffdffffffffffc, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x2}}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@broadcast, 0x4, 0x3, 0x1, 0x0, 0xf000000}}, 0xe8)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010002000020000000002500000008000300", @ANYRES32=r6, @ANYBLOB="08002600b41400000a000600ffffffffffff000008003500000000000a00340001010101010100002800508009000100408922a0bd0000000800032900ac0f000500020002000000080007"], 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, 0x0, 0x1)
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) (async)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mtu(r7, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000200)=0x4) (async)
shutdown(r3, 0x1) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc240}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}}, 0x0) (async)
r9 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/ipc\x00')
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r9}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x80)

30.541034609s ago: executing program 1 (id=6060):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x884}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c8b37d382b9c520532beef103cd2ad288ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36e872dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000a200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800020d8}, 0x94)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

30.043282215s ago: executing program 0 (id=6069):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000007c0)={'gre0\x00', <r1=>0x0, 0x8000, 0x10, 0xffff, 0x316, {{0xf, 0x4, 0x1, 0x3, 0x3c, 0x68, 0x0, 0x7, 0x2f, 0x0, @empty, @remote, {[@lsrr={0x83, 0x1f, 0xf6, [@dev={0xac, 0x14, 0x14, 0x19}, @multicast2, @multicast1, @local, @empty, @broadcast, @dev={0xac, 0x14, 0x14, 0x42}]}, @end, @lsrr={0x83, 0x7, 0xf8, [@dev={0xac, 0x14, 0x14, 0x1b}]}, @noop]}}}}})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xe, 0x4, 0x208, 0x1, 0x0, 0xffffffffffffffff, 0xfffffffd, '\x00', r1, 0xffffffffffffffff, 0x0, 0x1, 0x2}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xb, 0x8, &(0x7f0000000180)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000000301010200000000000000000a00fffe0c001980080002002c080000100002800c0002"], 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800)
setsockopt$llc_int(r3, 0x10c, 0x9, &(0x7f0000000040), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0xfffffffffffffdf0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c000000090601030000000000000000020000000900020073797a310000000005000100070000002400078018000180140002400000004000007fff"], 0x4c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x141841, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x3, [@struct={0x3, 0x2, 0x0, 0x4, 0x0, 0x0, [{0x4, 0x5, 0x200}, {0x3, 0x4, 0xe633}]}]}, {0x0, [0x2e]}}, &(0x7f0000000180)=""/118, 0x3f, 0x76, 0x0, 0xd792}, 0x28)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x200000c, 0x30, r7, 0xa66d7000)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getpeername(r8, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000001, 0x110, 0xffffffffffffffff, 0x2ecd6000)
syz_extract_tcp_res(&(0x7f0000000240)={0x41424344, <r9=>0x41424344}, 0x4, 0xffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x4, 0x0, &(0x7f0000001680)="db6928e8"}, 0x50)
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x2, 0x2e, 0x3c, 0x65, 0x0, 0x2, 0x6, 0x0, @private=0xa010102, @remote, {[@timestamp_addr={0x44, 0xc, 0x9d, 0x1, 0x9, [{@broadcast, 0x898}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x4, 0x91, 0x1, 0x1}]}}, {{0x4e24, 0x4e23, 0x41424344, r9, 0x1, 0x0, 0x5, 0x8, 0xfffd, 0x0, 0x57}}}}}}, 0x0)
write$tun(r6, &(0x7f0000000300)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@igmp={{0x30, 0x4, 0x2, 0x1, 0x10e, 0x67, 0x7, 0xfb, 0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, {[@timestamp_addr={0x44, 0x34, 0x54, 0x1, 0x9, [{@broadcast, 0x9}, {@rand_addr=0x64010101, 0x5}, {@loopback}, {@dev={0xac, 0x14, 0x14, 0x36}, 0x7ff}, {@broadcast, 0xff}, {@multicast2, 0x8001}]}, @timestamp_prespec={0x44, 0x24, 0xb8, 0x3, 0xf, [{@rand_addr=0x64010102, 0x9}, {@loopback, 0x7}, {@loopback, 0x5}, {@multicast1, 0x4d84e9c2}]}, @cipso={0x86, 0x3c, 0xffffffffffffffff, [{0x1, 0x6, "ff772fce"}, {0x7, 0x3, "a0"}, {0x5, 0x7, "c91dadbcad"}, {0x7, 0xc, "b09dcdd8f6bd2feadc80"}, {0x0, 0xe, "ddb075d27ed501254f752a56"}, {0x0, 0x4, "1aec"}, {0x2, 0x8, "bb225e46f84f"}]}, @cipso={0x86, 0x17, 0x0, [{0x5, 0x7, "79956a2bf5"}, {0x6, 0xa, "78ce0d13f38a8ea2"}]}, @end]}}, {0x12, 0x4, 0x0, @loopback, "69c757f2b7548fe988f04a0683dabec0743997ff6d7d4dd3aebef23460debf86760a4830743d7fe65cc3b15e410a61cae7cec8b8e32b8d7e1fedddd8660bd6ed1114363b225a"}}}}, 0x11c)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$TUNGETDEVNETNS(r6, 0x54e3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

29.79314644s ago: executing program 0 (id=6073):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000304000000000000000006000000", @ANYRES32=0x0, @ANYBLOB="a5ffad8800000000280012800a00010063616e"], 0x48}}, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000000)={0x1, 0x5, 0x6})
setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000580)=[{0x1, 0x2, {0x0, 0xff, 0x2}, {0x0, 0x0, 0x2}, 0x2}], 0x20)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0x93872, 0xffffffffffffffff, 0xfffff000)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)

29.336333208s ago: executing program 1 (id=6078):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @private=0xa010102}}}]}, @CTA_TIMEOUT={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x40054}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

28.955504127s ago: executing program 0 (id=6081):
r0 = socket$inet6(0xa, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0x2, &(0x7f0000000100)=ANY=[@ANYRESDEC=r0], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x61}, 0x94)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000000)={'filter\x00', 0x0, [0x1, 0x3, 0x7, 0x1e1e, 0x80]}, &(0x7f0000000080)=0x54)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
close(0x3)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb}]}, &(0x7f0000000140)=0x10)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x84, 0x482, 0x0, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0x1, @private0, 0x7}, @in6={0xa, 0x0, 0x0, @private0, 0xfffffffd}], 0x38)

28.760951523s ago: executing program 1 (id=6083):
syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYRES32=0x0], 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)

28.614989522s ago: executing program 1 (id=6084):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x6, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000006d000000bf09000000000000b60901000000000065000600090000001801000020646c2500000000002020207b9af8ff000000002d9a00000000000034090000f8ffffffb702000008000000b70300000000000015000000060000003d93000000000000b5030000010000008500000076000000b70000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
syz_emit_ethernet(0x76, &(0x7f0000000340)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x1, @mcast2, @private2, [@dstopts={0x88, 0x0, '\x00', [@generic={0x6}]}]}}}}}}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040040}, 0x24000801) (async)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) (async, rerun: 32)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) (async, rerun: 32)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (async)
r4 = socket(0x10, 0x2, 0x0)
sendto$inet6(r4, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006020a0200000d0085a168d0bf46d32345653600648d27000b000a00070849935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160005000a0000000000e000e218d1dd3b6ed538f6523250", 0x78, 0x0, 0x0, 0xe0ffffff)

27.842241912s ago: executing program 0 (id=6087):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000880)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0xde88, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x4}, 0x50) (async)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000880)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0xde88, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x4}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x14, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd5}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1}, 0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000ac0)={'wg0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000ac0)={'wg0\x00', <r3=>0x0})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd8, 0xd8, 0xb, [@func={0xb, 0x0, 0x0, 0xc, 0x3}, @var={0x1, 0x0, 0x0, 0xe, 0x4, 0x1}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x5c, 0x0, 0x65, 0x6}, @struct={0x4, 0x8, 0x0, 0x4, 0x1, 0x5, [{0x2, 0x2, 0x78}, {0xd, 0x5, 0xc0000000}, {0x6, 0x0, 0xfffffff7}, {0xe, 0x0, 0x81}, {0xb, 0x4, 0x5}, {0xc, 0x4, 0xff}, {0xd, 0x5, 0xfffffffd}, {0xc, 0x0, 0x9c}]}, @float={0x2, 0x0, 0x0, 0x10, 0x2}, @enum={0xd, 0x5, 0x0, 0x6, 0x4, [{0x4, 0x8}, {0x2, 0x80000000}, {0x5, 0x5}, {0x3, 0x1}, {0x9, 0x2}]}]}, {0x0, [0x5f, 0x5f, 0x0, 0x2e, 0x0, 0x61, 0x5f, 0x30, 0x5f]}}, &(0x7f0000000c00)=""/93, 0xfb, 0x5d, 0x1, 0x7}, 0x28)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="18000000000000000000000003004000850000000700000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000a300000000000000f8a50a7c412d56365e4bb7e0ed5d84ad4e1ffc2456e4fc4019594cf61f6219b83a08650b1c2c2743b5f5074ccea9f279c51f632f713a6c1b56ae0a1a7039497022c5521d3ebb8045140f59499ef99794d46892476b99ec847b10a7c486bfcb6ce9515eac10764458aab0d9d8a060bea41ccf22d8ace08c21e54298f57f5fe4fca33b4ce6269370a280354811f505ee090fba56de8d560f5ff677e9fe9bc2c3b8ea4de0be4d02f1eb8313f7a4256f7e8ca6c56a2614adf04a6051"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000d80)=@generic={&(0x7f0000000d40)='./file0\x00', 0x0, 0x10}, 0x18)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r8, 0x0)
r9 = accept(r8, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x7fffffff}, 0x50) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x7fffffff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r10, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r9}, 0x47)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r11, &(0x7f0000000080)=ANY=[], 0x32600) (async)
write$cgroup_subtree(r11, &(0x7f0000000080)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r11, 0xffffd000)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x18, 0xf, &(0x7f0000001140)=ANY=[@ANYBLOB="9ddf826157f7d45b14f000000000000e00000000eb000018110000", @ANYRESHEX=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0xfe6a, 0x0, 0x0, 0x0}, 0xffffffd1)
ppoll(&(0x7f0000000500)=[{r12}], 0x1, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000dc0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0) (async)
r13 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000dc0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x26e1, 0x0) (async)
r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r14) (async)
close(r14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000f00)={0x2, 0x4, 0x8, 0x1, 0x80, r13, 0x8, '\x00', 0x0, r11, 0x3, 0x0, 0x2}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000e40)=@bpf_tracing={0x1a, 0x1c, &(0x7f0000000940)=@raw=[@map_idx_val={0x18, 0xb, 0x6, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x1, 0x2, 0x0, r14, 0x0, 0x0, 0x0, 0x7}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xc}}], &(0x7f0000000a40)='GPL\x00', 0x8, 0x37, &(0x7f0000000a80)=""/55, 0x41100, 0x24, '\x00', r3, 0x19, r4, 0x8, &(0x7f0000000cc0)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000d00)={0x4, 0x8, 0x623e, 0x8}, 0x10, 0x44f2, r6, 0x0, &(0x7f0000000e00)=[r7, r10, r11, r12, r13], 0x0, 0x10, 0x7}, 0x94)
r15 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0xe, 0x0)
recvmsg(r15, &(0x7f00000002c0)={&(0x7f00000000c0)=@caif=@dgm, 0x80, &(0x7f0000000780)=[{&(0x7f0000000140)=""/221, 0xdd}, {&(0x7f0000000240)=""/38, 0x26}, {&(0x7f00000003c0)=""/153, 0x99}, {&(0x7f0000000280)=""/28, 0x1c}, {&(0x7f0000000480)=""/220, 0xdc}, {&(0x7f0000000580)=""/107, 0x6b}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/137, 0x89}], 0x8, &(0x7f0000000800)=""/92, 0x5c}, 0x0)

26.933446013s ago: executing program 0 (id=6088):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x884}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c8b37d382b9c520532beef103cd2ad288ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36e872dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000a200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800020d8}, 0x94)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

25.516905091s ago: executing program 1 (id=6089):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='freezer.state\x00', 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7e}], 0x30}, 0x0)
sendmmsg$alg(r4, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001640)="553e12df315719c9cddfbe1f03774b1d49d6fc51d5b185", 0x17}, {&(0x7f0000001680)="33caaff65bbb49384ba3fa03220c730c8531786e424bfa1ee6d344e5ca70fa4e68f9ad2bd7a154c3da71f3d9548c", 0x2e}, {&(0x7f0000001700)="7082b8d45f4cc86d0267eabd24340e1911fe3ceeb757ca4a090897a00b8d106a8ceb5beaa118a5652769ec67e809e68ca18f0241349dc53502", 0x39}, {&(0x7f0000001880)="371f6caa2f6c27730337ec033b032851897cee7054e7e1e0702321a402356d2f7728fc212abddf577e94277f3d9ceea00b26d2cd0dc790b14423d5766bfd60897fa6b4a3e5bec0e118bc0934219dc3b4a8dce9c5223696b152635e6ca4761490d5832d84c80176a3b48e27cb64d7498ce458ec00afb5ceb41e55ee19e6ecdf", 0x7f}], 0x4}], 0x1, 0x840)
recvmsg(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/120, 0x78}, {&(0x7f0000000300)=""/149, 0x95}], 0x2}, 0x10001)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={<r5=>0x0, @in6={{0xa, 0x4e24, 0x6fb5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9d9e}}, 0x2, 0x6, 0x48ed, 0x7, 0xffff}, &(0x7f0000000100)=0x98)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r6, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r7, 0x84, 0x1, 0x0, &(0x7f0000000140))
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000280)={r5, 0x1}, 0x8)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x4, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x24, 0x9}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r9, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r9, &(0x7f0000000180)={0xa, 0x4e20, 0x7, @local, 0x5}, 0x1c)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000580)=<r12=>0x0)
sendmsg$NFC_CMD_SE_IO(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000000a6", @ANYRES16=r11, @ANYBLOB="010028bd7000fcdbdf251b00000008000100", @ANYRES32=r12, @ANYBLOB="08001500c000000005001900d8000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8880}, 0x0)

25.423755707s ago: executing program 0 (id=6092):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000000002010400000000000000000a0000b8b90004000180180003801400018008000100ac1e010108000200ac1414aa100008800c0002"], 0x40}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
r4 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000380)={0x11, @local, 0x4e24, 0x3, 'ovf\x00', 0x16, 0xffff, 0x7b}, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ADD(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYRES8=r6], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000)
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000680)={0x164, r6, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}]}, @TIPC_NLA_NODE={0xfc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd5e3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10}, @TIPC_NLA_NODE_ID={0xe2, 0x3, "a47306921ba6713b9dd89d0a0a038c6b0300fa30f428e84f3ff5d5bce47f8a7f0eefd66833afba9cefb2afde8046bb5d296bc919816e1d59d1319540fa793b4a554ee9ef6674de302fe03fa3edbee3abf842bd10b57a961341f0d439c6fad7f03dca3cf76ca8588bf53e42b0866b1251a5df1daf0016f7a07f012c06f253c7a4b5454b5fe279faf53d97299a81603e3fdc1730a9c7b39ed110bccfa316d0bcdd739bb5ba398956d2efa237ec911cc60ce96cb54dd0fbc36126454b5fec2fde1757336fea81540a5303761b90db2df09d80aee65debf00dffeb6d746fb8f3"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x800}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x48000}, 0x804)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x48f, &(0x7f0000000000)={0x11, @multicast1, 0x4e23, 0x0, 'lc\x00', 0x0, 0x6000000}, 0x2c)
r7 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0))
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r8, 0x0, 0x5}, 0x18)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
write$rfkill(r9, &(0x7f0000000000)={0x5, 0x0, 0x3, 0xfc}, 0x8)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000080))
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000002000))
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r10)
sendmmsg(r4, 0x0, 0x0, 0x240000d4)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="440000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000061000000180012800e00010069703667726574617000000000000000060001"], 0x44}}, 0x0)

20.002336782s ago: executing program 2 (id=6129):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x6, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffa}, [@ldst={0x9809318a4e48ddd4, 0x2, 0x4, 0x2, 0x9, 0xffffffffffffffff, 0xffffffffffffffff}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x100000d8}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp=0x25, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddb, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b40)=ANY=[@ANYBLOB="240000001800dd8d000000000000000002000000000000060000000008000b0007003e97272f8d8b6e0486b7dafb17376f3ef1f64a0706bd834451435ac429f3cb9390bc2b6b5b1f9c291403a6ab2f858df1319ba539209072606ce1483f37b8c1f25148a8d3e4a9d1808777c5c8aaf74400000000000000000000000000000000df3afc9b1cc14d591d8cbb4075f99cb421d45634466c4a4fb8a97d596199bcbccd235b9ed5f766c5f77bce7dce0a068328e95677b81d6e709596fc1401504862fefe5a79d7b995a843e427c42bfc5c7c1cc8e25a28153de46e7dccf5edd2917d0e756a6630ee38c0d3d95a9879d0cc2306f027beabef7339153455eb9d975ff42a642078d77a5bbed78c055406a0a4b4d16e5eea37a9a9aaecded998de7f8d518ffff2554f4640913e67b33a214b43d3e61f7c72756fafb7"], 0x24}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="50020000", @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c802400e73608000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c000b8008000a"], 0x250}}, 0x0)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r8=>0x0})
r9 = accept$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000300)=0x1c)
ioctl$AUTOFS_IOC_SETTIMEOUT(r9, 0x80049367, &(0x7f0000000340)=0x975)
connect$can_bcm(r7, &(0x7f0000001ff0)={0x1d, r8}, 0x10)
r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x812, r11, 0xffffd000)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x3, 0x0, 0x2, 0x2a019, 0x1, 0x1, '\x00', r8, r10, 0x1, 0x5, 0x5, 0xa, @value=r0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r12, <r13=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ffff0018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x8, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0xd}, 0x94)

19.681008285s ago: executing program 2 (id=6131):
r0 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYRESHEX=r0], 0x48)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='memory.stat\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
ioctl$TUNGETVNETLE(r2, 0x4010744d, &(0x7f0000000180))
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18040000399d0000000000000000010095000000000000001ce904a7f01f9e10cef52fb2257c6f4050b65865028664eb0e7f3ea28a3b0c8eceaf6aad4642a488f022c487c57e284fad49191da1c672df25cc312a11d5acbbfe5601b585210e92961f429372df749d24fca52018b0dc794afeedda3a2e7a5e183597ea1c8652cafa59702687d8c55674db6d97d6946dab86689ed034a9d3e82a021654efea64386cd18e6973bff66e364b2d855b85c2eb919943e8c9f987311e870cf252ec4557ca450336b64dd8e41e7b88556a929c900b7a15833afc6ac980"], &(0x7f0000000300)='GPL\x00', 0x9, 0xff7, &(0x7f0000001e00)=""/4087, 0x41100, 0x66, '\x00', 0x0, 0x0, r1}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="011000000000000000003f00000008000300", @ANYRES32=r6, @ANYBLOB="0c005e800800010007000000"], 0x28}}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r8)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r8, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b80)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="fba70000e80000867f0004"], 0x14}}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000000c0), r8)
r10 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r10, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={<r11=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'sit0\x00', <r12=>0x0})
setsockopt$XDP_TX_RING(r10, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r10, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r10, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r10, &(0x7f0000000100)={0x2c, 0x1, r12}, 0x10)
mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x300000c, 0x11, r10, 0x180000000)

19.451676473s ago: executing program 2 (id=6134):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x3c, 0xff, 0xf}, 0x2c)

19.196641091s ago: executing program 2 (id=6136):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x884}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000a200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800020d8}, 0x94)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

18.349440291s ago: executing program 3 (id=6139):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x40, r1, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FAMILY={0x5, 0xd, 0x22}, @GTPA_NET_NS_FD={0x8, 0x7, r0}, @GTPA_FAMILY={0x5, 0xd, 0x9}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x84)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2000fdfffffffcffffff0c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r3, 0x400454ce, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c00ef08", @ANYRES16=r2, @ANYBLOB="020029bd7000fddbdf250e000000050038000400000008003c00229d000008003c0000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20088001}, 0x20000000)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r5, 0x110, 0x2, &(0x7f0000000480)='\x98E\xab\xa5`\xf1\xd9LR\x8d\xc1\\\x89\xfe1\xd9\x90\xfb!\xa0\xb8\xf9a]\x1e,{|s\xe0\x97\xfa\x9a\xeb\xae\xbe\x16\x02C\xb43\x0e\x9a\x14}\xf1\xb93\x93\x122!\x8f\x8b~\x16\xce\xa5n\x93\xc5-M\x0e\t\x92\x83\xbc\x8a\xef/\xf2T[6\x98\xbd3\x18\xb1\x93^\x98tG\xad1\xceA\x91\xfbK\xf1\xbd\x10\x1f\x0e\xe5k\xc0\x8f2\xdc\xd3\xc0\xadX=\xf2\xd2(\xedH\xb8\x84A>\v\x15\xe1\xc8\x90&4\xe4a\xb2\xc2\xd6l\x18\x1a\xce\xc1s\ti\b\x93uB[\xd1\xf3\v\x90\x87\x97F\x8aL3\x05\x89\xa8\xc9\xb6\x8a\v7\x87\n\xc0\x98', 0x3)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200), 0xffffffc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r6, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r7, 0x0)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r6, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r5, 0x8982, &(0x7f00000002c0))
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f0080047e0ffff00124000633a77fbac141416e000000194029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x6b, 0x60000000, 0x10b, 0x0, &(0x7f0000000400)="bf2b4ee7955c04f6ffcda24251ef32f5b1d254b3cb5b193a6c4881486a052ed53c682015bb2ceb0237dfb0b5a8a64cdc932ae709cd51bd087ddb000000000000000000b4c7081c86a774b850e2dcc8822a374b446c5102c1eac18db2b4518e9d83f76d7465cdd8d7d188640f33bc16b8b77ad695057b724101a87c2c44305cd9a136dbc377466fb2ec77db453874f54acb3473afb3f0dfff7fd14cc1e1d3595e61182b6ac285dfcc34e51c3d971b25ba883e3ad1d4396daae9a95e67a246d16a04fac2c8e8191d3ebdd1e790db0f2521243b1aaf657031feaf4153628730dd86899a060375c71f3aa741bd3ada5c5f1874a51c88ec1457f9f0e37ab20d770025834431bcfb74fea7aa4d1c", &(0x7f0000000000), 0x0, 0x0, 0x6}, 0x50)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xba0c29e690d41d4b, 0x20000000ec071, 0xffffffffffffffff, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080))

