last executing test programs:

13.321561511s ago: executing program 3 (id=1150):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)

13.075268613s ago: executing program 3 (id=1153):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000000)
ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000000)={0x2, 0x0, 0x4})
r0 = socket$inet(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe3d)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f00000029c0)=ANY=[@ANYBLOB="140000000d0603"], 0x14}}, 0x0)
sendmsg$IPSET_CMD_SWAP(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000006060108000000"], 0x14}}, 0x810)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000480), r3)
sendmsg$NLBL_MGMT_C_LISTDEF(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x4180)
sendto$inet(r0, &(0x7f0000000700)="d4df0cf4c6708ba3c3b1e995353977fc88df634a11c414e867ac5fafedeb29b8d9e0841ba43ecc5033c29245dece63683f32e134b7d1d562c5d44f99d786f6560a0290b9cd2441b8ca8e2ca8b0e4d664d3d47f308ea56310839405b8bfba7250a2da5e48d4d9668eb0cec88e4f5dc89ac7aac602690b003460578f2926a1aa3d7c2d7d5da925b331623b4339a16d84bc64a760c359f92921bd6c3dbf7be5cd5e1f59f0be17749c26c55d15177548bd041aaca47d0574a7f37a1a8e8169f786e6fe401ebb70ab462f740b984b51402c6b68715d5b4da60871dbbb7f397fc30229674e5054b2c884c9c5aa", 0xea, 0x20000000, &(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x25}}, 0xfffffffffffffdaf)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r5)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r5, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000fbdbdf251e00000008000300", @ANYRES32=r7, @ANYBLOB="50002f800c0002000203aaaaaaaaaaaa0c000380080001000200000034000380080001"], 0x6c}, 0x1, 0x0, 0x0, 0x20000041}, 0x4880)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan3\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00042cbd7000fd2ccab12b00010008000300", @ANYRES32=r8, @ANYBLOB="0600090000000000"], 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x5)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

12.585245684s ago: executing program 3 (id=1158):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa07b7b748ab54c9b47531624c0ca3cc3e9246587e7ce", 0x51}], 0x1}, 0x0)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x41, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)

12.338210119s ago: executing program 3 (id=1161):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
close(0xffffffffffffffff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2}, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r3, 0xffffffffffffffff, 0x2, 0x0, 0x4000}, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=ANY=[@ANYBLOB="3000000011140100000000000000000008004b0013000000080001000000000008004f"], 0x30}}, 0x40)

12.132577844s ago: executing program 3 (id=1165):
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x8035, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}, 0x1, 0x0, 0x0, 0x20008010}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="03"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000100))
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x22020400)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@ip_tos_int={{0x14}}, @ip_retopts={{0x10, 0x110, 0xb}}], 0x28}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x23}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0103000000000000000005"], 0x34}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000180)=@assoc_value={<r8=>0x0}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r8, 0x10009, 0x9}, &(0x7f0000000140)=0xc)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000080)={r8, 0xb}, &(0x7f00000000c0)=0x8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x25dfdbff, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x240000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x8007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x54c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x3, 0xffffffff, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x3}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xfffffffffffffffc}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20008040}, 0x0)

11.466198978s ago: executing program 3 (id=1170):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x740, 0x328, 0x580, 0x580, 0xd0, 0x328, 0x670, 0x670, 0x670, 0x670, 0x670, 0x6, 0x0, {[{{@uncond, 0x1d, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x230, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}, @common=@srh={{0x30}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7a0)

2.109461011s ago: executing program 0 (id=1231):
socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0xffffffff}, &(0x7f00000000c0)=0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100030010651fbe347b2c2b00000c00018008000100", @ANYRES16=r0], 0x20}, 0x1, 0x300}, 0x0)

1.996401612s ago: executing program 2 (id=1232):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000100)=0x54, 0x4)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0x2, &(0x7f00000000c0)='\x00\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

1.827138452s ago: executing program 0 (id=1234):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0x0, 0x0, 0x188, 0x2a8, 0x2a8, 0x188, 0x2a8, 0x3, 0x0, {[{{@ip={@local, @private=0x1a010100, 0xffffff00, 0xffffffff, 'hsr0\x00', 'wlan0\x00', {}, {}, 0x6c, 0x1, 0x40}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x5, 0x5, 0x2, 0x24, 0x6], 0x4, 0x5}, {0xffffffffffffffff, [0x56, 0x2], 0x0, 0x4}}}}, {{@ip={@rand_addr=0x64010101, @multicast2, 0xffffff00, 0xffffff00, 'rose0\x00', 'gretap0\x00', {0xff}, {}, 0x6, 0x2, 0xc}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x81, 0x2, 0x7fff, 'snmp\x00', {0x400000}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0xd, 0x7)
socket$kcm(0x11, 0xa, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r2, 0x0, 0x80000000000}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8, 0x8, 0xb}]}}]}, 0x44}}, 0x1)
connect$bt_l2cap(r1, &(0x7f00000003c0)={0x1f, 0x1000, @none, 0x9}, 0xe)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xe}, 0xfffffffffffffc36)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r6 = socket(0x27, 0x5, 0x5)
recvmmsg(r6, &(0x7f0000000040), 0x0, 0x52, 0x0)
ioctl$BTRFS_IOC_SYNC(r2, 0x9408, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000100)=0x8, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x5, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000280)={'macsec0\x00', 0x39})

1.685884263s ago: executing program 2 (id=1237):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0)

1.567401746s ago: executing program 0 (id=1238):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
sendmmsg$unix(r0, &(0x7f0000000940)=[{{0x0, 0xfe, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x8000}}], 0x1, 0x4000)

1.483934983s ago: executing program 1 (id=1240):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', <r2=>0x0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="540000001400090525bd70000003000002180d00", @ANYRES32=r2, @ANYBLOB="08000b000000000008000200ac14143f080009"], 0x54}}, 0x0) (fail_nth: 3)

1.359865141s ago: executing program 0 (id=1241):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)

1.359552825s ago: executing program 4 (id=1242):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x4, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xcfb1, 0x29}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x84}, 0x4)
socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x28, 0x4, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x88850}, 0x800)

1.359151145s ago: executing program 2 (id=1243):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000500000000000900024ae592063000000000100003006269746d61703a706d310a7bc7335ddb107a6f72740014000780060005004bd0b3d81380fd5c0000000005000100070000000500040000000000"], 0x5c}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x2}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r4, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0xfeffffff, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller1\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x5, 0x3, "fc"}, @NFTA_MATCH_NAME={0xb, 0x1, 'socket\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f00000063c0)=[{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000002c0)="598847167aa3eeecd678a4be219c9f7ac36dd422be5e395f6579a0878eb84f76bdd866c510f785691711178ee5cb9450f77f56bbaf73c14c1ebd44", 0x3b}, {&(0x7f00000005c0)="b786bc4294b02f59a1cb691b04822a3154b2b17f39", 0x15}], 0x2, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x14}], 0x1, 0x800)
recvmsg(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000000380)=""/4, 0x4}, {&(0x7f0000000540)=""/113, 0x71}], 0x2}, 0x40000000)
recvfrom$inet6(r9, &(0x7f0000000480)=""/201, 0xc9, 0x10100, &(0x7f0000000340)={0xa, 0x4e22, 0x5, @rand_addr=' \x01\x00', 0x4}, 0x1c)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r6)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="01000000000000000040010000000000000101410000001c001700060000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1c, r13, 0x800, 0x70bd25, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={0x38, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x142}]]}, 0x38}}, 0x0)

1.227270533s ago: executing program 1 (id=1244):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0xc, 0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000000008008500000017000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0xc, 0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000000008008500000017000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001100)=@delchain={0x3c, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x44044)

1.172555272s ago: executing program 0 (id=1245):
r0 = socket(0x10, 0x80003, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0xf1ff, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000620100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

1.154231059s ago: executing program 4 (id=1246):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x400, 0x70bd2c, 0x4, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40040)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002d6204f7f03", @ANYRES32=r3, @ANYBLOB="0c00990000000000000000000800260043170000"], 0x30}, 0x1, 0x0, 0x0, 0xc804}, 0x0)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x4c}}, 0x0)
sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r6, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@GTPA_FAMILY={0x5, 0xd, 0x11}, @GTPA_LINK={0x8, 0x1, r9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4805}, 0x20000000)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)
sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001e80)={&(0x7f0000001a40)=ANY=[@ANYBLOB="10000000f203"], 0x420}}, 0x0)

965.014685ms ago: executing program 1 (id=1247):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000001000)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="08000b000000000008000200ac14"], 0x54}}, 0x0)

964.629042ms ago: executing program 0 (id=1248):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffeffffff7f7e, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)}], 0x1}}], 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000005380)=""/231, 0xe7, 0x0, 0x0}, &(0x7f00000064c0)=0x40)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
close(r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
close(r0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
sendmsg$key(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x2, 0x16, 0x72, 0x9, 0x4, 0x0, 0x70bd27, 0x25dfdbfc, [@sadb_x_sa2={0x2, 0x13, 0xbd, 0x0, 0x0, 0x70bd27}]}, 0x20}}, 0x20000884)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth0\x00', <r5=>0x0})
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000004c0)={r5, 0x3, 0x6, @remote}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x400000000000000, 0x0, 0x4000000}, 0x20048054)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

962.062329ms ago: executing program 2 (id=1249):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, 0x0, 0x0)

851.265738ms ago: executing program 4 (id=1250):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)

773.155235ms ago: executing program 2 (id=1251):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

742.740273ms ago: executing program 1 (id=1252):
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000001700)={0x58, r2, 0x801, 0x0, 0xffffffff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0c}]}]}, 0x58}}, 0x0)
r5 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3e, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r0, 0x5)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001b1401002abdd444d446df25080001000000000009"], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)

683.344426ms ago: executing program 4 (id=1253):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, 0x0)

529.274057ms ago: executing program 2 (id=1254):
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={<r1=>r0})
bind$xdp(r1, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x12)
r3 = socket(0xf, 0x2, 0xfffffff8)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r4, @ANYRES32=r2, @ANYRESHEX=r2], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="440000001000090600000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a7ffa89b74aff7adc01c2e8009010100766c616e004d8c000c0002800600010001613d1100000008000500461228e56061", @ANYRES32=r7, @ANYBLOB="10c63f9e5ea4fc3b01b95c92a8cf1098f26ea857dfa61b833e44c259ecebbd9293090d0000000000009a568d07c7e9bf55464e1d00000000"], 0x44}}, 0x0)
r8 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @dev, <r9=>0x0}, &(0x7f0000000080)=0xc)
socketpair(0x25, 0xa, 0x4, &(0x7f0000000000)={<r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r11, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r11, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r11, 0x84, 0x10, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a8000000", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25890000000c00990005005bcd3c00000088001d8048000080050009000000000005000a000100000005000c000200000005000900000000000c0003000100000000000000050007006d00000005000c000000000005000b0001000000180000800400040005000b000100000005000c00010000001800008005000900000000000c000300f9ffffffffffffff0c000080050008008e000000"], 0xa8}, 0x1, 0x0, 0x0, 0x200000b4}, 0x24040000)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003700010324bd700279dbdf2506"], 0x14}, 0x1, 0x0, 0x0, 0x4004004}, 0x40)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
splice(r13, 0x0, r14, 0x0, 0x1, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r14, 0x541b, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000001de6a79b9202ef0e3010100000f9156a6a100366a616a9ced49cf23c50fd91da308cc03b949a14cd64d1b27ca101e771702d22621a8271a1df79cc8190388d2bc6329e84a174110eff480a3c360f7fd561521ecf9026fb12d1aa98ffecd0960e59370dd67126a02226d06d7d7234fea5f750f310a29258b8c7dbea7b51c999ca55d1f976b337ced4e7db836a2234f", @ANYRES32=0x1, @ANYBLOB="0600"/20, @ANYRES32=r9, @ANYRES32=r14, @ANYBLOB="03000000020000000200"/28], 0x50)

467.708296ms ago: executing program 1 (id=1255):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0x14, 0x30, 0x1, 0x2, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)

367.223562ms ago: executing program 4 (id=1256):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x2, @rand_addr=0x64010102}]}, &(0x7f0000000280)=0x10)
socket$inet(0x2, 0x80001, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={r3, 0x0, 0x79}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7a}, 0x8)

151.736311ms ago: executing program 4 (id=1257):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="000000000980ffff", 0x8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038340300000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000008030380040300800800034000000002100002800c00028008000180000000000c000440", @ANYBLOB='FQLk'], 0x3c8}, 0x1, 0x0, 0x0, 0x4}, 0x50)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@ipv6_newnexthop={0x30, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x8}, @NHA_ENCAP={0x8, 0x8, 0x0, 0x1, @MPLS_IPTUNNEL_DST={0x4}}, @NHA_OIF={0x8}]}, 0x30}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=@ipv6_getnetconf={0x1c, 0x52, 0x4, 0x70bd27, 0x25dfdbfb, {}, [@NETCONFA_RP_FILTER={0x8, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x20040010)

0s ago: executing program 1 (id=1258):
r0 = socket$kcm(0xa, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$netlink(0xffffffffffffffff, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x10}, 0xc)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000080)=@get={0x1, &(0x7f0000002380)=""/4096, 0x80})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x2, <r3=>0x0}, 0x8)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1a, &(0x7f0000000300)=@raw=[@generic={0x6, 0xd, 0x1, 0xa, 0x3ff}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffff9}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @alu={0x4, 0x1, 0x3, 0x6, 0xa, 0xfffffffffffffff0, 0x10}, @tail_call, @cb_func={0x18, 0x5, 0x4, 0x0, 0x7}], &(0x7f0000000280)='syzkaller\x00', 0x8, 0x43, &(0x7f0000000400)=""/67, 0x40f00, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f00000004c0)=[0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000500)=[{0x5, 0x4, 0x8}, {0x2, 0x1, 0x1, 0x4}, {0x5, 0x1, 0x7, 0x2}, {0x0, 0x5, 0xb, 0x2}], 0x10, 0xb06}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0x9, &(0x7f0000000180)=@raw=[@call={0x85, 0x0, 0x0, 0x60}, @jmp={0x5, 0x1, 0xd, 0x6, 0x9, 0x100, 0xffffffffffffffff}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x81}, @generic={0x0, 0x0, 0x7, 0x8, 0x7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_fd={0x18, 0x8, 0x1, 0x0, r1}], &(0x7f0000000080)='GPL\x00', 0x3634, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0x9, 0x2968, 0x5}, 0x10, r3, r4, 0x6, 0x0, &(0x7f0000000680)=[{0x0, 0x4, 0xd, 0x6}, {0x3, 0x5, 0xe, 0x5}, {0x3, 0x2, 0x6, 0x7}, {0x3, 0x2, 0x4, 0x6}, {0x4, 0x3, 0xd, 0xb}, {0x0, 0x4, 0xb, 0x1}], 0x10, 0x4}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)='G', 0x1}], 0x1, &(0x7f0000000640)=[{0x10, 0x84, 0x8}, {0x18, 0x84, 0x0, 'b'}], 0x28}, 0x41)
socket$igmp6(0xa, 0x3, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @sit={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x40}}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x89}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x17}]}}}]}, 0x50}}, 0x0)

kernel console output (not intermixed with test programs):

