last executing test programs:

9.511620429s ago: executing program 0 (id=3095):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x4c, r2, 0x400, 0x70bd2b, 0x4000, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xfffffffa}, {0x6}}]}, 0x4c}}, 0x4040000)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'bond0\x00', 0x8}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0xfffffffd, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x800}, 0x200, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x104, 0x5, [{{@in=@local, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in6=@dev}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@broadcast}, {{@in=@remote, 0x0, 0x3c}, 0xa, @in6=@private0, 0x0, 0x5}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
sendmsg$nl_route_sched(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x14, 0x1e, 0x109, 0x102, 0x25dfdbfc}, 0x14}, 0x1, 0x2b1e}, 0x2000c000)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r6, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000001100000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc0200000000000000000000000000010c000380060001000000000014000400fc0200000000000000000000000000002c000380060001"], 0x10c}}, 0x0)
sendto$inet6(r6, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000100)={0xa, 0x0, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_int(r6, 0x29, 0x3a, &(0x7f0000000080)=0x2, 0x4)
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r8, &(0x7f00000001c0)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
shutdown(r8, 0x1)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r8, 0x84, 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f00000000c0)={r10, 0x6}, 0x8)

8.112446043s ago: executing program 0 (id=3103):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001880)="3ea74815ea3f577ea6449f8b353de500ec8ec15af1c38ff3ccf324880db5d15e223463e7f26e969a35115fa034729d226e85fc54921082ce33db43afb1edec8604d1aab6bd4b19b3bc83f14954723cb8175af1cfc307533bc1d4ab373b029fb427029fe4f7d49897f2ad28a7b5afad64b03976e01d8266a43670ea51817b240180d8bafca9b200a0a6a018c0d6b954f18d5cddf41e4f6237baef652fe4bc7f6a7014887e20c854922be36abf1c53700c5ad92bc04944f9d69d9b0f3bf9a8ac38f3522ddfbab454f292a2a053207c2263ee8311398f7ee9ceaac5f1d7ea287002d151a389dfe8bf8bde731402e4115280f66526d865f90ada6a2ded26261c38c87de2f5d60ecc6dc8d12f63a8375bf55526c754f74cdea9459c78245d9f6185b9947308551624d67f3688a4fe936dc91de837a258ae6468f2f5cd968757dd28f278a2424a9a8fe87027bb4776c5904824b68b16361df1adb992f4a0ecf88799fe96def7ce00c479942a8c4dd225e61cea30b3e483d9e764301dd1d569a2d2fcc91dcc54c8ac6e052ba85d8a8e7744bbd965f799579dd395c49aea7a3ab5df2fe33ceb1a706683a398d166e4e5ef0aee222c8d6e71f61cf9a212b7f1abf05ede37b863d298bee7e28a1917dc06a85dc82dca299d45a1cce10fdf0d7715555e99a9e7d064024aa4004684008421f619538942880b7b9b881431509aebdb47211a79da86c80487423d0eae90916648ebeb47a864b8fffd9c452e3c18036bf286680298e5d20c4e011d47ca47a5e0895d98055eeeb0d1adce72e26a1bb572043b49faae886274b9dea35dcd796ac286b55b6c99179c26ec47f8ed0d16832771047886cbffa10075756f53fd3180d629de87868c5739e89290b845884e155b88f7453e1e949bd7f2708199417c7209db40f46a4f1921e6d82f3d3907eb0c3c7c64cbc0aa0fae57a3b68651488b33ceacf198473e2dbade77babf656d7c9d20e88ebf1625cc7266468fb4ec4f3b5ea65b9dc38f712f44ef1b248b19fb03695d82cd5e4905852647f7a26d88aff7ce4ecfa94f2705c4c58352acdbba36e92f69dd7583c49ecb062b44ef1a3f15bb5a082eb82e7452054612498019dba9becb8b0ff423df99d64472b3528ed8d1dd6b24e714ea5786aa1f618a38cfc70cbb1f8f09fa5f6a56017790ba6d5950557e1d9a8457bc3f5fd461c86ec4b90e8abb9f90debf7dd84f8fedabf25a10c91c70bebb8266599e4e20f6eddf1fba0bcc228e2038ae971bf995ad4f0d680fefce2c4da8c851142d76c1ec4a3b5a627766d803c9e603326d0c9164bb76c19f65f44e62d2ccc488824bc046cc4850701846e9772c5545f02f2536fbbba2f14ee9f2ba4fc2060478f0c90a504b4daabfd1bd24a400785767e05cc5f7f15d205033768592e0a23da6c3419fdcc31a8d6607722932842eff8d8b1220352c06f645ad201acf1e73cc98b0", 0x410}], 0x1, &(0x7f0000000280)=[@assoc={0x18, 0x117, 0x4, 0x400}], 0x18, 0x200040d0}], 0x1, 0x840)
recvmsg(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000003a00)=""/4109, 0x100d}], 0x1}, 0x40010021)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'pimreg1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000100)=@ipv6_delroute={0x70, 0x19, 0x300, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x14, 0x7, 0xfd, 0x3, 0xfe, 0x7}, [@RTA_IIF={0x8, 0x3, r4}, @RTA_EXPIRES={0x8, 0x17, 0x3}, @RTA_PRIORITY={0x8, 0x6, 0x8}, @RTA_GATEWAY={0x14, 0x5, @private1}, @RTA_OIF={0x8, 0x4, r4}, @RTA_MULTIPATH={0xc, 0x9, {0x6425, 0x18, 0x4, r4}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0xf}}]}, 0x70}, 0x1, 0xf00, 0x0, 0x40091}, 0x0)

7.789822679s ago: executing program 0 (id=3106):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x1018, 0x3f7, 0x800, 0x70bd25, 0x25dfdbff, {0x7, 0xff9, './file0', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, [""]}, 0x1018}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @multicast2}], 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001300), r0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001740)={0x60, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x44, 0x5b, "fe8299f6a81fc175be9b81393133a3178ccf6bc95c4108da6542cf2d1b57a0a744cb3ee9df0ce2406e9e7494e51660297d1873634cc2cb05251ae0582b7ee58f"}]}, 0x60}}, 0x4048000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000013c0)={&(0x7f0000000180), 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x3c, r5, 0x100, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xff, 0x11}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1200}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001540)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x6, [@enum={0x1, 0x1, 0x0, 0x6, 0x4, [{0x7, 0x8}]}]}, {0x0, [0x30, 0x30, 0x0, 0x0]}}, &(0x7f0000001440)=""/237, 0x32, 0xed, 0x0, 0x9, 0x10000}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f0000001580)={0x0, r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x17, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendto$inet(r1, &(0x7f0000001240)="c6d8d6e3d71f95960b36719c52c8727205b8bb5b94a76d1ab839a399e7668c4e2e288e2aa826749112e2eddebe6644c2a96d7241331ef74f4f66fff3362497dc9048194678dbf72be268a28c2c56a045da95a20d3fc7140770c970ef5e2faa392bb1b4e1f8b394990a6e7ee3c15cdd3d5f5e8617b59f5a74c14c8eb3d5609d988a7806ffefd067608c81ae79cbc5af51eafc54fe7518e4dc5192d5f8ce29a5686948a4943ec492a7cfde928335f8d223e71956c2d0dc7d707e6e455e9972bf", 0xbf, 0x4008040, &(0x7f0000000040)={0x2, 0x4e24, @broadcast}, 0x10)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ppoll(&(0x7f0000000500)=[{r10}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r11, 0x0, 0x7fffffffffffffff}, 0x18)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000027c0000000039a0040008000c0001800600060008"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r9}, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)

6.808150724s ago: executing program 0 (id=3114):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x3e}, 0x408d3)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004a40)=ANY=[@ANYBLOB="c0260000410007010000000007000000027c00000400fc80a7260180", @ANYRES32], 0x26c0}}, 0x4010)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r3=>0x0})
sendmsg$can_bcm(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0400"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=r2, @ANYRES64=r3, @ANYBLOB="000000000100000000000000840004"], 0x48}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@migrate={0xec, 0x21, 0x1, 0x0, 0x1, {{@in, @in6=@remote, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}}, [@migrate={0x9c, 0x11, [{@in=@multicast1, @in=@dev={0xac, 0x14, 0x14, 0x1b}, @in=@local, @in=@broadcast, 0x3c, 0x4, 0x0, 0x3505, 0xa, 0x2}, {@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, @in6=@empty, 0x6c, 0x1, 0x0, 0x3506, 0x2, 0x2}]}]}, 0xec}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b00)={0x14, 0x5a, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x2}]}, 0x14}], 0x1}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450e002c0064000007069078ac1414bbac1414bb4e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="000000000002f3ffffff0000"], 0x0)

6.465418589s ago: executing program 0 (id=3115):
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000180)=<r1=>0x0)
connect$nfc_raw(r0, &(0x7f00000001c0)={0x27, r1, 0x0, 0x4}, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x3, {[@window={0x3, 0x3}]}}}}}}}}, 0x0)

6.196704393s ago: executing program 0 (id=3118):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000140)={<r1=>r0, 0xfffffffffffffffa, 0x9, 0x200})
sendmsg$nl_generic(r1, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="cc000000350000022bbd7000fcdbdf250e0000000c00458004004280040073809a00d080cbb39585454900851368121f3dc6ea0a9be1dfa4087a34486ba821ab5d6c0042011530c340329b0a7c403e45c0cc202043572058e1a22156fff8472cab504ee54c3408da6358ee73dd0b03100964d8dae9ade0e8b10db3124090b778d326dc02448bc5caf08037afd85945fe76f3c0dc7fa9af4aab12a20ff3c85adad0b76fdd778692953d558fb9026a3b5d0823d1eca5bf83ee3db10000b37ebe82c06adceddc25c4635e440000"], 0xcc}, 0x1, 0x0, 0x0, 0x4000}, 0x4040)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10)
getsockopt$sock_buf(r2, 0x1, 0x1c, &(0x7f0000000140)=""/180, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1c, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10)
setsockopt$inet_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000080)='8', 0x1)
ioctl$sock_inet_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000000))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r4, 0x1, 0x38, &(0x7f0000001640)=""/170, &(0x7f0000001700)=0xaa)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000080)={0x7, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x2, 0x4038a09, 0x4, @empty, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x5}})
unshare(0x6a040000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
unshare(0x600)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={&(0x7f00000002c0), &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r7, 0x4}, 0x38)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

5.52987905s ago: executing program 2 (id=3121):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x4000000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)

5.284142912s ago: executing program 2 (id=3123):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000a00000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a0000002bbd70000000000000000200000000000000000008000020ffffffdf2c0027cc"], 0x124}}, 0x0)

5.046136308s ago: executing program 2 (id=3125):
r0 = socket$key(0xf, 0x3, 0x2)
pwrite64(r0, &(0x7f00000003c0)="97cf007a6dcb4b8d3d2ac42dfd2d1faa5500f0d52e6e97981944bd59396a47f7dde65e38f96234a99dc0cab1b35dccaf6d4cee4542e70e9beda9c81b60db436f2439279c906cb5e6193ef919f2e4313b8039e2cc39cc5232f96c6531883c83fc1bac5f05d0b452ac4b5a815b0ed23111e1", 0x71, 0x89d)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "e78ca3fe5502f7e1", "2cb1b30d16a24400a1f2a6c854ad73cd", "e2ed997e", "16c7aaa6b8d57be5"}, 0x28)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r4, 0x89e3, &(0x7f0000000080)={0x10000, 0x58, 0x9, 0xc, 0x3})
sendmmsg$inet6(r3, &(0x7f0000002800)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x22}, 0x5}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="4128dbde38f7", 0x6}], 0x1}}], 0x1, 0xc010)
shutdown(r3, 0x1)
getsockopt$bt_hci(r3, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
syz_emit_ethernet(0xd2, &(0x7f0000000140)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "e2e914", 0x9c, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "a67fffc2edeba89b05e3c1603a6643a09e7f126a75f4a322af248d1819f139a5", "de3b21c114ba80a04f97df66f8ea21013ac83616a90f6e1e04820462a8f4d501ba12622280af1db4765e581e2306a9c6", "479d02914db6bb4c409971ad6a7decfbf06bbd2916c51c856435f6c0", {"408d7b293ebb4b7c2b0f297c67cbec46", "083aa63c14808672060f98b36d5221b5"}}}}}}}}, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x900001c)

5.036378215s ago: executing program 1 (id=3126):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000030a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30000000000900020073797a31000000002c00058008000140000086dd080001400000002c080001400000001608000140000000736afd014000008100080009"], 0x248}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000037c0000040042800c0001800600060080"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r4=>0x0})
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800038008000200080000003e"], 0x44}}, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r5, 0x0, 0x48f, &(0x7f0000000100)={0x33, @empty, 0x4e23, 0x4, 'lblcr\x00', 0x21, 0xffff, 0x18}, 0x2c)

4.280004384s ago: executing program 1 (id=3129):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
close(r1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c012)
ioctl$int_in(r2, 0x5452, &(0x7f00000004c0)=0x1)
write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1)
syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[], 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0xe0}, 0x20004065)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRESOCT, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32, @ANYBLOB="e8001a8048200a8014000700"], 0x15c}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a0000002bbd70000000000000000200000000000000000008000020ffffffdf2c0027cc"], 0x124}}, 0x0)

3.879980504s ago: executing program 1 (id=3133):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=@newtaction={0x48, 0x30, 0xb, 0x70bd25, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0x60}, {0x4}, {0x4}, {0xc, 0xa, {0x1, 0x1}}, {0xc, 0x9, {0xf5}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40090}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000300)={0x2, 0x4, 0xfc, 0x9, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x6c, 0x0, 0xe, @in6={0xa, 0x4e20, 0xebd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x32, 0x0, 0x0, @in6={0xa, 0xce20, 0x4, @mcast2, 0x8000}}]}, 0x70}}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x2, 0x9, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20010010)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x891c, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x0, @empty=0x1f}})
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r4, &(0x7f0000000600)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x14c, r5, 0x180, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x69cd065ad314ac8b}, {0xc, 0x8f, 0x54d}, {0xc, 0x90, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xaa6}, {0xc, 0x90, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0xffff}, {0xc, 0x90, 0xe771}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0xe}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x4e20, 0x3, 0xa}, {0x0, 0x800000000000}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r8 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x4040)
close(0x3)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001d0001"], 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