18.148337389s ago: executing program 2 (id=6141):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000)
r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x18)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x4010, r0}, 0x18)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000340)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="030300000000000000000600140008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000500)={0x2, 0x4e23, @private=0xa010101}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}}, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYRESOCT=r4], 0x1c}, 0x1, 0x0, 0x0, 0x40811}, 0x20048000)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1900000048000000000001000400000000200000", @ANYRES32=0x1, @ANYBLOB="00000000000000005fa75da73552b5dff31b95a126a9ff5bfe9ffd18b7e222d63983cb5e86de3f690e79e1125d4893ff70e45d645da8bd40dd002d8af9a76f63eb1c95caa8839fa9b82205fa364ad8b6a88febd16c00cf5787de35a183c020ee004a789ac9946e809768b12f757cbe28b7f71682c63c69d1bbb27e96224e0be3da45a66a8fd01a0400000000000000920eebe39eea2b30b0b12252d20c4789a77dbc240a35c04b4900d28e9e10281a87c201ae9765c1fa5c798907f8e9730d2ec6883839e5433636e0a8aca09d144fa8855392d585758cf332fa425729fec4", @ANYRES32=r4, @ANYRES32, @ANYBLOB="02000000050000000400"/28], 0x50)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x6, [@float={0x6, 0x0, 0x0, 0x10, 0xc}, @union={0x8, 0x4, 0x0, 0x5, 0x0, 0x4, [{0x1, 0x0, 0x40}, {0x0, 0x3, 0x7}, {0xa, 0x3, 0x2}, {0xb, 0x1, 0x8}]}]}, {0x0, [0x61, 0x0, 0x0, 0x5f]}}, &(0x7f0000000340)=""/189, 0x66, 0xbd, 0x0, 0x80000000}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x0, '\x00', r4, r9, 0x0, 0x4, 0x5}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x18, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x41da}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x480}}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd35}}, @generic={0x40, 0x5, 0x4, 0x1fc, 0x80200001}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0xae}}}, &(0x7f0000000080)='GPL\x00', 0x7, 0xfef, &(0x7f0000000cc0)=""/4079, 0x41100, 0x40}, 0x94)

18.084452976s ago: executing program 2 (id=6142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x1, 0x4)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r4, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x24, r5, 0xba960a2220112c19, 0x70bd2f, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, 'nfc\x10'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)="fbe65d", 0x3}], 0x1}, 0x40080)
r8 = syz_init_net_socket$x25(0x3, 0x5, 0x3)
ioctl$SIOCX25SFACILITIES(r8, 0x89e3, &(0x7f0000000000)={0x6b, 0xa238, 0x7, 0x6, 0x2, 0x81})
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="0000000010000100000093ee000000000000000a3c000000120a0900000000000000000002000000090002de4250dc070073797a3100000000080004c44ccdf034e9d9a80073797a30000000000800034000000009140000001100010000000000000e00000000000a64e11256fc0bd3c76eebbc86055fdbed840c4329434fa9bf250400d6c66bedc4fb743b28c52407a5624b89a066da3f5c0c2d1043727acbc5b486c941cbd808ca4cf825b7380fbf1d848b4d8e706f673a1d33ffdb75c125e3fcb310bfcc9c240f8240c8588f3c136e5b90b38a98a7b3207f3676d2ba3b93b12561e033af61fcc3799a1814aa90f6c9ae85fba48bfd65823415e0378ed01a5c248c7ecf4045aa15dbf7529aff41718860193b4b2c0862d96deaf6b56be1bc1ec4e3c6f06ca0fd5d53cc25229e9d1b805a9188800361120af78442bfc2d30157ef26c57669206b2011571287d71345683c0541afea7b1c8ca099d7f57a9f54a7da3eac1b89d00bce92b02dc7a6e7f9a29965f5e9e3fca456060244d16e9004ac919b3cda0b494e2ac5ff10c0e0f8634126d248a69e391358b8218efad0d7908ee958bc6ef1a9b472bcccacc35f4a99d8628dd41c68c30e484f45df3d018d76f0698ffe777178fdbed53941872a3c52ddc942a0059fe77453d5b0736b732320b040708f1f6abdbf8b1042a2b537b7e7cec8f959abe339c5a3dea52b3e790a68ae10e4"], 0x64}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, &(0x7f00000000c0)={0x0, 0x0, "1bb4168405414d99f49f957f34c7094b"})
getsockname$packet(r9, &(0x7f00000002c0)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r11, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
r12 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r12, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x6}, 0x4)
getsockopt$packet_int(r12, 0x107, 0x12, 0x0, &(0x7f0000000080))
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=@delchain={0x3c, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0xffff}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x44044)
setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4)

18.036139s ago: executing program 3 (id=6143):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0xff58)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xb, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

17.940898127s ago: executing program 3 (id=6144):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000003c40)=@newtaction={0xac, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x98, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x8, 0x20000001}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xac}, 0x1, 0x600}, 0x0)

17.922672985s ago: executing program 3 (id=6145):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x301, 0x0, 0x84, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}, {0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x110}}, 0x0)

17.887701329s ago: executing program 3 (id=6146):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x50, &(0x7f00000000c0)=0x2, 0x4)
unshare(0x20000400)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$igmp6(0xa, 0x3, 0x2)
splice(r1, 0xfffffffffffffffe, r2, 0x0, 0x8, 0x0)
socketpair(0x11, 0x1, 0x401, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={<r4=>0x0, 0x2c, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0x0, @private0}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000040)=0x10)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0)
readv(r5, &(0x7f0000001500)=[{&(0x7f0000000400)=""/96, 0x60}, {0x0}], 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000004c0)={r4, @in={{0x2, 0xfffe, @empty}}, 0x0, 0x80}, 0x90)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x8001)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000004)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
recvmsg$can_j1939(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000580)=""/194, 0xc2}, {&(0x7f0000000280)=""/87, 0x57}, {&(0x7f0000000100)=""/25, 0x19}, {&(0x7f0000001540)=""/4096, 0x1000}], 0x4, &(0x7f0000000680)=""/237, 0xed}, 0x2000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000004900010028bd7000fedbdf250a008000", @ANYRES32=0x0, @ANYBLOB="00000000080002000100000014000100fc000000000000000000000000000000202ada3a2b0cee5d146024e752b31e5f2ddfcf37452f012abb0c6d5c25061e0d003396f9412149078e04be23d192962cdb70209a8fcd60bf15fdef6d44379b8f0e5d081004efdbb7e5d9fe2c"], 0x38}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.2MB.failcnt\x00', 0x2, 0x0)
r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netrom_SIOCADDRT(r8, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @default, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

17.26512672s ago: executing program 4 (id=6148):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x5, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61, 0x2e]}}, 0x0, 0x55}, 0x28) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) (async)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x400d}, {{0x0, 0x0, 0x0}, 0xfffffffd}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)=""/178, 0xb2}, {&(0x7f0000000cc0)=""/261, 0x105}, {&(0x7f0000002e00)=""/4113, 0x1011}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0xc846}, {{0x0, 0x0, 0x0}, 0x6}], 0x8, 0x22, 0x0)

17.263209515s ago: executing program 4 (id=6149):
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f0000000140), 0x4d)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=""/43, 0x2b}], 0x1}, 0x80)
r1 = socket$kcm(0x1e, 0x4, 0x0)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x500, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020200090f000000000000000000000005000600000000000a0000000000000000000000000000000000000000000000000000000000000002000100000004d20000020300000020050005002f8000000a00000000000000ff0100000000000000000028000000010000000000000000010018"], 0x78}}, 0x0)
syz_emit_ethernet(0x34, &(0x7f00000000c0)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @empty}, {0x0, 0x88be, 0x12, 0x0, @opaque="6b8b836832cfd4d288a8"}}}}}, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x800)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1f, 0x17, &(0x7f0000000080)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xb8}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$key(r3, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="020100096e64f1df365747040083cafaf7e4970e55e80a3bc5bbbf8d5374fbdf7359354a9a"], 0x70}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

17.115671456s ago: executing program 4 (id=6150):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r0, 0x110, 0x3, 0x0, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
unshare(0x6a040000)
r2 = socket$netlink(0x10, 0x3, 0x8)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x8044005}, 0x4084)

16.985068689s ago: executing program 3 (id=6151):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x884}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000a200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800020d8}, 0x94)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

16.873539261s ago: executing program 4 (id=6152):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x4, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000050002000000000085000000cc00000085000000000000000500feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0xff9, &(0x7f0000000a80)=""/4089, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x21)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004d00)=@deltaction={0x1f8, 0x31, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x48, 0x1, [{0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @TCA_ACT_TAB={0x88, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0x10, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xa0000}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7c}}]}, @TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fffffff}}, {0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8e}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @TCA_ACT_TAB={0x2c, 0x1, [{0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x572d}}, {0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @TCA_ACT_TAB={0x24, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
r1 = socket(0x15, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000004c00)={<r2=>0x0, 0x9, 0x5}, &(0x7f0000004c40)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000004c80)={r2, 0x0, 0x7}, &(0x7f0000004cc0)=0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="b40000001800010000000000000000000200800000010009000000000600150001000000900016808c0001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
getsockopt(r1, 0x200000000114, 0x271f, 0x0, &(0x7f0000000000))
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000080)=@ieee802154, 0x80, &(0x7f0000000240)=[{&(0x7f0000000100)=""/118, 0x76}, {&(0x7f0000000180)=""/147, 0x93}], 0x2, &(0x7f0000000280)=""/162, 0xa2}, 0x7}, {{&(0x7f0000000340)=@caif=@dbg, 0x80, &(0x7f00000006c0)=[{&(0x7f00000003c0)=""/110, 0x6e}, {&(0x7f0000000440)=""/30, 0x1e}, {&(0x7f0000000480)=""/206, 0xce}, {&(0x7f0000001a80)=""/4096, 0x1000}, {&(0x7f0000000640)=""/89, 0x59}], 0x5, &(0x7f0000000740)=""/243, 0xf3}, 0x7}, {{&(0x7f0000000840)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/128, 0x80}, {&(0x7f0000000940)=""/221, 0xdd}], 0x2, &(0x7f0000002a80)=""/191, 0xbf}, 0x52e8cf8}, {{&(0x7f0000002b40)=@tipc=@name, 0x80, &(0x7f0000002c80)=[{&(0x7f0000002bc0)=""/102, 0x66}, {&(0x7f0000002c40)=""/40, 0x28}], 0x2, &(0x7f0000002cc0)=""/207, 0xcf}, 0x1744}, {{&(0x7f0000002dc0)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000003200)=[{&(0x7f0000002e40)=""/181, 0xb5}, {&(0x7f0000002f00)=""/56, 0x38}, {&(0x7f0000002f40)=""/82, 0x52}, {&(0x7f0000002fc0)=""/41, 0x29}, {&(0x7f0000003000)=""/82, 0x52}, {&(0x7f0000003080)=""/203, 0xcb}, {&(0x7f0000003180)=""/20, 0x14}, {&(0x7f00000031c0)=""/35, 0x23}], 0x8, &(0x7f0000003280)=""/192, 0xc0}, 0x9}, {{&(0x7f0000003340)=@pppol2tpv3={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff}}, 0x80, &(0x7f0000004600)=[{&(0x7f00000033c0)=""/195, 0xc3}, {&(0x7f00000034c0)=""/36, 0x24}, {&(0x7f0000003500)=""/36, 0x24}, {&(0x7f0000003540)=""/4096, 0x1000}, {&(0x7f0000004540)=""/27, 0x1b}, {&(0x7f0000004580)=""/43, 0x2b}, {&(0x7f00000045c0)=""/25, 0x19}], 0x7, &(0x7f0000004680)=""/146, 0x92}, 0x7}, {{&(0x7f0000004740)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000004840)=[{&(0x7f00000047c0)=""/21, 0x15}, {&(0x7f0000004800)=""/47, 0x2f}], 0x2}, 0x4}, {{&(0x7f0000004880)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @private}}}}, 0x80, &(0x7f0000004980)=[{&(0x7f0000004900)=""/74, 0x4a}], 0x1}, 0x101}], 0x8, 0x0, &(0x7f0000004bc0))
ioctl$SIOCNRDECOBS(r4, 0x89e2)

16.040453574s ago: executing program 4 (id=6153):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x31)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a50000001801000020206405000000000004000f7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000100)={0x4})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r3, 0xcfad5000)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r3, 0x1000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x4, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x81, 0x1, 0x1, 0x6e}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x1d, &(0x7f0000000000)=ANY=[@ANYBLOB="183c000002000000000000000000000045bbc0ffffffffff1801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="000000000000b4b62f2a00004e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bf07000085000000060000009500000000000000"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)

16.002434987s ago: executing program 4 (id=6154):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x2b, 'io'}]}, 0x4)
ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000000)=0x963)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0xc, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x2}, 0x10)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})

10.530863388s ago: executing program 32 (id=6089):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='freezer.state\x00', 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7e}], 0x30}, 0x0)
sendmmsg$alg(r4, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001640)="553e12df315719c9cddfbe1f03774b1d49d6fc51d5b185", 0x17}, {&(0x7f0000001680)="33caaff65bbb49384ba3fa03220c730c8531786e424bfa1ee6d344e5ca70fa4e68f9ad2bd7a154c3da71f3d9548c", 0x2e}, {&(0x7f0000001700)="7082b8d45f4cc86d0267eabd24340e1911fe3ceeb757ca4a090897a00b8d106a8ceb5beaa118a5652769ec67e809e68ca18f0241349dc53502", 0x39}, {&(0x7f0000001880)="371f6caa2f6c27730337ec033b032851897cee7054e7e1e0702321a402356d2f7728fc212abddf577e94277f3d9ceea00b26d2cd0dc790b14423d5766bfd60897fa6b4a3e5bec0e118bc0934219dc3b4a8dce9c5223696b152635e6ca4761490d5832d84c80176a3b48e27cb64d7498ce458ec00afb5ceb41e55ee19e6ecdf", 0x7f}], 0x4}], 0x1, 0x840)
recvmsg(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/120, 0x78}, {&(0x7f0000000300)=""/149, 0x95}], 0x2}, 0x10001)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={<r5=>0x0, @in6={{0xa, 0x4e24, 0x6fb5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9d9e}}, 0x2, 0x6, 0x48ed, 0x7, 0xffff}, &(0x7f0000000100)=0x98)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r6, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r7, 0x84, 0x1, 0x0, &(0x7f0000000140))
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000280)={r5, 0x1}, 0x8)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x4, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x24, 0x9}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r9, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r9, &(0x7f0000000180)={0xa, 0x4e20, 0x7, @local, 0x5}, 0x1c)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000580)=<r12=>0x0)
sendmsg$NFC_CMD_SE_IO(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a00)=ANY=[@ANYBLOB="000000a6", @ANYRES16=r11, @ANYBLOB="010028bd7000fcdbdf251b00000008000100", @ANYRES32=r12, @ANYBLOB="08001500c000000005001900d8000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8880}, 0x0)

9.505742334s ago: executing program 33 (id=6092):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000000002010400000000000000000a0000b8b90004000180180003801400018008000100ac1e010108000200ac1414aa100008800c0002"], 0x40}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fbdbdf25270000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
r4 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000380)={0x11, @local, 0x4e24, 0x3, 'ovf\x00', 0x16, 0xffff, 0x7b}, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ADD(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYRES8=r6], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000)
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000680)={0x164, r6, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}]}, @TIPC_NLA_NODE={0xfc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd5e3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10}, @TIPC_NLA_NODE_ID={0xe2, 0x3, "a47306921ba6713b9dd89d0a0a038c6b0300fa30f428e84f3ff5d5bce47f8a7f0eefd66833afba9cefb2afde8046bb5d296bc919816e1d59d1319540fa793b4a554ee9ef6674de302fe03fa3edbee3abf842bd10b57a961341f0d439c6fad7f03dca3cf76ca8588bf53e42b0866b1251a5df1daf0016f7a07f012c06f253c7a4b5454b5fe279faf53d97299a81603e3fdc1730a9c7b39ed110bccfa316d0bcdd739bb5ba398956d2efa237ec911cc60ce96cb54dd0fbc36126454b5fec2fde1757336fea81540a5303761b90db2df09d80aee65debf00dffeb6d746fb8f3"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x800}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x48000}, 0x804)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x48f, &(0x7f0000000000)={0x11, @multicast1, 0x4e23, 0x0, 'lc\x00', 0x0, 0x6000000}, 0x2c)
r7 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0))
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r8, 0x0, 0x5}, 0x18)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
write$rfkill(r9, &(0x7f0000000000)={0x5, 0x0, 0x3, 0xfc}, 0x8)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000080))
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000002000))
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r10)
sendmmsg(r4, 0x0, 0x0, 0x240000d4)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="440000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000061000000180012800e00010069703667726574617000000000000000060001"], 0x44}}, 0x0)

3.028830704s ago: executing program 34 (id=6142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x1, 0x4)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r4, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x24, r5, 0xba960a2220112c19, 0x70bd2f, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, 'nfc\x10'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000040)="fbe65d", 0x3}], 0x1}, 0x40080)
r8 = syz_init_net_socket$x25(0x3, 0x5, 0x3)
ioctl$SIOCX25SFACILITIES(r8, 0x89e3, &(0x7f0000000000)={0x6b, 0xa238, 0x7, 0x6, 0x2, 0x81})
r9 = socket(0x10, 0x3, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="0000000010000100000093ee000000000000000a3c000000120a0900000000000000000002000000090002de4250dc070073797a3100000000080004c44ccdf034e9d9a80073797a30000000000800034000000009140000001100010000000000000e00000000000a64e11256fc0bd3c76eebbc86055fdbed840c4329434fa9bf250400d6c66bedc4fb743b28c52407a5624b89a066da3f5c0c2d1043727acbc5b486c941cbd808ca4cf825b7380fbf1d848b4d8e706f673a1d33ffdb75c125e3fcb310bfcc9c240f8240c8588f3c136e5b90b38a98a7b3207f3676d2ba3b93b12561e033af61fcc3799a1814aa90f6c9ae85fba48bfd65823415e0378ed01a5c248c7ecf4045aa15dbf7529aff41718860193b4b2c0862d96deaf6b56be1bc1ec4e3c6f06ca0fd5d53cc25229e9d1b805a9188800361120af78442bfc2d30157ef26c57669206b2011571287d71345683c0541afea7b1c8ca099d7f57a9f54a7da3eac1b89d00bce92b02dc7a6e7f9a29965f5e9e3fca456060244d16e9004ac919b3cda0b494e2ac5ff10c0e0f8634126d248a69e391358b8218efad0d7908ee958bc6ef1a9b472bcccacc35f4a99d8628dd41c68c30e484f45df3d018d76f0698ffe777178fdbed53941872a3c52ddc942a0059fe77453d5b0736b732320b040708f1f6abdbf8b1042a2b537b7e7cec8f959abe339c5a3dea52b3e790a68ae10e4"], 0x64}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r1, 0x4008662c, &(0x7f00000000c0)={0x0, 0x0, "1bb4168405414d99f49f957f34c7094b"})
getsockname$packet(r9, &(0x7f00000002c0)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r11, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
r12 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r12, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x6}, 0x4)
getsockopt$packet_int(r12, 0x107, 0x12, 0x0, &(0x7f0000000080))
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=@delchain={0x3c, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0xffff}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x44044)
setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4)

1.025046477s ago: executing program 35 (id=6151):
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$inet(0x2b, 0x801, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000380)=""/3, 0x46, 0x3, 0x1}, 0x28)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x884}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000085000000a200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800020d8}, 0x94)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000500)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0)
socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

0s ago: executing program 36 (id=6154):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x2b, 'io'}]}, 0x4)
ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000000)=0x963)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x19, 0xc, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x2}, 0x10)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})

kernel console output (not intermixed with test programs):