0 48
[  134.546736][ T6897] RSP: 002b:00007ff4a2821030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  134.546758][ T6897] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198d33c
[  134.546772][ T6897] RDX: 000000000000000f RSI: 00007ff4a28210a0 RDI: 0000000000000004
[  134.546784][ T6897] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  134.546796][ T6897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.546807][ T6897] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  134.546840][ T6897]  </TASK>
[  135.040572][ T6908] netlink: 'syz.0.309': attribute type 1 has an invalid length.
[  135.049610][ T6908] __nla_validate_parse: 3 callbacks suppressed
[  135.049631][ T6908] netlink: 600 bytes leftover after parsing attributes in process `syz.0.309'.
[  135.078168][ T6908] IPv6: NLM_F_CREATE should be specified when creating new route
[  135.088147][ T6908] netlink: 6 bytes leftover after parsing attributes in process `syz.0.309'.
[  135.343331][ T6920] Timeout policy `syz0' can only be used by L3 protocol number 8939
[  135.391862][ T6923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.316'.
[  135.411218][ T6923] netlink: 12 bytes leftover after parsing attributes in process `syz.1.316'.
[  135.542985][ T6925] Bluetooth: MGMT ver 1.23
[  135.721082][ T6934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.319'.
[  135.808602][ T6934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.319'.
[  135.858433][ T6934] netlink: 'syz.4.319': attribute type 1 has an invalid length.
[  135.880800][ T6934] netlink: 228 bytes leftover after parsing attributes in process `syz.4.319'.
[  136.046764][ T6948] netlink: 32 bytes leftover after parsing attributes in process `syz.1.323'.
[  136.098474][ T6948] netlink: 48 bytes leftover after parsing attributes in process `syz.1.323'.
[  136.134950][ T6948] netlink: 48 bytes leftover after parsing attributes in process `syz.1.323'.
[  136.190198][ T6951] bridge0: port 3(erspan0) entered blocking state
[  136.197767][ T6951] bridge0: port 3(erspan0) entered disabled state
[  136.211278][ T6951] erspan0: entered allmulticast mode
[  136.241314][ T6951] erspan0: entered promiscuous mode
[  136.245323][ T6958] No such timeout policy "syz0"
[  136.296413][ T6951] bridge0: port 3(erspan0) entered blocking state
[  136.303546][ T6951] bridge0: port 3(erspan0) entered forwarding state
[  136.325250][ T6956] erspan0: left allmulticast mode
[  136.372358][ T6956] erspan0: left promiscuous mode
[  136.379003][ T6956] bridge0: port 3(erspan0) entered disabled state
[  136.505469][ T6964] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0
[  136.619008][ T6968] netlink: 'syz.3.331': attribute type 13 has an invalid length.
[  137.674686][ T6994] netlink: 'syz.1.337': attribute type 1 has an invalid length.
[  137.688018][ T6996] No such timeout policy "syz0"
[  137.991176][ T6994] team0 (unregistering): Port device team_slave_0 removed
[  138.031000][ T6994] team0 (unregistering): Port device team_slave_1 removed
[  138.269747][ T1314] wlan1: Trigger new scan to find an IBSS to join
[  138.289372][ T7013] veth0: entered promiscuous mode
[  138.311982][ T7013] macsec1: entered allmulticast mode
[  138.341483][ T7013] veth0: entered allmulticast mode
[  138.403174][ T7013] veth0: left allmulticast mode
[  138.408227][ T7013] veth0: left promiscuous mode
[  138.422057][ T7022] No such timeout policy "syz0"
[  138.745980][ T7029] FAULT_INJECTION: forcing a failure.
[  138.745980][ T7029] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.777026][ T7029] CPU: 0 UID: 0 PID: 7029 Comm: syz.3.353 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  138.777057][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.777068][ T7029] Call Trace:
[  138.777077][ T7029]  <TASK>
[  138.777086][ T7029]  dump_stack_lvl+0x189/0x250
[  138.777122][ T7029]  ? __pfx____ratelimit+0x10/0x10
[  138.777145][ T7029]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.777175][ T7029]  ? __pfx__printk+0x10/0x10
[  138.777197][ T7029]  ? __might_fault+0xb0/0x130
[  138.777240][ T7029]  should_fail_ex+0x414/0x560
[  138.777282][ T7029]  _copy_to_iter+0x1db/0x16f0
[  138.777309][ T7029]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  138.777330][ T7029]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.777355][ T7029]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  138.777376][ T7029]  ? __pfx__copy_to_iter+0x10/0x10
[  138.777400][ T7029]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  138.777436][ T7029]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  138.777473][ T7029]  __skb_datagram_iter+0xf8/0x990
[  138.777504][ T7029]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  138.777543][ T7029]  skb_copy_datagram_iter+0xc5/0x230
[  138.777578][ T7029]  netlink_recvmsg+0x2ab/0xa30
[  138.777619][ T7029]  ? __pfx_netlink_recvmsg+0x10/0x10
[  138.777649][ T7029]  ? aa_sock_msg_perm+0x94/0x160
[  138.777676][ T7029]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  138.777699][ T7029]  ? security_socket_recvmsg+0x7e/0x2e0
[  138.777728][ T7029]  ? __pfx_netlink_recvmsg+0x10/0x10
[  138.777752][ T7029]  sock_recvmsg+0x229/0x270
[  138.777779][ T7029]  __sys_recvfrom+0x1f6/0x340
[  138.777808][ T7029]  ? __pfx___sys_recvfrom+0x10/0x10
[  138.777846][ T7029]  ? count_memcg_event_mm+0x21/0x260
[  138.777895][ T7029]  ? rcu_is_watching+0x15/0xb0
[  138.777930][ T7029]  __x64_sys_recvfrom+0xde/0x100
[  138.777960][ T7029]  do_syscall_64+0xfa/0x3b0
[  138.777981][ T7029]  ? lockdep_hardirqs_on+0x9c/0x150
[  138.778001][ T7029]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.778020][ T7029]  ? clear_bhb_loop+0x60/0xb0
[  138.778044][ T7029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.778062][ T7029] RIP: 0033:0x7fdb09d906f4
[  138.778081][ T7029] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[  138.778096][ T7029] RSP: 002b:00007fdb0ab28ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  138.778118][ T7029] RAX: ffffffffffffffda RBX: 00007fdb0ab28fc0 RCX: 00007fdb09d906f4
[  138.778132][ T7029] RDX: 0000000000001000 RSI: 00007fdb0ab29010 RDI: 0000000000000005
[  138.778144][ T7029] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  138.778155][ T7029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  138.778166][ T7029] R13: 00007fdb0ab28f68 R14: 00007fdb0ab29010 R15: 0000000000000000
[  138.778199][ T7029]  </TASK>
[  139.508724][ T7052] netlink: 'syz.1.359': attribute type 1 has an invalid length.
[  140.093645][ T7080] FAULT_INJECTION: forcing a failure.
[  140.093645][ T7080] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.147292][ T7080] CPU: 0 UID: 0 PID: 7080 Comm: syz.1.368 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  140.147323][ T7080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.147335][ T7080] Call Trace:
[  140.147343][ T7080]  <TASK>
[  140.147352][ T7080]  dump_stack_lvl+0x189/0x250
[  140.147388][ T7080]  ? __pfx____ratelimit+0x10/0x10
[  140.147411][ T7080]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.147440][ T7080]  ? __pfx__printk+0x10/0x10
[  140.147462][ T7080]  ? __might_fault+0xb0/0x130
[  140.147503][ T7080]  should_fail_ex+0x414/0x560
[  140.147534][ T7080]  _copy_from_user+0x2d/0xb0
[  140.147554][ T7080]  ___sys_sendmsg+0x158/0x2a0
[  140.147586][ T7080]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.147658][ T7080]  ? __fget_files+0x2a/0x420
[  140.147678][ T7080]  ? __fget_files+0x3a0/0x420
[  140.147712][ T7080]  __x64_sys_sendmsg+0x19b/0x260
[  140.147743][ T7080]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  140.147782][ T7080]  ? __pfx_ksys_write+0x10/0x10
[  140.147808][ T7080]  ? rcu_is_watching+0x15/0xb0
[  140.147844][ T7080]  ? do_syscall_64+0xbe/0x3b0
[  140.147872][ T7080]  do_syscall_64+0xfa/0x3b0
[  140.147893][ T7080]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.147914][ T7080]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.147933][ T7080]  ? clear_bhb_loop+0x60/0xb0
[  140.147958][ T7080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.147977][ T7080] RIP: 0033:0x7ff4a198e929
[  140.147995][ T7080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.148012][ T7080] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.148035][ T7080] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  140.148048][ T7080] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  140.148061][ T7080] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  140.148073][ T7080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.148084][ T7080] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  140.148118][ T7080]  </TASK>
[  140.472997][ T7090] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  140.760834][ T7099] FAULT_INJECTION: forcing a failure.
[  140.760834][ T7099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.796221][ T7099] CPU: 0 UID: 0 PID: 7099 Comm: syz.1.374 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  140.796252][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.796273][ T7099] Call Trace:
[  140.796281][ T7099]  <TASK>
[  140.796290][ T7099]  dump_stack_lvl+0x189/0x250
[  140.796326][ T7099]  ? __pfx____ratelimit+0x10/0x10
[  140.796349][ T7099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.796379][ T7099]  ? __pfx__printk+0x10/0x10
[  140.796400][ T7099]  ? __might_fault+0xb0/0x130
[  140.796443][ T7099]  should_fail_ex+0x414/0x560
[  140.796474][ T7099]  _copy_from_user+0x2d/0xb0
[  140.796493][ T7099]  hidp_sock_ioctl+0x257/0x560
[  140.796518][ T7099]  ? __pfx_hidp_sock_ioctl+0x10/0x10
[  140.796590][ T7099]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  140.796615][ T7099]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  140.796649][ T7099]  sock_do_ioctl+0xd9/0x300
[  140.796674][ T7099]  ? __pfx_sock_do_ioctl+0x10/0x10
[  140.796691][ T7099]  ? __lock_acquire+0xab9/0xd20
[  140.796737][ T7099]  sock_ioctl+0x576/0x790
[  140.796759][ T7099]  ? __pfx_sock_ioctl+0x10/0x10
[  140.796779][ T7099]  ? __fget_files+0x2a/0x420
[  140.796799][ T7099]  ? __fget_files+0x3a0/0x420
[  140.796819][ T7099]  ? __fget_files+0x2a/0x420
[  140.796844][ T7099]  ? bpf_lsm_file_ioctl+0x9/0x20
[  140.796871][ T7099]  ? __pfx_sock_ioctl+0x10/0x10
[  140.796890][ T7099]  __se_sys_ioctl+0xfc/0x170
[  140.796921][ T7099]  do_syscall_64+0xfa/0x3b0
[  140.796943][ T7099]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.796964][ T7099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.796984][ T7099]  ? clear_bhb_loop+0x60/0xb0
[  140.797008][ T7099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.797027][ T7099] RIP: 0033:0x7ff4a198e929
[  140.797045][ T7099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.797062][ T7099] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  140.797085][ T7099] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  140.797100][ T7099] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000005
[  140.797113][ T7099] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  140.797124][ T7099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.797136][ T7099] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  140.797168][ T7099]  </TASK>
[  141.615208][ T7122] x_tables: duplicate underflow at hook 3
[  141.818645][ T7129] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  141.838329][ T7132] FAULT_INJECTION: forcing a failure.
[  141.838329][ T7132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.893019][ T7132] CPU: 1 UID: 0 PID: 7132 Comm: syz.1.390 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  141.893049][ T7132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.893060][ T7132] Call Trace:
[  141.893069][ T7132]  <TASK>
[  141.893077][ T7132]  dump_stack_lvl+0x189/0x250
[  141.893112][ T7132]  ? __pfx____ratelimit+0x10/0x10
[  141.893135][ T7132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.893165][ T7132]  ? __pfx__printk+0x10/0x10
[  141.893186][ T7132]  ? __might_fault+0xb0/0x130
[  141.893229][ T7132]  should_fail_ex+0x414/0x560
[  141.893258][ T7132]  _copy_from_user+0x2d/0xb0
[  141.893278][ T7132]  sock_do_ioctl+0x182/0x300
[  141.893302][ T7132]  ? __pfx_sock_do_ioctl+0x10/0x10
[  141.893329][ T7132]  ? __lock_acquire+0xab9/0xd20
[  141.893374][ T7132]  sock_ioctl+0x576/0x790
[  141.893396][ T7132]  ? __pfx_sock_ioctl+0x10/0x10
[  141.893415][ T7132]  ? __fget_files+0x2a/0x420
[  141.893435][ T7132]  ? __fget_files+0x3a0/0x420
[  141.893454][ T7132]  ? __fget_files+0x2a/0x420
[  141.893479][ T7132]  ? bpf_lsm_file_ioctl+0x9/0x20
[  141.893504][ T7132]  ? __pfx_sock_ioctl+0x10/0x10
[  141.893523][ T7132]  __se_sys_ioctl+0xfc/0x170
[  141.893553][ T7132]  do_syscall_64+0xfa/0x3b0
[  141.893574][ T7132]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.893595][ T7132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.893615][ T7132]  ? clear_bhb_loop+0x60/0xb0
[  141.893639][ T7132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.893657][ T7132] RIP: 0033:0x7ff4a198e929
[  141.893677][ T7132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.893693][ T7132] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  141.893716][ T7132] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  141.893730][ T7132] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000004
[  141.893742][ T7132] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  141.893754][ T7132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.893765][ T7132] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  141.893798][ T7132]  </TASK>
[  142.271905][ T3513] wlan1: Trigger new scan to find an IBSS to join
[  142.312515][ T7139] __nla_validate_parse: 14 callbacks suppressed
[  142.312539][ T7139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.379'.
[  142.526200][ T7150] netlink: 'syz.0.394': attribute type 29 has an invalid length.
[  143.180747][ T7173] pimreg: entered allmulticast mode
[  143.287372][ T3513] wlan1: Creating new IBSS network, BSSID 8e:0a:db:23:46:cb
[  143.949719][ T7200] netlink: 'syz.4.415': attribute type 64 has an invalid length.
[  144.424046][ T5914] IPVS: starting estimator thread 0...
[  144.446384][ T7216] netlink: 'syz.3.420': attribute type 1 has an invalid length.
[  144.496727][ T7216] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.420'.
[  144.522567][ T7218] IPVS: using max 22 ests per chain, 52800 per kthread
[  144.535500][ T7225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.422'.
[  144.587568][ T7225] netlink: 20 bytes leftover after parsing attributes in process `syz.0.422'.
[  144.656196][ T7225] netlink: 'syz.0.422': attribute type 1 has an invalid length.
[  144.669045][ T7225] netlink: 228 bytes leftover after parsing attributes in process `syz.0.422'.
[  144.733620][ T7226] netlink: 28 bytes leftover after parsing attributes in process `syz.2.412'.
[  145.505633][ T7258] bridge0: port 3(erspan0) entered blocking state
[  145.521540][ T7258] bridge0: port 3(erspan0) entered disabled state
[  145.526398][ T7252] netlink: 'syz.4.431': attribute type 1 has an invalid length.
[  145.532590][ T7258] erspan0: entered allmulticast mode
[  145.535924][ T7252] netlink: 224 bytes leftover after parsing attributes in process `syz.4.431'.
[  145.546163][ T7258] erspan0: entered promiscuous mode
[  145.557031][ T7258] bridge0: port 3(erspan0) entered blocking state
[  145.563600][ T7258] bridge0: port 3(erspan0) entered forwarding state
[  145.870539][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'.
[  145.891521][ T7273] netlink: 20 bytes leftover after parsing attributes in process `syz.0.437'.
[  145.927621][ T7273] netlink: 'syz.0.437': attribute type 1 has an invalid length.
[  145.957053][ T7273] netlink: 228 bytes leftover after parsing attributes in process `syz.0.437'.
[  146.661313][ T7296] FAULT_INJECTION: forcing a failure.
[  146.661313][ T7296] name failslab, interval 1, probability 0, space 0, times 0
[  146.684104][ T7296] CPU: 1 UID: 0 PID: 7296 Comm: syz.2.445 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  146.684135][ T7296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.684146][ T7296] Call Trace:
[  146.684154][ T7296]  <TASK>
[  146.684163][ T7296]  dump_stack_lvl+0x189/0x250
[  146.684198][ T7296]  ? __pfx____ratelimit+0x10/0x10
[  146.684219][ T7296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.684248][ T7296]  ? __pfx__printk+0x10/0x10
[  146.684288][ T7296]  ? ref_tracker_alloc+0x318/0x460
[  146.684316][ T7296]  should_fail_ex+0x414/0x560
[  146.684351][ T7296]  should_failslab+0xa8/0x100
[  146.684374][ T7296]  kmem_cache_alloc_noprof+0x73/0x3c0
[  146.684404][ T7296]  ? skb_clone+0x212/0x3a0
[  146.684437][ T7296]  skb_clone+0x212/0x3a0
[  146.684470][ T7296]  __netlink_deliver_tap+0x404/0x850
[  146.684508][ T7296]  ? netlink_deliver_tap+0x2e/0x1b0
[  146.684534][ T7296]  netlink_deliver_tap+0x19c/0x1b0
[  146.684559][ T7296]  netlink_unicast+0x72f/0x8d0
[  146.684594][ T7296]  netlink_sendmsg+0x805/0xb30
[  146.684628][ T7296]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.684657][ T7296]  ? aa_sock_msg_perm+0x94/0x160
[  146.684683][ T7296]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  146.684705][ T7296]  ? __pfx_netlink_sendmsg+0x10/0x10
[  146.684729][ T7296]  __sock_sendmsg+0x219/0x270
[  146.684754][ T7296]  ____sys_sendmsg+0x505/0x830
[  146.684787][ T7296]  ? __pfx_____sys_sendmsg+0x10/0x10
[  146.684822][ T7296]  ? import_iovec+0x74/0xa0
[  146.684845][ T7296]  ___sys_sendmsg+0x21f/0x2a0
[  146.684874][ T7296]  ? __pfx____sys_sendmsg+0x10/0x10
[  146.684944][ T7296]  ? __fget_files+0x2a/0x420
[  146.684964][ T7296]  ? __fget_files+0x3a0/0x420
[  146.684998][ T7296]  __x64_sys_sendmsg+0x19b/0x260
[  146.685028][ T7296]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  146.685066][ T7296]  ? __pfx_ksys_write+0x10/0x10
[  146.685092][ T7296]  ? rcu_is_watching+0x15/0xb0
[  146.685125][ T7296]  ? do_syscall_64+0xbe/0x3b0
[  146.685154][ T7296]  do_syscall_64+0xfa/0x3b0
[  146.685175][ T7296]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.685196][ T7296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.685216][ T7296]  ? clear_bhb_loop+0x60/0xb0
