last executing test programs:

6.125455935s ago: executing program 0 (id=13090):
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.943485698s ago: executing program 0 (id=13092):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000700)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xe}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000022c0)=@newtfilter={0x520, 0x2c, 0xd2f, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {}, {0x2}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @filter_kind_options=@f_fw={{0x7}, {0x4ec, 0x2, [@TCA_FW_ACT={0x158, 0x4, [@m_tunnel_key={0x154, 0xc, 0x0, 0x0, {{0xf}, {0x24, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x8}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @remote}]}, {0x102, 0x6, "c8d55e7ef5cdb785fdba106cd4e7cf4d98268654eb37329c88fa780d77cc1e84cbf687110b2f5fff707c4d1abb1ee7709a66af05861610f80f70856133d9b1a0aad7ae5b0e4bb170f492aaf64873a7715bcc1318804286b949bfb7ae6fb2a8cb6361fb00de6cb829049574775baf661c6312d4a2081afe084a96cfd34c30fb157c626996a12112bc416edd3e9772536a24d0981230f3f2033c7233b630c788726d966e69eacbc89824ae260bbeb2db25952f0ecc09b3c3aa572b63c818605d3f46873d8a03f8d0ce92df4417cb6c2f73468875efe3eb85e761cacf5e6a125ddb09f47b65b84c72ce9f7739dd869edf22c98cfd6eb631ba7e1cc34be591eb"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'xfrm0\x00'}, @TCA_FW_ACT={0x210, 0x4, [@m_gact={0xf0, 0xa, 0x0, 0x0, {{0x9}, {0x64, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xf9c, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x816, 0xfffffffb, 0x0, 0x2, 0x9}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1ff8, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0x8, 0x8, 0x0, 0x9, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x7a6c977c, 0x20000000, 0x4, 0xb}}]}, {0x63, 0x6, "f8499e4722a10cfee3c0af5da579b935be8caba734cdc70d65ea428e0d700e231565f6a6843519f846834d3ba71e6844561995cbbb1079253bf4bbf6cec26c958f39f96df40a2ea313679a285291b6cf3d1d919277b9975deda4d41c296eb2"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ct={0x11c, 0x17, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @empty}, @TCA_CT_MARK={0x8}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}]}, {0xd2, 0x6, "3d8a92736e82171f184b4136b44e0dc0264bf564f51bd83ee35dd907a1499a2484daad4dc6d3db5f8d9acc5a1153c466321d20f84fb7a1b8328a550500f5a4711f2f7da7baa8afbbab3576af07febeb7a73b498d82ee88c02396365dae87fcfecf7c4e4cbb87b861ca55ce2c28397650781a521f751da10739517fe21006bc541b7ce8775442141e022319fbacc72a45807ef57ee89d7bd0d8fff62261e674a2af09b2ca9bcc045139ce2aaa9cfff634cc217bde2acfa708be9047acddb65e661d3e11045b84c24ab950d54e7b6a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}, @TCA_FW_ACT={0x16c, 0x4, [@m_nat={0x94, 0x13, 0x0, 0x0, {{0x8}, {0x4}, {0x6c, 0x6, "3ee08e1117fcb98f3be41d10f2a68b5e0a6cc5d8ca7de1859b1faf74c1805c094622e767f6322e3d54f1daba4910b91a1f55b64374fd74c94187daf296896fae356b36be29fa7a14cc0b08c636a294546946d4fdbae30aa244fe610ae84fe8f43ede557eefaaa53b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ife={0x30, 0x13, 0x0, 0x0, {{0x8}, {0x4}, {0x8, 0x6, "e2caa01a"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_xt={0x74, 0x1f, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x10000}]}, {0x44, 0x6, "b71395f92b671d3c44c02680b968bbca01af03fb11cee56af810143c7708937a56c9a240396f08441cfa4fa46bf90f8b91096f0e4bc334e8c6cc79f576b2fe6c"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_pedit={0x30, 0xe, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x520}, 0x1, 0x0, 0x0, 0x20000005}, 0x844)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.902753462s ago: executing program 0 (id=13093):
sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, 0x0, 0x20008800)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002380)}, 0x2000)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="54000000102003472fbd70000400000000000000", @ANYRES32=0x0, @ANYBLOB="3a000000a00102001c00128009000100766c616e000000000c000280060001000200000008000500", @ANYRES32=r1, @ANYBLOB="08002800fc560000080004"], 0x54}}, 0x800)

5.827797128s ago: executing program 0 (id=13094):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
socket(0x10, 0x80002, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x30}}, &(0x7f00000002c0)='GPL\x00', 0xf}, 0x94)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.67911793s ago: executing program 2 (id=13096):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x4000894)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)

5.374240353s ago: executing program 1 (id=13099):
socket$inet6(0xa, 0x1, 0x8010000000000084)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x200}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB], 0x6f4}}, 0x0)

5.278235137s ago: executing program 2 (id=13100):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x0, 0x0, 0x0, {@in6_addr=@local, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x2000000, 0x1080}, 0x0)

5.257193632s ago: executing program 4 (id=13102):
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a", 0x27}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.166586777s ago: executing program 0 (id=13103):
socket(0x2a, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r0, 0x6)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
shutdown(0xffffffffffffffff, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000000, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

5.122984862s ago: executing program 1 (id=13104):
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x29}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000040000000900000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000de4e4c46e9c6a4dd620bab8271b81d867a9cb7b5ad5fa5d2bfb4e612f6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000200)={'caif0\x00', 0x400})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000000)={'syzkaller0\x00'})
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000180)={0x8}, 0x8)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f00000006c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000680)='GPL\x00'}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000300)={'syztnl1\x00', &(0x7f00000001c0)={'gre0\x00', 0x0, 0x7, 0x7, 0x52, 0x7496, {{0xd, 0x4, 0x1, 0x7, 0x34, 0x65, 0x0, 0x4, 0x2f, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @timestamp={0x44, 0xc, 0x71, 0x0, 0x8, [0x7, 0x8]}, @ssrr={0x89, 0xb, 0xe2, [@rand_addr=0x64010102, @local]}, @rr={0x7, 0x7, 0x6d, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop]}}}}})

5.102609387s ago: executing program 2 (id=13105):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100ab5a0000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c", 0x1e}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12", 0x12}], 0x3}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100012004000000060ec97000fc83c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xffe)

5.001829282s ago: executing program 4 (id=13107):
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0xf, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc4}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB], 0x6f4}}, 0x0)

4.274299877s ago: executing program 0 (id=13108):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a3100000000090001007379"], 0xf0}}, 0x0)
r2 = socket(0x11, 0x1, 0x109)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x8, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='rcu_utilization\x00', r3}, 0x18)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x800}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000000000203000000000000000000000d00"/54], &(0x7f0000000140)=""/240, 0x56, 0xf0, 0x1}, 0x28)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128-aesni)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000240)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r9, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0)
accept4$ax25(r5, &(0x7f00000000c0)={{0x3, @rose}, [@rose, @default, @bcast, @rose, @remote, @null, @bcast, @netrom]}, &(0x7f0000000140)=0x48, 0x100000)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f0000000040), 0xfffffceb)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
unshare(0x62040200)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000010560100300012800b000100697036746e000000b80e0000000500ffffac14142a05000900290000000800040000050000"], 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000280)={'macvlan0\x00', 0x63f5})

2.142326769s ago: executing program 3 (id=13109):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b *:* m'], 0x47)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r0, 0x0, r3, 0x0, 0x8, 0xa00000000000000)

2.050511908s ago: executing program 4 (id=13110):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64"], 0x3c}}, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000400)=0x2, 0x4)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000100)=[{{0x3, 0x1}, {0x0, 0x1, 0x1}}], 0x8)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000002340)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}, {{&(0x7f0000000080)={0xa, 0x4e22, 0xe2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10000}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000180)="b0", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r4, 0x1)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@generic={0x7, 0x2, 0x0, 0x9, 0x9}]}, &(0x7f0000000040)='GPL\x00'}, 0x94)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000040)={r6}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={r6, 0x8}, &(0x7f00000000c0)=0x8)
bind$can_raw(r3, &(0x7f0000000480), 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x44}}, 0x0)

2.016594557s ago: executing program 3 (id=13111):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x4000894)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)

2.010374791s ago: executing program 2 (id=13112):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
syz_emit_ethernet(0x36, &(0x7f0000000300)={@broadcast, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x0, 0x4, 0x0, @private2, @mcast2}}}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
pwritev(r0, 0x0, 0x0, 0x81, 0x4)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
r4 = accept4$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000240)=0x1c, 0x80000)
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f00000006c0)={0x6ea, {{0xa, 0x4e22, 0x0, @private0, 0x5}}, 0x1, 0x6, [{{0xa, 0x4e21, 0xff, @mcast2, 0x3}}, {{0xa, 0x4e23, 0xb9b, @private1, 0x61}}, {{0xa, 0x4e22, 0x0, @remote, 0xdfec}}, {{0xa, 0x4e22, 0xcd, @loopback, 0xf98}}, {{0xa, 0x4e20, 0x5, @mcast1, 0x1}}, {{0xa, 0x4e20, 0x5, @remote, 0x7fff}}]}, 0x390)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7f, 0x0, 0x5, 0x1, 0xc}, 0xb, 0x0, 0x8, 0x5, 0x5f82, 0x3, 0x9, 0xd, 0x8, 0x1, {0xffff1c72, 0x3, 0x1000, 0x101, 0x0, 0x5}}}}]}, 0xfffffffffffffe5a}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000406010200000000000000000000000105000100"], 0x24}, 0x1, 0x0, 0x0, 0x20000020}, 0x800)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.834288205s ago: executing program 1 (id=13113):
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x200}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}}, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000005c0), r6)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000077400062c00070073797374656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080004200000000014000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)=ANY=[@ANYBLOB="181700003e000701fefffffffcffffff017c000008004280040008000c00018006000600800a0000f0160280ec1617801f"], 0x1718}, 0x1, 0x0, 0x0, 0xa6fdace091686b28}, 0xc000)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000540), r2)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x68)
sendmsg$WG_CMD_SET_DEVICE(r8, &(0x7f0000000780)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="616c6c73478eab2800000060cd2e4e4d289ec474a81df7", @ANYRES16=r9, @ANYBLOB="000426bd7000fedbdf25010000001400020077673200"/34], 0x28}, 0x1, 0x0, 0x0, 0xc014}, 0x8000)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})

1.788193909s ago: executing program 3 (id=13114):
socket$inet6(0xa, 0x1, 0x8010000000000084)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @generic={0x66, 0x8, 0x0, 0x0, 0xff000000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x200}, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB], 0x6f4}}, 0x0)

1.389115056s ago: executing program 1 (id=13115):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="3800000018000100fc000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10)

1.260652879s ago: executing program 3 (id=13116):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000002000000000000000100008018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x900, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB='8\x00-'], 0x54}, 0x1, 0x0, 0x0, 0x100000d0}, 0x0)

1.256955803s ago: executing program 4 (id=13117):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000140)=0x1, 0x4)
r0 = socket(0x2d, 0x2, 0x0)
connect$vsock_stream(r0, 0x0, 0x0)
r1 = socket(0x10, 0x80003, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="700000000001010400000000000000000a0000003c0001802c00018014000300000000000000000000000000000000001400040000000000000000000000ffffe00000010c000280050001000000000008000840000000080800074000000000100006800c000380060002000000000000732e36abf3c611bb1c281cd1d74bb436e8803747adb7dbcbeca445eb00325876424e5cfb63ad73df1460e35e910f293fa2a50a747e04d137327b3c48bffd522f7a94fb31bce4675d49df8f5747a875e0c0419579c489322b3e63294ddec06df0c150c7080d943279f3468d6654c2ff937392f42443a6a129a69889f7590d8b655ff9ea672fadef83b33d0fcf449a08d018b9849f5803d4a223fcae1c398d1d0b3f6657cc42a9c71a939ba1be9fdbf4dc32e9160e8693a6d805113f6a91"], 0x70}}, 0x0)

1.138644555s ago: executing program 1 (id=13118):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x490267a0}, 0x1c)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='4'], 0x34}, 0x1, 0x0, 0x0, 0x200040c1}, 0x8004)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
unshare(0x24020400)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)

1.071829971s ago: executing program 3 (id=13119):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x20, 0x123, 0x4, 0x70bd28, 0x25dfdbff, {0x16}, [@typed={0xc, 0x142, 0x0, 0x0, @u64=0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0x2002c841}, 0x100008c0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="080028bd7000fddf253700000008000300", @ANYRES32=r2, @ANYBLOB="0800570005000000"], 0x24}, 0x1, 0x0, 0x0, 0x20008011}, 0x80d6)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r3, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a", 0xce}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbe", 0x75}], 0x3}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215b", 0xca}, {&(0x7f0000000180)="d7dbdba577061e4e52e720022b7a3b0f40cfb0205e5fc23d7555ac21b674feb3b7bf705d3b4fd1d84d60baa95963d6a74c1ec58f17070cc392c83893878d", 0x3e}, {&(0x7f0000000900)="3794c1c2f791f4e67f50ea7bc95a2842f2990f3d7d9754304cde9192d23d13759fedda217763c26d7414268fc5a85a809bbaaf0c8cbed9c8b4f957ddecc49039374768b86dcb17cce7", 0x49}], 0x3}}], 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000b00), r4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="120000000400"], 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
clock_gettime(0x0, &(0x7f0000000380))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

1.0208436s ago: executing program 1 (id=13120):
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket(0x2, 0x2, 0x0)
syz_emit_ethernet(0x66, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@call={0x85, 0x0, 0x0, 0xd0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
epoll_pwait(r3, &(0x7f0000000140)=[{}], 0x1, 0x2d516fb6, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014})
epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x400)
connect$unix(r5, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket(0xb, 0xa, 0x100)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="3800000020000100000000000c0000000a80193ce07ceda42663f9d44cb2160000000000071700010008000d000300000014000100200100"], 0x38}}, 0x4040020)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0)
accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @null}, [@remote, @rose, @netrom, @bcast, @bcast, @netrom, @default, @bcast]}, &(0x7f0000000040)=0x48)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, r8}, 0x18)
connect$can_j1939(r7, &(0x7f0000000340)={0x1d, r8, 0x0, {0x1, 0x0, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r7, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)

958.652495ms ago: executing program 2 (id=13121):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x180}, 0x50)

958.023859ms ago: executing program 4 (id=13122):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004d18110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r4, 0x2000300, 0xe, 0x0, &(0x7f0000000180)="74fa40b249c0d585699ce70fac7b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYBLOB="8081e7c52fd708d3b6ada482aa515a910e1d7d21442d6a62c5d2d65892b8d6c12f066f17234fc79e91781a430e6e840d331ad18f5fa14424cc29071bd8b453eb9c843ce928b0db2cd51351965c471e1582c7b20225b58f6099520fd223fb26ddcda36004b61477fec18cf92d747d9316d808ed91356e09d201e893babb5c7a2bbb990d7e674b630938749c3bbb89de88537bf88a86eb8363b710a361adf8a7f0d8dc8654704571ab2a4b66a9fa3d9fa94f82458f7d2d518b78200a8fb847436da28027b31512a60519090751abf7649b7d39b2801bbec22fe6d312ad947f01dbd937", @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

838.794432ms ago: executing program 2 (id=13123):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_emit_ethernet(0x82, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1=0xe0000029}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x1c, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a0000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b0000000800084000000000050005000000001005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) (fail_nth: 4)

39.82306ms ago: executing program 4 (id=13124):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x4000894)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)