00000000002e
[  693.220163][T25265] RAX: ffffffffffffffda RBX: 00007f54675c5fa0 RCX: 00007f546738ebe9
[  693.220175][T25265] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  693.220185][T25265] RBP: 00007f546811f090 R08: 0000000000000000 R09: 0000000000000000
[  693.220195][T25265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.220205][T25265] R13: 00007f54675c6038 R14: 00007f54675c5fa0 R15: 00007ffcdfd6f788
[  693.220231][T25265]  </TASK>
[  693.880108][T25269] mac80211_hwsim hwsim52 wlan1: entered allmulticast mode
[  693.921874][T25269] bond0: default FDB implementation only supports local addresses
[  694.472181][T25290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  694.488537][T25290] syzkaller0: entered promiscuous mode
[  694.499518][T25290] syzkaller0: entered allmulticast mode
[  694.565175][T25292] netlink: 'syz.0.5127': attribute type 1 has an invalid length.
[  694.566283][T25290] tipc: Resetting bearer <eth:syzkaller0>
[  694.619462][T25289] tipc: Resetting bearer <eth:syzkaller0>
[  694.696376][T25307] FAULT_INJECTION: forcing a failure.
[  694.696376][T25307] name failslab, interval 1, probability 0, space 0, times 0
[  694.728373][T25289] tipc: Disabling bearer <eth:syzkaller0>
[  694.747207][T25307] CPU: 0 UID: 0 PID: 25307 Comm: syz.3.5131 Not tainted syzkaller #0 PREEMPT(full) 
[  694.747233][T25307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  694.747243][T25307] Call Trace:
[  694.747251][T25307]  <TASK>
[  694.747260][T25307]  dump_stack_lvl+0x189/0x250
[  694.747295][T25307]  ? __pfx____ratelimit+0x10/0x10
[  694.747316][T25307]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.747335][T25307]  ? __pfx__printk+0x10/0x10
[  694.747365][T25307]  ? __pfx___might_resched+0x10/0x10
[  694.747379][T25307]  ? fs_reclaim_acquire+0x7d/0x100
[  694.747400][T25307]  should_fail_ex+0x414/0x560
[  694.747427][T25307]  should_failslab+0xa8/0x100
[  694.747463][T25307]  __kmalloc_noprof+0xcb/0x4f0
[  694.747482][T25307]  ? nf_tables_newrule+0x1506/0x2890
[  694.747501][T25307]  ? nla_strcmp+0x106/0x140
[  694.747521][T25307]  nf_tables_newrule+0x1506/0x2890
[  694.747558][T25307]  ? __pfx_nf_tables_newrule+0x10/0x10
[  694.747579][T25307]  ? nfnl_pernet+0x23/0x240
[  694.747609][T25307]  ? __nla_parse+0x40/0x60
[  694.747630][T25307]  nfnetlink_rcv+0x1132/0x2520
[  694.747682][T25307]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  694.747759][T25307]  ? netlink_deliver_tap+0x2e/0x1b0
[  694.747795][T25307]  netlink_unicast+0x82c/0x9e0
[  694.747829][T25307]  ? __pfx_netlink_unicast+0x10/0x10
[  694.747854][T25307]  ? netlink_sendmsg+0x642/0xb30
[  694.747870][T25307]  ? skb_put+0x11b/0x210
[  694.747893][T25307]  netlink_sendmsg+0x805/0xb30
[  694.747921][T25307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  694.747942][T25307]  ? aa_sock_msg_perm+0xf1/0x1d0
[  694.747962][T25307]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  694.747980][T25307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  694.747999][T25307]  __sock_sendmsg+0x219/0x270
[  694.748024][T25307]  ____sys_sendmsg+0x505/0x830
[  694.748050][T25307]  ? __pfx_____sys_sendmsg+0x10/0x10
[  694.748080][T25307]  ? import_iovec+0x74/0xa0
[  694.748104][T25307]  ___sys_sendmsg+0x21f/0x2a0
[  694.748126][T25307]  ? __pfx____sys_sendmsg+0x10/0x10
[  694.748179][T25307]  ? __fget_files+0x2a/0x420
[  694.748192][T25307]  ? __fget_files+0x3a0/0x420
[  694.748215][T25307]  __x64_sys_sendmsg+0x19b/0x260
[  694.748237][T25307]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  694.748265][T25307]  ? __pfx_ksys_write+0x10/0x10
[  694.748285][T25307]  ? rcu_is_watching+0x15/0xb0
[  694.748306][T25307]  ? do_syscall_64+0xbe/0x3b0
[  694.748329][T25307]  do_syscall_64+0xfa/0x3b0
[  694.748347][T25307]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.748366][T25307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.748384][T25307]  ? clear_bhb_loop+0x60/0xb0
[  694.748405][T25307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.748421][T25307] RIP: 0033:0x7f347d58ebe9
[  694.748446][T25307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.748460][T25307] RSP: 002b:00007f347e370038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  694.748479][T25307] RAX: ffffffffffffffda RBX: 00007f347d7c5fa0 RCX: 00007f347d58ebe9
[  694.748491][T25307] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  694.748503][T25307] RBP: 00007f347e370090 R08: 0000000000000000 R09: 0000000000000000
[  694.748513][T25307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.748524][T25307] R13: 00007f347d7c6038 R14: 00007f347d7c5fa0 R15: 00007fffaf368b08
[  694.748551][T25307]  </TASK>
[  695.302059][T25313] netlink: 'syz.4.5133': attribute type 1 has an invalid length.
[  695.369937][T25313] __nla_validate_parse: 4 callbacks suppressed
[  695.369955][T25313] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5133'.
[  695.499053][T25327] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5138'.
[  695.571756][T25330] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5139'.
[  695.676230][T25337] netlink: 284 bytes leftover after parsing attributes in process `syz.3.5140'.
[  695.790820][T25347] FAULT_INJECTION: forcing a failure.
[  695.790820][T25347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.808711][T25347] CPU: 0 UID: 0 PID: 25347 Comm: syz.1.5143 Not tainted syzkaller #0 PREEMPT(full) 
[  695.808738][T25347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  695.808747][T25347] Call Trace:
[  695.808755][T25347]  <TASK>
[  695.808763][T25347]  dump_stack_lvl+0x189/0x250
[  695.808789][T25347]  ? __pfx____ratelimit+0x10/0x10
[  695.808808][T25347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.808829][T25347]  ? __pfx__printk+0x10/0x10
[  695.808864][T25347]  should_fail_ex+0x414/0x560
[  695.808967][T25347]  _copy_to_user+0x31/0xb0
[  695.808989][T25347]  simple_read_from_buffer+0xe1/0x170
[  695.809016][T25347]  proc_fail_nth_read+0x1b3/0x220
[  695.809039][T25347]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.809061][T25347]  ? rw_verify_area+0x2a6/0x4d0
[  695.809079][T25347]  ? __lock_acquire+0xab9/0xd20
[  695.809099][T25347]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.809119][T25347]  vfs_read+0x200/0xa30
[  695.809139][T25347]  ? fdget_pos+0x247/0x320
[  695.809160][T25347]  ? __pfx___mutex_lock+0x10/0x10
[  695.809180][T25347]  ? __pfx_vfs_read+0x10/0x10
[  695.809203][T25347]  ? __fget_files+0x2a/0x420
[  695.809223][T25347]  ? __fget_files+0x3a0/0x420
[  695.809238][T25347]  ? __fget_files+0x2a/0x420
[  695.809264][T25347]  ksys_read+0x145/0x250
[  695.809287][T25347]  ? __pfx_ksys_read+0x10/0x10
[  695.809306][T25347]  ? rcu_is_watching+0x15/0xb0
[  695.809329][T25347]  ? do_syscall_64+0xbe/0x3b0
[  695.809353][T25347]  do_syscall_64+0xfa/0x3b0
[  695.809370][T25347]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.809389][T25347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.809406][T25347]  ? clear_bhb_loop+0x60/0xb0
[  695.809425][T25347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  695.809442][T25347] RIP: 0033:0x7f9e80d8d5fc
[  695.809461][T25347] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  695.809476][T25347] RSP: 002b:00007f9e81c65030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  695.809494][T25347] RAX: ffffffffffffffda RBX: 00007f9e80fc5fa0 RCX: 00007f9e80d8d5fc
[  695.809507][T25347] RDX: 000000000000000f RSI: 00007f9e81c650a0 RDI: 0000000000000005
[  695.809518][T25347] RBP: 00007f9e81c65090 R08: 0000000000000000 R09: 0000000000000000
[  695.809529][T25347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.809539][T25347] R13: 00007f9e80fc6038 R14: 00007f9e80fc5fa0 R15: 00007ffd48551d38
[  695.809568][T25347]  </TASK>
[  696.339935][T25357] netlink: 'syz.1.5147': attribute type 1 has an invalid length.
[  696.485956][T25357] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5147'.
[  696.601148][T20522] net_ratelimit: 24 callbacks suppressed
[  696.601168][T20522] bond6: (slave macvlan0): failed to get link speed/duplex
[  696.729877][T20520] bond6: (slave macvlan0): failed to get link speed/duplex
[  696.842413][T20520] bond6: (slave macvlan0): failed to get link speed/duplex
[  696.970315][T20515] bond6: (slave macvlan0): failed to get link speed/duplex
[  696.988068][T25390] netlink: 'syz.0.5156': attribute type 12 has an invalid length.
[  697.081529][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  697.180133][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  697.199984][T20520] bond6: (slave macvlan0): failed to get link speed/duplex
[  697.320921][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  697.321602][T25395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5157'.
[  697.440065][T20515] bond6: (slave macvlan0): failed to get link speed/duplex
[  697.550456][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  697.572715][T25402] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5159'.
[  697.604726][T25407] netlink: 'syz.3.5160': attribute type 9 has an invalid length.
[  697.634488][T25407] netlink: 184 bytes leftover after parsing attributes in process `syz.3.5160'.
[  698.011806][T25433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5167'.
[  698.018263][T25432] netlink: 'syz.2.5165': attribute type 72 has an invalid length.
[  698.031511][T25432] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5165'.
[  698.271921][T25444] netlink: 'syz.4.5170': attribute type 2 has an invalid length.
[  698.315201][T25446] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  699.109061][T25488] veth5: entered promiscuous mode
[  699.133196][T25490] netlink: 'syz.2.5179': attribute type 72 has an invalid length.
[  699.279312][T25494] netlink: 'syz.2.5181': attribute type 10 has an invalid length.
[  699.288991][T25494] batman_adv: batadv0: Interface activated: virt_wifi0
[  699.626830][T25501] lo speed is unknown, defaulting to 1000
[  699.634711][T25501] wg1 speed is unknown, defaulting to 1000
[  699.973986][T25517] netlink: 'syz.3.5187': attribute type 30 has an invalid length.
[  700.131205][T25529] vcan1: entered promiscuous mode
[  700.136379][T25529] vcan1: entered allmulticast mode
[  700.386751][T25541] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  700.408209][T25541] syzkaller0: entered promiscuous mode
[  700.419996][T25541] syzkaller0: entered allmulticast mode
[  700.455822][T25545] __nla_validate_parse: 7 callbacks suppressed
[  700.455840][T25545] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5196'.
[  700.542333][T25541] tipc: Resetting bearer <eth:syzkaller0>
[  700.567531][T25540] tipc: Resetting bearer <eth:syzkaller0>
[  700.681561][T25540] tipc: Disabling bearer <eth:syzkaller0>
[  700.742166][T25556] lo speed is unknown, defaulting to 1000
[  700.751445][T25556] wg1 speed is unknown, defaulting to 1000
[  700.841274][T25567] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5203'.
[  700.934518][T25575] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5203'.
[  701.157670][T25581] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5206'.
[  701.333204][T25588] netlink: 248 bytes leftover after parsing attributes in process `syz.2.5210'.
[  701.531044][T25590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5211'.
[  701.679970][T20520] net_ratelimit: 31 callbacks suppressed
[  701.679991][T20520] bond6: (slave macvlan0): failed to get link speed/duplex
[  701.818817][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.829592][T20522] bond6: (slave macvlan0): failed to get link speed/duplex
[  701.837837][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.851232][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.860554][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.881756][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.890719][T25615] netlink: 'syz.0.5217': attribute type 21 has an invalid length.
[  701.897440][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.899048][T25615] netlink: 128 bytes leftover after parsing attributes in process `syz.0.5217'.
[  701.917642][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  701.926960][T25612] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  702.005256][T25621] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  702.012655][T25621] IPv6: NLM_F_CREATE should be set when creating new route
[  702.012800][T25615] netlink: 'syz.0.5217': attribute type 4 has an invalid length.
[  702.028024][T25615] netlink: 'syz.0.5217': attribute type 5 has an invalid length.
[  702.054677][T25615] netlink: 3 bytes leftover after parsing attributes in process `syz.0.5217'.
[  702.440972][T25646] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms
[  702.459061][T25646] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms
[  702.471042][T25649] IPv6: Can't replace route, no match found
[  702.494378][T25650] IPv6: Can't replace route, no match found
[  702.702946][T25656] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (71)
[  702.855783][T25667] netlink: 'syz.2.5229': attribute type 13 has an invalid length.
[  702.864210][T25667] netlink: 'syz.2.5229': attribute type 17 has an invalid length.
[  703.017754][T25668] lo speed is unknown, defaulting to 1000
[  703.032045][T25668] wg1 speed is unknown, defaulting to 1000
[  703.044390][T25671] rdma_rxe: rxe_newlink: failed to add veth1_to_hsr
[  703.141739][T25671] sctp: [Deprecated]: syz.4.5234 (pid 25671) Use of struct sctp_assoc_value in delayed_ack socket option.
[  703.141739][T25671] Use struct sctp_sack_info instead
[  703.391144][T25683] netlink: 'syz.4.5237': attribute type 1 has an invalid length.
[  703.455327][T25685] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5237'.
[  703.457665][T25683] bond7: entered promiscuous mode
[  703.470264][T25683] 8021q: adding VLAN 0 to HW filter on device bond7
[  703.517997][T25687] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  703.543104][T25683] bond7: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  703.559179][T25683] bond7: (slave ipvlan3): The slave device specified does not support setting the MAC address
[  703.569992][T25683] bond7: (slave ipvlan3): Setting fail_over_mac to active for active-backup mode
[  703.604711][T25690] netlink: 'syz.0.5240': attribute type 1 has an invalid length.
[  703.613640][T25692] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5241'.
[  703.846323][T25702] netlink: 'syz.4.5246': attribute type 5 has an invalid length.
[  703.855267][T25702] netlink: 'syz.4.5246': attribute type 6 has an invalid length.
[  703.895601][T25702] netlink: 'syz.4.5246': attribute type 5 has an invalid length.
[  704.469226][T25734] syzkaller1: entered promiscuous mode
[  704.480655][T25734] syzkaller1: entered allmulticast mode
[  705.419487][T20511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  705.440889][T20511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  705.564976][T25781] __nla_validate_parse: 9 callbacks suppressed
[  705.564996][T25781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5266'.
[  705.616972][T25781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5266'.
[  705.848272][T25802] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5274'.
[  705.944660][T25809] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5272'.
[  705.994781][T25811] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5277'.
[  706.237936][T25816] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5278'.
[  706.309117][T25818] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5279'.
[  706.720391][ T6262] net_ratelimit: 97 callbacks suppressed
[  706.720414][ T6262] bond6: (slave macvlan0): failed to get link speed/duplex
[  706.757082][T25832] erspan0: entered promiscuous mode
[  706.769946][T25832] macsec0: entered promiscuous mode
[  706.857860][T25832] erspan0: left promiscuous mode
[  706.931937][T20515] bond6: (slave macvlan0): failed to get link speed/duplex
[  706.933541][T25838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5286'.
[  707.040185][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.150432][T20515] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.221593][T25850] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5290'.
[  707.243814][T25856] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5291'.
[  707.279904][T20520] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.391428][T20515] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.510012][T20522] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.580068][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  707.627172][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.762178][ T6262] bond6: (slave macvlan0): failed to get link speed/duplex
[  707.818377][T25884] validate_nla: 5 callbacks suppressed
[  707.818396][T25884] netlink: 'syz.0.5299': attribute type 21 has an invalid length.
[  707.913884][T25890] netlink: 'syz.3.5300': attribute type 32 has an invalid length.
[  708.114468][T25903] netlink: 'syz.4.5302': attribute type 10 has an invalid length.
[  708.158775][T25903] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  708.168238][T25903] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  708.444430][T25923] IPVS: length: 80 != 24
[  708.714110][T25936] netlink: 'syz.3.5308': attribute type 13 has an invalid length.
[  708.785637][T25936] netlink: 'syz.3.5308': attribute type 17 has an invalid length.
[  708.899547][T25936] 8021q: adding VLAN 0 to HW filter on device bond0
[  708.910555][T25936] 8021q: adding VLAN 0 to HW filter on device team0
[  708.938876][T25940] xfrm0: entered promiscuous mode
[  708.948427][T25940] xfrm0: entered allmulticast mode
[  708.968732][T20519] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  709.018731][T25947] bridge4: entered promiscuous mode
[  709.024699][T25947] bridge4: entered allmulticast mode
[  709.063111][T25936] lo speed is unknown, defaulting to 1000
[  709.070781][T25936] wg1 speed is unknown, defaulting to 1000
[  709.239119][T25960] pim6reg: entered allmulticast mode
[  710.460483][T25998] nbd: must specify a size in bytes for the device
[  710.781273][T26014] __nla_validate_parse: 10 callbacks suppressed
[  710.781295][T26014] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5331'.
[  711.069140][T26033] netlink: 'syz.0.5334': attribute type 64 has an invalid length.
[  711.070006][T26032] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5337'.
[  711.135304][T26039] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5334'.
[  711.419483][T26054] netlink: 'syz.3.5339': attribute type 1 has an invalid length.
[  711.740171][    C1] net_ratelimit: 35 callbacks suppressed
[  711.740193][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  711.800002][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.030838][T20523] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.151586][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.241796][T26082] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5345'.
[  712.281647][T20523] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.400870][ T6262] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.520274][T20522] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.640042][T20522] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.759900][T20519] bond6: (slave macvlan0): failed to get link speed/duplex
[  712.780192][    C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  712.927454][T26103] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5353'.
[  712.938292][T26098] lo speed is unknown, defaulting to 1000
[  712.957748][T26098] wg1 speed is unknown, defaulting to 1000
[  712.999967][T26110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5355'.
[  713.141287][T26115] netlink: 'syz.2.5356': attribute type 1 has an invalid length.
[  713.151243][T26115] netlink: 'syz.2.5356': attribute type 4 has an invalid length.
[  713.170083][T26115] netlink: 188 bytes leftover after parsing attributes in process `syz.2.5356'.
[  713.179884][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  713.196337][T26115] NCSI netlink: No device for ifindex 3321692160
[  713.644037][T26140] netlink: 'syz.1.5360': attribute type 4 has an invalid length.
[  714.520004][T26166] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5370'.
[  714.564260][T26169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5369'.
[  715.377296][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  715.388134][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  715.398337][T26178] netlink: 'syz.4.5373': attribute type 4 has an invalid length.
[  715.436042][ T5862] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  715.448875][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  715.466629][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  715.729857][T26188] netlink: 'syz.3.5376': attribute type 1 has an invalid length.
[  715.761551][T26188] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5376'.
[  715.777830][T16360] syz_tun (unregistering): left promiscuous mode
[  715.817289][T26191] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  715.817455][T26193] netlink: 'syz.1.5377': attribute type 39 has an invalid length.
[  715.845047][T26176] lo speed is unknown, defaulting to 1000
[  715.862988][T26176] wg1 speed is unknown, defaulting to 1000
[  715.893703][T20511] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  715.977609][T26199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5380'.
[  716.011717][T26196] tipc: Started in network mode
[  716.016708][T26196] tipc: Node identity 76357e9ef07b, cluster identity 4711
[  716.025355][T26196] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  716.034217][T26196] syzkaller0: entered promiscuous mode
[  716.041067][T26196] syzkaller0: entered allmulticast mode
[  716.069075][T20511] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  716.118723][T26200] IPVS: Error connecting to the multicast addr
[  716.155268][T26196] tipc: Resetting bearer <eth:syzkaller0>
[  716.199242][T20511] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  716.219849][T26195] tipc: Resetting bearer <eth:syzkaller0>
[  716.237315][T26195] tipc: Disabling bearer <eth:syzkaller0>
[  716.249327][T26205] netlink: 'syz.4.5381': attribute type 3 has an invalid length.
[  716.272159][T20511] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  716.443240][T26205] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5381'.
[  716.473506][T26205] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  716.596919][T26176] chnl_net:caif_netlink_parms(): no params data found
[  716.839455][T26228] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5386'.
[  717.589520][ T5873] Bluetooth: hci0: command tx timeout
[  717.691397][T26248] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5391'.
[  717.929563][T20511] bond3 (unregistering): (slave bridge4): Releasing active interface
[  718.270876][T20511] bond6 (unregistering): (slave macvlan0): Removing an active aggregator
[  718.292703][T20511] bond6 (unregistering): (slave macvlan0): Releasing backup interface
[  718.315677][T20511] bond0 (unregistering): (slave bond1): Releasing backup interface
[  718.325389][T20511] bond0 (unregistering): (slave team0): Releasing backup interface
[  718.338412][T20511] bond0 (unregistering): Released all slaves
[  718.503761][T20511] bond1 (unregistering): Released all slaves
[  718.667041][T20511] bond2 (unregistering): Released all slaves
[  718.818881][T20511] bond3 (unregistering): Released all slaves
[  718.993370][T20511] bond4 (unregistering): Released all slaves
[  719.153260][T20511] bond5 (unregistering): Released all slaves
[  719.306589][T20511] bond6 (unregistering): Released all slaves
[  719.338946][T26234] netlink: 'syz.4.5386': attribute type 2 has an invalid length.
[  719.394986][T26249] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  719.411415][T26249] net_ratelimit: 23 callbacks suppressed
[  719.411436][T26249] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  719.560508][T20511] _ÐZ`Ô€@S: left promiscuous mode
[  719.656700][T26265] netlink: 'syz.2.5393': attribute type 1 has an invalid length.
[  719.665445][ T5873] Bluetooth: hci0: command 0x041b tx timeout
[  719.699957][T26265] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5393'.
[  719.812683][T20511] : left promiscuous mode
[  719.854353][T26176] bridge0: port 1(bridge_slave_0) entered blocking state
[  719.862945][T26176] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.870986][T26176] bridge_slave_0: entered allmulticast mode
[  719.880311][T26176] bridge_slave_0: entered promiscuous mode
[  719.889275][T26176] bridge0: port 2(bridge_slave_1) entered blocking state
[  719.896825][T26176] bridge0: port 2(bridge_slave_1) entered disabled state