[  146.685241][ T7296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.685260][ T7296] RIP: 0033:0x7f7062d8e929
[  146.685288][ T7296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.685305][ T7296] RSP: 002b:00007f7063ccd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  146.685327][ T7296] RAX: ffffffffffffffda RBX: 00007f7062fb5fa0 RCX: 00007f7062d8e929
[  146.685342][ T7296] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  146.685355][ T7296] RBP: 00007f7063ccd090 R08: 0000000000000000 R09: 0000000000000000
[  146.685366][ T7296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.685378][ T7296] R13: 0000000000000000 R14: 00007f7062fb5fa0 R15: 00007ffd5455dbe8
[  146.685413][ T7296]  </TASK>
[  147.074790][ T7298] bridge0: port 3(erspan0) entered blocking state
[  147.081544][ T7298] bridge0: port 3(erspan0) entered disabled state
[  147.112558][ T7298] erspan0: entered allmulticast mode
[  147.151046][ T7298] erspan0: entered promiscuous mode
[  147.177622][ T7298] bridge0: port 3(erspan0) entered blocking state
[  147.184259][ T7298] bridge0: port 3(erspan0) entered forwarding state
[  147.247726][ T7302] erspan0: left allmulticast mode
[  147.274883][ T7302] erspan0: left promiscuous mode
[  147.303565][ T7302] bridge0: port 3(erspan0) entered disabled state
[  147.372275][ T7310] __nla_validate_parse: 1 callbacks suppressed
[  147.372296][ T7310] netlink: 28 bytes leftover after parsing attributes in process `syz.3.441'.
[  147.619873][ T7318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.449'.
[  147.677867][ T7318] netlink: 20 bytes leftover after parsing attributes in process `syz.1.449'.
[  147.697755][ T7318] netlink: 'syz.1.449': attribute type 1 has an invalid length.
[  147.707199][ T7318] netlink: 228 bytes leftover after parsing attributes in process `syz.1.449'.
[  147.719563][ T7322] FAULT_INJECTION: forcing a failure.
[  147.719563][ T7322] name failslab, interval 1, probability 0, space 0, times 0
[  147.734712][ T7321] FAULT_INJECTION: forcing a failure.
[  147.734712][ T7321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.760142][ T7321] CPU: 1 UID: 0 PID: 7321 Comm: syz.4.451 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  147.760175][ T7321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.760195][ T7321] Call Trace:
[  147.760203][ T7321]  <TASK>
[  147.760212][ T7321]  dump_stack_lvl+0x189/0x250
[  147.760247][ T7321]  ? __pfx____ratelimit+0x10/0x10
[  147.760270][ T7321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.760300][ T7321]  ? __pfx__printk+0x10/0x10
[  147.760321][ T7321]  ? __might_fault+0xb0/0x130
[  147.760363][ T7321]  should_fail_ex+0x414/0x560
[  147.760393][ T7321]  _copy_from_user+0x2d/0xb0
[  147.760413][ T7321]  ____sys_sendmsg+0x2fe/0x830
[  147.760446][ T7321]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.760484][ T7321]  ? import_iovec+0x74/0xa0
[  147.760507][ T7321]  ___sys_sendmsg+0x21f/0x2a0
[  147.760537][ T7321]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.760605][ T7321]  ? __fget_files+0x2a/0x420
[  147.760626][ T7321]  ? __fget_files+0x3a0/0x420
[  147.760657][ T7321]  __sys_sendmmsg+0x227/0x430
[  147.760691][ T7321]  ? __pfx___sys_sendmmsg+0x10/0x10
[  147.760714][ T7321]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  147.760767][ T7321]  ? ksys_write+0x22a/0x250
[  147.760799][ T7321]  ? __pfx_ksys_write+0x10/0x10
[  147.760825][ T7321]  ? rcu_is_watching+0x15/0xb0
[  147.760862][ T7321]  __x64_sys_sendmmsg+0xa0/0xc0
[  147.760892][ T7321]  do_syscall_64+0xfa/0x3b0
[  147.760913][ T7321]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.760934][ T7321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.760952][ T7321]  ? clear_bhb_loop+0x60/0xb0
[  147.760977][ T7321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.760995][ T7321] RIP: 0033:0x7f418e58e929
[  147.761013][ T7321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.761029][ T7321] RSP: 002b:00007f418f4b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  147.761051][ T7321] RAX: ffffffffffffffda RBX: 00007f418e7b5fa0 RCX: 00007f418e58e929
[  147.761065][ T7321] RDX: 0000000000000002 RSI: 0000200000000940 RDI: 0000000000000003
[  147.761077][ T7321] RBP: 00007f418f4b6090 R08: 0000000000000000 R09: 0000000000000000
[  147.761095][ T7321] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  147.761107][ T7321] R13: 0000000000000000 R14: 00007f418e7b5fa0 R15: 00007fff8df39fb8
[  147.761140][ T7321]  </TASK>
[  147.996764][ T7322] CPU: 0 UID: 0 PID: 7322 Comm: syz.0.450 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  147.996794][ T7322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.996805][ T7322] Call Trace:
[  147.996813][ T7322]  <TASK>
[  147.996821][ T7322]  dump_stack_lvl+0x189/0x250
[  147.996857][ T7322]  ? __pfx____ratelimit+0x10/0x10
[  147.996878][ T7322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.996907][ T7322]  ? __pfx__printk+0x10/0x10
[  147.996933][ T7322]  ? __pfx___might_resched+0x10/0x10
[  147.996967][ T7322]  should_fail_ex+0x414/0x560
[  147.996995][ T7322]  should_failslab+0xa8/0x100
[  147.997017][ T7322]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  147.997047][ T7322]  ? __alloc_skb+0x112/0x2d0
[  147.997075][ T7322]  __alloc_skb+0x112/0x2d0
[  147.997103][ T7322]  udp_dump_one+0x595/0x840
[  147.997128][ T7322]  ? udp_dump_one+0xe9/0x840
[  147.997147][ T7322]  ? __pfx_udp_dump_one+0x10/0x10
[  147.997168][ T7322]  ? inet_diag_lock_handler+0x8b/0x2c0
[  147.997205][ T7322]  inet_diag_cmd_exact+0x3d5/0x4e0
[  147.997224][ T7322]  ? __dev_queue_xmit+0x27e/0x3a70
[  147.997257][ T7322]  ? __pfx_inet_diag_cmd_exact+0x10/0x10
[  147.997274][ T7322]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  147.997328][ T7322]  ? __lock_acquire+0xab9/0xd20
[  147.997361][ T7322]  inet_diag_handler_cmd+0x1e6/0x290
[  147.997384][ T7322]  ? __pfx_inet_diag_handler_cmd+0x10/0x10
[  147.997409][ T7322]  ? sock_diag_lock_handler+0x19/0x290
[  147.997429][ T7322]  ? sock_diag_lock_handler+0x19/0x290
[  147.997455][ T7322]  sock_diag_rcv_msg+0x4cc/0x600
[  147.997481][ T7322]  netlink_rcv_skb+0x208/0x470
[  147.997501][ T7322]  ? rcu_is_watching+0x15/0xb0
[  147.997529][ T7322]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  147.997552][ T7322]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  147.997589][ T7322]  ? netlink_deliver_tap+0x2e/0x1b0
[  147.997619][ T7322]  netlink_unicast+0x75b/0x8d0
[  147.997651][ T7322]  netlink_sendmsg+0x805/0xb30
[  147.997683][ T7322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.997709][ T7322]  ? aa_sock_msg_perm+0x94/0x160
[  147.997733][ T7322]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  147.997756][ T7322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.997786][ T7322]  __sock_sendmsg+0x219/0x270
[  147.997810][ T7322]  sock_write_iter+0x258/0x330
[  147.997832][ T7322]  ? __pfx_sock_write_iter+0x10/0x10
[  147.997866][ T7322]  ? __pfx_aa_file_perm+0x10/0x10
[  147.997897][ T7322]  do_iter_readv_writev+0x56e/0x7f0
[  147.997922][ T7322]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  147.997947][ T7322]  ? bpf_lsm_file_permission+0x9/0x20
[  147.997972][ T7322]  ? security_file_permission+0x75/0x290
[  147.997994][ T7322]  ? rw_verify_area+0x258/0x650
[  147.998025][ T7322]  vfs_writev+0x31a/0x960
[  147.998053][ T7322]  ? __lock_acquire+0xab9/0xd20
[  147.998080][ T7322]  ? __pfx_vfs_writev+0x10/0x10
[  147.998117][ T7322]  ? __fget_files+0x2a/0x420
[  147.998141][ T7322]  ? __fget_files+0x3a0/0x420
[  147.998159][ T7322]  ? __fget_files+0x2a/0x420
[  147.998200][ T7322]  do_writev+0x14d/0x2d0
[  147.998225][ T7322]  ? __pfx_do_writev+0x10/0x10
[  147.998243][ T7322]  ? rcu_is_watching+0x15/0xb0
[  147.998275][ T7322]  ? do_syscall_64+0xbe/0x3b0
[  147.998303][ T7322]  do_syscall_64+0xfa/0x3b0
[  147.998323][ T7322]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.998343][ T7322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.998360][ T7322]  ? clear_bhb_loop+0x60/0xb0
[  147.998384][ T7322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.998403][ T7322] RIP: 0033:0x7f476438e929
[  147.998421][ T7322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.998436][ T7322] RSP: 002b:00007f4765167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  147.998458][ T7322] RAX: ffffffffffffffda RBX: 00007f47645b5fa0 RCX: 00007f476438e929
[  147.998472][ T7322] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000004
[  147.998483][ T7322] RBP: 00007f4765167090 R08: 0000000000000000 R09: 0000000000000000
[  147.998494][ T7322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.998505][ T7322] R13: 0000000000000000 R14: 00007f47645b5fa0 R15: 00007ffd05751108
[  147.998533][ T7322]  </TASK>
[  148.771017][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'.
[  148.861273][ T7336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'.
[  148.916695][ T7333] erspan0: entered promiscuous mode
[  148.962704][ T7333] macvtap1: entered promiscuous mode
[  148.985877][ T7333] macvtap1: entered allmulticast mode
[  149.018926][ T7333] erspan0: entered allmulticast mode
[  149.065569][ T7336] erspan0: left allmulticast mode
[  149.083750][ T7336] erspan0: left promiscuous mode
[  149.227866][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.3.457'.
[  149.654806][ T7355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.463'.
[  149.736244][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.464'.
[  149.796142][ T7362] netlink: 16 bytes leftover after parsing attributes in process `syz.3.464'.
[  149.849403][ T7362] netlink: 'syz.3.464': attribute type 1 has an invalid length.
[  149.897641][ T7364] netlink: 'syz.0.466': attribute type 11 has an invalid length.
[  151.506625][ T7413] bridge0: port 3(erspan0) entered blocking state
[  151.522477][ T7413] bridge0: port 3(erspan0) entered disabled state
[  151.572888][ T7413] erspan0: entered allmulticast mode
[  151.579655][ T7413] erspan0: entered promiscuous mode
[  151.585805][ T7413] bridge0: port 3(erspan0) entered blocking state
[  151.592436][ T7413] bridge0: port 3(erspan0) entered forwarding state
[  151.605959][ T7417] bridge0: port 3(erspan0) entered blocking state
[  151.618713][ T7417] bridge0: port 3(erspan0) entered disabled state
[  151.625899][ T7417] erspan0: entered allmulticast mode
[  151.633436][ T7417] erspan0: entered promiscuous mode
[  151.640008][ T7417] bridge0: port 3(erspan0) entered blocking state
[  151.646845][ T7417] bridge0: port 3(erspan0) entered forwarding state
[  151.663385][ T7421] erspan0: left allmulticast mode
[  151.674428][ T7421] erspan0: left promiscuous mode
[  151.681659][ T7421] bridge0: port 3(erspan0) entered disabled state
[  151.700274][ T7414] netlink: 'syz.0.481': attribute type 1 has an invalid length.
[  152.080818][ T7433] !
: renamed from dummy0 (while UP)
[  152.244512][   T10] IPVS: starting estimator thread 0...
[  152.257808][ T7445] netlink: 'syz.2.489': attribute type 1 has an invalid length.
[  152.362340][ T7447] IPVS: using max 32 ests per chain, 76800 per kthread
[  152.551849][ T7459] __nla_validate_parse: 8 callbacks suppressed
[  152.551871][ T7459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.493'.
[  152.878245][ T7471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.498'.
[  152.927811][ T7471] netlink: 16 bytes leftover after parsing attributes in process `syz.1.498'.
[  153.032990][ T7471] netlink: 'syz.1.498': attribute type 1 has an invalid length.
[  153.047877][ T7471] netlink: 228 bytes leftover after parsing attributes in process `syz.1.498'.
[  153.642662][ T7491] tipc: Started in network mode
[  153.658044][ T7491] tipc: Node identity ac14140f, cluster identity 4711
[  153.678762][ T7491] tipc: New replicast peer: 255.255.255.31
[  153.699091][ T7491] tipc: Enabled bearer <udp:syz2>, priority 10
[  153.762799][ T7488] netlink: 28 bytes leftover after parsing attributes in process `syz.3.497'.
[  153.981470][ T7499] FAULT_INJECTION: forcing a failure.
[  153.981470][ T7499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.042343][ T7499] CPU: 0 UID: 0 PID: 7499 Comm: syz.1.507 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  154.042385][ T7499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.042397][ T7499] Call Trace:
[  154.042405][ T7499]  <TASK>
[  154.042414][ T7499]  dump_stack_lvl+0x189/0x250
[  154.042450][ T7499]  ? __pfx____ratelimit+0x10/0x10
[  154.042472][ T7499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.042502][ T7499]  ? __pfx__printk+0x10/0x10
[  154.042522][ T7499]  ? __might_fault+0xb0/0x130
[  154.042566][ T7499]  should_fail_ex+0x414/0x560
[  154.042596][ T7499]  _copy_from_user+0x2d/0xb0
[  154.042616][ T7499]  ___sys_sendmsg+0x158/0x2a0
[  154.042647][ T7499]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.042716][ T7499]  ? __fget_files+0x2a/0x420
[  154.042736][ T7499]  ? __fget_files+0x3a0/0x420
[  154.042769][ T7499]  __x64_sys_sendmsg+0x19b/0x260
[  154.042889][ T7499]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  154.042940][ T7499]  ? __pfx_ksys_write+0x10/0x10
[  154.042966][ T7499]  ? rcu_is_watching+0x15/0xb0
[  154.043002][ T7499]  ? do_syscall_64+0xbe/0x3b0
[  154.043032][ T7499]  do_syscall_64+0xfa/0x3b0
[  154.043052][ T7499]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.043074][ T7499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.043093][ T7499]  ? clear_bhb_loop+0x60/0xb0
[  154.043118][ T7499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.043137][ T7499] RIP: 0033:0x7ff4a198e929
[  154.043158][ T7499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.043174][ T7499] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.043198][ T7499] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  154.043213][ T7499] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000003
[  154.043225][ T7499] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  154.043237][ T7499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.043248][ T7499] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  154.043281][ T7499]  </TASK>
[  154.811673][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.512'.
[  154.822559][ T7475] tipc: Node number set to 2886997007
[  154.838698][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.512'.
[  154.926855][ T7517] netlink: 'syz.2.512': attribute type 1 has an invalid length.
[  154.944545][ T7517] netlink: 228 bytes leftover after parsing attributes in process `syz.2.512'.
[  155.515685][ T7541] erspan0: left allmulticast mode
[  155.526739][ T7541] erspan0: left promiscuous mode
[  155.542294][ T7541] bridge0: port 3(erspan0) entered disabled state
[  156.438182][ T7568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.529'.
[  156.522032][ T7571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.529'.
[  156.557264][ T7571] netlink: 'syz.2.529': attribute type 1 has an invalid length.
[  156.616607][ T7573] bridge0: port 3(erspan0) entered blocking state
[  156.654036][ T7573] bridge0: port 3(erspan0) entered disabled state
[  156.661815][ T7573] erspan0: entered allmulticast mode
[  156.694586][ T7573] erspan0: entered promiscuous mode
[  156.700682][ T7573] bridge0: port 3(erspan0) entered blocking state
[  156.707351][ T7573] bridge0: port 3(erspan0) entered forwarding state
[  156.767753][ T7577] erspan0: left allmulticast mode
[  156.782881][ T7577] erspan0: left promiscuous mode
[  156.799991][ T7577] bridge0: port 3(erspan0) entered disabled state
[  157.233355][ T7585] FAULT_INJECTION: forcing a failure.
[  157.233355][ T7585] name failslab, interval 1, probability 0, space 0, times 0
[  157.248510][ T7585] CPU: 1 UID: 0 PID: 7585 Comm: syz.0.533 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  157.248538][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  157.248549][ T7585] Call Trace:
[  157.248557][ T7585]  <TASK>
[  157.248565][ T7585]  dump_stack_lvl+0x189/0x250
[  157.248601][ T7585]  ? __pfx____ratelimit+0x10/0x10
[  157.248623][ T7585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.248652][ T7585]  ? __pfx__printk+0x10/0x10
[  157.248679][ T7585]  ? __pfx___might_resched+0x10/0x10
[  157.248714][ T7585]  should_fail_ex+0x414/0x560
[  157.248742][ T7585]  should_failslab+0xa8/0x100
[  157.248764][ T7585]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  157.248794][ T7585]  ? __alloc_skb+0x112/0x2d0
[  157.248823][ T7585]  __alloc_skb+0x112/0x2d0
[  157.248853][ T7585]  __ip6_append_data+0x2adb/0x3c50
[  157.248906][ T7585]  ? __pfx_raw6_getfrag+0x10/0x10
[  157.248945][ T7585]  ? ip6_mtu+0x7d/0x3f0
[  157.248975][ T7585]  ? __pfx___ip6_append_data+0x10/0x10
[  157.248999][ T7585]  ? __pfx_ip6_mtu+0x10/0x10
[  157.249034][ T7585]  ip6_append_data+0x1c4/0x380
[  157.249066][ T7585]  ? __pfx_raw6_getfrag+0x10/0x10
[  157.249088][ T7585]  rawv6_sendmsg+0x127a/0x1820
[  157.249150][ T7585]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  157.249176][ T7585]  ? __lock_acquire+0xab9/0xd20
[  157.249234][ T7585]  ? __pfx_aa_sk_perm+0x10/0x10
[  157.249262][ T7585]  ? sock_rps_record_flow+0x19/0x410
[  157.249286][ T7585]  ? inet_sendmsg+0x2f4/0x370
[  157.249305][ T7585]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  157.249335][ T7585]  __sock_sendmsg+0x19c/0x270
[  157.249360][ T7585]  ____sys_sendmsg+0x505/0x830
[  157.249396][ T7585]  ? __pfx_____sys_sendmsg+0x10/0x10
[  157.249435][ T7585]  ? import_iovec+0x74/0xa0
[  157.249459][ T7585]  ___sys_sendmsg+0x21f/0x2a0
[  157.249490][ T7585]  ? __pfx____sys_sendmsg+0x10/0x10
[  157.249562][ T7585]  ? __fget_files+0x2a/0x420
[  157.249583][ T7585]  ? __fget_files+0x3a0/0x420
[  157.249618][ T7585]  __x64_sys_sendmsg+0x19b/0x260
[  157.249649][ T7585]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  157.249689][ T7585]  ? __pfx_ksys_write+0x10/0x10
[  157.249716][ T7585]  ? rcu_is_watching+0x15/0xb0
[  157.249753][ T7585]  ? do_syscall_64+0xbe/0x3b0
[  157.249781][ T7585]  do_syscall_64+0xfa/0x3b0