3.788707953s ago: executing program 4 (id=3134):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r5, &(0x7f0000000000)=[{&(0x7f00000000c0)="f8", 0x1}], 0x1)
r6 = socket$kcm(0x2, 0xa, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000000000000001010c000440", @ANYRESHEX=r7], 0x188}}, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8015}, 0x0)
ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000001180)={{r7}, "79f5a99b80659db4662d249abf48c310355ebe386bebba1c336b489f8ad3043e4bef4eaa9e52e8fc655514f1f6916394892cf871b3b3f1e72844980cbe73d294c7bd62d3208037263b451dbc3d49b48a07b74029273fc1cfb87fb90390618f5041cde42f3d2535b2219284fcde5c9534cccec5a3b4685f2d00877cbf0f75cf6f61fe6964eefcb43ba3be23104e78c5363a85947021d7aae627d761faa9e9bf1f1c4c68c7d51c4b790171b1053f0cc5c3b62b8cdc3ffc19b9c103636c3899561be9ce85f0dbf5540e215eaa90696d34f3cb4c8ce16b2eaa14f3403485a986118c81fc5deb7e46819f323b5d50cb38682e50304d6d4ba94924efc9b98e567742c3de3618b515e3455d2d45ba2398a3486daecffc089c6443afb65356cd2288c0071670d8446faa19a0eea585780b6a12cf6e40c3705c425af4459776450545eb2339c53d5d09ecd1e92d30a30dee1481ff07dc729e8d38e4be4df30251ec3a112b1133a04499bef13cd346f0f1094c9074c74f6ef9a951008c390ec59962197c8a4255dfa48c4c4c22a0b7db8ac19d3cd5c6cd859f67759b0faafd3d230ffff2b679f5e7c750271b9c7d825166a5375dc559db8fd4a3743f1d33e4825aa4a81ba7c1fb990868d5f8e1a1a2492053b00fb42594da2bc3fde73c476ae383fe52e4a1ae37c93eb18c49a456baf1ff0be732ef476ed4256bf8573f9c0dffd61c021c0156f5a54f7fe56592317b24698c859afdb84ff0ad18e3a1176790a058d09cac9f7ef3c71354ce9dd6fdb197393bab4739c0927f9612be8b2729c28e759f546d843d5af61ab5f1d9105c0db8546f77b3b0918692e6373765f27a683b95b3f580fbf5b178f3032aed4aeb718dc19ab04a4789cf6c0c3054db25a81ce57ac40d8adb6416fa0c4b924e66e14d00bc2ac5ae05b73ac792587e33756639c49afd9431039229a0a51f9f9cd755c7ba7b6dc489f96dba1f0f0711f7d41c3786e1c834889e933e0bccfad82661afb7e060b73adde876869f4d70c702f9691d615895232071b28ef9c82877388afa6b7a31fcc4891e2643a8ea155b72707cb7b59be9ca064f3bb036aa41b77159b04d123ee2e1c6d32de2d1e44b989f279594e75d03e2a183cc3e40cba26df2c27612210ac5059078eb0bd53342fee29016323641c04d38c9361e7efedd935ebd6387125aad0882bdb48bc741c3fe16c8d9169b0ecbb23a92e7aa3ca7ca7d949338358cd439fc632fcbf2b9155747d9a49e413fb04a5ab760b76214dbb649f5c9ca2d94f0e5d7dcf91c2786564fa68693fe5893050116e8e7caf597d07f2a6861a60947b2ae7f9338e005c72ede035deaca5819a6b57eef9a2c0efeb9cdf84eca1a0c288f2d58a950ee0137b41efa655f6f7551427a33c41f3e552b2c9abdeaa3b144a823f6d2f8e63e382d613ec487e287388f8a30ee7a03140d0bf81230f8f0f3cd1e5bd24690602bcb84d91e80d4a53d32a8b7e7fe8987cfc6ea39b9447a41cadfb53b0d1297c618a76903c98aa9392d59951f5caaa73fafb54986c08ba3394b08314228f23c80370b43eaf635d2facb625d2e5cca0ad9b25ada472728914843fe7f289466b0f3e2d757548a6b94fc23d88d5d70e59be12292060ee3f41dd755357b7b5b929478f337f9269a42711e8b59a23445525b1a5413423c4828b6e3a0b6ad027cb5c77a6d5cdbce08e51ce2c9e19efba82f7a88ea58f9ca58cb4d485c5819b35600c5786a991a2f0da91df7e7ff87ed9db8340d66e80e83466c6147ad6f317c0828387b5905e883aacd3250dd75dea5b727d68b10dfde4d00db9bddaa42b3fc4ebae8e7bd331c120a090515287aafe6905be5239e36987eb245e1845c1e925ff1c5e7ff0d6e145a01bc3de35f2b384b5e2e834a55126f927b0114a4a4a78a91e3e6c8cd82579f5fe232fc1ff000a31b0d2f4278306eb584a1688e8247dea14010239d37bb843e26e0c65026dc2b5b820a35ea7d3122a3fac27c2d0a0e44e35363015d86ecf7c6480cc68534098c763bc8945ccb967136d6b9f8ffd4a59eb4503dc81010a51c54053b5ff090f93cc579b5b647ae25a904a64c9c78541756b6d7f70b5e457ba46e5012316feb8a9b08640e0e617ddb7e75d0780272e8257cf06dc479b15135ed3f5d29cd0060a040743292f00f0370f1d567ad122fd85924288c244a60b690d70dbc515ec56635c3e8687b3d5414f5bcecea0a59d41f225109dc3e39abd324d6ebb67918a550faad610c93b6e42555399bae18ec60ee27074e2e1d5614c2828373ae5702e49cdc3332ba805ee9dddb8d50b290db23f0ed0e5b76619d906d44b547d305760dccb5f095883e9aaa6cfea6bef86a5a071a0692666995a2fc03249b256c846bb65b63a3643ffe0a400d3b367d86d4afffd03c3bce9f2e051494d6d95b2d0c8cf2ca3703cd111b47a1c36a7f637c2dcca7338f786459df65aa29867cfe8e11e0989c2da5b327bd92ed80d881b251452f08c521051764f7a28654b5d4a50f12ea21fe42c8b036c02093056477298785e0b1a0174d43f0e7596b7d5f4cc0de4cc9f5f8baf81fd0bc9fd34a0f89a265889ea621bf4f763f6941b6bfae10ebfa942850bb1ea93ea795734712bc33593223db5f52c02b296935cb313e2a3dbc457c4a3c3d6406ac0655f3e124a260d07489f2df8fde8f3081746846a710f7a05bbb95f04b6a9cf5ecd147c12fa4dc34f919e7fb6aeb474f874e259ab8db1201c0b5a83d66453eddc59719ec5115942da06e990f5b02ed354826c7d7c265db965fb9d1cff0d0df56dccf717e45028b5efd969a0f3aa8d843de34b87f5c47a9a644427ef3845febfb6f8ecae2db4b2977c00b3feba7e010f916281b19da789ec9be17ca6312519741dff9536d1dc6ecab5f0712bec69cf618eefed1303921b97c65e77671aadcdcc6f9a72f08902764f20c7ac51e0c4f70d017dc1ae54fee7ddab497f88a30bdc8b3844ecabf913e23e064fc061076370f17032046c47dfffb908300233bff93345ebc5a44cfa22f00a56958ab2396628c93d150b5aa72fcaf1d21d24f591452c7f8abbfc97d3c64fde2aab590b4129d747934257d1be6058f93ae12be38f5184c54e33d324aeff176c119ac1697656e946cfb1cacdb6fd4884284a35336eb8f35a8b5a60fa4b250b58e273adcc1bcff2c55b87a5fdec2fa495f6474a467c42a3e618178de257d0306a2109e4a98f916c55591118bcd07777196fb2cc19a4e4b4450f72068285511f6259e6e179a9f4d203770e50de743f7221ab7ebf9ddf5c96a0733369f949ab88535aa328eaa00234135a55e51588e0d26f304ec13614cb102978da9c99bbdd0a0cf1fe3a0bdab36d42caa27d51f7566e332f34e1d05523ee845d723b44c28f429831663b1c4524cd6254616c6c22feeefdef2334da4dd8e825d4f7024ffb9fc9e15a5c079711863c90761ed75882b4c50f776d2064cd3bcdb1b0ea76d8fd7195fc1b6897110f82042b68aae6f71752dadbc3d63e853fb6b1a9ac2effed17dcfa5fdcc7782e2157bbfb61c1eecb6b4aaf0114abc2a282b58f41827ff3b8f829e2f43784b6f0e520c7ac5afa71297019004c657b8dcb1de38f48bedaafedce29ba41205953b1d9d3c808d76bef72b8d31a756de6f3e076b7fa3fc06e16353e9cf561fb151fa3386cd0c483becb5fcdc445fc97828251209ec1fb0c46f412da4b885e7fe44d8ba425cab18bfa8c3a4145c9a5fe7ea47b20e4378b426fd94f2e561114339060de4a24856d644a853ed6ee1718f6a8cd55ba12f13d0cc751e57e993e1fc59b75159f34e5e993a6a5574ee37d652ac9e4aaa2ee0174d552bac07c74e2db4f37de37c83e3d3de3c556bea8fd3aae2c2dac571a42c7efe11cf7e11a175d21714e9877eb688ffeceb779970cd2decc6cf1bd19735dd736b75e69b281ab18c9bc6da713dc59fd2293ea51a22941231dd55368364269f615d03e2f2028977511d726d4f421f72a4f0a799866db16bdd29b558cb27acd3e436338662aa7c43bfce91bb30fa0798d55b7766bf254d332eba9355b9bf5ec42f8ec01a1133ffe2e66f68c2c11f29cf41b0c24f3d48a4164e8013c0de270587ada23828d118b50a8138cefe85e6ff2f7be89933e5d8e9087cc82e33e302ae0c508a0ce33deea6f3161cc1f936d67fe264b82e1ecead650f86e6e96c199e0bf5e6ec43030513448e06f6364d5bf6e0020dc1742a4a216dab802003118235ba6c29ab02f1a294dfb956c046739e18bd7b51c415d791ad009153c44a628d650d38e64e5d1077536d6c429286488ce9fbfee4d458eb6fc7746ba8036ecc2645f9a1bbe0d0ac35f23cf4d4e867c7477b856956eb0c7253672f36348f815ac14bad3a0d66dfa56b033c5668a9a1383be0a26b890155203c17546c55098bbbe35c53fcb1fc5bb3f542c47d76a60503630ccbd88ade36d3b213c403a93d2844749f571e5a2e5ac02c1fe4492954164fdd7c638614236030535f495c6060a70c06f166a32b81c9fd86cea740272d1a296769d0bb548c76c2e01a3205bd8e45e60c40c29e922828704b7365eaf7852ac1265cfab60ea69506a71a70deeeede17dff6a3a59b733bf091d30837feeba2611f6257e11436d5456de10765148c14c1bce3f47d04b1e3a342f7b41e28dac7c9cbc81b36bd120b8b384658a44bfef30d1f2baca124b390005f33615a2209c805148aa28cc80f7363c96c4c5e6d696c32c38eba8046868ba8a84f4dd024e487908d977d3ad26f9de79153931291c38c472d070bd16d7ffe8f04857c8e1081be3fcf9a9fc2525f0a275d58a54f65accdd88688aab2c358ec128d53b8a16201bab78869312fc0e01c8e02dde8ac172dfade1768a4f48bc47a9c3dbcfa2082bf11bd8070d893bfea2e88923d401d6fabb82d3e8c52eff4915a688f6dffd197525510706350f034e557865b9f089b46b0a4609e82ce3a75947ce661f5d24f117bceb6664ff99b5415167a4e20738ff471dee0a13a431ce9b5051914585048d6d09bb83f14e22ab897a3c08e1948bc7c87619963ac8769a581524bec6c9f4913af63d8cc7d3bdd8d4c0644b2761e196c223ae03870316517782e8d8d0757e1ca61c096144f666fac97d3f4b38848630c798ab066de6afbafb830955cc82a574bba381515ccc6fa2ea30eb57b7bdc271e576e80942f24ab705f59cd767117e29dfc1942504eef30217410015900571bea5a2766cc334ce2062eda634e46934f36b1418e8c219f5d94a1168e6da2f3cf812b6adff345a093b385955ddcce751787dffbfe6dfb39eb9de80e9589bbae2a6569d6ac6a65d536932a915a5859d39b308815923854cb2f8cbba7722c569b98452bfc9f258cba2c5370b4eee738947602d62465674e460865a121231ac788bc11bb3f0c7c3b3ecb5d4b2ea887c477e824df23840f2357f8540ed1cccd836a7e27e1c743cf7022d750c94ca817baae0cf51e935a428051459bfcbd8c7e846c6c6ddf238d8a18cc7b11803b16fc7796613dd43356787215281dab4368ebb57c76563ec75740c26debbdceb35de8ecd5fe20e65c831b46abfcaae3c31339b2df754bfa2eecc10acf25b6ad1cc85096d07c0071eaa50e397e1f4194167bc6d1593512b2f86e859802fcdd93202b03ea3114514f5b3a6a8317f2e2cdacf2b6821deac455a8827718be0d4479fa8bf9426d003c20116f05ab85a626bfb8942830f5fac92b563d0aed5946f40757d52f26872e4766d97d000e206a1681f9571c37560411caf352f1ca3e4"})
write$tun(r3, &(0x7f0000000340)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x10, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x5, 0x100}}}}}}}}}, 0x4a)
r9 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r9, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r8)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x60}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff018}, {0x6}]}, 0x10)

2.733284446s ago: executing program 3 (id=3136):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1820000000000000000000000000000085100000fdffffff06000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xc, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22)
r0 = socket$inet(0x2, 0x1, 0x196)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@ipv4_newaddr={0x44, 0x14, 0x503, 0x800000, 0x25dfdbff, {0x2, 0x0, 0x51, 0xff, r3}, [@IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0xa0}, @IFA_BROADCAST={0x8, 0x4, @multicast2}, @IFA_LABEL={0x14, 0x3, 'veth0_to_bridge\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0xc090}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000080)={'gre0\x00', &(0x7f0000000040)={'gre0\x00', r3, 0x0, 0x80, 0xfffffffd, 0x3, {{0x6, 0x4, 0x2, 0x7, 0x18, 0x64, 0x0, 0x5, 0x2f, 0x0, @private=0xa010102, @rand_addr=0x64010100, {[@noop]}}}}})

2.568348828s ago: executing program 4 (id=3137):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000000)='wg0\x00', 0x4)
unshare(0x22020400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = accept4(r0, 0x0, &(0x7f0000000340), 0x80000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x34, r4, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/time_for_children\x00')
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x40000)
r5 = socket$netlink(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14, 0x3ed}, [], {0x14, 0x3ed}}, 0x28}}, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0xca, &(0x7f0000000540)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xa7, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0xffff, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}]}}, {"990cf6b925b608fc6ec1d27eb468ab3dd8e82acdae819863f0c9eb1bb247bebf7ff2967b853f94759770e935d32da4f97de4ecabbbee3b964c63524ce4536e94fdd8a6e00c6dcc57514608d4cef96eacb9c61c92a6124e9dd501e0ad120c458bb3433903717f3565ac69b9944033769d6d9072fe57129eaf5b8c30fb82a7e9aea43357c903246ceb5297ff505ff2c9c7"}}}}}}, 0x0)

2.48206019s ago: executing program 3 (id=3138):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x1, @none, 0x0, 0x1}, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x51, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05000000050000000200"], 0x50)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r2, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c0", 0x2f, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4)
shutdown(r2, 0x1) (fail_nth: 1)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x20010, 0xffffffffffffffff, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)

2.375538387s ago: executing program 3 (id=3139):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) (async)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r2 = epoll_create1(0x0)
epoll_wait(r2, &(0x7f000000affb)=[{}], 0x1, 0x7fff) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x109100, 0x0)
ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f00000000c0)) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)={0x18, r5, 0x1, 0x0, 0x25dfdbfc, {0x1c}, [@HEADER={0x4}]}, 0x18}}, 0x4000000) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) (async)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="380000001a00010000000000000000000a00"], 0x38}}, 0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xa0000004}) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r0, @ANYRES64=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0xfffffffffffffd37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x67bfc08}, 0x50)

2.258192244s ago: executing program 4 (id=3140):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x1, @none, 0x0, 0x1}, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
unshare(0x26000400)
shutdown(r2, 0x1)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r3, @ANYBLOB="4e8fdb17c5b94b708c98adbe0c6a7e5e7889cbba8b04033bb5f27bb3cb86646c65dc49c0cb040331c60b19ad4f027cc021c964ec26f76b7e5446ac0639", @ANYBLOB="eb2019d75452de8ebfa5c5f41605e82abc07dca4ea19dd28796ffe5ae62f75ad551956c1f7892451a4beaeea9790f1c2e55c3b07af5af0dbd05e9956afea329717c899bbb74e65ecbfd7cbaae07c664ef039c977724d3df92de83990b452307c369253021b9bfd0a5e5a5a11b66ee7dcc5723b69979724d9a36d1f3de75092b4967f26251c196236c2ff2416cc521a698e9c5f859cb64ace82adbcff512f2c9f6bb7f5294d652732e41f9b66c45fd1cbc5aabf0346d42873b9845cacf8df6d16d12d18150ea475d5da5208d13bd3154f490c021ddc25a55f879564b015c519155d2b7279c03e15870054a2d0fc", @ANYRES8=r0, @ANYRES8=r0, @ANYRES8=0x0, @ANYRESDEC=r3, @ANYRESOCT=r1, @ANYRESHEX=r2], 0x48)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_emit_ethernet(0x4e, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000005280)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0, 0xfffffffc}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000006c0)="b3", 0x1}], 0x1}}], 0x1, 0x44)
listen(0xffffffffffffffff, 0x100101)
accept(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x51, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05000000050000000200"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@dev, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f00000001c0), 0x4)

2.097857126s ago: executing program 3 (id=3141):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x10000, 0x6})
recvfrom$rose(r1, &(0x7f0000000900)=""/128, 0x80, 0x0, &(0x7f0000000980)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)='%pK    \x00'}, 0x20)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000640)=<r4=>0x0, &(0x7f0000000680)=0x4)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0), 0x4)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@bloom_filter={0x1e, 0xa, 0x1000, 0x4, 0x12000, r3, 0x5, '\x00', r4, r5, 0x1, 0x2, 0x3, 0xd, @void, @value, @value=r0}, 0x50)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000a40)=""/4096, 0x1000, <r7=>0x0, 0x0}}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_type(r9, &(0x7f00000000c0), 0x9)
sendfile(r9, r8, 0x0, 0x10000)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x800000}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r6}, {}, {}, {}, {0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0x55}}]}, &(0x7f0000000300)='syzkaller\x00', 0x5b8c, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @xdp, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000001b00850000008a005800950000000000130014a400000093d02dd93d33a5a4ae6e4f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0}, 0x94)
connect$ax25(r8, &(0x7f0000000400)={{0x3, @null, 0x3}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @null, @default, @bcast]}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x6, &(0x7f0000001a40)=ANY=[@ANYRESDEC=r10, @ANYRESOCT=r6, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @fallback, r8, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000fc0)=ANY=[@ANYRESHEX=r2], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000540), 0x8, 0x10, &(0x7f0000000340), 0x10, r7}, 0x94)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r12 = socket$pppl2tp(0x18, 0x1, 0x1)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_GETFSMAP(r10, 0xc0c0583b, &(0x7f0000001a80)={0x0, 0x0, 0xa, 0x0, '\x00', [{0x6, 0x1, 0x9, 0x1ddc, 0xdef, 0xb}, {0x5, 0x7f, 0x400, 0xf, 0x800, 0x85d}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r13, @ANYBLOB="200001"], 0x38}}, 0x800)
ioctl$SIOCSIFMTU(r12, 0x8922, &(0x7f0000000180)={'netdevsim0\x00', 0x7fff})

1.788085391s ago: executing program 2 (id=3142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e0000000000000005000000"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
r1 = accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14)
shutdown(r1, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="070002000000fddbdf2505000000180001801400020073797a5f74756e00000000000000007d0800038004000380080005"], 0x3c}}, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x56)
connect$inet(r4, &(0x7f0000000380)={0x2, 0x4e25, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10)
close(r4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x0, 0xbb15}, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
r8 = accept4$x25(0xffffffffffffffff, &(0x7f0000000580), &(0x7f00000005c0)=0x12, 0x80800)
ioctl$SIOCX25GSUBSCRIP(r8, 0x89e0, &(0x7f0000000640)={'bridge_slave_0\x00', 0x9, 0xc})
r9 = socket$netlink(0x10, 0x3, 0x2)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r9, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="20000000121400002bbd7000fbdbdf2508004b00130000f107004f0001000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8880)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r11, &(0x7f0000000280)='memory.current\x00', 0x0, 0x0)
sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x800)

1.775520825s ago: executing program 1 (id=3143):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300030c00000000070000000000000200090010000000e925000000000000030006000000000002000000000000000000000000000000020001000000000000fd000300000000030005000000000002"], 0x60}, 0x1, 0x7}, 0x0)
accept4(r0, 0x0, &(0x7f0000000100), 0xd80a8c198f399363)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x1, @mcast1, 0x400}]}, &(0x7f0000000080)=0x10)
getpeername$packet(r1, 0x0, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x3, 0x3a)
r5 = socket$igmp(0x2, 0x3, 0x2)
sendmmsg$inet(r5, &(0x7f00000053c0)=[{{&(0x7f0000000180)={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f00000001c0), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="5800000000000000000000000700000086160000000305105ddb38a892a795d64cf2b1cded95820c0cac63d30adc5d6505a0892308e4ffffffab1414bbac14013b0000000064010101e0000002ffffffffac14143800000014000000000000000000002f0005d1"], 0x70}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x4)
socket$kcm(0x10, 0x0, 0x4)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="b36297232100210189f1dca18a4fd9e3b530f05305000000000c00180032cdd30e012e10f49ed74d7d5382e4eeb6b337b65315fe6c567aa56abe789a267b4ed99c91f19e06a73c3620b4f3d94a8480cd1a2375ca3b3575e1fcc5c7d004b4a4da761325373a5a869fa9bfaa54134bce28e428971aa05d9e4c367e3c3c6727ead8970ea811e1b2bda660cc4e7ff3c84f8d35d2c671d255c0e60dbbc551ddb4e0d4c47889cdfe45ae690658b6610f217c9c3871759a32f30665b9426f6c90ad2b11b66bcdc7cbbdf63672789747aba50140550b161daca28b75a9cd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x28}}, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r3, r3, 0x1, 0x2, &(0x7f00000000c0)='\x00\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
socket$alg(0x26, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000680)='jbd2_handle_stats\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1, 0x0, 0x0, 0x81}, 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

1.233978897s ago: executing program 4 (id=3144):
r0 = socket(0x2c, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x17)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x200048c0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, 0x0, &(0x7f0000000540))
read(r2, &(0x7f0000000080)=""/186, 0xba)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x2, 0x2, &(0x7f0000000040)=ANY=[@ANYBLOB="85000000b500"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2a}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[], 0x44}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl(r4, 0x8b2c, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2e, 0xfffffffffffffffd, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000200), &(0x7f0000001500)=@tcp=r0}, 0x20)
close(r0)
syz_emit_ethernet(0x3a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800630e002c0064000007069078ac1414bbac1414bb4e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="60046071907800e704020000"], 0x0)
socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)

878.233411ms ago: executing program 1 (id=3145):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x1c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x6, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="180200000000002000000000000000008500000089000000c300f8170000000095"], &(0x7f0000000100)='GPL\x00', 0x5}, 0x94)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
recvmmsg(r0, &(0x7f00000031c0)=[{{&(0x7f0000000080)=@ethernet={0x0, @multicast}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f00000001c0)=""/107, 0x6b}, {&(0x7f0000000240)=""/165, 0xa5}, {&(0x7f00000003c0)=""/125, 0x7d}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/33, 0x21}, 0xc}, {{&(0x7f0000000580)=@ieee802154={0x24, @short}, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000600)=""/69, 0x45}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/16, 0x10}, {&(0x7f0000001700)=""/90, 0x5a}, {&(0x7f0000001780)=""/97, 0x61}, {&(0x7f0000001800)=""/188, 0xbc}, {&(0x7f00000018c0)=""/42, 0x2a}, {&(0x7f0000001900)=""/172, 0xac}], 0x8, &(0x7f0000001a40)=""/124, 0x7c}, 0x3}, {{&(0x7f0000001ac0)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001b40)=""/92, 0x5c}, {&(0x7f0000001bc0)=""/180, 0xb4}, {&(0x7f0000001c80)=""/162, 0xa2}, {&(0x7f0000001d40)=""/57, 0x39}], 0x4, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x6}, {{&(0x7f0000002dc0)=@nfc, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000002e40)=""/125, 0x7d}], 0x1, &(0x7f0000002f00)=""/251, 0xfb}, 0xbcc}, {{&(0x7f0000003000)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000003180)=[{&(0x7f0000003080)=""/219, 0xdb}], 0x1}, 0x370}], 0x5, 0x40002040, 0x0)