[  720.010813][T26176] bridge_slave_1: entered allmulticast mode
[  720.018602][T26176] bridge_slave_1: entered promiscuous mode
[  720.190501][T20511] : left promiscuous mode
[  720.288107][T26176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  720.310733][T20511] tipc: Disabling bearer <eth:syzkaller0>
[  720.316980][T20511] tipc: Disabling bearer <udp:s>
[  720.327332][T20511] tipc: Left network mode
[  720.337650][T26176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  720.420721][T20511] IPVS: stopping backup sync thread 19613 ...
[  720.471146][T26176] team0: Port device team_slave_0 added
[  720.490010][T26176] team0: Port device team_slave_1 added
[  720.531865][T26297] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  720.578353][T26297] netlink: 'syz.4.5401': attribute type 1 has an invalid length.
[  720.587486][T26297] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5401'.
[  720.613115][T26176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  720.637093][T26176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.667137][T26176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.718039][T26176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.726722][T26176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.754067][T26176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  720.801570][T26280] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  721.011586][T26176] hsr_slave_0: entered promiscuous mode
[  721.025578][T26176] hsr_slave_1: entered promiscuous mode
[  721.032737][T26176] debugfs: 'hsr0' already exists in 'hsr'
[  721.038830][T26176] Cannot create hsr debugfs directory
[  721.080485][T26311] lo speed is unknown, defaulting to 1000
[  721.139786][T26311] wg1 speed is unknown, defaulting to 1000
[  721.433007][T26329] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5409'.
[  721.467613][ T6262] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[  721.538242][T20511] batadv_slave_0: left promiscuous mode
[  721.557959][T20511] hsr_slave_0: left promiscuous mode
[  721.584583][T20511] hsr_slave_1: left promiscuous mode
[  721.641809][T26345] netlink: 'syz.4.5411': attribute type 1 has an invalid length.
[  721.661846][T26345] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5411'.
[  721.741148][ T5873] Bluetooth: hci0: command 0x041b tx timeout
[  721.830231][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  722.671549][T26335] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  722.770285][T26330] lo speed is unknown, defaulting to 1000
[  722.781729][T26330] wg1 speed is unknown, defaulting to 1000
[  723.838746][ T5862] Bluetooth: hci0: command 0x041b tx timeout
[  723.847879][T20511] IPVS: stop unused estimator thread 0...
[  724.106607][T26176] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  724.126250][T26381] netlink: 'syz.4.5421': attribute type 10 has an invalid length.
[  724.166202][T26381] bridge0: entered promiscuous mode
[  724.172284][T26381] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  724.185732][T26383] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5421'.
[  724.188457][T26176] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  724.231104][T26384] netlink: 'syz.2.5422': attribute type 1 has an invalid length.
[  724.248478][T26384] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5422'.
[  724.276390][T26176] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  724.301322][T26176] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  724.326156][T26383] bridge_slave_1: left allmulticast mode
[  724.331938][T26383] bridge_slave_1: left promiscuous mode
[  724.337810][T26383] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.360127][T26383] bridge_slave_0: left allmulticast mode
[  724.365814][T26383] bridge_slave_0: left promiscuous mode
[  724.380096][T26383] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.404669][T26395] Bluetooth: MGMT ver 1.23
[  724.457411][T26383] bond0: (slave bridge0): Releasing backup interface
[  724.477876][T26383] bridge0 (unregistering): left promiscuous mode
[  724.685820][T26409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5425'.
[  724.704964][T26409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5425'.
[  724.784628][T20522] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  724.797303][T26409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5425'.
[  724.807427][T20522] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  724.844966][T20522] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  724.865346][T20522] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  724.904673][T26176] 8021q: adding VLAN 0 to HW filter on device bond0
[  724.973199][T26421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5430'.
[  724.986887][T26421] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5430'.
[  725.005946][T26421] netlink: 'syz.3.5430': attribute type 1 has an invalid length.
[  725.053656][T26176] 8021q: adding VLAN 0 to HW filter on device team0
[  725.079426][T20522] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.086678][T20522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  725.124155][T26419] lo speed is unknown, defaulting to 1000
[  725.131727][T26419] wg1 speed is unknown, defaulting to 1000
[  725.153942][T20522] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.161240][T20522] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.424269][T26438] netlink: 'syz.2.5435': attribute type 1 has an invalid length.
[  725.622414][T26444] bond6: entered promiscuous mode
[  725.627531][T26444] bond6: entered allmulticast mode
[  725.658512][T26444] 8021q: adding VLAN 0 to HW filter on device bond6
[  725.667690][T26448] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  725.707013][T26440] syzkaller0: entered promiscuous mode
[  725.717820][T26440] syzkaller0: entered allmulticast mode
[  725.832604][T26443] tipc: Resetting bearer <eth:syzkaller0>
[  725.861341][T26440] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5437'.
[  725.899892][T26439] tipc: Resetting bearer <eth:syzkaller0>
[  725.899936][T26460] netlink: 'syz.4.5441': attribute type 1 has an invalid length.
[  725.951822][T26439] tipc: Disabling bearer <eth:syzkaller0>
[  726.191985][T26176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  726.323975][T26176] veth0_vlan: entered promiscuous mode
[  726.357416][T26176] veth1_vlan: entered promiscuous mode
[  726.406241][T26176] veth0_macvtap: entered promiscuous mode
[  726.425266][T26176] veth1_macvtap: entered promiscuous mode
[  726.463881][T26176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  726.507497][T26176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  726.543450][T20519] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  726.588497][T20519] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  726.637234][T20519] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  726.656219][T20519] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.664039][T26472] __nla_validate_parse: 1 callbacks suppressed
[  726.664061][T26472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5443'.
[  726.678249][T26470] lo speed is unknown, defaulting to 1000
[  726.779254][T26470] wg1 speed is unknown, defaulting to 1000
[  727.146179][T20520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.171606][T20520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.191255][T26482] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5445'.
[  727.285113][T26482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5445'.
[  727.330175][T26492] ip6gre0: entered allmulticast mode
[  727.409989][T20511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.419561][T20511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.810688][T26517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5452'.
[  727.916084][T26517] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  727.982479][T26517] syzkaller0: entered promiscuous mode
[  728.055089][T26517] syzkaller0: entered allmulticast mode
[  728.284140][T26505] tipc: Resetting bearer <eth:syzkaller0>
[  728.392157][T26505] tipc: Disabling bearer <eth:syzkaller0>
[  728.483664][T26544] lo speed is unknown, defaulting to 1000
[  728.484951][T26548] netlink: 'syz.4.5460': attribute type 1 has an invalid length.
[  728.593129][T26548] bond8: entered promiscuous mode
[  728.598220][T26548] bond8: entered allmulticast mode
[  728.605191][T26544] wg1 speed is unknown, defaulting to 1000
[  728.721707][T26552] bridge0: entered promiscuous mode
[  728.732369][T26552] bridge0: entered allmulticast mode
[  728.755926][T26552] bond8: (slave bridge0): making interface the new active one
[  728.768888][T26552] bond8: (slave bridge0): Enslaving as an active interface with an up link
[  728.868681][T26562] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  728.872886][T26563] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  728.891418][T26555] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  729.260710][T26588] lo speed is unknown, defaulting to 1000
[  729.268347][T26588] wg1 speed is unknown, defaulting to 1000
[  729.662349][T26604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5474'.
[  730.276073][T26618] A link change request failed with some changes committed already. Interface C` may have been left with an inconsistent configuration, please check.
[  730.311032][T26626] netlink: 'syz.2.5479': attribute type 12 has an invalid length.
[  730.322427][T26626] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.5479'.
[  730.834791][T26614] lo speed is unknown, defaulting to 1000
[  730.882092][T26614] wg1 speed is unknown, defaulting to 1000
[  731.269753][T26659] tipc: Can't bind to reserved service type 2
[  731.441485][T26665] tipc: Started in network mode
[  731.446395][T26665] tipc: Node identity 6a087c8190a2, cluster identity 4711
[  731.453845][T26665] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  731.463618][T26665] syzkaller0: entered promiscuous mode
[  731.471571][T26665] syzkaller0: entered allmulticast mode
[  731.653202][T26667] tipc: Resetting bearer <eth:syzkaller0>
[  731.740855][T26667] tipc: Disabling bearer <eth:syzkaller0>
[  731.796040][T26672] lo speed is unknown, defaulting to 1000
[  731.801567][T26684] netlink: 'syz.3.5493': attribute type 1 has an invalid length.
[  731.810934][T26684] netlink: 'syz.3.5493': attribute type 11 has an invalid length.
[  731.818771][T26684] netlink: 220 bytes leftover after parsing attributes in process `syz.3.5493'.
[  731.832076][T26672] wg1 speed is unknown, defaulting to 1000
[  731.903303][T26688] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5496'.
[  731.913337][T26688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5496'.
[  731.922985][T26688] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5496'.
[  732.266342][T26693] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-xor(2)
[  732.294485][T26703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5498'.
[  732.323535][T26703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5498'.
[  732.480862][T26705] FAULT_INJECTION: forcing a failure.
[  732.480862][T26705] name failslab, interval 1, probability 0, space 0, times 0
[  732.511976][T26707] netlink: 116 bytes leftover after parsing attributes in process `syz.1.5500'.
[  732.529927][T26705] CPU: 1 UID: 0 PID: 26705 Comm: syz.0.5499 Not tainted syzkaller #0 PREEMPT(full) 
[  732.529953][T26705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  732.529965][T26705] Call Trace:
[  732.529973][T26705]  <TASK>
[  732.529981][T26705]  dump_stack_lvl+0x189/0x250
[  732.530007][T26705]  ? __pfx____ratelimit+0x10/0x10
[  732.530026][T26705]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.530047][T26705]  ? __pfx__printk+0x10/0x10
[  732.530071][T26705]  ? __lock_acquire+0xab9/0xd20
[  732.530104][T26705]  should_fail_ex+0x414/0x560
[  732.530129][T26705]  should_failslab+0xa8/0x100
[  732.530153][T26705]  kmem_cache_alloc_noprof+0x73/0x3c0
[  732.530172][T26705]  ? skb_clone+0x212/0x3a0
[  732.530195][T26705]  skb_clone+0x212/0x3a0
[  732.530216][T26705]  __netlink_deliver_tap+0x404/0x850
[  732.530245][T26705]  ? netlink_deliver_tap+0x2e/0x1b0
[  732.530265][T26705]  netlink_deliver_tap+0x19c/0x1b0
[  732.530283][T26705]  netlink_unicast+0x7fa/0x9e0
[  732.530315][T26705]  ? __pfx_netlink_unicast+0x10/0x10
[  732.530341][T26705]  ? netlink_sendmsg+0x642/0xb30
[  732.530356][T26705]  ? skb_put+0x11b/0x210
[  732.530379][T26705]  netlink_sendmsg+0x805/0xb30
[  732.530408][T26705]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.530430][T26705]  ? aa_sock_msg_perm+0xf1/0x1d0
[  732.530450][T26705]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  732.530469][T26705]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.530488][T26705]  __sock_sendmsg+0x219/0x270
[  732.530516][T26705]  ____sys_sendmsg+0x505/0x830
[  732.530543][T26705]  ? __pfx_____sys_sendmsg+0x10/0x10
[  732.530573][T26705]  ? import_iovec+0x74/0xa0
[  732.530598][T26705]  ___sys_sendmsg+0x21f/0x2a0
[  732.530621][T26705]  ? __pfx____sys_sendmsg+0x10/0x10
[  732.530682][T26705]  ? __fget_files+0x2a/0x420
[  732.530697][T26705]  ? __fget_files+0x3a0/0x420
[  732.530725][T26705]  __x64_sys_sendmsg+0x19b/0x260
[  732.530749][T26705]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  732.530779][T26705]  ? __pfx_ksys_write+0x10/0x10
[  732.530798][T26705]  ? rcu_is_watching+0x15/0xb0
[  732.530820][T26705]  ? do_syscall_64+0xbe/0x3b0
[  732.530841][T26705]  do_syscall_64+0xfa/0x3b0
[  732.530857][T26705]  ? lockdep_hardirqs_on+0x9c/0x150
[  732.530874][T26705]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.530898][T26705]  ? clear_bhb_loop+0x60/0xb0
[  732.530920][T26705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.530937][T26705] RIP: 0033:0x7f2a9e58ebe9
[  732.530957][T26705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.530971][T26705] RSP: 002b:00007f2a9c7ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  732.530991][T26705] RAX: ffffffffffffffda RBX: 00007f2a9e7c5fa0 RCX: 00007f2a9e58ebe9
[  732.531005][T26705] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  732.531016][T26705] RBP: 00007f2a9c7ee090 R08: 0000000000000000 R09: 0000000000000000
[  732.531028][T26705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.531039][T26705] R13: 00007f2a9e7c6038 R14: 00007f2a9e7c5fa0 R15: 00007ffc5273a778
[  732.531070][T26705]  </TASK>
[  732.531140][T26705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5499'.
[  732.626680][T26711] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  732.963942][T26725] netlink: 'syz.3.5505': attribute type 5 has an invalid length.
[  733.276920][T26739] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5509'.
[  733.319496][T26740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5509'.
[  733.824948][T26767] FAULT_INJECTION: forcing a failure.
[  733.824948][T26767] name failslab, interval 1, probability 0, space 0, times 0
[  733.826723][T26765] netlink: 'syz.1.5508': attribute type 4 has an invalid length.
[  733.849817][T26767] CPU: 0 UID: 0 PID: 26767 Comm: syz.4.5514 Not tainted syzkaller #0 PREEMPT(full) 
[  733.849843][T26767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  733.849853][T26767] Call Trace:
[  733.849861][T26767]  <TASK>
[  733.849869][T26767]  dump_stack_lvl+0x189/0x250
[  733.849894][T26767]  ? __pfx____ratelimit+0x10/0x10
[  733.849911][T26767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.849931][T26767]  ? __pfx__printk+0x10/0x10
[  733.849960][T26767]  ? __pfx___might_resched+0x10/0x10
[  733.849976][T26767]  ? fs_reclaim_acquire+0x7d/0x100
[  733.849998][T26767]  should_fail_ex+0x414/0x560
[  733.850026][T26767]  should_failslab+0xa8/0x100
[  733.850051][T26767]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  733.850074][T26767]  ? __alloc_skb+0x112/0x2d0
[  733.850097][T26767]  __alloc_skb+0x112/0x2d0
[  733.850121][T26767]  netlink_ack+0x146/0xa50
[  733.850137][T26767]  ? __pfx_genl_rcv_msg+0x10/0x10
[  733.850157][T26767]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  733.850178][T26767]  ? __pfx_nl80211_post_doit+0x10/0x10
[  733.850215][T26767]  netlink_rcv_skb+0x28c/0x470
[  733.850231][T26767]  ? __lock_acquire+0xab9/0xd20
[  733.850254][T26767]  ? __pfx_genl_rcv_msg+0x10/0x10
[  733.850277][T26767]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  733.850316][T26767]  ? down_read+0x1ad/0x2e0
[  733.850339][T26767]  genl_rcv+0x28/0x40
[  733.850358][T26767]  netlink_unicast+0x82c/0x9e0
[  733.850391][T26767]  ? __pfx_netlink_unicast+0x10/0x10
[  733.850417][T26767]  ? netlink_sendmsg+0x642/0xb30
[  733.850433][T26767]  ? skb_put+0x11b/0x210
[  733.850455][T26767]  netlink_sendmsg+0x805/0xb30
[  733.850484][T26767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.850506][T26767]  ? aa_sock_msg_perm+0xf1/0x1d0
[  733.850525][T26767]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  733.850544][T26767]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.850564][T26767]  __sock_sendmsg+0x219/0x270
[  733.850590][T26767]  ____sys_sendmsg+0x505/0x830
[  733.850617][T26767]  ? __pfx_____sys_sendmsg+0x10/0x10
[  733.850647][T26767]  ? import_iovec+0x74/0xa0
[  733.850671][T26767]  ___sys_sendmsg+0x21f/0x2a0
[  733.850692][T26767]  ? __pfx____sys_sendmsg+0x10/0x10
[  733.850755][T26767]  ? __fget_files+0x2a/0x420
[  733.850769][T26767]  ? __fget_files+0x3a0/0x420
[  733.850797][T26767]  __x64_sys_sendmsg+0x19b/0x260
[  733.850820][T26767]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  733.850855][T26767]  ? __pfx_ksys_write+0x10/0x10
[  733.850874][T26767]  ? rcu_is_watching+0x15/0xb0
[  733.850898][T26767]  ? do_syscall_64+0xbe/0x3b0
[  733.850921][T26767]  do_syscall_64+0xfa/0x3b0
[  733.850938][T26767]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.850956][T26767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.850973][T26767]  ? clear_bhb_loop+0x60/0xb0
[  733.850993][T26767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.851009][T26767] RIP: 0033:0x7f899538ebe9
[  733.851034][T26767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  733.851049][T26767] RSP: 002b:00007f8996272038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  733.851068][T26767] RAX: ffffffffffffffda RBX: 00007f89955c5fa0 RCX: 00007f899538ebe9
[  733.851082][T26767] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  733.851093][T26767] RBP: 00007f8996272090 R08: 0000000000000000 R09: 0000000000000000
[  733.851104][T26767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  733.851116][T26767] R13: 00007f89955c6038 R14: 00007f89955c5fa0 R15: 00007ffc5cbca878
[  733.851146][T26767]  </TASK>
[  734.255909][T26769] netlink: 'syz.2.5515': attribute type 1 has an invalid length.
[  734.282066][T26765] netlink: 'syz.1.5508': attribute type 4 has an invalid length.
[  734.501157][T26785] netlink: 'syz.0.5521': attribute type 64 has an invalid length.
[  734.510664][T26779] netlink: 'syz.3.5518': attribute type 11 has an invalid length.
[  734.558874][T26784] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  734.612299][T26784] netlink: 'syz.2.5520': attribute type 1 has an invalid length.
[  735.060844][T26798] 8021q: adding VLAN 0 to HW filter on device bond9
[  735.228894][   T30] audit: type=1800 audit(1757429710.085:14): pid=26804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5524" name="cgroup.controllers" dev="tmpfs" ino=3004 res=0 errno=0
[  735.380962][T26803] netlink: 'syz.1.5526': attribute type 1 has an invalid length.
[  735.414221][T26814] netlink: 'syz.3.5528': attribute type 12 has an invalid length.
[  736.348958][T26869] Àÿ: renamed from team_slave_1
[  736.496068][T26875] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  736.510072][T26875] syzkaller0: entered promiscuous mode
[  736.515784][T26875] syzkaller0: entered allmulticast mode
[  736.569382][T26875] tipc: Resetting bearer <eth:syzkaller0>
[  736.589320][T26874] tipc: Resetting bearer <eth:syzkaller0>
[  736.711071][T26874] tipc: Disabling bearer <eth:syzkaller0>
[  736.772281][T26877] FAULT_INJECTION: forcing a failure.
[  736.772281][T26877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.786570][T26877] CPU: 0 UID: 0 PID: 26877 Comm: syz.4.5544 Not tainted syzkaller #0 PREEMPT(full) 
[  736.786596][T26877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  736.786607][T26877] Call Trace:
[  736.786615][T26877]  <TASK>
[  736.786624][T26877]  dump_stack_lvl+0x189/0x250
[  736.786650][T26877]  ? __pfx____ratelimit+0x10/0x10
[  736.786670][T26877]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.786689][T26877]  ? __pfx__printk+0x10/0x10
[  736.786733][T26877]  should_fail_ex+0x414/0x560
[  736.786762][T26877]  _copy_to_user+0x31/0xb0
[  736.786785][T26877]  simple_read_from_buffer+0xe1/0x170
[  736.786814][T26877]  proc_fail_nth_read+0x1b3/0x220
[  736.786838][T26877]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  736.786861][T26877]  ? rw_verify_area+0x2a6/0x4d0
[  736.786881][T26877]  ? __lock_acquire+0xab9/0xd20
[  736.786902][T26877]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  736.786923][T26877]  vfs_read+0x200/0xa30
[  736.786944][T26877]  ? fdget_pos+0x247/0x320
[  736.786965][T26877]  ? __pfx___mutex_lock+0x10/0x10
[  736.786985][T26877]  ? __pfx_vfs_read+0x10/0x10
[  736.787008][T26877]  ? __fget_files+0x2a/0x420
[  736.787029][T26877]  ? __fget_files+0x3a0/0x420
[  736.787043][T26877]  ? __fget_files+0x2a/0x420
[  736.787069][T26877]  ksys_read+0x145/0x250
[  736.787093][T26877]  ? __pfx_ksys_read+0x10/0x10
[  736.787111][T26877]  ? rcu_is_watching+0x15/0xb0
[  736.787135][T26877]  ? do_syscall_64+0xbe/0x3b0
[  736.787158][T26877]  do_syscall_64+0xfa/0x3b0
[  736.787175][T26877]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.787194][T26877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.787212][T26877]  ? clear_bhb_loop+0x60/0xb0
[  736.787233][T26877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.787250][T26877] RIP: 0033:0x7f899538d5fc
[  736.787268][T26877] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  736.787283][T26877] RSP: 002b:00007f8996272030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  736.787302][T26877] RAX: ffffffffffffffda RBX: 00007f89955c5fa0 RCX: 00007f899538d5fc
[  736.787315][T26877] RDX: 000000000000000f RSI: 00007f89962720a0 RDI: 0000000000000004
[  736.787327][T26877] RBP: 00007f8996272090 R08: 0000000000000000 R09: 0000000000000000
[  736.787338][T26877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.787349][T26877] R13: 00007f89955c6038 R14: 00007f89955c5fa0 R15: 00007ffc5cbca878
[  736.787382][T26877]  </TASK>
[  737.126005][T26885] netlink: 'syz.4.5547': attribute type 1 has an invalid length.
[  737.164052][T26885] 8021q: adding VLAN 0 to HW filter on device bond10
[  737.187929][T26885] bond10: (slave bridge5): making interface the new active one
[  737.197652][T26885] bond10: (slave bridge5): Enslaving as an active interface with an up link
[  737.250391][T26889] __nla_validate_parse: 20 callbacks suppressed
[  737.250412][T26889] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5549'.
[  737.318488][T26885] bond10: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  737.449365][T26896] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  737.480212][T26889] lo speed is unknown, defaulting to 1000
[  737.488071][T26889] wg1 speed is unknown, defaulting to 1000
[  737.544066][T26893] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  738.035591][T26930] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5558'.
[  739.103965][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  741.288076][T26939] lo speed is unknown, defaulting to 1000
[  741.305308][T26939] wg1 speed is unknown, defaulting to 1000
[  741.312375][T26965] lo speed is unknown, defaulting to 1000
[  741.322198][T26965] wg1 speed is unknown, defaulting to 1000
[  741.393966][T26987] netlink: 'syz.4.5567': attribute type 13 has an invalid length.
[  741.427211][T26987] netlink: 'syz.4.5567': attribute type 17 has an invalid length.
[  741.600768][T26987] 8021q: adding VLAN 0 to HW filter on device bond0
[  741.626993][T26987] 8021q: adding VLAN 0 to HW filter on device team0
[  741.638548][T26987] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  741.699512][T26994] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5569'.
[  741.718915][T26994] netlink: 'syz.1.5569': attribute type 4 has an invalid length.
[  741.988054][T27006] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  742.898044][T27038] netlink: 3 bytes leftover after parsing attributes in process `syz.2.5583'.
[  743.457540][ T5873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  743.464038][T27047] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5584'.
[  743.476737][T27050] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5587'.
