last executing test programs:

2.438526795s ago: executing program 1 (id=3433):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
readv(r0, &(0x7f0000000380)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
connect$x25(0xffffffffffffffff, &(0x7f0000000000), 0x12)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000180), 0x35c, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r2, 0x89e2, &(0x7f0000000380)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})

1.979991463s ago: executing program 3 (id=3437):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0x9, &(0x7f0000000380)=@raw=[@btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x860}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x8}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000300)='GPL\x00', 0x20000, 0xa3, &(0x7f0000000400)=""/163, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0xc04f, 0xffffffffffffffff, 0x9, &(0x7f0000000500)=[0x1, 0x1], &(0x7f0000000540)=[{0x5, 0x1, 0x5}, {0x2, 0x1, 0xa, 0xb}, {0x5, 0x3, 0xb, 0xd}, {0x1, 0x1, 0x8, 0x6}, {0x4, 0x1, 0x1, 0x9}, {0x5, 0x4, 0x2, 0x2}, {0x4, 0x1, 0x5, 0xa}, {0x0, 0x5, 0x10, 0xb}, {0x5, 0x1, 0xa, 0x7}], 0x10, 0x1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x4, &(0x7f0000000140)=ANY=[@ANYRESHEX=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x83e00, 0x6, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r1}, 0x94)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x38, 0xa, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4800}, 0x4c040) (async)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x38, 0xa, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4800}, 0x4c040)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xf, 0x5, 0x7, 0x5, 0x4, 0x1, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x50) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xf, 0x5, 0x7, 0x5, 0x4, 0x1, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4}, 0x50)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'syztnl2\x00', &(0x7f00000008c0)={'syztnl2\x00', <r4=>0x0, 0x4, 0xeb, 0x7, 0xd, 0x22, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x7830, 0x3, 0x2}})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x3, 0x7}, 0x50) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x3, 0x7}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r5, 0x0, &(0x7f0000001700)=""/53}, 0x20) (async)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r5, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r5, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x50)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x2, 0x4, 0x4a0, 0xffffffff, 0xd0, 0x300, 0x300, 0xfeffffff, 0xffffffff, 0x3d0, 0x3d0, 0x3d0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @empty, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x1}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@common=@unspec=@cpu={{0x28}, {0xff, 0x1}}, @common=@rt={{0x138}, {0x7, [0x7, 0x6], 0x3, 0x8, 0x1, [@loopback, @local, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @dev={0xfe, 0x80, '\x00', 0x3a}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast1, @private0, @mcast1, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @remote], 0x9}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40)={0x1, <r9=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000014c0)={{0x1}, &(0x7f0000000a80), &(0x7f0000001480)=r1}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000014c0)={{0x1, <r10=>0xffffffffffffffff}, &(0x7f0000000a80), &(0x7f0000001480)=r1}, 0x20)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000010000000000000060018200000", @ANYRES32=r11, @ANYBLOB="0000000007000000c30009400000000095"], &(0x7f00000002c0)='syzkaller\x00', 0xc, 0xdf, &(0x7f0000001400)=""/223, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x22}, 0x94)
r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001540)=@generic={&(0x7f0000001500)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000015c0)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000740)=@raw=[@map_fd={0x18, 0xf, 0x1, 0x0, r3}], &(0x7f0000000780)='GPL\x00', 0x1, 0xc2, &(0x7f00000007c0)=""/194, 0x41000, 0x4, '\x00', r4, 0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x1, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x2badc, r2, 0x0, &(0x7f0000001580)=[r5, r6, r7, r9, r10, 0x1, r11, r12], 0x0, 0x10, 0x1ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000006feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed00007203feff000000001d44000000000000db0a00fee10000007303000000000000b500f3ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
pipe(&(0x7f0000000180)={<r13=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r13, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, 0x140f, 0x300, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'sa\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'cm\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4004004) (async)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r13, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, 0x140f, 0x300, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'sa\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'cm\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4004004)

1.914388856s ago: executing program 0 (id=3438):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="2000000076000d0b0040000000000000030000000000000008000500", @ANYRES32=0x0, @ANYBLOB="4876238ca5a337e46ad12de11a6e050500000087b1ad3812dd47ffa84b34d19f15dcbaa2fdf54568bf"], 0x20}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000000500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000280)="c1188e19b95d02ff4280860188a8", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000840)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x3)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000001040)=0x2a9, 0x4)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000000800010002081000418e00000004fcff", 0x58}], 0x1000000000000015)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x400400, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000a80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x161, 0x161, 0x5, [@union={0xc, 0x5, 0x0, 0x5, 0x0, 0x2, [{0x1, 0x5, 0x4}, {0x10, 0x2, 0xff}, {0x0, 0x4, 0x800}, {0x2, 0x2, 0x80000001}, {0x1, 0x5, 0xfffffffc}]}, @struct={0xf, 0x1, 0x0, 0x4, 0x0, 0x3, [{0x2, 0x0, 0xfffffffc}]}, @typedef={0x8, 0x0, 0x0, 0x8, 0x3}, @union={0x6, 0x6, 0x0, 0x5, 0x0, 0x1, [{0x5, 0x5, 0x9}, {0x7, 0x2, 0x1}, {0xb, 0x5, 0x80000001}, {0x4}, {0x4, 0x3, 0x9}, {0xc, 0x3, 0x7e7a8}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3, 0x7}}, @datasec={0x10, 0x1, 0x0, 0xf, 0x1, [{0x5, 0x3, 0x1f0}], "ee"}, @struct={0xc, 0x4, 0x0, 0x4, 0x1, 0xe4c, [{0x0, 0x0, 0x8}, {0x0, 0x3, 0x6}, {0x1, 0x1, 0x3}, {0x10, 0x1, 0x9}]}, @func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0xa, 0x4}, {0xe}, {0x6, 0x5}, {0x3, 0x3}, {0x3, 0x1}]}]}, {0x0, [0x61, 0x2e, 0x61]}}, &(0x7f00000007c0)=""/216, 0x181, 0xd8, 0x1, 0x6, 0x10000, @value=r5}, 0x28)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, r7, 0x0, 0x0, 0x1}, 0x50)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000340)={r2, r8}, 0xc)
ioctl$PPPIOCATTCHAN(r6, 0x40047438, &(0x7f0000000540)=0x2)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x45, 0x0, 0x4, 0x80000000}, {0x80, 0x3}, {0x0, 0xfd}, {0x0, 0x0, 0xfe, 0x10000000}, {0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0xf8}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)

1.82045271s ago: executing program 3 (id=3440):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x3}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x7, 0x4, 0x2, 0x0, r0, 0x800}, 0x50) (async)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r1, &(0x7f00000003c0), &(0x7f0000000580)=@tcp=r3}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f00000003c0), &(0x7f0000000300)=@tcp=r2, 0x1}, 0x20)

1.657916812s ago: executing program 3 (id=3442):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0d0072761af700000000000004", @ANYRES32=r0, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000020000000400"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1e000000a9080000030000008207000002040200", @ANYRES32, @ANYBLOB="9246ffff00000000000000000000000000000000abbe95c7f57124393bfea80af96f63c464243cd41dcdc39a09397357b1cd43fb296c4bcbd3318e2bf20c3382ebc02d8c310f818dafea4995c24234aaf405b5222892bdbfe7ad85c1e3f69cb42f182f32e1625753e63a17dd66a7675d2665feff85abcf846c9496845d53", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000002000000020000000800"/28], 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={r0, 0x58, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x8, <r4=>0x0}, 0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f00000010c0)=0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r7, 0x84, 0x18, &(0x7f00000000c0)={r9, 0x15}, &(0x7f0000000140)=0x8)
write$cgroup_int(r6, &(0x7f0000000200)=0x10001, 0x12)
sendfile(r6, r5, 0x0, 0xf03a0005)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x15, 0x2, &(0x7f0000000040)=@raw=[@map_idx={0x18, 0x5, 0x5, 0x0, 0x3}], &(0x7f0000000080)='GPL\x00', 0x4, 0xa0, &(0x7f0000000140)=""/160, 0x0, 0x2e, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x0, 0x1000, 0x7ff}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000380)=[r5], &(0x7f00000003c0), 0x10, 0x8000}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000fcff00000000000000000000850000003600000085000000d000000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x0, 0xe, 0xfffffffffffffe83, &(0x7f0000000180)="e0856497d56cfb9ceef0b9320aee", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0xf, &(0x7f0000000400)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @alu={0x4, 0x1, 0xc, 0x7, 0x8, 0x4, 0x10}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @map_fd={0x18, 0x8, 0x1, 0x0, r2}], &(0x7f0000000080)='syzkaller\x00', 0x1, 0xa4, &(0x7f0000000480)=""/164, 0x0, 0xd, '\x00', r3, @netfilter=0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x4, 0x3, 0x5, 0x101}, 0x10, r4, r10, 0x2, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x4, 0x3, 0x1, 0x9}, {0x3, 0x5, 0x3, 0x8}], 0x10, 0x6}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)=ANY=[@ANYBLOB="5b1a033f2511aaaaaaaaaabb080046004578000000000023907800000000000000000000000000649078100000000000000000000000fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bdae00dd7f0000000000e400000000000035f3c07eeca4a00a9858ac150000000063081fe8fe001a08ed082ad7121d696f"], 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r11}, &(0x7f00000002c0), &(0x7f0000000240)=r12}, 0x20)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r13, 0x0)
r14 = socket$inet6(0xa, 0x800000000000002, 0x0)
socketpair(0x23, 0x2, 0x0, &(0x7f0000000040))
setsockopt$SO_TIMESTAMPING(r14, 0x1, 0x25, &(0x7f0000000340)=0x152, 0x4)
setsockopt$inet6_int(r14, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
setsockopt$SO_TIMESTAMP(r14, 0x1, 0x23, &(0x7f0000000200)=0x7fff, 0x4)

1.476219705s ago: executing program 1 (id=3447):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000ff070000000000000300000018110000", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpu.stat\x00', 0x26e1, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000000980)=ANY=[@ANYBLOB="c97e0cf8f013d75aa0e8408c24b9131bcb6de991937357938cbbf1e898432ac9f2f7fee00131447262273640b9a3ab0a7fbe5db06551b9ae8ebe2ee87aa06df74560203ee7e00b800974c4d438da3516d3804bfca2d57e6327da1131edcdecb23cf16aada0bbc313b7f7642d57975bb8d6851fcd99f51d26a450c0fec3c9ac77c3cb18e82f0beea41381680ab3fde87f433725294dce89482d9b392e13a23a5f2fb0b2cf250c011a4f462d376f338ac7dc9ba4233e4ccb05dc86c7c7351d95be17e638dccb6aa192f2642921ec2f81564e8438d7fbf11535a49979b8e6913f3d6a5379ae9c947c037f9e0c71a7779536f4c40985e04280f59c52bbdd69f6746469c0586d79064215a32522e7b4283f7fe7da70900f052d1c862ac53a6a3962839b9007030244ae95a1ebef35e8fffe03af5b1769b7d7e106833729765ebc26762bab2a41f9a1a71782b16cc4ac39a3a081257232f67dad905cbab93457af7cb3b5906f5287505fabc405cc68f061201e82c12bf81ee6baad", @ANYBLOB="8433fac3dbf9da36b5218cacb945157fc3e180a2c99c2631ca63f8d0b2113dadc1c182d189be69b23f9114dfb1b67396bf9add45987fd5c80bdf28b3df0e36d7425cc3a0436d0681781a448a733e04d1111324e25949522164b6cb0bc9f96eb42256e3d03f032b06266af1e231231494913ab482a23f43418deee384a92fc1a2edd08e9cc85dbc6d0ac0d9a17432b5d11873799eebea7d2166f8eaa30f7db3607ed4a83be9c8b78c34959d982157a858f90e941a048397dd81391df564b961fd9a3c2f961b617279b4bf10fd406966fe56b091c95bcaa44bc7cb06103f71a057eacb7b299ebb03ac6a21a69380aaf86bb2c192c52dc647", @ANYBLOB="010029bd7000fddbdf25010000000800030007000000080004000400000005000500030000000500060001000000"], 0x34}, 0x1, 0x4000000000000000, 0x0, 0x882}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="10000000000004583e6d56aa5d1908000300", @ANYRES32=r4, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x8080)
sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x3000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000000180), 0x0, 0x24004441)
syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket(0x2, 0x80805, 0x0)
ioctl$SIOCX25GSUBSCRIP(r5, 0x89e0, &(0x7f0000000000)={'rose0\x00', 0x0, 0xfffffffd})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.swap.current\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0xfffffffffffffffc, 0x10)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvfrom(r7, 0x0, 0x4f, 0x40002021, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