0s ago: executing program 3 (id=13125):
socket$inet6(0xa, 0x1, 0x8010000000000084)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x24}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

ar_bhb_loop+0x60/0xb0
[ 1244.359353][ T9112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1244.359370][ T9112] RIP: 0033:0x7f2c3358eb69
[ 1244.359389][ T9112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1244.359406][ T9112] RSP: 002b:00007f2c343f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1244.359430][ T9112] RAX: ffffffffffffffda RBX: 00007f2c337b5fa0 RCX: 00007f2c3358eb69
[ 1244.359454][ T9112] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[ 1244.359467][ T9112] RBP: 00007f2c33611df1 R08: 0000000000000004 R09: 0000000000000000
[ 1244.359480][ T9112] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1244.359493][ T9112] R13: 0000000000000000 R14: 00007f2c337b5fa0 R15: 00007ffe4c82d1b8
[ 1244.359526][ T9112]  </TASK>
[ 1244.359550][ T9112] Mem-Info:
[ 1244.702399][ T9112] active_anon:14886 inactive_anon:0 isolated_anon:0
[ 1244.702399][ T9112]  active_file:2449 inactive_file:40319 isolated_file:0
[ 1244.702399][ T9112]  unevictable:768 dirty:231 writeback:0
[ 1244.702399][ T9112]  slab_reclaimable:15685 slab_unreclaimable:178150
[ 1244.702399][ T9112]  mapped:30007 shmem:1536 pagetables:1128
[ 1244.702399][ T9112]  sec_pagetables:0 bounce:0
[ 1244.702399][ T9112]  kernel_misc_reclaimable:0
[ 1244.702399][ T9112]  free:1223265 free_pcp:15234 free_cma:0
[ 1244.845069][ T9112] Node 0 active_anon:59044kB inactive_anon:0kB active_file:9796kB inactive_file:161076kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120028kB dirty:924kB writeback:0kB shmem:4608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:17676kB pagetables:3732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1244.860941][ T9126] netlink: 'syz.0.12114': attribute type 1 has an invalid length.
[ 1244.896036][ T9112] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1244.941048][ T9127] netlink: 'syz.4.12112': attribute type 1 has an invalid length.
[ 1244.951396][ T9127] netlink: 'syz.4.12112': attribute type 2 has an invalid length.
[ 1244.960086][ T9112] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1244.980712][ T9127] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12112'.
[ 1244.992333][ T9112] lowmem_reserve[]: 0 2500 2502 2502 2502
[ 1245.008292][ T9112] Node 0 DMA32 free:978216kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59396kB inactive_anon:0kB active_file:9796kB inactive_file:159236kB unevictable:1536kB writepending:924kB present:3129332kB managed:2560292kB mlocked:0kB bounce:0kB free_pcp:43440kB local_pcp:22420kB free_cma:0kB
[ 1245.049239][ T9112] lowmem_reserve[]: 0 0 1 1 1
[ 1245.055475][ T9133] netlink: 'syz.0.12114': attribute type 4 has an invalid length.
[ 1245.062054][ T9112] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1245.103754][ T9112] lowmem_reserve[]: 0 0 0 0 0
[ 1245.108789][ T9112] Node 1 Normal free:3899968kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17528kB local_pcp:6720kB free_cma:0kB
[ 1245.144282][ T9112] lowmem_reserve[]: 0 0 0 0 0
[ 1245.149603][ T9112] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1245.164884][ T9112] Node 0 DMA32: 1543*4kB (UME) 722*8kB (UM) 92*16kB (UME) 508*32kB (UME) 153*64kB (UM) 22*128kB (UM) 15*256kB (UME) 4*512kB (M) 4*1024kB (UM) 2*2048kB (M) 225*4096kB (M) = 977964kB
[ 1245.194257][ T9112] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[ 1245.217489][ T9112] Node 1 Normal: 154*4kB (UE) 57*8kB (UME) 49*16kB (UME) 150*32kB (UME) 33*64kB (UME) 8*128kB (UME) 4*256kB (UM) 2*512kB (M) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (UM) = 3899968kB
[ 1245.225983][ T9136] netlink: 'syz.4.12116': attribute type 72 has an invalid length.
[ 1245.308475][ T9112] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1245.349016][ T9112] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1245.376350][ T9112] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1245.383470][ T9140] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12117'.
[ 1245.396766][ T9112] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1245.416690][ T9112] 44296 total pagecache pages
[ 1245.428121][ T9112] 0 pages in swap cache
[ 1245.505564][ T9112] Free swap  = 124996kB
[ 1245.526235][ T9112] Total swap = 124996kB
[ 1245.532362][ T9112] 2097051 pages RAM
[ 1245.541030][ T9112] 0 pages HighMem/MovableOnly
[ 1245.550626][ T9112] 424872 pages reserved
[ 1245.559217][ T9146] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1245.559702][ T9112] 0 pages cma reserved
[ 1245.689205][ T9150] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1245.710981][ T9150] syzkaller0: entered promiscuous mode
[ 1245.718775][ T9150] syzkaller0: entered allmulticast mode
[ 1245.754463][ T9154] netlink: 28 bytes leftover after parsing attributes in process `syz.4.12125'.
[ 1245.804865][ T9155] tipc: Resetting bearer <eth:syzkaller0>
[ 1245.828881][ T9154] netlink: 40 bytes leftover after parsing attributes in process `syz.4.12125'.
[ 1245.843080][ T9149] tipc: Resetting bearer <eth:syzkaller0>
[ 1245.896479][ T9149] tipc: Disabling bearer <eth:syzkaller0>
[ 1246.015028][ T9166] netlink: 'syz.4.12130': attribute type 1 has an invalid length.
[ 1246.171955][ T9166] 8021q: adding VLAN 0 to HW filter on device bond14
[ 1246.364457][ T9176] !
: renamed from dummy0 (while UP)
[ 1246.728987][ T9188] lo speed is unknown, defaulting to 1000
[ 1246.974753][ T9208] netlink: 'syz.1.12143': attribute type 1 has an invalid length.
[ 1247.213416][ T9208] 8021q: adding VLAN 0 to HW filter on device bond12
[ 1247.431638][ T9221] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12146'.
[ 1247.466679][ T9225] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12147'.
[ 1247.503296][ T4010] IPVS: starting estimator thread 0...
[ 1247.592244][ T9229] IPVS: using max 39 ests per chain, 93600 per kthread
[ 1247.671482][ T9233] bpq0: left promiscuous mode
[ 1247.686791][ T9233] bpq0: left allmulticast mode
[ 1248.044197][ T9242] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12152'.
[ 1248.385704][   T62] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1248.404495][   T62] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1248.414207][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1248.576550][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1248.654501][ T9255] netlink: 'syz.2.12157': attribute type 1 has an invalid length.
[ 1248.747704][T18970] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1248.769291][T18970] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1248.785367][T18970] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1248.804999][T18970] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1248.822431][T18970] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1248.910646][ T9255] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1249.048102][ T9266] bpq0: entered promiscuous mode
[ 1249.054316][ T9266] bpq0: entered allmulticast mode
[ 1249.062503][ T9268] netlink: 'syz.2.12160': attribute type 1 has an invalid length.
[ 1249.073909][ T9266] netlink: 'syz.1.12159': attribute type 1 has an invalid length.
[ 1249.078814][ T9256] lo speed is unknown, defaulting to 1000
[ 1249.127506][ T9266] bond13: entered promiscuous mode
[ 1249.134759][ T9266] 8021q: adding VLAN 0 to HW filter on device bond13
[ 1249.206481][ T9269] bond13: (slave bridge4): making interface the new active one
[ 1249.235424][ T9269] bridge4: entered promiscuous mode
[ 1249.261362][ T9269] bond13: (slave bridge4): Enslaving as an active interface with an up link
[ 1249.342541][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1249.629825][ T9277] bpq0: left promiscuous mode
[ 1249.639701][ T9277] bpq0: left allmulticast mode
[ 1249.902265][    C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[ 1250.038871][ T9289] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.12166'.
[ 1250.057319][ T9256] chnl_net:caif_netlink_parms(): no params data found
[ 1250.403108][ T9256] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1250.431343][ T9256] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1250.452632][ T9256] bridge_slave_0: entered allmulticast mode
[ 1250.475035][ T9256] bridge_slave_0: entered promiscuous mode
[ 1250.497005][ T9256] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1250.516186][ T9256] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1250.541258][ T9256] bridge_slave_1: entered allmulticast mode
[ 1250.565547][ T9256] bridge_slave_1: entered promiscuous mode
[ 1250.589031][ T9303] bpq0: entered promiscuous mode
[ 1250.594521][ T9303] bpq0: entered allmulticast mode
[ 1250.601603][ T9303] netlink: 'syz.1.12170': attribute type 1 has an invalid length.
[ 1250.691969][ T9305] netlink: 188 bytes leftover after parsing attributes in process `syz.4.12171'.
[ 1250.724915][ T9256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1250.740245][ T9256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1250.863483][T18970] Bluetooth: hci0: command tx timeout
[ 1250.872971][ T9308] netlink: 68 bytes leftover after parsing attributes in process `syz.4.12173'.
[ 1250.876336][ T9256] team0: Port device team_slave_0 added
[ 1250.898997][ T9256] team0: Port device team_slave_1 added
[ 1251.004608][ T9313] bpq0: left promiscuous mode
[ 1251.009730][ T9313] bpq0: left allmulticast mode
[ 1251.151804][ T9317] netlink: 'syz.1.12176': attribute type 1 has an invalid length.
[ 1251.163792][ T9256] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1251.171534][ T9256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1251.236309][ T9256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1251.348575][ T9317] 8021q: adding VLAN 0 to HW filter on device bond14
[ 1251.385710][ T9256] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1251.397275][ T9256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1251.424262][ T9256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1251.562255][ T9337] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12180'.
[ 1251.614491][ T9337] vlan3: entered promiscuous mode
[ 1251.619752][ T9337] Ã: entered promiscuous mode
[ 1251.676371][ T9347] netlink: 'syz.1.12182': attribute type 1 has an invalid length.
[ 1251.687159][ T9333] netlink: 'syz.2.12181': attribute type 1 has an invalid length.
[ 1251.696162][ T9333] netlink: 224 bytes leftover after parsing attributes in process `syz.2.12181'.
[ 1251.734293][ T9342] bpq0: entered promiscuous mode
[ 1251.739567][ T9342] bpq0: entered allmulticast mode
[ 1251.790703][ T9256] hsr_slave_0: entered promiscuous mode
[ 1251.820669][ T9256] hsr_slave_1: entered promiscuous mode
[ 1251.830895][ T9256] debugfs: 'hsr0' already exists in 'hsr'
[ 1251.837178][ T9256] Cannot create hsr debugfs directory
[ 1251.907028][ T9352] netlink: 'syz.3.12186': attribute type 10 has an invalid length.
[ 1252.160517][ T9362] pim6reg: entered allmulticast mode
[ 1252.505150][ T9371] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.12193'.
[ 1252.862182][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1252.953012][ T5845] Bluetooth: hci0: command tx timeout
[ 1253.469138][ T9385] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[ 1253.625487][ T5906] IPVS: starting estimator thread 0...
[ 1253.700561][ T9397] netlink: 'syz.1.12205': attribute type 1 has an invalid length.
[ 1253.743764][ T9396] IPVS: using max 31 ests per chain, 74400 per kthread
[ 1253.794484][ T9397] 8021q: adding VLAN 0 to HW filter on device bond15
[ 1253.896561][ T9398] lo speed is unknown, defaulting to 1000
[ 1253.911440][ T9256] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1253.976593][ T9256] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1254.048951][ T9256] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1254.094174][ T9256] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1254.172227][ T9418] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12212'.
[ 1254.196437][ T9412] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1254.225621][ T9412] syzkaller0: entered promiscuous mode
[ 1254.250281][ T9412] syzkaller0: entered allmulticast mode
[ 1254.360971][ T9412] tipc: Resetting bearer <eth:syzkaller0>
[ 1254.483831][ T9411] tipc: Resetting bearer <eth:syzkaller0>
[ 1254.543037][ T9411] tipc: Disabling bearer <eth:syzkaller0>
[ 1254.596241][ T9433] netlink: 'syz.3.12216': attribute type 1 has an invalid length.
[ 1254.777934][ T9438] netlink: 'syz.2.12217': attribute type 1 has an invalid length.
[ 1254.808740][ T9433] gretap2: entered promiscuous mode
[ 1254.825668][ T9437] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12218'.
[ 1254.896018][ T9438] 8021q: adding VLAN 0 to HW filter on device bond8
[ 1254.970880][ T9256] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1255.007659][ T9256] 8021q: adding VLAN 0 to HW filter on device team0
[ 1255.021919][ T1976] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1255.022202][    C1] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[ 1255.029404][ T1976] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1255.046474][ T5845] Bluetooth: hci0: command tx timeout
[ 1255.076765][ T1976] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1255.084005][ T1976] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1255.435684][ T9451] FAULT_INJECTION: forcing a failure.
[ 1255.435684][ T9451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1255.490702][ T9456] netlink: 'syz.1.12223': attribute type 29 has an invalid length.
[ 1255.503856][ T9451] CPU: 0 UID: 0 PID: 9451 Comm: syz.2.12222 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1255.503884][ T9451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1255.503896][ T9451] Call Trace:
[ 1255.503904][ T9451]  <TASK>
[ 1255.503913][ T9451]  dump_stack_lvl+0x189/0x250
[ 1255.503937][ T9451]  ? __pfx____ratelimit+0x10/0x10
[ 1255.503961][ T9451]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1255.503979][ T9451]  ? __pfx__printk+0x10/0x10
[ 1255.504012][ T9451]  should_fail_ex+0x414/0x560
[ 1255.504042][ T9451]  _copy_to_user+0x31/0xb0
[ 1255.504067][ T9451]  bpf_test_finish+0x1ab/0x700
[ 1255.504097][ T9451]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[ 1255.504121][ T9451]  ? __pfx_bpf_test_finish+0x10/0x10
[ 1255.504149][ T9451]  ? bpf_test_init+0x133/0x170
[ 1255.504173][ T9451]  bpf_prog_test_run_xdp+0x79a/0x1000
[ 1255.504211][ T9451]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1255.504238][ T9451]  ? __fget_files+0x2a/0x420
[ 1255.504259][ T9451]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1255.504282][ T9451]  bpf_prog_test_run+0x2c4/0x340
[ 1255.504311][ T9451]  __sys_bpf+0x581/0x870
[ 1255.504335][ T9451]  ? __pfx___sys_bpf+0x10/0x10
[ 1255.504369][ T9451]  ? ksys_write+0x22a/0x250
[ 1255.504393][ T9451]  ? __pfx_ksys_write+0x10/0x10
[ 1255.504411][ T9451]  ? rcu_is_watching+0x15/0xb0
[ 1255.504443][ T9451]  __x64_sys_bpf+0x7c/0x90
[ 1255.504466][ T9451]  do_syscall_64+0xfa/0x3b0
[ 1255.504489][ T9451]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1255.504512][ T9451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1255.504530][ T9451]  ? clear_bhb_loop+0x60/0xb0
[ 1255.504552][ T9451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1255.504569][ T9451] RIP: 0033:0x7f2c3358eb69
[ 1255.504587][ T9451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1255.504603][ T9451] RSP: 002b:00007f2c343f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1255.504624][ T9451] RAX: ffffffffffffffda RBX: 00007f2c337b5fa0 RCX: 00007f2c3358eb69
[ 1255.504638][ T9451] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 000000000000000a
[ 1255.504650][ T9451] RBP: 00007f2c343f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1255.504661][ T9451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1255.504673][ T9451] R13: 0000000000000000 R14: 00007f2c337b5fa0 R15: 00007ffe4c82d1b8
[ 1255.504702][ T9451]  </TASK>
[ 1255.895014][ T9464] netlink: 72 bytes leftover after parsing attributes in process `syz.3.12228'.
[ 1255.996082][ T9256] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1255.996267][ T9468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1256.069354][ T9472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12226'.
[ 1256.083947][ T9472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12226'.
[ 1256.120308][ T9474] bpq0: left promiscuous mode
[ 1256.126071][ T9474] bpq0: left allmulticast mode
[ 1256.148329][ T9256] veth0_vlan: entered promiscuous mode
[ 1256.176899][ T9256] veth1_vlan: entered promiscuous mode
[ 1256.270297][ T9475] lo speed is unknown, defaulting to 1000
[ 1256.276826][ T9256] veth0_macvtap: entered promiscuous mode
[ 1256.308608][ T9256] veth1_macvtap: entered promiscuous mode
[ 1256.362875][ T9478] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12231'.
[ 1256.364233][ T9256] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1256.397047][ T9256] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1256.533095][T22381] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1256.584558][T22381] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1256.605376][T22381] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1256.704862][T22381] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1256.808373][T22381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1256.842662][T22381] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1256.929418][ T9487] mac80211_hwsim hwsim95 wlan1: entered allmulticast mode
[ 1256.956244][T22381] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1256.998792][T22381] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1257.104301][ T5845] Bluetooth: hci0: command tx timeout