[  743.489963][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  743.499117][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  743.508104][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  743.517391][ T5873] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  743.567382][T27056] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5584'.
[  743.677323][T27058] lo speed is unknown, defaulting to 1000
[  743.696694][T27056] lo speed is unknown, defaulting to 1000
[  743.706275][T27058] lo speed is unknown, defaulting to 1000
[  743.740191][T27056] wg1 speed is unknown, defaulting to 1000
[  743.741353][T27058] lo speed is unknown, defaulting to 1000
[  743.755733][T27048] lo speed is unknown, defaulting to 1000
[  743.777058][T27048] wg1 speed is unknown, defaulting to 1000
[  743.799110][T27063] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5588'.
[  743.829609][T27058] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  743.872948][T27065] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5582'.
[  743.940998][T20520] bond0: (slave netdevsim0): Releasing backup interface
[  743.950174][T20520] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[  744.059839][T27058] lo speed is unknown, defaulting to 1000
[  744.094606][T27058] lo speed is unknown, defaulting to 1000
[  744.112295][T27058] lo speed is unknown, defaulting to 1000
[  744.151371][T27058] lo speed is unknown, defaulting to 1000
[  744.191045][T27067] lo speed is unknown, defaulting to 1000
[  744.214568][T27058] lo speed is unknown, defaulting to 1000
[  744.269783][T27067] wg1 speed is unknown, defaulting to 1000
[  744.275946][T27058] lo speed is unknown, defaulting to 1000
[  744.292581][T27058] lo speed is unknown, defaulting to 1000
[  744.335344][T27058] lo speed is unknown, defaulting to 1000
[  744.431745][T27067] lo speed is unknown, defaulting to 1000
[  745.233818][T20520] bond8 (unregistering): (slave bridge0): Releasing backup interface
[  745.284992][T20520] bond10 (unregistering): (slave bridge5): Releasing active interface
[  745.459331][T20520] bond0 (unregistering): left promiscuous mode
[  745.466006][T20520] bond_slave_0: left promiscuous mode
[  745.472451][T20520] bond6 (unregistering): left promiscuous mode
[  745.478639][T20520] mac80211_hwsim hwsim48 wlan1: left promiscuous mode
[  745.487340][T20520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  745.497918][T20520] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[  745.509456][T20520] bond0 (unregistering): (slave bond6): Releasing backup interface
[  745.521888][T20520] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  745.531373][T20520] bond0 (unregistering): Released all slaves
[  745.547234][T20520] bond1 (unregistering): Released all slaves
[  745.582258][ T5873] Bluetooth: hci3: command tx timeout
[  745.697107][T20520] bond2 (unregistering): Released all slaves
[  745.848996][T20520] bond3 (unregistering): (slave vcan1): Releasing backup interface
[  745.858094][T20520] bond3 (unregistering): (slave vcan2): Releasing backup interface
[  745.866769][T20520] bond3 (unregistering): Released all slaves
[  745.883703][T20520] bond4 (unregistering): Released all slaves
[  745.896771][T20520] bond5 (unregistering): Released all slaves
[  746.066677][T20520] bond6 (unregistering): Released all slaves
[  746.226872][T20520] bond7 (unregistering): Released all slaves
[  746.239301][T20520] bond8 (unregistering): Released all slaves
[  746.396631][T20520] bond9 (unregistering): Released all slaves
[  746.555812][T20520] bond10 (unregistering): Released all slaves
[  746.607914][T27058] lo speed is unknown, defaulting to 1000
[  746.627838][T27082] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5594'.
[  746.695307][T27058] lo speed is unknown, defaulting to 1000
[  746.715521][T20520] : left promiscuous mode
[  746.945143][T27048] chnl_net:caif_netlink_parms(): no params data found
[  746.958140][T20520] tipc: Left network mode
[  746.958180][T27088] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5595'.
[  746.973733][T27090] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5596'.
[  747.140916][T27093] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5597'.
[  747.415217][T27048] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.425675][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  747.435469][T27048] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.457984][T27048] bridge_slave_0: entered allmulticast mode
[  747.481885][T27048] bridge_slave_0: entered promiscuous mode
[  747.507341][T27048] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.530418][T27048] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.537739][T27048] bridge_slave_1: entered allmulticast mode
[  747.577309][T27048] bridge_slave_1: entered promiscuous mode
[  747.672014][ T5873] Bluetooth: hci3: command tx timeout
[  747.770394][T20520] batadv0: left promiscuous mode
[  747.788747][T20520] hsr_slave_0: left promiscuous mode
[  747.800832][T20520] hsr_slave_1: left promiscuous mode
[  747.810877][T20520] batman_adv: batadv0: Removing interface: virt_wifi0
[  747.904257][T20520] pimreg (unregistering): left allmulticast mode
[  748.533869][T20520] team0 (unregistering): Port device team_slave_1 removed
[  748.600424][T20520] team0 (unregistering): Port device team_slave_0 removed
[  748.863585][T20520] team0 (unregistering): Port device dummy0 removed
[  749.046135][T27048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  749.061112][T27048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  749.097872][T27131] __nla_validate_parse: 2 callbacks suppressed
[  749.097892][T27131] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5607'.
[  749.344032][T27048] team0: Port device team_slave_0 added
[  749.364356][T27048] team0: Port device team_slave_1 added
[  749.369478][T27156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5610'.
[  749.379738][T27156] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  749.509136][T27163] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  749.560994][T27171] tipc: Trying to set illegal importance in message
[  749.740004][ T5873] Bluetooth: hci3: command tx timeout
[  750.084385][T27048] batman_adv: batadv0: Adding interface: batadv_slave_0
[  750.107316][T27048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  750.168091][T27048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  750.197006][T27048] batman_adv: batadv0: Adding interface: batadv_slave_1
[  750.204625][T27048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  750.250364][T27048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  750.336830][T20520] IPVS: stop unused estimator thread 0...
[  750.505078][T27048] hsr_slave_0: entered promiscuous mode
[  750.534440][T27048] hsr_slave_1: entered promiscuous mode
[  750.703592][T27200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5620'.
[  750.880624][T27202] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5619'.
[  751.400267][T27215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5623'.
[  751.400351][T27218] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5623'.
[  751.509165][T27218] bridge1: port 1(veth5) entered blocking state
[  751.534355][T27218] bridge1: port 1(veth5) entered disabled state
[  751.547296][T27218] veth5: entered allmulticast mode
[  751.554866][T27218] veth5: entered promiscuous mode
[  751.612740][T27221] bridge1: port 2(veth0_to_bond) entered blocking state
[  751.628641][T27221] bridge1: port 2(veth0_to_bond) entered disabled state
[  751.636561][T27221] veth0_to_bond: entered allmulticast mode
[  751.655993][T27221] veth0_to_bond: entered promiscuous mode
[  751.830264][ T5873] Bluetooth: hci3: command tx timeout
[  751.930469][T12642] IPVS: starting estimator thread 0...
[  751.978749][T27048] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  752.029881][T27235] IPVS: using max 31 ests per chain, 74400 per kthread
[  752.106271][T27048] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  752.151006][T27234] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5627'.
[  752.151129][T27237] xfrm1: entered allmulticast mode
[  752.167528][T27048] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  752.210456][T27048] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  752.321685][T27244] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5630'.
[  752.383303][T27048] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.437575][T27249] netlink: 'syz.0.5631': attribute type 1 has an invalid length.
[  752.444925][T27048] 8021q: adding VLAN 0 to HW filter on device team0
[  752.453537][T27249] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5631'.
[  752.489250][ T6260] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.496657][ T6260] bridge0: port 1(bridge_slave_0) entered forwarding state
[  752.525342][T20520] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.532682][T20520] bridge0: port 2(bridge_slave_1) entered forwarding state
[  753.051324][T27269] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.5637'.
[  753.132860][T27272] lo speed is unknown, defaulting to 1000
[  753.143431][T27272] wg1 speed is unknown, defaulting to 1000
[  753.166572][T27048] 8021q: adding VLAN 0 to HW filter on device batadv0
[  753.178604][T27272] lo speed is unknown, defaulting to 1000
[  753.788299][T27048] veth0_vlan: entered promiscuous mode
[  753.826887][T27048] veth1_vlan: entered promiscuous mode
[  753.937078][T27048] veth0_macvtap: entered promiscuous mode
[  753.966834][T27048] veth1_macvtap: entered promiscuous mode
[  754.045995][T27048] batman_adv: batadv0: Interface activated: batadv_slave_0
[  754.123925][T27048] batman_adv: batadv0: Interface activated: batadv_slave_1
[  754.186955][ T6260] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  754.210512][ T6260] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  754.301627][T27314] netlink: 'syz.3.5646': attribute type 1 has an invalid length.
[  754.472996][ T6260] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  754.513080][ T6260] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  754.636283][ T5862] Bluetooth: hci3: command 0x0405 tx timeout
[  754.847722][T27330] lo speed is unknown, defaulting to 1000
[  754.903328][T27330] wg1 speed is unknown, defaulting to 1000
[  754.932033][T27330] lo speed is unknown, defaulting to 1000
[  754.940569][T20511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.948491][T20511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.067540][T20522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  755.079115][T20522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.174546][T27344] lo speed is unknown, defaulting to 1000
[  755.195219][T27344] wg1 speed is unknown, defaulting to 1000
[  755.212875][   T30] audit: type=1804 audit(1757429730.065:15): pid=27346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5657" name="/newroot/53/cgroup.controllers" dev="tmpfs" ino=296 res=1 errno=0
[  755.247776][T27350] netlink: 'syz.2.5656': attribute type 1 has an invalid length.
[  755.253333][T27346] 8021q: adding VLAN 0 to HW filter on device team0
[  755.263289][T27350] __nla_validate_parse: 2 callbacks suppressed
[  755.263309][T27350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5656'.
[  755.282884][T27351] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5581'.
[  755.309281][T27346] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  755.325755][   T30] audit: type=1800 audit(1757429730.065:16): pid=27346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5657" name="cgroup.controllers" dev="tmpfs" ino=296 res=0 errno=0
[  755.350718][T27351] block nbd0: backend image doesn't match with ªªªªª
[  755.376749][   T30] audit: type=1800 audit(1757429730.065:17): pid=27346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5657" name="cgroup.controllers" dev="tmpfs" ino=296 res=0 errno=0
[  755.518609][T27344] lo speed is unknown, defaulting to 1000
[  755.518823][T27358] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5658'.
[  755.550263][T27357] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5659'.
[  756.064275][T27377] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5663'.
[  756.386673][T27382] netlink: 'syz.4.5666': attribute type 1 has an invalid length.
[  756.394646][T27382] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5666'.
[  756.720872][T16752] syz_tun (unregistering): left promiscuous mode
[  756.817902][ T5862] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  756.828167][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  756.836854][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  756.841442][T27389] lo speed is unknown, defaulting to 1000
[  756.850878][ T5862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  756.852043][T27389] wg1 speed is unknown, defaulting to 1000
[  756.864706][ T5862] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  756.886683][T27389] lo speed is unknown, defaulting to 1000
[  756.894227][T27396] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5670'.
[  756.946134][T27396] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5670'.
[  756.969614][T27393] lo speed is unknown, defaulting to 1000
[  756.969716][T27398] bond_slave_1: entered allmulticast mode
[  757.001549][T27393] wg1 speed is unknown, defaulting to 1000
[  757.005738][T27398] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5668'.
[  757.038726][T27393] lo speed is unknown, defaulting to 1000
[  757.505865][T27416] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5673'.
[  757.603713][T27393] chnl_net:caif_netlink_parms(): no params data found
[  757.920413][T27393] bridge0: port 1(bridge_slave_0) entered blocking state
[  757.939927][T27393] bridge0: port 1(bridge_slave_0) entered disabled state
[  757.947337][T27393] bridge_slave_0: entered allmulticast mode
[  757.978035][T27393] bridge_slave_0: entered promiscuous mode
[  758.020584][T27393] bridge0: port 2(bridge_slave_1) entered blocking state
[  758.027949][T27393] bridge0: port 2(bridge_slave_1) entered disabled state
[  758.045711][T27393] bridge_slave_1: entered allmulticast mode
[  758.062689][T27393] bridge_slave_1: entered promiscuous mode
[  758.172908][T27393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  758.213580][T27393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  758.422921][T27440] netlink: 'syz.1.5680': attribute type 1 has an invalid length.
[  758.448010][T27393] team0: Port device team_slave_0 added
[  758.458585][T27393] team0: Port device team_slave_1 added
[  758.467874][T27444] netlink: 'syz.0.5682': attribute type 1 has an invalid length.
[  758.591615][T27393] batman_adv: batadv0: Adding interface: batadv_slave_0
[  758.598781][T27393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.631468][T27393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  758.662483][T27393] batman_adv: batadv0: Adding interface: batadv_slave_1
[  758.670366][T27393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.731553][T27393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  758.848205][T27393] hsr_slave_0: entered promiscuous mode
[  758.862774][T27393] hsr_slave_1: entered promiscuous mode
[  758.880303][T27393] debugfs: 'hsr0' already exists in 'hsr'
[  758.894797][T27393] Cannot create hsr debugfs directory
[  758.952199][ T5873] Bluetooth: hci1: command tx timeout
[  759.335770][T27393] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  759.524594][T27482] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:0
[  759.569500][T27393] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  759.712298][T27393] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  759.925185][T27393] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  760.280271][T27503] __nla_validate_parse: 12 callbacks suppressed
[  760.280290][T27503] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5697'.
[  760.372067][T27393] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  760.430089][T27393] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  760.479500][T27393] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  760.514081][T27393] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  760.698955][T27393] 8021q: adding VLAN 0 to HW filter on device bond0
[  760.721573][T27531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5703'.
[  760.761005][T27531] 8021q: adding VLAN 0 to HW filter on device bond1
[  760.783930][T27393] 8021q: adding VLAN 0 to HW filter on device team0
[  760.808718][T27531] bond_slave_0: entered promiscuous mode
[  760.814590][T27531] bond_slave_1: entered promiscuous mode
[  760.827507][T27531] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  760.855996][T27531] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  760.868136][T27539] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5705'.
[  760.880499][T27539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5705'.
[  760.898438][T20511] bridge0: port 1(bridge_slave_0) entered blocking state
[  760.905756][T20511] bridge0: port 1(bridge_slave_0) entered forwarding state
[  760.936008][T27536] bridge_slave_0: left allmulticast mode
[  760.947053][T27536] bridge_slave_0: left promiscuous mode
[  760.971964][T27536] bridge0: port 1(bridge_slave_0) entered disabled state
[  760.997079][T27536] bridge_slave_1: left allmulticast mode
[  761.003263][T27536] bridge_slave_1: left promiscuous mode
[  761.009151][T27536] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.020043][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  761.033324][T27536] veth0_to_bond: left allmulticast mode
[  761.039361][T27536] veth0_to_bond: left promiscuous mode
[  761.050883][T27536] bridge1: port 2(veth0_to_bond) entered disabled state
[  761.066731][T27536] bond0: (slave bond_slave_0): Releasing backup interface
[  761.075503][T27536] bond_slave_0: left promiscuous mode
[  761.086655][T27536] bond0: (slave bond_slave_1): Releasing backup interface
[  761.096565][T27536] bond_slave_1: left promiscuous mode
[  761.111359][T27536] team0: Port device team_slave_0 removed
[  761.124529][T27536] team0: Port device team_slave_1 removed
[  761.131515][T27536] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  761.138913][T27536] batman_adv: batadv0: Removing interface: batadv_slave_0
[  761.148106][T27536] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  761.155824][T27536] batman_adv: batadv0: Removing interface: batadv_slave_1
[  761.166281][T27536] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  761.206757][T27539] bond3: entered promiscuous mode
[  761.207205][T27544] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5704'.
[  761.223079][T27539] bond3: entered allmulticast mode
[  761.232669][T27539] 8021q: adding VLAN 0 to HW filter on device bond3
[  761.244456][T20522] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.251931][T20522] bridge0: port 2(bridge_slave_1) entered forwarding state
[  761.352838][T27543] bond_slave_1: left allmulticast mode
[  761.365708][T27543] gtp0: left promiscuous mode
[  761.384540][T27543] xfrm1: left allmulticast mode
[  761.428783][T20522] bond1: (slave macvlan2): speed changed to 0 on port 1
[  761.467455][T27542] lo speed is unknown, defaulting to 1000
[  761.493154][T20515] bond1: (slave macvlan2): link status definitely down, disabling slave
[  761.546562][T27542] wg1 speed is unknown, defaulting to 1000
[  761.575174][T27542] lo speed is unknown, defaulting to 1000
[  761.685518][T27552] lo speed is unknown, defaulting to 1000
[  761.716489][T27552] wg1 speed is unknown, defaulting to 1000
[  761.765465][T27552] lo speed is unknown, defaulting to 1000
[  762.027971][T27563] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  762.055416][T27553] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5708'.
[  762.059938][T27563] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  762.094277][T27393] 8021q: adding VLAN 0 to HW filter on device batadv0
[  762.095701][T27563] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  762.269886][T27393] veth0_vlan: entered promiscuous mode
[  762.295054][T27393] veth1_vlan: entered promiscuous mode
[  762.495903][T27580] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5713'.
[  762.597518][T27393] veth0_macvtap: entered promiscuous mode
[  762.614629][T27582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5714'.
[  762.708859][T27393] veth1_macvtap: entered promiscuous mode
[  762.709276][T27584] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5715'.
[  762.830540][T27588] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5718'.
[  762.866630][T27393] batman_adv: batadv0: Interface activated: batadv_slave_0
[  762.921413][T27592] bond2: entered promiscuous mode
[  762.927706][T27592] 8021q: adding VLAN 0 to HW filter on device bond2
[  762.950557][T27597] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  763.003627][T27393] batman_adv: batadv0: Interface activated: batadv_slave_1
[  763.017284][T20519] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  763.061848][T27584] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  763.073767][T27599] syzkaller0: entered promiscuous mode
[  763.082195][T27600] netlink: 'syz.1.5716': attribute type 1 has an invalid length.
[  763.085147][T27599] syzkaller0: entered allmulticast mode
[  763.101302][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  763.106537][T20519] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  763.122412][T20519] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  763.148935][T20519] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  763.191386][T27584] tipc: Resetting bearer <eth:syzkaller0>
[  763.217880][T27583] tipc: Resetting bearer <eth:syzkaller0>
[  763.266427][T27583] tipc: Disabling bearer <eth:syzkaller0>
[  763.590364][T20522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  763.598310][T20522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  763.694984][T20522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  763.703265][T20522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  763.835298][T27623] syz_tun: entered allmulticast mode
[  764.144334][T27624] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.152068][T27624] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.347808][T27624] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  764.364851][T27624] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  764.596943][T20523] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  764.612434][T20523] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  764.629985][T20523] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  764.691167][T20523] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  764.786242][T27657] netlink: 'syz.3.5734': attribute type 1 has an invalid length.
[  765.180604][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  765.254901][T27675] lo speed is unknown, defaulting to 1000
[  765.273315][T27675] wg1 speed is unknown, defaulting to 1000
[  765.282812][T27675] lo speed is unknown, defaulting to 1000
[  765.705103][T27675] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878)
[  765.810245][T27675] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[  765.938992][T27702] lo speed is unknown, defaulting to 1000
[  765.955535][T27702] wg1 speed is unknown, defaulting to 1000
[  765.967164][T27709] netlink: 'syz.2.5747': attribute type 1 has an invalid length.
[  766.060605][T27702] lo speed is unknown, defaulting to 1000
[  766.359672][T27716] lo speed is unknown, defaulting to 1000
[  766.368011][T27716] wg1 speed is unknown, defaulting to 1000
[  766.375972][T27716] lo speed is unknown, defaulting to 1000
[  766.688992][T27724] __nla_validate_parse: 5 callbacks suppressed
[  766.689011][T27724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5751'.
[  766.827465][T27724] 8021q: adding VLAN 0 to HW filter on device bond1
[  766.853599][T27724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5751'.
[  766.875274][T27724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5751'.
[  767.018520][T27742] netlink: 'syz.3.5755': attribute type 1 has an invalid length.
[  767.055252][T27742] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5755'.
[  767.279872][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  767.390166][T27770] batadv_slave_0: entered allmulticast mode
[  767.396375][T27770] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  767.417146][T27767] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  767.510748][T27772] vlan2: entered promiscuous mode
[  767.515898][T27772] bridge0: entered promiscuous mode
[  767.568336][T27743] tipc: Disabling bearer <eth:syzkaller0>
[  767.603759][T27759] lo speed is unknown, defaulting to 1000