[  157.249802][ T7585]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.249825][ T7585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.249845][ T7585]  ? clear_bhb_loop+0x60/0xb0
[  157.249869][ T7585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.249887][ T7585] RIP: 0033:0x7f476438e929
[  157.249905][ T7585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.249921][ T7585] RSP: 002b:00007f4765146038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  157.249945][ T7585] RAX: ffffffffffffffda RBX: 00007f47645b6080 RCX: 00007f476438e929
[  157.249959][ T7585] RDX: 0000000000044004 RSI: 00002000000000c0 RDI: 0000000000000007
[  157.249971][ T7585] RBP: 00007f4765146090 R08: 0000000000000000 R09: 0000000000000000
[  157.249984][ T7585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.249995][ T7585] R13: 0000000000000000 R14: 00007f47645b6080 R15: 00007ffd05751108
[  157.250029][ T7585]  </TASK>
[  157.814592][ T7592] __nla_validate_parse: 1 callbacks suppressed
[  157.814615][ T7592] netlink: 52 bytes leftover after parsing attributes in process `syz.3.535'.
[  158.317346][ T7615] batadv1: entered promiscuous mode
[  158.383782][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.546'.
[  158.384767][ T7618] netlink: 16 bytes leftover after parsing attributes in process `syz.1.545'.
[  158.423446][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.3.546'.
[  158.444778][ T7620] netlink: 'syz.3.546': attribute type 1 has an invalid length.
[  158.462358][ T7620] netlink: 228 bytes leftover after parsing attributes in process `syz.3.546'.
[  158.618731][ T7625] bond1: entered allmulticast mode
[  158.791552][ T7628] _ÐZ`Ô€@: entered promiscuous mode
[  158.856281][ T7641] Bluetooth: MGMT ver 1.23
[  159.456607][ T7667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'.
[  159.469556][ T7669] bridge0: port 3(erspan0) entered blocking state
[  159.483895][ T7669] bridge0: port 3(erspan0) entered disabled state
[  159.497714][ T7669] erspan0: entered allmulticast mode
[  159.530253][ T7667] netlink: 4 bytes leftover after parsing attributes in process `syz.3.564'.
[  159.570511][ T7669] erspan0: entered promiscuous mode
[  159.631519][ T7669] bridge0: port 3(erspan0) entered blocking state
[  159.638188][ T7669] bridge0: port 3(erspan0) entered forwarding state
[  159.701997][ T7667] netlink: 'syz.3.564': attribute type 1 has an invalid length.
[  159.710336][ T7667] netlink: 228 bytes leftover after parsing attributes in process `syz.3.564'.
[  159.743672][ T7670] erspan0: left allmulticast mode
[  159.749148][ T7670] erspan0: left promiscuous mode
[  159.758100][ T7670] bridge0: port 3(erspan0) entered disabled state
[  160.057015][ T7694] netlink: 16 bytes leftover after parsing attributes in process `syz.0.570'.
[  160.240961][ T7705] netlink: 4 bytes leftover after parsing attributes in process `syz.2.572'.
[  160.757328][ T7726] netlink: 'syz.0.581': attribute type 13 has an invalid length.
[  160.776844][ T7727] netlink: 'syz.1.580': attribute type 1 has an invalid length.
[  160.792645][ T5829] IPVS: starting estimator thread 0...
[  160.829950][ T7732] netlink: 'syz.3.583': attribute type 1 has an invalid length.
[  160.909275][ T7730] IPVS: using max 25 ests per chain, 60000 per kthread
[  161.309744][ T7753] erspan0: left allmulticast mode
[  161.320512][ T7753] erspan0: left promiscuous mode
[  161.339328][ T7753] bridge0: port 3(erspan0) entered disabled state
[  161.838622][ T7777] netlink: 'syz.1.595': attribute type 13 has an invalid length.
[  162.406876][ T7797] bridge0: port 3(erspan0) entered blocking state
[  162.413891][ T7797] bridge0: port 3(erspan0) entered disabled state
[  162.420510][ T7797] erspan0: entered allmulticast mode
[  162.443768][ T7797] erspan0: entered promiscuous mode
[  162.450055][ T7797] bridge0: port 3(erspan0) entered blocking state
[  162.456969][ T7797] bridge0: port 3(erspan0) entered forwarding state
[  162.514132][ T7798] gretap1: entered promiscuous mode
[  162.523369][ T7802] erspan0: left allmulticast mode
[  162.528489][ T7802] erspan0: left promiscuous mode
[  162.537742][ T7802] bridge0: port 3(erspan0) entered disabled state
[  163.016753][ T7821] netlink: 'syz.0.610': attribute type 13 has an invalid length.
[  163.153169][ T7821] __nla_validate_parse: 11 callbacks suppressed
[  163.153194][ T7821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.610'.
[  163.238773][ T7825] netlink: 16 bytes leftover after parsing attributes in process `syz.0.610'.
[  163.321067][ T7825] netlink: 64 bytes leftover after parsing attributes in process `syz.0.610'.
[  163.676273][ T7831] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.848600][ T7831] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.887941][ T7845] bridge0: port 3(erspan0) entered blocking state
[  163.898567][ T7845] bridge0: port 3(erspan0) entered disabled state
[  163.906301][ T7845] erspan0: entered allmulticast mode
[  163.926401][ T7845] erspan0: entered promiscuous mode
[  163.941538][ T7845] bridge0: port 3(erspan0) entered blocking state
[  163.948218][ T7845] bridge0: port 3(erspan0) entered forwarding state
[  163.966764][ T7847] erspan0: left allmulticast mode
[  163.982205][ T7847] erspan0: left promiscuous mode
[  163.995544][ T7847] bridge0: port 3(erspan0) entered disabled state
[  164.051042][ T7831] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.145457][ T7856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.623'.
[  164.248798][ T7831] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.311719][ T7856] netlink: 'syz.1.623': attribute type 1 has an invalid length.
[  164.328309][ T7856] netlink: 228 bytes leftover after parsing attributes in process `syz.1.623'.
[  164.389053][ T7865] netlink: 'syz.0.626': attribute type 13 has an invalid length.
[  164.482726][ T7865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'.
[  164.503618][ T6465] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.504289][ T7865] netlink: 16 bytes leftover after parsing attributes in process `syz.0.626'.
[  164.528208][ T7865] netlink: 64 bytes leftover after parsing attributes in process `syz.0.626'.
[  164.555372][ T6465] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.604784][ T6465] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.660185][ T6465] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.935036][ T7881] netlink: 'syz.0.630': attribute type 10 has an invalid length.
[  165.005460][ T7883] IPv6: sit1: Disabled Multicast RS
[  165.446631][ T7902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.641'.
[  165.456742][ T7900] netlink: 'syz.1.640': attribute type 13 has an invalid length.
[  165.481982][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.640'.
[  165.484534][ T7902] netlink: 'syz.4.641': attribute type 1 has an invalid length.
[  165.700533][ T7909] gretap0: entered promiscuous mode
[  165.739698][ T7909] batman_adv: batadv0: Adding interface: macvlan2
[  165.753370][ T7909] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.785786][ T7909] batman_adv: batadv0: Interface activated: macvlan2
[  165.928704][ T7925] FAULT_INJECTION: forcing a failure.
[  165.928704][ T7925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.965800][ T7925] CPU: 0 UID: 0 PID: 7925 Comm: syz.1.648 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  165.965832][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.965843][ T7925] Call Trace:
[  165.965851][ T7925]  <TASK>
[  165.965859][ T7925]  dump_stack_lvl+0x189/0x250
[  165.965894][ T7925]  ? __pfx____ratelimit+0x10/0x10
[  165.965917][ T7925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.965947][ T7925]  ? __pfx__printk+0x10/0x10
[  165.965969][ T7925]  ? __might_fault+0xb0/0x130
[  165.966012][ T7925]  should_fail_ex+0x414/0x560
[  165.966042][ T7925]  _copy_from_user+0x2d/0xb0
[  165.966062][ T7925]  do_ipt_set_ctl+0x696/0xcd0
[  165.966096][ T7925]  ? rcu_is_watching+0x15/0xb0
[  165.966138][ T7925]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  165.966184][ T7925]  ? __pfx___mutex_lock+0x10/0x10
[  165.966208][ T7925]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  165.966235][ T7925]  ? aa_sk_perm+0x81e/0x950
[  165.966263][ T7925]  ? __pfx_aa_sk_perm+0x10/0x10
[  165.966293][ T7925]  nf_setsockopt+0x26f/0x290
[  165.966322][ T7925]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  165.966348][ T7925]  do_sock_setsockopt+0x25a/0x3e0
[  165.966378][ T7925]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  165.966409][ T7925]  ? __fget_files+0x2a/0x420
[  165.966441][ T7925]  __x64_sys_setsockopt+0x18b/0x220
[  165.966471][ T7925]  do_syscall_64+0xfa/0x3b0
[  165.966491][ T7925]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.966511][ T7925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.966530][ T7925]  ? clear_bhb_loop+0x60/0xb0
[  165.966554][ T7925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.966571][ T7925] RIP: 0033:0x7ff4a198e929
[  165.966590][ T7925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.966606][ T7925] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  165.966629][ T7925] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  165.966642][ T7925] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[  165.966655][ T7925] RBP: 00007ff4a2821090 R08: 00000000000002e0 R09: 0000000000000000
[  165.966667][ T7925] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  165.966679][ T7925] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  165.966710][ T7925]  </TASK>
[  166.585090][ T7942] netlink: 'syz.4.653': attribute type 13 has an invalid length.
[  166.636389][ T7946] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20004
[  166.676334][ T7949] netlink: 'syz.3.655': attribute type 1 has an invalid length.
[  167.318485][ T7977] veth0: entered promiscuous mode
[  168.690872][ T8011] __nla_validate_parse: 10 callbacks suppressed
[  168.690895][ T8011] netlink: 28 bytes leftover after parsing attributes in process `syz.4.662'.
[  168.798514][ T8009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.664'.
[  169.229705][ T8030] netlink: 32 bytes leftover after parsing attributes in process `syz.1.671'.
[  169.886639][ T8054] No such timeout policy "syz0"
[  169.937881][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'.
[  170.024951][ T8062] erspan0: entered promiscuous mode
[  170.047602][ T8060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.683'.
[  170.059515][ T8066] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'.
[  170.067644][ T8062] macvtap1: entered promiscuous mode
[  170.100645][ T8062] macvtap1: entered allmulticast mode
[  170.132287][ T8062] erspan0: entered allmulticast mode
[  170.192772][ T8066] erspan0: left allmulticast mode
[  170.221082][ T8066] erspan0: left promiscuous mode
[  170.528638][ T8084] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'.
[  170.767603][ T8092] bridge0: port 3(erspan0) entered blocking state
[  170.784754][ T8092] bridge0: port 3(erspan0) entered disabled state
[  170.791415][ T8092] erspan0: entered allmulticast mode
[  170.843492][ T8092] erspan0: left allmulticast mode
[  170.987147][ T8103] netlink: 28 bytes leftover after parsing attributes in process `syz.2.694'.
[  171.341547][ T8109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.697'.
[  171.409510][ T8107] netlink: 28 bytes leftover after parsing attributes in process `syz.0.686'.
[  171.652934][ T8128] bridge0: port 3(erspan0) entered blocking state
[  171.659516][ T8128] bridge0: port 3(erspan0) entered disabled state
[  171.686588][ T8128] erspan0: entered allmulticast mode
[  171.698232][ T8128] erspan0: entered promiscuous mode
[  171.724055][ T8128] bridge0: port 3(erspan0) entered blocking state
[  171.730698][ T8128] bridge0: port 3(erspan0) entered forwarding state
[  171.797861][ T8136] erspan0: left allmulticast mode
[  171.822984][ T8136] erspan0: left promiscuous mode
[  171.834095][ T8136] bridge0: port 3(erspan0) entered disabled state
[  172.000422][ T8138] bridge0: port 3(erspan0) entered blocking state
[  172.016401][ T8138] bridge0: port 3(erspan0) entered disabled state
[  172.046180][ T8138] erspan0: entered allmulticast mode
[  172.093005][ T8138] erspan0: left allmulticast mode
[  172.120885][ T8145] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  172.190566][ T8149] pimreg: left allmulticast mode
[  172.689082][ T8167] netlink: 'syz.4.713': attribute type 1 has an invalid length.
[  172.707733][ T8171] FAULT_INJECTION: forcing a failure.
[  172.707733][ T8171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  172.732892][ T8171] CPU: 1 UID: 0 PID: 8171 Comm: syz.3.715 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  172.732923][ T8171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.732934][ T8171] Call Trace:
[  172.732941][ T8171]  <TASK>
[  172.732950][ T8171]  dump_stack_lvl+0x189/0x250
[  172.732994][ T8171]  ? __pfx____ratelimit+0x10/0x10
[  172.733016][ T8171]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.733043][ T8171]  ? __pfx__printk+0x10/0x10
[  172.733064][ T8171]  ? __might_fault+0xb0/0x130
[  172.733104][ T8171]  should_fail_ex+0x414/0x560
[  172.733132][ T8171]  _copy_from_user+0x2d/0xb0
[  172.733152][ T8171]  ___sys_sendmsg+0x158/0x2a0
[  172.733182][ T8171]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.733248][ T8171]  ? __fget_files+0x2a/0x420
[  172.733268][ T8171]  ? __fget_files+0x3a0/0x420
[  172.733299][ T8171]  __sys_sendmmsg+0x227/0x430
[  172.733331][ T8171]  ? __pfx___sys_sendmmsg+0x10/0x10
[  172.733355][ T8171]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  172.733410][ T8171]  ? ksys_write+0x22a/0x250
[  172.733442][ T8171]  ? __pfx_ksys_write+0x10/0x10
[  172.733468][ T8171]  ? rcu_is_watching+0x15/0xb0
[  172.733505][ T8171]  __x64_sys_sendmmsg+0xa0/0xc0
[  172.733535][ T8171]  do_syscall_64+0xfa/0x3b0
[  172.733556][ T8171]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.733578][ T8171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.733597][ T8171]  ? clear_bhb_loop+0x60/0xb0
[  172.733622][ T8171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.733640][ T8171] RIP: 0033:0x7fdb09d8e929
[  172.733658][ T8171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.733674][ T8171] RSP: 002b:00007fdb0ab2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  172.733695][ T8171] RAX: ffffffffffffffda RBX: 00007fdb09fb5fa0 RCX: 00007fdb09d8e929
[  172.733709][ T8171] RDX: 0000000000000001 RSI: 0000200000000940 RDI: 0000000000000003
[  172.733720][ T8171] RBP: 00007fdb0ab2a090 R08: 0000000000000000 R09: 0000000000000000
[  172.733731][ T8171] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  172.733742][ T8171] R13: 0000000000000000 R14: 00007fdb09fb5fa0 R15: 00007ffe49cb3168
[  172.733774][ T8171]  </TASK>
[  172.761868][ T8174] netlink: 'syz.1.716': attribute type 30 has an invalid length.
[  173.129878][ T8182] netlink: 'syz.0.717': attribute type 15 has an invalid length.
[  173.241443][ T8187] bridge0: port 3(erspan0) entered blocking state
[  173.248857][ T8187] bridge0: port 3(erspan0) entered disabled state
[  173.256169][ T8187] erspan0: entered allmulticast mode
[  173.284073][ T8187] erspan0: entered promiscuous mode
[  173.290131][ T8187] bridge0: port 3(erspan0) entered blocking state
[  173.297285][ T8187] bridge0: port 3(erspan0) entered forwarding state
[  173.343650][ T8192] erspan0: left allmulticast mode
[  173.348744][ T8192] erspan0: left promiscuous mode
[  173.363363][ T8192] bridge0: port 3(erspan0) entered disabled state
[  173.738358][ T8206] __nla_validate_parse: 10 callbacks suppressed
[  173.738416][ T8206] netlink: 16 bytes leftover after parsing attributes in process `syz.4.726'.
[  173.849711][ T8210] tipc: Started in network mode
[  173.855464][ T8210] tipc: Node identity ac14140f, cluster identity 4711
[  173.878615][ T8210] tipc: New replicast peer: 255.255.255.255
[  173.885991][ T8210] tipc: Enabled bearer <udp:syz2>, priority 10
[  173.940996][ T8214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'.
[  173.964902][ T8218] FAULT_INJECTION: forcing a failure.
[  173.964902][ T8218] name failslab, interval 1, probability 0, space 0, times 0
[  173.984945][ T8218] CPU: 0 UID: 0 PID: 8218 Comm: syz.1.732 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  173.984976][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.984987][ T8218] Call Trace:
[  173.984994][ T8218]  <TASK>
[  173.985002][ T8218]  dump_stack_lvl+0x189/0x250
[  173.985047][ T8218]  ? __pfx____ratelimit+0x10/0x10
[  173.985069][ T8218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.985095][ T8218]  ? __pfx__printk+0x10/0x10
[  173.985126][ T8218]  ? ref_tracker_alloc+0x318/0x460
[  173.985156][ T8218]  should_fail_ex+0x414/0x560
[  173.985185][ T8218]  should_failslab+0xa8/0x100
[  173.985207][ T8218]  kmem_cache_alloc_noprof+0x73/0x3c0
[  173.985235][ T8218]  ? skb_clone+0x212/0x3a0
[  173.985269][ T8218]  skb_clone+0x212/0x3a0
[  173.985302][ T8218]  __netlink_deliver_tap+0x404/0x850
[  173.985337][ T8218]  ? netlink_deliver_tap+0x2e/0x1b0
[  173.985361][ T8218]  netlink_deliver_tap+0x19c/0x1b0
[  173.985386][ T8218]  netlink_unicast+0x72f/0x8d0
[  173.985423][ T8218]  netlink_sendmsg+0x805/0xb30
[  173.985456][ T8218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.985482][ T8218]  ? aa_sock_msg_perm+0x94/0x160
[  173.985508][ T8218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  173.985531][ T8218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.985555][ T8218]  __sock_sendmsg+0x219/0x270
[  173.985580][ T8218]  ____sys_sendmsg+0x505/0x830
[  173.985612][ T8218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  173.985650][ T8218]  ? import_iovec+0x74/0xa0
[  173.985673][ T8218]  ___sys_sendmsg+0x21f/0x2a0
[  173.985702][ T8218]  ? __pfx____sys_sendmsg+0x10/0x10
[  173.985771][ T8218]  ? __fget_files+0x2a/0x420
[  173.985790][ T8218]  ? __fget_files+0x3a0/0x420
[  173.985822][ T8218]  __x64_sys_sendmsg+0x19b/0x260
[  173.985852][ T8218]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  173.985888][ T8218]  ? __pfx_ksys_write+0x10/0x10