[ 1257.114456][ T9486] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12234'.
[ 1257.347044][ T9493] veth0_virt_wifi: renamed from veth0_vlan
[ 1257.485953][ T9498] bpq0: entered promiscuous mode
[ 1257.505136][ T9498] bpq0: entered allmulticast mode
[ 1257.573166][ T9503] netlink: 'syz.0.12150': attribute type 1 has an invalid length.
[ 1257.838483][ T9509] bpq0: left promiscuous mode
[ 1257.872271][ T9509] bpq0: left allmulticast mode
[ 1257.940012][ T9502] lo speed is unknown, defaulting to 1000
[ 1258.216040][ T9515] netlink: 72 bytes leftover after parsing attributes in process `syz.0.12241'.
[ 1258.421497][ T9505] Bluetooth: hci4: Opcode 0x0401 failed: -4
[ 1258.460303][ T9522] FAULT_INJECTION: forcing a failure.
[ 1258.460303][ T9522] name failslab, interval 1, probability 0, space 0, times 0
[ 1258.512753][ T9522] CPU: 1 UID: 0 PID: 9522 Comm: syz.0.12244 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1258.512783][ T9522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1258.512795][ T9522] Call Trace:
[ 1258.512803][ T9522]  <TASK>
[ 1258.512812][ T9522]  dump_stack_lvl+0x189/0x250
[ 1258.512836][ T9522]  ? __pfx____ratelimit+0x10/0x10
[ 1258.512861][ T9522]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1258.512880][ T9522]  ? __pfx__printk+0x10/0x10
[ 1258.512905][ T9522]  ? __pfx___might_resched+0x10/0x10
[ 1258.512929][ T9522]  ? fs_reclaim_acquire+0x7d/0x100
[ 1258.512953][ T9522]  should_fail_ex+0x414/0x560
[ 1258.512985][ T9522]  should_failslab+0xa8/0x100
[ 1258.513005][ T9522]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1258.513030][ T9522]  ? __alloc_skb+0x112/0x2d0
[ 1258.513059][ T9522]  __alloc_skb+0x112/0x2d0
[ 1258.513088][ T9522]  alloc_skb_with_frags+0xca/0x890
[ 1258.513114][ T9522]  ? __lock_acquire+0xab9/0xd20
[ 1258.513141][ T9522]  sock_alloc_send_pskb+0x857/0x990
[ 1258.513180][ T9522]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1258.513213][ T9522]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[ 1258.513238][ T9522]  unix_dgram_sendmsg+0x461/0x1850
[ 1258.513278][ T9522]  ? aa_sk_perm+0x81e/0x950
[ 1258.513305][ T9522]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 1258.513326][ T9522]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1258.513361][ T9522]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[ 1258.513384][ T9522]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[ 1258.513408][ T9522]  __sock_sendmsg+0x219/0x270
[ 1258.513444][ T9522]  ____sys_sendmsg+0x52d/0x830
[ 1258.513469][ T9522]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1258.513498][ T9522]  ? import_iovec+0x74/0xa0
[ 1258.513525][ T9522]  ___sys_sendmsg+0x21f/0x2a0
[ 1258.513546][ T9522]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1258.513606][ T9522]  ? __might_fault+0xb0/0x130
[ 1258.513639][ T9522]  __sys_sendmmsg+0x227/0x430
[ 1258.513663][ T9522]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1258.513679][ T9522]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1258.513731][ T9522]  ? ksys_write+0x22a/0x250
[ 1258.513755][ T9522]  ? __pfx_ksys_write+0x10/0x10
[ 1258.513780][ T9522]  ? rcu_is_watching+0x15/0xb0
[ 1258.513813][ T9522]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1258.513834][ T9522]  do_syscall_64+0xfa/0x3b0
[ 1258.513857][ T9522]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1258.513880][ T9522]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.513897][ T9522]  ? clear_bhb_loop+0x60/0xb0
[ 1258.513919][ T9522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.513937][ T9522] RIP: 0033:0x7f2235b8eb69
[ 1258.513953][ T9522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1258.513969][ T9522] RSP: 002b:00007f22339f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1258.513990][ T9522] RAX: ffffffffffffffda RBX: 00007f2235db5fa0 RCX: 00007f2235b8eb69
[ 1258.514004][ T9522] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000005
[ 1258.514017][ T9522] RBP: 00007f22339f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1258.514029][ T9522] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000001
[ 1258.514041][ T9522] R13: 0000000000000000 R14: 00007f2235db5fa0 R15: 00007ffd5622ec98
[ 1258.514070][ T9522]  </TASK>
[ 1258.984768][ T9528] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.12246'.
[ 1259.023239][T18970] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1259.038468][T18970] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1259.070941][T18970] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1259.116077][T18970] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1259.128855][T18970] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1259.229993][ T9539] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12248'.
[ 1259.544861][ T9539] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1259.560423][ T9539] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1259.663899][ T5845] Bluetooth: hci4: command 0x0405 tx timeout
[ 1259.823538][ T9524] lo speed is unknown, defaulting to 1000
[ 1259.877586][ T9550] FAULT_INJECTION: forcing a failure.
[ 1259.877586][ T9550] name failslab, interval 1, probability 0, space 0, times 0
[ 1259.891165][ T9550] CPU: 1 UID: 0 PID: 9550 Comm: syz.4.12251 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1259.891194][ T9550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1259.891205][ T9550] Call Trace:
[ 1259.891213][ T9550]  <TASK>
[ 1259.891222][ T9550]  dump_stack_lvl+0x189/0x250
[ 1259.891249][ T9550]  ? __pfx____ratelimit+0x10/0x10
[ 1259.891274][ T9550]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1259.891292][ T9550]  ? __pfx__printk+0x10/0x10
[ 1259.891328][ T9550]  should_fail_ex+0x414/0x560
[ 1259.891361][ T9550]  should_failslab+0xa8/0x100
[ 1259.891381][ T9550]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1259.891406][ T9550]  ? radix_tree_node_alloc+0x7e/0x3a0
[ 1259.891434][ T9550]  radix_tree_node_alloc+0x7e/0x3a0
[ 1259.891465][ T9550]  idr_get_free+0x2b3/0xa70
[ 1259.891503][ T9550]  idr_alloc_u32+0x159/0x2d0
[ 1259.891544][ T9550]  ? __pfx_idr_alloc_u32+0x10/0x10
[ 1259.891571][ T9550]  ? net_generic+0x1e/0x240
[ 1259.891590][ T9550]  ? l2tp_tunnel_register+0x11c/0x1320
[ 1259.891620][ T9550]  l2tp_tunnel_register+0x136/0x1320
[ 1259.891668][ T9550]  ? do_raw_spin_lock+0x121/0x290
[ 1259.891692][ T9550]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1259.891713][ T9550]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[ 1259.891754][ T9550]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1259.891777][ T9550]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1259.891802][ T9550]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1259.891825][ T9550]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1259.891858][ T9550]  ? l2tp_tunnel_create+0x249/0x3e0
[ 1259.891881][ T9550]  ? l2tp_tunnel_create+0x2d3/0x3e0
[ 1259.891910][ T9550]  pppol2tp_connect+0x87c/0x1750
[ 1259.891941][ T9550]  ? __pfx_pppol2tp_connect+0x10/0x10
[ 1259.891958][ T9550]  ? aa_sk_perm+0x81e/0x950
[ 1259.891982][ T9550]  ? __might_fault+0xb0/0x130
[ 1259.892007][ T9550]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1259.892036][ T9550]  ? bpf_lsm_socket_connect+0x9/0x20
[ 1259.892060][ T9550]  __sys_connect+0x313/0x440
[ 1259.892084][ T9550]  ? __fget_files+0x3a0/0x420
[ 1259.892101][ T9550]  ? __pfx___sys_connect+0x10/0x10
[ 1259.892139][ T9550]  ? __pfx_ksys_write+0x10/0x10
[ 1259.892170][ T9550]  ? rcu_is_watching+0x15/0xb0
[ 1259.892202][ T9550]  __x64_sys_connect+0x7a/0x90
[ 1259.892227][ T9550]  do_syscall_64+0xfa/0x3b0
[ 1259.892248][ T9550]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1259.892275][ T9550]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1259.892292][ T9550]  ? clear_bhb_loop+0x60/0xb0
[ 1259.892313][ T9550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1259.892330][ T9550] RIP: 0033:0x7f211218eb69
[ 1259.892347][ T9550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1259.892361][ T9550] RSP: 002b:00007f2112f43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1259.892381][ T9550] RAX: ffffffffffffffda RBX: 00007f21123b5fa0 RCX: 00007f211218eb69
[ 1259.892394][ T9550] RDX: 000000000000002e RSI: 0000200000001080 RDI: 0000000000000014
[ 1259.892406][ T9550] RBP: 00007f2112f43090 R08: 0000000000000000 R09: 0000000000000000
[ 1259.892417][ T9550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1259.892428][ T9550] R13: 0000000000000000 R14: 00007f21123b5fa0 R15: 00007fffd4081b18
[ 1259.892456][ T9550]  </TASK>
[ 1260.558837][ T9556] netlink: 'syz.4.12253': attribute type 29 has an invalid length.
[ 1260.573665][ T9556] netlink: 'syz.4.12253': attribute type 29 has an invalid length.
[ 1260.588762][ T9559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12254'.
[ 1260.741089][ T9566] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.12257'.
[ 1261.001099][ T9582] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[ 1261.114559][ T9524] chnl_net:caif_netlink_parms(): no params data found
[ 1261.262996][ T5845] Bluetooth: hci5: command tx timeout
[ 1261.407671][ T9595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12268'.
[ 1261.467274][ T9601] netlink: 'syz.1.12269': attribute type 72 has an invalid length.
[ 1261.531186][ T9605] macvlan2: entered promiscuous mode
[ 1261.540228][ T9605] macvlan2: entered allmulticast mode
[ 1261.557002][ T9605] bond10: (slave macvlan2): Opening slave failed
[ 1261.689493][ T9603] tipc: Started in network mode
[ 1261.696465][ T9603] tipc: Node identity 4670c76ad86f, cluster identity 4711
[ 1261.722663][ T9603] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1261.743333][ T9610] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1261.773918][ T9604] syzkaller0: entered promiscuous mode
[ 1261.790747][ T9604] syzkaller0: entered allmulticast mode
[ 1261.804845][ T9524] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1261.820324][ T9524] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1261.862514][ T9524] bridge_slave_0: entered allmulticast mode
[ 1261.883217][ T9524] bridge_slave_0: entered promiscuous mode
[ 1261.903795][ T9524] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1261.916722][ T9524] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1261.937733][ T9524] bridge_slave_1: entered allmulticast mode
[ 1261.950670][ T9524] bridge_slave_1: entered promiscuous mode
[ 1261.971535][ T9604] tipc: Resetting bearer <eth:syzkaller0>
[ 1262.062167][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1262.140172][ T9604] tipc: Disabling bearer <eth:syzkaller0>
[ 1262.190870][ T9624] netlink: 'syz.4.12275': attribute type 72 has an invalid length.
[ 1262.764079][ T9524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1262.807629][ T9524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1262.970605][ T9637] netlink: 'syz.3.12281': attribute type 72 has an invalid length.
[ 1263.018526][ T9524] team0: Port device team_slave_0 added
[ 1263.054330][ T9628] lo speed is unknown, defaulting to 1000
[ 1263.146409][ T9524] team0: Port device team_slave_1 added
[ 1263.157028][ T9644] netlink: 'syz.0.12283': attribute type 1 has an invalid length.
[ 1263.201593][ T9641] bpq0: entered promiscuous mode
[ 1263.213660][ T9641] bpq0: entered allmulticast mode
[ 1263.353583][ T5845] Bluetooth: hci5: command tx timeout
[ 1263.394215][ T9524] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1263.432800][ T9524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1263.495508][ T9524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1263.522671][ T9524] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1263.534667][ T9524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1263.579052][ T9524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1263.773060][ T9524] hsr_slave_0: entered promiscuous mode
[ 1263.781453][ T9524] hsr_slave_1: entered promiscuous mode
[ 1263.825243][ T9524] debugfs: 'hsr0' already exists in 'hsr'
[ 1263.850331][ T9524] Cannot create hsr debugfs directory
[ 1263.876315][ T9664] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12291'.
[ 1263.894912][ T9629] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12277'.
[ 1263.970270][ T9652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12277'.
[ 1264.061514][ T9670] netlink: 'syz.0.12293': attribute type 72 has an invalid length.
[ 1264.551007][ T9524] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1264.677078][ T9524] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1264.879536][ T9524] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1264.919282][ T9524] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1265.005196][ T9524] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1265.022546][ T9524] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1265.136078][ T9524] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1265.179221][ T9524] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1265.428662][ T5845] Bluetooth: hci5: command tx timeout
[ 1265.699837][ T9716] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.12308'.
[ 1265.822929][ T9524] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1265.893928][ T9524] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1265.937298][ T9524] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1265.973285][ T9524] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1266.238553][ T9524] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1266.253898][ T9747] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12319'.
[ 1266.295108][ T9524] 8021q: adding VLAN 0 to HW filter on device team0
[ 1266.340437][T22383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1266.347876][T22383] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1266.370112][T22383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1266.377423][T22383] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1266.419753][ T9750] netlink: 56 bytes leftover after parsing attributes in process `syz.4.12321'.
[ 1266.451668][ T9750] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12321'.
[ 1266.485067][ T9750] netlink: 84 bytes leftover after parsing attributes in process `syz.4.12321'.
[ 1266.485686][ T9754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12322'.
[ 1266.533503][ T9756] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.12323'.
[ 1266.541246][ T9754] vlan3: entered promiscuous mode
[ 1267.101478][ T9524] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1267.323282][ T9524] veth0_vlan: entered promiscuous mode
[ 1267.352862][ T9786] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12336'.
[ 1267.363164][ T9786] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12336'.
[ 1267.390167][ T9786] netlink: 124 bytes leftover after parsing attributes in process `syz.1.12336'.
[ 1267.405060][ T9524] veth1_vlan: entered promiscuous mode
[ 1267.483325][ T9524] veth0_macvtap: entered promiscuous mode
[ 1267.505642][ T5845] Bluetooth: hci5: command tx timeout
[ 1267.526345][ T9524] veth1_macvtap: entered promiscuous mode
[ 1267.571968][ T9524] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1267.615756][ T9524] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1267.675606][T22383] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.691392][T22383] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.724053][T22383] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.776833][T22383] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1267.825697][ T9803] netlink: 'syz.3.12343': attribute type 10 has an invalid length.
[ 1267.848966][ T9803] team0: Port device dummy0 added
[ 1267.894211][ T9806] 8021q: VLANs not supported on lo
[ 1268.044686][T22381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1268.067856][T22381] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1268.196737][T22383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1268.214700][T22383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1268.465592][ T9824] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1269.379905][T18970] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1269.398140][T18970] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1269.409396][T18970] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1269.419973][T18970] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1269.431529][T18970] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1269.535133][ T9850] lo speed is unknown, defaulting to 1000
[ 1269.582880][ T5845] Bluetooth: hci5: command tx timeout
[ 1269.767663][ T9868] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1270.717020][ T9850] chnl_net:caif_netlink_parms(): no params data found
[ 1270.888269][ T9897] __nla_validate_parse: 1 callbacks suppressed
[ 1270.888288][ T9897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12377'.
[ 1270.916344][ T9897] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12377'.
[ 1271.374950][ T9917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1271.392721][ T9850] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1271.415800][ T9850] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1271.453740][ T9850] bridge_slave_0: entered allmulticast mode
[ 1271.468654][ T9850] bridge_slave_0: entered promiscuous mode
[ 1271.476997][ T9919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1271.498895][ T9850] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1271.507862][ T5845] Bluetooth: hci1: command tx timeout
[ 1271.516542][ T9850] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1271.525768][ T9850] bridge_slave_1: entered allmulticast mode
[ 1271.534195][ T9850] bridge_slave_1: entered promiscuous mode
[ 1271.641699][ T9927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12389'.