[  767.621424][T27759] wg1 speed is unknown, defaulting to 1000
[  767.667383][T27759] lo speed is unknown, defaulting to 1000
[  768.117061][T27789] netlink: 'syz.0.5768': attribute type 21 has an invalid length.
[  768.140284][T27789] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5768'.
[  768.159210][T27791] netlink: 'syz.2.5769': attribute type 10 has an invalid length.
[  768.187974][T27792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5769'.
[  768.217180][T27791] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  768.265917][T27792] bridge_slave_1: left allmulticast mode
[  768.289291][T27792] bridge_slave_1: left promiscuous mode
[  768.296958][T27792] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.333998][T27792] bridge_slave_0: left allmulticast mode
[  768.347827][T27792] bridge_slave_0: left promiscuous mode
[  768.354403][T27792] bridge0: port 1(bridge_slave_0) entered disabled state
[  768.398604][T27801] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5772'.
[  768.484540][T27792] bond0: (slave bridge0): Releasing backup interface
[  768.682547][T27801] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5772'.
[  768.831268][T27815] netlink: 'syz.2.5777': attribute type 1 has an invalid length.
[  768.839268][T27815] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5777'.
[  768.861119][T27816] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  768.986037][T27821] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5778'.
[  769.340102][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  769.966936][T27859] lo speed is unknown, defaulting to 1000
[  770.033208][T27859] wg1 speed is unknown, defaulting to 1000
[  770.057878][T27859] lo speed is unknown, defaulting to 1000
[  770.212664][T27865] siw: device registration error -23
[  770.312035][T27865] netlink: 'syz.0.5791': attribute type 4 has an invalid length.
[  770.652596][T27873] lo speed is unknown, defaulting to 1000
[  770.661011][T27873] wg1 speed is unknown, defaulting to 1000
[  770.675825][T27873] lo speed is unknown, defaulting to 1000
[  770.926924][T27891] lo speed is unknown, defaulting to 1000
[  770.935200][T27891] wg1 speed is unknown, defaulting to 1000
[  770.943493][T27891] lo speed is unknown, defaulting to 1000
[  771.150349][T27885] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  771.259409][T27899] syzkaller1: entered promiscuous mode
[  771.279874][T27899] syzkaller1: entered allmulticast mode
[  771.429116][T21203] Bluetooth: hci1: command 0x041b tx timeout
[  771.528743][T27902] veth3: entered promiscuous mode
[  772.068670][T27923] siw: device registration error -23
[  772.263642][T27929] __nla_validate_parse: 2 callbacks suppressed
[  772.263662][T27929] netlink: 11382 bytes leftover after parsing attributes in process `syz.3.5807'.
[  772.334463][T27932] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5810'.
[  772.379892][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  772.509466][T27933] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  772.826377][T27957] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5817'.
[  772.839537][T27957] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5817'.
[  772.923014][T27957] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5817'.
[  772.968466][T27965] netlink: 516 bytes leftover after parsing attributes in process `syz.0.5819'.
[  773.001094][T27966] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5818'.
[  773.096980][T27970] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5820'.
[  773.198249][T27973] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.5820'.
[  773.329293][T27967] ip6gre1: entered allmulticast mode
[  773.539230][T27992] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5829'.
[  773.551027][T27988] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  773.574269][T27988] netlink: 'syz.4.5827': attribute type 1 has an invalid length.
[  774.152194][T28016] lo speed is unknown, defaulting to 1000
[  774.179324][T28016] wg1 speed is unknown, defaulting to 1000
[  774.232992][T28016] lo speed is unknown, defaulting to 1000
[  774.557359][T28007] lo speed is unknown, defaulting to 1000
[  774.571853][T28007] wg1 speed is unknown, defaulting to 1000
[  774.664294][T28007] lo speed is unknown, defaulting to 1000
[  775.258985][T28063] netlink: 'syz.2.5848': attribute type 13 has an invalid length.
[  775.279915][T28063] netlink: 'syz.2.5848': attribute type 17 has an invalid length.
[  775.481849][T28063] 8021q: adding VLAN 0 to HW filter on device bond0
[  775.516970][T28063] 8021q: adding VLAN 0 to HW filter on device team0
[  775.574451][T28073] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input10
[  775.604125][T28063] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  775.777950][T28069] lo speed is unknown, defaulting to 1000
[  775.786459][T28069] wg1 speed is unknown, defaulting to 1000
[  775.794560][T28069] lo speed is unknown, defaulting to 1000
[  776.046365][ T5862] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  776.073736][ T5862] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  776.084435][ T5862] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  776.095059][ T5862] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  776.104728][ T5862] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  776.112332][T28094] block nbd0: must specify backend
[  776.268260][T28091] lo speed is unknown, defaulting to 1000
[  776.298662][T28091] wg1 speed is unknown, defaulting to 1000
[  776.352954][T28091] lo speed is unknown, defaulting to 1000
[  777.391481][T28091] chnl_net:caif_netlink_parms(): no params data found
[  777.553258][T28091] bridge0: port 1(bridge_slave_0) entered blocking state
[  777.564164][T28091] bridge0: port 1(bridge_slave_0) entered disabled state
[  777.574646][T28091] bridge_slave_0: entered allmulticast mode
[  777.590507][T28091] bridge_slave_0: entered promiscuous mode
[  777.604349][T28091] bridge0: port 2(bridge_slave_1) entered blocking state
[  777.612098][T28091] bridge0: port 2(bridge_slave_1) entered disabled state
[  777.619685][T28091] bridge_slave_1: entered allmulticast mode
[  777.628343][T28091] bridge_slave_1: entered promiscuous mode
[  777.726935][T28091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  777.751161][T28091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  777.878186][T28091] team0: Port device team_slave_0 added
[  777.908140][T28091] team0: Port device team_slave_1 added
[  778.044208][T28091] batman_adv: batadv0: Adding interface: batadv_slave_0
[  778.061888][T28091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  778.120275][T28091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  778.133314][T28091] batman_adv: batadv0: Adding interface: batadv_slave_1
[  778.164859][T28091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  778.201568][T28091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  778.228145][T21203] Bluetooth: hci5: command tx timeout
[  778.434932][T28169] veth1_to_bond: entered allmulticast mode
[  778.480396][T28091] hsr_slave_0: entered promiscuous mode
[  778.492081][T28091] hsr_slave_1: entered promiscuous mode
[  778.501587][T28176] __nla_validate_parse: 7 callbacks suppressed
[  778.501604][T28176] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5878'.
[  778.508707][T28091] debugfs: 'hsr0' already exists in 'hsr'
[  778.523878][T28176] syz.4.5878: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  778.539901][T28176] CPU: 1 UID: 0 PID: 28176 Comm: syz.4.5878 Not tainted syzkaller #0 PREEMPT(full) 
[  778.539926][T28176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  778.539937][T28176] Call Trace:
[  778.539945][T28176]  <TASK>
[  778.539953][T28176]  dump_stack_lvl+0x189/0x250
[  778.539981][T28176]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.540001][T28176]  ? __pfx__printk+0x10/0x10
[  778.540023][T28176]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  778.540043][T28176]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  778.540065][T28176]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  778.540088][T28176]  warn_alloc+0x214/0x310
[  778.540113][T28176]  ? stack_depot_save_flags+0x40/0x860
[  778.540138][T28176]  ? __pfx_warn_alloc+0x10/0x10
[  778.540163][T28176]  ? kasan_save_track+0x4f/0x80
[  778.540183][T28176]  ? xskq_create+0x56/0x170
[  778.540200][T28176]  ? xsk_init_queue+0xb0/0x110
[  778.540214][T28176]  ? xsk_setsockopt+0x4dc/0x8d0
[  778.540235][T28176]  ? do_sock_setsockopt+0x179/0x1b0
[  778.540252][T28176]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  778.540269][T28176]  ? do_syscall_64+0xfa/0x3b0
[  778.540286][T28176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.540309][T28176]  __vmalloc_node_range_noprof+0x125/0x12f0
[  778.540361][T28176]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  778.540384][T28176]  ? xskq_create+0x56/0x170
[  778.540404][T28176]  ? __kasan_kmalloc+0x93/0xb0
[  778.540427][T28176]  vmalloc_user_noprof+0xad/0xf0
[  778.540448][T28176]  ? xskq_create+0xbf/0x170
[  778.540463][T28176]  xskq_create+0xbf/0x170
[  778.540483][T28176]  xsk_init_queue+0xb0/0x110
[  778.540502][T28176]  xsk_setsockopt+0x4dc/0x8d0
[  778.540519][T28091] Cannot create hsr debugfs directory
[  778.540525][T28176]  ? __pfx_xsk_setsockopt+0x10/0x10
[  778.540546][T28176]  ? __pfx_aa_sk_perm+0x10/0x10
[  778.540569][T28176]  ? aa_sock_opt_perm+0xff/0x1b0
[  778.540587][T28176]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  778.540606][T28176]  ? __pfx_xsk_setsockopt+0x10/0x10
[  778.540631][T28176]  do_sock_setsockopt+0x179/0x1b0
[  778.540655][T28176]  __x64_sys_setsockopt+0x13f/0x1b0
[  778.540679][T28176]  do_syscall_64+0xfa/0x3b0
[  778.540695][T28176]  ? lockdep_hardirqs_on+0x9c/0x150
[  778.540723][T28176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.540739][T28176]  ? clear_bhb_loop+0x60/0xb0
[  778.540760][T28176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.540776][T28176] RIP: 0033:0x7f56b5b8ebe9
[  778.540792][T28176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  778.540806][T28176] RSP: 002b:00007f56b6ad0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  778.540824][T28176] RAX: ffffffffffffffda RBX: 00007f56b5dc5fa0 RCX: 00007f56b5b8ebe9
[  778.540837][T28176] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  778.540848][T28176] RBP: 00007f56b5c11e19 R08: 0000000000000004 R09: 0000000000000000
[  778.540859][T28176] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  778.540869][T28176] R13: 00007f56b5dc6038 R14: 00007f56b5dc5fa0 R15: 00007ffd55553f98
[  778.540898][T28176]  </TASK>
[  778.540906][T28176] Mem-Info:
[  778.692735][T28169] veth1_to_bond: left allmulticast mode
[  778.695797][T28176] active_anon:6731 inactive_anon:0 isolated_anon:0
[  778.695797][T28176]  active_file:3665 inactive_file:40136 isolated_file:0
[  778.695797][T28176]  unevictable:768 dirty:299 writeback:0
[  778.695797][T28176]  slab_reclaimable:13857 slab_unreclaimable:291472
[  778.695797][T28176]  mapped:29444 shmem:1361 pagetables:986
[  778.695797][T28176]  sec_pagetables:0 bounce:0
[  778.695797][T28176]  kernel_misc_reclaimable:0
[  778.695797][T28176]  free:1118628 free_pcp:16161 free_cma:0
[  778.929742][T28176] Node 0 active_anon:27524kB inactive_anon:0kB active_file:14660kB inactive_file:160344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117776kB dirty:1196kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14356kB pagetables:3884kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  778.966098][T28176] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  779.059173][T28176] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  779.090696][T28176] lowmem_reserve[]: 0 2497 2499 2499 2499
[  779.096868][T28176] Node 0 DMA32 free:572676kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27752kB inactive_anon:0kB active_file:14660kB inactive_file:158776kB unevictable:1536kB writepending:1196kB present:3129332kB managed:2557400kB mlocked:0kB bounce:0kB free_pcp:42944kB local_pcp:19900kB free_cma:0kB
[  779.140343][T28176] lowmem_reserve[]: 0 0 1 1 1
[  779.165198][T28176] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  779.223962][T28176] lowmem_reserve[]: 0 0 0 0 0
[  779.236560][T28176] Node 1 Normal free:3885428kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18264kB local_pcp:8704kB free_cma:0kB
[  779.288489][T28176] lowmem_reserve[]: 0 0 0 0 0
[  779.300349][T28176] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  779.316911][T28176] Node 0 DMA32: 189*4kB (UME) 640*8kB (UM) 407*16kB (UME) 230*32kB (UME) 252*64kB (UM) 77*128kB (UM) 83*256kB (UME) 49*512kB (UME) 45*1024kB (UM) 1*2048kB (U) 106*4096kB (UM) = 574372kB
[  779.382872][T28176] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  779.398355][T28176] Node 1 Normal: 115*4kB (UE) 51*8kB (UME) 47*16kB (UME) 149*32kB (UME) 42*64kB (UME) 10*128kB (UME) 5*256kB (UM) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 944*4096kB (M) = 3885428kB
[  779.418811][T28176] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  779.437492][T28176] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  779.448365][T28176] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  779.459492][T28176] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  779.469415][T28176] 45159 total pagecache pages
[  779.475458][T28176] 0 pages in swap cache
[  779.479871][T28176] Free swap  = 124996kB
[  779.484031][T28176] Total swap = 124996kB
[  779.488296][T28091] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  779.499864][T28176] 2097051 pages RAM
[  779.503814][T28176] 0 pages HighMem/MovableOnly
[  779.508505][T28176] 425675 pages reserved
[  779.512798][T28176] 0 pages cma reserved
[  779.774039][T28091] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  779.797771][T28212] syzkaller1: entered promiscuous mode
[  779.826202][T28212] syzkaller1: entered allmulticast mode
[  780.097491][T28091] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  780.277825][T28091] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  780.308477][T21203] Bluetooth: hci5: command tx timeout
[  780.363130][T28239] mac80211_hwsim hwsim80 wlan0: entered promiscuous mode
[  780.387824][T28239] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  780.412465][T28248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5897'.
[  780.496957][T28252] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5897'.
[  780.645697][T28255] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5898'.
[  780.756428][T28257] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  780.778638][T28262] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5899'.
[  780.789534][T28262] hsr_slave_0: left promiscuous mode
[  780.800349][T28262] hsr_slave_1: left promiscuous mode
[  780.872460][T28091] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  780.963162][T28091] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  780.999039][T28091] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  781.045388][T28091] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  781.321084][T28289] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5909'.
[  781.362477][T28091] 8021q: adding VLAN 0 to HW filter on device bond0
[  781.413987][T28295] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5907'.
[  781.423354][T28295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5907'.
[  781.448161][T28295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5907'.
[  781.467822][T28091] 8021q: adding VLAN 0 to HW filter on device team0
[  781.504098][T20520] bridge0: port 1(bridge_slave_0) entered blocking state
[  781.511331][T20520] bridge0: port 1(bridge_slave_0) entered forwarding state
[  781.558281][T20520] bridge0: port 2(bridge_slave_1) entered blocking state
[  781.565515][T20520] bridge0: port 2(bridge_slave_1) entered forwarding state
[  781.665319][T28304] : entered promiscuous mode
[  781.687604][T28306] wg1 speed is unknown, defaulting to 1000
[  781.698326][T28306] lo speed is unknown, defaulting to 1000
[  781.762456][T28315] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5914'.
[  781.917213][T28321] netlink: 'syz.4.5916': attribute type 1 has an invalid length.
[  782.379893][T21203] Bluetooth: hci5: command tx timeout
[  782.552946][T28091] 8021q: adding VLAN 0 to HW filter on device batadv0
[  782.687740][T28091] veth0_vlan: entered promiscuous mode
[  782.733135][T28091] veth1_vlan: entered promiscuous mode
[  782.926837][T28091] veth0_macvtap: entered promiscuous mode
[  782.933348][T28369] netlink: 'syz.0.5926': attribute type 1 has an invalid length.
[  782.967657][T28371] netlink: 'syz.1.5922': attribute type 1 has an invalid length.
[  782.975097][T28091] veth1_macvtap: entered promiscuous mode
[  783.018754][T28091] batman_adv: batadv0: Interface activated: batadv_slave_0
[  783.044468][T28091] batman_adv: batadv0: Interface activated: batadv_slave_1
[  783.067441][T20511] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  783.100469][T20511] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  783.140742][T20511] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  783.181088][T28376] netlink: 'syz.4.5928': attribute type 1 has an invalid length.
[  783.196353][T20511] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.537040][T20519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.581307][T20519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  783.655148][T28396] __nla_validate_parse: 10 callbacks suppressed
[  783.655166][T28396] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5934'.
[  783.690928][ T6260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.709679][ T6260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  783.802200][T28411] netlink: 'syz.4.5938': attribute type 1 has an invalid length.
[  783.803632][T28403] wg1 speed is unknown, defaulting to 1000
[  783.881047][T28415] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5938'.
[  783.895971][T28411] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5938'.
[  783.947033][T28403] lo speed is unknown, defaulting to 1000
[  784.335870][T28425] wg1 speed is unknown, defaulting to 1000
[  784.349565][T28425] lo speed is unknown, defaulting to 1000
[  784.360685][T28427] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  784.461598][T21203] Bluetooth: hci5: command tx timeout
[  784.653135][T28443] netlink: 'syz.4.5947': attribute type 1 has an invalid length.
[  784.690299][T28443] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5947'.
[  785.023426][T28445] syzkaller1: entered promiscuous mode
[  785.071864][T28445] syzkaller1: entered allmulticast mode
[  785.104536][T28456] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5950'.
[  785.314344][T28462] FAULT_INJECTION: forcing a failure.
[  785.314344][T28462] name failslab, interval 1, probability 0, space 0, times 0
[  785.399019][T28462] CPU: 1 UID: 0 PID: 28462 Comm: syz.1.5952 Not tainted syzkaller #0 PREEMPT(full) 
[  785.399068][T28462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  785.399091][T28462] Call Trace:
[  785.399106][T28462]  <TASK>
[  785.399116][T28462]  dump_stack_lvl+0x189/0x250
[  785.399141][T28462]  ? __pfx____ratelimit+0x10/0x10
[  785.399161][T28462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  785.399180][T28462]  ? __pfx__printk+0x10/0x10
[  785.399208][T28462]  ? __pfx___might_resched+0x10/0x10
[  785.399230][T28462]  should_fail_ex+0x414/0x560
[  785.399257][T28462]  should_failslab+0xa8/0x100
[  785.399282][T28462]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  785.399305][T28462]  ? __alloc_skb+0x112/0x2d0
[  785.399328][T28462]  __alloc_skb+0x112/0x2d0
[  785.399350][T28462]  netlink_sendmsg+0x5c6/0xb30
[  785.399379][T28462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  785.399399][T28462]  ? aa_sock_msg_perm+0xf1/0x1d0
[  785.399418][T28462]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  785.399437][T28462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  785.399456][T28462]  __sock_sendmsg+0x219/0x270
[  785.399483][T28462]  ____sys_sendmsg+0x505/0x830
[  785.399510][T28462]  ? __pfx_____sys_sendmsg+0x10/0x10
[  785.399540][T28462]  ? import_iovec+0x74/0xa0
[  785.399563][T28462]  ___sys_sendmsg+0x21f/0x2a0
[  785.399586][T28462]  ? __pfx____sys_sendmsg+0x10/0x10
[  785.399642][T28462]  ? __fget_files+0x2a/0x420
[  785.399654][T28462]  ? __fget_files+0x3a0/0x420
[  785.399677][T28462]  __x64_sys_sendmsg+0x19b/0x260
[  785.399698][T28462]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  785.399727][T28462]  ? __pfx_ksys_write+0x10/0x10
[  785.399744][T28462]  ? rcu_is_watching+0x15/0xb0
[  785.399767][T28462]  ? do_syscall_64+0xbe/0x3b0
[  785.399789][T28462]  do_syscall_64+0xfa/0x3b0
[  785.399806][T28462]  ? lockdep_hardirqs_on+0x9c/0x150
[  785.399824][T28462]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  785.399841][T28462]  ? clear_bhb_loop+0x60/0xb0
[  785.399861][T28462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  785.399878][T28462] RIP: 0033:0x7f9e80d8ebe9
[  785.399894][T28462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  785.399909][T28462] RSP: 002b:00007f9e81c65038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  785.399926][T28462] RAX: ffffffffffffffda RBX: 00007f9e80fc5fa0 RCX: 00007f9e80d8ebe9
[  785.399939][T28462] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000005
[  785.399951][T28462] RBP: 00007f9e81c65090 R08: 0000000000000000 R09: 0000000000000000
[  785.399962][T28462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  785.399972][T28462] R13: 00007f9e80fc6038 R14: 00007f9e80fc5fa0 R15: 00007ffd48551d38
[  785.400003][T28462]  </TASK>
[  785.911657][T28469] netlink: 248 bytes leftover after parsing attributes in process `syz.2.5954'.
[  785.970276][T28469] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5954'.
[  786.251348][T28504] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5962'.
[  786.301919][T28504] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5962'.
[  786.338605][T28509] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5962'.
[  786.477599][T28517] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode 802.3ad(4)
[  786.632123][T28529] netlink: 'syz.3.5969': attribute type 1 has an invalid length.
[  786.859883][ T5862] Bluetooth: hci5: command 0x0405 tx timeout
[  787.557569][T28569] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  787.700403][T28575] wg1 speed is unknown, defaulting to 1000
[  787.708186][T28575] lo speed is unknown, defaulting to 1000
[  788.096684][T28605] tipc: Started in network mode
[  788.107624][T28605] tipc: Node identity 7f000001, cluster identity 4711
[  788.120374][T28605] tipc: Enabled bearer <udp:syz2>, priority 10
[  788.134365][T28608] pimreg: entered allmulticast mode
[  788.149122][T28599] pimreg: left allmulticast mode
[  788.292067][T28605] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  788.305179][T28611] netlink: 'syz.2.5991': attribute type 1 has an invalid length.
[  788.531028][T28622] FAULT_INJECTION: forcing a failure.
[  788.531028][T28622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  788.564536][T28622] CPU: 0 UID: 0 PID: 28622 Comm: syz.3.5994 Not tainted syzkaller #0 PREEMPT(full) 
[  788.564562][T28622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  788.564573][T28622] Call Trace:
[  788.564581][T28622]  <TASK>
[  788.564596][T28622]  dump_stack_lvl+0x189/0x250
[  788.564622][T28622]  ? __pfx____ratelimit+0x10/0x10
[  788.564641][T28622]  ? __pfx_dump_stack_lvl+0x10/0x10
[  788.564659][T28622]  ? __pfx__printk+0x10/0x10
[  788.564678][T28622]  ? __might_fault+0xb0/0x130
[  788.564707][T28622]  should_fail_ex+0x414/0x560
[  788.564731][T28622]  _copy_from_iter+0x1de/0x1790
[  788.564754][T28622]  ? rcu_is_watching+0x15/0xb0
[  788.564771][T28622]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  788.564794][T28622]  ? __pfx__copy_from_iter+0x10/0x10
[  788.564814][T28622]  ? __build_skb_around+0x257/0x3e0
[  788.564834][T28622]  ? netlink_sendmsg+0x642/0xb30
[  788.564850][T28622]  ? skb_put+0x11b/0x210
[  788.564870][T28622]  netlink_sendmsg+0x6b2/0xb30
[  788.564895][T28622]  ? __pfx_netlink_sendmsg+0x10/0x10
[  788.564914][T28622]  ? aa_sock_msg_perm+0xf1/0x1d0
[  788.564931][T28622]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  788.564946][T28622]  ? __pfx_netlink_sendmsg+0x10/0x10
[  788.564962][T28622]  __sock_sendmsg+0x219/0x270
[  788.564987][T28622]  ____sys_sendmsg+0x505/0x830
[  788.565011][T28622]  ? __pfx_____sys_sendmsg+0x10/0x10
[  788.565041][T28622]  ? import_iovec+0x74/0xa0
[  788.565063][T28622]  ___sys_sendmsg+0x21f/0x2a0
[  788.565084][T28622]  ? __pfx____sys_sendmsg+0x10/0x10
[  788.565137][T28622]  ? __fget_files+0x2a/0x420