[  173.985912][ T8218]  ? rcu_is_watching+0x15/0xb0
[  173.985947][ T8218]  ? do_syscall_64+0xbe/0x3b0
[  173.985973][ T8218]  do_syscall_64+0xfa/0x3b0
[  173.985994][ T8218]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.986025][ T8218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.986044][ T8218]  ? clear_bhb_loop+0x60/0xb0
[  173.986066][ T8218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.986085][ T8218] RIP: 0033:0x7ff4a198e929
[  173.986104][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.986118][ T8218] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.986140][ T8218] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  173.986155][ T8218] RDX: 0000000004000000 RSI: 0000200000009c40 RDI: 0000000000000003
[  173.986167][ T8218] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  173.986180][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.986191][ T8218] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  173.986226][ T8218]  </TASK>
[  173.988730][ T8220] netlink: 32 bytes leftover after parsing attributes in process `syz.2.729'.
[  174.010881][ T8219] 8021q: adding VLAN 0 to HW filter on device 
[  174.247441][ T8229] netlink: 'syz.2.729': attribute type 1 has an invalid length.
[  174.270518][ T6465] wlan1: Trigger new scan to find an IBSS to join
[  174.366287][ T8229] netlink: 228 bytes leftover after parsing attributes in process `syz.2.729'.
[  174.560503][ T8219] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  174.882890][ T5829] tipc: Node number set to 2886997007
[  175.006950][ T8247] netlink: 4 bytes leftover after parsing attributes in process `syz.4.737'.
[  175.106416][ T8252] netlink: 'syz.1.741': attribute type 11 has an invalid length.
[  175.127783][ T8252] netlink: 44 bytes leftover after parsing attributes in process `syz.1.741'.
[  175.510195][ T8266] netlink: 16 bytes leftover after parsing attributes in process `syz.1.746'.
[  175.672757][ T8270] netlink: 8 bytes leftover after parsing attributes in process `syz.1.748'.
[  175.728054][ T8270] netlink: 32 bytes leftover after parsing attributes in process `syz.1.748'.
[  175.789902][ T8270] netlink: 'syz.1.748': attribute type 1 has an invalid length.
[  175.813415][ T8270] netlink: 228 bytes leftover after parsing attributes in process `syz.1.748'.
[  176.391514][ T8287] netlink: 'syz.4.753': attribute type 11 has an invalid length.
[  176.441354][ T8289] netlink: 'syz.1.754': attribute type 13 has an invalid length.
[  176.715319][ T8298] vlan2: entered promiscuous mode
[  176.872618][ T8304] nbd: socks must be embedded in a SOCK_ITEM attr
[  176.879883][ T8304] block nbd0: shutting down sockets
[  177.117660][ T8316] netlink: 'syz.4.766': attribute type 11 has an invalid length.
[  177.138734][ T8317] netlink: 'syz.3.764': attribute type 1 has an invalid length.
[  178.364842][ T6465] wlan1: Trigger new scan to find an IBSS to join
[  178.515843][   T12] wlan1: Creating new IBSS network, BSSID 8e:81:2a:8e:3c:8b
[  178.836962][ T8354] netlink: 'syz.3.777': attribute type 11 has an invalid length.
[  178.856357][ T8354] __nla_validate_parse: 11 callbacks suppressed
[  178.856378][ T8354] netlink: 44 bytes leftover after parsing attributes in process `syz.3.777'.
[  179.626390][ T8377] FAULT_INJECTION: forcing a failure.
[  179.626390][ T8377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.650178][ T8377] CPU: 0 UID: 0 PID: 8377 Comm: syz.0.786 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  179.650207][ T8377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.650218][ T8377] Call Trace:
[  179.650226][ T8377]  <TASK>
[  179.650234][ T8377]  dump_stack_lvl+0x189/0x250
[  179.650269][ T8377]  ? __pfx____ratelimit+0x10/0x10
[  179.650291][ T8377]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.650319][ T8377]  ? __pfx__printk+0x10/0x10
[  179.650339][ T8377]  ? __might_fault+0xb0/0x130
[  179.650385][ T8377]  should_fail_ex+0x414/0x560
[  179.650412][ T8377]  _copy_from_iter+0x1db/0x16f0
[  179.650441][ T8377]  ? rcu_is_watching+0x15/0xb0
[  179.650472][ T8377]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  179.650503][ T8377]  ? __pfx__copy_from_iter+0x10/0x10
[  179.650531][ T8377]  ? __build_skb_around+0x257/0x3e0
[  179.650559][ T8377]  ? netlink_sendmsg+0x642/0xb30
[  179.650580][ T8377]  ? skb_put+0x11b/0x210
[  179.650608][ T8377]  netlink_sendmsg+0x6b2/0xb30
[  179.650641][ T8377]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.650668][ T8377]  ? aa_sock_msg_perm+0x94/0x160
[  179.650693][ T8377]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  179.650716][ T8377]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.650739][ T8377]  __sock_sendmsg+0x219/0x270
[  179.650763][ T8377]  ____sys_sendmsg+0x505/0x830
[  179.650795][ T8377]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.650831][ T8377]  ? import_iovec+0x74/0xa0
[  179.650853][ T8377]  ___sys_sendmsg+0x21f/0x2a0
[  179.650882][ T8377]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.650946][ T8377]  ? __fget_files+0x2a/0x420
[  179.650965][ T8377]  ? __fget_files+0x3a0/0x420
[  179.650996][ T8377]  __x64_sys_sendmsg+0x19b/0x260
[  179.651025][ T8377]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  179.651062][ T8377]  ? __pfx_ksys_write+0x10/0x10
[  179.651088][ T8377]  ? rcu_is_watching+0x15/0xb0
[  179.651121][ T8377]  ? do_syscall_64+0xbe/0x3b0
[  179.651159][ T8377]  do_syscall_64+0xfa/0x3b0
[  179.651179][ T8377]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.651199][ T8377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.651217][ T8377]  ? clear_bhb_loop+0x60/0xb0
[  179.651241][ T8377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.651258][ T8377] RIP: 0033:0x7f476438e929
[  179.651276][ T8377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.651292][ T8377] RSP: 002b:00007f4765167038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.651313][ T8377] RAX: ffffffffffffffda RBX: 00007f47645b5fa0 RCX: 00007f476438e929
[  179.651327][ T8377] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  179.651339][ T8377] RBP: 00007f4765167090 R08: 0000000000000000 R09: 0000000000000000
[  179.651351][ T8377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.651362][ T8377] R13: 0000000000000000 R14: 00007f47645b5fa0 R15: 00007ffd05751108
[  179.651393][ T8377]  </TASK>
[  179.962696][ T8372] syz.3.783 (8372) used greatest stack depth: 19000 bytes left
[  180.220125][ T8385] netlink: 'syz.2.790': attribute type 11 has an invalid length.
[  180.234040][ T8385] netlink: 44 bytes leftover after parsing attributes in process `syz.2.790'.
[  180.415673][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.792'.
[  180.817375][ T8410] gretap0: entered promiscuous mode
[  180.831048][ T8410] vlan2: entered promiscuous mode
[  180.931306][ T8418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.797'.
[  181.018196][ T8417] netlink: 28 bytes leftover after parsing attributes in process `syz.0.797'.
[  181.056997][ T8417] netlink: 28 bytes leftover after parsing attributes in process `syz.0.797'.
[  182.703706][ T8468] netlink: 16 bytes leftover after parsing attributes in process `syz.2.815'.
[  182.758043][ T8472] FAULT_INJECTION: forcing a failure.
[  182.758043][ T8472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.802110][ T8472] CPU: 1 UID: 0 PID: 8472 Comm: syz.3.816 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  182.802148][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.802172][ T8472] Call Trace:
[  182.802180][ T8472]  <TASK>
[  182.802189][ T8472]  dump_stack_lvl+0x189/0x250
[  182.802224][ T8472]  ? __pfx____ratelimit+0x10/0x10
[  182.802247][ T8472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.802277][ T8472]  ? __pfx__printk+0x10/0x10
[  182.802313][ T8472]  should_fail_ex+0x414/0x560
[  182.802343][ T8472]  _copy_to_user+0x31/0xb0
[  182.802364][ T8472]  simple_read_from_buffer+0xe1/0x170
[  182.802390][ T8472]  proc_fail_nth_read+0x1df/0x250
[  182.802418][ T8472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.802444][ T8472]  ? rw_verify_area+0x258/0x650
[  182.802470][ T8472]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  182.802493][ T8472]  vfs_read+0x1fd/0x980
[  182.802525][ T8472]  ? __pfx___mutex_lock+0x10/0x10
[  182.802549][ T8472]  ? __pfx_vfs_read+0x10/0x10
[  182.802576][ T8472]  ? __fget_files+0x2a/0x420
[  182.802601][ T8472]  ? __fget_files+0x3a0/0x420
[  182.802620][ T8472]  ? __fget_files+0x2a/0x420
[  182.802650][ T8472]  ksys_read+0x145/0x250
[  182.802681][ T8472]  ? __pfx_ksys_read+0x10/0x10
[  182.802705][ T8472]  ? rcu_is_watching+0x15/0xb0
[  182.802739][ T8472]  ? do_syscall_64+0xbe/0x3b0
[  182.802766][ T8472]  do_syscall_64+0xfa/0x3b0
[  182.802786][ T8472]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.802806][ T8472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.802823][ T8472]  ? clear_bhb_loop+0x60/0xb0
[  182.802843][ T8472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.802859][ T8472] RIP: 0033:0x7fdb09d8d33c
[  182.802879][ T8472] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  182.802894][ T8472] RSP: 002b:00007fdb0ab2a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  182.802917][ T8472] RAX: ffffffffffffffda RBX: 00007fdb09fb5fa0 RCX: 00007fdb09d8d33c
[  182.802931][ T8472] RDX: 000000000000000f RSI: 00007fdb0ab2a0a0 RDI: 0000000000000007
[  182.802942][ T8472] RBP: 00007fdb0ab2a090 R08: 0000000000000000 R09: 0000000000000000
[  182.802954][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.802965][ T8472] R13: 0000000000000000 R14: 00007fdb09fb5fa0 R15: 00007ffe49cb3168
[  182.802999][ T8472]  </TASK>
[  183.411914][ T8485] pimreg: entered allmulticast mode
[  183.433805][ T8487] FAULT_INJECTION: forcing a failure.
[  183.433805][ T8487] name failslab, interval 1, probability 0, space 0, times 0
[  183.460039][ T8487] CPU: 0 UID: 0 PID: 8487 Comm: syz.3.821 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  183.460072][ T8487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.460084][ T8487] Call Trace:
[  183.460093][ T8487]  <TASK>
[  183.460102][ T8487]  dump_stack_lvl+0x189/0x250
[  183.460138][ T8487]  ? __pfx____ratelimit+0x10/0x10
[  183.460162][ T8487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.460191][ T8487]  ? __pfx__printk+0x10/0x10
[  183.460221][ T8487]  ? ref_tracker_alloc+0x318/0x460
[  183.460251][ T8487]  should_fail_ex+0x414/0x560
[  183.460281][ T8487]  should_failslab+0xa8/0x100
[  183.460305][ T8487]  kmem_cache_alloc_noprof+0x73/0x3c0
[  183.460335][ T8487]  ? skb_clone+0x212/0x3a0
[  183.460369][ T8487]  skb_clone+0x212/0x3a0
[  183.460402][ T8487]  __netlink_deliver_tap+0x404/0x850
[  183.460442][ T8487]  ? netlink_deliver_tap+0x2e/0x1b0
[  183.460467][ T8487]  netlink_deliver_tap+0x19c/0x1b0
[  183.460493][ T8487]  netlink_unicast+0x72f/0x8d0
[  183.460528][ T8487]  netlink_sendmsg+0x805/0xb30
[  183.460564][ T8487]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.460593][ T8487]  ? aa_sock_msg_perm+0x94/0x160
[  183.460620][ T8487]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  183.460644][ T8487]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.460670][ T8487]  __sock_sendmsg+0x219/0x270
[  183.460694][ T8487]  ____sys_sendmsg+0x505/0x830
[  183.460729][ T8487]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.460768][ T8487]  ? import_iovec+0x74/0xa0
[  183.460792][ T8487]  ___sys_sendmsg+0x21f/0x2a0
[  183.460822][ T8487]  ? __pfx____sys_sendmsg+0x10/0x10
[  183.460902][ T8487]  ? __fget_files+0x2a/0x420
[  183.460924][ T8487]  ? __fget_files+0x3a0/0x420
[  183.460958][ T8487]  __x64_sys_sendmsg+0x19b/0x260
[  183.460994][ T8487]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  183.461034][ T8487]  ? __pfx_ksys_write+0x10/0x10
[  183.461060][ T8487]  ? rcu_is_watching+0x15/0xb0
[  183.461096][ T8487]  ? do_syscall_64+0xbe/0x3b0
[  183.461124][ T8487]  do_syscall_64+0xfa/0x3b0
[  183.461145][ T8487]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.461167][ T8487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.461187][ T8487]  ? clear_bhb_loop+0x60/0xb0
[  183.461212][ T8487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.461231][ T8487] RIP: 0033:0x7fdb09d8e929
[  183.461249][ T8487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.461267][ T8487] RSP: 002b:00007fdb0ab2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.461291][ T8487] RAX: ffffffffffffffda RBX: 00007fdb09fb5fa0 RCX: 00007fdb09d8e929
[  183.461306][ T8487] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  183.461319][ T8487] RBP: 00007fdb0ab2a090 R08: 0000000000000000 R09: 0000000000000000
[  183.461332][ T8487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.461344][ T8487] R13: 0000000000000000 R14: 00007fdb09fb5fa0 R15: 00007ffe49cb3168
[  183.461378][ T8487]  </TASK>
[  183.461924][ T8480] netlink: 'syz.1.820': attribute type 1 has an invalid length.
[  183.751448][ T8494] netlink: 16 bytes leftover after parsing attributes in process `syz.3.824'.
[  184.081210][ T8502] bridge0: port 3(erspan0) entered blocking state
[  184.088105][ T8502] bridge0: port 3(erspan0) entered disabled state
[  184.099268][ T8502] erspan0: entered allmulticast mode
[  184.115594][ T8502] erspan0: entered promiscuous mode
[  184.121615][ T8502] bridge0: port 3(erspan0) entered blocking state
[  184.128318][ T8502] bridge0: port 3(erspan0) entered forwarding state
[  184.162022][ T8506] erspan0: left allmulticast mode
[  184.182657][ T8506] erspan0: left promiscuous mode
[  184.187905][ T8506] bridge0: port 3(erspan0) entered disabled state
[  184.510285][ T8517] netlink: 20 bytes leftover after parsing attributes in process `syz.2.831'.
[  185.996313][ T8572] netlink: 16 bytes leftover after parsing attributes in process `syz.4.851'.
[  186.001233][ T8573] netlink: 8 bytes leftover after parsing attributes in process `syz.1.850'.
[  186.084591][ T8573] netlink: 32 bytes leftover after parsing attributes in process `syz.1.850'.
[  186.165178][ T8573] netlink: 'syz.1.850': attribute type 1 has an invalid length.
[  186.190377][ T8573] netlink: 228 bytes leftover after parsing attributes in process `syz.1.850'.
[  187.146904][ T8605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.862'.
[  187.191976][ T8605] netlink: 16 bytes leftover after parsing attributes in process `syz.4.862'.
[  187.231802][ T8600] netlink: 28 bytes leftover after parsing attributes in process `syz.3.848'.
[  187.252312][ T8605] netlink: 64 bytes leftover after parsing attributes in process `syz.4.862'.
[  187.473957][ T8614] netlink: 26 bytes leftover after parsing attributes in process `syz.2.865'.
[  187.653502][ T8621] FAULT_INJECTION: forcing a failure.
[  187.653502][ T8621] name failslab, interval 1, probability 0, space 0, times 0
[  187.669623][ T8621] CPU: 1 UID: 0 PID: 8621 Comm: syz.4.869 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  187.669656][ T8621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.669668][ T8621] Call Trace:
[  187.669678][ T8621]  <TASK>
[  187.669687][ T8621]  dump_stack_lvl+0x189/0x250
[  187.669724][ T8621]  ? __pfx____ratelimit+0x10/0x10
[  187.669748][ T8621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.669778][ T8621]  ? __pfx__printk+0x10/0x10
[  187.669809][ T8621]  ? ref_tracker_alloc+0x318/0x460
[  187.669838][ T8621]  should_fail_ex+0x414/0x560
[  187.669868][ T8621]  should_failslab+0xa8/0x100
[  187.669891][ T8621]  kmem_cache_alloc_noprof+0x73/0x3c0
[  187.669945][ T8621]  ? skb_clone+0x212/0x3a0
[  187.669980][ T8621]  skb_clone+0x212/0x3a0
[  187.670013][ T8621]  __netlink_deliver_tap+0x404/0x850
[  187.670055][ T8621]  ? netlink_deliver_tap+0x2e/0x1b0
[  187.670080][ T8621]  netlink_deliver_tap+0x19c/0x1b0
[  187.670105][ T8621]  netlink_unicast+0x72f/0x8d0
[  187.670142][ T8621]  netlink_sendmsg+0x805/0xb30
[  187.670176][ T8621]  ? __pfx_netlink_sendmsg+0x10/0x10
[  187.670205][ T8621]  ? aa_sock_msg_perm+0x94/0x160
[  187.670233][ T8621]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  187.670259][ T8621]  ? __pfx_netlink_sendmsg+0x10/0x10
[  187.670284][ T8621]  __sock_sendmsg+0x219/0x270
[  187.670310][ T8621]  ____sys_sendmsg+0x505/0x830
[  187.670344][ T8621]  ? __pfx_____sys_sendmsg+0x10/0x10
[  187.670383][ T8621]  ? import_iovec+0x74/0xa0
[  187.670415][ T8621]  ___sys_sendmsg+0x21f/0x2a0
[  187.670447][ T8621]  ? __pfx____sys_sendmsg+0x10/0x10
[  187.670519][ T8621]  ? __fget_files+0x2a/0x420
[  187.670540][ T8621]  ? __fget_files+0x3a0/0x420
[  187.670575][ T8621]  __x64_sys_sendmsg+0x19b/0x260
[  187.670607][ T8621]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  187.670646][ T8621]  ? __pfx_ksys_write+0x10/0x10
[  187.670673][ T8621]  ? rcu_is_watching+0x15/0xb0
[  187.670708][ T8621]  ? do_syscall_64+0xbe/0x3b0
[  187.670736][ T8621]  do_syscall_64+0xfa/0x3b0
[  187.670757][ T8621]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.670779][ T8621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.670799][ T8621]  ? clear_bhb_loop+0x60/0xb0
[  187.670824][ T8621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.670843][ T8621] RIP: 0033:0x7f418e58e929
[  187.670861][ T8621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.670878][ T8621] RSP: 002b:00007f418f4b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  187.670909][ T8621] RAX: ffffffffffffffda RBX: 00007f418e7b5fa0 RCX: 00007f418e58e929
[  187.670924][ T8621] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[  187.670936][ T8621] RBP: 00007f418f4b6090 R08: 0000000000000000 R09: 0000000000000000
[  187.670948][ T8621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.670960][ T8621] R13: 0000000000000000 R14: 00007f418e7b5fa0 R15: 00007fff8df39fb8
[  187.670995][ T8621]  </TASK>
[  188.079747][ T8622] netlink: 'syz.2.867': attribute type 1 has an invalid length.
[  188.507620][ T8638] bridge0: port 3(erspan0) entered blocking state
[  188.525240][ T8638] bridge0: port 3(erspan0) entered disabled state
[  188.533961][ T8638] erspan0: entered allmulticast mode