771.068138ms ago: executing program 1 (id=3146):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r5, &(0x7f0000000000)=[{&(0x7f00000000c0)="f8", 0x1}], 0x1)
r6 = socket$kcm(0x2, 0xa, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000000000000001010c000440", @ANYRESHEX=r7], 0x188}}, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8015}, 0x0)
ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000001180)={{r7}, "79f5a99b80659db4662d249abf48c310355ebe386bebba1c336b489f8ad3043e4bef4eaa9e52e8fc655514f1f6916394892cf871b3b3f1e72844980cbe73d294c7bd62d3208037263b451dbc3d49b48a07b74029273fc1cfb87fb90390618f5041cde42f3d2535b2219284fcde5c9534cccec5a3b4685f2d00877cbf0f75cf6f61fe6964eefcb43ba3be23104e78c5363a85947021d7aae627d761faa9e9bf1f1c4c68c7d51c4b790171b1053f0cc5c3b62b8cdc3ffc19b9c103636c3899561be9ce85f0dbf5540e215eaa90696d34f3cb4c8ce16b2eaa14f3403485a986118c81fc5deb7e46819f323b5d50cb38682e50304d6d4ba94924efc9b98e567742c3de3618b515e3455d2d45ba2398a3486daecffc089c6443afb65356cd2288c0071670d8446faa19a0eea585780b6a12cf6e40c3705c425af4459776450545eb2339c53d5d09ecd1e92d30a30dee1481ff07dc729e8d38e4be4df30251ec3a112b1133a04499bef13cd346f0f1094c9074c74f6ef9a951008c390ec59962197c8a4255dfa48c4c4c22a0b7db8ac19d3cd5c6cd859f67759b0faafd3d230ffff2b679f5e7c750271b9c7d825166a5375dc559db8fd4a3743f1d33e4825aa4a81ba7c1fb990868d5f8e1a1a2492053b00fb42594da2bc3fde73c476ae383fe52e4a1ae37c93eb18c49a456baf1ff0be732ef476ed4256bf8573f9c0dffd61c021c0156f5a54f7fe56592317b24698c859afdb84ff0ad18e3a1176790a058d09cac9f7ef3c71354ce9dd6fdb197393bab4739c0927f9612be8b2729c28e759f546d843d5af61ab5f1d9105c0db8546f77b3b0918692e6373765f27a683b95b3f580fbf5b178f3032aed4aeb718dc19ab04a4789cf6c0c3054db25a81ce57ac40d8adb6416fa0c4b924e66e14d00bc2ac5ae05b73ac792587e33756639c49afd9431039229a0a51f9f9cd755c7ba7b6dc489f96dba1f0f0711f7d41c3786e1c834889e933e0bccfad82661afb7e060b73adde876869f4d70c702f9691d615895232071b28ef9c82877388afa6b7a31fcc4891e2643a8ea155b72707cb7b59be9ca064f3bb036aa41b77159b04d123ee2e1c6d32de2d1e44b989f279594e75d03e2a183cc3e40cba26df2c27612210ac5059078eb0bd53342fee29016323641c04d38c9361e7efedd935ebd6387125aad0882bdb48bc741c3fe16c8d9169b0ecbb23a92e7aa3ca7ca7d949338358cd439fc632fcbf2b9155747d9a49e413fb04a5ab760b76214dbb649f5c9ca2d94f0e5d7dcf91c2786564fa68693fe5893050116e8e7caf597d07f2a6861a60947b2ae7f9338e005c72ede035deaca5819a6b57eef9a2c0efeb9cdf84eca1a0c288f2d58a950ee0137b41efa655f6f7551427a33c41f3e552b2c9abdeaa3b144a823f6d2f8e63e382d613ec487e287388f8a30ee7a03140d0bf81230f8f0f3cd1e5bd24690602bcb84d91e80d4a53d32a8b7e7fe8987cfc6ea39b9447a41cadfb53b0d1297c618a76903c98aa9392d59951f5caaa73fafb54986c08ba3394b08314228f23c80370b43eaf635d2facb625d2e5cca0ad9b25ada472728914843fe7f289466b0f3e2d757548a6b94fc23d88d5d70e59be12292060ee3f41dd755357b7b5b929478f337f9269a42711e8b59a23445525b1a5413423c4828b6e3a0b6ad027cb5c77a6d5cdbce08e51ce2c9e19efba82f7a88ea58f9ca58cb4d485c5819b35600c5786a991a2f0da91df7e7ff87ed9db8340d66e80e83466c6147ad6f317c0828387b5905e883aacd3250dd75dea5b727d68b10dfde4d00db9bddaa42b3fc4ebae8e7bd331c120a090515287aafe6905be5239e36987eb245e1845c1e925ff1c5e7ff0d6e145a01bc3de35f2b384b5e2e834a55126f927b0114a4a4a78a91e3e6c8cd82579f5fe232fc1ff000a31b0d2f4278306eb584a1688e8247dea14010239d37bb843e26e0c65026dc2b5b820a35ea7d3122a3fac27c2d0a0e44e35363015d86ecf7c6480cc68534098c763bc8945ccb967136d6b9f8ffd4a59eb4503dc81010a51c54053b5ff090f93cc579b5b647ae25a904a64c9c78541756b6d7f70b5e457ba46e5012316feb8a9b08640e0e617ddb7e75d0780272e8257cf06dc479b15135ed3f5d29cd0060a040743292f00f0370f1d567ad122fd85924288c244a60b690d70dbc515ec56635c3e8687b3d5414f5bcecea0a59d41f225109dc3e39abd324d6ebb67918a550faad610c93b6e42555399bae18ec60ee27074e2e1d5614c2828373ae5702e49cdc3332ba805ee9dddb8d50b290db23f0ed0e5b76619d906d44b547d305760dccb5f095883e9aaa6cfea6bef86a5a071a0692666995a2fc03249b256c846bb65b63a3643ffe0a400d3b367d86d4afffd03c3bce9f2e051494d6d95b2d0c8cf2ca3703cd111b47a1c36a7f637c2dcca7338f786459df65aa29867cfe8e11e0989c2da5b327bd92ed80d881b251452f08c521051764f7a28654b5d4a50f12ea21fe42c8b036c02093056477298785e0b1a0174d43f0e7596b7d5f4cc0de4cc9f5f8baf81fd0bc9fd34a0f89a265889ea621bf4f763f6941b6bfae10ebfa942850bb1ea93ea795734712bc33593223db5f52c02b296935cb313e2a3dbc457c4a3c3d6406ac0655f3e124a260d07489f2df8fde8f3081746846a710f7a05bbb95f04b6a9cf5ecd147c12fa4dc34f919e7fb6aeb474f874e259ab8db1201c0b5a83d66453eddc59719ec5115942da06e990f5b02ed354826c7d7c265db965fb9d1cff0d0df56dccf717e45028b5efd969a0f3aa8d843de34b87f5c47a9a644427ef3845febfb6f8ecae2db4b2977c00b3feba7e010f916281b19da789ec9be17ca6312519741dff9536d1dc6ecab5f0712bec69cf618eefed1303921b97c65e77671aadcdcc6f9a72f08902764f20c7ac51e0c4f70d017dc1ae54fee7ddab497f88a30bdc8b3844ecabf913e23e064fc061076370f17032046c47dfffb908300233bff93345ebc5a44cfa22f00a56958ab2396628c93d150b5aa72fcaf1d21d24f591452c7f8abbfc97d3c64fde2aab590b4129d747934257d1be6058f93ae12be38f5184c54e33d324aeff176c119ac1697656e946cfb1cacdb6fd4884284a35336eb8f35a8b5a60fa4b250b58e273adcc1bcff2c55b87a5fdec2fa495f6474a467c42a3e618178de257d0306a2109e4a98f916c55591118bcd07777196fb2cc19a4e4b4450f72068285511f6259e6e179a9f4d203770e50de743f7221ab7ebf9ddf5c96a0733369f949ab88535aa328eaa00234135a55e51588e0d26f304ec13614cb102978da9c99bbdd0a0cf1fe3a0bdab36d42caa27d51f7566e332f34e1d05523ee845d723b44c28f429831663b1c4524cd6254616c6c22feeefdef2334da4dd8e825d4f7024ffb9fc9e15a5c079711863c90761ed75882b4c50f776d2064cd3bcdb1b0ea76d8fd7195fc1b6897110f82042b68aae6f71752dadbc3d63e853fb6b1a9ac2effed17dcfa5fdcc7782e2157bbfb61c1eecb6b4aaf0114abc2a282b58f41827ff3b8f829e2f43784b6f0e520c7ac5afa71297019004c657b8dcb1de38f48bedaafedce29ba41205953b1d9d3c808d76bef72b8d31a756de6f3e076b7fa3fc06e16353e9cf561fb151fa3386cd0c483becb5fcdc445fc97828251209ec1fb0c46f412da4b885e7fe44d8ba425cab18bfa8c3a4145c9a5fe7ea47b20e4378b426fd94f2e561114339060de4a24856d644a853ed6ee1718f6a8cd55ba12f13d0cc751e57e993e1fc59b75159f34e5e993a6a5574ee37d652ac9e4aaa2ee0174d552bac07c74e2db4f37de37c83e3d3de3c556bea8fd3aae2c2dac571a42c7efe11cf7e11a175d21714e9877eb688ffeceb779970cd2decc6cf1bd19735dd736b75e69b281ab18c9bc6da713dc59fd2293ea51a22941231dd55368364269f615d03e2f2028977511d726d4f421f72a4f0a799866db16bdd29b558cb27acd3e436338662aa7c43bfce91bb30fa0798d55b7766bf254d332eba9355b9bf5ec42f8ec01a1133ffe2e66f68c2c11f29cf41b0c24f3d48a4164e8013c0de270587ada23828d118b50a8138cefe85e6ff2f7be89933e5d8e9087cc82e33e302ae0c508a0ce33deea6f3161cc1f936d67fe264b82e1ecead650f86e6e96c199e0bf5e6ec43030513448e06f6364d5bf6e0020dc1742a4a216dab802003118235ba6c29ab02f1a294dfb956c046739e18bd7b51c415d791ad009153c44a628d650d38e64e5d1077536d6c429286488ce9fbfee4d458eb6fc7746ba8036ecc2645f9a1bbe0d0ac35f23cf4d4e867c7477b856956eb0c7253672f36348f815ac14bad3a0d66dfa56b033c5668a9a1383be0a26b890155203c17546c55098bbbe35c53fcb1fc5bb3f542c47d76a60503630ccbd88ade36d3b213c403a93d2844749f571e5a2e5ac02c1fe4492954164fdd7c638614236030535f495c6060a70c06f166a32b81c9fd86cea740272d1a296769d0bb548c76c2e01a3205bd8e45e60c40c29e922828704b7365eaf7852ac1265cfab60ea69506a71a70deeeede17dff6a3a59b733bf091d30837feeba2611f6257e11436d5456de10765148c14c1bce3f47d04b1e3a342f7b41e28dac7c9cbc81b36bd120b8b384658a44bfef30d1f2baca124b390005f33615a2209c805148aa28cc80f7363c96c4c5e6d696c32c38eba8046868ba8a84f4dd024e487908d977d3ad26f9de79153931291c38c472d070bd16d7ffe8f04857c8e1081be3fcf9a9fc2525f0a275d58a54f65accdd88688aab2c358ec128d53b8a16201bab78869312fc0e01c8e02dde8ac172dfade1768a4f48bc47a9c3dbcfa2082bf11bd8070d893bfea2e88923d401d6fabb82d3e8c52eff4915a688f6dffd197525510706350f034e557865b9f089b46b0a4609e82ce3a75947ce661f5d24f117bceb6664ff99b5415167a4e20738ff471dee0a13a431ce9b5051914585048d6d09bb83f14e22ab897a3c08e1948bc7c87619963ac8769a581524bec6c9f4913af63d8cc7d3bdd8d4c0644b2761e196c223ae03870316517782e8d8d0757e1ca61c096144f666fac97d3f4b38848630c798ab066de6afbafb830955cc82a574bba381515ccc6fa2ea30eb57b7bdc271e576e80942f24ab705f59cd767117e29dfc1942504eef30217410015900571bea5a2766cc334ce2062eda634e46934f36b1418e8c219f5d94a1168e6da2f3cf812b6adff345a093b385955ddcce751787dffbfe6dfb39eb9de80e9589bbae2a6569d6ac6a65d536932a915a5859d39b308815923854cb2f8cbba7722c569b98452bfc9f258cba2c5370b4eee738947602d62465674e460865a121231ac788bc11bb3f0c7c3b3ecb5d4b2ea887c477e824df23840f2357f8540ed1cccd836a7e27e1c743cf7022d750c94ca817baae0cf51e935a428051459bfcbd8c7e846c6c6ddf238d8a18cc7b11803b16fc7796613dd43356787215281dab4368ebb57c76563ec75740c26debbdceb35de8ecd5fe20e65c831b46abfcaae3c31339b2df754bfa2eecc10acf25b6ad1cc85096d07c0071eaa50e397e1f4194167bc6d1593512b2f86e859802fcdd93202b03ea3114514f5b3a6a8317f2e2cdacf2b6821deac455a8827718be0d4479fa8bf9426d003c20116f05ab85a626bfb8942830f5fac92b563d0aed5946f40757d52f26872e4766d97d000e206a1681f9571c37560411caf352f1ca3e4"})
write$tun(r3, &(0x7f0000000340)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x10, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x5, 0x100}}}}}}}}}, 0x4a)
r9 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r9, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r8)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x60}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff018}, {0x6}]}, 0x10)

544.634152ms ago: executing program 2 (id=3147):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000180)='cpu.pressure\x00', 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f0000001000)=0x1e)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x1}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x8008810) (async)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x1}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x8008810)

533.349803ms ago: executing program 3 (id=3148):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={<r2=>r0, 0x2, 0x200, 0x5})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYRES8=0x0], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
listen(0xffffffffffffffff, 0x24)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r0, &(0x7f0000000000)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000580)={0x41, 0x80}, 0xe)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0xf, 0x0, 0x0)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000980)=ANY=[@ANYBLOB="14010000220001000000000000000000020100800c0001"], 0x114}], 0x1}, 0x80)
recvmmsg(r0, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x1fc}], 0x1, 0x40000040, 0x0)

323.594953ms ago: executing program 4 (id=3149):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000000)='wg0\x00', 0x4)
unshare(0x22020400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = accept4(r0, 0x0, &(0x7f0000000340), 0x80000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x34, r4, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/time_for_children\x00')
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f00000006c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x40000)
r5 = socket$netlink(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14, 0x3ed}, [], {0x14, 0x3ed}}, 0x28}}, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0xca, &(0x7f0000000540)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xa7, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0xffff, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}]}}, {"990cf6b925b608fc6ec1d27eb468ab3dd8e82acdae819863f0c9eb1bb247bebf7ff2967b853f94759770e935d32da4f97de4ecabbbee3b964c63524ce4536e94fdd8a6e00c6dcc57514608d4cef96eacb9c61c92a6124e9dd501e0ad120c458bb3433903717f3565ac69b9944033769d6d9072fe57129eaf5b8c30fb82a7e9aea43357c903246ceb5297ff505ff2c9c7"}}}}}}, 0x0)

257.99065ms ago: executing program 3 (id=3150):
socket$kcm(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f80080001"], 0x88}}, 0x4008000)
socket$unix(0x1, 0x1, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f0000000340), 0x2, 0x0)
write$cgroup_type(r6, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x50)
socket$inet(0x2, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), r7)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000240)={'team0\x00', <r9=>0x0})
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f00000003c0))
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0xb4, r8, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r9}, {0x98, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x9, 0x6, 0x3}, {0xfffe, 0x0, 0x7}, {0x0, 0x0, 0x5, 0xf6}, {0xc9e, 0x9, 0x7, 0x6}]}}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000401}, 0x44084)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000000)={'team0\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c00000010000700"/20, @ANYRES32=0x0, @ANYBLOB="040101000000000014000300766c616e30000000000000000000000008000a00", @ANYRES32=r11, @ANYBLOB="862bb72b38b0d0b4e002eb2dc0d47a5dfbfdfa1303bbe4cdb6ff4048b11d84f4c07e203345ab713b4a14a628eef1bd"], 0x3c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r3, 0x2, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)
r12 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r12, 0x0, 0x0)

138.234475ms ago: executing program 2 (id=3151):
socket$kcm(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f80080001"], 0x88}}, 0x4008000)
socket$unix(0x1, 0x1, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000100))
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000340), 0x2, 0x0)
write$cgroup_type(r2, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1}, {0x1, 0x0, 0x80}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x104, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast}, {{@in=@local, 0x0, 0x32}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x0, 0x32}, 0x0, @in=@multicast1, 0x800000, 0x3}, {{@in=@remote, 0x0, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x1, 0x0, 0x1, 0x0, 0xabf}]}]}, 0x1bc}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x50)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), r4)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000240)={'team0\x00', <r6=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0xb4, r5, 0x405, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r6}, {0x98, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x9, 0x6, 0x3}, {0xfffe, 0x0, 0x7}, {0x0, 0x0, 0x5, 0xf6}, {0xc9e, 0x9, 0x7, 0x6}]}}}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000401}, 0x44084)

0s ago: executing program 4 (id=3152):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="b206000000000000", 0x8)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x22}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x0, 0x114}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x6, &(0x7f00000000c0)=""/6, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4)
recvmsg$unix(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x5460, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x15, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x16}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa2}, @exit], {0x95, 0x0, 0x5a5, 0x600}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x6}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000100)=0x1, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="b206000000000000", 0x8) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x22}, [@ldst={0x1, 0x2, 0x4, 0x2, 0x0, 0x114}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x6, &(0x7f00000000c0)=""/6, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)) (async)
setsockopt$sock_attach_bpf(r3, 0x1, 0x4c, &(0x7f0000000000), 0x4) (async)
recvmsg$unix(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r4, 0x5460, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x15, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x16}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa2}, @exit], {0x95, 0x0, 0x5a5, 0x600}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x6}, 0x94) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000100)=0x1, 0x4) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) (async)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) (async)

kernel console output (not intermixed with test programs):