[  788.565152][T28622]  ? __fget_files+0x3a0/0x420
[  788.565178][T28622]  __x64_sys_sendmsg+0x19b/0x260
[  788.565201][T28622]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  788.565229][T28622]  ? __pfx_ksys_write+0x10/0x10
[  788.565247][T28622]  ? rcu_is_watching+0x15/0xb0
[  788.565269][T28622]  ? do_syscall_64+0xbe/0x3b0
[  788.565290][T28622]  do_syscall_64+0xfa/0x3b0
[  788.565306][T28622]  ? lockdep_hardirqs_on+0x9c/0x150
[  788.565324][T28622]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.565341][T28622]  ? clear_bhb_loop+0x60/0xb0
[  788.565361][T28622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.565378][T28622] RIP: 0033:0x7f3ff298ebe9
[  788.565394][T28622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  788.565408][T28622] RSP: 002b:00007f3ff373b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  788.565427][T28622] RAX: ffffffffffffffda RBX: 00007f3ff2bc5fa0 RCX: 00007f3ff298ebe9
[  788.565438][T28622] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000005
[  788.565449][T28622] RBP: 00007f3ff373b090 R08: 0000000000000000 R09: 0000000000000000
[  788.565459][T28622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.565470][T28622] R13: 00007f3ff2bc6038 R14: 00007f3ff2bc5fa0 R15: 00007fff4fea4ee8
[  788.565495][T28622]  </TASK>
[  789.126768][T24688] tipc: Node number set to 2130706433
[  789.254587][T28650] syzkaller1: entered promiscuous mode
[  789.279800][T28650] syzkaller1: entered allmulticast mode
[  789.323404][T28657] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  789.337878][T28657] netlink: 'syz.4.6005': attribute type 1 has an invalid length.
[  789.346576][T28657] __nla_validate_parse: 5 callbacks suppressed
[  789.346595][T28657] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6005'.
[  789.397158][T28661] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6006'.
[  789.433048][T28661] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6006'.
[  789.482078][T28668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6004'.
[  789.633512][T28670] wg1 speed is unknown, defaulting to 1000
[  789.661469][T28670] lo speed is unknown, defaulting to 1000
[  789.668053][T28668] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  790.336732][T28683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6009'.
[  790.583401][T28697] netlink: 'syz.0.6013': attribute type 1 has an invalid length.
[  790.591297][T28697] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6013'.
[  790.627581][T28699] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6014'.
[  790.637176][T28699] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6014'.
[  790.848472][T28707] batadv_slave_1: entered promiscuous mode
[  790.924888][T28709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6017'.
[  790.936476][T28707] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6017'.
[  790.994487][T28706] batadv_slave_1: left promiscuous mode
[  791.142101][T28720] vlan2: entered promiscuous mode
[  791.147338][T28720] macvtap0: entered promiscuous mode
[  791.628148][ T5862] Bluetooth: hci5: command 0x0405 tx timeout
[  791.865550][T28748] syzkaller1: entered promiscuous mode
[  791.902938][T28748] syzkaller1: entered allmulticast mode
[  792.057099][T28757] FAULT_INJECTION: forcing a failure.
[  792.057099][T28757] name failslab, interval 1, probability 0, space 0, times 0
[  792.081770][T28757] CPU: 0 UID: 0 PID: 28757 Comm: syz.0.6033 Not tainted syzkaller #0 PREEMPT(full) 
[  792.081797][T28757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  792.081808][T28757] Call Trace:
[  792.081817][T28757]  <TASK>
[  792.081825][T28757]  dump_stack_lvl+0x189/0x250
[  792.081851][T28757]  ? __pfx____ratelimit+0x10/0x10
[  792.081871][T28757]  ? __pfx_dump_stack_lvl+0x10/0x10
[  792.081891][T28757]  ? __pfx__printk+0x10/0x10
[  792.081916][T28757]  ? __pfx___might_resched+0x10/0x10
[  792.081934][T28757]  ? fs_reclaim_acquire+0x7d/0x100
[  792.081956][T28757]  should_fail_ex+0x414/0x560
[  792.081984][T28757]  should_failslab+0xa8/0x100
[  792.082010][T28757]  __kmalloc_cache_noprof+0x70/0x3d0
[  792.082032][T28757]  ? nfc_genl_se_io+0x227/0x680
[  792.082060][T28757]  nfc_genl_se_io+0x227/0x680
[  792.082090][T28757]  genl_family_rcv_msg_doit+0x215/0x300
[  792.082121][T28757]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  792.082157][T28757]  ? bpf_lsm_capable+0x9/0x20
[  792.082177][T28757]  ? security_capable+0x7e/0x2e0
[  792.082208][T28757]  genl_rcv_msg+0x60e/0x790
[  792.082237][T28757]  ? __pfx_genl_rcv_msg+0x10/0x10
[  792.082257][T28757]  ? __pfx_nfc_genl_se_io+0x10/0x10
[  792.082296][T28757]  netlink_rcv_skb+0x205/0x470
[  792.082313][T28757]  ? __lock_acquire+0xab9/0xd20
[  792.082336][T28757]  ? __pfx_genl_rcv_msg+0x10/0x10
[  792.082359][T28757]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  792.082399][T28757]  ? down_read+0x1ad/0x2e0
[  792.082429][T28757]  genl_rcv+0x28/0x40
[  792.082449][T28757]  netlink_unicast+0x82c/0x9e0
[  792.082483][T28757]  ? __pfx_netlink_unicast+0x10/0x10
[  792.082515][T28757]  ? netlink_sendmsg+0x642/0xb30
[  792.082531][T28757]  ? skb_put+0x11b/0x210
[  792.082555][T28757]  netlink_sendmsg+0x805/0xb30
[  792.082584][T28757]  ? __pfx_netlink_sendmsg+0x10/0x10
[  792.082607][T28757]  ? aa_sock_msg_perm+0xf1/0x1d0
[  792.082626][T28757]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  792.082645][T28757]  ? __pfx_netlink_sendmsg+0x10/0x10
[  792.082664][T28757]  __sock_sendmsg+0x219/0x270
[  792.082692][T28757]  ____sys_sendmsg+0x505/0x830
[  792.082719][T28757]  ? __pfx_____sys_sendmsg+0x10/0x10
[  792.082750][T28757]  ? import_iovec+0x74/0xa0
[  792.082775][T28757]  ___sys_sendmsg+0x21f/0x2a0
[  792.082797][T28757]  ? __pfx____sys_sendmsg+0x10/0x10
[  792.082859][T28757]  ? __fget_files+0x2a/0x420
[  792.082874][T28757]  ? __fget_files+0x3a0/0x420
[  792.082902][T28757]  __x64_sys_sendmsg+0x19b/0x260
[  792.082926][T28757]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  792.082958][T28757]  ? __pfx_ksys_write+0x10/0x10
[  792.082977][T28757]  ? rcu_is_watching+0x15/0xb0
[  792.083001][T28757]  ? do_syscall_64+0xbe/0x3b0
[  792.083025][T28757]  do_syscall_64+0xfa/0x3b0
[  792.083042][T28757]  ? lockdep_hardirqs_on+0x9c/0x150
[  792.083060][T28757]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  792.083078][T28757]  ? clear_bhb_loop+0x60/0xb0
[  792.083099][T28757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  792.083116][T28757] RIP: 0033:0x7f2a9e58ebe9
[  792.083133][T28757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  792.083148][T28757] RSP: 002b:00007f2a9c7ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  792.083168][T28757] RAX: ffffffffffffffda RBX: 00007f2a9e7c5fa0 RCX: 00007f2a9e58ebe9
[  792.083181][T28757] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000005
[  792.083193][T28757] RBP: 00007f2a9c7ee090 R08: 0000000000000000 R09: 0000000000000000
[  792.083205][T28757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  792.083216][T28757] R13: 00007f2a9e7c6038 R14: 00007f2a9e7c5fa0 R15: 00007ffc5273a778
[  792.083249][T28757]  </TASK>
[  792.616610][T28775] netlink: 'syz.4.6039': attribute type 1 has an invalid length.
[  792.694347][T28781] bond0: entered promiscuous mode
[  792.699424][T28781] bond_slave_0: entered promiscuous mode
[  792.710413][T28781] bond_slave_1: entered promiscuous mode
[  792.718207][T28781] batadv0: entered promiscuous mode
[  792.724899][T28781] debugfs: 'hsr1' already exists in 'hsr'
[  792.730926][T28781] Cannot create hsr debugfs directory
[  792.736859][T28781] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  792.751082][T28781] hsr1: entered allmulticast mode
[  792.756337][T28781] bond0: entered allmulticast mode
[  792.761920][T28781] bond_slave_0: entered allmulticast mode
[  792.767846][T28781] bond_slave_1: entered allmulticast mode
[  792.779856][T28781] batadv0: entered allmulticast mode
[  792.786043][T28781] 8021q: adding VLAN 0 to HW filter on device hsr1
[  792.816582][T28781] bond0: left promiscuous mode
[  792.821801][T28781] bond_slave_0: left promiscuous mode
[  792.827658][T28781] bond_slave_1: left promiscuous mode
[  792.834986][T28781] batadv0: left promiscuous mode
[  792.956683][T28770] wg1 speed is unknown, defaulting to 1000
[  792.964894][T28770] lo speed is unknown, defaulting to 1000
[  793.962501][T28849] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  794.183428][T28867] netlink: 'syz.1.6060': attribute type 1 has an invalid length.
[  794.458505][T28890] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  794.469108][T28894] __nla_validate_parse: 46 callbacks suppressed
[  794.469127][T28894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6067'.
[  794.695310][T28904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6069'.
[  794.816680][T28907] FAULT_INJECTION: forcing a failure.
[  794.816680][T28907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  794.825103][T28912] sctp: [Deprecated]: syz.2.6072 (pid 28912) Use of int in max_burst socket option.
[  794.825103][T28912] Use struct sctp_assoc_value instead
[  794.849134][T28907] CPU: 0 UID: 0 PID: 28907 Comm: syz.4.6071 Not tainted syzkaller #0 PREEMPT(full) 
[  794.849170][T28907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  794.849182][T28907] Call Trace:
[  794.849190][T28907]  <TASK>
[  794.849198][T28907]  dump_stack_lvl+0x189/0x250
[  794.849224][T28907]  ? __pfx____ratelimit+0x10/0x10
[  794.849243][T28907]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.849262][T28907]  ? __pfx__printk+0x10/0x10
[  794.849295][T28907]  should_fail_ex+0x414/0x560
[  794.849322][T28907]  _copy_to_user+0x31/0xb0
[  794.849345][T28907]  simple_read_from_buffer+0xe1/0x170
[  794.849372][T28907]  proc_fail_nth_read+0x1b3/0x220
[  794.849395][T28907]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  794.849419][T28907]  ? rw_verify_area+0x2a6/0x4d0
[  794.849438][T28907]  ? __lock_acquire+0xab9/0xd20
[  794.849458][T28907]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  794.849478][T28907]  vfs_read+0x200/0xa30
[  794.849496][T28907]  ? fdget_pos+0x247/0x320
[  794.849516][T28907]  ? __pfx___mutex_lock+0x10/0x10
[  794.849535][T28907]  ? __pfx_vfs_read+0x10/0x10
[  794.849558][T28907]  ? __fget_files+0x2a/0x420
[  794.849579][T28907]  ? __fget_files+0x3a0/0x420
[  794.849592][T28907]  ? __fget_files+0x2a/0x420
[  794.849615][T28907]  ksys_read+0x145/0x250
[  794.849641][T28907]  ? __pfx_ksys_read+0x10/0x10
[  794.849657][T28907]  ? rcu_is_watching+0x15/0xb0
[  794.849678][T28907]  ? do_syscall_64+0xbe/0x3b0
[  794.849698][T28907]  do_syscall_64+0xfa/0x3b0
[  794.849714][T28907]  ? lockdep_hardirqs_on+0x9c/0x150
[  794.849730][T28907]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.849747][T28907]  ? clear_bhb_loop+0x60/0xb0
[  794.849767][T28907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.849783][T28907] RIP: 0033:0x7f56b5b8d5fc
[  794.849798][T28907] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  794.849813][T28907] RSP: 002b:00007f56b6ad0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  794.849830][T28907] RAX: ffffffffffffffda RBX: 00007f56b5dc5fa0 RCX: 00007f56b5b8d5fc
[  794.849842][T28907] RDX: 000000000000000f RSI: 00007f56b6ad00a0 RDI: 0000000000000004
[  794.849854][T28907] RBP: 00007f56b6ad0090 R08: 0000000000000000 R09: 0000000000000000
[  794.849864][T28907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  794.849874][T28907] R13: 00007f56b5dc6038 R14: 00007f56b5dc5fa0 R15: 00007ffd55553f98
[  794.849905][T28907]  </TASK>
[  794.865859][T28914] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6073'.
[  795.476558][T28939] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6079'.
[  795.570536][T12642] tipc: Node number set to 4205476993
[  796.204994][T28966] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6085'.
[  796.404571][T28970] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6086'.
[  797.770743][T28978] netlink: 'syz.0.6088': attribute type 1 has an invalid length.
[  797.778959][T28978] netlink: 224 bytes leftover after parsing attributes in process `syz.0.6088'.
[  799.079504][T28953] wg1 speed is unknown, defaulting to 1000
[  799.087971][T28953] lo speed is unknown, defaulting to 1000
[  799.297118][T28997] netlink: 'syz.0.6092': attribute type 83 has an invalid length.
[  799.319851][   T30] audit: type=1800 audit(1757429774.175:18): pid=28991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6090" name="memory.events" dev="tmpfs" ino=159 res=0 errno=0
[  799.380794][T28997] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  799.434288][T29002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6092'.
[  799.482409][T29002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6092'.
[  799.677463][T29007] netlink: 724 bytes leftover after parsing attributes in process `syz.4.6095'.
[  799.695962][T29007] netlink: 83 bytes leftover after parsing attributes in process `syz.4.6095'.
[  799.712360][T29008] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6096'.
[  799.734317][T29008] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6096'.
[  799.799418][T29012] netlink: 'syz.4.6097': attribute type 39 has an invalid length.
[  800.103523][T28997] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  800.191107][T28997] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  800.276373][T29022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6101'.
[  800.298273][T28997] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  800.308993][T28997] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  800.317646][T29022] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  800.345216][T29022] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7)
[  800.442074][T28997] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  800.458366][T28997] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  800.578930][T28997] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  800.616908][T28997] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  801.008693][T29029] netlink: 'syz.3.6102': attribute type 1 has an invalid length.
[  801.049785][T29029] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6102'.
[  801.350934][T29039] mac80211_hwsim hwsim80 wlan0: left promiscuous mode
[  801.358536][T29039] veth3: left promiscuous mode
[  801.437140][T29046] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  801.451009][T29046] netlink: 'syz.2.6108': attribute type 1 has an invalid length.
[  801.458934][T29046] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6108'.
[  801.509407][T29048] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6109'.
[  801.520915][T29048] netlink: 27 bytes leftover after parsing attributes in process `syz.4.6109'.
[  801.999602][T29059] 8021q: VLANs not supported on caif0
[  802.929003][T29079] macsec1: entered promiscuous mode
[  802.934722][T29079] mac80211_hwsim hwsim78 wlan0: entered promiscuous mode
[  802.942799][T29079] macsec1: entered allmulticast mode
[  802.948331][T29079] mac80211_hwsim hwsim78 wlan0: entered allmulticast mode
[  803.892698][T29096] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  803.905786][T29096] netlink: 'syz.4.6125': attribute type 1 has an invalid length.
[  804.015200][T29099] syzkaller1: entered promiscuous mode
[  804.021845][T29099] syzkaller1: entered allmulticast mode
[  804.160290][T29105] netlink: 'syz.3.6128': attribute type 2 has an invalid length.
[  804.175358][T29105] k›*·]‘: entered promiscuous mode
[  804.192057][T29105] veth0_to_team: entered promiscuous mode
[  804.197963][T29105] veth0_to_team: entered allmulticast mode
[  804.233091][T29105] wg1 speed is unknown, defaulting to 1000
[  804.241349][T29105] lo speed is unknown, defaulting to 1000
[  804.639122][T29109] __nla_validate_parse: 7 callbacks suppressed
[  804.639140][T29109] netlink: 332 bytes leftover after parsing attributes in process `syz.2.6129'.
[  804.659374][T29109] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6129'.
[  804.669719][T29109] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6129'.
[  805.281926][T12645] IPVS: starting estimator thread 0...
[  805.290508][T29123] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  805.336793][T29124] wg1 speed is unknown, defaulting to 1000
[  805.351690][T29124] lo speed is unknown, defaulting to 1000
[  805.379894][T29126] IPVS: using max 32 ests per chain, 76800 per kthread
[  805.509207][T29131] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6133'.
[  805.782049][T29137] netlink: 220 bytes leftover after parsing attributes in process `syz.3.6137'.
[  805.803500][T29137] netlink: 220 bytes leftover after parsing attributes in process `syz.3.6137'.
[  805.814385][T29137] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6137'.
[  806.369228][T29146] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  806.383191][T29146] netlink: 'syz.4.6140': attribute type 1 has an invalid length.
[  806.399892][T29146] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6140'.
[  806.609548][T29159] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  806.626878][T29159] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6142'.
[  807.565353][T29178] wg1 speed is unknown, defaulting to 1000
[  807.573579][T29178] lo speed is unknown, defaulting to 1000
[  808.863291][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  839.580304][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  870.302925][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  885.661482][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  931.742088][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  954.780383][   T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds.
[  954.787980][   T31]       Not tainted syzkaller #0
[  954.793523][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  954.802447][   T31] task:kworker/1:0     state:D stack:23864 pid:24    tgid:24    ppid:2      task_flags:0x4208060 flags:0x00004000
[  954.815138][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  954.821899][   T31] Call Trace:
[  954.825213][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  954.828145][   T31]  __schedule+0x1798/0x4cc0
[  954.835309][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  954.845856][   T31]  ? __pfx___schedule+0x10/0x10
[  954.856151][   T31]  ? schedule+0x91/0x360
[  954.868254][   T31]  schedule+0x165/0x360
[  954.873111][   T31]  schedule_preempt_disabled+0x13/0x30
[  954.878985][   T31]  __mutex_lock+0x7e6/0x1350
[  954.884817][   T31]  ? __mutex_lock+0x5bb/0x1350
[  954.890871][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  954.897613][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  954.909774][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  954.915867][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  954.959885][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  954.966197][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  954.980289][   T31]  process_scheduled_works+0xae1/0x17b0
[  954.985999][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  954.992271][   T31]  worker_thread+0x8a0/0xda0
[  954.996917][   T31]  kthread+0x70e/0x8a0
[  955.001251][   T31]  ? __pfx_worker_thread+0x10/0x10
[  955.006749][   T31]  ? __pfx_kthread+0x10/0x10
[  955.011535][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  955.017025][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.022676][   T31]  ? __pfx_kthread+0x10/0x10
[  955.027294][   T31]  ret_from_fork+0x3fc/0x770
[  955.031977][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  955.037218][   T31]  ? __switch_to_asm+0x39/0x70
[  955.042179][   T31]  ? __switch_to_asm+0x33/0x70
[  955.047028][   T31]  ? __pfx_kthread+0x10/0x10
[  955.051724][   T31]  ret_from_fork_asm+0x1a/0x30
[  955.056638][   T31]  </TASK>
[  955.060091][   T31] INFO: task syz.1.6089:28980 blocked for more than 143 seconds.
[  955.067831][   T31]       Not tainted syzkaller #0
[  955.072901][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  955.081836][   T31] task:syz.1.6089      state:D stack:25096 pid:28980 tgid:28980 ppid:20913  task_flags:0x400040 flags:0x00004004
[  955.098351][   T31] Call Trace:
[  955.105987][   T31]  <TASK>
[  955.108961][   T31]  __schedule+0x1798/0x4cc0
[  955.113982][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.118875][   T31]  ? __pfx___schedule+0x10/0x10
[  955.123984][   T31]  ? schedule+0x91/0x360
[  955.128240][   T31]  schedule+0x165/0x360
[  955.132622][   T31]  schedule_preempt_disabled+0x13/0x30
[  955.138272][   T31]  __mutex_lock+0x7e6/0x1350
[  955.143003][   T31]  ? __mutex_lock+0x5bb/0x1350
[  955.147780][   T31]  ? rfkill_unregister+0xc8/0x220
[  955.153010][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  955.158047][   T31]  ? __pfx_device_del+0x10/0x10
[  955.163054][   T31]  rfkill_unregister+0xc8/0x220
[  955.168009][   T31]  nfc_unregister_device+0x96/0x2a0
[  955.173416][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  955.179254][   T31]  virtual_ncidev_close+0x56/0x90
[  955.184777][   T31]  __fput+0x44c/0xa70
[  955.188787][   T31]  task_work_run+0x1d1/0x260
[  955.193572][   T31]  ? __pfx_task_work_run+0x10/0x10
[  955.198733][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  955.204473][   T31]  exit_to_user_mode_loop+0xec/0x110
[  955.210015][   T31]  do_syscall_64+0x2bd/0x3b0
[  955.214643][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.219941][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.226028][   T31]  ? clear_bhb_loop+0x60/0xb0
[  955.230876][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.236796][   T31] RIP: 0033:0x7f9e80d8ebe9
[  955.241361][   T31] RSP: 002b:00007ffd48551e98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  955.249982][   T31] RAX: 0000000000000000 RBX: 00007f9e80fc7da0 RCX: 00007f9e80d8ebe9
[  955.258419][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  955.266528][   T31] RBP: 00007f9e80fc7da0 R08: 0000000000000200 R09: 0000001d4855218f
[  955.274905][   T31] R10: 00000000003ffbd8 R11: 0000000000000246 R12: 00000000000c3486
[  955.283063][   T31] R13: 00007f9e80fc6090 R14: ffffffffffffffff R15: 00007ffd48551fb0
[  955.291458][   T31]  </TASK>
[  955.294560][   T31] INFO: task syz.0.6092:28997 blocked for more than 143 seconds.
[  955.302392][   T31]       Not tainted syzkaller #0
[  955.307341][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  955.316414][   T31] task:syz.0.6092      state:D stack:24392 pid:28997 tgid:28995 ppid:26176  task_flags:0x400140 flags:0x00004006
[  955.328543][   T31] Call Trace:
[  955.331975][   T31]  <TASK>
[  955.334923][   T31]  __schedule+0x1798/0x4cc0
[  955.339439][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.344585][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.349682][   T31]  ? __pfx___schedule+0x10/0x10
[  955.354655][   T31]  ? schedule+0x91/0x360
[  955.358936][   T31]  schedule+0x165/0x360
[  955.363186][   T31]  schedule_preempt_disabled+0x13/0x30
[  955.368704][   T31]  __mutex_lock+0x7e6/0x1350
[  955.373696][   T31]  ? __mutex_lock+0x5bb/0x1350
[  955.378492][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  955.383837][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  955.388959][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.394264][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  955.400331][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  955.406864][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  955.412780][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  955.417917][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  955.423903][   T31]  rfkill_set_block+0x1d2/0x440
[  955.428887][   T31]  rfkill_fop_write+0x44b/0x570
[  955.433821][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  955.439238][   T31]  ? security_kernfs_init_security+0x240/0x290
[  955.445448][   T31]  ? rw_verify_area+0x255/0x4d0
[  955.450499][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.455364][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  955.460824][   T31]  vfs_write+0x27b/0xb30
[  955.465170][   T31]  ? __pfx_vfs_write+0x10/0x10
[  955.470053][   T31]  ? __fget_files+0x2a/0x420
[  955.474673][   T31]  ? __fget_files+0x2a/0x420
[  955.479538][   T31]  ? __fget_files+0x3a0/0x420
[  955.484379][   T31]  ? __fget_files+0x2a/0x420
[  955.489125][   T31]  ksys_write+0x145/0x250
[  955.493672][   T31]  ? __pfx_ksys_write+0x10/0x10
[  955.498565][   T31]  ? rcu_is_watching+0x15/0xb0
[  955.503463][   T31]  ? do_syscall_64+0xbe/0x3b0
[  955.508205][   T31]  do_syscall_64+0xfa/0x3b0
[  955.512790][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.518025][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.524427][   T31]  ? clear_bhb_loop+0x60/0xb0
[  955.529223][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.535332][   T31] RIP: 0033:0x7f2a9e58ebe9