[ 1271.654833][ T9850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1271.667462][ T9927] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12389'.
[ 1271.684159][ T9850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1271.843719][ T9850] team0: Port device team_slave_0 added
[ 1271.878763][ T9850] team0: Port device team_slave_1 added
[ 1271.895818][ T9931] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12391'.
[ 1271.951025][ T9850] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1271.976041][ T9850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1272.047943][ T9850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1272.078760][ T9850] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1272.090390][ T9850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1272.119363][ T9850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1272.335461][ T9850] hsr_slave_0: entered promiscuous mode
[ 1272.364398][ T9850] hsr_slave_1: entered promiscuous mode
[ 1272.385040][ T9850] debugfs: 'hsr0' already exists in 'hsr'
[ 1272.399867][ T9850] Cannot create hsr debugfs directory
[ 1272.630515][ T9958] netlink: 64 bytes leftover after parsing attributes in process `syz.2.12401'.
[ 1272.814309][ T9962] bpq0: left promiscuous mode
[ 1272.819420][ T9962] bpq0: left allmulticast mode
[ 1272.888083][ T9965] netlink: 56 bytes leftover after parsing attributes in process `syz.4.12405'.
[ 1273.114774][ T9975] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.12409'.
[ 1273.599517][ T5845] Bluetooth: hci1: command tx timeout
[ 1274.229358][ T9997] lo speed is unknown, defaulting to 1000
[ 1274.250162][ T9850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1274.279616][ T9850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1274.608308][ T9850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1274.648030][ T9850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1274.957533][ T9850] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1274.997614][T10022] bpq0: entered promiscuous mode
[ 1275.017611][T10022] bpq0: entered allmulticast mode
[ 1275.039449][T10025] netlink: 'syz.2.12423': attribute type 1 has an invalid length.
[ 1275.073152][T10024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12424'.
[ 1275.083805][T10024] netlink: 72 bytes leftover after parsing attributes in process `syz.3.12424'.
[ 1275.160811][ T9850] 8021q: adding VLAN 0 to HW filter on device team0
[ 1275.208461][T22387] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.215943][T22387] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1275.279937][T22387] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1275.287258][T22387] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1275.317811][ T9992] lo speed is unknown, defaulting to 1000
[ 1275.672613][ T5845] Bluetooth: hci1: command tx timeout
[ 1276.068937][T10047] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.12431'.
[ 1276.202610][ T9850] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1276.278608][ T9850] veth0_vlan: entered promiscuous mode
[ 1276.301691][T10052] FAULT_INJECTION: forcing a failure.
[ 1276.301691][T10052] name failslab, interval 1, probability 0, space 0, times 0
[ 1276.318921][T10052] CPU: 1 UID: 0 PID: 10052 Comm: syz.3.12434 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1276.318950][T10052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1276.318962][T10052] Call Trace:
[ 1276.318971][T10052]  <TASK>
[ 1276.318979][T10052]  dump_stack_lvl+0x189/0x250
[ 1276.319002][T10052]  ? __pfx____ratelimit+0x10/0x10
[ 1276.319025][T10052]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1276.319041][T10052]  ? __pfx__printk+0x10/0x10
[ 1276.319061][T10052]  ? crng_make_state+0x3fc/0x700
[ 1276.319084][T10052]  ? crng_make_state+0x13a/0x700
[ 1276.319109][T10052]  should_fail_ex+0x414/0x560
[ 1276.319139][T10052]  should_failslab+0xa8/0x100
[ 1276.319156][T10052]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1276.319180][T10052]  ? sctp_add_bind_addr+0x8c/0x370
[ 1276.319207][T10052]  sctp_add_bind_addr+0x8c/0x370
[ 1276.319235][T10052]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1276.319261][T10052]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1276.319284][T10052]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1276.319308][T10052]  ? sctp_v6_is_any+0x64/0x80
[ 1276.319332][T10052]  ? sctp_copy_one_addr+0x93/0x360
[ 1276.319356][T10052]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1276.319379][T10052]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1276.319403][T10052]  sctp_connect_new_asoc+0x2e0/0x690
[ 1276.319425][T10052]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1276.319445][T10052]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1276.319462][T10052]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1276.319477][T10052]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1276.319497][T10052]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1276.319518][T10052]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1276.319541][T10052]  sctp_sendmsg+0x155c/0x2810
[ 1276.319581][T10052]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1276.319611][T10052]  ? aa_sk_perm+0x81e/0x950
[ 1276.319638][T10052]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1276.319663][T10052]  ? sock_rps_record_flow+0x19/0x410
[ 1276.319688][T10052]  ? inet_sendmsg+0x2f4/0x370
[ 1276.319708][T10052]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1276.319732][T10052]  __sock_sendmsg+0x19c/0x270
[ 1276.319758][T10052]  __sys_sendto+0x3bd/0x520
[ 1276.319791][T10052]  ? __pfx___sys_sendto+0x10/0x10
[ 1276.319813][T10052]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1276.319852][T10052]  ? __fget_files+0x3a0/0x420
[ 1276.319889][T10052]  ? ksys_write+0x22a/0x250
[ 1276.319916][T10052]  ? __pfx_ksys_write+0x10/0x10
[ 1276.319937][T10052]  ? rcu_is_watching+0x15/0xb0
[ 1276.319969][T10052]  __x64_sys_sendto+0xde/0x100
[ 1276.319998][T10052]  do_syscall_64+0xfa/0x3b0
[ 1276.320025][T10052]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.320051][T10052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.320068][T10052]  ? clear_bhb_loop+0x60/0xb0
[ 1276.320091][T10052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.320108][T10052] RIP: 0033:0x7f3a04f8eb69
[ 1276.320126][T10052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.320142][T10052] RSP: 002b:00007f3a05e71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1276.320163][T10052] RAX: ffffffffffffffda RBX: 00007f3a051b5fa0 RCX: 00007f3a04f8eb69
[ 1276.320175][T10052] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[ 1276.320188][T10052] RBP: 00007f3a05e71090 R08: 0000200000000280 R09: 000000000000001c
[ 1276.320201][T10052] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000001
[ 1276.320213][T10052] R13: 0000000000000000 R14: 00007f3a051b5fa0 R15: 00007ffff252c7c8
[ 1276.320245][T10052]  </TASK>
[ 1276.374444][ T9850] veth1_vlan: entered promiscuous mode
[ 1276.826337][T10061] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12437'.
[ 1276.928640][T10065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12438'.
[ 1277.005950][T10061] hsr_slave_1 (unregistering): left promiscuous mode
[ 1277.285170][ T9850] veth0_macvtap: entered promiscuous mode
[ 1277.316331][ T9850] veth1_macvtap: entered promiscuous mode
[ 1277.407085][ T9850] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1277.489548][ T9850] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1277.516560][T10080] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.12443'.
[ 1277.552309][T22372] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.561482][T22372] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.672601][T22372] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.683329][T10084] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.12445'.
[ 1277.696735][T22372] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1277.761371][ T5845] Bluetooth: hci1: command tx timeout
[ 1277.767597][T10091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12446'.
[ 1277.781229][T10090] netlink: 'syz.0.12447': attribute type 72 has an invalid length.
[ 1278.124304][T10091] bridge0: entered allmulticast mode
[ 1278.301175][T10103] FAULT_INJECTION: forcing a failure.
[ 1278.301175][T10103] name failslab, interval 1, probability 0, space 0, times 0
[ 1278.344938][T10103] CPU: 1 UID: 0 PID: 10103 Comm: syz.0.12450 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1278.344966][T10103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1278.344977][T10103] Call Trace:
[ 1278.344986][T10103]  <TASK>
[ 1278.344994][T10103]  dump_stack_lvl+0x189/0x250
[ 1278.345018][T10103]  ? __pfx____ratelimit+0x10/0x10
[ 1278.345043][T10103]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1278.345062][T10103]  ? __pfx__printk+0x10/0x10
[ 1278.345090][T10103]  ? ktime_get+0x3e/0x1f0
[ 1278.345114][T10103]  should_fail_ex+0x414/0x560
[ 1278.345146][T10103]  should_failslab+0xa8/0x100
[ 1278.345167][T10103]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1278.345193][T10103]  ? __alloc_skb+0x112/0x2d0
[ 1278.345222][T10103]  __alloc_skb+0x112/0x2d0
[ 1278.345252][T10103]  tcp_stream_alloc_skb+0x3d/0x340
[ 1278.345280][T10103]  tcp_write_xmit+0xeec/0x67f0
[ 1278.345352][T10103]  __tcp_push_pending_frames+0x97/0x360
[ 1278.345370][T10103]  ? tcp_push+0x424/0x660
[ 1278.345392][T10103]  tcp_sendmsg_locked+0x4afd/0x5620
[ 1278.345484][T10103]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1278.345505][T10103]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1278.345533][T10103]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1278.345568][T10103]  tcp_sendmsg+0x2f/0x50
[ 1278.345589][T10103]  __sock_sendmsg+0x19c/0x270
[ 1278.345615][T10103]  __sys_sendto+0x3bd/0x520
[ 1278.345642][T10103]  ? __pfx___sys_sendto+0x10/0x10
[ 1278.345663][T10103]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1278.345700][T10103]  ? __fget_files+0x3a0/0x420
[ 1278.345730][T10103]  ? ksys_write+0x22a/0x250
[ 1278.345754][T10103]  ? __pfx_ksys_write+0x10/0x10
[ 1278.345783][T10103]  __x64_sys_sendto+0xde/0x100
[ 1278.345811][T10103]  do_syscall_64+0xfa/0x3b0
[ 1278.345833][T10103]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1278.345857][T10103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.345874][T10103]  ? clear_bhb_loop+0x60/0xb0
[ 1278.345897][T10103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.345913][T10103] RIP: 0033:0x7f2235b8eb69
[ 1278.345930][T10103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1278.345946][T10103] RSP: 002b:00007f22339f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1278.345967][T10103] RAX: ffffffffffffffda RBX: 00007f2235db5fa0 RCX: 00007f2235b8eb69
[ 1278.345981][T10103] RDX: 0000000000000381 RSI: 00002000000004c0 RDI: 0000000000000003
[ 1278.345993][T10103] RBP: 00007f22339f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1278.346005][T10103] R10: 0000000000000812 R11: 0000000000000246 R12: 0000000000000001
[ 1278.346032][T10103] R13: 0000000000000000 R14: 00007f2235db5fa0 R15: 00007ffd5622ec98
[ 1278.346064][T10103]  </TASK>
[ 1278.404348][T22372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1278.404373][T22372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1278.834696][T10112] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12452'.
[ 1278.881252][T10114] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12453'.
[ 1278.981112][T10112] hsr_slave_1 (unregistering): left promiscuous mode
[ 1279.200512][T22372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1279.235156][T22372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1279.289307][T10125] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12456'.
[ 1279.301007][T10125] netlink: 'syz.0.12456': attribute type 11 has an invalid length.
[ 1279.317768][T10125] netlink: 72 bytes leftover after parsing attributes in process `syz.0.12456'.
[ 1280.626756][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1280.709000][T18970] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1280.719477][T18970] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1280.733948][T18970] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1280.744631][T18970] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1280.755277][T18970] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1281.096156][T10155] lo speed is unknown, defaulting to 1000
[ 1281.192834][T10163] netlink: 'syz.3.12468': attribute type 1 has an invalid length.
[ 1281.325984][T10163] bond11: entered promiscuous mode
[ 1281.350036][T10163] 8021q: adding VLAN 0 to HW filter on device bond11
[ 1281.397724][T10172] netlink: 'syz.1.12469': attribute type 1 has an invalid length.
[ 1281.425565][T10173] vxcan4: entered promiscuous mode
[ 1281.475207][T10167] bond11: (slave bridge3): making interface the new active one
[ 1281.521839][T10167] bridge3: entered promiscuous mode
[ 1281.541841][T10167] bond11: (slave bridge3): Enslaving as an active interface with an up link
[ 1282.021205][T16828] IPVS: starting estimator thread 0...
[ 1282.122906][T10197] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1282.187021][T10204] netlink: 'syz.0.12479': attribute type 1 has an invalid length.
[ 1282.238475][T10155] chnl_net:caif_netlink_parms(): no params data found
[ 1282.563870][T10155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1282.592305][T10155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1282.610583][T10155] bridge_slave_0: entered allmulticast mode
[ 1282.637779][T10155] bridge_slave_0: entered promiscuous mode
[ 1282.664796][T10155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1282.693992][T10155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1282.722716][T10155] bridge_slave_1: entered allmulticast mode
[ 1282.743806][T10155] bridge_slave_1: entered promiscuous mode
[ 1282.862366][ T5845] Bluetooth: hci2: command tx timeout
[ 1282.890182][T10155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1282.956295][T10155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1283.146549][T10155] team0: Port device team_slave_0 added
[ 1283.170202][T10243] __nla_validate_parse: 4 callbacks suppressed
[ 1283.170223][T10243] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12496'.
[ 1283.223857][T10155] team0: Port device team_slave_1 added
[ 1283.556876][T10155] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1283.577833][T10258] netlink: 44 bytes leftover after parsing attributes in process `syz.2.12500'.
[ 1283.580817][T10155] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1283.645977][T10258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12500'.
[ 1283.671905][T10155] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1283.722980][T10155] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1283.738196][T10155] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1283.856688][T10155] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1283.883987][T10255] tipc: Started in network mode
[ 1283.893584][T10255] tipc: Node identity ac1414aa, cluster identity 4711
[ 1283.914536][T10255] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1284.167996][T10155] hsr_slave_0: entered promiscuous mode
[ 1284.193785][T10155] hsr_slave_1: entered promiscuous mode
[ 1284.221694][T10155] debugfs: 'hsr0' already exists in 'hsr'
[ 1284.240904][T10155] Cannot create hsr debugfs directory
[ 1284.463354][    C1] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[ 1284.578506][T10285] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12511'.
[ 1284.604083][T10285] netlink: 'syz.3.12511': attribute type 11 has an invalid length.
[ 1284.632202][T10285] netlink: 72 bytes leftover after parsing attributes in process `syz.3.12511'.
[ 1284.636157][T10287] netlink: 'syz.1.12512': attribute type 1 has an invalid length.
[ 1284.738678][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12512'.
[ 1284.954232][ T5845] Bluetooth: hci2: command tx timeout
[ 1284.993052][T10302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12514'.
[ 1285.039254][T16828] tipc: Node number set to 2886997162
[ 1285.106177][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1285.114416][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1285.151610][T10155] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1285.316926][T10155] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1285.438896][T10311] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1287.033843][ T5845] Bluetooth: hci2: command tx timeout
[ 1288.738951][T10155] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.836275][T10155] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.966855][T10325] bpq0: left allmulticast mode
[ 1289.102458][ T5845] Bluetooth: hci2: command tx timeout
[ 1289.204388][T10155] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1289.228425][T10155] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1289.264124][T10155] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1289.304860][T10155] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1289.331511][T10338] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12530'.
[ 1289.347548][T10334] bridge1: entered allmulticast mode
[ 1289.352750][T10338] netlink: 72 bytes leftover after parsing attributes in process `syz.3.12530'.
[ 1289.575414][T10155] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1289.629471][T10155] 8021q: adding VLAN 0 to HW filter on device team0
[ 1289.664548][T10352] netlink: 'syz.2.12534': attribute type 1 has an invalid length.
[ 1289.685627][T22382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1289.693419][T22382] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1289.720052][T22382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1289.727546][T22382] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1289.853468][T10352] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1289.958528][T10364] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12539'.