1.432666952s ago: executing program 4 (id=3448):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
r1 = socket$netlink(0x10, 0x3, 0x14) (rerun: 32)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r3 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 64)
ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f00000000c0))
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r6, &(0x7f0000019080)={0x1f, 0x54, @any, 0x0, 0x1}, 0xe) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xffffd000) (async)
setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000280)=0x1, 0x4) (async)
ioctl$sock_TIOCINQ(r5, 0x541b, &(0x7f0000004b80)) (async)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x40, r4, 0x1, 0xffffff80, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x80}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x40}}, 0x20000000) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401000000000000000000090002002f797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r9=>0x0}) (rerun: 64)
sendmsg$NL80211_CMD_GET_SCAN(r7, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r8, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r7) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newlink={0x54, 0x10, 0x403, 0x0, 0x80000000, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bond={{0x9}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BOND_FAIL_OVER_MAC={0x5, 0xd, 0x1}, @IFLA_BOND_PRIMARY_RESELECT={0x5}, @IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x54}}, 0x0)

1.415091838s ago: executing program 2 (id=3449):
socket(0x10, 0x803, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a00300000", @ANYRES16, @ANYRESOCT, @ANYBLOB="0000000000000000000000000000000009000000000000000100000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000001000000009554172f326b2fda4354df843bbf32a3bb72c9379f5602754fd552c6b09ab2cd249634acf09c846896fdd88c"], 0xb8}}, 0x4000)

1.25398987s ago: executing program 2 (id=3450):
socket$rds(0x15, 0x5, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x50003}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x7e88d3b9274a05c3, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xfffffffc}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x6, 0x7, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5d}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.129768687s ago: executing program 4 (id=3451):
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0", 0x3a}], 0x1)
r0 = accept4$rose(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f00000000c0)=@default)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1.118780106s ago: executing program 2 (id=3452):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x11, 0x4, 0x4, 0x2}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x2b, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r5, 0x6, 0x21, 0x0, 0x0)
ioctl$PPPIOCGCHAN(r5, 0x80047437, &(0x7f00000001c0))
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="5953fdfffffffddbdf256b000000080043"], 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x50)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e26, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
connect$inet(r2, &(0x7f00000002c0)={0x2, 0x4620, @empty}, 0x10)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000180)={0x2, 'pim6reg1\x00', 0x1}, 0x18)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4)
setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000040)=0x1, 0x4)
setsockopt$packet_tx_ring(r6, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x3, 0x1c, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x17}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffd8f}, 0x90)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r10, &(0x7f0000004000)=[{{&(0x7f0000000980)={0xa, 0x4e21, 0x7fffffff, @mcast2, 0x6}, 0x1c, 0x0, 0x0, &(0x7f0000000a40)=[@rthdr={{0x28, 0x29, 0x39, {0x84, 0x2, 0x2, 0x1, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}}}], 0x28}}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

1.006076208s ago: executing program 0 (id=3453):
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={<r1=>r0})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r2, 0x0, 0x9}, 0x18)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
ioctl$SIOCPNGETOBJECT(r1, 0x89e0, &(0x7f0000000080)=0x3)
close(r4)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r0, r2})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x5, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x40040)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r5})

927.060772ms ago: executing program 0 (id=3454):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=@newqdisc={0x60, 0x24, 0x4, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_red={{0x8}, {0x34, 0x2, [@TCA_RED_FLAGS={0xc, 0x4, {0x7, 0x9}}, @TCA_RED_EARLY_DROP_BLOCK={0x8, 0x5, 0x4}, @TCA_RED_PARMS={0x14, 0x1, {0x7fff, 0x7fff, 0x9, 0x1d, 0xe, 0x19, 0x2}}, @TCA_RED_MAX_P={0x8, 0x3, 0x3}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000020}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0x8}, @TCA_HHF_EVICT_TIMEOUT={0x8, 0x6, 0xffffffff}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x200040f0}, 0x4890)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r8)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, &(0x7f0000001640)={{r1}, "395310f69ec9bd9e35e03c1ac17edff9e1c8aadf268f165fb488a17596dcc4c8fe7f1006c133ffd97820786b628d0e4f5940c29b2a200d834bdc635c271e39056c2dbaf1c8c51b1bb614ad7c3a81b2132befa990355def0711b8369c71e33ce15c6212ca18f8d0ac58c80b66c59b1855646318c224d71aaf6f6dcb405d347e0aeaa8ea6c521bd3c9621b4b44b6c38a269168039dd5904551785918ac4367cfb6e01bf9d88409aea2a1cbb1e96853882b46b7267b8808e371a0dfcdb9a95606cfdd1c64bfe70decea9a205e5385fdef6059e509a3526e97bbf07ac140c2991e0b112c53a45c74573be67d6b4bd0a8ca0d2ee4d95e0d64a75ad18ce6b642249ab88fab540394667b99673474e8bbf92ca80b3a085417269da3438662f5ce79f1b80d87acc83b5ae9d3c1bedf11debbbfc268308e7c57fb006419e7398d3c043d0e7dd4e05388170cd7a7f104844858f1412e662a0caeebb47275fd3e7db472bddc89b770a3b359ec4443d1c367f6f09f16318caae4bc2881182c51633464ac522fb36754f402f64ce88816d175c11fb028bb8b96fab3db0bc2789fcfd22b0fce9c876f76f71cc31622664b3437f8948a02a8add9e46b1940497ee5d335b32899765487790e13239a672ca8a500336cf6f6e52189c831905ec3be7cf0eff51234903fd738ff33c7cecbca0cdf1a664c9847ff1bec9e4bcc393fd31ffc97074137a1be984a8279e9680d1372b2026f58dad4b79eb6121bef585e98b18ecf2dd9c790aefdfa34b7394f7e4eb8bff6f2203feee758dc3291ff6fc7dae843407079d0a099ddf8012c3e947b3c00f2c9307933adff5cc0809ad371802393f8e861ad7a2b943f5cc9d56c89e952b217fffc936c9fa533979733cab8a0cde5475943bab99d9641936c17bc01f939a4bcc6c172fbac7076037f14107a97c5eb73f994fa241c55767c5ebfcef7c2d7251c0953dd23fa8b31ffab550bcb27db9ce7a51b3476e664ba78f1dc3bc699128a4b99d0cc7efdda6c4a9de62ed209d4f7e80335b276e19fd08edbe4045ac0df0ac0a7b27f38c6f842740e8f78194724e3b8228135027962f8f470a8fa6fda0b850864eb8f6d7e59e413d28a5c5a09ede12b5b597628b8f11b5d9d1f07d9f27ef60514cc1c392175b7a04ca34ef540f80ff88290102c511b3afc38a7e83b5644463414e93a87fe84733b0666d398650723b635edcb31c358546054e6166dd8b5987cb3e28d5686659d9374f07310cc70b4a8e678ed4c792652fbd2f11c9e7a5eacf62615027c21ce25bdeb6718201be17332f8cafe81798051c98b9621e72189c96fbb51863c538280822b4a73416dbf15a3d07b11baacb1fcd5b20442500ef99e04de96ba4aa7730f9f341a5d54f2ea76beb04523fb32652f604d9333165b20a66daa22e5da326c35cb41b7efc6d260aedcecb6811bc0356f3a91d1a59b7f92591bb0b70c38aa263cdc5f89e844edbfdebabc8d8406c106d2f326f624c487b192e15fc84f6d0eda7ae48e2d7ecb986f6ee5fb2601ad79f9aeb6d4147119c04cd8295fce28572b6d07d94805e0280e7540de3b5520dc4697cef5b5f0cfe1acd7b926268dc8a0e8610e677b433f74058a4367aa8caa1d04835fd14aad40f15e8530ab9a06b8dc33d202858cd260e47862a2ed67a0e5a216fec726e929fb945c1cd43c6372feac81d541d1645e08a20bb581b2d169ccb1d092df495897d35d941fd7159f64e7b060df4994087cbde21df340f847995058e0e8077bb7f01c578d97a63c802341cf6ca868ae745d0ecbdb46939f01a447012fa8e9948a10aeb19ef87cb830c9da7ca7f1341a909c9ccd761c7afe36e42df39c659e2db99a4f8256780b788a880c82e02e5070da54c92d997e9a9616113f310cde6856c892873faaa23015987a5fc8a6bb6ebc464c2eb83ea405faab95d1a2ba246178824274ba33947ea5c9cbc39f362aaaa180114ad8ce8d02157f9cb6819104bfac87831d32f3fb8f5734c6c6cb93bb24ac7499a380ea6e7eb23baa330af86ece3b2c750db628bf96b6d6a227e427893acd8dbdc1609b7fd309292ea4c105d53695b87bcce057a33135945ebf53166e26533acba8a0ce49c8bd8e8cb061d7b3db1c85251a3741caea660d4a15722605a6f2e3d011383800c99f077fa4ba4fbd72f44596452f54a4b64ff187e09a83af2b14defd521b71b49b4d334283862ea4c6e71fd2ecabc615205895f12fd466ac05d34816ef426ccd37bbbdad843ee80f8e9d040d6a244e40ec44b9fceb729e42a9aa0db8595a9f597f1ccc1a961ffd15f6ff8eebe8ad4a97bfb5b2b8cd7bc8f600c1016b87627a124e3a324ed285a6091ed198a4d6d28a616f62dece09c45b0ce94ed9054eb5a161e18b7e36743fc54272f8c0e6b363ccc398dd8164025e77ff4816400d9e1b2c699dd20cf77e6e7bf67fefbd5c9e6e3855a5f997f1ce8d23143db1d9f7efd16a9b0bdbc13e7cc3d6764071017abd0626fef562c44669e433d93868eee609939ae3b75107f3ed2c71ee2c901bdf646d540c3c2c12052b2590918ed7534d3850e4d65788b8be38b12c63f983acb25be63b48c93ab11bf2e4667738ce64dcb40a9e070e68f1e64a0fbd6e27bcc4646d7cd91309b7deff7df0e751be03fb12d9466be1e0ede900fd1b1a87d634bbbc6af7521c11afe5a6963e103230869c2ab85fcac496f69adfab69e16724ba5c51edddda858ad9c33fd1b2b3f679f82561d2705024f785731d0016a3c462b1e16145f958d1777a05ddfe1afb33feb844ef9ef108d1bd43725206bd83d977ca59b5c8d1afaa0e669ecf97b5992697ff0108346cfb3b6b24964d736091e2c0c435f729e3cdfaf23fa2880a107ffa22b50aa4faa875a4b1310df7506152021465defb9d325231998ef32ed714b6abbbb94ddd4000ed2716665bb6c631fbc62646521f2d8ff3160bebe677114f1f53b6334e5453292f030557c7627cc9974193bdf47f14f6d4896e1bb30758701563600a8dd59da67da3b2103783b9cdae5a45039940422eea2231d174c99a81ca469cb5320dd8dbaced6945f2692dc4e2d71a4f5889d57f75ea1d2ce7c9b41216e63b6dd04b9359aa11414786477eb9c241947e06908620b03c68b0825f8f9e584c6f70693bbce453d7ed44949bfdfc2ff1328ca42d9ce989c7876ffb3fcecfb3839a7935e01842e3fee541b570543dbfb7f730a4d8dabecd6a9d49f39f12ce6c7b319aca84accb45af85717616c8d052f1f3e39bbd08c76b0d8133951056c8619a1855727c17c99bef03a686729d530a359b7915ec4b78569220ad582943e9453878003e42f1982afef2cd2a633be7c560c4b7ad0c5b7a282566c99e3046b0a3cfa981a4fd12aed98cdb750fa034c95f41f47ce9f143f1b2b9d0c41663a94a5e3c319850d191260442aae98fad7bc7e4c4c948688df3132375281b61e44d933b1aa57e2b0d93748683530f1231d971803da3ffd23ec76d6cb4c920470338650a80458f90e0d6f202902a51b17f7aaa262e812a2cd4320f006587d3eb2bda0e2f5f78cfb75d8c67ae20bd224fa7a9b037d83df6ca22bef2c86dd7a8808622073439b01d9277482be3c5f01067f3b5b593ce2c12fc0f7d049cbc298b4f7531c40351aa38d239af10982951f3859ccdd9a1d965720a3a4dc674aa56a1751e283679a2359d824a5847b3c2b7b6fbcb89d5cc06fdadf76825be931d3e95553573bae2e715ce5ca8b4d01ed95673c1ef9298b2b835877c413065df731acea4e7b5ea751bfa41592af23018c81f2b7add94a410858384b87e61843d0f2d9161a0fc9a1a9bf7189dbbb7231729cdef7dddaee4d4cfd89afe3f0367fef49e06176ba2eed5e04831d56fe544101fc501a300d0e6bf5083ded0d20ec11433629e1b4b0145f0c2e4b33704afdefd6aaa793c18efbce549afd0588ddc0251cb4ca5eb04b9bf9772450e415e7c690409b55ef0fe3fe549c8b7b7ad1898f8684c767270f6920d02023f964db8f4d1dc8a01be274c7260b636dd4e656f2239d820984d33546b815d3b529a52237d31c559eb0b11ca5be7ed71d2d9765d0926b2500baa560d99f650fda0c731a4336a6d198eb5ac1e05c6acd5cab08c656f1fde9f0ceb8318b7f333cb0da703930acb54e319a141413ac01f1194102ea5a248c338767755bec7dadd8985c2c6a9178c8330dc58f49d88c1fade53a524f835df487df36b20c38d52b47e507d9811eeddf3d969aea64b34012fca5c3222196097fee0e3db644c4a2f23f0e8d4af61f91203be1df24c9613e60ab90a4c402b18d35425850b5e89ab2bd78bc8dadeeb026285a4db5fd7c47639fd3b72174d09cbe81dce29fc6229644a668e584797840a9a89929e27f2eba1b83c832c6b6a80c7f536635dece9015ba1c02e0595abf2d6d1599642e8f4dc04a2599b311dbd1115459f9c016c9134d190209e8e6551bf89ececa261729e0bc22cc47d109dd7afa9d02797a4dd2adde30917560e9dea3c7508492f93928750f158cd983d18e1515a7e76ab848fbf6977b46354af175a86ed560a7aef7143df9393e0da367d2aec67aaa9c2c5328e68576ba910adaf4dd8c954b89ef0b45bb35c400ae906cdbec876cd510ea80d955c35aa1d2a0cb65c154978601e0c5eb8f9f15bb4a775a05311e6372231507f9248312d8101d1a808f84f30fd211502e90c6e80fab026c71ae252005624abf2ca7ab34b1a456c4886324ddc07e3cfccfd330f239aea6c281aa5451fceeb31b973f430917a213664701a5fc45fe0dd9904d8bd41eb6fff5d2287f4289ca63b2eecad9b9c159faa727c397a1a4e54faf26bd11a1a58d7553b7de9b8f1386215d1693019c42f03135d56cb80855a2855cb2a9c3d993ff4a5730c0d754d28e27cc6e7f3d24f942033903b5e821fd862b696591b516525352e257464ad9fa71625457edcd5e39181a268215d57d5c338777251942e044174c03a14bcf8a8f4c58a74cd13a68f0b18910a60c994cbb06aafe94ecf1c55bcb13b3a5bff5e0cb1d796611c7fd3cee43a693b496a9d6968ff8a441c1b0a2c0cd4a7f6a13ed798adf08d35c6775e23fe4b2dbed808bf46dabfd2513eff7ce21676788f61e6ca4bbcebbe34194862331483be1c8a14b849ddebdd7e5086da3a4b856d779089eeb3eae5ec3b23b00495cdb44add4825ea79cd780513f362e798d787b7f87b482298e977515c1bd01c80a9b11fecc088844184d78908bc0be956485b6f7edd1ec1b6e9b7153ecd853efec7448a5166e2decee46bca70a2ec952ceac63ef1a151a421bcdace48cb2bab7103b39b80e5fd5199420889c45141099a60a11f7917ca2e7f6c6815a24f349d455a4f11ab778ac541d7875811c5be6c74284830735bbb480a7635fa6f53c6837fa96bc995c149556887a048d940af13b4a81bb79328b114472c2d3218ad7487b43cba84f4ce6b9290379ea5e9e922b7690d0418eb864ed6105482cd67ae73aa990d222cd5a4aa5f2b6ac949772d0aa316da8924112d704cda7a2e6b70c682b45c3c1d2d766fe0b9ebd5ffe7d5489230fe46f37b64bf9b25409d786ad08da6ae01de43d03d2ac9242a7bb9444f902bf4b76a15d93a9206a7532db690fdfced9d63777fc0e0983de32097c65119178bc7296ec6a1acd95a0b7b751f99b71e3e88abcb9439ba2b1c6cf276b7cc3a1ae546044958ef186a9def8afb57daf3f56b06389e74fe7545985088a8c134403f8dcddc3a00c31eb8ecd8ee23544e4005970d00945cd96cd1dedb206c"})
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r9, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0), 0x0, 0x0, 0x40}}], 0x48, 0x20}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xffffe000)