12899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  374.876060][T12907] 8021q: adding VLAN 0 to HW filter on device bond0
[  374.886654][T12907] 8021q: adding VLAN 0 to HW filter on device team0
[  374.901903][T12907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  374.986789][T12929] dvmrp1: tun_chr_ioctl cmd 1074025677
[  374.996585][T12929] dvmrp1: linktype set to 778
[  375.005441][T12911] lo speed is unknown, defaulting to 1000
[  375.070035][T12937] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  375.225396][T12942] netlink: 'syz.0.2196': attribute type 13 has an invalid length.
[  375.233148][T12941] netlink: del zone limit has 4 unknown bytes
[  375.233387][T12942] netlink: 'syz.0.2196': attribute type 17 has an invalid length.
[  375.280158][T12942] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  375.300431][T12944] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2198'.
[  375.549630][T12954] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  375.590820][T12942] lo speed is unknown, defaulting to 1000
[  375.599759][T12954] syzkaller0: entered promiscuous mode
[  375.609206][T12954] syzkaller0: entered allmulticast mode
[  375.619981][T12945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  375.692391][T12945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  375.710076][T12954] tipc: Resetting bearer <eth:syzkaller0>
[  375.763793][T12953] tipc: Resetting bearer <eth:syzkaller0>
[  375.819740][T12953] tipc: Disabling bearer <eth:syzkaller0>
[  375.855925][ T7244] hid-generic 0005:16BF:5505.0009: unknown main item tag 0x0
[  375.863429][ T7244] hid-generic 0005:16BF:5505.0009: unknown main item tag 0x0
[  375.943776][ T7244] hid-generic 0005:16BF:5505.0009: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  376.727321][T12986] netlink: 'syz.1.2208': attribute type 13 has an invalid length.
[  376.765362][T12987] netlink: del zone limit has 4 unknown bytes
[  376.775570][T12986] netlink: 'syz.1.2208': attribute type 17 has an invalid length.
[  376.880175][T12993] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2211'.
[  376.887183][T12991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  376.890656][T12993] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2211'.
[  376.943399][T12993] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2211'.
[  376.956250][T12986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  377.064653][T12986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  377.120831][T12989] lo speed is unknown, defaulting to 1000
[  377.172287][ T7244] hid-generic 0005:16BF:5505.000A: unknown main item tag 0x0
[  377.210620][ T7244] hid-generic 0005:16BF:5505.000A: unknown main item tag 0x0
[  377.228053][ T7244] hid-generic 0005:16BF:5505.000A: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  377.845119][T13020] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2218'.
[  378.178123][T13031] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2221'.
[  378.249230][T13033] netlink: del zone limit has 4 unknown bytes
[  378.490534][T13031] team0: Mode changed to "broadcast"
[  378.698790][T13040] netlink: 'syz.4.2225': attribute type 282 has an invalid length.
[  378.800574][T13040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2225'.
[  379.018978][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  379.224725][T13054] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  379.234724][T13052] IPVS: stopping backup sync thread 13054 ...
[  380.241060][T13075] __nla_validate_parse: 6 callbacks suppressed
[  380.241080][T13075] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2238'.
[  380.266249][T13078] netlink: 'syz.2.2239': attribute type 10 has an invalid length.
[  380.327153][T13080] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2240'.
[  380.539178][T13091] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  380.542620][T13084] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2242'.
[  380.665868][T13099] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2246'.
[  380.679110][T13099] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2246'.
[  380.688562][T13099] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2246'.
[  380.721536][T13102] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  380.745289][T13096] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2247'.
[  380.909642][T13109] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2251'.
[  380.934603][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807df9c400: rx timeout, send abort
[  380.986152][T13117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2254'.
[  381.095949][T13114] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.128508][T13114] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  381.243148][T13119] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.253045][T13119] team0: Failed to send port change of device batadv0 via netlink (err -105)
[  381.262338][T13119] team0: Failed to send options change via netlink (err -105)
[  381.274103][T13119] team0: Port device batadv0 added
[  381.358404][T13114] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.369580][T13114] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  381.434119][T13129] geneve3: entered promiscuous mode
[  381.443077][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807df9c400: abort rx timeout. Force session deactivation
[  381.456102][T12325] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0
[  381.497116][T12325] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0
[  381.523815][T12325] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0
[  381.547648][T13134] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2257'.
[  381.609928][T13114] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.621033][T13114] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  381.650113][T12325] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0
[  381.711659][T13114] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.723113][T13114] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  381.877715][T12325] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  381.887303][T12325] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  381.926488][T12325] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  381.935263][T12325] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  381.943582][T12325] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  381.957585][T12325] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  381.978075][T12325] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  381.994305][T12325] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  382.713472][T13186] netlink: 'syz.0.2277': attribute type 13 has an invalid length.
[  382.722133][T13186] netlink: 'syz.0.2277': attribute type 17 has an invalid length.
[  382.742011][T13186] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  382.983015][T13186] lo speed is unknown, defaulting to 1000
[  383.042394][T13189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  383.155759][ T7236] hid-generic 0005:16BF:5505.000B: unknown main item tag 0x0
[  383.203650][ T7236] hid-generic 0005:16BF:5505.000B: unknown main item tag 0x0
[  383.236416][ T7236] hid-generic 0005:16BF:5505.000B: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  384.092519][T13246] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  384.118865][T13246] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  384.223756][T13255] netlink: 'syz.1.2300': attribute type 13 has an invalid length.
[  384.242328][T13252] 8021q: adding VLAN 0 to HW filter on device batadv2
[  384.242359][T13255] netlink: 'syz.1.2300': attribute type 17 has an invalid length.
[  384.278079][T13252] team0: Failed to send port change of device batadv2 via netlink (err -105)
[  384.299811][T13252] team0: Failed to send options change via netlink (err -105)
[  384.328324][T13252] team0: Port device batadv2 added
[  384.363575][T13246] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  384.374958][T13246] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  384.403704][T13262] netlink: 'syz.3.2301': attribute type 13 has an invalid length.
[  384.413233][T13262] netlink: 'syz.3.2301': attribute type 17 has an invalid length.
[  384.464754][T13261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  384.527861][T13255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  384.699282][T13255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  384.742983][T13262] erspan0: left allmulticast mode
[  384.880895][T13262] 8021q: adding VLAN 0 to HW filter on device team0
[  384.933491][T13262] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  384.980151][T13246] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  385.014750][T13246] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  385.146163][T13246] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  385.166342][T13246] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  385.173000][T13257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  385.203343][T13256] lo speed is unknown, defaulting to 1000
[  385.257755][T13264] lo speed is unknown, defaulting to 1000
[  385.502975][T12331] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  385.526181][T12331] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  385.619684][T12328] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  385.641021][T12328] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  385.690165][T12329] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  385.697350][T13293] __nla_validate_parse: 16 callbacks suppressed
[  385.697371][T13293] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2309'.
[  385.705181][T12329] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  385.733034][T12317] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  385.746643][T12317] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  385.756478][T13293] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2309'.
[  385.770584][T13293] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2309'.
[  386.098521][T13309] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2312'.
[  386.602411][T13312] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2313'.
[  386.718012][T13320] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  386.852480][T13331] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  386.885692][T13332] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2317'.
[  386.935834][T13334] netlink: 'syz.3.2318': attribute type 13 has an invalid length.
[  386.945455][T13334] netlink: 'syz.3.2318': attribute type 17 has an invalid length.
[  387.086938][T13334] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  387.103598][T13340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  387.173086][T13336] lo speed is unknown, defaulting to 1000
[  387.260508][T13334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  387.499125][T13346] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2323'.
[  387.640693][T13358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2327'.
[  387.662951][T13358] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2327'.
[  387.690760][T13358] bridge0: port 1(vlan2) entered blocking state
[  387.700756][T13358] bridge0: port 1(vlan2) entered disabled state
[  387.709962][T13358] vlan2: entered allmulticast mode
[  387.719389][T13358] bridge0: entered allmulticast mode
[  387.959501][T13358] vlan2: left allmulticast mode
[  387.965191][T13358] bridge0: left allmulticast mode
[  388.247840][T13368] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2329'.
[  388.322119][T13368] team0: Unable to change to the same mode the team is in
[  389.803711][T13420] team0: No ports can be present during mode change
[  390.144549][T13443] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  390.152546][T13443] syzkaller0: entered promiscuous mode
[  390.163844][T13443] syzkaller0: entered allmulticast mode
[  390.234700][T13448] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  390.276229][T13441] tipc: Resetting bearer <eth:syzkaller0>
[  390.303529][T13440] tipc: Resetting bearer <eth:syzkaller0>
[  390.335071][T13440] tipc: Disabling bearer <eth:syzkaller0>
[  390.736056][T13465] IPVS: stopping backup sync thread 13467 ...
[  390.744009][T13467] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  390.806810][T13465] __nla_validate_parse: 6 callbacks suppressed
[  390.806834][T13465] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2355'.
[  390.914820][T13465] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2355'.
[  390.991649][T13477] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2356'.
[  391.334139][T13482] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2357'.
[  391.359058][T13482] team0: Unable to change to the same mode the team is in
[  391.564836][T13494] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2360'.
[  391.867087][T13507] netlink: 'syz.3.2366': attribute type 13 has an invalid length.
[  391.904124][T13507] netlink: 'syz.3.2366': attribute type 17 has an invalid length.
[  391.976967][T13507] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  392.018392][T13513] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2370'.
[  392.069149][T13513] team0: Unable to change to the same mode the team is in
[  392.089219][T13507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  392.184129][T13507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  392.434707][T13529] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2374'.
[  392.787681][T13543] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2376'.
[  392.848879][T13546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2377'.
[  392.867004][T13546] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2377'.
[  392.890140][T13546] bridge0: port 1(vlan3) entered blocking state
[  392.897007][T13546] bridge0: port 1(vlan3) entered disabled state
[  392.903817][T13546] vlan3: entered allmulticast mode
[  392.911498][T13546] bridge0: entered allmulticast mode
[  392.922170][T13546] vlan3: left allmulticast mode
[  392.929088][T13546] bridge0: left allmulticast mode
[  393.236323][T13560] team0: No ports can be present during mode change
[  393.310928][T13563] bridge0: port 1(syz_tun) entered blocking state
[  393.337239][T13563] bridge0: port 1(syz_tun) entered disabled state
[  393.357374][T13563] syz_tun: entered allmulticast mode
[  393.370841][T13563] syz_tun: entered promiscuous mode
[  393.429000][T13563] bridge0: port 1(syz_tun) entered blocking state
[  393.436614][T13563] bridge0: port 1(syz_tun) entered forwarding state
[  393.486871][   T24] hid-generic 0005:16BF:5505.000C: unknown main item tag 0x0
[  393.520830][   T24] hid-generic 0005:16BF:5505.000C: unknown main item tag 0x0
[  393.538524][   T24] hid-generic 0005:16BF:5505.000C: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  393.635486][T13581] tun0: tun_chr_ioctl cmd 1074025673
[  393.644612][T13576] tun0: tun_chr_ioctl cmd 2147767520
[  393.788779][T13586] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  393.839845][T13590] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  393.962945][T13594] team0: Unable to change to the same mode the team is in
[  394.118736][T13597] netlink: del zone limit has 4 unknown bytes
[  394.675058][T13607] netlink: 'syz.1.2400': attribute type 13 has an invalid length.
[  394.694331][T13607] netlink: 'syz.1.2400': attribute type 17 has an invalid length.
[  394.849755][T13612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  394.962544][T13612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.223297][T13607] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  395.408705][ T8855] hid-generic 0005:16BF:5505.000D: unknown main item tag 0x0
[  395.455457][ T8855] hid-generic 0005:16BF:5505.000D: unknown main item tag 0x0
[  395.480294][ T8855] hid-generic 0005:16BF:5505.000D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  395.587292][T13610] lo speed is unknown, defaulting to 1000
[  395.970733][T13635] __nla_validate_parse: 14 callbacks suppressed
[  395.970756][T13635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2406'.
[  396.001102][T13635] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2406'.
[  396.043809][T13639] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2407'.
[  396.071179][T13639] team0: No ports can be present during mode change
[  396.347204][T13642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2406'.
[  396.445733][T13644] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2408'.
[  396.489598][T13649] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2409'.
[  396.634284][T13652] IPVS: stopping backup sync thread 13653 ...
[  396.634492][T13653] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  396.678096][T13652] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2411'.
[  396.687595][T13652] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2411'.
[  396.792219][T13656] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  396.906423][T13661] netlink: 'syz.0.2412': attribute type 10 has an invalid length.
[  396.930512][T13661] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2412'.
[  397.371405][T13674] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  397.376274][T13672] netlink: del zone limit has 4 unknown bytes
[  397.513226][T13679] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2419'.
[  397.540429][T13679] team0: Unable to change to the same mode the team is in
[  397.719566][T13689] netlink: 'syz.2.2422': attribute type 1 has an invalid length.
[  397.754879][T13689] netlink: 'syz.2.2422': attribute type 2 has an invalid length.
[  397.796199][T13689] netlink: 'syz.2.2422': attribute type 1 has an invalid length.
[  398.160712][T13699] netlink: del zone limit has 4 unknown bytes
[  398.280706][T13704] lo speed is unknown, defaulting to 1000
[  398.785122][T13728] IPVS: stopping backup sync thread 11707 ...
[  399.281088][T13745] netlink: del zone limit has 4 unknown bytes
[  399.362314][T13748] (unnamed net_device) (uninitialized): option ad_select: invalid value (34)
[  399.583803][T13756] bridge0: port 2(vlan3) entered blocking state
[  399.611398][T13756] bridge0: port 2(vlan3) entered disabled state
[  399.638259][T13756] vlan3: entered allmulticast mode
[  399.643709][T13756] bridge0: entered allmulticast mode
[  399.681073][T13756] vlan3: left allmulticast mode
[  399.701977][T13756] bridge0: left allmulticast mode
[  399.990208][T13767] team0: Unable to change to the same mode the team is in
[  401.235033][T13814] FAULT_INJECTION: forcing a failure.
[  401.235033][T13814] name failslab, interval 1, probability 0, space 0, times 0
[  401.259572][T13818] __nla_validate_parse: 16 callbacks suppressed
[  401.259595][T13818] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2462'.
[  401.269871][T13814] CPU: 0 UID: 0 PID: 13814 Comm: syz.3.2461 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  401.269900][T13814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  401.269911][T13814] Call Trace:
[  401.269918][T13814]  <TASK>
[  401.269925][T13814]  dump_stack_lvl+0x189/0x250
[  401.269951][T13814]  ? __pfx____ratelimit+0x10/0x10
[  401.269978][T13814]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.269996][T13814]  ? __pfx__printk+0x10/0x10
[  401.270024][T13814]  ? __pfx___might_resched+0x10/0x10
[  401.270055][T13814]  should_fail_ex+0x414/0x560
[  401.270089][T13814]  should_failslab+0xa8/0x100
[  401.270108][T13814]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  401.270135][T13814]  ? __alloc_skb+0x112/0x2d0
[  401.270167][T13814]  __alloc_skb+0x112/0x2d0
[  401.270197][T13814]  netlink_sendmsg+0x5c6/0xb30
[  401.270234][T13814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.270264][T13814]  ? aa_sock_msg_perm+0x94/0x160
[  401.270291][T13814]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  401.270311][T13814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.270339][T13814]  __sock_sendmsg+0x219/0x270
[  401.270365][T13814]  ____sys_sendmsg+0x505/0x830
[  401.270390][T13814]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.270419][T13814]  ? import_iovec+0x74/0xa0
[  401.270448][T13814]  ___sys_sendmsg+0x21f/0x2a0
[  401.270469][T13814]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.270525][T13814]  ? __fget_files+0x2a/0x420
[  401.270542][T13814]  ? __fget_files+0x3a0/0x420
[  401.270570][T13814]  __x64_sys_sendmsg+0x19b/0x260
[  401.270592][T13814]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  401.270621][T13814]  ? __pfx_ksys_write+0x10/0x10
[  401.270643][T13814]  ? rcu_is_watching+0x15/0xb0
[  401.270675][T13814]  ? do_syscall_64+0xbe/0x3b0
[  401.270714][T13814]  do_syscall_64+0xfa/0x3b0
[  401.270737][T13814]  ? lockdep_hardirqs_on+0x9c/0x150
[  401.270762][T13814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.270780][T13814]  ? clear_bhb_loop+0x60/0xb0
[  401.270801][T13814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.270818][T13814] RIP: 0033:0x7fc86f18ebe9
[  401.270835][T13814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.270852][T13814] RSP: 002b:00007fc87008d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  401.270872][T13814] RAX: ffffffffffffffda RBX: 00007fc86f3b5fa0 RCX: 00007fc86f18ebe9
[  401.270885][T13814] RDX: 0000000000008040 RSI: 0000200000000380 RDI: 0000000000000003
[  401.270897][T13814] RBP: 00007fc87008d090 R08: 0000000000000000 R09: 0000000000000000
[  401.270909][T13814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.270920][T13814] R13: 00007fc86f3b6038 R14: 00007fc86f3b5fa0 R15: 00007ffecec617c8
[  401.270950][T13814]  </TASK>
[  401.383138][T13820] team0: Unable to change to the same mode the team is in
[  401.633820][T13828] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  401.634157][T13822] IPVS: stopping backup sync thread 13828 ...
[  401.696646][T13822] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2463'.
[  401.713963][T13822] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2463'.
[  401.743965][T13831] IPVS: sync thread started: state = BACKUP, mcast_ifn = caif0, syncid = 1, id = 0
[  401.744806][T13827] IPVS: set_ctl: invalid protocol: 33 0.0.0.0:20004
[  401.950005][T13840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2467'.
[  402.027970][T13840] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2467'.
[  402.063264][T13840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2467'.
[  402.381960][T13857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2474'.
[  402.389820][T13861] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2476'.
[  402.405933][T13857] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2474'.
[  402.421418][T13861] team0: No ports can be present during mode change
[  402.537917][T13866] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2474'.
[  402.579785][T13868] FAULT_INJECTION: forcing a failure.
[  402.579785][T13868] name failslab, interval 1, probability 0, space 0, times 0
[  402.593446][T13868] CPU: 1 UID: 0 PID: 13868 Comm: syz.3.2478 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  402.593479][T13868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  402.593492][T13868] Call Trace:
[  402.593500][T13868]  <TASK>
[  402.593509][T13868]  dump_stack_lvl+0x189/0x250
[  402.593537][T13868]  ? __pfx____ratelimit+0x10/0x10
[  402.593566][T13868]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.593588][T13868]  ? __pfx__printk+0x10/0x10
[  402.593615][T13868]  ? __pfx___might_resched+0x10/0x10
[  402.593657][T13868]  ? fs_reclaim_acquire+0x7d/0x100
[  402.593684][T13868]  should_fail_ex+0x414/0x560
[  402.593721][T13868]  should_failslab+0xa8/0x100
[  402.593744][T13868]  __kmalloc_noprof+0xcb/0x4f0
[  402.593773][T13868]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  402.593804][T13868]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  402.593837][T13868]  genl_family_rcv_msg_doit+0xb8/0x300
[  402.593874][T13868]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  402.593900][T13868]  ? rcu_is_watching+0x15/0xb0