[ 1290.023731][T10364] FAULT_INJECTION: forcing a failure.
[ 1290.023731][T10364] name failslab, interval 1, probability 0, space 0, times 0
[ 1290.064577][T10364] CPU: 0 UID: 0 PID: 10364 Comm: syz.0.12539 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1290.064607][T10364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1290.064619][T10364] Call Trace:
[ 1290.064628][T10364]  <TASK>
[ 1290.064637][T10364]  dump_stack_lvl+0x189/0x250
[ 1290.064661][T10364]  ? __pfx____ratelimit+0x10/0x10
[ 1290.064687][T10364]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1290.064707][T10364]  ? __pfx__printk+0x10/0x10
[ 1290.064736][T10364]  ? __pfx___might_resched+0x10/0x10
[ 1290.064759][T10364]  ? fs_reclaim_acquire+0x7d/0x100
[ 1290.064785][T10364]  should_fail_ex+0x414/0x560
[ 1290.064817][T10364]  ? alloc_netdev_mqs+0xc59/0x1170
[ 1290.064837][T10364]  should_failslab+0xa8/0x100
[ 1290.064857][T10364]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1290.064884][T10364]  ? alloc_netdev_mqs+0xc59/0x1170
[ 1290.064902][T10364]  ? alloc_netdev_mqs+0xbf1/0x1170
[ 1290.064929][T10364]  alloc_netdev_mqs+0xc59/0x1170
[ 1290.064959][T10364]  rtnl_create_link+0x31f/0xd10
[ 1290.064988][T10364]  rtnl_newlink_create+0x25c/0xb00
[ 1290.065015][T10364]  ? __mutex_lock+0x5b6/0x1340
[ 1290.065044][T10364]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1290.065066][T10364]  ? __pfx___mutex_lock+0x10/0x10
[ 1290.065102][T10364]  ? ns_capable+0x8a/0xf0
[ 1290.065132][T10364]  rtnl_newlink+0x16d6/0x1c70
[ 1290.065159][T10364]  ? netlink_sendmsg+0x805/0xb30
[ 1290.065197][T10364]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1290.065247][T10364]  ? kasan_quarantine_put+0xdd/0x220
[ 1290.065270][T10364]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1290.065302][T10364]  ? nlmon_xmit+0xb0/0x100
[ 1290.065400][T10364]  ? kmem_cache_free+0x18f/0x400
[ 1290.065440][T10364]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1290.065468][T10364]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1290.065498][T10364]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1290.065524][T10364]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1290.065555][T10364]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1290.065607][T10364]  ? __lock_acquire+0xab9/0xd20
[ 1290.065663][T10364]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1290.065688][T10364]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1290.065719][T10364]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1290.065744][T10364]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1290.065766][T10364]  ? ref_tracker_free+0x63a/0x7d0
[ 1290.065787][T10364]  ? __asan_memcpy+0x40/0x70
[ 1290.065808][T10364]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1290.065841][T10364]  netlink_rcv_skb+0x205/0x470
[ 1290.065867][T10364]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1290.065895][T10364]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1290.065934][T10364]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1290.065972][T10364]  netlink_unicast+0x82c/0x9e0
[ 1290.066007][T10364]  ? __pfx_netlink_unicast+0x10/0x10
[ 1290.066032][T10364]  ? netlink_sendmsg+0x642/0xb30
[ 1290.066055][T10364]  ? skb_put+0x11b/0x210
[ 1290.066079][T10364]  netlink_sendmsg+0x805/0xb30
[ 1290.066117][T10364]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1290.066147][T10364]  ? aa_sock_msg_perm+0x94/0x160
[ 1290.066174][T10364]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1290.066197][T10364]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1290.066224][T10364]  __sock_sendmsg+0x219/0x270
[ 1290.066252][T10364]  ____sys_sendmsg+0x505/0x830
[ 1290.066281][T10364]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1290.066312][T10364]  ? import_iovec+0x74/0xa0
[ 1290.066342][T10364]  ___sys_sendmsg+0x21f/0x2a0
[ 1290.066366][T10364]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1290.066429][T10364]  ? __fget_files+0x2a/0x420
[ 1290.066448][T10364]  ? __fget_files+0x3a0/0x420
[ 1290.066480][T10364]  __x64_sys_sendmsg+0x19b/0x260
[ 1290.066503][T10364]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1290.066535][T10364]  ? __pfx_ksys_write+0x10/0x10
[ 1290.066558][T10364]  ? rcu_is_watching+0x15/0xb0
[ 1290.066630][T10364]  ? do_syscall_64+0xbe/0x3b0
[ 1290.066660][T10364]  do_syscall_64+0xfa/0x3b0
[ 1290.066684][T10364]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1290.066707][T10364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1290.066726][T10364]  ? clear_bhb_loop+0x60/0xb0
[ 1290.066749][T10364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1290.066768][T10364] RIP: 0033:0x7f2235b8eb69
[ 1290.066787][T10364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1290.066804][T10364] RSP: 002b:00007f22339f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1290.066827][T10364] RAX: ffffffffffffffda RBX: 00007f2235db5fa0 RCX: 00007f2235b8eb69
[ 1290.066840][T10364] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1290.066853][T10364] RBP: 00007f22339f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1290.066866][T10364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1290.066878][T10364] R13: 0000000000000000 R14: 00007f2235db5fa0 R15: 00007ffd5622ec98
[ 1290.066913][T10364]  </TASK>
[ 1290.617678][T10155] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1290.675777][T10371] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12541'.
[ 1291.033137][T10386] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12547'.
[ 1291.046655][T10386] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12547'.
[ 1291.113465][T10155] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1291.239279][T10394] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.12548'.
[ 1291.273185][T10394] netlink: zone id is out of range
[ 1291.278743][T10394] netlink: zone id is out of range
[ 1291.321269][T10394] netlink: zone id is out of range
[ 1291.351644][T10394] netlink: zone id is out of range
[ 1291.363652][T10394] netlink: zone id is out of range
[ 1291.369021][T10394] netlink: get zone limit has 8 unknown bytes
[ 1291.415963][T10400] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.12551'.
[ 1291.569354][T10398] lo speed is unknown, defaulting to 1000
[ 1291.904689][T10420] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12559'.
[ 1291.944682][T10155] veth0_vlan: entered promiscuous mode
[ 1291.946482][T10420] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12559'.
[ 1291.974283][T10155] veth1_vlan: entered promiscuous mode
[ 1292.161524][T10155] veth0_macvtap: entered promiscuous mode
[ 1292.209642][T10155] veth1_macvtap: entered promiscuous mode
[ 1292.225721][T10428] netlink: 'syz.2.12563': attribute type 3 has an invalid length.
[ 1292.285919][T10155] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1292.337690][T10155] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1292.376234][T22383] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.406596][T22383] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.442995][T22383] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.472232][T22383] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.565774][T10439] netlink: 'syz.0.12568': attribute type 10 has an invalid length.
[ 1292.821412][T22381] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1292.833863][T22381] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1293.360793][T10453] vlan2: entered promiscuous mode
[ 1293.372178][T10453] bond0: entered promiscuous mode
[ 1293.380338][T10453] bond_slave_0: entered promiscuous mode
[ 1293.388119][T10453] bond_slave_1: entered promiscuous mode
[ 1293.460588][ T1385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1293.465027][T10455] bpq0: entered allmulticast mode
[ 1293.475642][ T1385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1293.800192][T10462] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.884795][T10462] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1294.173611][T10470] netem: change failed
[ 1294.359544][T10467] lo speed is unknown, defaulting to 1000
[ 1294.495275][T10482] __nla_validate_parse: 6 callbacks suppressed
[ 1294.495295][T10482] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.12581'.
[ 1294.773502][T18970] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1294.787307][T18970] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1294.798298][T18970] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1294.807564][T18970] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1294.816109][T18970] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1294.945239][T10496] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12586'.
[ 1295.148983][T10489] lo speed is unknown, defaulting to 1000
[ 1295.556987][T10513] netlink: 'syz.2.12594': attribute type 72 has an invalid length.
[ 1295.863698][T10525] netlink: 'syz.2.12600': attribute type 1 has an invalid length.
[ 1295.957130][T10525] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1296.186597][T10536] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.12603'.
[ 1296.247071][T10540] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1296.407492][T16828] IPVS: starting estimator thread 0...
[ 1296.512406][T10546] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1296.531144][T10489] chnl_net:caif_netlink_parms(): no params data found
[ 1296.871631][T10489] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1296.902578][T10489] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1296.910397][T10489] bridge_slave_0: entered allmulticast mode
[ 1296.943754][ T5845] Bluetooth: hci3: command tx timeout
[ 1296.955914][T10489] bridge_slave_0: entered promiscuous mode
[ 1296.976717][T10489] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1296.995066][T10489] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1297.021085][T10489] bridge_slave_1: entered allmulticast mode
[ 1297.030411][T10489] bridge_slave_1: entered promiscuous mode
[ 1297.042739][T10575] netlink: 216 bytes leftover after parsing attributes in process `syz.4.12616'.
[ 1297.081417][T10572] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12616'.
[ 1297.091108][T10575] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12616'.
[ 1297.091945][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12613'.
[ 1297.133462][T10575] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12616'.
[ 1297.189195][T10576] veth1_macvtap: left promiscuous mode
[ 1297.438856][T10489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1297.485003][T10566] lo speed is unknown, defaulting to 1000
[ 1297.495832][T10489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1297.716536][T10489] team0: Port device team_slave_0 added
[ 1297.736771][T10489] team0: Port device team_slave_1 added
[ 1297.943626][T10489] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1297.977109][T10489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1298.021039][T10489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1298.059247][T10489] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1298.112407][T10489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1298.164093][T10489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1298.201539][T10588] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12621'.
[ 1298.219932][T10588] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12621'.
[ 1298.448751][T10489] hsr_slave_0: entered promiscuous mode
[ 1298.464895][T10489] hsr_slave_1: entered promiscuous mode
[ 1298.481258][T10489] debugfs: 'hsr0' already exists in 'hsr'
[ 1298.508258][T10489] Cannot create hsr debugfs directory
[ 1298.554817][T10437] IPVS: starting estimator thread 0...
[ 1298.642657][T10602] IPVS: using max 31 ests per chain, 74400 per kthread
[ 1298.781679][T10606] netlink: 'syz.0.12627': attribute type 1 has an invalid length.
[ 1298.953220][T10606] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1299.029439][ T5845] Bluetooth: hci3: command tx timeout
[ 1299.269131][T10615] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1299.301131][T10615] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1299.665088][T10489] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1299.900735][T10489] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1300.067874][T10489] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1300.085059][T10632] __nla_validate_parse: 1 callbacks suppressed
[ 1300.085078][T10632] netlink: 44 bytes leftover after parsing attributes in process `syz.2.12636'.
[ 1300.244567][T10489] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1300.462237][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1300.473672][ T1304] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[ 1300.475051][T10638] netlink: 'syz.2.12639': attribute type 1 has an invalid length.
[ 1300.573569][T10638] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1300.588935][T10642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12640'.
[ 1300.604654][T10642] netlink: 'syz.4.12640': attribute type 11 has an invalid length.
[ 1300.617308][T10642] netlink: 72 bytes leftover after parsing attributes in process `syz.4.12640'.
[ 1300.726243][T10489] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1300.768882][T10489] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1300.786458][T10613] Can't find ip_set type hash:m
[ 1300.820915][T10489] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1300.854362][T10647] netlink: 108 bytes leftover after parsing attributes in process `syz.4.12641'.
[ 1300.919965][T10489] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1301.001442][T10651] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12643'.
[ 1301.104685][ T5845] Bluetooth: hci3: command tx timeout
[ 1301.178162][T10658] macvlan2: entered promiscuous mode
[ 1301.187384][T10658] macvlan2: entered allmulticast mode
[ 1301.194757][T10658] bond2: (slave macvlan2): Opening slave failed
[ 1301.302866][T10489] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1301.415300][T10489] 8021q: adding VLAN 0 to HW filter on device team0
[ 1301.505239][T22383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1301.512898][T22383] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1301.568762][T22383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1301.576794][T22383] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1301.899495][T10683] netlink: 108 bytes leftover after parsing attributes in process `syz.0.12654'.
[ 1302.119128][T10688] netlink: 'syz.0.12656': attribute type 1 has an invalid length.
[ 1302.216347][T10688] bond3: entered promiscuous mode
[ 1302.229801][T10688] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1302.258392][T10695] netlink: 'syz.2.12657': attribute type 1 has an invalid length.
[ 1302.301318][T10695] bond3: entered promiscuous mode
[ 1302.316807][T10695] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1302.388150][T10693] bond3: (slave bridge2): making interface the new active one
[ 1302.423479][T10693] bridge2: entered promiscuous mode
[ 1302.450319][T10693] bond3: (slave bridge2): Enslaving as an active interface with an up link
[ 1302.496748][T10697] bond3: (slave bridge2): making interface the new active one
[ 1302.506128][T10697] bridge2: entered promiscuous mode
[ 1302.515222][T10697] bond3: (slave bridge2): Enslaving as an active interface with an up link
[ 1302.755369][T10702] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.12658'.
[ 1302.790507][T10489] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1302.920451][T10489] veth0_vlan: entered promiscuous mode
[ 1302.956819][T10710] FAULT_INJECTION: forcing a failure.
[ 1302.956819][T10710] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1302.978026][T10710] CPU: 0 UID: 0 PID: 10710 Comm: syz.2.12660 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1302.978054][T10710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1302.978066][T10710] Call Trace:
[ 1302.978074][T10710]  <TASK>
[ 1302.978083][T10710]  dump_stack_lvl+0x189/0x250
[ 1302.978109][T10710]  ? __pfx____ratelimit+0x10/0x10
[ 1302.978132][T10710]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1302.978278][T10710]  ? __pfx__printk+0x10/0x10
[ 1302.978316][T10710]  should_fail_ex+0x414/0x560
[ 1302.978347][T10710]  _copy_to_user+0x31/0xb0
[ 1302.978373][T10710]  simple_read_from_buffer+0xe1/0x170
[ 1302.978405][T10710]  proc_fail_nth_read+0x1b3/0x220
[ 1302.978431][T10710]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1302.978456][T10710]  ? rw_verify_area+0x258/0x650
[ 1302.978479][T10710]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1302.978503][T10710]  vfs_read+0x1fd/0x980
[ 1302.978526][T10710]  ? fdget_pos+0x247/0x320
[ 1302.978550][T10710]  ? __pfx___mutex_lock+0x10/0x10
[ 1302.978577][T10710]  ? __pfx_vfs_read+0x10/0x10
[ 1302.978603][T10710]  ? __fget_files+0x2a/0x420
[ 1302.978627][T10710]  ? __fget_files+0x3a0/0x420
[ 1302.978645][T10710]  ? __fget_files+0x2a/0x420
[ 1302.978672][T10710]  ksys_read+0x145/0x250
[ 1302.978700][T10710]  ? __pfx_ksys_read+0x10/0x10
[ 1302.978723][T10710]  ? rcu_is_watching+0x15/0xb0
[ 1302.978755][T10710]  ? do_syscall_64+0xbe/0x3b0
[ 1302.978800][T10710]  do_syscall_64+0xfa/0x3b0
[ 1302.978822][T10710]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1302.978845][T10710]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.978865][T10710]  ? clear_bhb_loop+0x60/0xb0
[ 1302.978889][T10710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.978907][T10710] RIP: 0033:0x7f4044d8d57c