896.331697ms ago: executing program 4 (id=3455):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f0000000080)={'syztnl1\x00', <r2=>0x0, 0x10, 0x0, 0x3f, 0x1, {{0x1c, 0x4, 0x3, 0x7, 0x70, 0x64, 0x0, 0x4, 0x4, 0x0, @empty, @multicast2, {[@noop, @timestamp_prespec={0x44, 0x4c, 0xd1, 0x3, 0x8, [{@rand_addr=0x64010100, 0xfff}, {@multicast2, 0xb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfffffffd}, {@rand_addr=0x1, 0x1665}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@multicast1, 0x5}, {@private=0xa010102}, {@multicast1, 0xe}, {@broadcast, 0xbf7}]}, @end, @rr={0x7, 0xb, 0x75, [@multicast1, @multicast2]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', r2, 0x29, 0x6, 0x81, 0x7, 0x0, @mcast1, @dev={0xfe, 0x80, '\x00', 0x13}, 0x80, 0x7, 0xfff, 0x3db}})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
getsockopt$inet_tcp_int(r0, 0x6, 0x4, 0x0, &(0x7f0000000180))

610.864728ms ago: executing program 2 (id=3456):
recvmmsg(0xffffffffffffffff, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
unshare(0x20000400)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$tun(r3, &(0x7f00000002c0)=ANY=[], 0x33)
sendfile(r3, r2, 0x0, 0x10000)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f00000012c0)='ns/ipc\x00')
unshare(0x6a040000)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x5, 0x2, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
sendmsg$inet(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="5f24aad40200080000f2ca6c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bind$rose(0xffffffffffffffff, &(0x7f0000000000)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40)

608.887425ms ago: executing program 3 (id=3457):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc00fffe000000008000f0fffeffe809005300fff5dd00000010000100040c100000000000224e0000", 0x58}], 0x1)

607.158982ms ago: executing program 4 (id=3458):
socket$rds(0x15, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x7e88d3b9274a05c3, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xfffffffc}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x6, 0x7, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5d}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

532.891491ms ago: executing program 0 (id=3459):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
unshare(0x24060400)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r5, &(0x7f0000000000), 0x8)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_TIOCOUTQ(r6, 0x5411, &(0x7f0000000100))
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='fscache_cache\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
r8 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000009500"/24, @ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYBLOB="5e6e5fa39ac7e3a6d37ce6526dae265487f82a65971e5a111f92d47d14e76a76a7273483be3bcc152033ea8aa84748c9a7164b8a4fb4c98171cd44b5a5af4474ec8eb242b2c385bae4357b5dc4aca0df4285067bad24eb9e2638f8091425eeb9c5b7e1469a4d8f3f4dfd9803ce1c9979745c0c16ce79bd42377a93c594295c", @ANYRESDEC=r1, @ANYBLOB="5e573aa5b50bb58f37e2a277a9c278afa87c255e7815257ff32367061d41682a2aae15db772dbe59d05fb089351cbd8811234025e3a5252a92dd59138242ad7fe0c1b94f32a92ea6436c98135be567d80be28d9f022942c06480458600261b5a5b", @ANYRES32, @ANYRESOCT=r6], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRES32=r9, @ANYBLOB="1100"/12, @ANYRES32=r8, @ANYBLOB="0c1ea1f62d1c37f9c3a0417dbc035b4c1a0651bf65de43db37fcbdf534e70d1261826e3c9b0c00000000000000f83f25c8d01eb3e7a5aa85ea9f30f329", @ANYRES64=0x0], 0x20)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r10, 0x84, 0x77, &(0x7f00000000c0)={<r12=>0x0, 0x9, 0x7, [0xe68, 0x3cc, 0xfffb, 0x5, 0x3ff, 0x40, 0x8]}, &(0x7f0000000300)=0x16)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r11, 0x84, 0x6c, &(0x7f0000000100)={r12}, &(0x7f00000001c0)=0x8)
write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0x10448)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r14, 0x0, 0x2}, 0x18)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r10, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES32=r9, @ANYBLOB="000053b91020000000000000", @ANYRES32=r10, @ANYBLOB, @ANYRES64=0x0], 0x20)
setsockopt$XDP_UMEM_FILL_RING(r8, 0x11b, 0x5, &(0x7f0000000400)=0x204015, 0x4)
socket$inet6_udplite(0xa, 0x2, 0x88)

531.773683ms ago: executing program 1 (id=3460):
socket(0x10, 0x803, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000020000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80c0}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a00300000", @ANYRES16, @ANYRESOCT, @ANYBLOB="0000000000000000000000000000000009000000000000000100000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000001000000009554172f326b2fda4354df843bbf32a3bb72c9379f5602754fd552c6b09ab2cd249634acf09c846896fdd88c"], 0xb8}}, 0x4000)