[  402.593933][T13868]  ? apparmor_capable+0x137/0x1b0
[  402.593957][T13868]  ? bpf_lsm_capable+0x9/0x20
[  402.593983][T13868]  ? security_capable+0x7e/0x2e0
[  402.594016][T13868]  genl_rcv_msg+0x60e/0x790
[  402.594047][T13868]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.594069][T13868]  ? __pfx_team_nl_options_set_doit+0x10/0x10
[  402.594095][T13868]  ? __asan_memcpy+0x40/0x70
[  402.594118][T13868]  ? __pfx_ref_tracker_free+0x10/0x10
[  402.594160][T13868]  netlink_rcv_skb+0x205/0x470
[  402.594186][T13868]  ? __lock_acquire+0xab9/0xd20
[  402.594213][T13868]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.594236][T13868]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  402.594287][T13868]  ? down_read+0x1ad/0x2e0
[  402.594310][T13868]  genl_rcv+0x28/0x40
[  402.594329][T13868]  netlink_unicast+0x82c/0x9e0
[  402.594367][T13868]  ? __pfx_netlink_unicast+0x10/0x10
[  402.594396][T13868]  ? netlink_sendmsg+0x642/0xb30
[  402.594421][T13868]  ? skb_put+0x11b/0x210
[  402.594445][T13868]  netlink_sendmsg+0x805/0xb30
[  402.594487][T13868]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.594520][T13868]  ? aa_sock_msg_perm+0x94/0x160
[  402.594547][T13868]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  402.594570][T13868]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.594600][T13868]  __sock_sendmsg+0x219/0x270
[  402.594642][T13868]  ____sys_sendmsg+0x505/0x830
[  402.594671][T13868]  ? __pfx_____sys_sendmsg+0x10/0x10
[  402.594705][T13868]  ? import_iovec+0x74/0xa0
[  402.594738][T13868]  ___sys_sendmsg+0x21f/0x2a0
[  402.594763][T13868]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.594831][T13868]  ? __fget_files+0x2a/0x420
[  402.594850][T13868]  ? __fget_files+0x3a0/0x420
[  402.594882][T13868]  __x64_sys_sendmsg+0x19b/0x260
[  402.594907][T13868]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  402.594941][T13868]  ? __pfx_ksys_write+0x10/0x10
[  402.594966][T13868]  ? rcu_is_watching+0x15/0xb0
[  402.595002][T13868]  ? do_syscall_64+0xbe/0x3b0
[  402.595036][T13868]  do_syscall_64+0xfa/0x3b0
[  402.595062][T13868]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.595089][T13868]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.595109][T13868]  ? clear_bhb_loop+0x60/0xb0
[  402.595133][T13868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.595150][T13868] RIP: 0033:0x7fc86f18ebe9
[  402.595168][T13868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.595185][T13868] RSP: 002b:00007fc87008d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.595208][T13868] RAX: ffffffffffffffda RBX: 00007fc86f3b5fa0 RCX: 00007fc86f18ebe9
[  402.595223][T13868] RDX: 0000000000044084 RSI: 0000200000004bc0 RDI: 0000000000000003
[  402.595235][T13868] RBP: 00007fc87008d090 R08: 0000000000000000 R09: 0000000000000000
[  402.595247][T13868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.595259][T13868] R13: 00007fc86f3b6038 R14: 00007fc86f3b5fa0 R15: 00007ffecec617c8
[  402.595295][T13868]  </TASK>
[  403.011108][T13870] bridge0: port 1(vlan2) entered blocking state
[  403.018154][T13870] bridge0: port 1(vlan2) entered disabled state
[  403.025087][T13870] vlan2: entered allmulticast mode
[  403.062495][T13870] vlan2: left allmulticast mode
[  403.485038][ T7264] hid-generic 0005:16BF:5505.000E: unknown main item tag 0x0
[  403.515085][ T7264] hid-generic 0005:16BF:5505.000E: unknown main item tag 0x0
[  403.532824][ T7264] hid-generic 0005:16BF:5505.000E: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  403.744259][T13893] team0: No ports can be present during mode change
[  403.964934][T13908] netlink: 'syz.0.2489': attribute type 13 has an invalid length.
[  403.989511][T13907] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  404.033474][T13906] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  404.035334][T13908] netlink: 'syz.0.2489': attribute type 17 has an invalid length.
[  404.043665][T13906] syzkaller0: entered promiscuous mode
[  404.070664][T13906] syzkaller0: entered allmulticast mode
[  404.145487][T13908] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  404.214916][T13906] tipc: Resetting bearer <eth:syzkaller0>
[  404.227257][T13904] tipc: Resetting bearer <eth:syzkaller0>
[  404.261574][T13908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  404.303804][T13904] tipc: Disabling bearer <eth:syzkaller0>
[  404.354821][T13908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  405.442032][T13939] team0: Unable to change to the same mode the team is in
[  405.761003][ T7244] hid-generic 0005:16BF:5505.000F: unknown main item tag 0x0
[  405.771277][T13956] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  405.784916][ T7244] hid-generic 0005:16BF:5505.000F: unknown main item tag 0x0
[  405.810524][ T7244] hid-generic 0005:16BF:5505.000F: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  406.088045][T13967] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  406.103017][T13967] syzkaller0: entered promiscuous mode
[  406.121614][T13967] syzkaller0: entered allmulticast mode
[  406.186424][T13967] tipc: Resetting bearer <eth:syzkaller0>
[  406.205546][T13971] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  406.222847][T13966] tipc: Resetting bearer <eth:syzkaller0>
[  406.269934][T13966] tipc: Disabling bearer <eth:syzkaller0>
[  406.322627][T13971] syzkaller0: entered promiscuous mode
[  406.333196][T13971] syzkaller0: entered allmulticast mode
[  406.334510][T13979] __nla_validate_parse: 12 callbacks suppressed
[  406.334527][T13979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2512'.
[  406.355784][T13979] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2512'.
[  406.402459][T13971] tipc: Resetting bearer <eth:syzkaller0>
[  406.443495][T13969] tipc: Resetting bearer <eth:syzkaller0>
[  406.491729][T13969] tipc: Disabling bearer <eth:syzkaller0>
[  406.528211][T13988] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2512'.
[  406.538238][T13987] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2513'.
[  406.651427][T13990] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2515'.
[  406.741379][T13992] netlink: del zone limit has 4 unknown bytes
[  406.753142][T13992] netlink: 'syz.0.2516': attribute type 2 has an invalid length.
[  406.857777][T13990] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  406.894337][T13994] team0: Unable to change to the same mode the team is in
[  407.010929][T13996] netlink: 212296 bytes leftover after parsing attributes in process `syz.2.2518'.
[  407.461645][T14011] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.487065][T14011] syzkaller0: entered promiscuous mode
[  407.499877][T14011] syzkaller0: entered allmulticast mode
[  407.592912][T14011] tipc: Resetting bearer <eth:syzkaller0>
[  407.611459][ T7264] hid-generic 0005:16BF:5505.0010: unknown main item tag 0x0
[  407.623675][ T7264] hid-generic 0005:16BF:5505.0010: unknown main item tag 0x0
[  407.637693][T14010] tipc: Resetting bearer <eth:syzkaller0>
[  407.644268][ T7264] hid-generic 0005:16BF:5505.0010: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  407.707903][T14010] tipc: Disabling bearer <eth:syzkaller0>
[  407.791191][T14025] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2528'.
[  407.852430][T14029] netlink: del zone limit has 4 unknown bytes
[  407.863651][T14029] netlink: 'syz.4.2530': attribute type 2 has an invalid length.
[  407.999967][T14034] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  408.050048][T14034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2531'.
[  409.155992][T14054] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  409.203316][T14061] sctp: [Deprecated]: syz.2.2539 (pid 14061) Use of int in max_burst socket option deprecated.
[  409.203316][T14061] Use struct sctp_assoc_value instead
[  409.246444][T14060] netlink: del zone limit has 4 unknown bytes
[  409.296594][T14062] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.304964][T14062] syzkaller0: entered promiscuous mode
[  409.310558][T14062] syzkaller0: entered allmulticast mode
[  409.326315][T14060] netlink: 'syz.3.2541': attribute type 2 has an invalid length.
[  409.375374][T14062] tipc: Resetting bearer <eth:syzkaller0>
[  409.392903][T14058] tipc: Resetting bearer <eth:syzkaller0>
[  409.418606][T14058] tipc: Disabling bearer <eth:syzkaller0>
[  409.837676][T14084] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  410.550577][T14102] netlink: del zone limit has 4 unknown bytes
[  410.581085][T14102] netlink: 'syz.4.2556': attribute type 2 has an invalid length.
[  410.610064][T14100] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2555'.
[  410.903119][T14117] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2563'.
[  410.978573][T14117] team0: Unable to change to the same mode the team is in
[  411.170939][T14127] bridge0: port 2(vlan3) entered blocking state
[  411.183786][T14127] bridge0: port 2(vlan3) entered disabled state
[  411.191280][T14127] vlan3: entered allmulticast mode
[  411.196658][T14127] bridge0: entered allmulticast mode
[  411.206252][T14127] vlan3: left allmulticast mode
[  411.211245][T14127] bridge0: left allmulticast mode
[  411.284104][T14136] netlink: del zone limit has 4 unknown bytes
[  411.356319][T14136] netlink: 'syz.3.2570': attribute type 2 has an invalid length.
[  411.673460][T14147] __nla_validate_parse: 5 callbacks suppressed
[  411.673480][T14147] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2572'.
[  411.858493][T14157] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  411.870036][T14155] IPVS: stopping backup sync thread 14157 ...
[  411.882428][T14155] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2577'.
[  411.891753][T14155] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2577'.
[  411.991723][T14161] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2579'.
[  412.056596][T14161] team0: No ports can be present during mode change
[  412.344631][T14175] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2584'.
[  412.383398][T14175] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2584'.
[  412.432049][T14175] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2584'.
[  412.556835][T14180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2585'.
[  412.823556][T14191] lo speed is unknown, defaulting to 1000
[  413.009801][T14195] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2590'.
[  413.435763][T14206] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2594'.
[  413.566164][T14206] team0: Unable to change to the same mode the team is in
[  413.593334][T14202] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  413.612883][T14202] syzkaller0: entered promiscuous mode
[  413.621363][T14202] syzkaller0: entered allmulticast mode
[  413.703238][T14202] tipc: Resetting bearer <eth:syzkaller0>
[  413.726251][T14219] IPVS: stopping backup sync thread 14217 ...
[  413.735790][T14217] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  413.749269][T14220] netlink: 'syz.1.2598': attribute type 10 has an invalid length.
[  413.774618][T14212] syzkaller0: create flow: hash 3463575174 index 1
[  413.801807][T12348] syzkaller0: tun_net_xmit 76
[  413.823776][T12348] syzkaller0: tun_net_xmit 48
[  413.829045][   T24] syzkaller0: tun_net_xmit 76
[  413.850753][T14200] tipc: Resetting bearer <eth:syzkaller0>
[  413.869476][T14200] tipc: Disabling bearer <eth:syzkaller0>
[  413.884032][T14220] dummy0: entered promiscuous mode
[  413.889483][T14220] dummy0: entered allmulticast mode
[  413.896623][T14220] bridge0: port 1(dummy0) entered blocking state
[  413.909977][T14220] bridge0: port 1(dummy0) entered disabled state
[  413.925224][T14220] bridge0: port 1(dummy0) entered blocking state
[  413.931866][T14220] bridge0: port 1(dummy0) entered forwarding state
[  414.214672][T14209] syzkaller0: delete flow: hash 3463575174 index 1
[  414.407304][ T7244] hid-generic 0005:16BF:5505.0011: unknown main item tag 0x0
[  414.421924][ T7244] hid-generic 0005:16BF:5505.0011: unknown main item tag 0x0
[  414.432540][ T7244] hid-generic 0005:16BF:5505.0011: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  414.475581][T14250] netlink: 'syz.3.2604': attribute type 13 has an invalid length.
[  414.487949][T14250] netlink: 'syz.3.2604': attribute type 17 has an invalid length.
[  416.135577][T14233] team0: Unable to change to the same mode the team is in
[  416.147064][T14233] FAULT_INJECTION: forcing a failure.
[  416.147064][T14233] name failslab, interval 1, probability 0, space 0, times 0
[  416.160509][T14233] CPU: 1 UID: 0 PID: 14233 Comm: syz.1.2601 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  416.160541][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  416.160553][T14233] Call Trace:
[  416.160562][T14233]  <TASK>
[  416.160571][T14233]  dump_stack_lvl+0x189/0x250
[  416.160599][T14233]  ? __pfx____ratelimit+0x10/0x10
[  416.160628][T14233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.160648][T14233]  ? __pfx__printk+0x10/0x10
[  416.160699][T14233]  should_fail_ex+0x414/0x560
[  416.160736][T14233]  should_failslab+0xa8/0x100
[  416.160759][T14233]  __kmalloc_cache_noprof+0x70/0x3d0
[  416.160789][T14233]  ? nfc_genl_rcv_nl_event+0xa8/0x2b0
[  416.160811][T14233]  ? blocking_notifier_call_chain+0x54/0x90
[  416.160837][T14233]  nfc_genl_rcv_nl_event+0xa8/0x2b0
[  416.160867][T14233]  notifier_call_chain+0x1b3/0x3e0
[  416.160897][T14233]  blocking_notifier_call_chain+0x6a/0x90
[  416.160920][T14233]  netlink_release+0x1259/0x1b10
[  416.160959][T14233]  ? netlink_release+0x108/0x1b10
[  416.160992][T14233]  ? __pfx_netlink_release+0x10/0x10
[  416.161021][T14233]  ? down_write+0x162/0x1f0
[  416.161041][T14233]  ? __pfx_down_write+0x10/0x10
[  416.161057][T14233]  ? do_raw_spin_lock+0x121/0x290
[  416.161084][T14233]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  416.161114][T14233]  sock_close+0xc0/0x240
[  416.161140][T14233]  ? __pfx_sock_close+0x10/0x10
[  416.161164][T14233]  __fput+0x449/0xa70
[  416.161202][T14233]  task_work_run+0x1d4/0x260
[  416.161231][T14233]  ? __pfx_task_work_run+0x10/0x10
[  416.161255][T14233]  ? kick_process+0xeb/0x160
[  416.161279][T14233]  ? task_work_add+0x377/0x420
[  416.161310][T14233]  get_signal+0x11ed/0x1340
[  416.161350][T14233]  ? __fput_deferred+0x215/0x390
[  416.161371][T14233]  ? __pfx___fput_deferred+0x10/0x10
[  416.161403][T14233]  arch_do_signal_or_restart+0x9a/0x750
[  416.161431][T14233]  ? __x64_sys_sendmsg+0x230/0x260
[  416.161454][T14233]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  416.161503][T14233]  ? exit_to_user_mode_loop+0x40/0x110
[  416.161536][T14233]  exit_to_user_mode_loop+0x75/0x110
[  416.161563][T14233]  do_syscall_64+0x2bd/0x3b0
[  416.161590][T14233]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.161617][T14233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.161636][T14233]  ? clear_bhb_loop+0x60/0xb0
[  416.161669][T14233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.161688][T14233] RIP: 0033:0x7f40cef8ebe9
[  416.161707][T14233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.161725][T14233] RSP: 002b:00007f40cfd2d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  416.161747][T14233] RAX: 00000000000000b4 RBX: 00007f40cf1b5fa0 RCX: 00007f40cef8ebe9
[  416.161760][T14233] RDX: 0000000000044084 RSI: 0000200000004bc0 RDI: 0000000000000003
[  416.161773][T14233] RBP: 00007f40cfd2d090 R08: 0000000000000000 R09: 0000000000000000
[  416.161785][T14233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  416.161797][T14233] R13: 00007f40cf1b6038 R14: 00007f40cf1b5fa0 R15: 00007ffd0d56b818
[  416.161834][T14233]  </TASK>
[  416.605037][T14250] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  416.693019][T14252] lo speed is unknown, defaulting to 1000
[  416.713137][T14266] __nla_validate_parse: 5 callbacks suppressed
[  416.713160][T14266] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2608'.
[  416.971988][T14282] netlink: 'syz.1.2610': attribute type 13 has an invalid length.
[  416.983543][T14282] netlink: 'syz.1.2610': attribute type 17 has an invalid length.
[  417.094667][T14282] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  417.174622][T14290] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  417.174970][T14289] IPVS: stopping backup sync thread 14290 ...
[  417.231338][T14284] lo speed is unknown, defaulting to 1000
[  417.231923][T14291] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2613'.
[  417.261639][T14291] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2613'.
[  417.275608][T14282] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  417.337952][T14293] netlink: del zone limit has 4 unknown bytes
[  417.351771][T14293] netlink: 'syz.2.2614': attribute type 2 has an invalid length.
[  417.376607][T14278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  417.693563][T14301] netlink: 'syz.2.2615': attribute type 13 has an invalid length.
[  417.703583][T14301] netlink: 'syz.2.2615': attribute type 17 has an invalid length.
[  417.726600][T14301] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  417.961307][T14297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  417.962469][T14304] lo speed is unknown, defaulting to 1000
[  418.041340][T14297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  418.760504][T14332] FAULT_INJECTION: forcing a failure.
[  418.760504][T14332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.774400][T14332] CPU: 0 UID: 0 PID: 14332 Comm: syz.3.2623 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  418.774428][T14332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  418.774440][T14332] Call Trace:
[  418.774448][T14332]  <TASK>
[  418.774456][T14332]  dump_stack_lvl+0x189/0x250
[  418.774483][T14332]  ? __pfx____ratelimit+0x10/0x10
[  418.774511][T14332]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.774532][T14332]  ? __pfx__printk+0x10/0x10
[  418.774558][T14332]  ? __might_fault+0xb0/0x130
[  418.774600][T14332]  should_fail_ex+0x414/0x560
[  418.774646][T14332]  _copy_from_user+0x2d/0xb0
[  418.774674][T14332]  ___sys_sendmsg+0x158/0x2a0
[  418.774700][T14332]  ? __pfx____sys_sendmsg+0x10/0x10
[  418.774766][T14332]  ? __fget_files+0x2a/0x420
[  418.774785][T14332]  ? __fget_files+0x3a0/0x420
[  418.774817][T14332]  __x64_sys_sendmsg+0x19b/0x260
[  418.774839][T14332]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  418.774870][T14332]  ? __pfx_ksys_write+0x10/0x10
[  418.774895][T14332]  ? rcu_is_watching+0x15/0xb0
[  418.774930][T14332]  ? do_syscall_64+0xbe/0x3b0
[  418.774965][T14332]  do_syscall_64+0xfa/0x3b0
[  418.774991][T14332]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.775017][T14332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.775036][T14332]  ? clear_bhb_loop+0x60/0xb0
[  418.775062][T14332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.775081][T14332] RIP: 0033:0x7fc86f18ebe9
[  418.775099][T14332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.775118][T14332] RSP: 002b:00007fc87008d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  418.775141][T14332] RAX: ffffffffffffffda RBX: 00007fc86f3b5fa0 RCX: 00007fc86f18ebe9
[  418.775156][T14332] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  418.775169][T14332] RBP: 00007fc87008d090 R08: 0000000000000000 R09: 0000000000000000
[  418.775182][T14332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.775195][T14332] R13: 00007fc86f3b6038 R14: 00007fc86f3b5fa0 R15: 00007ffecec617c8
[  418.775230][T14332]  </TASK>
[  419.164330][T14339] netlink: 'syz.3.2625': attribute type 15 has an invalid length.
[  419.191300][T14339] netlink: 666 bytes leftover after parsing attributes in process `syz.3.2625'.
[  419.299548][T14341] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  419.643030][T14357] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2631'.
[  420.102852][T14364] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2634'.
[  420.120665][T14364] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2634'.
[  420.132394][T14364] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2634'.
[  420.150084][T14361] team0: No ports can be present during mode change
[  420.335606][T14367] FAULT_INJECTION: forcing a failure.
[  420.335606][T14367] name failslab, interval 1, probability 0, space 0, times 0
[  420.375359][T14367] CPU: 0 UID: 0 PID: 14367 Comm: syz.3.2635 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  420.375389][T14367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.375402][T14367] Call Trace:
[  420.375410][T14367]  <TASK>
[  420.375418][T14367]  dump_stack_lvl+0x189/0x250
[  420.375445][T14367]  ? __pfx____ratelimit+0x10/0x10
[  420.375474][T14367]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.375495][T14367]  ? __pfx__printk+0x10/0x10
[  420.375526][T14367]  ? __pfx___might_resched+0x10/0x10
[  420.375561][T14367]  should_fail_ex+0x414/0x560
[  420.375607][T14367]  should_failslab+0xa8/0x100
[  420.375629][T14367]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  420.375660][T14367]  ? __alloc_skb+0x112/0x2d0
[  420.375695][T14367]  __alloc_skb+0x112/0x2d0
[  420.375729][T14367]  netlink_sendmsg+0x5c6/0xb30
[  420.375771][T14367]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.375805][T14367]  ? aa_sock_msg_perm+0x94/0x160
[  420.375832][T14367]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  420.375856][T14367]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.375887][T14367]  __sock_sendmsg+0x219/0x270
[  420.375917][T14367]  ____sys_sendmsg+0x505/0x830
[  420.375946][T14367]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.375979][T14367]  ? import_iovec+0x74/0xa0
[  420.376010][T14367]  ___sys_sendmsg+0x21f/0x2a0
[  420.376035][T14367]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.376099][T14367]  ? __fget_files+0x2a/0x420
[  420.376118][T14367]  ? __fget_files+0x3a0/0x420
[  420.376150][T14367]  __x64_sys_sendmsg+0x19b/0x260
[  420.376175][T14367]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  420.376207][T14367]  ? __pfx_ksys_write+0x10/0x10
[  420.376232][T14367]  ? rcu_is_watching+0x15/0xb0
[  420.376268][T14367]  ? do_syscall_64+0xbe/0x3b0
[  420.376299][T14367]  do_syscall_64+0xfa/0x3b0
[  420.376325][T14367]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.376350][T14367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.376369][T14367]  ? clear_bhb_loop+0x60/0xb0
[  420.376393][T14367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.376411][T14367] RIP: 0033:0x7fc86f18ebe9
[  420.376429][T14367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.376445][T14367] RSP: 002b:00007fc87008d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.376468][T14367] RAX: ffffffffffffffda RBX: 00007fc86f3b5fa0 RCX: 00007fc86f18ebe9
[  420.376484][T14367] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  420.376496][T14367] RBP: 00007fc87008d090 R08: 0000000000000000 R09: 0000000000000000
[  420.376507][T14367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.376519][T14367] R13: 00007fc86f3b6038 R14: 00007fc86f3b5fa0 R15: 00007ffecec617c8
[  420.376553][T14367]  </TASK>
[  420.781121][T14370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2636'.
[  420.804691][T14380] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  421.010923][T14377] lo speed is unknown, defaulting to 1000
[  421.272369][T14397] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  421.313645][T14399] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2646'.
[  421.425675][T14402] 8021q: adding VLAN 0 to HW filter on device batadv1
[  421.467457][T14402] team0: Port device batadv1 added
[  421.585667][T14407] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  421.622987][T14407] syzkaller0: entered promiscuous mode
[  421.637834][T14407] syzkaller0: entered allmulticast mode
[  421.668352][T14410] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  421.764857][T14407] tipc: Resetting bearer <eth:syzkaller0>
[  421.789299][T14406] tipc: Resetting bearer <eth:syzkaller0>
[  421.963414][T14406] tipc: Disabling bearer <eth:syzkaller0>