[ 1302.978925][T10710] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1302.978939][T10710] RSP: 002b:00007f4045bf7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1302.978960][T10710] RAX: ffffffffffffffda RBX: 00007f4044fb6080 RCX: 00007f4044d8d57c
[ 1302.978972][T10710] RDX: 000000000000000f RSI: 00007f4045bf70a0 RDI: 0000000000000007
[ 1302.978981][T10710] RBP: 00007f4045bf7090 R08: 0000000000000000 R09: 0000000000000000
[ 1302.978990][T10710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1302.978999][T10710] R13: 0000000000000000 R14: 00007f4044fb6080 R15: 00007fffd1c40528
[ 1302.979025][T10710]  </TASK>
[ 1302.979955][T10489] veth1_vlan: entered promiscuous mode
[ 1303.183244][ T5845] Bluetooth: hci3: command tx timeout
[ 1303.219554][T10713] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.12662'.
[ 1303.434584][T10489] veth0_macvtap: entered promiscuous mode
[ 1303.464314][T10489] veth1_macvtap: entered promiscuous mode
[ 1303.517076][T10489] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1303.568143][T10489] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1303.682524][T22371] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.695749][T22371] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.725386][T22371] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.779409][T22371] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1303.912351][T10727] netlink: 'syz.0.12668': attribute type 1 has an invalid length.
[ 1304.007444][T10727] bond4: entered promiscuous mode
[ 1304.023548][T10727] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1304.051068][T22372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.071356][T22372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1304.077362][T10725] bond4: (slave bridge3): making interface the new active one
[ 1304.100369][T10725] bridge3: entered promiscuous mode
[ 1304.115604][T10725] bond4: (slave bridge3): Enslaving as an active interface with an up link
[ 1304.360264][T22382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.381505][T22382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1304.401700][T10736] netlink: 248 bytes leftover after parsing attributes in process `syz.0.12672'.
[ 1304.554531][T10742] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1304.581131][T10740] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.12673'.
[ 1304.834063][T10681] Can't find ip_set type hash:m
[ 1305.054315][T10570] Set syz1 is full, maxelem 65536 reached
[ 1305.057824][T10755] netlink: 'syz.3.12679': attribute type 1 has an invalid length.
[ 1305.162827][T10764] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.12680'.
[ 1305.188447][T10755] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1305.214186][T10765] netlink: 'syz.0.12681': attribute type 1 has an invalid length.
[ 1305.375637][T10765] bond5: entered promiscuous mode
[ 1305.382232][T10765] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1305.459258][T10784] netlink: 'syz.3.12684': attribute type 4 has an invalid length.
[ 1305.479624][T10767] bond5: (slave bridge4): making interface the new active one
[ 1305.497375][T10767] bridge4: entered promiscuous mode
[ 1305.524162][T10767] bond5: (slave bridge4): Enslaving as an active interface with an up link
[ 1305.525623][T10787] netlink: 'syz.3.12684': attribute type 4 has an invalid length.
[ 1305.560992][T10772] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1305.582236][    C1] ip6_tunnel: ip6gre3 xmit: Local address not yet configured!
[ 1305.888651][T10793] pim6reg: entered allmulticast mode
[ 1305.926287][T10791] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12687'.
[ 1305.992786][T10793] pim6reg: left allmulticast mode
[ 1306.173845][T10805] netlink: 44 bytes leftover after parsing attributes in process `syz.3.12692'.
[ 1306.183990][T10805] netlink: 43 bytes leftover after parsing attributes in process `syz.3.12692'.
[ 1306.193526][T10805] netlink: 'syz.3.12692': attribute type 5 has an invalid length.
[ 1306.201743][T10805] netlink: 43 bytes leftover after parsing attributes in process `syz.3.12692'.
[ 1306.358173][T10807] netlink: 34 bytes leftover after parsing attributes in process `syz.1.12693'.
[ 1306.400421][T10815] netlink: 144 bytes leftover after parsing attributes in process `syz.3.12692'.
[ 1306.433884][T10797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1306.445149][T10807] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12693'.
[ 1306.580038][T10813] lo speed is unknown, defaulting to 1000
[ 1306.750354][T10829] netlink: 'syz.1.12698': attribute type 1 has an invalid length.
[ 1306.910843][T10829] bond1: entered promiscuous mode
[ 1306.923199][T10829] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1307.002289][T10833] bond1: (slave bridge1): making interface the new active one
[ 1307.019640][T10833] bridge1: entered promiscuous mode
[ 1307.057966][T10833] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1307.254729][T10845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12705'.
[ 1307.328973][T10845] vlan2: entered promiscuous mode
[ 1307.342910][T10845] dummy0: entered promiscuous mode
[ 1307.634629][T10858] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.12709'.
[ 1308.008829][T10870] netlink: 'syz.4.12714': attribute type 1 has an invalid length.
[ 1308.122741][T10870] bond1: entered promiscuous mode
[ 1308.139288][T10870] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1308.227833][T10877] hsr_slave_1 (unregistering): left promiscuous mode
[ 1308.365438][T10872] bond1: (slave bridge1): making interface the new active one
[ 1308.373374][T10872] bridge1: entered promiscuous mode
[ 1308.380209][T10872] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1308.894334][T10905] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1309.141605][T10904] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1309.381752][T10904] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1309.608715][T10904] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1309.841597][T10904] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1310.192034][T10953] __nla_validate_parse: 10 callbacks suppressed
[ 1310.192051][T10953] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12745'.
[ 1310.241185][ T1976] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.293598][T22372] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.369960][T10956] syzkaller1: entered promiscuous mode
[ 1310.394053][T10956] syzkaller1: entered allmulticast mode
[ 1310.412883][T22372] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.446335][T10962] netlink: 'syz.4.12747': attribute type 1 has an invalid length.
[ 1310.616858][T22372] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1310.663546][T10962] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1310.927334][T10985] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12758'.
[ 1310.937118][T10985] netlink: 'syz.2.12758': attribute type 11 has an invalid length.
[ 1310.945574][T10985] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12758'.
[ 1310.983957][T10986] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.12754'.
[ 1311.038339][T10989] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12759'.
[ 1311.286124][T10995] netlink: 'syz.4.12762': attribute type 3 has an invalid length.
[ 1311.441215][T11001] netlink: 'syz.2.12764': attribute type 3 has an invalid length.
[ 1311.626495][T11007] netlink: 'syz.3.12767': attribute type 1 has an invalid length.
[ 1311.727260][T11009] netlink: 'syz.2.12768': attribute type 1 has an invalid length.
[ 1311.791582][T11009] bond4: entered promiscuous mode
[ 1311.830463][T11009] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1311.914084][T11014] bond4: (slave bridge3): making interface the new active one
[ 1311.960854][T11014] bridge3: entered promiscuous mode
[ 1311.984423][T11014] bond4: (slave bridge3): Enslaving as an active interface with an up link
[ 1312.014713][T11023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12771'.
[ 1312.046003][T11023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12771'.
[ 1312.060515][T11020] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.12772'.
[ 1312.139931][T11023] ip6tnl1: entered promiscuous mode
[ 1312.193532][T11023] ip6tnl1: entered allmulticast mode
[ 1312.557756][T11040] netlink: 'syz.3.12780': attribute type 1 has an invalid length.
[ 1312.863038][ T5845] Bluetooth: hci3: command tx timeout
[ 1312.928089][T11047] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.12783'.
[ 1313.035824][T11056] netlink: 'syz.3.12786': attribute type 3 has an invalid length.
[ 1313.246512][T11071] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12792'.
[ 1313.439418][T11079] Bluetooth: MGMT ver 1.23
[ 1313.798162][T11095] netlink: 'syz.3.12802': attribute type 3 has an invalid length.
[ 1314.059770][T11098] bridge2: entered allmulticast mode
[ 1314.419263][T11115] FAULT_INJECTION: forcing a failure.
[ 1314.419263][T11115] name failslab, interval 1, probability 0, space 0, times 0
[ 1314.454621][T11115] CPU: 0 UID: 0 PID: 11115 Comm: syz.3.12811 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1314.454650][T11115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1314.454662][T11115] Call Trace:
[ 1314.454670][T11115]  <TASK>
[ 1314.454679][T11115]  dump_stack_lvl+0x189/0x250
[ 1314.454703][T11115]  ? __pfx____ratelimit+0x10/0x10
[ 1314.454728][T11115]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1314.454748][T11115]  ? __pfx__printk+0x10/0x10
[ 1314.454794][T11115]  should_fail_ex+0x414/0x560
[ 1314.454827][T11115]  should_failslab+0xa8/0x100
[ 1314.454847][T11115]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1314.454871][T11115]  ? sctp_add_bind_addr+0x8c/0x370
[ 1314.454900][T11115]  sctp_add_bind_addr+0x8c/0x370
[ 1314.454928][T11115]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1314.454955][T11115]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1314.454979][T11115]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1314.455003][T11115]  ? sctp_v6_is_any+0x64/0x80
[ 1314.455029][T11115]  ? sctp_copy_one_addr+0x93/0x360
[ 1314.455056][T11115]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1314.455080][T11115]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1314.455105][T11115]  sctp_connect_new_asoc+0x2e0/0x690
[ 1314.455128][T11115]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1314.455147][T11115]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1314.455166][T11115]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1314.455182][T11115]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1314.455201][T11115]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1314.455227][T11115]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1314.455255][T11115]  sctp_sendmsg+0x155c/0x2810
[ 1314.455301][T11115]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1314.455332][T11115]  ? aa_sk_perm+0x81e/0x950
[ 1314.455357][T11115]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1314.455383][T11115]  ? sock_rps_record_flow+0x19/0x410
[ 1314.455408][T11115]  ? inet_sendmsg+0x2f4/0x370
[ 1314.455426][T11115]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1314.455459][T11115]  __sock_sendmsg+0x19c/0x270
[ 1314.455485][T11115]  __sys_sendto+0x3bd/0x520
[ 1314.455514][T11115]  ? __pfx___sys_sendto+0x10/0x10
[ 1314.455537][T11115]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1314.455573][T11115]  ? __fget_files+0x3a0/0x420
[ 1314.455600][T11115]  ? ksys_write+0x22a/0x250
[ 1314.455624][T11115]  ? __pfx_ksys_write+0x10/0x10
[ 1314.455643][T11115]  ? rcu_is_watching+0x15/0xb0
[ 1314.455672][T11115]  __x64_sys_sendto+0xde/0x100
[ 1314.455702][T11115]  do_syscall_64+0xfa/0x3b0
[ 1314.455724][T11115]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1314.455747][T11115]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.455764][T11115]  ? clear_bhb_loop+0x60/0xb0
[ 1314.455793][T11115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.455810][T11115] RIP: 0033:0x7f131558eb69
[ 1314.455827][T11115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1314.455842][T11115] RSP: 002b:00007f1316498038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1314.455863][T11115] RAX: ffffffffffffffda RBX: 00007f13157b5fa0 RCX: 00007f131558eb69
[ 1314.455876][T11115] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[ 1314.455887][T11115] RBP: 00007f1316498090 R08: 0000200000000280 R09: 000000000000001c
[ 1314.455900][T11115] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000001
[ 1314.455912][T11115] R13: 0000000000000000 R14: 00007f13157b5fa0 R15: 00007ffe4b9c35d8
[ 1314.455943][T11115]  </TASK>
[ 1315.228371][T11135] vlan2: entered promiscuous mode
[ 1315.251923][T11135] bond0: entered promiscuous mode
[ 1315.261596][T11137] netlink: 'syz.1.12819': attribute type 1 has an invalid length.
[ 1315.281139][T11135] bond_slave_0: entered promiscuous mode
[ 1315.281278][T11142] __nla_validate_parse: 14 callbacks suppressed
[ 1315.281293][T11142] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.12821'.
[ 1315.290578][T11135] bond_slave_1: entered promiscuous mode
[ 1315.303953][T11137] netlink: 'syz.1.12819': attribute type 2 has an invalid length.
[ 1315.320230][T11145] netlink: 'syz.2.12823': attribute type 1 has an invalid length.
[ 1315.320948][T11137] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12819'.
[ 1315.520202][T11145] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1315.611600][T11153] lo speed is unknown, defaulting to 1000
[ 1315.823488][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1316.571900][T11175] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12834'.
[ 1316.836815][T11183] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.12836'.
[ 1316.868989][T11156] lo speed is unknown, defaulting to 1000
[ 1316.959475][T11186] netlink: 'syz.4.12838': attribute type 21 has an invalid length.
[ 1316.994896][T11186] netlink: 'syz.4.12838': attribute type 1 has an invalid length.
[ 1317.022729][T11186] netlink: 132 bytes leftover after parsing attributes in process `syz.4.12838'.
[ 1317.153036][T11193] mac80211_hwsim hwsim121 wlan0: entered promiscuous mode
[ 1317.209258][T11193] macvtap1: entered allmulticast mode
[ 1317.246731][T11199] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12841'.
[ 1317.256570][T11199] netlink: 'syz.4.12841': attribute type 11 has an invalid length.
[ 1317.264930][T11199] netlink: 72 bytes leftover after parsing attributes in process `syz.4.12841'.
[ 1317.267028][T11193] mac80211_hwsim hwsim121 wlan0: entered allmulticast mode
[ 1317.353887][T11193] batman_adv: batadv0: Adding interface: macvtap1
[ 1317.360440][T11193] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1317.402376][T11193] batman_adv: batadv0: Interface activated: macvtap1
[ 1318.033276][T11212] netlink: 'syz.2.12847': attribute type 72 has an invalid length.
[ 1318.737470][T11225] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12853'.
[ 1318.757490][T11225] netlink: 'syz.1.12853': attribute type 11 has an invalid length.
[ 1318.790142][T11227] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.12854'.
[ 1318.802693][T11225] netlink: 72 bytes leftover after parsing attributes in process `syz.1.12853'.
[ 1319.285961][T11237] netlink: 'syz.1.12859': attribute type 72 has an invalid length.
[ 1319.435615][T11245] netlink: 'syz.4.12863': attribute type 1 has an invalid length.
[ 1319.588301][T11245] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1319.743013][T11259] netlink: 'syz.1.12868': attribute type 1 has an invalid length.
[ 1319.884196][T11259] bond2: entered promiscuous mode
[ 1319.901690][T11259] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1320.073874][T11279] FAULT_INJECTION: forcing a failure.
[ 1320.073874][T11279] name failslab, interval 1, probability 0, space 0, times 0
[ 1320.086563][T11263] bond2: (slave bridge2): making interface the new active one
[ 1320.096426][T11279] CPU: 1 UID: 0 PID: 11279 Comm: syz.4.12875 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1320.096457][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1320.096469][T11279] Call Trace:
[ 1320.096478][T11279]  <TASK>
[ 1320.096488][T11279]  dump_stack_lvl+0x189/0x250
[ 1320.096521][T11279]  ? __pfx____ratelimit+0x10/0x10
[ 1320.096545][T11279]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1320.096561][T11279]  ? __pfx__printk+0x10/0x10
[ 1320.096585][T11279]  ? __pfx___might_resched+0x10/0x10
[ 1320.096609][T11279]  ? fs_reclaim_acquire+0x7d/0x100
[ 1320.096633][T11279]  should_fail_ex+0x414/0x560
[ 1320.096664][T11279]  should_failslab+0xa8/0x100
[ 1320.096689][T11279]  __kmalloc_noprof+0xcb/0x4f0
[ 1320.096712][T11279]  ? tomoyo_encode+0x28b/0x550
[ 1320.096739][T11279]  tomoyo_encode+0x28b/0x550
[ 1320.096766][T11279]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1320.096801][T11279]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1320.096824][T11279]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1320.096848][T11279]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1320.096885][T11279]  ? __lock_acquire+0xab9/0xd20
[ 1320.096932][T11279]  ? __fget_files+0x2a/0x420
[ 1320.096953][T11279]  ? __fget_files+0x2a/0x420
[ 1320.096969][T11279]  ? __fget_files+0x3a0/0x420
[ 1320.096992][T11279]  ? __fget_files+0x2a/0x420
[ 1320.097018][T11279]  security_file_ioctl+0xcb/0x2d0
[ 1320.097059][T11279]  __se_sys_ioctl+0x47/0x170
[ 1320.097085][T11279]  do_syscall_64+0xfa/0x3b0
[ 1320.097109][T11279]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1320.097133][T11279]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.097151][T11279]  ? clear_bhb_loop+0x60/0xb0
[ 1320.097173][T11279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.097189][T11279] RIP: 0033:0x7fd9c338eb69