[  188.556155][ T8638] erspan0: entered promiscuous mode
[  188.575291][ T8638] bridge0: port 3(erspan0) entered blocking state
[  188.581923][ T8638] bridge0: port 3(erspan0) entered forwarding state
[  188.619574][ T8646] erspan0: left allmulticast mode
[  188.625191][ T8646] erspan0: left promiscuous mode
[  188.630611][ T8646] bridge0: port 3(erspan0) entered disabled state
[  188.823405][ T8654] veth0: entered promiscuous mode
[  188.868777][ T8658] netlink: 'syz.1.879': attribute type 4 has an invalid length.
[  189.432670][ T8675] netlink: 'syz.3.885': attribute type 1 has an invalid length.
[  189.530550][ T8680] FAULT_INJECTION: forcing a failure.
[  189.530550][ T8680] name failslab, interval 1, probability 0, space 0, times 0
[  189.571468][ T8680] CPU: 0 UID: 0 PID: 8680 Comm: syz.2.887 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  189.571502][ T8680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.571515][ T8680] Call Trace:
[  189.571523][ T8680]  <TASK>
[  189.571532][ T8680]  dump_stack_lvl+0x189/0x250
[  189.571570][ T8680]  ? __pfx____ratelimit+0x10/0x10
[  189.571594][ T8680]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.571624][ T8680]  ? __pfx__printk+0x10/0x10
[  189.571652][ T8680]  ? __pfx___might_resched+0x10/0x10
[  189.571687][ T8680]  should_fail_ex+0x414/0x560
[  189.571717][ T8680]  should_failslab+0xa8/0x100
[  189.571741][ T8680]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  189.571778][ T8680]  ? __alloc_skb+0x112/0x2d0
[  189.571809][ T8680]  __alloc_skb+0x112/0x2d0
[  189.571839][ T8680]  netlink_sendmsg+0x5c6/0xb30
[  189.571875][ T8680]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.571903][ T8680]  ? aa_sock_msg_perm+0x94/0x160
[  189.571930][ T8680]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  189.571954][ T8680]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.571979][ T8680]  __sock_sendmsg+0x219/0x270
[  189.572004][ T8680]  ____sys_sendmsg+0x505/0x830
[  189.572039][ T8680]  ? __pfx_____sys_sendmsg+0x10/0x10
[  189.572087][ T8680]  ? import_iovec+0x74/0xa0
[  189.572110][ T8680]  ___sys_sendmsg+0x21f/0x2a0
[  189.572139][ T8680]  ? __pfx____sys_sendmsg+0x10/0x10
[  189.572203][ T8680]  ? __fget_files+0x2a/0x420
[  189.572224][ T8680]  ? __fget_files+0x3a0/0x420
[  189.572259][ T8680]  __x64_sys_sendmsg+0x19b/0x260
[  189.572290][ T8680]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  189.572328][ T8680]  ? __pfx_ksys_write+0x10/0x10
[  189.572355][ T8680]  ? rcu_is_watching+0x15/0xb0
[  189.572391][ T8680]  ? do_syscall_64+0xbe/0x3b0
[  189.572418][ T8680]  do_syscall_64+0xfa/0x3b0
[  189.572440][ T8680]  ? lockdep_hardirqs_on+0x9c/0x150
[  189.572462][ T8680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.572481][ T8680]  ? clear_bhb_loop+0x60/0xb0
[  189.572506][ T8680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.572525][ T8680] RIP: 0033:0x7f7062d8e929
[  189.572545][ T8680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.572563][ T8680] RSP: 002b:00007f7063ccd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  189.572584][ T8680] RAX: ffffffffffffffda RBX: 00007f7062fb5fa0 RCX: 00007f7062d8e929
[  189.572597][ T8680] RDX: 0000000000000000 RSI: 0000200000001ec0 RDI: 0000000000000003
[  189.572609][ T8680] RBP: 00007f7063ccd090 R08: 0000000000000000 R09: 0000000000000000
[  189.572621][ T8680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.572634][ T8680] R13: 0000000000000000 R14: 00007f7062fb5fa0 R15: 00007ffd5455dbe8
[  189.572667][ T8680]  </TASK>
[  190.242925][ T8697] __nla_validate_parse: 10 callbacks suppressed
[  190.242951][ T8697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.888'.
[  190.374625][ T8697] netlink: 16 bytes leftover after parsing attributes in process `syz.2.888'.
[  190.435390][ T8697] netlink: 64 bytes leftover after parsing attributes in process `syz.2.888'.
[  190.726386][ T8711] netlink: 56 bytes leftover after parsing attributes in process `syz.4.891'.
[  190.836440][ T8716] FAULT_INJECTION: forcing a failure.
[  190.836440][ T8716] name failslab, interval 1, probability 0, space 0, times 0
[  190.869331][ T8716] CPU: 1 UID: 0 PID: 8716 Comm: syz.0.895 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  190.869363][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.869375][ T8716] Call Trace:
[  190.869383][ T8716]  <TASK>
[  190.869392][ T8716]  dump_stack_lvl+0x189/0x250
[  190.869429][ T8716]  ? __pfx____ratelimit+0x10/0x10
[  190.869452][ T8716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.869481][ T8716]  ? __pfx__printk+0x10/0x10
[  190.869506][ T8716]  ? __pfx___might_resched+0x10/0x10
[  190.869535][ T8716]  ? fs_reclaim_acquire+0x7d/0x100
[  190.869563][ T8716]  should_fail_ex+0x414/0x560
[  190.869593][ T8716]  should_failslab+0xa8/0x100
[  190.869614][ T8716]  __kmalloc_noprof+0xcb/0x4f0
[  190.869632][ T8716]  ? tomoyo_encode+0x28b/0x550
[  190.869662][ T8716]  tomoyo_encode+0x28b/0x550
[  190.869695][ T8716]  tomoyo_realpath_from_path+0x58d/0x5d0
[  190.869725][ T8716]  ? tomoyo_domain+0xd9/0x130
[  190.869764][ T8716]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  190.869787][ T8716]  tomoyo_path_number_perm+0x1e8/0x5a0
[  190.869813][ T8716]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  190.869855][ T8716]  ? __lock_acquire+0xab9/0xd20
[  190.869906][ T8716]  ? __fget_files+0x2a/0x420
[  190.869932][ T8716]  ? __fget_files+0x2a/0x420
[  190.869951][ T8716]  ? __fget_files+0x3a0/0x420
[  190.869971][ T8716]  ? __fget_files+0x2a/0x420
[  190.869997][ T8716]  security_file_ioctl+0xcb/0x2d0
[  190.870020][ T8716]  __se_sys_ioctl+0x47/0x170
[  190.870091][ T8716]  do_syscall_64+0xfa/0x3b0
[  190.870113][ T8716]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.870136][ T8716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.870156][ T8716]  ? clear_bhb_loop+0x60/0xb0
[  190.870182][ T8716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.870201][ T8716] RIP: 0033:0x7f476438e929
[  190.870220][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.870238][ T8716] RSP: 002b:00007f4765167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  190.870261][ T8716] RAX: ffffffffffffffda RBX: 00007f47645b5fa0 RCX: 00007f476438e929
[  190.870275][ T8716] RDX: 0000200000001980 RSI: 0000000000008955 RDI: 0000000000000003
[  190.870287][ T8716] RBP: 00007f4765167090 R08: 0000000000000000 R09: 0000000000000000
[  190.870299][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.870312][ T8716] R13: 0000000000000000 R14: 00007f47645b5fa0 R15: 00007ffd05751108
[  190.870346][ T8716]  </TASK>
[  190.871642][ T8716] ERROR: Out of memory at tomoyo_realpath_from_path.
[  191.366476][ T8730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.900'.
[  191.389788][ T8721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.886'.
[  191.460717][ T8730] netlink: 32 bytes leftover after parsing attributes in process `syz.4.900'.
[  191.528457][ T8730] netlink: 'syz.4.900': attribute type 1 has an invalid length.
[  191.562422][ T8730] netlink: 228 bytes leftover after parsing attributes in process `syz.4.900'.
[  192.271028][ T8749] DRBG: could not allocate digest TFM handle: hmac(sha384)
[  192.918961][ T8775] netlink: 'syz.3.908': attribute type 303 has an invalid length.
[  192.991955][ T8778] FAULT_INJECTION: forcing a failure.
[  192.991955][ T8778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.062406][ T8778] CPU: 0 UID: 0 PID: 8778 Comm: syz.1.912 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  193.062441][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  193.062453][ T8778] Call Trace:
[  193.062461][ T8778]  <TASK>
[  193.062470][ T8778]  dump_stack_lvl+0x189/0x250
[  193.062506][ T8778]  ? __pfx____ratelimit+0x10/0x10
[  193.062529][ T8778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.062558][ T8778]  ? __pfx__printk+0x10/0x10
[  193.062580][ T8778]  ? __might_fault+0xb0/0x130
[  193.062621][ T8778]  should_fail_ex+0x414/0x560
[  193.062649][ T8778]  _copy_from_user+0x2d/0xb0
[  193.062670][ T8778]  ____sys_sendmsg+0x2fe/0x830
[  193.062702][ T8778]  ? __pfx_____sys_sendmsg+0x10/0x10
[  193.062739][ T8778]  ? import_iovec+0x74/0xa0
[  193.062760][ T8778]  ___sys_sendmsg+0x21f/0x2a0
[  193.062902][ T8778]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.062980][ T8778]  ? __fget_files+0x2a/0x420
[  193.063001][ T8778]  ? __fget_files+0x3a0/0x420
[  193.063319][ T8778]  __sys_sendmmsg+0x227/0x430
[  193.063373][ T8778]  ? __pfx___sys_sendmmsg+0x10/0x10
[  193.063398][ T8778]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  193.063465][ T8778]  ? ksys_write+0x22a/0x250
[  193.063495][ T8778]  ? __pfx_ksys_write+0x10/0x10
[  193.063526][ T8778]  ? rcu_is_watching+0x15/0xb0
[  193.063560][ T8778]  __x64_sys_sendmmsg+0xa0/0xc0
[  193.063591][ T8778]  do_syscall_64+0xfa/0x3b0
[  193.063614][ T8778]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.063636][ T8778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.063656][ T8778]  ? clear_bhb_loop+0x60/0xb0
[  193.063681][ T8778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.063700][ T8778] RIP: 0033:0x7ff4a198e929
[  193.063720][ T8778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.063737][ T8778] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  193.063760][ T8778] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  193.063775][ T8778] RDX: 0000000000000001 RSI: 0000200000000940 RDI: 0000000000000003
[  193.063787][ T8778] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  193.063798][ T8778] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  193.063809][ T8778] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  193.063842][ T8778]  </TASK>
[  193.471626][ T8780] netlink: 8 bytes leftover after parsing attributes in process `syz.3.908'.
[  193.557039][ T8771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.908'.
[  193.862680][ T8771] syz.3.908 (8771) used greatest stack depth: 17064 bytes left
[  194.019462][ T8787] netlink: 'syz.2.915': attribute type 1 has an invalid length.
[  194.455140][ T8798] SET target dimension over the limit!
[  194.672704][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  195.324332][ T8820] __nla_validate_parse: 6 callbacks suppressed
[  195.324355][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'.
[  195.395966][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'.
[  195.530248][ T8820] netlink: 'syz.3.928': attribute type 1 has an invalid length.
[  195.565072][ T8820] netlink: 228 bytes leftover after parsing attributes in process `syz.3.928'.
[  197.578358][ T8873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  197.628192][ T8873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  197.822286][ T8881] netlink: 'syz.1.945': attribute type 1 has an invalid length.
[  197.830331][ T8881] netlink: 228 bytes leftover after parsing attributes in process `syz.1.945'.
[  198.569488][ T8892] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  198.777696][ T8902] netlink: 24 bytes leftover after parsing attributes in process `syz.2.955'.
[  199.089236][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.961'.
[  199.107448][ T8915] netlink: 32 bytes leftover after parsing attributes in process `syz.1.962'.
[  199.131592][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.961'.
[  199.219143][ T8918] netlink: 'syz.0.961': attribute type 1 has an invalid length.
[  199.741160][ T8939] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  200.119851][   T12] wlan1: Selected IBSS BSSID 8e:81:2a:8e:3c:8b based on configured SSID
[  200.345737][ T8956] netlink: 'syz.2.978': attribute type 1 has an invalid length.
[  200.353572][ T8956] __nla_validate_parse: 5 callbacks suppressed
[  200.353591][ T8956] netlink: 228 bytes leftover after parsing attributes in process `syz.2.978'.
[  200.381249][ T8962] netlink: 4200 bytes leftover after parsing attributes in process `syz.3.979'.
[  200.433265][ T8962] netlink: 'syz.3.979': attribute type 1 has an invalid length.
[  200.451434][ T8962] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.979'.
[  201.418348][ T8997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.990'.
[  201.494306][ T8999] netlink: 8 bytes leftover after parsing attributes in process `syz.1.992'.
[  201.567868][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.992'.
[  201.617458][ T8999] netlink: 'syz.1.992': attribute type 1 has an invalid length.
[  201.632027][ T8999] netlink: 228 bytes leftover after parsing attributes in process `syz.1.992'.
[  201.970906][ T9015] netlink: 8 bytes leftover after parsing attributes in process `syz.3.997'.
[  202.048832][ T9015] netlink: 16 bytes leftover after parsing attributes in process `syz.3.997'.
[  202.081345][ T9015] netlink: 64 bytes leftover after parsing attributes in process `syz.3.997'.
[  202.272509][ T9027] netlink: 'syz.2.1000': attribute type 1 has an invalid length.
[  202.460468][ T9035] nbd: must specify at least one socket
[  202.476947][ T9035] netlink: 'syz.3.1005': attribute type 3 has an invalid length.
[  202.575167][ T9037] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  203.959375][ T9075] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  204.167099][ T9083] netlink: 'syz.3.1022': attribute type 1 has an invalid length.
[  204.217380][ T9089] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-tlb(5)
[  204.271631][ T9090] rdma_op ffff88807cb3a9f0 conn xmit_rdma 0000000000000000
[  204.751156][ T9098] FAULT_INJECTION: forcing a failure.
[  204.751156][ T9098] name failslab, interval 1, probability 0, space 0, times 0
[  204.780629][ T9098] CPU: 1 UID: 0 PID: 9098 Comm: syz.1.1026 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  204.780663][ T9098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  204.780674][ T9098] Call Trace:
[  204.780682][ T9098]  <TASK>
[  204.780690][ T9098]  dump_stack_lvl+0x189/0x250
[  204.780726][ T9098]  ? __pfx____ratelimit+0x10/0x10
[  204.780750][ T9098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.780778][ T9098]  ? __pfx__printk+0x10/0x10
[  204.780807][ T9098]  ? ref_tracker_alloc+0x318/0x460
[  204.780835][ T9098]  should_fail_ex+0x414/0x560
[  204.780864][ T9098]  should_failslab+0xa8/0x100
[  204.780887][ T9098]  kmem_cache_alloc_noprof+0x73/0x3c0
[  204.780915][ T9098]  ? skb_clone+0x212/0x3a0
[  204.780960][ T9098]  skb_clone+0x212/0x3a0
[  204.780991][ T9098]  __netlink_deliver_tap+0x404/0x850
[  204.781030][ T9098]  ? netlink_deliver_tap+0x2e/0x1b0
[  204.781055][ T9098]  netlink_deliver_tap+0x19c/0x1b0
[  204.781079][ T9098]  netlink_unicast+0x72f/0x8d0
[  204.781113][ T9098]  netlink_sendmsg+0x805/0xb30
[  204.781147][ T9098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.781174][ T9098]  ? aa_sock_msg_perm+0x94/0x160
[  204.781200][ T9098]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  204.781224][ T9098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  204.781248][ T9098]  __sock_sendmsg+0x219/0x270
[  204.781272][ T9098]  ____sys_sendmsg+0x505/0x830
[  204.781306][ T9098]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.781344][ T9098]  ? import_iovec+0x74/0xa0
[  204.781366][ T9098]  ___sys_sendmsg+0x21f/0x2a0
[  204.781395][ T9098]  ? __pfx____sys_sendmsg+0x10/0x10
[  204.781465][ T9098]  ? __fget_files+0x2a/0x420
[  204.781484][ T9098]  ? __fget_files+0x3a0/0x420
[  204.781516][ T9098]  __x64_sys_sendmsg+0x19b/0x260
[  204.781547][ T9098]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  204.781584][ T9098]  ? __pfx_ksys_write+0x10/0x10
[  204.781611][ T9098]  ? rcu_is_watching+0x15/0xb0
[  204.781645][ T9098]  ? do_syscall_64+0xbe/0x3b0
[  204.781672][ T9098]  do_syscall_64+0xfa/0x3b0
[  204.781716][ T9098]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.781737][ T9098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.781755][ T9098]  ? clear_bhb_loop+0x60/0xb0
[  204.781780][ T9098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.781797][ T9098] RIP: 0033:0x7ff4a198e929
[  204.781815][ T9098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.781832][ T9098] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.781854][ T9098] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  204.781869][ T9098] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  204.781882][ T9098] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  204.781893][ T9098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.781904][ T9098] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  204.781946][ T9098]  </TASK>
[  205.483506][ T9117] ip_vti0: entered promiscuous mode
[  205.504807][ T9117] __nla_validate_parse: 9 callbacks suppressed
[  205.504832][ T9117] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1032'.
[  205.603021][ T9119] netlink: 'syz.0.1033': attribute type 1 has an invalid length.
[  205.846482][ T9128] netlink: get zone limit has 4 unknown bytes
[  205.944127][ T9133] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1038'.
[  205.967303][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1037'.
[  206.616739][ T9137] netlink: 'syz.2.1040': attribute type 1 has an invalid length.
[  206.656087][ T9137] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1040'.
[  206.714439][ T9139] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  206.840238][ T9146] vxcan1: entered allmulticast mode
[  206.867347][ T9145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1043'.
[  207.404507][ T9160] FAULT_INJECTION: forcing a failure.
[  207.404507][ T9160] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.462260][ T9160] CPU: 0 UID: 0 PID: 9160 Comm: syz.0.1047 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  207.462293][ T9160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  207.462305][ T9160] Call Trace:
[  207.462313][ T9160]  <TASK>
[  207.462323][ T9160]  dump_stack_lvl+0x189/0x250
[  207.462359][ T9160]  ? __pfx____ratelimit+0x10/0x10
[  207.462383][ T9160]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.462413][ T9160]  ? __pfx__printk+0x10/0x10