[  422.297231][T14439] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2663'.
[  422.341731][T14439] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2663'.
[  422.423193][T14447] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  422.482525][T14439] bridge0: port 2(vlan3) entered blocking state
[  422.491786][T14439] bridge0: port 2(vlan3) entered disabled state
[  422.495124][T14449] netlink: del zone limit has 4 unknown bytes
[  422.510734][T14439] vlan3: entered allmulticast mode
[  422.519343][T14439] bridge0: entered allmulticast mode
[  422.534914][T14439] vlan3: left allmulticast mode
[  422.539932][T14439] bridge0: left allmulticast mode
[  422.551552][T14449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2666'.
[  422.841764][T14464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2671'.
[  422.865128][T14464] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2671'.
[  423.337152][T14472] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  423.374553][T14474] syzkaller0: entered promiscuous mode
[  423.381297][T14474] syzkaller0: entered allmulticast mode
[  423.505672][T14468] tipc: Resetting bearer <eth:syzkaller0>
[  423.521856][T14466] tipc: Resetting bearer <eth:syzkaller0>
[  423.550976][T14466] tipc: Disabling bearer <eth:syzkaller0>
[  423.587106][T14479] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  423.947477][T14503] sctp: [Deprecated]: syz.0.2678 (pid 14503) Use of int in max_burst socket option.
[  423.947477][T14503] Use struct sctp_assoc_value instead
[  424.146991][T14508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2680'.
[  424.170552][T14508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2680'.
[  424.527688][T14518] team0: No ports can be present during mode change
[  424.599749][T14529] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  424.681161][T14534] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2688'.
[  424.739190][T14534] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2688'.
[  424.782814][T14534] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2688'.
[  424.794758][T14540] team0: Unable to change to the same mode the team is in
[  425.498821][T14575] netlink: del zone limit has 4 unknown bytes
[  425.530962][T14574] team0: No ports can be present during mode change
[  425.546303][T14575] netlink: 'syz.1.2701': attribute type 2 has an invalid length.
[  425.809381][T14583] bridge0: port 2(vlan3) entered blocking state
[  425.826304][T14583] bridge0: port 2(vlan3) entered disabled state
[  425.843529][T14583] vlan3: entered allmulticast mode
[  425.853472][T14583] bridge0: entered allmulticast mode
[  425.879110][T14583] vlan3: left allmulticast mode
[  425.895227][T14583] bridge0: left allmulticast mode
[  425.937028][T14581] ip6tnl1: entered promiscuous mode
[  426.321794][T14604] block nbd1: server does not support multiple connections per device.
[  426.362537][T14604] block nbd1: shutting down sockets
[  426.785729][T14626] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  426.799201][    C0] vcan0: j1939_tp_rxtimer: 0xffff888050020400: rx timeout, send abort
[  426.807666][    C0] vcan0: j1939_tp_rxtimer: 0xffff888050020000: rx timeout, send abort
[  426.816293][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888050020400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  426.830746][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888050020000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  426.861318][T14626] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  427.090267][T14629] 8021q: adding VLAN 0 to HW filter on device batadv0
[  427.099118][T14629] team0: Port device batadv0 added
[  427.344686][T14639] syzkaller1: entered promiscuous mode
[  427.360512][T14639] syzkaller1: entered allmulticast mode
[  427.375971][T14638] veth0: entered promiscuous mode
[  427.392171][T14635] lo speed is unknown, defaulting to 1000
[  427.399654][T14642] __nla_validate_parse: 20 callbacks suppressed
[  427.399676][T14642] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2725'.
[  427.624595][T14634] veth0: left promiscuous mode
[  427.829376][T14655] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2729'.
[  427.874123][T14655] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2729'.
[  427.883249][T14655] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2729'.
[  427.948770][T14662] IPVS: stopping backup sync thread 13831 ...
[  427.973636][T14662] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2733'.
[  428.008828][T14662] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2733'.
[  428.209991][T14669] 8021q: adding VLAN 0 to HW filter on device batadv1
[  428.250712][T14669] team0: Port device batadv1 added
[  428.272909][T14674] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2737'.
[  428.552786][T14682] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  428.584995][T14682] syzkaller0: entered promiscuous mode
[  428.590522][T14682] syzkaller0: entered allmulticast mode
[  428.698099][T14695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2740'.
[  428.713352][T14696] netlink: 'syz.1.2745': attribute type 1 has an invalid length.
[  428.745414][T14698] batadv_slave_1: entered promiscuous mode
[  428.764253][T14698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2744'.
[  428.787412][T14682] tipc: Resetting bearer <eth:syzkaller0>
[  428.918819][T14680] tipc: Resetting bearer <eth:syzkaller0>
[  429.112435][T14680] tipc: Disabling bearer <eth:syzkaller0>
[  429.187212][T14710] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  429.225231][T14710] syzkaller0: entered promiscuous mode
[  429.234327][T14710] syzkaller0: entered allmulticast mode
[  429.325912][T14710] tipc: Resetting bearer <eth:syzkaller0>
[  429.334462][T14709] tipc: Resetting bearer <eth:syzkaller0>
[  429.374723][T14709] tipc: Disabling bearer <eth:syzkaller0>
[  429.522328][T14724] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2752'.
[  429.816030][T14729] 8021q: adding VLAN 0 to HW filter on device batadv2
[  429.846070][T14729] team0: Port device batadv2 added
[  429.939627][T14735] lo speed is unknown, defaulting to 1000
[  430.152979][T14746] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.161884][T14746] syzkaller0: entered promiscuous mode
[  430.169412][T14746] syzkaller0: entered allmulticast mode
[  430.445328][T14748] tipc: Resetting bearer <eth:syzkaller0>
[  430.577179][T14757] bridge0: port 2(vlan2) entered blocking state
[  430.591685][T14757] bridge0: port 2(vlan2) entered disabled state
[  430.627717][T14757] vlan2: entered allmulticast mode
[  430.645421][T14757] bridge0: entered allmulticast mode
[  430.675841][T14757] vlan2: left allmulticast mode
[  430.686086][T14757] bridge0: left allmulticast mode
[  430.705388][T14742] tipc: Resetting bearer <eth:syzkaller0>
[  430.738891][T14762] netlink: 'syz.0.2763': attribute type 13 has an invalid length.
[  430.747831][T14762] netlink: 'syz.0.2763': attribute type 17 has an invalid length.
[  430.750167][T14742] tipc: Disabling bearer <eth:syzkaller0>
[  430.822325][T14762] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  430.965268][T14763] lo speed is unknown, defaulting to 1000
[  430.983743][T14762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  431.124374][T14773] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  431.700137][T14796] team0: No ports can be present during mode change
[  432.339042][T14820] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  432.484571][T14828] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  432.595839][T14834] __nla_validate_parse: 13 callbacks suppressed
[  432.595860][T14834] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2782'.
[  432.598314][T14837] team0: No ports can be present during mode change
[  432.657910][T14834] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  433.120793][T14847] lo speed is unknown, defaulting to 1000
[  433.595818][T14867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2793'.
[  433.647968][T14866] lo speed is unknown, defaulting to 1000
[  435.186589][T14915] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  435.217462][ T5159] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  435.227242][ T5159] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  435.235351][ T5159] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  435.243821][ T5159] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  435.251939][ T5159] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  435.329632][T14916] lo speed is unknown, defaulting to 1000
[  436.013822][T14924] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  436.160126][T14934] sctp: [Deprecated]: syz.1.2809 (pid 14934) Use of int in max_burst socket option deprecated.
[  436.160126][T14934] Use struct sctp_assoc_value instead
[  436.185373][T14934] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2809'.
[  436.199892][T14929] team0: Unable to change to the same mode the team is in
[  436.211805][T14933] team0: No ports can be present during mode change
[  436.312559][T14938] team0: Unable to change to the same mode the team is in
[  436.724081][T14916] chnl_net:caif_netlink_parms(): no params data found
[  436.906679][T14962] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2818'.
[  436.916457][T14962] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2818'.
[  436.943994][T14962] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2818'.
[  437.264661][T14916] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.274283][ T5159] Bluetooth: hci5: command tx timeout
[  437.275137][T14916] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.295314][T14916] bridge_slave_0: entered allmulticast mode
[  437.304025][T14916] bridge_slave_0: entered promiscuous mode
[  437.326295][T14978] team0: Unable to change to the same mode the team is in
[  437.340152][T14916] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.348210][T14916] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.360436][T14916] bridge_slave_1: entered allmulticast mode
[  437.386547][T14916] bridge_slave_1: entered promiscuous mode
[  437.576673][T14984] netlink: del zone limit has 4 unknown bytes
[  437.651238][T12328] bridge_slave_1: left allmulticast mode
[  437.659738][T12328] bridge_slave_1: left promiscuous mode
[  437.672135][T12328] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.694338][T12328] bridge_slave_0: left allmulticast mode
[  437.704670][T12328] bridge_slave_0: left promiscuous mode
[  437.714336][T12328] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.802580][T14989] netlink: del zone limit has 4 unknown bytes
[  437.977336][T14993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2828'.
[  437.994566][T14993] openvswitch: netlink: Flow actions attr not present in new flow.
[  438.187756][T12328] bond4 (unregistering): (slave erspan0): Releasing active interface
[  438.291402][T12328] bond1 (unregistering): (slave gretap1): Releasing active interface
[  438.311765][T12328] gretap1 (unregistering): left promiscuous mode
[  438.323679][T12328] gretap1 (unregistering): left allmulticast mode
[  438.793630][T12328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  438.806353][T12328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  438.820512][T12328] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  438.843112][T12328] bond0 (unregistering): Released all slaves
[  439.041666][T12328] bond1 (unregistering): Released all slaves
[  439.061755][T12328] bond2 (unregistering): Released all slaves
[  439.079790][T12328] bond3 (unregistering): Released all slaves
[  439.208688][T12328] bond4 (unregistering): (slave veth5): Releasing active interface
[  439.218758][T12328] bond4 (unregistering): Released all slaves
[  439.277718][T14916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  439.329171][T15003] bridge2: entered promiscuous mode
[  439.354902][ T5159] Bluetooth: hci5: command tx timeout
[  439.369974][T14916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  439.557878][T15012] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2835'.
[  439.569795][T15005] team0: Port device batadv1 removed
[  439.579547][T15012] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2835'.
[  439.612103][T15005] team0: Port device batadv2 removed
[  439.626686][T12328] tipc: Left network mode
[  439.631561][T15006] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  439.702034][T15012] bridge0: port 2(vlan3) entered blocking state
[  439.727265][T15012] bridge0: port 2(vlan3) entered disabled state
[  439.737939][T15012] vlan3: entered allmulticast mode
[  439.743224][T15012] bridge0: entered allmulticast mode
[  439.758610][T15012] vlan3: left allmulticast mode
[  439.763661][T15012] bridge0: left allmulticast mode
[  439.826901][T15014] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check.
[  439.843374][T15008] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2833'.
[  439.862466][T14916] team0: Port device team_slave_0 added
[  439.878167][T14916] team0: Port device team_slave_1 added
[  440.035713][T14916] batman_adv: batadv0: Adding interface: batadv_slave_0
[  440.060976][T14916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  440.091545][T14916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  440.123085][T15022] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2836'.
[  440.139962][T14916] batman_adv: batadv0: Adding interface: batadv_slave_1
[  440.148551][T14916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  440.176505][T14916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  440.450053][T15033] team0: No ports can be present during mode change
[  440.517288][T14916] hsr_slave_0: entered promiscuous mode
[  440.540262][T14916] hsr_slave_1: entered promiscuous mode
[  440.564966][T14916] debugfs: 'hsr0' already exists in 'hsr'
[  440.574547][T14916] Cannot create hsr debugfs directory
[  440.708610][T15045] netlink: del zone limit has 4 unknown bytes
[  440.920308][T15056] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2849'.
[  440.964964][T15056] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2849'.
[  441.003922][T15056] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2849'.
[  441.135991][T15062] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  441.204629][T15070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2853'.
[  441.213587][T15070] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2853'.
[  441.438475][ T5159] Bluetooth: hci5: command tx timeout
[  443.164418][T15079] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  443.196660][T15079] macsec1: entered allmulticast mode
[  443.223955][T15079] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  443.233718][T15079] batman_adv: batadv0: Adding interface: macsec1
[  443.244046][T15079] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.302611][T15079] batman_adv: batadv0: Interface activated: macsec1
[  443.454603][T15087] netlink: 'syz.2.2860': attribute type 58 has an invalid length.
[  443.462607][T12328] hsr_slave_0: left promiscuous mode
[  443.469990][T15087] __nla_validate_parse: 1 callbacks suppressed
[  443.470012][T15087] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2860'.
[  443.489158][T12328] hsr_slave_1: left promiscuous mode
[  443.514584][ T5159] Bluetooth: hci5: command tx timeout
[  443.532980][T15091] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2861'.
[  443.542390][T15091] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2861'.
[  443.570042][T15091] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2861'.
[  443.637150][T12328] team0 (unregistering): Port device batadv1 removed
[  443.818186][T15099] netlink: 'syz.1.2863': attribute type 13 has an invalid length.
[  443.827273][T15099] netlink: 'syz.1.2863': attribute type 17 has an invalid length.
[  443.838425][T12328] team0 (unregistering): Port device batadv0 removed
[  444.135408][T15103] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  444.250237][T15104] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  444.461351][T12328] team0 (unregistering): Port device team_slave_1 removed
[  444.516037][T12328] team0 (unregistering): Port device team_slave_0 removed
[  444.965245][T15088] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  445.037326][T15099] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  445.144547][T15106] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2864'.
[  445.164235][T15106] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2864'.
[  445.203091][T15106] bridge0: port 1(vlan2) entered blocking state
[  445.220766][T15106] bridge0: port 1(vlan2) entered disabled state
[  445.243276][T15106] vlan2: entered allmulticast mode
[  445.265164][T15106] vlan2: left allmulticast mode
[  445.283291][T15109] sctp: [Deprecated]: syz.2.2865 (pid 15109) Use of struct sctp_assoc_value in delayed_ack socket option.
[  445.283291][T15109] Use struct sctp_sack_info instead
[  445.525119][T15116] netlink: 'syz.4.2868': attribute type 10 has an invalid length.
[  445.533638][T15117] netlink: 'syz.4.2868': attribute type 10 has an invalid length.
[  445.542491][T15116] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2868'.
[  445.588098][T15117] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2868'.
[  445.699208][T15116] team0: Port device geneve0 added
[  445.872520][T15126] netlink: 'syz.1.2870': attribute type 13 has an invalid length.
[  445.915406][T15126] netlink: 'syz.1.2870': attribute type 17 has an invalid length.
[  445.973721][T15130] netlink: 'syz.4.2872': attribute type 13 has an invalid length.
[  445.993288][T15130] netlink: 'syz.4.2872': attribute type 17 has an invalid length.
[  446.003593][T15126] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  446.133132][T15130] 8021q: adding VLAN 0 to HW filter on device team0
[  446.172585][T15130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  446.176246][T15131] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2871'.
[  446.237672][T15129] lo speed is unknown, defaulting to 1000
[  446.289655][T15135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  446.375721][T15126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  446.379453][T15138] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  446.401750][T14916] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  446.453335][T15132] lo speed is unknown, defaulting to 1000
[  446.480436][T14916] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  446.521113][T15140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2874'.
[  446.567022][T14916] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  446.623624][T14916] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  446.742967][T15124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  446.781735][T15144] 8021q: adding VLAN 0 to HW filter on device bond1
[  446.791214][T15144] team0: Port device bond1 added
[  447.048699][T14916] 8021q: adding VLAN 0 to HW filter on device bond0
[  447.108190][T14916] 8021q: adding VLAN 0 to HW filter on device team0
[  447.145020][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.152259][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  447.407750][T12348] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.415164][T12348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  447.476478][T15179] netlink: 'syz.4.2882': attribute type 13 has an invalid length.
[  447.565177][T15179] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  447.740113][T15180] lo speed is unknown, defaulting to 1000
[  447.884626][T15179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  448.015920][T15184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  448.561326][T15199] __nla_validate_parse: 2 callbacks suppressed
[  448.561348][T15199] netlink: 124 bytes leftover after parsing attributes in process `syz.1.2889'.
[  448.600834][T15202] FAULT_INJECTION: forcing a failure.
[  448.600834][T15202] name failslab, interval 1, probability 0, space 0, times 0
[  448.632469][T15202] CPU: 1 UID: 0 PID: 15202 Comm: syz.0.2890 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  448.632502][T15202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  448.632514][T15202] Call Trace:
[  448.632523][T15202]  <TASK>
[  448.632532][T15202]  dump_stack_lvl+0x189/0x250
[  448.632560][T15202]  ? __pfx____ratelimit+0x10/0x10
[  448.632588][T15202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.632608][T15202]  ? __pfx__printk+0x10/0x10
[  448.632636][T15202]  ? __lock_acquire+0xab9/0xd20
[  448.632674][T15202]  should_fail_ex+0x414/0x560
[  448.632711][T15202]  should_failslab+0xa8/0x100
[  448.632744][T15202]  kmem_cache_alloc_noprof+0x73/0x3c0
[  448.632771][T15202]  ? skb_clone+0x212/0x3a0
[  448.632809][T15202]  skb_clone+0x212/0x3a0
[  448.632836][T15202]  __netlink_deliver_tap+0x404/0x850
[  448.632881][T15202]  ? netlink_deliver_tap+0x2e/0x1b0
[  448.632913][T15202]  netlink_deliver_tap+0x19c/0x1b0
[  448.632944][T15202]  netlink_unicast+0x7fa/0x9e0
[  448.632981][T15202]  ? __pfx_netlink_unicast+0x10/0x10
[  448.633011][T15202]  ? netlink_sendmsg+0x642/0xb30
[  448.633036][T15202]  ? skb_put+0x11b/0x210
[  448.633060][T15202]  netlink_sendmsg+0x805/0xb30
[  448.633102][T15202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.633136][T15202]  ? aa_sock_msg_perm+0x94/0x160
[  448.633164][T15202]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  448.633187][T15202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.633218][T15202]  __sock_sendmsg+0x219/0x270
[  448.633248][T15202]  ____sys_sendmsg+0x505/0x830
[  448.633281][T15202]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.633354][T15202]  ? import_iovec+0x74/0xa0
[  448.633396][T15202]  ___sys_sendmsg+0x21f/0x2a0
[  448.633420][T15202]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.633488][T15202]  ? __fget_files+0x2a/0x420
[  448.633506][T15202]  ? __fget_files+0x3a0/0x420
[  448.633539][T15202]  __x64_sys_sendmsg+0x19b/0x260
[  448.633563][T15202]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  448.633597][T15202]  ? __pfx_ksys_write+0x10/0x10
[  448.633621][T15202]  ? rcu_is_watching+0x15/0xb0
[  448.633658][T15202]  ? do_syscall_64+0xbe/0x3b0
[  448.633691][T15202]  do_syscall_64+0xfa/0x3b0
[  448.633718][T15202]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.633744][T15202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.633764][T15202]  ? clear_bhb_loop+0x60/0xb0
[  448.633798][T15202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.633817][T15202] RIP: 0033:0x7f702ef8ebe9
[  448.633836][T15202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.633852][T15202] RSP: 002b:00007f702feb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.633874][T15202] RAX: ffffffffffffffda RBX: 00007f702f1b5fa0 RCX: 00007f702ef8ebe9
[  448.633889][T15202] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  448.633901][T15202] RBP: 00007f702feb3090 R08: 0000000000000000 R09: 0000000000000000
[  448.633914][T15202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.633924][T15202] R13: 00007f702f1b6038 R14: 00007f702f1b5fa0 R15: 00007ffd5f274698
[  448.633960][T15202]  </TASK>
[  449.040520][T14916] 8021q: adding VLAN 0 to HW filter on device batadv0
[  449.307625][T14916] veth0_vlan: entered promiscuous mode
[  449.364683][T14916] veth1_vlan: entered promiscuous mode
[  449.518679][T14916] veth0_macvtap: entered promiscuous mode
[  449.551420][T15221] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  449.555670][T14916] veth1_macvtap: entered promiscuous mode
[  449.663118][T14916] batman_adv: batadv0: Interface activated: batadv_slave_0
[  449.716109][T14916] batman_adv: batadv0: Interface activated: batadv_slave_1