[ 1320.097207][T11279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1320.097223][T11279] RSP: 002b:00007fd9c4134038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1320.097244][T11279] RAX: ffffffffffffffda RBX: 00007fd9c35b5fa0 RCX: 00007fd9c338eb69
[ 1320.097257][T11279] RDX: 0000200000000000 RSI: 00000000400454d9 RDI: 0000000000000006
[ 1320.097268][T11279] RBP: 00007fd9c4134090 R08: 0000000000000000 R09: 0000000000000000
[ 1320.097279][T11279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1320.097290][T11279] R13: 0000000000000000 R14: 00007fd9c35b5fa0 R15: 00007ffd2b614268
[ 1320.097322][T11279]  </TASK>
[ 1320.097348][T11279] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1320.125529][T11263] bridge2: entered promiscuous mode
[ 1320.376923][T11263] bond2: (slave bridge2): Enslaving as an active interface with an up link
[ 1320.740913][T11292] __nla_validate_parse: 4 callbacks suppressed
[ 1320.740932][T11292] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12879'.
[ 1320.750950][T11294] netlink: 'syz.3.12881': attribute type 1 has an invalid length.
[ 1320.808121][T11292] netlink: 72 bytes leftover after parsing attributes in process `syz.1.12879'.
[ 1320.865077][T11294] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1321.058427][T11306] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12886'.
[ 1321.111272][T11311] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12889'.
[ 1321.177704][T11306] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1321.205725][T11306] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1321.275780][T11317] netlink: 'syz.2.12887': attribute type 1 has an invalid length.
[ 1321.460240][T11317] bond6: entered promiscuous mode
[ 1321.465909][T11317] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1321.504612][T11319] bond6: (slave bridge4): making interface the new active one
[ 1321.567953][T11319] bridge4: entered promiscuous mode
[ 1321.612695][T11319] bond6: (slave bridge4): Enslaving as an active interface with an up link
[ 1321.695620][T11320] lo speed is unknown, defaulting to 1000
[ 1321.878328][T11338] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12898'.
[ 1321.919056][T11338] netlink: 72 bytes leftover after parsing attributes in process `syz.0.12898'.
[ 1322.062075][T11345] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12902'.
[ 1322.148234][T11348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12903'.
[ 1322.560513][T11361] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.12907'.
[ 1322.607172][T11354] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1322.894455][T11354] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1322.924087][T11372] netlink: 'syz.2.12910': attribute type 1 has an invalid length.
[ 1323.038454][T11372] bond7: entered promiscuous mode
[ 1323.044253][T11372] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1323.136568][T11354] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1323.181867][T11366] bond7: (slave bridge5): making interface the new active one
[ 1323.203775][T11366] bridge5: entered promiscuous mode
[ 1323.210442][T11366] bond7: (slave bridge5): Enslaving as an active interface with an up link
[ 1323.395406][T11354] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1323.839940][T22381] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1323.855813][   T30] audit: type=1800 audit(1754059845.386:17): pid=11384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.12913" name="memory.events" dev="tmpfs" ino=444 res=0 errno=0
[ 1323.897648][T22381] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1323.986357][T22383] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1324.039881][T11394] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12918'.
[ 1324.061346][ T1385] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1324.137639][T11397] netlink: 'syz.0.12919': attribute type 1 has an invalid length.
[ 1324.219871][T11397] bond6: entered promiscuous mode
[ 1324.228615][T11397] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1324.282658][T11400] bond6: (slave bridge5): making interface the new active one
[ 1324.316936][T11400] bridge5: entered promiscuous mode
[ 1324.325316][T11400] bond6: (slave bridge5): Enslaving as an active interface with an up link
[ 1324.515377][T11409] FAULT_INJECTION: forcing a failure.
[ 1324.515377][T11409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1324.535079][T11409] CPU: 1 UID: 0 PID: 11409 Comm: syz.4.12924 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1324.535109][T11409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1324.535120][T11409] Call Trace:
[ 1324.535129][T11409]  <TASK>
[ 1324.535137][T11409]  dump_stack_lvl+0x189/0x250
[ 1324.535159][T11409]  ? __pfx____ratelimit+0x10/0x10
[ 1324.535183][T11409]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1324.535200][T11409]  ? __pfx__printk+0x10/0x10
[ 1324.535219][T11409]  ? __might_fault+0xb0/0x130
[ 1324.535252][T11409]  should_fail_ex+0x414/0x560
[ 1324.535284][T11409]  _copy_from_user+0x2d/0xb0
[ 1324.535308][T11409]  ___sys_sendmsg+0x158/0x2a0
[ 1324.535331][T11409]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1324.535385][T11409]  ? __fget_files+0x2a/0x420
[ 1324.535402][T11409]  ? __fget_files+0x3a0/0x420
[ 1324.535430][T11409]  __sys_sendmmsg+0x227/0x430
[ 1324.535455][T11409]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1324.535470][T11409]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1324.535522][T11409]  ? ksys_write+0x22a/0x250
[ 1324.535547][T11409]  ? __pfx_ksys_write+0x10/0x10
[ 1324.535567][T11409]  ? rcu_is_watching+0x15/0xb0
[ 1324.535599][T11409]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1324.535620][T11409]  do_syscall_64+0xfa/0x3b0
[ 1324.535643][T11409]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1324.535665][T11409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1324.535682][T11409]  ? clear_bhb_loop+0x60/0xb0
[ 1324.535704][T11409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1324.535722][T11409] RIP: 0033:0x7fd9c338eb69
[ 1324.535739][T11409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1324.535753][T11409] RSP: 002b:00007fd9c4134038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1324.535774][T11409] RAX: ffffffffffffffda RBX: 00007fd9c35b5fa0 RCX: 00007fd9c338eb69
[ 1324.535788][T11409] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000007
[ 1324.535801][T11409] RBP: 00007fd9c4134090 R08: 0000000000000000 R09: 0000000000000000
[ 1324.535813][T11409] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[ 1324.535824][T11409] R13: 0000000000000000 R14: 00007fd9c35b5fa0 R15: 00007ffd2b614268
[ 1324.535852][T11409]  </TASK>
[ 1325.357900][T11433] bpq0: left promiscuous mode
[ 1325.372712][T11433] bpq0: left allmulticast mode
[ 1325.468782][T11441] IPVS: set_ctl: invalid protocol: 4352 0.0.0.0:20003
[ 1325.701110][T11447] netlink: 'syz.1.12939': attribute type 1 has an invalid length.
[ 1325.715448][T11449] netlink: 'syz.4.12941': attribute type 1 has an invalid length.
[ 1325.770146][T11447] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1325.910675][T11449] bond4: entered promiscuous mode
[ 1325.940968][T11449] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1325.945547][T11462] __nla_validate_parse: 1 callbacks suppressed
[ 1325.945567][T11462] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.12944'.
[ 1325.968408][T11465] netlink: 'syz.4.12941': attribute type 1 has an invalid length.
[ 1325.977409][T11465] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12941'.
[ 1325.987700][T11465] netlink: 45 bytes leftover after parsing attributes in process `syz.4.12941'.
[ 1326.013313][T11449] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1326.020615][T11449] IPv6: NLM_F_CREATE should be set when creating new route
[ 1326.028067][T11449] IPv6: NLM_F_CREATE should be set when creating new route
[ 1326.051585][T11456] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1326.059413][T11456] bond4: (slave wireguard0): The slave device specified does not support setting the MAC address
[ 1326.076354][T11456] bond4: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[ 1326.090793][T11456] bond4: (slave wireguard0): making interface the new active one
[ 1326.099502][T11456] wireguard0: entered promiscuous mode
[ 1326.107456][T11456] bond4: (slave wireguard0): Enslaving as an active interface with an up link
[ 1326.625655][T11471] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1326.751437][T11495] netlink: 'syz.4.12955': attribute type 1 has an invalid length.
[ 1326.926182][T11471] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1326.984834][T11501] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.12957'.
[ 1327.020848][T11495] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1327.184186][T11471] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1327.464935][T11516] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12960'.
[ 1327.522656][T11471] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1327.533630][T11516] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12960'.
[ 1327.605280][T11510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12961'.
[ 1327.615845][T11510] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12961'.
[ 1327.995860][T11533] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12966'.
[ 1328.882352][T11519] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1328.965737][T11519] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1329.435916][T11519] bond3: left promiscuous mode
[ 1329.450320][T11519] bridge2: left promiscuous mode
[ 1329.484360][T11519] bond4: left promiscuous mode
[ 1329.489291][T11519] bridge3: left promiscuous mode
[ 1329.520221][T11519] bond5: left promiscuous mode
[ 1329.526122][T11519] bridge4: left promiscuous mode
[ 1329.558640][T11519] bond6: left promiscuous mode
[ 1329.564338][T11519] bridge5: left promiscuous mode
[ 1329.696964][T22387] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1329.713953][T22387] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1329.745727][T22387] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1329.746305][T11549] netlink: 'syz.0.12968': attribute type 1 has an invalid length.
[ 1329.823567][T22387] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1329.836191][T22387] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.933595][T11549] 8021q: adding VLAN 0 to HW filter on device bond7
[ 1329.984608][T22387] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1329.996698][T22387] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1330.023697][T22387] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1330.379528][T11579] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12979'.
[ 1330.422800][T11566] vlan2: entered promiscuous mode
[ 1330.439487][T11566] bond0: entered promiscuous mode
[ 1330.445908][T11566] bond_slave_0: entered promiscuous mode
[ 1330.456741][T11566] bond_slave_1: entered promiscuous mode
[ 1330.491359][T11585] netlink: 'syz.2.12978': attribute type 1 has an invalid length.
[ 1330.501089][T11580] bpq0: entered promiscuous mode
[ 1330.508328][T11580] bpq0: entered allmulticast mode
[ 1330.556591][T11582] bpq0: left promiscuous mode
[ 1330.572508][T11582] bpq0: left allmulticast mode
[ 1330.676394][T11585] bond8: entered promiscuous mode
[ 1330.683009][T11585] 8021q: adding VLAN 0 to HW filter on device bond8
[ 1330.766685][T11580] bond8: (slave bridge6): making interface the new active one
[ 1330.775268][T11580] bridge6: entered promiscuous mode
[ 1330.784973][T11580] bond8: (slave bridge6): Enslaving as an active interface with an up link
[ 1330.801591][T11600] netlink: 'syz.1.12983': attribute type 1 has an invalid length.
[ 1330.894478][T11600] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1330.960766][T11596] lo speed is unknown, defaulting to 1000
[ 1332.334416][T11640] openvswitch: netlink: Message has 4 unknown bytes.
[ 1332.442973][T11645] __nla_validate_parse: 1 callbacks suppressed
[ 1332.442993][T11645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12998'.
[ 1332.781424][T11655] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13003'.
[ 1333.324446][T11669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13007'.
[ 1333.341812][T11669] veth1: entered promiscuous mode
[ 1333.351036][T11669] veth1: left promiscuous mode
[ 1333.561185][T11675] tipc: Started in network mode
[ 1333.604438][T11675] tipc: Node identity 36ddc0364be, cluster identity 4711
[ 1333.628409][T11675] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1333.646415][T11679] syzkaller0: entered promiscuous mode
[ 1333.687965][T11679] syzkaller0: entered allmulticast mode
[ 1333.800994][T11679] tipc: Resetting bearer <eth:syzkaller0>
[ 1333.862860][T11674] tipc: Resetting bearer <eth:syzkaller0>
[ 1333.896196][T11689] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13016'.
[ 1333.914713][T11674] tipc: Disabling bearer <eth:syzkaller0>
[ 1334.147300][T11697] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1334.165915][T11697] syzkaller0: entered promiscuous mode
[ 1334.195613][T11697] syzkaller0: entered allmulticast mode
[ 1334.280356][T11697] tipc: Resetting bearer <eth:syzkaller0>
[ 1334.288291][T11708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13022'.
[ 1334.313174][T11698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13016'.
[ 1334.373089][T11695] tipc: Resetting bearer <eth:syzkaller0>
[ 1334.412565][T11698] netlink: 32 bytes leftover after parsing attributes in process `syz.3.13016'.
[ 1334.502838][T11695] tipc: Disabling bearer <eth:syzkaller0>
[ 1334.537126][T11711] tipc: Enabled bearer <udp:syz0>, priority 10
[ 1334.663988][T11689] lo speed is unknown, defaulting to 1000
[ 1334.753663][T11725] pim6reg9: entered allmulticast mode
[ 1334.942847][T11733] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13031'.
[ 1335.004846][T11733] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13031'.
[ 1335.388932][T11748] netlink: 56 bytes leftover after parsing attributes in process `syz.1.13038'.
[ 1335.652464][T16828] tipc: Node number set to 2101198902
[ 1335.960274][T11770] FAULT_INJECTION: forcing a failure.
[ 1335.960274][T11770] name failslab, interval 1, probability 0, space 0, times 0
[ 1335.974923][T11770] CPU: 1 UID: 0 PID: 11770 Comm: syz.0.13046 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1335.974951][T11770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1335.974963][T11770] Call Trace:
[ 1335.974971][T11770]  <TASK>
[ 1335.974980][T11770]  dump_stack_lvl+0x189/0x250
[ 1335.975005][T11770]  ? __pfx____ratelimit+0x10/0x10
[ 1335.975029][T11770]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1335.975048][T11770]  ? __pfx__printk+0x10/0x10
[ 1335.975078][T11770]  ? __pfx___might_resched+0x10/0x10
[ 1335.975101][T11770]  ? fs_reclaim_acquire+0x7d/0x100
[ 1335.975126][T11770]  should_fail_ex+0x414/0x560
[ 1335.975158][T11770]  ? nf_hook_entries_grow+0x27c/0x710
[ 1335.975182][T11770]  should_failslab+0xa8/0x100
[ 1335.975202][T11770]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1335.975227][T11770]  ? nf_hook_entries_grow+0x27c/0x710
[ 1335.975258][T11770]  nf_hook_entries_grow+0x27c/0x710
[ 1335.975301][T11770]  __nf_register_net_hook+0x2c9/0x930
[ 1335.975338][T11770]  nf_register_net_hook+0xb2/0x190
[ 1335.975367][T11770]  nf_register_net_hooks+0x44/0x1b0
[ 1335.975395][T11770]  nf_ct_netns_do_get+0x363/0x5a0
[ 1335.975418][T11770]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[ 1335.975465][T11770]  ? __raw_spin_lock_init+0x45/0x100
[ 1335.975489][T11770]  nf_ct_netns_get+0x44/0xb0
[ 1335.975506][T11770]  nft_connlimit_do_init+0x1de/0x2e0
[ 1335.975540][T11770]  nft_set_elem_expr_alloc+0x1db/0x590
[ 1335.975567][T11770]  ? __pfx_nft_set_elem_expr_alloc+0x10/0x10
[ 1335.975612][T11770]  ? nft_rhash_init+0x2b3/0x3a0
[ 1335.975639][T11770]  ? __pfx_nft_rhash_init+0x10/0x10
[ 1335.975664][T11770]  ? __pfx_nft_rhash_key+0x10/0x10
[ 1335.975685][T11770]  ? __pfx_nft_rhash_obj+0x10/0x10
[ 1335.975699][T11770]  ? __pfx_nft_rhash_cmp+0x10/0x10
[ 1335.975721][T11770]  nft_set_expr_alloc+0x68/0x760
[ 1335.975742][T11770]  ? kfree+0x18e/0x440
[ 1335.975771][T11770]  nf_tables_newset+0x1c47/0x2530
[ 1335.975807][T11770]  ? __pfx_nf_tables_newset+0x10/0x10
[ 1335.975852][T11770]  ? __nla_parse+0x40/0x60
[ 1335.975878][T11770]  nfnetlink_rcv+0x112f/0x2520
[ 1335.975939][T11770]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1335.976022][T11770]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1335.976068][T11770]  netlink_unicast+0x82c/0x9e0
[ 1335.976103][T11770]  ? __pfx_netlink_unicast+0x10/0x10
[ 1335.976128][T11770]  ? netlink_sendmsg+0x642/0xb30
[ 1335.976151][T11770]  ? skb_put+0x11b/0x210
[ 1335.976174][T11770]  netlink_sendmsg+0x805/0xb30
[ 1335.976210][T11770]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1335.976240][T11770]  ? aa_sock_msg_perm+0x94/0x160
[ 1335.976265][T11770]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1335.976285][T11770]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1335.976311][T11770]  __sock_sendmsg+0x219/0x270
[ 1335.976339][T11770]  ____sys_sendmsg+0x505/0x830
[ 1335.976366][T11770]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1335.976396][T11770]  ? import_iovec+0x74/0xa0
[ 1335.976425][T11770]  ___sys_sendmsg+0x21f/0x2a0
[ 1335.976448][T11770]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1335.976511][T11770]  ? __fget_files+0x2a/0x420
[ 1335.976528][T11770]  ? __fget_files+0x3a0/0x420
[ 1335.976559][T11770]  __x64_sys_sendmsg+0x19b/0x260
[ 1335.976582][T11770]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1335.976621][T11770]  ? __pfx_ksys_write+0x10/0x10
[ 1335.976642][T11770]  ? rcu_is_watching+0x15/0xb0
[ 1335.976673][T11770]  ? do_syscall_64+0xbe/0x3b0