[  207.462450][ T9160]  should_fail_ex+0x414/0x560
[  207.462477][ T9160]  _copy_from_user+0x2d/0xb0
[  207.462498][ T9160]  copy_from_sockptr_offset+0x66/0xa0
[  207.462528][ T9160]  do_ipt_set_ctl+0x8ae/0xcd0
[  207.462560][ T9160]  ? rcu_is_watching+0x15/0xb0
[  207.462588][ T9160]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  207.462635][ T9160]  ? __pfx___mutex_lock+0x10/0x10
[  207.462658][ T9160]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  207.462680][ T9160]  ? aa_sk_perm+0x81e/0x950
[  207.462708][ T9160]  ? __pfx_aa_sk_perm+0x10/0x10
[  207.462739][ T9160]  nf_setsockopt+0x26f/0x290
[  207.462769][ T9160]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  207.462795][ T9160]  do_sock_setsockopt+0x25a/0x3e0
[  207.462825][ T9160]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  207.462858][ T9160]  ? __fget_files+0x2a/0x420
[  207.462889][ T9160]  __x64_sys_setsockopt+0x18b/0x220
[  207.462932][ T9160]  do_syscall_64+0xfa/0x3b0
[  207.462954][ T9160]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.462975][ T9160]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.462995][ T9160]  ? clear_bhb_loop+0x60/0xb0
[  207.463020][ T9160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.463039][ T9160] RIP: 0033:0x7f476438e929
[  207.463058][ T9160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.463073][ T9160] RSP: 002b:00007f4765167038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  207.463097][ T9160] RAX: ffffffffffffffda RBX: 00007f47645b5fa0 RCX: 00007f476438e929
[  207.463111][ T9160] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[  207.463124][ T9160] RBP: 00007f4765167090 R08: 00000000000002e0 R09: 0000000000000000
[  207.463137][ T9160] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  207.463149][ T9160] R13: 0000000000000000 R14: 00007f47645b5fa0 R15: 00007ffd05751108
[  207.463182][ T9160]  </TASK>
[  207.909601][ T9172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1046'.
[  208.069986][ T9177] veth1_to_team: entered promiscuous mode
[  208.129522][ T9177] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1050'.
[  209.501586][ T9213] pimreg: left allmulticast mode
[  209.609408][ T9217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1055'.
[  210.045554][ T9217] vlan4: entered promiscuous mode
[  210.092444][ T9217] gretap0: entered promiscuous mode
[  210.189071][ T9227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1057'.
[  210.476068][ T9233] pimreg: entered allmulticast mode
[  210.502369][ T9233] pimreg: left allmulticast mode
[  211.257856][ T9253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1065'.
[  211.807822][ T9264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1070'.
[  212.000195][ T9272] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1071'.
[  212.031403][ T9272] netlink: 'syz.3.1071': attribute type 1 has an invalid length.
[  212.061734][ T9272] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1071'.
[  212.299013][ T9282] netlink: 'syz.0.1077': attribute type 1 has an invalid length.
[  212.688979][ T9301] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1085'.
[  212.928639][ T9309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1089'.
[  213.188341][ T9323] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1093'.
[  213.271694][ T9331] FAULT_INJECTION: forcing a failure.
[  213.271694][ T9331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  213.380488][ T9331] CPU: 1 UID: 0 PID: 9331 Comm: syz.1.1096 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  213.380520][ T9331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.380533][ T9331] Call Trace:
[  213.380540][ T9331]  <TASK>
[  213.380550][ T9331]  dump_stack_lvl+0x189/0x250
[  213.380587][ T9331]  ? __pfx____ratelimit+0x10/0x10
[  213.380610][ T9331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.380635][ T9331]  ? __pfx__printk+0x10/0x10
[  213.380669][ T9331]  should_fail_ex+0x414/0x560
[  213.380699][ T9331]  _copy_to_user+0x31/0xb0
[  213.380722][ T9331]  simple_read_from_buffer+0xe1/0x170
[  213.380749][ T9331]  proc_fail_nth_read+0x1df/0x250
[  213.380777][ T9331]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  213.380805][ T9331]  ? rw_verify_area+0x258/0x650
[  213.380833][ T9331]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  213.380868][ T9331]  vfs_read+0x1fd/0x980
[  213.380901][ T9331]  ? __pfx___mutex_lock+0x10/0x10
[  213.380926][ T9331]  ? __pfx_vfs_read+0x10/0x10
[  213.380956][ T9331]  ? __fget_files+0x2a/0x420
[  213.380983][ T9331]  ? __fget_files+0x3a0/0x420
[  213.381002][ T9331]  ? __fget_files+0x2a/0x420
[  213.381032][ T9331]  ksys_read+0x145/0x250
[  213.381064][ T9331]  ? __pfx_ksys_read+0x10/0x10
[  213.381099][ T9331]  ? do_syscall_64+0xbe/0x3b0
[  213.381125][ T9331]  do_syscall_64+0xfa/0x3b0
[  213.381146][ T9331]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.381167][ T9331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.381188][ T9331]  ? clear_bhb_loop+0x60/0xb0
[  213.381222][ T9331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.381241][ T9331] RIP: 0033:0x7ff4a198d33c
[  213.381266][ T9331] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  213.381284][ T9331] RSP: 002b:00007ff4a2821030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  213.381308][ T9331] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198d33c
[  213.381322][ T9331] RDX: 000000000000000f RSI: 00007ff4a28210a0 RDI: 0000000000000003
[  213.381335][ T9331] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  213.381348][ T9331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.381360][ T9331] R13: 0000000000000001 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  213.381395][ T9331]  </TASK>
[  213.628465][ T9338] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1099'.
[  213.642896][ T9338] netlink: 'syz.3.1099': attribute type 1 has an invalid length.
[  213.656600][ T9338] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1099'.
[  213.769652][ T9342] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1103'.
[  213.797548][ T9344] netlink: 'syz.0.1101': attribute type 1 has an invalid length.
[  214.065652][ T9356] openvswitch: netlink: Missing key (keys=40, expected=80)
[  214.310090][ T9362] vlan2: entered promiscuous mode
[  214.334356][ T9362] gretap0: entered promiscuous mode
[  214.664272][ T9382] FAULT_INJECTION: forcing a failure.
[  214.664272][ T9382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.685957][ T9382] CPU: 0 UID: 0 PID: 9382 Comm: syz.3.1118 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  214.685989][ T9382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  214.686002][ T9382] Call Trace:
[  214.686010][ T9382]  <TASK>
[  214.686018][ T9382]  dump_stack_lvl+0x189/0x250
[  214.686053][ T9382]  ? __pfx____ratelimit+0x10/0x10
[  214.686075][ T9382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.686104][ T9382]  ? __pfx__printk+0x10/0x10
[  214.686139][ T9382]  should_fail_ex+0x414/0x560
[  214.686169][ T9382]  _copy_to_user+0x31/0xb0
[  214.686191][ T9382]  simple_read_from_buffer+0xe1/0x170
[  214.686216][ T9382]  proc_fail_nth_read+0x1df/0x250
[  214.686244][ T9382]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.686271][ T9382]  ? rw_verify_area+0x258/0x650
[  214.686300][ T9382]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.686324][ T9382]  vfs_read+0x1fd/0x980
[  214.686359][ T9382]  ? __pfx___mutex_lock+0x10/0x10
[  214.686383][ T9382]  ? __pfx_vfs_read+0x10/0x10
[  214.686415][ T9382]  ? __fget_files+0x2a/0x420
[  214.686440][ T9382]  ? __fget_files+0x3a0/0x420
[  214.686459][ T9382]  ? __fget_files+0x2a/0x420
[  214.686489][ T9382]  ksys_read+0x145/0x250
[  214.686519][ T9382]  ? __pfx_ksys_read+0x10/0x10
[  214.686544][ T9382]  ? rcu_is_watching+0x15/0xb0
[  214.686579][ T9382]  ? do_syscall_64+0xbe/0x3b0
[  214.686605][ T9382]  do_syscall_64+0xfa/0x3b0
[  214.686626][ T9382]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.686646][ T9382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.686666][ T9382]  ? clear_bhb_loop+0x60/0xb0
[  214.686691][ T9382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.686710][ T9382] RIP: 0033:0x7fdb09d8d33c
[  214.686729][ T9382] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  214.686747][ T9382] RSP: 002b:00007fdb0ab2a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  214.686770][ T9382] RAX: ffffffffffffffda RBX: 00007fdb09fb5fa0 RCX: 00007fdb09d8d33c
[  214.686785][ T9382] RDX: 000000000000000f RSI: 00007fdb0ab2a0a0 RDI: 0000000000000004
[  214.686797][ T9382] RBP: 00007fdb0ab2a090 R08: 0000000000000000 R09: 0000000000000000
[  214.686810][ T9382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.686821][ T9382] R13: 0000000000000000 R14: 00007fdb09fb5fa0 R15: 00007ffe49cb3168
[  214.686863][ T9382]  </TASK>
[  215.257714][ T9398] netlink: 'syz.1.1122': attribute type 1 has an invalid length.
[  215.457830][ T9409] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  215.635408][ T9419] vlan2: entered promiscuous mode
[  215.754612][ T9423] ip6gretap0: entered promiscuous mode
[  215.775841][ T9423] macsec1: entered promiscuous mode
[  215.790842][ T9423] macsec1: entered allmulticast mode
[  215.811869][ T9423] ip6gretap0: entered allmulticast mode
[  215.843024][ T9423] ip6gretap0: left allmulticast mode
[  215.849011][ T9423] ip6gretap0: left promiscuous mode
[  215.947977][ T9431] dvmrp0: entered allmulticast mode
[  216.090969][ T9399] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  216.468525][ T9450] __nla_validate_parse: 8 callbacks suppressed
[  216.468547][ T9450] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1139'.
[  217.081364][ T9477] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  217.117545][ T9481] Cannot find set identified by id 1 to match
[  217.223304][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  217.230473][ T5149] Bluetooth: hci3: command 0x0406 tx timeout
[  217.230527][ T5833] Bluetooth: hci2: command 0x0406 tx timeout
[  217.454495][ T9491] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1151'.
[  217.626357][ T9501] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1156'.
[  217.672919][ T9506] netlink: 'syz.3.1153': attribute type 1 has an invalid length.
[  217.680891][ T9506] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1153'.
[  217.897101][ T9514] IPv6: syztnl1: Disabled Multicast RS
[  218.068250][ T9519] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1158'.
[  218.123659][ T9520] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1159'.
[  218.167350][ T9520] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1159'.
[  218.233241][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1159'.
[  218.293226][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1161'.
[  218.654339][ T9540] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1167'.
[  218.753636][ T9542] FAULT_INJECTION: forcing a failure.
[  218.753636][ T9542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.779683][ T9540] Bluetooth: MGMT ver 1.23
[  218.797282][ T9542] CPU: 0 UID: 0 PID: 9542 Comm: syz.1.1169 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  218.797314][ T9542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.797326][ T9542] Call Trace:
[  218.797335][ T9542]  <TASK>
[  218.797343][ T9542]  dump_stack_lvl+0x189/0x250
[  218.797379][ T9542]  ? __pfx____ratelimit+0x10/0x10
[  218.797401][ T9542]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.797431][ T9542]  ? __pfx__printk+0x10/0x10
[  218.797468][ T9542]  should_fail_ex+0x414/0x560
[  218.797499][ T9542]  _copy_to_user+0x31/0xb0
[  218.797521][ T9542]  simple_read_from_buffer+0xe1/0x170
[  218.797547][ T9542]  proc_fail_nth_read+0x1df/0x250
[  218.797571][ T9542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  218.797592][ T9542]  ? rw_verify_area+0x258/0x650
[  218.797616][ T9542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  218.797641][ T9542]  vfs_read+0x1fd/0x980
[  218.797677][ T9542]  ? __pfx___mutex_lock+0x10/0x10
[  218.797702][ T9542]  ? __pfx_vfs_read+0x10/0x10
[  218.797733][ T9542]  ? __fget_files+0x2a/0x420
[  218.797760][ T9542]  ? __fget_files+0x3a0/0x420
[  218.797779][ T9542]  ? __fget_files+0x2a/0x420
[  218.797931][ T9542]  ksys_read+0x145/0x250
[  218.797979][ T9542]  ? __pfx_ksys_read+0x10/0x10
[  218.798016][ T9542]  ? do_syscall_64+0xbe/0x3b0
[  218.798045][ T9542]  do_syscall_64+0xfa/0x3b0
[  218.798067][ T9542]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.798090][ T9542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.798110][ T9542]  ? clear_bhb_loop+0x60/0xb0
[  218.798135][ T9542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.798155][ T9542] RIP: 0033:0x7ff4a198d33c
[  218.798175][ T9542] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  218.798193][ T9542] RSP: 002b:00007ff4a2821030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  218.798217][ T9542] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198d33c
[  218.798231][ T9542] RDX: 000000000000000f RSI: 00007ff4a28210a0 RDI: 0000000000000003
[  218.798244][ T9542] RBP: 00007ff4a2821090 R08: 0000000000000000 R09: 0000000000000000
[  218.798256][ T9542] R10: 0000000000000066 R11: 0000000000000246 R12: 0000000000000001
[  218.798268][ T9542] R13: 0000000000000001 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  218.798301][ T9542]  </TASK>
[  219.585229][ T9559] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  219.631792][ T9561] FAULT_INJECTION: forcing a failure.
[  219.631792][ T9561] name failslab, interval 1, probability 0, space 0, times 0
[  219.692485][ T9561] CPU: 1 UID: 0 PID: 9561 Comm: syz.1.1175 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  219.692519][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.692531][ T9561] Call Trace:
[  219.692539][ T9561]  <TASK>
[  219.692559][ T9561]  dump_stack_lvl+0x189/0x250
[  219.692595][ T9561]  ? __pfx____ratelimit+0x10/0x10
[  219.692618][ T9561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.692648][ T9561]  ? __pfx__printk+0x10/0x10
[  219.692678][ T9561]  ? __pfx___might_resched+0x10/0x10
[  219.692707][ T9561]  ? fs_reclaim_acquire+0x7d/0x100
[  219.692737][ T9561]  should_fail_ex+0x414/0x560
[  219.692769][ T9561]  should_failslab+0xa8/0x100
[  219.692792][ T9561]  __kmalloc_cache_noprof+0x70/0x3d0
[  219.692809][ T9561]  ? rtnl_newlink+0xed/0x1c70
[  219.692829][ T9561]  ? kasan_save_free_info+0x46/0x50
[  219.692858][ T9561]  rtnl_newlink+0xed/0x1c70
[  219.692879][ T9561]  ? netlink_sendmsg+0x805/0xb30
[  219.692901][ T9561]  ? __sock_sendmsg+0x219/0x270
[  219.692920][ T9561]  ? sock_sendmsg+0x158/0x230
[  219.692936][ T9561]  ? splice_to_socket+0x8ff/0xf10
[  219.692954][ T9561]  ? do_splice+0xc79/0x1660
[  219.692971][ T9561]  ? __se_sys_splice+0x2e1/0x460
[  219.692989][ T9561]  ? do_syscall_64+0xfa/0x3b0
[  219.693010][ T9561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.693039][ T9561]  ? __pfx_rtnl_newlink+0x10/0x10
[  219.693091][ T9561]  ? kasan_quarantine_put+0xdd/0x220
[  219.693119][ T9561]  ? lockdep_hardirqs_on+0x9c/0x150
[  219.693150][ T9561]  ? nlmon_xmit+0xb0/0x100
[  219.693166][ T9561]  ? kmem_cache_free+0x18f/0x400
[  219.693194][ T9561]  ? __local_bh_enable_ip+0x12d/0x1c0
[  219.693223][ T9561]  ? lockdep_hardirqs_on+0x9c/0x150
[  219.693246][ T9561]  ? __local_bh_enable_ip+0x12d/0x1c0
[  219.693274][ T9561]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  219.693308][ T9561]  ? __dev_queue_xmit+0x27e/0x3a70
[  219.693353][ T9561]  ? __lock_acquire+0xab9/0xd20
[  219.693418][ T9561]  ? __pfx_rtnl_newlink+0x10/0x10
[  219.693441][ T9561]  rtnetlink_rcv_msg+0x7cc/0xb70
[  219.693469][ T9561]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  219.693491][ T9561]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.693510][ T9561]  ? ref_tracker_free+0x63a/0x7d0
[  219.693534][ T9561]  ? __copy_skb_header+0xa7/0x550
[  219.693574][ T9561]  ? __pfx_ref_tracker_free+0x10/0x10
[  219.693597][ T9561]  ? __skb_clone+0x63/0x7a0
[  219.693634][ T9561]  netlink_rcv_skb+0x208/0x470
[  219.693660][ T9561]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.693684][ T9561]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  219.693725][ T9561]  ? netlink_deliver_tap+0x2e/0x1b0
[  219.693748][ T9561]  ? netlink_deliver_tap+0x2e/0x1b0
[  219.693779][ T9561]  netlink_unicast+0x75b/0x8d0
[  219.693814][ T9561]  netlink_sendmsg+0x805/0xb30
[  219.693851][ T9561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.693880][ T9561]  ? aa_sock_msg_perm+0x94/0x160
[  219.693907][ T9561]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  219.693931][ T9561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.693957][ T9561]  __sock_sendmsg+0x219/0x270
[  219.693982][ T9561]  sock_sendmsg+0x158/0x230
[  219.694007][ T9561]  ? __pfx_sock_sendmsg+0x10/0x10
[  219.694044][ T9561]  ? __asan_memset+0x22/0x50
[  219.694070][ T9561]  ? iov_iter_bvec+0xb8/0x180
[  219.694103][ T9561]  splice_to_socket+0x8ff/0xf10
[  219.694150][ T9561]  ? __pfx_splice_to_socket+0x10/0x10
[  219.694168][ T9561]  ? aa_file_perm+0x3e7/0xed0
[  219.694223][ T9561]  ? get_pid_task+0x20/0x1f0
[  219.694264][ T9561]  ? bpf_lsm_file_permission+0x9/0x20
[  219.694290][ T9561]  ? security_file_permission+0x75/0x290
[  219.694313][ T9561]  ? rw_verify_area+0x258/0x650
[  219.694344][ T9561]  ? __pfx_splice_to_socket+0x10/0x10
[  219.694363][ T9561]  do_splice+0xc79/0x1660
[  219.694404][ T9561]  ? __pfx_vfs_write+0x10/0x10
[  219.694440][ T9561]  ? __pfx_do_splice+0x10/0x10
[  219.694457][ T9561]  ? sched_clock_cpu+0x74/0x430
[  219.694499][ T9561]  __se_sys_splice+0x2e1/0x460
[  219.694528][ T9561]  ? __pfx___se_sys_splice+0x10/0x10
[  219.694569][ T9561]  ? __x64_sys_splice+0x21/0xf0
[  219.694594][ T9561]  do_syscall_64+0xfa/0x3b0
[  219.694619][ T9561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.694637][ T9561]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  219.694657][ T9561]  ? clear_bhb_loop+0x60/0xb0
[  219.694682][ T9561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.694701][ T9561] RIP: 0033:0x7ff4a198e929