[  955.541257][   T31] RSP: 002b:00007f2a9c7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  955.549792][   T31] RAX: ffffffffffffffda RBX: 00007f2a9e7c5fa0 RCX: 00007f2a9e58ebe9
[  955.557876][   T31] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 000000000000000a
[  955.566034][   T31] RBP: 00007f2a9e611e19 R08: 0000000000000000 R09: 0000000000000000
[  955.574217][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  955.582631][   T31] R13: 00007f2a9e7c6038 R14: 00007f2a9e7c5fa0 R15: 00007ffc5273a778
[  955.590699][   T31]  </TASK>
[  955.593760][   T31] INFO: task syz.2.6142:29153 blocked for more than 144 seconds.
[  955.601605][   T31]       Not tainted syzkaller #0
[  955.606982][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  955.615933][   T31] task:syz.2.6142      state:D stack:25096 pid:29153 tgid:29152 ppid:27393  task_flags:0x400140 flags:0x00004004
[  955.627952][   T31] Call Trace:
[  955.631293][   T31]  <TASK>
[  955.634239][   T31]  __schedule+0x1798/0x4cc0
[  955.638774][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.643712][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.648582][   T31]  ? __pfx___schedule+0x10/0x10
[  955.653572][   T31]  ? schedule+0x91/0x360
[  955.657848][   T31]  schedule+0x165/0x360
[  955.662283][   T31]  schedule_preempt_disabled+0x13/0x30
[  955.667809][   T31]  __mutex_lock+0x7e6/0x1350
[  955.672581][   T31]  ? __mutex_lock+0x5bb/0x1350
[  955.677364][   T31]  ? rfkill_register+0x37/0x8e0
[  955.682287][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  955.687414][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  955.692861][   T31]  ? device_initialize+0x24b/0x440
[  955.697982][   T31]  rfkill_register+0x37/0x8e0
[  955.702771][   T31]  nfc_register_device+0x14a/0x320
[  955.707905][   T31]  nci_register_device+0x87f/0x9d0
[  955.713093][   T31]  ? __pfx_nci_register_device+0x10/0x10
[  955.718776][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  955.724148][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  955.729607][   T31]  virtual_ncidev_open+0x129/0x1a0
[  955.734776][   T31]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  955.741521][   T31]  misc_open+0x2bc/0x330
[  955.745892][   T31]  chrdev_open+0x4c9/0x5e0
[  955.750431][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  955.755433][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  955.762000][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  955.766954][   T31]  do_dentry_open+0x950/0x13f0
[  955.771812][   T31]  vfs_open+0x3b/0x340
[  955.775908][   T31]  ? path_openat+0x2ecd/0x3830
[  955.780749][   T31]  path_openat+0x2ee5/0x3830
[  955.785361][   T31]  ? arch_stack_walk+0xfc/0x150
[  955.790507][   T31]  ? stack_depot_save_flags+0x40/0x860
[  955.796070][   T31]  ? __pfx_path_openat+0x10/0x10
[  955.801109][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.807306][   T31]  do_filp_open+0x1fa/0x410
[  955.811883][   T31]  ? __lock_acquire+0xab9/0xd20
[  955.816753][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  955.825968][   T31]  ? _raw_spin_unlock+0x28/0x50
[  955.831177][   T31]  ? alloc_fd+0x64c/0x6c0
[  955.835551][   T31]  do_sys_openat2+0x121/0x1c0
[  955.840680][   T31]  ? __se_sys_futex+0x36f/0x400
[  955.845652][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  955.851341][   T31]  ? rcu_is_watching+0x15/0xb0
[  955.856237][   T31]  __x64_sys_openat+0x138/0x170
[  955.861510][   T31]  do_syscall_64+0xfa/0x3b0
[  955.866024][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  955.872287][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.878377][   T31]  ? clear_bhb_loop+0x60/0xb0
[  955.883379][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  955.889299][   T31] RIP: 0033:0x7fe54898ebe9
[  955.894197][   T31] RSP: 002b:00007fe549890038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  955.903442][   T31] RAX: ffffffffffffffda RBX: 00007fe548bc5fa0 RCX: 00007fe54898ebe9
[  955.911810][   T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  955.920117][   T31] RBP: 00007fe548a11e19 R08: 0000000000000000 R09: 0000000000000000
[  955.928398][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  955.937029][   T31] R13: 00007fe548bc6038 R14: 00007fe548bc5fa0 R15: 00007ffe9200cb98
[  955.945374][   T31]  </TASK>
[  955.948449][   T31] INFO: task syz.3.6151:29183 blocked for more than 144 seconds.
[  955.956461][   T31]       Not tainted syzkaller #0
[  955.961690][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  955.970581][   T31] task:syz.3.6151      state:D stack:27304 pid:29183 tgid:29182 ppid:28091  task_flags:0x400140 flags:0x00004004
[  955.982765][   T31] Call Trace:
[  955.986059][   T31]  <TASK>
[  955.988983][   T31]  __schedule+0x1798/0x4cc0
[  955.993531][   T31]  ? kasan_save_free_info+0x46/0x50
[  955.998729][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.004068][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.009036][   T31]  ? __pfx___schedule+0x10/0x10
[  956.014140][   T31]  ? schedule+0x91/0x360
[  956.018493][   T31]  schedule+0x165/0x360
[  956.022933][   T31]  schedule_preempt_disabled+0x13/0x30
[  956.028613][   T31]  __mutex_lock+0x7e6/0x1350
[  956.033546][   T31]  ? __mutex_lock+0x5bb/0x1350
[  956.038633][   T31]  ? misc_open+0x51/0x330
[  956.043466][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  956.048644][   T31]  misc_open+0x51/0x330
[  956.053521][   T31]  chrdev_open+0x4c9/0x5e0
[  956.057994][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.063551][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  956.069979][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.075169][   T31]  do_dentry_open+0x950/0x13f0
[  956.081201][   T31]  vfs_open+0x3b/0x340
[  956.085311][   T31]  ? path_openat+0x2ecd/0x3830
[  956.090550][   T31]  path_openat+0x2ee5/0x3830
[  956.095468][   T31]  ? arch_stack_walk+0xfc/0x150
[  956.100479][   T31]  ? stack_depot_save_flags+0x40/0x860
[  956.106263][   T31]  ? __pfx_path_openat+0x10/0x10
[  956.111595][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.118078][   T31]  do_filp_open+0x1fa/0x410
[  956.122869][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.127837][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  956.133032][   T31]  ? _raw_spin_unlock+0x28/0x50
[  956.137983][   T31]  ? alloc_fd+0x64c/0x6c0
[  956.142418][   T31]  do_sys_openat2+0x121/0x1c0
[  956.147104][   T31]  ? __se_sys_futex+0x36f/0x400
[  956.152025][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  956.157238][   T31]  ? rcu_is_watching+0x15/0xb0
[  956.162195][   T31]  __x64_sys_openat+0x138/0x170
[  956.167071][   T31]  do_syscall_64+0xfa/0x3b0
[  956.171741][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  956.176955][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.183110][   T31]  ? clear_bhb_loop+0x60/0xb0
[  956.187889][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.193926][   T31] RIP: 0033:0x7f3ff298ebe9
[  956.198356][   T31] RSP: 002b:00007f3ff373b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  956.206901][   T31] RAX: ffffffffffffffda RBX: 00007f3ff2bc5fa0 RCX: 00007f3ff298ebe9
[  956.215161][   T31] RDX: 0000000000040241 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  956.223227][   T31] RBP: 00007f3ff2a11e19 R08: 0000000000000000 R09: 0000000000000000
[  956.231313][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  956.239293][   T31] R13: 00007f3ff2bc6038 R14: 00007f3ff2bc5fa0 R15: 00007fff4fea4ee8
[  956.247495][   T31]  </TASK>
[  956.250644][   T31] INFO: task syz.3.6151:29187 blocked for more than 144 seconds.
[  956.258546][   T31]       Not tainted syzkaller #0
[  956.264720][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  956.273955][   T31] task:syz.3.6151      state:D stack:25896 pid:29187 tgid:29182 ppid:28091  task_flags:0x400140 flags:0x00004004
[  956.285921][   T31] Call Trace:
[  956.289229][   T31]  <TASK>
[  956.292306][   T31]  __schedule+0x1798/0x4cc0
[  956.296929][   T31]  ? kasan_save_free_info+0x46/0x50
[  956.302285][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.307191][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.312124][   T31]  ? __pfx___schedule+0x10/0x10
[  956.317054][   T31]  ? schedule+0x91/0x360
[  956.321577][   T31]  schedule+0x165/0x360
[  956.325927][   T31]  schedule_preempt_disabled+0x13/0x30
[  956.331456][   T31]  __mutex_lock+0x7e6/0x1350
[  956.336071][   T31]  ? __mutex_lock+0x5bb/0x1350
[  956.341176][   T31]  ? misc_open+0x51/0x330
[  956.345694][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  956.350994][   T31]  misc_open+0x51/0x330
[  956.355341][   T31]  chrdev_open+0x4c9/0x5e0
[  956.359808][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.364852][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  956.371276][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.376236][   T31]  do_dentry_open+0x950/0x13f0
[  956.382103][   T31]  vfs_open+0x3b/0x340
[  956.386213][   T31]  ? path_openat+0x2ecd/0x3830
[  956.391081][   T31]  path_openat+0x2ee5/0x3830
[  956.395722][   T31]  ? arch_stack_walk+0xfc/0x150
[  956.400890][   T31]  ? stack_depot_save_flags+0x40/0x860
[  956.406470][   T31]  ? __pfx_path_openat+0x10/0x10
[  956.411627][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.417731][   T31]  do_filp_open+0x1fa/0x410
[  956.422286][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.427253][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  956.432407][   T31]  ? _raw_spin_unlock+0x28/0x50
[  956.437277][   T31]  ? alloc_fd+0x64c/0x6c0
[  956.441812][   T31]  do_sys_openat2+0x121/0x1c0
[  956.446595][   T31]  ? __se_sys_futex+0x36f/0x400
[  956.451763][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  956.456991][   T31]  ? rcu_is_watching+0x15/0xb0
[  956.461802][   T31]  __x64_sys_openat+0x138/0x170
[  956.466768][   T31]  do_syscall_64+0xfa/0x3b0
[  956.471365][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  956.476593][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.482707][   T31]  ? clear_bhb_loop+0x60/0xb0
[  956.487393][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.493372][   T31] RIP: 0033:0x7f3ff298ebe9
[  956.497977][   T31] RSP: 002b:00007f3ff0bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  956.506546][   T31] RAX: ffffffffffffffda RBX: 00007f3ff2bc6180 RCX: 00007f3ff298ebe9
[  956.514598][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  956.522677][   T31] RBP: 00007f3ff2a11e19 R08: 0000000000000000 R09: 0000000000000000
[  956.530850][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  956.538880][   T31] R13: 00007f3ff2bc6218 R14: 00007f3ff2bc6180 R15: 00007fff4fea4ee8
[  956.547045][   T31]  </TASK>
[  956.550124][   T31] INFO: task syz.4.6154:29193 blocked for more than 145 seconds.
[  956.557936][   T31]       Not tainted syzkaller #0
[  956.563112][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  956.572135][   T31] task:syz.4.6154      state:D stack:25928 pid:29193 tgid:29192 ppid:27048  task_flags:0x400040 flags:0x00004004
[  956.584918][   T31] Call Trace:
[  956.588370][   T31]  <TASK>
[  956.591419][   T31]  __schedule+0x1798/0x4cc0
[  956.595945][   T31]  ? kasan_save_free_info+0x46/0x50
[  956.601254][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.606125][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.611034][   T31]  ? __pfx___schedule+0x10/0x10
[  956.615941][   T31]  ? schedule+0x91/0x360
[  956.620341][   T31]  schedule+0x165/0x360
[  956.624514][   T31]  schedule_preempt_disabled+0x13/0x30
[  956.630188][   T31]  __mutex_lock+0x7e6/0x1350
[  956.634883][   T31]  ? __mutex_lock+0x5bb/0x1350
[  956.639930][   T31]  ? misc_open+0x51/0x330
[  956.644345][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  956.649376][   T31]  misc_open+0x51/0x330
[  956.653629][   T31]  chrdev_open+0x4c9/0x5e0
[  956.658079][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.663064][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  956.669618][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  956.674604][   T31]  do_dentry_open+0x950/0x13f0
[  956.679393][   T31]  vfs_open+0x3b/0x340
[  956.683612][   T31]  ? path_openat+0x2ecd/0x3830
[  956.688397][   T31]  path_openat+0x2ee5/0x3830
[  956.693060][   T31]  ? arch_stack_walk+0xfc/0x150
[  956.698024][   T31]  ? stack_depot_save_flags+0x40/0x860
[  956.703780][   T31]  ? __pfx_path_openat+0x10/0x10
[  956.709004][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.715169][   T31]  do_filp_open+0x1fa/0x410
[  956.719777][   T31]  ? __lock_acquire+0xab9/0xd20
[  956.724743][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  956.730112][   T31]  ? _raw_spin_unlock+0x28/0x50
[  956.734993][   T31]  ? alloc_fd+0x64c/0x6c0
[  956.739318][   T31]  do_sys_openat2+0x121/0x1c0
[  956.744082][   T31]  ? __se_sys_futex+0x36f/0x400
[  956.748952][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  956.754209][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  956.759420][   T31]  ? rcu_is_watching+0x15/0xb0
[  956.764424][   T31]  __x64_sys_openat+0x138/0x170
[  956.769304][   T31]  do_syscall_64+0xfa/0x3b0
[  956.773976][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  956.779294][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.786391][   T31]  ? clear_bhb_loop+0x60/0xb0
[  956.791150][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  956.797035][   T31] RIP: 0033:0x7f56b5b8ebe9
[  956.801596][   T31] RSP: 002b:00007f56b6ad0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  956.810097][   T31] RAX: ffffffffffffffda RBX: 00007f56b5dc5fa0 RCX: 00007f56b5b8ebe9
[  956.818099][   T31] RDX: 0000000000020000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  956.826134][   T31] RBP: 00007f56b5c11e19 R08: 0000000000000000 R09: 0000000000000000
[  956.834299][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  956.842538][   T31] R13: 00007f56b5dc6038 R14: 00007f56b5dc5fa0 R15: 00007ffd55553f98
[  956.851123][   T31]  </TASK>
[  956.854194][   T31] 
[  956.854194][   T31] Showing all locks held in the system:
[  956.868527][   T31] 3 locks held by kworker/1:0/24:
[  956.873714][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  956.884804][   T31]  #1: ffffc900001e7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  956.898489][   T31]  #2: ffffffff8f8128a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  956.910126][   T31] 1 lock held by khungtaskd/31:
[  956.914976][   T31]  #0: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  956.925035][   T31] 2 locks held by getty/5622:
[  956.929945][   T31]  #0: ffff88814d6e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  956.940110][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  956.951103][   T31] 5 locks held by kworker/u8:6/20515:
[  956.956484][   T31] 2 locks held by kworker/u8:12/20522:
[  956.962040][   T31] 2 locks held by syz.1.6089/28980:
[  956.967503][   T31]  #0: ffff8880540c5100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  956.977448][   T31]  #1: ffffffff8f8128a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  956.987816][   T31] 2 locks held by syz.0.6092/28997:
[  956.993051][   T31]  #0: ffffffff8f8128a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  957.003322][   T31]  #1: ffff8880540c5100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  957.013160][   T31] 3 locks held by syz.2.6142/29153:
[  957.018372][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.027126][   T31]  #1: ffff88804d396100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  957.037108][   T31]  #2: ffffffff8f8128a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  957.047250][   T31] 1 lock held by syz.3.6151/29183:
[  957.052429][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.060992][   T31] 1 lock held by syz.3.6151/29187:
[  957.066387][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.075113][   T31] 1 lock held by syz.4.6154/29193:
[  957.080297][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.088871][   T31] 1 lock held by syz-executor/29196:
[  957.094332][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.103638][   T31] 1 lock held by syz-executor/29198:
[  957.109032][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.117643][   T31] 1 lock held by syz-executor/29200:
[  957.123163][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.131887][   T31] 1 lock held by syz-executor/29202:
[  957.137175][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.145690][   T31] 1 lock held by syz-executor/29204:
[  957.151124][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.159677][   T31] 1 lock held by syz-executor/29206:
[  957.164972][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.173602][   T31] 1 lock held by syz-executor/29208:
[  957.178973][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.187496][   T31] 1 lock held by syz-executor/29210:
[  957.192865][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.201453][   T31] 1 lock held by syz-executor/29212:
[  957.206826][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.215514][   T31] 1 lock held by syz-executor/29214:
[  957.221483][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.230147][   T31] 1 lock held by syz-executor/29216:
[  957.235488][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.244102][   T31] 1 lock held by syz-executor/29218:
[  957.249410][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.258038][   T31] 1 lock held by syz-executor/29220:
[  957.264010][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.272915][   T31] 1 lock held by syz-executor/29222:
[  957.278541][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.287017][   T31] 1 lock held by syz-executor/29224:
[  957.292407][   T31]  #0: ffffffff8e9c1c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  957.301674][   T31] 
[  957.304013][   T31] =============================================
[  957.304013][   T31] 
[  957.312704][   T31] NMI backtrace for cpu 0
[  957.312725][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  957.312744][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  957.312755][   T31] Call Trace:
[  957.312763][   T31]  <TASK>
[  957.312772][   T31]  dump_stack_lvl+0x189/0x250
[  957.312801][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  957.312821][   T31]  ? __pfx__printk+0x10/0x10
[  957.312856][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  957.312883][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  957.312908][   T31]  ? __pfx__printk+0x10/0x10
[  957.312935][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  957.312962][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  957.312988][   T31]  watchdog+0xf93/0xfe0
[  957.313015][   T31]  ? watchdog+0x1de/0xfe0
[  957.313043][   T31]  kthread+0x70e/0x8a0
[  957.313067][   T31]  ? __pfx_watchdog+0x10/0x10
[  957.313087][   T31]  ? __pfx_kthread+0x10/0x10
[  957.313110][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  957.313127][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.313143][   T31]  ? __pfx_kthread+0x10/0x10
[  957.313164][   T31]  ret_from_fork+0x3fc/0x770
[  957.313183][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  957.313206][   T31]  ? __switch_to_asm+0x39/0x70
[  957.313224][   T31]  ? __switch_to_asm+0x33/0x70
[  957.313242][   T31]  ? __pfx_kthread+0x10/0x10
[  957.313260][   T31]  ret_from_fork_asm+0x1a/0x30
[  957.313292][   T31]  </TASK>
[  957.313299][   T31] Sending NMI from CPU 0 to CPUs 1:
[  957.462431][    C1] NMI backtrace for cpu 1
[  957.462451][    C1] CPU: 1 UID: 0 PID: 6260 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(full) 
[  957.462470][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  957.462481][    C1] Workqueue: events_unbound toggle_allocation_gate
[  957.462508][    C1] RIP: 0010:mark_lock+0x3c/0x190
[  957.462526][    C1] Code: 00 03 00 83 f9 01 bb 09 00 00 00 83 db 00 83 fa 08 0f 45 da bd 01 00 00 00 89 d9 d3 e5 25 ff 1f 00 00 48 0f a3 05 04 d6 0a 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 10 63 49 93 eb 48 83 3d 6b 65
[  957.462540][    C1] RSP: 0018:ffffc9000ee27648 EFLAGS: 00000007
[  957.462553][    C1] RAX: 00000000000000ca RBX: 0000000000000002 RCX: 0000000000000002
[  957.462563][    C1] RDX: 0000000000000002 RSI: ffff888031e828f0 RDI: ffff888031e81e00
[  957.462575][    C1] RBP: 0000000000000004 R08: ffffffff8fa38d37 R09: 1ffffffff1f471a6
[  957.462587][    C1] R10: dffffc0000000000 R11: fffffbfff1f471a7 R12: ffff888031e828f0
[  957.462599][    C1] R13: ffff88801a47c558 R14: ffff888031e828f0 R15: 0000000000000000
[  957.462611][    C1] FS:  0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000
[  957.462624][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  957.462635][    C1] CR2: 0000564bf8d22000 CR3: 000000000df36000 CR4: 00000000003526f0
[  957.462650][    C1] Call Trace:
[  957.462657][    C1]  <TASK>
[  957.462667][    C1]  lockdep_hardirqs_on_prepare+0x129/0x2a0
[  957.462690][    C1]  ? __kvmalloc_node_noprof+0x179/0x5f0
[  957.462708][    C1]  trace_hardirqs_on+0x28/0x40
[  957.462726][    C1]  __text_poke+0x748/0xa10
[  957.462748][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  957.462766][    C1]  ? __kvmalloc_node_noprof+0x179/0x5f0
[  957.462784][    C1]  ? __pfx___text_poke+0x10/0x10
[  957.462801][    C1]  ? rcu_is_watching+0x15/0xb0
[  957.462816][    C1]  ? trace_contention_end+0x39/0x120
[  957.462838][    C1]  smp_text_poke_batch_finish+0xd0f/0x1130
[  957.462862][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  957.462882][    C1]  ? arch_jump_label_transform_queue+0x97/0x110
[  957.462908][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  957.462928][    C1]  static_key_enable_cpuslocked+0x128/0x250
[  957.462950][    C1]  static_key_enable+0x1a/0x20
[  957.462968][    C1]  toggle_allocation_gate+0xad/0x240
[  957.462987][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  957.463006][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  957.463026][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  957.463040][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  957.463055][    C1]  process_scheduled_works+0xae1/0x17b0
[  957.463082][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  957.463104][    C1]  worker_thread+0x8a0/0xda0
[  957.463131][    C1]  kthread+0x70e/0x8a0
[  957.463150][    C1]  ? __pfx_worker_thread+0x10/0x10
[  957.463165][    C1]  ? __pfx_kthread+0x10/0x10
[  957.463182][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  957.463197][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.463212][    C1]  ? __pfx_kthread+0x10/0x10
[  957.463229][    C1]  ret_from_fork+0x3fc/0x770
[  957.463246][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  957.463264][    C1]  ? __switch_to_asm+0x39/0x70
[  957.463281][    C1]  ? __switch_to_asm+0x33/0x70
[  957.463298][    C1]  ? __pfx_kthread+0x10/0x10
[  957.463315][    C1]  ret_from_fork_asm+0x1a/0x30
[  957.463340][    C1]  </TASK>
[  957.783889][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  957.790760][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  957.799876][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  957.810120][   T31] Call Trace:
[  957.813392][   T31]  <TASK>
[  957.816328][   T31]  dump_stack_lvl+0x99/0x250
[  957.820925][   T31]  ? __asan_memcpy+0x40/0x70
[  957.825527][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  957.830729][   T31]  ? __pfx__printk+0x10/0x10
[  957.835329][   T31]  vpanic+0x281/0x750
[  957.839313][   T31]  ? __pfx_vpanic+0x10/0x10
[  957.843814][   T31]  ? preempt_schedule+0xae/0xc0
[  957.848753][   T31]  ? preempt_schedule_common+0x83/0xd0
[  957.854374][   T31]  panic+0xb9/0xc0
[  957.858086][   T31]  ? __pfx_panic+0x10/0x10
[  957.862588][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  957.868038][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  957.874204][   T31]  watchdog+0xfd2/0xfe0
[  957.878368][   T31]  ? watchdog+0x1de/0xfe0
[  957.882700][   T31]  kthread+0x70e/0x8a0
[  957.886846][   T31]  ? __pfx_watchdog+0x10/0x10
[  957.891597][   T31]  ? __pfx_kthread+0x10/0x10
[  957.896184][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  957.901370][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.906588][   T31]  ? __pfx_kthread+0x10/0x10
[  957.911692][   T31]  ret_from_fork+0x3fc/0x770
[  957.916276][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  957.921379][   T31]  ? __switch_to_asm+0x39/0x70
[  957.926148][   T31]  ? __switch_to_asm+0x33/0x70
[  957.930901][   T31]  ? __pfx_kthread+0x10/0x10
[  957.935597][   T31]  ret_from_fork_asm+0x1a/0x30
[  957.940395][   T31]  </TASK>
[  957.943812][   T31] Kernel Offset: disabled
[  957.948208][   T31] Rebooting in 86400 seconds..