[  449.724916][T15228] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  449.756202][T12348] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  449.774762][T12348] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  449.793551][T12348] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  449.810950][T12348] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  449.970374][T12348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  449.989752][T12348] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  450.013711][T15233] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  450.029725][T12317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  450.055161][T12317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  450.331455][T15238] lo speed is unknown, defaulting to 1000
[  450.374243][T15248] validate_nla: 1 callbacks suppressed
[  450.374265][T15248] netlink: 'syz.3.2802': attribute type 10 has an invalid length.
[  450.388262][T15248] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2802'.
[  450.437613][T15248] team0: entered promiscuous mode
[  450.472291][T15248] team_slave_0: entered promiscuous mode
[  450.493048][T15248] team_slave_1: entered promiscuous mode
[  450.535570][T15248] bridge0: port 3(team0) entered blocking state
[  450.545267][T15248] bridge0: port 3(team0) entered disabled state
[  450.583009][T15248] team0: entered allmulticast mode
[  450.603318][T15248] team_slave_0: entered allmulticast mode
[  450.636261][T15248] team_slave_1: entered allmulticast mode
[  450.658495][T15248] bridge0: port 3(team0) entered blocking state
[  450.665098][T15248] bridge0: port 3(team0) entered forwarding state
[  450.745206][T15255] 8021q: adding VLAN 0 to HW filter on device batadv3
[  450.758473][T15255] team0: Port device batadv3 added
[  451.001222][T15260] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  451.266060][T15268] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2910'.
[  451.304241][T15268] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2910'.
[  451.334201][T15268] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2910'.
[  451.464541][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  451.479983][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  451.488766][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  451.498441][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  451.507316][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  451.825165][T15275] lo speed is unknown, defaulting to 1000
[  452.135182][T15288] 8021q: adding VLAN 0 to HW filter on device batadv1
[  452.161499][T15288] batadv1: entered promiscuous mode
[  452.184420][T15288] batadv1: entered allmulticast mode
[  452.196753][T15288] team0: Port device batadv1 added
[  452.348256][T15293] ipvlan2: entered promiscuous mode
[  452.353613][T15293] ipvlan2: entered allmulticast mode
[  452.384025][T15293] bridge0: entered allmulticast mode
[  452.417609][T15293] bridge0: port 2(ipvlan2) entered blocking state
[  452.448651][T15293] bridge0: port 2(ipvlan2) entered disabled state
[  452.500236][T15300] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  452.626900][T12322] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  452.636820][T12322] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  452.727681][T15305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2920'.
[  452.762958][T15305] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2920'.
[  452.794383][T15305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2920'.
[  452.845723][T15306] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  452.887192][T15312] syzkaller0: entered promiscuous mode
[  452.893328][T15312] syzkaller0: entered allmulticast mode
[  453.068911][T15275] chnl_net:caif_netlink_parms(): no params data found
[  453.141128][T15303] tipc: Resetting bearer <eth:syzkaller0>
[  453.161099][T15314] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2923'.
[  453.185839][T15303] tipc: Disabling bearer <eth:syzkaller0>
[  453.248619][T12331] dummy0: left allmulticast mode
[  453.261952][T12331] dummy0: left promiscuous mode
[  453.275307][T12331] bridge0: port 1(dummy0) entered disabled state
[  453.594448][ T5849] Bluetooth: hci3: command tx timeout
[  454.381633][T12331] bond0 (unregistering): Released all slaves
[  454.511961][T12331] bond1 (unregistering): Released all slaves
[  454.527256][T12331] bond2 (unregistering): Released all slaves
[  454.575492][T15326] sch_tbf: burst 88 is lower than device veth7 mtu (1514) !
[  454.622835][T12331] tipc: Disabling bearer <eth:vlan0>
[  454.643694][T12331] tipc: Left network mode
[  454.717714][T15347] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  454.734789][T15349] syzkaller0: entered promiscuous mode
[  454.740395][T15349] syzkaller0: entered allmulticast mode
[  454.777745][T15353] tipc: Resetting bearer <eth:syzkaller0>
[  454.857859][T15346] tipc: Resetting bearer <eth:syzkaller0>
[  454.876554][T15346] tipc: Disabling bearer <eth:syzkaller0>
[  454.898961][T15364] 8021q: adding VLAN 0 to HW filter on device batadv5
[  454.910706][T15364] team0: Port device batadv5 added
[  455.215295][T12331] hsr_slave_0: left promiscuous mode
[  455.296523][T12331] team0 (unregistering): Port device batadv0 removed
[  455.680546][ T5849] Bluetooth: hci3: command tx timeout
[  456.633274][T15414] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2946'.
[  456.649923][T15415] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  456.656509][T15415] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  457.212745][T15375] 8021q: adding VLAN 0 to HW filter on device batadv6
[  457.221681][T15375] team0: Port device batadv6 added
[  457.235099][T15275] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.276784][T15275] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.295497][T15275] bridge_slave_0: entered allmulticast mode
[  457.350034][T15275] bridge_slave_0: entered promiscuous mode
[  457.356648][T15418] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2947'.
[  457.386692][T15275] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.395745][T15275] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.397379][T15418] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2947'.
[  457.403002][T15275] bridge_slave_1: entered allmulticast mode
[  457.440257][T15418] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2947'.
[  457.459145][T15275] bridge_slave_1: entered promiscuous mode
[  457.708559][T15430] FAULT_INJECTION: forcing a failure.
[  457.708559][T15430] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  457.744893][T15430] CPU: 1 UID: 0 PID: 15430 Comm: syz.2.2952 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  457.744925][T15430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  457.744937][T15430] Call Trace:
[  457.744946][T15430]  <TASK>
[  457.744955][T15430]  dump_stack_lvl+0x189/0x250
[  457.744982][T15430]  ? __pfx____ratelimit+0x10/0x10
[  457.745011][T15430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.745032][T15430]  ? __pfx__printk+0x10/0x10
[  457.745072][T15430]  should_fail_ex+0x414/0x560
[  457.745111][T15430]  _copy_to_user+0x31/0xb0
[  457.745141][T15430]  simple_read_from_buffer+0xe1/0x170
[  457.745177][T15430]  proc_fail_nth_read+0x1b3/0x220
[  457.745206][T15430]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  457.745234][T15430]  ? rw_verify_area+0x258/0x650
[  457.745262][T15430]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  457.745287][T15430]  vfs_read+0x1fd/0x980
[  457.745313][T15430]  ? fdget_pos+0x247/0x320
[  457.745338][T15430]  ? __pfx___mutex_lock+0x10/0x10
[  457.745368][T15430]  ? __pfx_vfs_read+0x10/0x10
[  457.745396][T15430]  ? __fget_files+0x2a/0x420
[  457.745422][T15430]  ? __fget_files+0x3a0/0x420
[  457.745439][T15430]  ? __fget_files+0x2a/0x420
[  457.745470][T15430]  ksys_read+0x145/0x250
[  457.745514][T15430]  ? __pfx_ksys_read+0x10/0x10
[  457.745538][T15430]  ? rcu_is_watching+0x15/0xb0
[  457.745575][T15430]  ? do_syscall_64+0xbe/0x3b0
[  457.745607][T15430]  do_syscall_64+0xfa/0x3b0
[  457.745643][T15430]  ? lockdep_hardirqs_on+0x9c/0x150
[  457.745670][T15430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.745690][T15430]  ? clear_bhb_loop+0x60/0xb0
[  457.745716][T15430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.745735][T15430] RIP: 0033:0x7f258578d5fc
[  457.745755][T15430] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  457.745772][T15430] RSP: 002b:00007f25865e2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  457.745795][T15430] RAX: ffffffffffffffda RBX: 00007f25859b5fa0 RCX: 00007f258578d5fc
[  457.745809][T15430] RDX: 000000000000000f RSI: 00007f25865e20a0 RDI: 0000000000000004
[  457.745829][T15430] RBP: 00007f25865e2090 R08: 0000000000000000 R09: 0000000000000000
[  457.745841][T15430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.745854][T15430] R13: 00007f25859b6038 R14: 00007f25859b5fa0 R15: 00007fffbfb7ac28
[  457.745887][T15430]  </TASK>
[  457.758329][T15275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  457.766361][ T5849] Bluetooth: hci3: command tx timeout
[  457.807187][T15275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  457.813186][T15428] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2950'.
[  457.836291][T15435] netlink: 'syz.3.2954': attribute type 10 has an invalid length.
[  457.985850][T15437] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2954'.
[  458.141429][T15439] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2955'.
[  458.169068][T15439] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2955'.
[  458.198607][T15275] team0: Port device team_slave_0 added
[  458.226534][T15439] bridge0: port 2(vlan3) entered blocking state
[  458.233305][T15439] bridge0: port 2(vlan3) entered disabled state
[  458.240691][T15439] vlan3: entered allmulticast mode
[  458.249918][T15439] vlan3: left allmulticast mode
[  458.266919][T15275] team0: Port device team_slave_1 added
[  458.312739][T15443] 8021q: adding VLAN 0 to HW filter on device batadv2
[  458.321387][T15443] batadv2: entered promiscuous mode
[  458.327320][T15443] batadv2: entered allmulticast mode
[  458.333714][T15443] team0: Port device batadv2 added
[  458.409408][T15275] batman_adv: batadv0: Adding interface: batadv_slave_0
[  458.430310][T15275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.491118][T15275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.528161][T15275] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.539379][T15275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.583713][T15275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.612346][T15453] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2958'.
[  458.655567][T15455] netlink: del zone limit has 4 unknown bytes
[  458.668559][T15455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  458.774495][T15275] hsr_slave_0: entered promiscuous mode
[  458.781653][T15275] hsr_slave_1: entered promiscuous mode
[  458.820986][T12331] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled
[  458.830696][T12331] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled
[  458.855710][T15458] netlink: 320 bytes leftover after parsing attributes in process `syz.3.2962'.
[  459.232522][T15471] FAULT_INJECTION: forcing a failure.
[  459.232522][T15471] name failslab, interval 1, probability 0, space 0, times 0
[  459.264283][T15471] CPU: 1 UID: 0 PID: 15471 Comm: syz.3.2964 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  459.264316][T15471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  459.264328][T15471] Call Trace:
[  459.264337][T15471]  <TASK>
[  459.264346][T15471]  dump_stack_lvl+0x189/0x250
[  459.264391][T15471]  ? __pfx____ratelimit+0x10/0x10
[  459.264420][T15471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.264446][T15471]  ? __pfx__printk+0x10/0x10
[  459.264474][T15471]  ? __pfx_css_rstat_updated+0x10/0x10
[  459.264504][T15471]  should_fail_ex+0x414/0x560
[  459.264542][T15471]  should_failslab+0xa8/0x100
[  459.264563][T15471]  __kmalloc_noprof+0xcb/0x4f0
[  459.264592][T15471]  ? dev_prep_valid_name+0x193/0x610
[  459.264624][T15471]  dev_prep_valid_name+0x193/0x610
[  459.264654][T15471]  ? __pfx___might_resched+0x10/0x10
[  459.264684][T15471]  ? __pfx_dev_prep_valid_name+0x10/0x10
[  459.264728][T15471]  ? __raw_spin_lock_init+0x45/0x100
[  459.264755][T15471]  register_netdevice+0x542/0x1ae0
[  459.264782][T15471]  ? rcu_is_watching+0x15/0xb0
[  459.264814][T15471]  ? __kvmalloc_node_noprof+0x331/0x5f0
[  459.264852][T15471]  ? __pfx_register_netdevice+0x10/0x10
[  459.264872][T15471]  ? validate_linkmsg+0x765/0x950
[  459.264911][T15471]  ? __pfx_batadv_meshif_newlink+0x10/0x10
[  459.264944][T15471]  rtnl_newlink_create+0x30d/0xb00
[  459.264973][T15471]  ? __mutex_lock+0x5b6/0x1340
[  459.265007][T15471]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  459.265032][T15471]  ? __pfx___mutex_lock+0x10/0x10
[  459.265073][T15471]  ? ns_capable+0x8a/0xf0
[  459.265107][T15471]  rtnl_newlink+0x16d6/0x1c70
[  459.265138][T15471]  ? netlink_sendmsg+0x805/0xb30
[  459.265183][T15471]  ? __pfx_rtnl_newlink+0x10/0x10
[  459.265243][T15471]  ? kasan_quarantine_put+0xdd/0x220
[  459.265269][T15471]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.265310][T15471]  ? nlmon_xmit+0xb0/0x100
[  459.265328][T15471]  ? kmem_cache_free+0x18f/0x400
[  459.265367][T15471]  ? __local_bh_enable_ip+0x12d/0x1c0
[  459.265395][T15471]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.265423][T15471]  ? __local_bh_enable_ip+0x12d/0x1c0
[  459.265451][T15471]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  459.265485][T15471]  ? __dev_queue_xmit+0x27b/0x3b50
[  459.265524][T15471]  ? __lock_acquire+0xab9/0xd20
[  459.265585][T15471]  ? __pfx_rtnl_newlink+0x10/0x10
[  459.265612][T15471]  rtnetlink_rcv_msg+0x7cc/0xb70
[  459.265646][T15471]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  459.265673][T15471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  459.265709][T15471]  ? ref_tracker_free+0x63a/0x7d0
[  459.265730][T15471]  ? __asan_memcpy+0x40/0x70
[  459.265754][T15471]  ? __pfx_ref_tracker_free+0x10/0x10
[  459.265771][T15471]  ? __skb_clone+0x63/0x7a0
[  459.265804][T15471]  netlink_rcv_skb+0x205/0x470
[  459.265835][T15471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  459.265867][T15471]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  459.265911][T15471]  ? netlink_deliver_tap+0x2e/0x1b0
[  459.265949][T15471]  netlink_unicast+0x82c/0x9e0
[  459.265987][T15471]  ? __pfx_netlink_unicast+0x10/0x10
[  459.266015][T15471]  ? netlink_sendmsg+0x642/0xb30
[  459.266042][T15471]  ? skb_put+0x11b/0x210
[  459.266066][T15471]  netlink_sendmsg+0x805/0xb30
[  459.266109][T15471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.266143][T15471]  ? aa_sock_msg_perm+0x94/0x160
[  459.266171][T15471]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  459.266194][T15471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.266225][T15471]  __sock_sendmsg+0x219/0x270
[  459.266257][T15471]  ____sys_sendmsg+0x505/0x830
[  459.266287][T15471]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.266321][T15471]  ? import_iovec+0x74/0xa0
[  459.266353][T15471]  ___sys_sendmsg+0x21f/0x2a0
[  459.266379][T15471]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.266448][T15471]  ? __fget_files+0x2a/0x420
[  459.266467][T15471]  ? __fget_files+0x3a0/0x420
[  459.266501][T15471]  __x64_sys_sendmsg+0x19b/0x260
[  459.266527][T15471]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  459.266561][T15471]  ? __pfx_ksys_write+0x10/0x10
[  459.266586][T15471]  ? rcu_is_watching+0x15/0xb0
[  459.266622][T15471]  ? do_syscall_64+0xbe/0x3b0
[  459.266657][T15471]  do_syscall_64+0xfa/0x3b0
[  459.266683][T15471]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.266718][T15471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.266738][T15471]  ? clear_bhb_loop+0x60/0xb0
[  459.266762][T15471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.266781][T15471] RIP: 0033:0x7f054918ebe9
[  459.266800][T15471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.266817][T15471] RSP: 002b:00007f054a06f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.266841][T15471] RAX: ffffffffffffffda RBX: 00007f05493b5fa0 RCX: 00007f054918ebe9
[  459.266855][T15471] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  459.266867][T15471] RBP: 00007f054a06f090 R08: 0000000000000000 R09: 0000000000000000
[  459.266880][T15471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  459.266892][T15471] R13: 00007f05493b6038 R14: 00007f05493b5fa0 R15: 00007ffeee093218
[  459.266925][T15471]  </TASK>
[  459.914196][ T5849] Bluetooth: hci3: command tx timeout
[  460.147424][T15493] 8021q: adding VLAN 0 to HW filter on device batadv3
[  460.177956][T15493] batadv3: entered promiscuous mode
[  460.187711][T15493] batadv3: entered allmulticast mode
[  460.194352][T15493] team0: Port device batadv3 added
[  460.523183][T15512] pim6reg: entered allmulticast mode
[  460.593492][T15513] lo speed is unknown, defaulting to 1000
[  460.664026][T12318] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled
[  460.673424][T12318] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled
[  460.730562][T15275] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  460.792621][T15275] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  460.856529][T15275] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  460.901784][T15275] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  461.066761][T15530] netlink: 'syz.0.2977': attribute type 4 has an invalid length.
[  461.195702][   T24] lo speed is unknown, defaulting to 1000
[  461.201582][   T24] syz2: Port: 1 Link DOWN
[  461.242060][T15542] netlink: del zone limit has 4 unknown bytes
[  461.385672][T15548] IPVS: stopping backup sync thread 15551 ...
[  461.391871][T15551] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  461.419410][T15552] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  461.786894][T15275] 8021q: adding VLAN 0 to HW filter on device bond0
[  461.837570][T15567] netlink: 'syz.3.2987': attribute type 11 has an invalid length.
[  461.890167][T15275] 8021q: adding VLAN 0 to HW filter on device team0
[  461.948164][T12329] bridge0: port 1(bridge_slave_0) entered blocking state
[  461.956448][T12329] bridge0: port 1(bridge_slave_0) entered forwarding state
[  461.988088][T15570] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  461.998807][T15570] syzkaller0: entered promiscuous mode
[  462.006195][T15570] syzkaller0: entered allmulticast mode
[  462.064659][T12348] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.071991][T12348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.166892][T15570] tipc: Resetting bearer <eth:syzkaller0>
[  462.220552][T15579] __nla_validate_parse: 6 callbacks suppressed
[  462.220582][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2988'.
[  462.224768][T15570] tipc: Disabling bearer <eth:syzkaller0>
[  462.548606][T15585] netlink: 'syz.0.2990': attribute type 13 has an invalid length.
[  462.926583][T15275] 8021q: adding VLAN 0 to HW filter on device batadv0
[  463.063392][T15594] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  463.092776][T15275] veth0_vlan: entered promiscuous mode
[  463.137726][T15275] veth1_vlan: entered promiscuous mode
[  463.298593][T15275] veth0_macvtap: entered promiscuous mode
[  463.368148][T15275] veth1_macvtap: entered promiscuous mode
[  463.451872][T15275] batman_adv: batadv0: Interface activated: batadv_slave_0
[  463.500404][T15275] batman_adv: batadv0: Interface activated: batadv_slave_1
[  463.589619][T12328] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  463.626140][T12328] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  463.671497][T12328] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  463.704083][T12328] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.030268][T15624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3001'.
[  464.043423][T12318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.062913][T12318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.099308][T15628] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3003'.
[  464.111589][T15628] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3003'.
[  464.111632][T15627] netlink: del zone limit has 4 unknown bytes
[  464.121459][T15628] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3003'.
[  464.145040][T12329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.152899][T12329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.251244][T15631] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  464.397522][T15636] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3006'.
[  464.416257][T15633] tipc: Failed to remove unknown binding: 66,1,1/3237349641:1834806630/1834806632
[  464.416295][T15636] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3006'.
[  464.429503][T15637] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2903'.
[  464.465468][T15636] team0: No ports can be present during mode change
[  464.611415][T15641] gre1: entered allmulticast mode
[  464.675975][T15641] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4)
[  464.723688][T15643] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3008'.
[  465.217757][T15673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3015'.
[  465.576894][T15684] bridge0: port 3(team0) entered disabled state
[  466.003485][ T5159] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  466.019710][ T5159] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  466.029339][ T5159] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  466.039623][ T5159] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  466.048977][ T5159] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  466.158439][T15684] team0 (unregistering): left allmulticast mode
[  466.165965][T15684] team_slave_0: left allmulticast mode
[  466.171916][T15684] team_slave_1: left allmulticast mode
[  466.180067][T15684] batadv1: left allmulticast mode
[  466.185900][T15684] batadv2: left allmulticast mode
[  466.192055][T15684] batadv3: left allmulticast mode
[  466.197440][T15684] bridge0: port 3(team0) entered disabled state
[  466.212755][T15684] team_slave_0: left promiscuous mode
[  466.246736][T15684] team0 (unregistering): Port device team_slave_0 removed
[  466.254441][T15684] team_slave_1: left promiscuous mode
[  466.278219][T15684] team0 (unregistering): Port device team_slave_1 removed
[  466.301581][T15684] batadv1: left promiscuous mode
[  466.321504][T15684] team0 (unregistering): Port device batadv1 removed
[  466.345457][T15684] batadv2: left promiscuous mode
[  466.368224][T15684] team0 (unregistering): Port device batadv2 removed
[  466.382623][T15684] batadv3: left promiscuous mode
[  466.405199][T15684] team0 (unregistering): Port device batadv3 removed
[  466.457245][ T5838] bridge0: port 1(syz_tun) entered disabled state
[  466.573035][ T5838] syz_tun (unregistering): left allmulticast mode
[  466.591158][ T5838] syz_tun (unregistering): left promiscuous mode
[  466.613686][ T5838] bridge0: port 1(syz_tun) entered disabled state
[  466.728128][T15711] batadv_slave_1: entered promiscuous mode
[  466.827814][T15699] lo speed is unknown, defaulting to 1000
[  466.835134][T15726] bridge_slave_1: left allmulticast mode
[  466.854992][T15726] bridge_slave_1: left promiscuous mode
[  466.881132][T15726] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.956765][T15726] bridge_slave_0: left allmulticast mode
[  466.963443][T15726] bridge_slave_0: left promiscuous mode
[  466.974492][T15726] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.992072][T15732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.100743][T15732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  467.223088][T12348] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  467.237000][T12348] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  467.330779][T15742] __nla_validate_parse: 7 callbacks suppressed
[  467.330801][T15742] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3028'.
[  467.371526][T15724] lo speed is unknown, defaulting to 1000
[  467.412414][T12348] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  467.435233][T12348] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  467.473018][T15710] batadv_slave_1: left promiscuous mode