530.631991ms ago: executing program 3 (id=3461):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000000)=0xff)
r1 = accept4(r0, &(0x7f0000000040)=@alg, &(0x7f00000000c0)=0x80, 0x80000)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r2, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xaf}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x3004c000}, 0x4b628322d91a3cac)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000240)={<r4=>0x0, @in6={{0xa, 0x4e23, 0x1d, @loopback, 0x1}}, 0x7295, 0xc85}, &(0x7f0000000300)=0x90)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000340)={<r5=>r4, @in={{0x2, 0x4e21, @remote}}, 0x4, 0x9, 0x1, 0x1000, 0xa8}, &(0x7f0000000400)=0x98)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000440)={0x3, [0xffc7, 0x6, 0x4]}, 0xa)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000480)={0x4, [0x3, 0x80, 0x101, 0x8]}, &(0x7f00000004c0)=0xc)
r6 = accept4$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000540)=0x14, 0x80800)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f00000005c0)={0x1, &(0x7f0000000580)=[{0xf, 0x7f, 0x6, 0x9}]}, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000600)={r5, 0x6}, 0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000a40)={&(0x7f0000000640)=@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000680)="dcab2532b6ab1c1d897290a9d9ca983ea99d73b2a95a0fb91bd1ea97ccc6c569e3345df4ab5952889a62c553faaf6bc92f6c228dacb8595930b335c7c8530d8299466a9f90175e546e2b4b1944e7533a4c692da76a662b4b07bc9e014e53a57d9f4fcfc642cfe5b5204df5d35eb4db20f54384430663493f377e196254e041560cde955d13eabd4c1e7aedc159524a88577f6f064544b4549b4b8e246bd5b68d4b3347a9286242b1e5d45b222820cd7eddafcf516fe69d82a5f5259fe272987f905a925e597b4911a0b4dc8823d7b235539e51bc640cc1", 0xd7}, {&(0x7f0000000780)="c5c03286840929cb6e23f69dc25efdad89c5901f403254e99ccf047f0df26b1687bdd9bc733dc63f21c35e73d692c8a7f709870fe71ddfa4fcd4371117ab89f528ff8be37ddf229adae28c2d29ee7b7f45ed04118404720c01e22e6ca63251ae75ba760afaf59e521c", 0x69}, {&(0x7f0000000800)="c44c103eac430bef0e633962857b8810403a5766df62011f94317207fd8c695c4135fbe00b980555a654e77578beeb595271ce5db20bf0ba2c15d0a69937f98e20b06aa1cb0ead7aaf2782fb6e6ca4df2af7aa20f57ac9e71aea3da8e1e1f3a8aa12813bd0f93a8d77cc763f81afdd96fddfee687960752ef18539df4c50e27e12a97d951544c4140c18077ac4fcdccf927ac2ac4a7274cd575ae77ba5ad7475c2225c010c19e7d5f4b3ccfbeb80bd28d44d24957196155fdbe62ef2745516096762f0dcb99a61e669297b211f3f4cd478d08a594c14da1a90a065e31a603f843cdf8fdae950ef10e3a9ac2f4049", 0xee}], 0x3, &(0x7f0000000940)=[@dstaddrv6={0x20, 0x84, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1e}}}, @authinfo={0x18, 0x84, 0x6, {0x8}}, @sndrcv={0x30, 0x84, 0x1, {0x3, 0x1, 0x5, 0x2, 0x6, 0x1000, 0x42aba4e7, 0x7fffffff, r5}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast2}, @prinfo={0x18, 0x84, 0x5, {0x20, 0x9}}, @sndrcv={0x30, 0x84, 0x1, {0xb, 0x3, 0xa, 0x4, 0xffffffee, 0x4, 0x8, 0x80000001, r4}}, @authinfo={0x18, 0x84, 0x6, {0x8000}}, @init={0x18, 0x84, 0x0, {0x1, 0xc5a, 0x9, 0x8}}], 0x100, 0x4}, 0x8084)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000ac0), r1)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x34, r7, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x91)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_FLUSH(r8, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x28, 0x0, 0x20, 0x70bd25, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x4)
bind$bt_hci(r1, &(0x7f0000000cc0)={0x1f, 0x1, 0x4}, 0x6)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), r1)
sendmsg$NL80211_CMD_DISASSOCIATE(r8, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x40, r9, 0x5f53db9346f3cc98, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x401}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x850)
ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x1)
sendmsg$TIPC_CMD_GET_NODES(r8, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x1c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x44000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000f80), r8)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r10, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x34, r11, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x9d0}, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f00000010c0), r8)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x1c, r12, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4)
sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000001280)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x24, r9, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x27}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4141}, 0x24008001)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f00000012c0), 0x4)

391.254015ms ago: executing program 3 (id=3462):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
syz_emit_ethernet(0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) (async)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x1, {0x2, 0xff, 0x7}, 0xfe}, 0x18) (async)
sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0xc0) (async)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x1, {0x2, 0xff, 0x7}, 0xfe}, 0x18) (async)
r5 = socket$vsock_stream(0x28, 0x1, 0x0) (async)
clock_gettime(0x0, &(0x7f0000000080)={<r6=>0x0, <r7=>0x0})
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, &(0x7f0000000100)={r6, r7/1000+60000}, 0x10)
write$cgroup_int(r0, &(0x7f0000000200), 0x806000) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r3, 0x40089413, &(0x7f0000000040)=0x2)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockname(r9, &(0x7f00000014c0)=@ll={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80)
sendmsg$nl_route_sched(r8, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000009380)={&(0x7f0000000140)=@deltfilter={0x34, 0x2d, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r10, {}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x200480c4}, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000740)={0x0, 0x2, 0x0, 0x20b7ee})

345.576136ms ago: executing program 4 (id=3463):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x0)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, &(0x7f0000000100))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)=<r3=>0x0)
syz_open_procfs$namespace(r3, &(0x7f0000000040)='ns/time\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00+!\x00ZR7'], 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r8=>0x0})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r9, 0x0)
r10 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r10, &(0x7f0000000140)={'full'}, 0xfffffdef)
ioctl$int_in(r10, 0x5452, &(0x7f0000000240)=0x3)
sendmsg$kcm(r10, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818)
setsockopt$sock_attach_bpf(r10, 0x1, 0x7, &(0x7f0000000340), 0x4)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x30, r11, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xefffffff]}]}]}, 0x30}}, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r12, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x20, r13, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}]}]}, 0x20}}, 0x0)

332.339696ms ago: executing program 1 (id=3464):
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={<r1=>r0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r3, 0x0, 0x9}, 0x18)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
ioctl$SIOCPNGETOBJECT(r1, 0x89e0, &(0x7f0000000080)=0x3)
close(r5)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r0, r3})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x5, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x40040)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r6})