[ 1335.976707][T11770]  do_syscall_64+0xfa/0x3b0
[ 1335.976729][T11770]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1335.976753][T11770]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1335.976771][T11770]  ? clear_bhb_loop+0x60/0xb0
[ 1335.976792][T11770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1335.976809][T11770] RIP: 0033:0x7f2235b8eb69
[ 1335.976826][T11770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1335.976842][T11770] RSP: 002b:00007f22339f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1335.976862][T11770] RAX: ffffffffffffffda RBX: 00007f2235db5fa0 RCX: 00007f2235b8eb69
[ 1335.976872][T11770] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1335.976883][T11770] RBP: 00007f22339f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1335.976895][T11770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1335.976906][T11770] R13: 0000000000000000 R14: 00007f2235db5fa0 R15: 00007ffd5622ec98
[ 1335.976937][T11770]  </TASK>
[ 1336.714253][T11780] sctp: [Deprecated]: syz.2.13049 (pid 11780) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1336.714253][T11780] Use struct sctp_sack_info instead
[ 1337.417391][T11814] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1337.572761][T11819] __nla_validate_parse: 2 callbacks suppressed
[ 1337.572783][T11819] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.13063'.
[ 1337.598428][T11820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13061'.
[ 1337.644352][T11815] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1337.644691][T11820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13061'.
[ 1337.787708][T11815] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1337.873556][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13064'.
[ 1337.954956][T11830] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13064'.
[ 1338.023054][T11823] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.098576][T11815] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.198842][T11823] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.294506][T11815] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.319956][T11831] lo speed is unknown, defaulting to 1000
[ 1338.393650][T11823] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.410709][T11843] netlink: 'syz.2.13068': attribute type 1 has an invalid length.
[ 1338.439710][T11840] bpq0: entered promiscuous mode
[ 1338.455726][T11840] bpq0: entered allmulticast mode
[ 1338.606393][T11843] bond9: entered promiscuous mode
[ 1338.612913][T11843] 8021q: adding VLAN 0 to HW filter on device bond9
[ 1338.699436][T11823] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.758901][T11844] bond9: (slave bridge7): making interface the new active one
[ 1338.768003][T11844] bridge7: entered promiscuous mode
[ 1338.775578][T11844] bond9: (slave bridge7): Enslaving as an active interface with an up link
[ 1338.885806][T22383] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.006538][T22383] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.044763][T11853] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.13071'.
[ 1339.058343][T22371] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.272364][T22387] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.342719][T22387] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.372605][T22387] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.421524][T22383] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.512196][T22381] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.547210][T11865] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.13076'.
[ 1339.855084][T11877] netlink: 'syz.4.13081': attribute type 1 has an invalid length.
[ 1339.998127][T11877] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1340.072768][T11883] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13082'.
[ 1340.261693][T11891] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13084'.
[ 1340.283898][T11891] netlink: 'syz.4.13084': attribute type 4 has an invalid length.
[ 1340.383003][T11893] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.13085'.
[ 1340.535735][T11901] FAULT_INJECTION: forcing a failure.
[ 1340.535735][T11901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1340.555677][T11901] CPU: 1 UID: 0 PID: 11901 Comm: syz.2.13091 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1340.555709][T11901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1340.555720][T11901] Call Trace:
[ 1340.555729][T11901]  <TASK>
[ 1340.555738][T11901]  dump_stack_lvl+0x189/0x250
[ 1340.555763][T11901]  ? __pfx____ratelimit+0x10/0x10
[ 1340.555787][T11901]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1340.555806][T11901]  ? __pfx__printk+0x10/0x10
[ 1340.555842][T11901]  should_fail_ex+0x414/0x560
[ 1340.555875][T11901]  _copy_from_user+0x2d/0xb0
[ 1340.555898][T11901]  __copy_msghdr+0x3c5/0x5b0
[ 1340.555923][T11901]  ___sys_sendmsg+0x1a5/0x2a0
[ 1340.555945][T11901]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1340.556002][T11901]  ? __fget_files+0x2a/0x420
[ 1340.556019][T11901]  ? __fget_files+0x3a0/0x420
[ 1340.556047][T11901]  __x64_sys_sendmsg+0x19b/0x260
[ 1340.556069][T11901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1340.556098][T11901]  ? __pfx_ksys_write+0x10/0x10
[ 1340.556240][T11901]  ? rcu_is_watching+0x15/0xb0
[ 1340.556271][T11901]  ? do_syscall_64+0xbe/0x3b0
[ 1340.556300][T11901]  do_syscall_64+0xfa/0x3b0
[ 1340.556323][T11901]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1340.556343][T11901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.556361][T11901]  ? clear_bhb_loop+0x60/0xb0
[ 1340.556382][T11901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.556399][T11901] RIP: 0033:0x7f4044d8eb69
[ 1340.556418][T11901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1340.556433][T11901] RSP: 002b:00007f4045c18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1340.556455][T11901] RAX: ffffffffffffffda RBX: 00007f4044fb5fa0 RCX: 00007f4044d8eb69
[ 1340.556468][T11901] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000003
[ 1340.556480][T11901] RBP: 00007f4045c18090 R08: 0000000000000000 R09: 0000000000000000
[ 1340.556491][T11901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1340.556502][T11901] R13: 0000000000000000 R14: 00007f4044fb5fa0 R15: 00007fffd1c40528
[ 1340.556532][T11901]  </TASK>
[ 1340.904243][T11915] netlink: 'syz.3.13095': attribute type 1 has an invalid length.
[ 1340.963221][T11915] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1342.116074][T22371] bond2 (unregistering): (slave gretap1): Releasing active interface
[ 1342.471832][T22371] bond4 (unregistering): (slave bridge3): Releasing backup interface
[ 1342.482671][T22371] bridge3 (unregistering): left promiscuous mode
[ 1342.539321][T22371] bond6 (unregistering): (slave bridge4): Releasing backup interface
[ 1342.549722][T22371] bridge4 (unregistering): left promiscuous mode
[ 1342.911191][T22371] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1342.928627][T22371] bond0 (unregistering): Released all slaves
[ 1343.155647][T22371] bond1 (unregistering): Released all slaves
[ 1343.170479][T22371] bond2 (unregistering): Released all slaves
[ 1343.388247][T22371] bond3 (unregistering): Released all slaves
[ 1343.603590][T22371] bond4 (unregistering): Released all slaves
[ 1343.803188][T22371] bond5 (unregistering): Released all slaves
[ 1344.021260][T22371] bond6 (unregistering): Released all slaves
[ 1344.214505][T22371] bond7 (unregistering): Released all slaves
[ 1344.413791][T22371] bond8 (unregistering): Released all slaves
[ 1344.599469][T22371] tipc: Left network mode
[ 1344.618304][T11962] lo speed is unknown, defaulting to 1000
[ 1344.721940][T11974] __nla_validate_parse: 8 callbacks suppressed
[ 1344.782514][T11974] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13110'.
[ 1344.884055][T11977] tipc: Started in network mode
[ 1344.889118][T11977] tipc: Node identity 027f8456593d, cluster identity 4711
[ 1344.933490][T11977] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1344.971323][T11985] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.13114'.
[ 1345.026173][T11981] syzkaller0: entered promiscuous mode
[ 1345.038331][T11981] syzkaller0: entered allmulticast mode
[ 1345.086005][T11984] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1345.096539][T11984] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1345.143833][T11981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13112'.
[ 1345.299245][T11981] tipc: Resetting bearer <eth:syzkaller0>
[ 1345.383020][T11972] tipc: Resetting bearer <eth:syzkaller0>
[ 1345.448536][T11972] tipc: Disabling bearer <eth:syzkaller0>
[ 1345.484428][T11994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13117'.
[ 1345.965042][T22371] hsr_slave_0: left promiscuous mode
[ 1345.976681][T22371] hsr_slave_1: left promiscuous mode
[ 1345.991111][T12011] FAULT_INJECTION: forcing a failure.
[ 1345.991111][T12011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1346.009928][T12011] CPU: 1 UID: 0 PID: 12011 Comm: syz.2.13123 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1346.009959][T12011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1346.009970][T12011] Call Trace:
[ 1346.009979][T12011]  <TASK>
[ 1346.009988][T12011]  dump_stack_lvl+0x189/0x250
[ 1346.010012][T12011]  ? __pfx____ratelimit+0x10/0x10
[ 1346.010037][T12011]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1346.010056][T12011]  ? __pfx__printk+0x10/0x10
[ 1346.010077][T12011]  ? __might_fault+0xb0/0x130
[ 1346.010114][T12011]  should_fail_ex+0x414/0x560
[ 1346.010146][T12011]  _copy_from_iter+0x1db/0x16f0
[ 1346.010172][T12011]  ? rcu_is_watching+0x15/0xb0
[ 1346.010198][T12011]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1346.010224][T12011]  ? __pfx__copy_from_iter+0x10/0x10
[ 1346.010246][T12011]  ? __build_skb_around+0x257/0x3e0
[ 1346.010306][T12011]  ? netlink_sendmsg+0x642/0xb30
[ 1346.010329][T12011]  ? skb_put+0x11b/0x210
[ 1346.010347][T12011]  netlink_sendmsg+0x6b2/0xb30
[ 1346.010380][T12011]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1346.010407][T12011]  ? aa_sock_msg_perm+0x94/0x160
[ 1346.010431][T12011]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1346.010449][T12011]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1346.010474][T12011]  __sock_sendmsg+0x219/0x270
[ 1346.010499][T12011]  ____sys_sendmsg+0x505/0x830
[ 1346.010524][T12011]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1346.010551][T12011]  ? import_iovec+0x74/0xa0
[ 1346.010578][T12011]  ___sys_sendmsg+0x21f/0x2a0
[ 1346.010598][T12011]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1346.010652][T12011]  ? __fget_files+0x2a/0x420
[ 1346.010669][T12011]  ? __fget_files+0x3a0/0x420
[ 1346.010697][T12011]  __x64_sys_sendmsg+0x19b/0x260
[ 1346.010720][T12011]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1346.010748][T12011]  ? __pfx_ksys_write+0x10/0x10
[ 1346.010770][T12011]  ? rcu_is_watching+0x15/0xb0
[ 1346.010799][T12011]  ? do_syscall_64+0xbe/0x3b0
[ 1346.010827][T12011]  do_syscall_64+0xfa/0x3b0
[ 1346.010859][T12011]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1346.010883][T12011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1346.010900][T12011]  ? clear_bhb_loop+0x60/0xb0
[ 1346.010923][T12011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1346.010940][T12011] RIP: 0033:0x7f4044d8eb69
[ 1346.010958][T12011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1346.010974][T12011] RSP: 002b:00007f4045bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1346.010996][T12011] RAX: ffffffffffffffda RBX: 00007f4044fb6080 RCX: 00007f4044d8eb69
[ 1346.011010][T12011] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
[ 1346.011022][T12011] RBP: 00007f4045bf7090 R08: 0000000000000000 R09: 0000000000000000
[ 1346.011045][T12011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1346.011067][T12011] R13: 0000000000000000 R14: 00007f4044fb6080 R15: 00007fffd1c40528
[ 1346.011097][T12011]  </TASK>
[ 1346.545385][    C1] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[ 1346.704911][T22371] veth1_macvtap: left promiscuous mode
[ 1346.711523][T22371] veth0_macvtap: left promiscuous mode
[ 1346.741185][T22371] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe1ac: 0000 [#1] SMP KASAN PTI
[ 1346.753742][T22371] KASAN: probably user-memory-access in range [0x00000000ffff0d60-0x00000000ffff0d67]
[ 1346.763864][T22371] CPU: 1 UID: 0 PID: 22371 Comm: kworker/u8:18 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[ 1346.776541][T22371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1346.787045][T22371] Workqueue: netns cleanup_net
[ 1346.792125][T22371] RIP: 0010:__ip_mc_dec_group+0x2fd/0x690
[ 1346.798047][T22371] Code: 89 e9 c4 f7 c6 05 13 97 8f 05 01 48 c7 c7 a0 f7 9b 8c be 97 05 00 00 48 c7 c2 20 f8 9b 8c e8 da d3 a2 f7 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 44 0c 28 f8 4d 8b 2c 24 4d 39 f5
[ 1346.818002][T22371] RSP: 0018:ffffc90003f6f3d8 EFLAGS: 00010206
[ 1346.824079][T22371] RAX: ffffffff89fac6ee RBX: 000000001fffe1ac RCX: ffff8880349a1e00
[ 1346.832074][T22371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1346.840040][T22371] RBP: ffff88805569d020 R08: ffffffff8f508fa7 R09: 1ffffffff1ea11f4
[ 1346.848173][T22371] R10: dffffc0000000000 R11: fffffbfff1ea11f5 R12: 00000000ffff0d60
[ 1346.856156][T22371] R13: dffffc0000000000 R14: ffff888066913400 R15: 1ffff1100aad3a04
[ 1346.864479][T22371] FS:  0000000000000000(0000) GS:ffff888125d80000(0000) knlGS:0000000000000000
[ 1346.873930][T22371] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1346.892318][T22371] CR2: 000055556b21c808 CR3: 0000000061696000 CR4: 00000000003526f0
[ 1346.900395][T22371] Call Trace:
[ 1346.903777][T22371]  <TASK>
[ 1346.906714][T22371]  inetdev_event+0x2a7/0x15b0
[ 1346.911386][T22371]  ? __pfx_inetdev_event+0x10/0x10
[ 1346.916491][T22371]  notifier_call_chain+0x1b3/0x3e0
[ 1346.921876][T22371]  netif_close_many+0x29c/0x410
[ 1346.927100][T22371]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1346.933212][T22371]  ? __pfx_netif_close_many+0x10/0x10
[ 1346.938933][T22371]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1346.944661][T22371]  unregister_netdevice_many_notify+0x7b9/0x1ff0
[ 1346.951332][T22371]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1346.956701][T22371]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1346.962601][T22371]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1346.969796][T22371]  ? unregister_netdevice_queue+0x1b3/0x380
[ 1346.975793][T22371]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1346.982456][T22371]  ? batadv_meshif_destroy_netlink+0x1b0/0x250
[ 1346.989047][T22371]  default_device_exit_batch+0x819/0x890
[ 1346.995062][T22371]  ? __pfx___might_resched+0x10/0x10
[ 1347.000619][T22371]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 1347.006941][T22371]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[ 1347.012390][T22371]  ? net_generic+0x1e/0x240
[ 1347.016883][T22371]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 1347.023125][T22371]  ops_undo_list+0x522/0x990
[ 1347.028335][T22371]  ? __pfx_ops_undo_list+0x10/0x10
[ 1347.033439][T22371]  ? do_raw_spin_unlock+0x122/0x240
[ 1347.038766][T22371]  cleanup_net+0x4c5/0x800
[ 1347.043347][T22371]  ? __pfx_cleanup_net+0x10/0x10
[ 1347.048289][T22371]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1347.053492][T22371]  ? process_scheduled_works+0x9ef/0x17b0
[ 1347.059380][T22371]  ? process_scheduled_works+0x9ef/0x17b0
[ 1347.065098][T22371]  process_scheduled_works+0xae1/0x17b0
[ 1347.070645][T22371]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1347.076656][T22371]  worker_thread+0x8a0/0xda0
[ 1347.081353][T22371]  ? __kthread_parkme+0x7b/0x200
[ 1347.086279][T22371]  kthread+0x70e/0x8a0
[ 1347.090426][T22371]  ? __pfx_worker_thread+0x10/0x10
[ 1347.095618][T22371]  ? __pfx_kthread+0x10/0x10
[ 1347.100495][T22371]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1347.105684][T22371]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1347.110880][T22371]  ? __pfx_kthread+0x10/0x10
[ 1347.115669][T22371]  ret_from_fork+0x3fc/0x770
[ 1347.120255][T22371]  ? __pfx_ret_from_fork+0x10/0x10
[ 1347.125364][T22371]  ? __switch_to_asm+0x39/0x70
[ 1347.130999][T22371]  ? __switch_to_asm+0x33/0x70
[ 1347.135922][T22371]  ? __pfx_kthread+0x10/0x10
[ 1347.140706][T22371]  ret_from_fork_asm+0x1a/0x30
[ 1347.145474][T22371]  </TASK>
[ 1347.148632][T22371] Modules linked in:
[ 1347.154379][T22371] ---[ end trace 0000000000000000 ]---
[ 1347.163081][T22371] RIP: 0010:__ip_mc_dec_group+0x2fd/0x690
[ 1347.168954][T22371] Code: 89 e9 c4 f7 c6 05 13 97 8f 05 01 48 c7 c7 a0 f7 9b 8c be 97 05 00 00 48 c7 c2 20 f8 9b 8c e8 da d3 a2 f7 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 44 0c 28 f8 4d 8b 2c 24 4d 39 f5
[ 1347.201343][T22371] RSP: 0018:ffffc90003f6f3d8 EFLAGS: 00010206
[ 1347.208694][T22371] RAX: ffffffff89fac6ee RBX: 000000001fffe1ac RCX: ffff8880349a1e00
[ 1347.219288][T22371] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1347.229711][T22371] RBP: ffff88805569d020 R08: ffffffff8f508fa7 R09: 1ffffffff1ea11f4
[ 1347.242482][T22371] R10: dffffc0000000000 R11: fffffbfff1ea11f5 R12: 00000000ffff0d60
[ 1347.250871][T22371] R13: dffffc0000000000 R14: ffff888066913400 R15: 1ffff1100aad3a04
[ 1347.259871][T22371] FS:  0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[ 1347.269959][T22371] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1347.277478][T22371] CR2: 0000001b2d41dff8 CR3: 0000000074e3a000 CR4: 00000000003526f0
[ 1347.285950][T22371] Kernel panic - not syncing: Fatal exception
[ 1347.292526][T22371] Kernel Offset: disabled
[ 1347.296958][T22371] Rebooting in 86400 seconds..