[  219.694720][ T9561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.694738][ T9561] RSP: 002b:00007ff4a2821038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  219.694761][ T9561] RAX: ffffffffffffffda RBX: 00007ff4a1bb5fa0 RCX: 00007ff4a198e929
[  219.694775][ T9561] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  219.694787][ T9561] RBP: 00007ff4a2821090 R08: 0000000000010d00 R09: 0000000000000000
[  219.694799][ T9561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.694811][ T9561] R13: 0000000000000000 R14: 00007ff4a1bb5fa0 R15: 00007fff98043698
[  219.694845][ T9561]  </TASK>
[  220.354374][ T9566] sock: sock_timestamping_bind_phc: sock not bind to device
[  220.423890][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  220.434244][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  220.442500][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  220.452435][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  220.460585][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  221.370502][ T9567] chnl_net:caif_netlink_parms(): no params data found
[  221.737723][ T9617] __nla_validate_parse: 6 callbacks suppressed
[  221.737743][ T9617] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1194'.
[  221.763611][ T9567] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.772605][ T9567] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.780764][ T9567] bridge_slave_0: entered allmulticast mode
[  221.814931][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1194'.
[  221.829709][ T9567] bridge_slave_0: entered promiscuous mode
[  221.923039][ T9567] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.963976][ T9567] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.971749][ T9567] bridge_slave_1: entered allmulticast mode
[  222.000030][ T9567] bridge_slave_1: entered promiscuous mode
[  222.116618][ T9625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1197'.
[  222.166146][ T9628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1197'.
[  222.220403][ T9625] netlink: 'syz.1.1197': attribute type 1 has an invalid length.
[  222.226633][ T9567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  222.228788][ T9625] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1197'.
[  222.259460][ T9567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.393527][ T9632] FAULT_INJECTION: forcing a failure.
[  222.393527][ T9632] name failslab, interval 1, probability 0, space 0, times 0
[  222.414458][ T9632] CPU: 0 UID: 0 PID: 9632 Comm: syz.2.1198 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  222.414490][ T9632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  222.414502][ T9632] Call Trace:
[  222.414511][ T9632]  <TASK>
[  222.414520][ T9632]  dump_stack_lvl+0x189/0x250
[  222.414555][ T9632]  ? __pfx____ratelimit+0x10/0x10
[  222.414579][ T9632]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.414608][ T9632]  ? __pfx__printk+0x10/0x10
[  222.414639][ T9632]  ? ref_tracker_alloc+0x318/0x460
[  222.414669][ T9632]  should_fail_ex+0x414/0x560
[  222.414701][ T9632]  should_failslab+0xa8/0x100
[  222.414724][ T9632]  kmem_cache_alloc_noprof+0x73/0x3c0
[  222.414754][ T9632]  ? skb_clone+0x212/0x3a0
[  222.414798][ T9632]  skb_clone+0x212/0x3a0
[  222.414832][ T9632]  __netlink_deliver_tap+0x404/0x850
[  222.414872][ T9632]  ? netlink_deliver_tap+0x2e/0x1b0
[  222.414898][ T9632]  netlink_deliver_tap+0x19c/0x1b0
[  222.414925][ T9632]  netlink_unicast+0x72f/0x8d0
[  222.414961][ T9632]  netlink_sendmsg+0x805/0xb30
[  222.414998][ T9632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.415027][ T9632]  ? aa_sock_msg_perm+0x94/0x160
[  222.415054][ T9632]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  222.415079][ T9632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.415104][ T9632]  __sock_sendmsg+0x219/0x270
[  222.415130][ T9632]  ____sys_sendmsg+0x505/0x830
[  222.415166][ T9632]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.415205][ T9632]  ? import_iovec+0x74/0xa0
[  222.415230][ T9632]  ___sys_sendmsg+0x21f/0x2a0
[  222.415261][ T9632]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.415334][ T9632]  ? __fget_files+0x2a/0x420
[  222.415355][ T9632]  ? __fget_files+0x3a0/0x420
[  222.415390][ T9632]  __x64_sys_sendmsg+0x19b/0x260
[  222.415421][ T9632]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  222.415460][ T9632]  ? __pfx_ksys_write+0x10/0x10
[  222.415486][ T9632]  ? rcu_is_watching+0x15/0xb0
[  222.415522][ T9632]  ? do_syscall_64+0xbe/0x3b0
[  222.415550][ T9632]  do_syscall_64+0xfa/0x3b0
[  222.415571][ T9632]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.415593][ T9632]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.415613][ T9632]  ? clear_bhb_loop+0x60/0xb0
[  222.415638][ T9632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.415655][ T9632] RIP: 0033:0x7f7062d8e929
[  222.415674][ T9632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.415691][ T9632] RSP: 002b:00007f7063ccd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  222.415713][ T9632] RAX: ffffffffffffffda RBX: 00007f7062fb5fa0 RCX: 00007f7062d8e929
[  222.415726][ T9632] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  222.415739][ T9632] RBP: 00007f7063ccd090 R08: 0000000000000000 R09: 0000000000000000
[  222.415751][ T9632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.415763][ T9632] R13: 0000000000000000 R14: 00007f7062fb5fa0 R15: 00007ffd5455dbe8
[  222.415803][ T9632]  </TASK>
[  222.770283][ T5835] Bluetooth: hci1: command tx timeout
[  222.895326][ T9567] team0: Port device team_slave_0 added
[  222.988641][ T9567] team0: Port device team_slave_1 added
[  223.125382][ T9635] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1193'.
[  223.225848][ T9567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  223.246142][ T9567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.298269][ T9567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.335706][ T9567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.355304][ T9567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.400267][ T9567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.559319][ T9655] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1204'.
[  223.568824][ T9655] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1204'.
[  223.592335][ T9655] netlink: 'syz.2.1204': attribute type 20 has an invalid length.
[  223.663799][ T9567] hsr_slave_0: entered promiscuous mode
[  223.683281][ T9567] hsr_slave_1: entered promiscuous mode
[  223.689963][ T9567] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.728394][ T9567] Cannot create hsr debugfs directory
[  224.062289][ T9662] FAULT_INJECTION: forcing a failure.
[  224.062289][ T9662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.093887][ T9662] CPU: 0 UID: 0 PID: 9662 Comm: syz.2.1206 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  224.093920][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  224.093933][ T9662] Call Trace:
[  224.093942][ T9662]  <TASK>
[  224.093951][ T9662]  dump_stack_lvl+0x189/0x250
[  224.093988][ T9662]  ? __pfx____ratelimit+0x10/0x10
[  224.094012][ T9662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  224.094043][ T9662]  ? __pfx__printk+0x10/0x10
[  224.094065][ T9662]  ? __might_fault+0xb0/0x130
[  224.094109][ T9662]  should_fail_ex+0x414/0x560
[  224.094140][ T9662]  _copy_from_user+0x2d/0xb0
[  224.094161][ T9662]  ___sys_sendmsg+0x158/0x2a0
[  224.094193][ T9662]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.094264][ T9662]  ? __fget_files+0x2a/0x420
[  224.094284][ T9662]  ? __fget_files+0x3a0/0x420
[  224.094319][ T9662]  __x64_sys_sendmsg+0x19b/0x260
[  224.094350][ T9662]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  224.094389][ T9662]  ? __pfx_ksys_write+0x10/0x10
[  224.094417][ T9662]  ? rcu_is_watching+0x15/0xb0
[  224.094453][ T9662]  ? do_syscall_64+0xbe/0x3b0
[  224.094481][ T9662]  do_syscall_64+0xfa/0x3b0
[  224.094502][ T9662]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.094534][ T9662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.094555][ T9662]  ? clear_bhb_loop+0x60/0xb0
[  224.094580][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.094599][ T9662] RIP: 0033:0x7f7062d8e929
[  224.094618][ T9662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.094636][ T9662] RSP: 002b:00007f7063ccd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.094659][ T9662] RAX: ffffffffffffffda RBX: 00007f7062fb5fa0 RCX: 00007f7062d8e929
[  224.094675][ T9662] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  224.094687][ T9662] RBP: 00007f7063ccd090 R08: 0000000000000000 R09: 0000000000000000
[  224.094700][ T9662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.094712][ T9662] R13: 0000000000000000 R14: 00007f7062fb5fa0 R15: 00007ffd5455dbe8
[  224.094745][ T9662]  </TASK>
[  224.453150][ T9666] wg0: entered promiscuous mode
[  224.458176][ T9666] wg0: entered allmulticast mode
[  224.825357][ T5835] Bluetooth: hci1: command tx timeout
[  224.911249][ T9567] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.926331][ T9678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  224.965302][ T9678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'.
[  225.037143][ T9567] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.114849][ T9678] netlink: 'syz.2.1211': attribute type 1 has an invalid length.
[  225.200513][ T9567] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.354977][ T9567] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.597417][ T9687] syzkaller0: entered promiscuous mode
[  225.608333][ T9687] syzkaller0: entered allmulticast mode
[  226.912608][ T5835] Bluetooth: hci1: command tx timeout
[  227.475687][ T9706] syzkaller0: tun_chr_ioctl cmd 1074025677
[  227.482182][ T9706] syzkaller0: linktype set to 774
[  228.006369][ T9739] __nla_validate_parse: 1 callbacks suppressed
[  228.006395][ T9739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1226'.
[  228.024931][ T9567] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  228.060023][ T9740] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1226'.
[  228.077220][ T9739] erspan0: entered promiscuous mode
[  228.086038][ T9739] macvtap2: entered promiscuous mode
[  228.091661][ T9739] macvtap2: entered allmulticast mode
[  228.099672][ T9739] erspan0: entered allmulticast mode
[  228.127473][ T9567] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  228.152817][ T9740] erspan0: left allmulticast mode
[  228.158135][ T9740] erspan0: left promiscuous mode
[  228.212562][ T9567] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  228.261683][ T9567] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  228.300023][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1228'.
[  228.322281][ T9744] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1228'.
[  228.357129][ T9744] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1228'.
[  228.366775][ T9754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1230'.
[  228.394999][ T9754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1230'.
[  228.483361][ T9754] netlink: 'syz.1.1230': attribute type 1 has an invalid length.
[  228.491289][ T9754] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1230'.
[  228.603938][ T9567] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.644280][ T5901] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[  228.674764][ T5901] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[  228.684422][ T9567] 8021q: adding VLAN 0 to HW filter on device team0
[  228.703690][ T5901] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  228.765391][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.772773][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.838675][ T6468] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.845955][ T6468] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.991292][ T5835] Bluetooth: hci1: command tx timeout
[  229.296113][ T9788] xt_socket: unknown flags 0xfc
[  229.348323][ T9790] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1244'.
[  229.512076][ T9797] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1246'.
[  229.773234][ T9567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  229.925097][ T9819] veth0: entered promiscuous mode
[  230.382856][ T9567] veth0_vlan: entered promiscuous mode
[  230.436562][ T9567] veth1_vlan: entered promiscuous mode
[  230.518206][ T6468] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  230.540870][ T9567] veth0_macvtap: entered promiscuous mode
[  230.549722][ T6468] ------------[ cut here ]------------
[  230.593058][ T6468] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1229:5
[  230.609434][ T9567] veth1_macvtap: entered promiscuous mode
[  230.614577][ T6468] index 1 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  230.666009][ T6468] CPU: 1 UID: 0 PID: 6468 Comm: kworker/u8:11 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  230.666041][ T6468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.666053][ T6468] Workqueue: events_unbound cfg80211_wiphy_work
[  230.666085][ T6468] Call Trace:
[  230.666094][ T6468]  <TASK>
[  230.666102][ T6468]  dump_stack_lvl+0x189/0x250
[  230.666139][ T6468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.666168][ T6468]  ? __pfx__printk+0x10/0x10
[  230.666198][ T6468]  ubsan_epilogue+0xa/0x40
[  230.666217][ T6468]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  230.666256][ T6468]  ieee80211_request_ibss_scan+0x600/0x8b0
[  230.666295][ T6468]  ieee80211_ibss_work+0xd8a/0x1060
[  230.666326][ T6468]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.666351][ T6468]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.666372][ T6468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.666392][ T6468]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  230.666429][ T6468]  ? skb_dequeue+0x10e/0x150
[  230.666447][ T6468]  ? ieee80211_iface_work+0xcdb/0xfe0
[  230.666472][ T6468]  ? ieee80211_iface_work+0xf39/0xfe0
[  230.666505][ T6468]  ? rcu_is_watching+0x15/0xb0
[  230.666542][ T6468]  cfg80211_wiphy_work+0x2dc/0x460
[  230.666565][ T6468]  ? process_scheduled_works+0x9ef/0x17b0
[  230.666597][ T6468]  process_scheduled_works+0xae1/0x17b0
[  230.666661][ T6468]  ? __pfx_process_scheduled_works+0x10/0x10
[  230.666712][ T6468]  worker_thread+0x8a0/0xda0
[  230.666743][ T6468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.666773][ T6468]  ? __kthread_parkme+0x7b/0x200
[  230.666803][ T6468]  kthread+0x70e/0x8a0
[  230.666828][ T6468]  ? __pfx_worker_thread+0x10/0x10
[  230.666857][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.666881][ T6468]  ? _raw_spin_unlock_irq+0x23/0x50
[  230.666900][ T6468]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.666917][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.666939][ T6468]  ret_from_fork+0x3fc/0x770
[  230.666970][ T6468]  ? __pfx_ret_from_fork+0x10/0x10
[  230.667006][ T6468]  ? __switch_to_asm+0x39/0x70
[  230.667024][ T6468]  ? __switch_to_asm+0x33/0x70
[  230.667048][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.667072][ T6468]  ret_from_fork_asm+0x1a/0x30
[  230.667109][ T6468]  </TASK>
[  230.670656][ T6468] ---[ end trace ]---
[  230.702001][ T9567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.809635][ T6468] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  230.809658][ T6468] CPU: 1 UID: 0 PID: 6468 Comm: kworker/u8:11 Not tainted 6.16.0-rc3-syzkaller-00867-g8efa26fcbf8a #0 PREEMPT(full) 
[  230.809685][ T6468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.809698][ T6468] Workqueue: events_unbound cfg80211_wiphy_work
[  230.809727][ T6468] Call Trace:
[  230.809736][ T6468]  <TASK>
[  230.809745][ T6468]  dump_stack_lvl+0x99/0x250
[  230.809777][ T6468]  ? __asan_memcpy+0x40/0x70
[  230.809804][ T6468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.809832][ T6468]  ? __pfx__printk+0x10/0x10
[  230.809866][ T6468]  panic+0x2db/0x790
[  230.809900][ T6468]  ? __pfx_panic+0x10/0x10
[  230.809923][ T6468]  ? _printk+0xcf/0x120
[  230.809948][ T6468]  ? __pfx__printk+0x10/0x10
[  230.809977][ T6468]  check_panic_on_warn+0x89/0xb0
[  230.810003][ T6468]  __ubsan_handle_out_of_bounds+0xe9/0xf0
[  230.810039][ T6468]  ieee80211_request_ibss_scan+0x600/0x8b0
[  230.810075][ T6468]  ieee80211_ibss_work+0xd8a/0x1060
[  230.810104][ T6468]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.810127][ T6468]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  230.810146][ T6468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.810166][ T6468]  ? __pfx_ieee80211_ibss_work+0x10/0x10
[  230.810200][ T6468]  ? skb_dequeue+0x10e/0x150
[  230.810219][ T6468]  ? ieee80211_iface_work+0xcdb/0xfe0
[  230.810242][ T6468]  ? ieee80211_iface_work+0xf39/0xfe0
[  230.810264][ T6468]  ? rcu_is_watching+0x15/0xb0
[  230.810303][ T6468]  cfg80211_wiphy_work+0x2dc/0x460
[  230.810325][ T6468]  ? process_scheduled_works+0x9ef/0x17b0
[  230.810355][ T6468]  process_scheduled_works+0xae1/0x17b0
[  230.810412][ T6468]  ? __pfx_process_scheduled_works+0x10/0x10
[  230.810458][ T6468]  worker_thread+0x8a0/0xda0
[  230.810497][ T6468]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.810525][ T6468]  ? __kthread_parkme+0x7b/0x200
[  230.810554][ T6468]  kthread+0x70e/0x8a0
[  230.810579][ T6468]  ? __pfx_worker_thread+0x10/0x10
[  230.810606][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.810630][ T6468]  ? _raw_spin_unlock_irq+0x23/0x50
[  230.810648][ T6468]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.810666][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.810688][ T6468]  ret_from_fork+0x3fc/0x770
[  230.810718][ T6468]  ? __pfx_ret_from_fork+0x10/0x10
[  230.810750][ T6468]  ? __switch_to_asm+0x39/0x70
[  230.810768][ T6468]  ? __switch_to_asm+0x33/0x70
[  230.810785][ T6468]  ? __pfx_kthread+0x10/0x10
[  230.810812][ T6468]  ret_from_fork_asm+0x1a/0x30
[  230.810849][ T6468]  </TASK>
[  230.811802][ T6468] Kernel Offset: disabled