331.365296ms ago: executing program 0 (id=3465):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000000), &(0x7f0000000040)=0x8)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0xe}, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}, [{0xe, 0x1, "2025b07f3c58"}]}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000002e0000004f0000000000000025000000000000009500000d00000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xd, &(0x7f0000000180)=""/153, 0x0, 0x8, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000180)={r4})
close(0x3)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000940)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x20}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0xc000}, @IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f00000001c0), 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74", 0x83}], 0x1}}], 0x1, 0x2090)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000280)=0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x6, 0x8, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r7}, &(0x7f0000000180), &(0x7f0000000100)=r6}, 0x20)
r8 = openat$cgroup(0xffffffffffffffff, &(0x7f00000002c0)='syz1\x00', 0x200002, 0x0)
openat$cgroup_int(r8, &(0x7f0000000340)='cpu.idle\x00', 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r7, &(0x7f0000000880), 0x0}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000200))
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f00000000c0)=0xe8)
sendmsg$nl_generic(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000b40)={0x1148, 0x1b, 0x20, 0x70bd28, 0x25dfdbff, {0xf}, [@generic="458b9d7f15edadd4b6ff65968473a00c3a0227460ea90cd9c77913b601093de56435f6cb8ba9548601363e6c4411745351296ed2d69679926e594a750068941fd86600149fbfd81a5eeec002076fbb8709bd89b180d5edb818584317ccf9bb67d771ffdb35e11b6e3f2f2983141175066245849a71140985d493ff600e463a562fb3537fc0743b292499a7aeb725e849ebdea24da2a1e0cd9185eecaeb1ce5a453060b936a07596a33f7f0198929bb6e9fb4ac84c1bb07202f3bffa5652990b28ba75ea05189ce489732707f3a7e42875f6a75608a19f5954750b53dc89ef998041f2be7c2a5d38925e29f6f5b214ec77c0e14f15dab418a50c5bfe5be83b46426774cd283714d13500c1f2924d296933db5295a5996eb0d8c4ee99c8a60a5fa83f56dfd7965836f4847a7a4c460b62ac1083d43a353dab3de55b3d7faa52ff345cf29023aed8c137d8894424b8a79752984a56d14315668d985d11f865a0f27c43610ff856f0d70c9ebe53003b12a073722f859cb7501eb2c95d6133ec1ea1ba00f2991d7d3f78e00c679b3e1871e278355093d3c81709961193c28d61989eee0dd11e9fafe875c680b76bcc68cbb23258b2fc68b50d09a5f411aef5ee9832e94d62a46ced71c8218f785d8585315d618b8d3018159ecf0a5078e8c4725dae5c9945426ceb62fe641dfeb15188ab24a9e054b2f9ef724701a1ffaf9c12e5ca3ba5149d9cb95028484b1c93fc5667439e5b1e15607bebc426dcb45b0ee5429c41a06456812c9b2928c1b695ec9924ca1432e844a39b364cb3d15a57e9ebffbf26891f4207d8f81fcebcc46d3fe3b5a2471191660c70e4bfccdd5fcf2dbf0e2be00c604bb5ac2060d683f1c569227674929ec7d1fa89148d5eadca2e63a41978f3c2eed830220fc03226b021a25b3143b450ee20028506566e84a3b7a1b76a6f78e8369a8fd159bcf87211b449891a192ac698f91bee8b7a0b4ab2242b581f39395256664a8a6be10c989c42f01d4f0e57418719c5ad75cf1151857931f93aa448a6c379475bc83118a4cb545b12f6fc5c46be1f6c7af83c16b30aad631fe2e0550a998b637f76258670a3984227c9dfc5766d60a95d2b531c084572f69551900e0435133dfd6065474de4a802e31db892e9066d081085ffae3425831fcc22a50c16e1646ef0c3c89addc85019fed8778017c8351ccbf1ad2c1aab20456b2a0809bbdec99d214219c09ecff20c572841f742a205e5245cf925c51dca6b73821ea3e96e9f6842c00911d91816747f16c58977a7190d7dcd4db58d543fcbf54a7590a6f101ceeb563e2ee7c8d870495ebcf7b34f07dda547d75545940a19fa7b866c9bd691400cc58808c9adb26f4e0882ab58d7e32daaa92eba6a09d03f0ebf090f59eaa486f52665db78fcb391b3dba2d9a93a97315e555e42bc6758b5f3a1e4fa3d654dcf44f0bebcce2ec7062ed225491807024060892c19982fa986da5ab31d282ada4e1b155ce28455caf837e2c31b8b345d38dccc7ab5b026a91a60817a41d82b63586b0eea1d9ce5771bbae0dc8560c9eb43d147d57a9a8d54730fc9041c94a564ee7ce439f848bea776bcaeb85327d14f4588e568f674f9cee75ee369e26ba92332804d85caec5b0a53804d96519c2e022aae8f73ea6c210202742e3d4ea8b9aee2058d9bfa89ea941381979187321d0d72a39b231b8eb6f6977e754ec9680f04a40e061e5b571b0d3c906f1e25346dc12a649a1435d2f8116688b6fc558a3118052d7adb457a8bbc2b70427359fd79ed299d5b84ea8f309e7afc13449b1033ba688b1b5dc06460b0d1d01cdcab9326712c4abf0bf97ef24a2f15581b779f7e418cac4185b4a5eb1fb6c5d8b2049441e077b3ea36ae680d97b422dc3b69df047ba8f10de51f810481cc115cedb10ff797de40a715ad183a48870eab45e72eec2d6ac9f6ce561e22df8c4cdf9e8a8a055eb219dff0323dbbb53cd84caccc984b0f3ca5ee3ca6eb1cfcb1f5078652e8c8a133b87febb9f06f7ad6863559ad42f09d02fe772a51a2cc4b00daebbe5506ddd67ad3a2b9b695aa300f3d99a15d560baa2eb4cd5bb1db80c34dbfc07c817b7de42901073be369117670beaf030793c3d613ea7dabed5de96c807d4e4073fca33e85d26b2058a9aa47a175e5d31a5aff48c87fcb7a6ca367a0d7d9b91b07da28115fa0526093646e8aab5d6689687234768df1d2c7c5a721618827a803744f82abfc25db0befce762a1e75dee80bef38c8e59e29c5af9b2b9f4b9fd5b5d4a47635da0e5f509176d9ca756e06571b164db6dcdeff53e3cbef40776923e46dee312c9de3e6106675c7a9b9e70fecb6b5544379d766b28497f8b3ed2f9b583800e573ec0910a3ecdd84375d437f596e8e5c210c42a29d889f677b25c762baba772e447e5ac3e1c4ef074f4ad9ef08430a7bcc535f0d9af2654d20ecadf5fcd92ea54123142dc3c0abaa68123129a2d82a9ea0647696c2183e736506ce54f09f35a5fe74936e58181e5febd0beaa8cf93dab8544136e55aa433dbdd949076d15375871fc63a2e70913a9ff2f4d18828306dedc1f65cebdb7ae61ab1b1a6b8bbdd6435edb2816089acdb897ea4f23fd9da55797c966f110766b7aa1aa50e938d585dc626631130444e029a69b6ee470d6185edec0e55c2fb50237bb9a924ab1fa31977a019bdaf8c2d6160e55cf749b83dc3fbdd8ef69aac651858e7f8299048108a5dc07641e152a822fbce6c95b05373c8c9e74e9ee2034f15f4058aa21306956163a61b3585fb5c2e7fe79d10d49d9a6a4890e75192a0ff7ce938c1a68798258593dd6235f4fd8ae2a79f9295ac295143de1e71140c4aeeda86c5d19b77c9ba0cbd268e46240c287b949fb3c17f2338fd2b8ecfbcdb00ae46960c6bc6d0f93c7141658f6cd14fb44733ceb62fa54c310e18736b9cf54b289d6e7beefc999fdf0fb07dd1691a226d924d259ca2d732f81ac573948c3f366842a3905389f97fa30e3ed7a348759ba10b32c1790340383d4cea4e231bb8fb7bc8101704489ec4afe29be8f2355ff84238ce309012ba3342ea8256be463a0aff437ae360dd2f8db06882be3a3eb49794c7ba3f45e7aa4f3b9c18b7a2129cda046217b5ccc8f3fa9ad7256acd44a8fa70ebbd4be5ef13c56a71cf30961174c2b95035f57adb57b380ac3326cf4858fafc791787a9c072f2ee69bd3154ce5d3d7d1620799948182c38a9819eb07b53d923314f5afdc73160ae7c1d8151b81eae02a02ef015df6c27961d44103b0dd92af1223a43aa5b4b00a1f8367756691bf8a38756feae15fc373785214ab548d80006cf1e918d88291c48ca16f7e63e8b9e09a4e3b90becacca8c57020faa7a0ec11c66ffae7bfc588d5a5c627f0e89a21acf7de8c751f0d594aec46bb088518c4a351aba05e88d71cf329ca39244dd11dade5cea7fd648cd979778d735d71ecfe6e589c21ed59fb609e32ae5182e4c461a4e3ee25f4ed87402ac02c37cc9d357eadd9ecbcea313d5548088c334c09040f81eeca5666f900eb7dee212e9ee469ea1231a3692edc39395767c8ac11d6af5bd13546110b13908827c4b2a33723520065f78e48d0f4a9c8cf50191d03d937fa2ef1836dafc10cdc7c1122238b7d6b37bdd8287cb01ea7d0691dfae2b62ceadd8a6da5bfcea31f4708534d698ac4a66a6db4b26e9945a3e4e7b15a4925ec292c7da8c95f02d0552e32906f1a53d0b4ab3199d43967b8b10e5c7b7e6d1cc857abc08b2726b754bf595fe9bc2f2ece0d85762034c9ef7f63d06a2c637d74c7e9cb5e8a396a801822c50dee21a74fb5f007e6c2c828622ae7ac5b25dec6cc117553828891915a7cf1e5a1821018860a4e8e82581ff5b638f10b14f9650e69882ced2b2eeb6cf1741d885371c71b5691f888230ec1c36792ac351a16139d02f28509de59dfd966f1d5144fdf83bc500d1028985cd94a6f75b88441f9503cd450e102468772db156034437631a6c5e15e58ef08eac631cca10d538389142b9492b986dcc127802a6589dfeb3c5067d74bac8aa52bd6204bc5c23e2da42652b660987e3bdfcc5c031ad8676f7fcb4550eb29cb6f92ae692b85f6501604687425d5bba4d53478e5975e7b2a6020cc821dea5b06bde42f61dc7c04b968e3413185b08d87cdeb802fab4f32e748cc311ec1f257ea384073524312b9f751bf4d901b287fe09224fe68d72ce78071db46c96e6cfd9719e28389511ff5c78b67ba10f1203beb7650e48514b3823bf76ba47d83725cc03ed6df39f5c88100b22daaeb6937af967df1a6cf37e46c15bc9799611efff0f3627a7bcd2352626356fe210691146ec50c8672de27e6c5e3546e212cca09cf8eec33345d0c42c58c5c0264e2cee55ddacdc3413d3acd8c7b31a4a7a3000e7ccbc8702a465c53aed147a3e8723e86a77dbfeb3ce133ec5dea02e0475d860870fe75ba289d40ace397c7888cdf1e88d548bce3004e2a286262713827f3e1811d797cfdb138f44f3ee4485b0372af08c7d57463a3fe04ebc30d1cb64cdbf63c1afb3c705a19655f342a989315570afb2ed582f19f86329830ec87b0c99160cfd3a17a766e6611882b440be0385381c618ce1231194ade007945b14786d8ef0eb5b20bbb2ac3f47883fc586ad929356d4dab5a78315f42189d9eeed3c4faa1593f8669462a18ea1f90c74b8b5e65828443737c040bc63a254813f56716b710df92f12d2c8c290728f1dadcc96c8ab4e6e6fabdc7a035c129db18fe131dcb84b77d70e98f86a8cfd702a6815541ba9595085b15984991482177fea0cb60388f4ebf3fca8935ac56fc609fe3531d1bbe671ac785e8953dfd74f059d96e4e7e2d7777de237314ccef277be5fb8563cc96ab17fa3a947ddb9e7e2f1a20a8b2eace4b836cf14a83efc3d729f0a14319034c9eba46cb08dc6d343dc6a3aa63d8764224b69e68216abb0c28f856e0f024ef672c74a8e5f35c05c49cb29b64c862564ddcccd6b241a2f5c6d2c9e23902891c896c8673ad9bdac613375fccc88979ab2b9d5775fbcdda7471fc1fef4e3c73d0131139c1bb67bef145d1a002a28244bcd2802b5d660f8d5cd63ffcd37baf8817d75ccb194201a190ec8954f9468136f00d01b725d18cf1960e522a8d36990e76f3245deb72905ece9d2bfcbf3e2ac650aa96887ac581557cf3ba94ceecd1d1f15cee13cbc64d675d931cefc4fe048fe7158df5f70aba45a180b2f15c5c3e510d537b4235a174a04f8a7ba2bd9aa33873cb1366d06a54eada3f4d4f66be091af17165c933582e3bc7cc11c12cd0e8a09f0bbd9d2000e3961d1a17d58e2c3732f70f276d6371687f94d37e8b698f18e4167084a5e196972c4044f370faf6784b115f15a2314a563fb7d189efd69875ee7f489457c2f407a530155761f86fdde074a64a62ea778b440d1cb2e897a017cde4aff6c2b44819ddc0897115abf2eae5d672eb4e4d8e8f5a6b6d4f85ae2b028867168d0ec6d46cd5a6196085ad542fba7c6d4abd019e12ec43be9be11960fb83afc022bac7319ca948de2df3383a9c9048e4ee0a047ed1579fa23bce9a35f388e2d0ffef30e842666e7684f7cc8e6a9f34ce0c88a3beaae016cb5bdbff7f69f9e5c4c0fc2bc5281d60268d123402dc5dde08d37e8c78b3e6330ba73bf0221e319a4020a593cc8dca82c43cb1a48ffe045f0626851318961193921a61aeec7aa5606e770590d696255ecc4f6486fef2e58ab1887ed0860472cace640d91a3b953096ce272938bce46038efb7a811", @typed={0xc, 0x141, 0x0, 0x0, @u64}, @typed={0x8, 0x128, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x117, 0x105, 0x0, 0x1, [@typed={0x8, 0x1a, 0x0, 0x0, @uid=r9}, @typed={0x5, 0x26b2, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0xd1}, @nested={0x4, 0x74}, @typed={0x4, 0x12a}, @nested={0x4, 0x1d}, @typed={0xc, 0xba, 0x0, 0x0, @u64=0xfffffffffffffffa}, @nested={0x4, 0x2}, @generic="0e9eda07628c1f41f9e8853ec7bd123eb5d9fa3f1bfa90fd529ecfc1d8fcd6e47a2569366cded4d8808eba0aca70586e5bfca6efcff2a2766a09e2858e93570eea2181dcacbaabeaac47f2615dac1b796122540285b79ba3084e8ab32ec0661ed7ef1436a27439f2f4359f6b05a338b7729deb17e98f27beb67b9b706263fd3e46495de4702f2af76903955710c56cee956ab2e0dca349f2377a61b6004b407ef58304f619d1c274271207caf48342375a40138563b3713c98b9d83ce3c900cb12760301a2370a055dc5e174dc9ff6e679b8d554d3a5cc21511ed4e62ed9e183ffcb37"]}, @nested={0x8, 0xd2, 0x0, 0x1, [@nested={0x4, 0xa9}]}]}, 0x1148}, 0x1, 0x0, 0x0, 0x40880}, 0x1)

144.827016ms ago: executing program 2 (id=3466):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0x0, 0x5}, 0x8)

81.32092ms ago: executing program 1 (id=3467):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7000000002060500000000000000000000000000120003006269746d61703a69702c6d6163000000050004000000000009000200f3797a3000000000240007800c0002800800014000008e020c0001800800014000000000080008400000001005000500020000000500010006"], 0x70}}, 0x20014880)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x64, 0x30, 0x1, 0x8000000, 0x3, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x10001, 0x69, 0x6, 0x1, 0xd817}, 0x2}}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x64}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c00000010003b170000fed9d8e6492500000000", @ANYRES32=0x0, @ANYBLOB="00000000008000002c0012800b00010062726964676500001c0002800c002100ffffffffffffffff0c0022000104080000000000"], 0x4c}}, 0x80)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.52561ms ago: executing program 4 (id=3468):
socket$nl_route(0x10, 0x3, 0x0)

2.806676ms ago: executing program 2 (id=3469):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@map_idx_val={0x18, 0xa, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0xb02}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400002007060108000000000014b052c1984410b8ad4c2876221648"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)

1.733854ms ago: executing program 0 (id=3470):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000ff070000000000000300000018110000", @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpu.stat\x00', 0x26e1, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000000980)=ANY=[@ANYBLOB="c97e0cf8f013d75aa0e8408c24b9131bcb6de991937357938cbbf1e898432ac9f2f7fee00131447262273640b9a3ab0a7fbe5db06551b9ae8ebe2ee87aa06df74560203ee7e00b800974c4d438da3516d3804bfca2d57e6327da1131edcdecb23cf16aada0bbc313b7f7642d57975bb8d6851fcd99f51d26a450c0fec3c9ac77c3cb18e82f0beea41381680ab3fde87f433725294dce89482d9b392e13a23a5f2fb0b2cf250c011a4f462d376f338ac7dc9ba4233e4ccb05dc86c7c7351d95be17e638dccb6aa192f2642921ec2f81564e8438d7fbf11535a49979b8e6913f3d6a5379ae9c947c037f9e0c71a7779536f4c40985e04280f59c52bbdd69f6746469c0586d79064215a32522e7b4283f7fe7da70900f052d1c862ac53a6a3962839b9007030244ae95a1ebef35e8fffe03af5b1769b7d7e106833729765ebc26762bab2a41f9a1a71782b16cc4ac39a3a081257232f67dad905cbab93457af7cb3b5906f5287505fabc405cc68f061201e82c12bf81ee6baad", @ANYBLOB="8433fac3dbf9da36b5218cacb945157fc3e180a2c99c2631ca63f8d0b2113dadc1c182d189be69b23f9114dfb1b67396bf9add45987fd5c80bdf28b3df0e36d7425cc3a0436d0681781a448a733e04d1111324e25949522164b6cb0bc9f96eb42256e3d03f032b06266af1e231231494913ab482a23f43418deee384a92fc1a2edd08e9cc85dbc6d0ac0d9a17432b5d11873799eebea7d2166f8eaa30f7db3607ed4a83be9c8b78c34959d982157a858f90e941a048397dd81391df564b961fd9a3c2f961b617279b4bf10fd406966fe56b091c95bcaa44bc7cb06103f71a057eacb7b299ebb03ac6a21a69380aaf86bb2c192c52dc647", @ANYBLOB="010029bd7000fddbdf25010000000800030007000000080004000400000005000500030000000500060001000000"], 0x34}, 0x1, 0x4000000000000000, 0x0, 0x882}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="10000000000004583e6d56aa5d1908000300", @ANYRES32=r4, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000000000080026006c090000"], 0x44}}, 0x8080)
sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x3000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000000180), 0x0, 0x24004441)
syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff)
r5 = socket(0x2, 0x80805, 0x0)
ioctl$SIOCX25GSUBSCRIP(r5, 0x89e0, &(0x7f0000000000)={'rose0\x00', 0x0, 0xfffffffd})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.swap.current\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000)=0xfffffffffffffffc, 0x10)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvfrom(r7, 0x0, 0x4f, 0x40002021, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