[  467.562022][T12348] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  467.593059][T12348] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  467.627936][   T24] hid-generic 0005:16BF:5505.0012: unknown main item tag 0x0
[  467.673436][   T24] hid-generic 0005:16BF:5505.0012: unknown main item tag 0x0
[  467.698793][T15750] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3030'.
[  467.723572][   T24] hid-generic 0005:16BF:5505.0012: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  467.779675][T12348] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  467.793609][T12348] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  467.868553][T15750] team0: No ports can be present during mode change
[  468.162436][ T5159] Bluetooth: hci1: command tx timeout
[  468.181306][T15767] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3033'.
[  468.371977][T15770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  468.551552][T15782] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3036'.
[  468.666440][T15788] netlink: 724 bytes leftover after parsing attributes in process `syz.1.3039'.
[  468.689234][T15788] netlink: 724 bytes leftover after parsing attributes in process `syz.1.3039'.
[  469.694263][T12348] bond0 (unregistering): Released all slaves
[  469.859500][T12348] bond1 (unregistering): Released all slaves
[  469.875568][T12348] bond2 (unregistering): Released all slaves
[  470.011308][T12348] bond3 (unregistering): Released all slaves
[  470.030110][T15699] chnl_net:caif_netlink_parms(): no params data found
[  470.048052][T15781] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  470.059299][T15782] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3036'.
[  470.235278][ T5159] Bluetooth: hci1: command tx timeout
[  470.259736][T12348] : left promiscuous mode
[  470.511936][T15814] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[  470.603963][T15814] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[  470.623174][T12348] tipc: Disabling bearer <udp:syz2>
[  470.629233][T12348] tipc: Left network mode
[  470.790896][T15835] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3048'.
[  470.821536][T15835] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3048'.
[  470.910348][T15837] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  471.116681][T15699] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.132467][T15699] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.155421][T15699] bridge_slave_0: entered allmulticast mode
[  471.187759][T15699] bridge_slave_0: entered promiscuous mode
[  471.284129][T15699] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.311747][T15699] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.344179][T15699] bridge_slave_1: entered allmulticast mode
[  471.356087][T15699] bridge_slave_1: entered promiscuous mode
[  471.551385][T12348] batman_adv: batadv0: Interface deactivated: macsec1
[  471.561469][T12348] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode
[  471.587606][T12348] batman_adv: batadv0: Removing interface: macsec1
[  471.626310][T15845] vlan2: entered allmulticast mode
[  471.631798][T15845] veth1: entered allmulticast mode
[  471.673486][T15699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  471.712792][T15850] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  471.719366][T15850] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  471.821548][T12348] hsr_slave_0: left promiscuous mode
[  471.854365][T12348] hsr_slave_1: left promiscuous mode
[  471.901691][T12348] veth1_macvtap: left promiscuous mode
[  471.914105][T12348] veth0_macvtap: left promiscuous mode
[  471.919855][T12348] veth1_vlan: left promiscuous mode
[  471.927433][T12348] veth0_vlan: left promiscuous mode
[  472.217079][T12348] pim6reg (unregistering): left allmulticast mode
[  472.256320][T12348] team0 (unregistering): Port device batadv6 removed
[  472.317760][ T5159] Bluetooth: hci1: command tx timeout
[  472.333487][T12348] team0 (unregistering): Port device batadv5 removed
[  472.445740][T12348] team0 (unregistering): Port device batadv2 removed
[  472.517012][T12348] team0 (unregistering): Port device batadv0 removed
[  472.662824][   T43] hid-generic 0005:16BF:5505.0013: unknown main item tag 0x0
[  472.694529][   T43] hid-generic 0005:16BF:5505.0013: unknown main item tag 0x0
[  472.749005][   T43] hid-generic 0005:16BF:5505.0013: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  473.976365][T15699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  474.096306][T15699] team0: Port device team_slave_0 added
[  474.149210][T15699] team0: Port device team_slave_1 added
[  474.353413][T15899] batadv1: entered promiscuous mode
[  474.366642][T15904] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3063'.
[  474.386822][T15899] 8021q: adding VLAN 0 to HW filter on device batadv1
[  474.403949][ T5159] Bluetooth: hci1: command tx timeout
[  474.405110][T15899] team0: Port device batadv1 added
[  474.461640][T15905] 8021q: adding VLAN 0 to HW filter on device batadv4
[  474.495194][T15699] batman_adv: batadv0: Adding interface: batadv_slave_0
[  474.502343][T15699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  474.549591][T15699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  474.606568][T15907] 8021q: adding VLAN 0 to HW filter on device batadv4
[  474.625985][T15907] team0: Port device batadv4 added
[  474.757863][T15699] batman_adv: batadv0: Adding interface: batadv_slave_1
[  474.777582][T15699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  474.852485][T15699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  475.101581][T15699] hsr_slave_0: entered promiscuous mode
[  475.126981][T15699] hsr_slave_1: entered promiscuous mode
[  475.137960][T15699] debugfs: 'hsr0' already exists in 'hsr'
[  475.151835][T15699] Cannot create hsr debugfs directory
[  475.189996][T15932] netlink: del zone limit has 4 unknown bytes
[  475.372793][T12348] IPVS: stop unused estimator thread 0...
[  475.475399][T15943] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3075'.
[  475.508709][T15943] netlink: 'syz.3.3075': attribute type 7 has an invalid length.
[  475.545314][T15943] netlink: 'syz.3.3075': attribute type 8 has an invalid length.
[  475.572245][T15946] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3075'.
[  475.582269][T15943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3075'.
[  475.592692][T15948] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3077'.
[  475.607022][T15946] netlink: 'syz.3.3075': attribute type 10 has an invalid length.
[  475.671961][T15946] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  475.749555][T15943] bridge0: entered promiscuous mode
[  475.782477][T15943] ip6gretap0: entered promiscuous mode
[  475.791437][T15943] bridge0: left promiscuous mode
[  475.799568][T15943] ip6gretap0: left promiscuous mode
[  475.879285][T15961] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  475.888779][T15958] IPVS: stopping backup sync thread 15961 ...
[  475.937625][T15953] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3080'.
[  475.946936][T15953] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3080'.
[  476.921445][T15985] netlink: del zone limit has 4 unknown bytes
[  478.440057][T15987] wg1: entered promiscuous mode
[  478.447983][T15989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3088'.
[  478.460532][T15987] wg1: entered allmulticast mode
[  478.566751][T15992] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  478.574803][T15992] syzkaller0: entered promiscuous mode
[  478.581424][T15992] syzkaller0: entered allmulticast mode
[  478.638452][T15992] tipc: Resetting bearer <eth:syzkaller0>
[  478.716870][T15990] tipc: Resetting bearer <eth:syzkaller0>
[  478.747650][T15990] tipc: Disabling bearer <eth:syzkaller0>
[  478.989855][T16013] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  478.990027][T16010] IPVS: stopping backup sync thread 16013 ...
[  479.049715][T16015] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3095'.
[  479.090260][T16015] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3095'.
[  479.134746][T15699] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  479.177755][T15699] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  479.217175][T16019] netlink: del zone limit has 4 unknown bytes
[  479.268738][T15699] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  479.324572][T15699] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  479.446668][T16026] __nla_validate_parse: 1 callbacks suppressed
[  479.446689][T16026] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3099'.
[  479.631204][T16034] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  479.637793][T16034] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  479.656704][T15699] 8021q: adding VLAN 0 to HW filter on device bond0
[  479.733163][T15699] 8021q: adding VLAN 0 to HW filter on device team0
[  479.768760][T12348] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.776793][T12348] bridge0: port 1(bridge_slave_0) entered forwarding state
[  479.865072][T12325] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.872359][T12325] bridge0: port 2(bridge_slave_1) entered forwarding state
[  480.031844][T16040] FAULT_INJECTION: forcing a failure.
[  480.031844][T16040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.074142][T16040] CPU: 1 UID: 0 PID: 16040 Comm: syz.1.3102 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  480.074173][T16040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  480.074185][T16040] Call Trace:
[  480.074194][T16040]  <TASK>
[  480.074202][T16040]  dump_stack_lvl+0x189/0x250
[  480.074231][T16040]  ? __pfx____ratelimit+0x10/0x10
[  480.074259][T16040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.074279][T16040]  ? __pfx__printk+0x10/0x10
[  480.074318][T16040]  should_fail_ex+0x414/0x560
[  480.074354][T16040]  _copy_from_user+0x2d/0xb0
[  480.074381][T16040]  __copy_msghdr+0x3c5/0x5b0
[  480.074408][T16040]  ___sys_sendmsg+0x1a5/0x2a0
[  480.074432][T16040]  ? __pfx____sys_sendmsg+0x10/0x10
[  480.074495][T16040]  ? __fget_files+0x2a/0x420
[  480.074514][T16040]  ? __fget_files+0x3a0/0x420
[  480.074546][T16040]  __x64_sys_sendmsg+0x19b/0x260
[  480.074579][T16040]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  480.074613][T16040]  ? __pfx_ksys_write+0x10/0x10
[  480.074638][T16040]  ? rcu_is_watching+0x15/0xb0
[  480.074674][T16040]  ? do_syscall_64+0xbe/0x3b0
[  480.074707][T16040]  do_syscall_64+0xfa/0x3b0
[  480.074732][T16040]  ? lockdep_hardirqs_on+0x9c/0x150
[  480.074759][T16040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.074778][T16040]  ? clear_bhb_loop+0x60/0xb0
[  480.074803][T16040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.074822][T16040] RIP: 0033:0x7fa4c7d8ebe9
[  480.074841][T16040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.074858][T16040] RSP: 002b:00007fa4c8bc5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  480.074881][T16040] RAX: ffffffffffffffda RBX: 00007fa4c7fb6090 RCX: 00007fa4c7d8ebe9
[  480.074897][T16040] RDX: 0000000000044000 RSI: 0000200000000080 RDI: 0000000000000007
[  480.074911][T16040] RBP: 00007fa4c8bc5090 R08: 0000000000000000 R09: 0000000000000000
[  480.074925][T16040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.074938][T16040] R13: 00007fa4c7fb6128 R14: 00007fa4c7fb6090 R15: 00007ffd4ce0f9b8
[  480.074973][T16040]  </TASK>
[  480.542213][T16050] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4)
[  480.754724][T16059] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3106'.
[  480.827019][T16058] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3107'.
[  480.863450][T16058] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  480.879005][T16061] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3108'.
[  480.899974][T15699] 8021q: adding VLAN 0 to HW filter on device batadv0
[  480.949733][T16061] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  480.997814][T16063] 8021q: adding VLAN 0 to HW filter on device batadv2
[  481.016210][T16063] team0: Port device batadv2 added
[  481.145605][T15699] veth0_vlan: entered promiscuous mode
[  481.179998][T15699] veth1_vlan: entered promiscuous mode
[  481.428380][T15699] veth0_macvtap: entered promiscuous mode
[  481.491643][T15699] veth1_macvtap: entered promiscuous mode
[  481.528444][T16073] netlink: 'syz.4.3111': attribute type 13 has an invalid length.
[  481.551060][T16073] netlink: 'syz.4.3111': attribute type 17 has an invalid length.
[  481.570525][T16075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3112'.
[  481.583060][T15699] batman_adv: batadv0: Interface activated: batadv_slave_0
[  481.614186][T16075] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3112'.
[  481.654554][T16073] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  481.707936][T16081] netlink: del zone limit has 4 unknown bytes
[  481.716677][T15699] batman_adv: batadv0: Interface activated: batadv_slave_1
[  481.731868][T12348] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  481.760127][T16076] netlink: 168 bytes leftover after parsing attributes in process `syz.3.3113'.
[  481.781443][T12348] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  481.830199][T12348] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  481.852700][T12348] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.888311][T16077] lo speed is unknown, defaulting to 1000
[  481.945585][T16073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.026500][T16083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  482.051129][T16086] gre1: entered allmulticast mode
[  482.132547][T16086] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4)
[  482.197243][T12348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.221295][T12348] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.388498][T12348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.422766][T12348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.502255][T16100] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3120'.
[  482.507507][   T43] hid-generic 0005:16BF:5505.0014: unknown main item tag 0x0
[  482.535262][   T43] hid-generic 0005:16BF:5505.0014: unknown main item tag 0x0
[  482.559905][   T43] hid-generic 0005:16BF:5505.0014: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  482.590079][T16107] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  482.633653][T16106] lo speed is unknown, defaulting to 1000
[  482.953736][T16118] 8021q: adding VLAN 0 to HW filter on device batadv1
[  482.965490][T16118] team0: Port device batadv1 added
[  483.545922][T16135] netlink: 'syz.1.3126': attribute type 1 has an invalid length.
[  483.581560][T16135] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3126'.
[  484.786072][T16173] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3134'.
[  484.803659][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  484.808808][T16175] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3133'.
[  484.840826][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  484.851352][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  484.864267][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  484.873035][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  484.968686][T16170] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  485.146609][T16172] lo speed is unknown, defaulting to 1000
[  485.364102][T16187] batman_adv: batadv0: Adding interface: ip6gretap1
[  485.396470][T16185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3135'.
[  485.414214][T16187] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  485.508650][T16187] batman_adv: batadv0: Interface activated: ip6gretap1
[  486.097884][T16172] chnl_net:caif_netlink_parms(): no params data found
[  486.393370][T16219] bond0: (slave dummy0): Releasing backup interface
[  486.527754][T16219] bridge_slave_0: left allmulticast mode
[  486.533555][T16219] bridge_slave_0: left promiscuous mode
[  486.609548][T16219] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.777695][T16219] bridge_slave_1: left allmulticast mode
[  486.799039][T16240] netlink: 'syz.2.3142': attribute type 10 has an invalid length.
[  486.814549][T16219] bridge_slave_1: left promiscuous mode
[  486.830076][T16219] bridge0: port 2(bridge_slave_1) entered disabled state
[  486.860166][T16244] netlink: 'syz.2.3142': attribute type 10 has an invalid length.
[  486.923686][T16219] bond0: (slave bond_slave_0): Releasing backup interface
[  486.954080][ T5159] Bluetooth: hci0: command tx timeout
[  486.967158][T16219] bond0: (slave bond_slave_1): Releasing backup interface
[  487.008116][T16219] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  487.027480][T16219] batman_adv: batadv0: Removing interface: batadv_slave_0
[  487.094778][T16219] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  487.114815][T16219] batman_adv: batadv0: Removing interface: batadv_slave_1
[  487.162264][T16219] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  487.238856][T16219] batman_adv: batadv0: Removing interface: ip6gretap1
[  487.380377][T16172] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.402402][T16172] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.425592][T16172] bridge_slave_0: entered allmulticast mode
[  487.461688][T16172] bridge_slave_0: entered promiscuous mode
[  487.628865][T16232] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  487.659244][T16240] syz_tun: entered promiscuous mode
[  487.671729][T16240] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  487.702103][T16244] 8021q: adding VLAN 0 to HW filter on device bond0
[  487.715173][T16244] team0: Port device bond0 added
[  487.716443][T16260] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3146'.
[  487.737976][T16172] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.764851][T16172] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.795832][T16172] bridge_slave_1: entered allmulticast mode
[  487.818470][T16172] bridge_slave_1: entered promiscuous mode
[  487.862877][T16262] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  487.945721][T16264] netlink: 'syz.3.3148': attribute type 1 has an invalid length.
[  487.959742][T16264] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3148'.
[  488.127525][T16274] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3150'.
[  488.277046][T16280] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3151'.
[  488.296445][T16172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.378037][T16280] team0: No ports can be present during mode change
[  488.397033][T16172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.408983][T16281] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI
[  488.420929][T16281] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
[  488.430513][T16281] CPU: 0 UID: 0 PID: 16281 Comm: modprobe Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  488.442441][T16281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  488.452609][T16281] RIP: 0010:percpu_ref_get_many+0x8d/0x140
[  488.458433][T16281] Code: 01 48 c7 c7 00 51 98 8b be 4b 03 00 00 48 c7 c2 40 51 98 8b e8 a4 24 72 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 04 5d f7 ff 49 8b 07 a8 03 75 62
[  488.478087][T16281] RSP: 0018:ffffc900047476f8 EFLAGS: 00010206
[  488.484269][T16281] RAX: 000000001fffe000 RBX: ffffffff822b7619 RCX: 61d0f38c64f56b00
[  488.492334][T16281] RDX: 0000000000000000 RSI: ffffffff8be309e0 RDI: ffffffff8be309a0
[  488.500333][T16281] RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822b7619
[  488.502326][T16284] netlink: 'syz.4.3152': attribute type 39 has an invalid length.
[  488.508351][T16281] R10: dffffc0000000000 R11: ffffed1005329e14 R12: dffffc0000000000
[  488.508375][T16281] R13: ffff8880b863b500 R14: 0000000000000001 R15: 00000000ffff0000
[  488.508391][T16281] FS:  0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[  488.508408][T16281] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  488.508423][T16281] CR2: 00007fd27b6bae9c CR3: 000000007e28e000 CR4: 00000000003526f0
[  488.508443][T16281] Call Trace:
[  488.508451][T16281]  <TASK>
[  488.508461][T16281]  refill_obj_stock+0x254/0x850
[  488.508496][T16281]  ? refill_obj_stock+0x116/0x850
[  488.508524][T16281]  __memcg_slab_free_hook+0x127/0x3d0
[  488.508558][T16281]  ? unlink_anon_vmas+0x2cc/0x670
[  488.508577][T16281]  kmem_cache_free+0x223/0x400
[  488.508608][T16281]  unlink_anon_vmas+0x2cc/0x670
[  488.508631][T16281]  free_pgtables+0x7bf/0xaf0
[  488.508656][T16281]  ? __pfx_free_pgtables+0x10/0x10
[  488.508680][T16281]  ? __pfx_down_write+0x10/0x10
[  488.508711][T16281]  ? __mas_set_range+0x12f/0x3c0
[  488.508733][T16281]  exit_mmap+0x444/0xb50
[  488.508762][T16281]  ? uprobe_clear_state+0x20f/0x290
[  488.508788][T16281]  ? __pfx_exit_mmap+0x10/0x10
[  488.508815][T16281]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  488.508849][T16281]  ? __pfx_exit_aio+0x10/0x10
[  488.508883][T16281]  ? uprobe_clear_state+0x274/0x290
[  488.508908][T16281]  __mmput+0x118/0x420
[  488.508936][T16281]  exit_mm+0x1da/0x2c0
[  488.508960][T16281]  ? __pfx_exit_mm+0x10/0x10
[  488.508980][T16281]  ? hrtimer_try_to_cancel+0x3d9/0x420
[  488.509009][T16281]  ? rcu_is_watching+0x15/0xb0
[  488.509040][T16281]  do_exit+0x648/0x22e0
[  488.509064][T16281]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  488.509088][T16281]  ? __pfx_do_exit+0x10/0x10
[  488.509113][T16281]  ? _raw_spin_unlock_irq+0x23/0x50
[  488.509137][T16281]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.509165][T16281]  do_group_exit+0x21c/0x2d0
[  488.509199][T16281]  __x64_sys_exit_group+0x3f/0x40
[  488.509223][T16281]  x64_sys_call+0x21f7/0x2200
[  488.704314][T16281]  do_syscall_64+0xfa/0x3b0
[  488.708943][T16281]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.714171][T16281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.720347][T16281]  ? clear_bhb_loop+0x60/0xb0
[  488.725070][T16281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.730985][T16281] RIP: 0033:0x7fd27b8196c5
[  488.735416][T16281] Code: Unable to access opcode bytes at 0x7fd27b81969b.
[  488.742608][T16281] RSP: 002b:00007ffdc3a33858 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[  488.751054][T16281] RAX: ffffffffffffffda RBX: 00007fd27b91afe8 RCX: 00007fd27b8196c5
[  488.759038][T16281] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000001
[  488.767220][T16281] RBP: 0000000000000001 R08: 00007ffdc3a337e8 R09: 0000000000000000
[  488.775312][T16281] R10: 00007ffdc3a33680 R11: 0000000000000206 R12: 0000000000000000
[  488.783568][T16281] R13: 0000000000000001 R14: 00007fd27b919680 R15: 00007fd27b91b000
[  488.791623][T16281]  </TASK>
[  488.794915][T16281] Modules linked in:
[  488.800194][T16281] ---[ end trace 0000000000000000 ]---
[  488.806469][T16281] RIP: 0010:percpu_ref_get_many+0x8d/0x140
[  488.812334][T16281] Code: 01 48 c7 c7 00 51 98 8b be 4b 03 00 00 48 c7 c2 40 51 98 8b e8 a4 24 72 ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 04 5d f7 ff 49 8b 07 a8 03 75 62
[  488.832497][T16281] RSP: 0018:ffffc900047476f8 EFLAGS: 00010206
[  488.839512][T16281] RAX: 000000001fffe000 RBX: ffffffff822b7619 RCX: 61d0f38c64f56b00
[  488.847640][T16281] RDX: 0000000000000000 RSI: ffffffff8be309e0 RDI: ffffffff8be309a0
[  488.855830][T16281] RBP: 0000000000000078 R08: 0000000000000000 R09: ffffffff822b7619
[  488.864062][T16281] R10: dffffc0000000000 R11: ffffed1005329e14 R12: dffffc0000000000
[  488.872331][T16281] R13: ffff8880b863b500 R14: 0000000000000001 R15: 00000000ffff0000
[  488.880897][T16281] FS:  0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[  488.890418][T16281] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  488.897485][T16281] CR2: 00007fd27b6bae9c CR3: 000000007e28e000 CR4: 00000000003526f0
[  488.905838][T16281] Kernel panic - not syncing: Fatal exception
[  488.912302][T16281] Kernel Offset: disabled
[  488.916729][T16281] Rebooting in 86400 seconds..