0s ago: executing program 1 (id=3471):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc00feff000000008000f0fffeffe809005300fff5dd00000010000100040c100000000000224e0000", 0x58}], 0x1)

kernel console output (not intermixed with test programs):

 set
[  247.238500][T13645] netlink: 'syz.1.2189': attribute type 5 has an invalid length.
[  247.293173][T13640] bond2 (unregistering): Released all slaves
[  247.406695][T13644] lo speed is unknown, defaulting to 1000
[  248.249925][T13678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.900227][T13684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  250.903876][T13680] __nla_validate_parse: 2 callbacks suppressed
[  250.903893][T13680] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2198'.
[  250.952026][T13685] netlink: 'syz.2.2199': attribute type 5 has an invalid length.
[  250.964976][T13680] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2198'.
[  250.975928][T13685] netlink: 'syz.2.2199': attribute type 3 has an invalid length.
[  250.993904][T13685] netlink: 'syz.2.2199': attribute type 4 has an invalid length.
[  251.014199][T13685] netlink: 'syz.2.2199': attribute type 9 has an invalid length.
[  251.035862][T13685] netlink: 'syz.2.2199': attribute type 2 has an invalid length.
[  251.053860][T13685] netlink: 'syz.2.2199': attribute type 9 has an invalid length.
[  251.064749][T13685] netlink: 'syz.2.2199': attribute type 6 has an invalid length.
[  251.073328][T13680] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2198'.
[  251.086032][T13684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.104134][T13692] bond0: Device is already in use.
[  251.196936][T13698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2204'.
[  251.274285][T13708] netlink: 'syz.2.2208': attribute type 4 has an invalid length.
[  251.939064][T13736] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  252.154157][T13746] vlan2: entered promiscuous mode
[  252.251068][T13750] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2219'.
[  252.400276][T13752] lo speed is unknown, defaulting to 1000
[  252.484965][T13756] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2222'.
[  253.284410][T13766] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2224'.
[  254.053695][T13791] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  254.221643][T13798] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  254.250660][T13801] syzkaller0: entered promiscuous mode
[  254.258611][T13801] syzkaller0: entered allmulticast mode
[  254.340835][T13805] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2233'.
[  254.570195][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2237'.
[  254.609585][T13813] team1: entered promiscuous mode
[  254.615554][T13813] team1: entered allmulticast mode
[  254.626240][T13813] 8021q: adding VLAN 0 to HW filter on device team1
[  254.694208][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2237'.
[  254.760214][T13823] syz.2.2236 (13823) used obsolete PPPIOCDETACH ioctl
[  254.875134][T13813] team2: entered promiscuous mode
[  254.902190][T13813] team2: entered allmulticast mode
[  254.931871][T13813] 8021q: adding VLAN 0 to HW filter on device team2
[  254.969808][T13824] team0: Failed to send options change via netlink (err -105)
[  254.978199][T13833] netlink: 'syz.3.2241': attribute type 1 has an invalid length.
[  254.985979][T13824] team0: Mode changed to "activebackup"
[  255.098123][T13834] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  255.110246][T13833] lo speed is unknown, defaulting to 1000
[  255.697648][T13853] geneve2: entered promiscuous mode
[  255.756311][   T10] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  255.845274][T13863] netlink: 'syz.3.2251': attribute type 1 has an invalid length.
[  255.896614][ T5905] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  255.915485][T13868] __nla_validate_parse: 3 callbacks suppressed
[  255.915503][T13868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2251'.
[  255.933220][T13870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2253'.
[  255.954658][T13870] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2253'.
[  256.086177][   T10] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  256.103279][T13876] can: request_module (can-proto-0) failed.
[  256.109547][ T8308] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  256.156386][T13865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2253'.
[  256.198108][T13883] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2256'.
[  256.326051][T13888] netlink: 'syz.4.2257': attribute type 1 has an invalid length.
[  256.333916][T13888] netlink: 'syz.4.2257': attribute type 1 has an invalid length.
[  256.367642][T13888] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2257'.
[  256.534522][T13891] syzkaller1: entered allmulticast mode
[  256.926413][  T918] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  257.180226][ T1010] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  257.195887][ T1010] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  257.252449][T13895] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2259'.
[  257.501801][T13905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2261'.
[  257.837084][T13923] wg1: entered promiscuous mode
[  257.841999][T13923] wg1: entered allmulticast mode
[  258.046322][   T10] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  258.192135][T13936] lo speed is unknown, defaulting to 1000
[  258.329223][T13949] netlink: 576 bytes leftover after parsing attributes in process `syz.0.2273'.
[  258.439153][T13951] xt_cgroup: xt_cgroup: no path or classid specified
[  258.727865][T13964] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2276'.
[  259.166593][T13992] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  259.167162][T13984] lo speed is unknown, defaulting to 1000
[  259.384183][T14005] netlink: 'syz.4.2291': attribute type 21 has an invalid length.
[  259.435455][T14001] lo speed is unknown, defaulting to 1000
[  259.600157][T14015] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  259.639962][T14017] atomic_op ffff8880329d0998 conn xmit_atomic 0000000000000000
[  259.921959][T13984] lo speed is unknown, defaulting to 1000
[  260.946287][T14057] netlink: 'syz.3.2306': attribute type 11 has an invalid length.
[  260.968690][T14057] __nla_validate_parse: 6 callbacks suppressed
[  260.968708][T14057] netlink: 199828 bytes leftover after parsing attributes in process `syz.3.2306'.
[  261.005841][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  261.324979][T14075] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2313'.
[  261.443991][T14080] dvmrp0: entered allmulticast mode
[  261.487561][T14091] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  261.504102][T14091] tipc: Enabled bearer <udp:syz0>, priority 10
[  261.548113][T14084] lo speed is unknown, defaulting to 1000
[  261.588445][T14095] netlink: 'syz.1.2317': attribute type 83 has an invalid length.
[  261.642753][T14087] syzkaller1: entered allmulticast mode
[  262.036061][T14099] lo speed is unknown, defaulting to 1000
[  262.046561][T14106] lo speed is unknown, defaulting to 1000
[  262.604709][T14139] netlink: 'syz.4.2328': attribute type 10 has an invalid length.
[  262.631575][ T5905] tipc: Node number set to 3837696261
[  262.669530][T14139] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  262.774949][T14147] netlink: 'syz.2.2330': attribute type 11 has an invalid length.
[  262.803273][T14147] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2330'.
[  262.877287][T14156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2335'.
[  262.904436][T14156] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.101884][T14167] netlink: 'syz.4.2337': attribute type 11 has an invalid length.
[  263.137017][T14156] bond0 (unregistering): Released all slaves
[  263.265430][T14173] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2339'.
[  263.471772][T14188] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2343'.
[  263.740423][T14198] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2344'.
[  263.800994][T14203] macsec0: entered allmulticast mode
[  263.813267][T14203] dummy0: entered allmulticast mode
[  263.828848][T14203] dummy0: left allmulticast mode
[  263.975992][T14222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2349'.
[  264.074279][T14227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2352'.
[  264.188361][T14227] syzkaller0: entered promiscuous mode
[  264.194326][T14227] syzkaller0: entered allmulticast mode
[  264.552994][T14241] x_tables: duplicate underflow at hook 1
[  265.327015][T14266] openvswitch: netlink: Key type 30 is not supported
[  265.344015][T14265] openvswitch: netlink: Key type 30 is not supported
[  265.345016][T14267] netlink: 'syz.1.2361': attribute type 11 has an invalid length.
[  265.353786][T14268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'.
[  265.759257][T14290] netlink: 'syz.0.2371': attribute type 1 has an invalid length.
[  266.385232][T14314] __nla_validate_parse: 4 callbacks suppressed
[  266.385250][T14314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2377'.
[  266.566445][T14321] netlink: 'syz.0.2381': attribute type 4 has an invalid length.
[  266.584604][T14322] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  266.620028][T14323] netlink: 'syz.0.2381': attribute type 4 has an invalid length.
[  266.897672][T14338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'.
[  267.143107][T14341] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2386'.
[  268.139989][T14357] netlink: 'syz.0.2390': attribute type 13 has an invalid length.
[  268.351277][T14373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2393'.
[  268.513866][T14378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2395'.
[  268.575689][T14385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2395'.
[  268.633717][T14388] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2399'.
[  268.644626][T14388] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  268.860664][T14393] FAULT_INJECTION: forcing a failure.
[  268.860664][T14393] name failslab, interval 1, probability 0, space 0, times 0
[  268.882217][T14393] CPU: 0 UID: 0 PID: 14393 Comm: syz.4.2401 Not tainted syzkaller #0 PREEMPT(full) 
[  268.882244][T14393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  268.882275][T14393] Call Trace:
[  268.882283][T14393]  <TASK>
[  268.882291][T14393]  dump_stack_lvl+0xe8/0x150
[  268.882321][T14393]  should_fail_ex+0x414/0x560
[  268.882354][T14393]  should_failslab+0xa8/0x100
[  268.882380][T14393]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  268.882409][T14393]  ? __alloc_skb+0x198/0x3b0
[  268.882429][T14393]  ? __alloc_skb+0x1dc/0x3b0
[  268.882447][T14393]  ? __local_bh_enable_ip+0xd0/0x130
[  268.882469][T14393]  ? __alloc_skb+0x198/0x3b0
[  268.882488][T14393]  __alloc_skb+0x1dc/0x3b0
[  268.882511][T14393]  netlink_sendmsg+0x5c6/0xb30
[  268.882546][T14393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.882575][T14393]  ? aa_sock_msg_perm+0xf1/0x1b0
[  268.882599][T14393]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  268.882617][T14393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.882642][T14393]  __sock_sendmsg+0x21c/0x270
[  268.882673][T14393]  ____sys_sendmsg+0x505/0x820
[  268.882701][T14393]  ? __pfx_____sys_sendmsg+0x10/0x10
[  268.882733][T14393]  ? import_iovec+0x74/0xa0
[  268.882758][T14393]  ___sys_sendmsg+0x21f/0x2a0
[  268.882782][T14393]  ? __pfx____sys_sendmsg+0x10/0x10
[  268.882837][T14393]  ? __fget_files+0x2a/0x420
[  268.882860][T14393]  ? __fget_files+0x3a0/0x420
[  268.882891][T14393]  __x64_sys_sendmsg+0x19b/0x260
[  268.882918][T14393]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  268.882950][T14393]  ? __pfx_ksys_write+0x10/0x10
[  268.882980][T14393]  do_syscall_64+0xec/0xf80
[  268.883003][T14393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.883020][T14393]  ? trace_irq_disable+0x37/0x100
[  268.883044][T14393]  ? clear_bhb_loop+0x60/0xb0
[  268.883066][T14393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.883084][T14393] RIP: 0033:0x7f469878f749
[  268.883101][T14393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.883118][T14393] RSP: 002b:00007f46995ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.883139][T14393] RAX: ffffffffffffffda RBX: 00007f46989e5fa0 RCX: 00007f469878f749
[  268.883153][T14393] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000007
[  268.883164][T14393] RBP: 00007f46995ff090 R08: 0000000000000000 R09: 0000000000000000
[  268.883176][T14393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.883187][T14393] R13: 00007f46989e6038 R14: 00007f46989e5fa0 R15: 00007ffe0adb28b8
[  268.883216][T14393]  </TASK>
[  269.133882][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  269.287248][T14406] netlink: 'syz.0.2404': attribute type 21 has an invalid length.
[  269.295098][T14406] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2404'.
[  269.321487][T14406] netlink: 'syz.0.2404': attribute type 5 has an invalid length.
[  269.336901][T14406] netlink: 'syz.0.2404': attribute type 6 has an invalid length.
[  269.344857][T14406] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2404'.
[  269.470186][T14415] netlink: 207952 bytes leftover after parsing attributes in process `syz.1.2406'.
[  269.512154][T14419] netlink: 'syz.3.2408': attribute type 1 has an invalid length.
[  269.598158][T14425] netlink: 'syz.1.2409': attribute type 3 has an invalid length.
[  269.804409][T14432] pim6reg: entered allmulticast mode
[  270.027586][T14443] FAULT_INJECTION: forcing a failure.
[  270.027586][T14443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.056166][T14443] CPU: 1 UID: 0 PID: 14443 Comm: syz.1.2415 Not tainted syzkaller #0 PREEMPT(full) 
[  270.056190][T14443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  270.056201][T14443] Call Trace:
[  270.056209][T14443]  <TASK>
[  270.056217][T14443]  dump_stack_lvl+0xe8/0x150
[  270.056247][T14443]  should_fail_ex+0x414/0x560
[  270.056280][T14443]  _copy_from_iter+0x1cd/0x1630
[  270.056313][T14443]  ? __pfx__copy_from_iter+0x10/0x10
[  270.056334][T14443]  ? __build_skb_around+0x22d/0x3c0
[  270.056358][T14443]  ? __alloc_skb+0x198/0x3b0
[  270.056378][T14443]  ? netlink_sendmsg+0x642/0xb30
[  270.056402][T14443]  ? skb_put+0x11b/0x210
[  270.056427][T14443]  netlink_sendmsg+0x6b2/0xb30
[  270.056464][T14443]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.056493][T14443]  ? aa_sock_msg_perm+0xf1/0x1b0
[  270.056518][T14443]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  270.056536][T14443]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.056561][T14443]  __sock_sendmsg+0x21c/0x270
[  270.056594][T14443]  ____sys_sendmsg+0x505/0x820
[  270.056624][T14443]  ? __pfx_____sys_sendmsg+0x10/0x10
[  270.056656][T14443]  ? import_iovec+0x74/0xa0
[  270.056682][T14443]  ___sys_sendmsg+0x21f/0x2a0
[  270.056709][T14443]  ? __pfx____sys_sendmsg+0x10/0x10
[  270.056767][T14443]  ? __fget_files+0x2a/0x420
[  270.056790][T14443]  ? __fget_files+0x3a0/0x420
[  270.056823][T14443]  __x64_sys_sendmsg+0x19b/0x260
[  270.056850][T14443]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  270.056882][T14443]  ? __pfx_ksys_write+0x10/0x10
[  270.056911][T14443]  do_syscall_64+0xec/0xf80
[  270.056933][T14443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.056952][T14443]  ? trace_irq_disable+0x37/0x100
[  270.056976][T14443]  ? clear_bhb_loop+0x60/0xb0
[  270.056999][T14443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.057018][T14443] RIP: 0033:0x7fd89498f749
[  270.057036][T14443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.057053][T14443] RSP: 002b:00007fd89579d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  270.057075][T14443] RAX: ffffffffffffffda RBX: 00007fd894be5fa0 RCX: 00007fd89498f749
[  270.057090][T14443] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000007
[  270.057103][T14443] RBP: 00007fd89579d090 R08: 0000000000000000 R09: 0000000000000000
[  270.057115][T14443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.057133][T14443] R13: 00007fd894be6038 R14: 00007fd894be5fa0 R15: 00007ffe5c90e268
[  270.057165][T14443]  </TASK>
[  270.477721][T14460] pim6reg1: entered promiscuous mode
[  270.483164][T14460] pim6reg1: entered allmulticast mode
[  270.799426][T14482] netlink: 'syz.1.2423': attribute type 11 has an invalid length.
[  271.000983][T14490] syzkaller1: entered allmulticast mode
[  271.169766][T14493] lo speed is unknown, defaulting to 1000
[  271.399243][T14500] bond2: option packets_per_slave: invalid value (1048582)
[  271.407096][T14500] bond2: option packets_per_slave: allowed values 0 - 65535
[  271.418033][T14500] bond2 (unregistering): Released all slaves
[  271.636943][T14521] __nla_validate_parse: 7 callbacks suppressed
[  271.636961][T14521] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2434'.
[  271.779714][T14532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2435'.
[  271.839591][T14537] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2436'.
[  271.851514][T14530] wg1: left promiscuous mode
[  271.857341][T14530] wg1: left allmulticast mode
[  271.863460][T14530] bridge_slave_0: left promiscuous mode
[  271.869213][T14530] bridge_slave_0: left allmulticast mode
[  271.879974][T14530] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  271.888549][T14530] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  271.898580][T14530] gtp0: left promiscuous mode
[  271.903272][T14530] gtp0: left allmulticast mode
[  271.911015][T14530] macvlan2: left promiscuous mode
[  271.916231][T14530] macvlan2: left allmulticast mode
[  271.922968][T14530] veth9: left allmulticast mode
[  271.928572][T14530] veth11: left allmulticast mode
[  272.287162][T14553] vlan2: entered promiscuous mode
[  272.541033][T14559] tipc: Cannot configure node identity twice
[  272.548025][T14559] tipc: Cannot configure node identity twice
[  272.846153][T14578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2450'.
[  273.432845][T14605] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2460'.
[  273.458935][T14606] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2460'.
[  273.490290][T14609] lo speed is unknown, defaulting to 1000
[  273.518038][T14610] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2461'.
[  273.540691][T14610] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2461'.
[  273.592635][T14615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2462'.
[  273.694982][T14618] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2463'.
[  273.719346][T14618] netlink: 'syz.3.2463': attribute type 2 has an invalid length.
[  274.196709][T14646] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  274.560466][T14658] bridge5: entered allmulticast mode
[  275.108015][T14682] x_tables: duplicate underflow at hook 3
[  276.583598][T14753] bridge3: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  276.668812][T14758] tipc: Can't bind to reserved service type 0
[  276.690260][T14758] __nla_validate_parse: 9 callbacks suppressed
[  276.690277][T14758] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2503'.
[  276.786382][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'.
[  277.245954][T14792] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2508'.
[  277.298460][T14796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2508'.
[  277.359715][T14800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2514'.
[  277.385860][T14801] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2508'.
[  277.395187][T14800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2514'.
[  277.410309][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2513'.
[  277.421267][T14798] netlink: 'syz.3.2513': attribute type 11 has an invalid length.
[  277.639668][T14814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2516'.
[  277.650005][T14814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2516'.
[  278.455523][T14866] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  278.578196][T14872] netlink: 'syz.4.2533': attribute type 29 has an invalid length.
[  278.674580][T14881] 8021q: adding VLAN 0 to HW filter on device bond4
[  278.712010][T14873] bond4: option mode: unable to set because the bond device is up
[  278.910738][T14901] netlink: 'syz.1.2537': attribute type 9 has an invalid length.
[  279.061225][   T39] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  279.979375][T14938] IPVS: Scheduler module ip_vs_ not found
[  280.125908][   T39] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  280.249884][T14965] netlink: 'syz.2.2554': attribute type 5 has an invalid length.
[  280.396845][T14975] bond0: (slave geneve3): Enslaving as an active interface with an up link
[  280.491541][T14975] veth0_to_bridge: entered promiscuous mode
[  280.514490][T14970] lo speed is unknown, defaulting to 1000
[  280.525188][T14985] netlink: 'syz.1.2558': attribute type 11 has an invalid length.
[  280.551776][T14975] bond0 (unregistering): (slave geneve3): Releasing backup interface
[  280.589815][T14975] bond0 (unregistering): Released all slaves
[  280.756991][T14969] veth0_to_bridge: left promiscuous mode
[  281.158285][T15013] pim6reg: entered allmulticast mode
[  281.172921][T15013] pim6reg: left allmulticast mode
[  281.291989][T15018] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  281.315427][T15018] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  281.437134][T15025] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  281.460313][T15025] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  281.481765][T15028] netlink: 'syz.3.2572': attribute type 1 has an invalid length.
[  281.588163][T15028] 8021q: adding VLAN 0 to HW filter on device bond0
[  281.710544][T15043] macvlan0: entered promiscuous mode
[  281.722513][T15043] macvlan0: entered allmulticast mode
[  281.756204][T15043] bond0: entered allmulticast mode
[  281.782893][T15043] bond0: entered promiscuous mode
[  281.807143][T15043] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  281.847630][T15043] team0: Port device macvlan0 added
[  281.863651][T15048] tipc: Enabled bearer <eth:gre0>, priority 10
[  282.158477][T15071] __nla_validate_parse: 19 callbacks suppressed
[  282.158496][T15071] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2584'.
[  282.237040][T15080] syzkaller1: entered allmulticast mode
[  282.292311][T15081] netlink: 'syz.0.2586': attribute type 11 has an invalid length.
[  282.713490][T15114] FAULT_INJECTION: forcing a failure.
[  282.713490][T15114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.737672][T15114] CPU: 0 UID: 0 PID: 15114 Comm: syz.3.2598 Not tainted syzkaller #0 PREEMPT(full) 
[  282.737698][T15114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  282.737710][T15114] Call Trace:
[  282.737718][T15114]  <TASK>
[  282.737726][T15114]  dump_stack_lvl+0xe8/0x150
[  282.737753][T15114]  should_fail_ex+0x414/0x560
[  282.737795][T15114]  _copy_from_iter+0x1cd/0x1630
[  282.737828][T15114]  ? __pfx__copy_from_iter+0x10/0x10
[  282.737850][T15114]  ? __build_skb_around+0x22d/0x3c0
[  282.737871][T15114]  ? __alloc_skb+0x198/0x3b0
[  282.737889][T15114]  ? netlink_sendmsg+0x642/0xb30
[  282.737912][T15114]  ? skb_put+0x11b/0x210
[  282.737935][T15114]  netlink_sendmsg+0x6b2/0xb30
[  282.737968][T15114]  ? __pfx_netlink_sendmsg+0x10/0x10
[  282.737996][T15114]  ? aa_sock_msg_perm+0xf1/0x1b0
[  282.738022][T15114]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  282.738039][T15114]  ? __pfx_netlink_sendmsg+0x10/0x10
[  282.738064][T15114]  __sock_sendmsg+0x21c/0x270
[  282.738093][T15114]  ____sys_sendmsg+0x505/0x820
[  282.738121][T15114]  ? __pfx_____sys_sendmsg+0x10/0x10
[  282.738152][T15114]  ? import_iovec+0x74/0xa0
[  282.738176][T15114]  ___sys_sendmsg+0x21f/0x2a0
[  282.738202][T15114]  ? __pfx____sys_sendmsg+0x10/0x10
[  282.738260][T15114]  ? __fget_files+0x2a/0x420
[  282.738274][T15114]  ? __fget_files+0x3a0/0x420
[  282.738291][T15114]  __x64_sys_sendmsg+0x19b/0x260
[  282.738305][T15114]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  282.738323][T15114]  ? __pfx_ksys_write+0x10/0x10
[  282.738339][T15114]  do_syscall_64+0xec/0xf80
[  282.738351][T15114]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.738361][T15114]  ? trace_irq_disable+0x37/0x100
[  282.738374][T15114]  ? clear_bhb_loop+0x60/0xb0
[  282.738387][T15114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.738398][T15114] RIP: 0033:0x7fa05e18f749
[  282.738414][T15114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.738431][T15114] RSP: 002b:00007fa05f01a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  282.738450][T15114] RAX: ffffffffffffffda RBX: 00007fa05e3e6090 RCX: 00007fa05e18f749
[  282.738464][T15114] RDX: 0000000000000000 RSI: 0000200000000e40 RDI: 0000000000000004
[  282.738474][T15114] RBP: 00007fa05f01a090 R08: 0000000000000000 R09: 0000000000000000
[  282.738485][T15114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.738495][T15114] R13: 00007fa05e3e6128 R14: 00007fa05e3e6090 R15: 00007fffad3eb708
[  282.738523][T15114]  </TASK>
[  283.025403][T15117] syzkaller1: entered allmulticast mode
[  283.084597][T15119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2601'.
[  283.488746][T15147] lo speed is unknown, defaulting to 1000
[  283.596101][T15151] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2608'.
[  283.662587][T15157] lo speed is unknown, defaulting to 1000
[  283.691925][T15162] netlink: 16174 bytes leftover after parsing attributes in process `syz.2.2611'.
[  283.760068][T15171] sctp: [Deprecated]: syz.3.2612 (pid 15171) Use of struct sctp_assoc_value in delayed_ack socket option.
[  283.760068][T15171] Use struct sctp_sack_info instead
[  284.051177][T15173] syzkaller1: entered allmulticast mode
[  284.324517][ T5837] block nbd0: Receive control failed (result -104)
[  284.397978][T15193] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2618'.
[  284.475057][T15157] netlink: 'syz.3.2612': attribute type 2 has an invalid length.
[  284.524040][T15201] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2620'.
[  284.956159][T15225] netlink: 'syz.2.2628': attribute type 1 has an invalid length.
[  285.031188][T15225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2628'.
[  285.086404][T15233] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2632'.
[  285.473117][T15253] netlink: 'syz.4.2635': attribute type 6 has an invalid length.
[  285.521656][T15254] lo speed is unknown, defaulting to 1000
[  285.645925][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  285.712585][T15258] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  285.835066][T15262] bridge_slave_0: left allmulticast mode
[  285.859300][T15262] bridge_slave_0: left promiscuous mode
[  285.873237][T15262] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.883466][T15262] bridge_slave_1: left allmulticast mode
[  285.889517][T15262] bridge_slave_1: left promiscuous mode
[  285.897439][T15262] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.918721][T15262] bond0: (slave bond_slave_0): Releasing backup interface
[  285.937775][T15262] bond_slave_0: left promiscuous mode
[  285.955436][T15262] bond0: (slave bond_slave_1): Releasing backup interface
[  285.967211][T15262] bond_slave_1: left promiscuous mode
[  285.975173][T15262] `: Port device team_slave_0 removed
[  285.996786][T15262] `: Port device team_slave_1 removed
[  286.002658][T15262] batman_adv: batadv0: Removing interface: batadv_slave_0
[  286.011058][T15262] batman_adv: batadv0: Removing interface: batadv_slave_1
[  286.019121][T15262] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  286.091071][T15273] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  286.165254][T15276] netlink: 'syz.3.2642': attribute type 3 has an invalid length.
[  286.181065][T15275] netlink: 'syz.3.2642': attribute type 3 has an invalid length.
[  286.367554][T15282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2644'.
[  286.519737][T15296] Set syz0 is full, maxelem 0 reached
[  286.587634][T15296] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  286.891881][T15324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2653'.
[  287.442817][T15340] netlink: 'syz.4.2657': attribute type 6 has an invalid length.
[  288.149658][T15367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2665'.
[  288.202171][T15371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2666'.
[  288.435464][T15388] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2672'.
[  288.454485][T15388] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2672'.
[  288.586801][T15398] netlink: 'syz.3.2674': attribute type 23 has an invalid length.
[  288.641952][T15398] netlink: 'syz.3.2674': attribute type 23 has an invalid length.
[  288.674069][T15398] netlink: 'syz.3.2674': attribute type 23 has an invalid length.
[  288.702345][T15398] netlink: 'syz.3.2674': attribute type 23 has an invalid length.
[  289.021870][T15406] lo speed is unknown, defaulting to 1000
[  289.431744][T15421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2681'.
[  289.698558][T15431] IPVS: set_ctl: invalid protocol: 128 172.20.20.187:20000
[  289.736727][T15434] openvswitch: netlink: ct_state flags 010000e0 unsupported
[  289.762836][T15430] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2684'.
[  289.799339][T15430] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2684'.
[  290.415003][T15454] syzkaller0: entered promiscuous mode
[  290.423987][T15454] syzkaller0: entered allmulticast mode
[  290.570626][T15459] validate_nla: 58 callbacks suppressed
[  290.570645][T15459] netlink: 'syz.3.2696': attribute type 6 has an invalid length.
[  290.639097][T15462] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2695'.
[  290.747699][T15467] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.2698'.
[  291.007580][T15487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2701'.
[  291.117751][T15485] lo speed is unknown, defaulting to 1000
[  291.219672][T15492] netlink: 'syz.2.2703': attribute type 4 has an invalid length.
[  291.470170][T15504] lo speed is unknown, defaulting to 1000
[  291.941139][T15515] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  292.559149][   T30] audit: type=1800 audit(1768532627.779:7): pid=15556 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2718" name="blkio.bfq.time_recursive" dev="tmpfs" ino=2736 res=0 errno=0
[  292.656719][T15544] lo speed is unknown, defaulting to 1000
[  292.852642][T15565] IPv6: NLM_F_REPLACE set, but no existing node found!
[  292.882057][T15566] sit0: entered promiscuous mode
[  292.890212][T15565] xt_hashlimit: max too large, truncated to 1048576
[  292.899084][T15562] lo speed is unknown, defaulting to 1000
[  293.294510][T15582] lo speed is unknown, defaulting to 1000
[  293.319294][T15580] __nla_validate_parse: 6 callbacks suppressed
[  293.319312][T15580] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2726'.
[  293.414592][T15589] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2727'.
[  293.540148][T15596] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2730'.
[  293.549437][T15597] veth0_to_bridge: entered promiscuous mode
[  293.589953][T15596] lo speed is unknown, defaulting to 1000
[  293.672790][T15600] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2729'.
[  293.811837][T15598] lo speed is unknown, defaulting to 1000
[  293.860581][T15603] lo: Caught tx_queue_len zero misconfig
[  294.395128][T15593] veth0_to_bridge: left promiscuous mode
[  294.462119][T15622] xt_l2tp: v2 doesn't support IP mode
[  294.577307][T15627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2736'.
[  294.599328][T15627] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2736'.
[  294.647562][   T39] IPVS: starting estimator thread 0...
[  294.669389][T15622] lo speed is unknown, defaulting to 1000
[  294.755819][T15633] IPVS: using max 28 ests per chain, 67200 per kthread
[  294.763135][T15635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2736'.
[  295.584830][T15661] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  295.631572][T15660] tipc: Disabling bearer <eth:syzkaller0>
[  295.663473][T15659] lo speed is unknown, defaulting to 1000
[  295.713552][T15667] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2746'.
[  295.889272][T15673] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  296.029162][T15671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2749'.
[  296.056490][T15671] netlink: 'syz.2.2749': attribute type 13 has an invalid length.
[  296.110636][T15679] lo speed is unknown, defaulting to 1000
[  296.117902][T15673] tipc: Resetting bearer <eth:syzkaller0>
[  296.259877][T15686] bond7: option lacp_rate: invalid value (255)
[  296.268427][T15686] bond7 (unregistering): Released all slaves
[  296.321238][T15670] tipc: Disabling bearer <eth:syzkaller0>
[  296.560535][T15695] 8021q: adding VLAN 0 to HW filter on device bond2
[  296.574281][T15698] vlan0: entered allmulticast mode
[  296.619137][T15698] ip6gretap0: entered allmulticast mode
[  296.666277][T15702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2756'.
[  297.138172][T15728] ¾x9ÿ: renamed from bridge_slave_0
[  297.324865][T15725] lo speed is unknown, defaulting to 1000
[  298.479810][T15776] netlink: 'syz.2.2776': attribute type 13 has an invalid length.
[  298.528103][T15776] netlink: 'syz.2.2776': attribute type 17 has an invalid length.
[  298.650742][T15789] netlink: 'syz.1.2779': attribute type 5 has an invalid length.
[  298.663030][T15776] sit0: left promiscuous mode
[  298.757315][T15776] 8021q: adding VLAN 0 to HW filter on device team0
[  298.770462][T15776] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  298.796237][T15789] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2779'.
[  298.850852][T15782] lo speed is unknown, defaulting to 1000
[  298.943437][T15805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2782'.
[  299.007575][T15770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  299.171714][T15821] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2786'.
[  299.209202][T15823] netem: invalid attributes len -1
[  299.214643][T15823] netem: change failed
[  299.302656][T15825] lo speed is unknown, defaulting to 1000
[  299.314115][T15827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2789'.
[  299.337845][T15827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2789'.
[  299.930274][T15855] netem: change failed
[  299.935543][T15856] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2796'.
[  300.217691][T15869] netlink: 'syz.0.2801': attribute type 11 has an invalid length.
[  300.232282][T15863] netlink: 'syz.2.2797': attribute type 5 has an invalid length.
[  300.529427][T15882] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2806'.
[  300.547753][T15882] macsec0: entered promiscuous mode
[  300.553055][T15882] macsec0: entered allmulticast mode
[  301.073605][T15899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2814'.
[  301.379952][T15920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2820'.
[  301.537349][T15928] lo speed is unknown, defaulting to 1000
[  301.558806][T15913] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2818'.
[  302.060759][T15948] netlink: 'syz.2.2826': attribute type 1 has an invalid length.
[  302.114196][T15945] netlink: 'syz.1.2825': attribute type 4 has an invalid length.
[  302.284719][T15952] lo speed is unknown, defaulting to 1000
[  302.487342][T15965] netlink: 'syz.1.2832': attribute type 10 has an invalid length.
[  302.830630][T16000] syzkaller1: entered allmulticast mode
[  302.972944][T16007] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  302.981015][T16007] syzkaller0: entered promiscuous mode
[  302.987034][T16007] syzkaller0: entered allmulticast mode
[  303.010276][T16009] netlink: 'syz.4.2843': attribute type 11 has an invalid length.
[  303.027351][T16007] tipc: Resetting bearer <eth:syzkaller0>
[  303.037219][T16006] tipc: Resetting bearer <eth:syzkaller0>
[  303.055017][T16006] tipc: Disabling bearer <eth:syzkaller0>
[  303.065466][T16010] veth0: Caught tx_queue_len zero misconfig
[  303.126607][T16018] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  303.555141][T16042] netlink: 'syz.0.2853': attribute type 10 has an invalid length.
[  303.563845][T16042] batman_adv: batadv0: Removing interface: dummy0
[  303.573890][T16042] dummy0: entered promiscuous mode
[  303.588054][T16042] `: Port device dummy0 added
[  303.596751][T16042] netlink: 'syz.0.2853': attribute type 10 has an invalid length.
[  303.596971][T16044] netlink: 'syz.0.2853': attribute type 10 has an invalid length.
[  303.630530][T16042] `: Port device dummy0 removed
[  303.666820][T16042] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  303.829698][T16052] netlink: 'syz.2.2856': attribute type 1 has an invalid length.
[  303.875106][T16052] 8021q: adding VLAN 0 to HW filter on device bond3
[  303.880701][T16060] __nla_validate_parse: 11 callbacks suppressed
[  303.880783][T16060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2856'.
[  303.901814][T16061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2857'.
[  303.973450][T16059] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2859'.
[  303.998778][T16052] veth5: entered promiscuous mode
[  304.028694][T16052] bond3: (slave veth5): Enslaving as an active interface with a down link
[  304.037932][T16063] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2859'.
[  304.208383][T16069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2861'.
[  304.223215][T16069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2861'.
[  304.363273][T16080] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2864'.
[  304.488977][T16089] netlink: 'syz.0.2868': attribute type 11 has an invalid length.
[  304.556789][T16093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2870'.
[  304.681151][T16099] lo speed is unknown, defaulting to 1000
[  304.797343][T16104] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2872'.
[  304.851055][T16107] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2873'.
[  305.824574][T16115] netlink: 'syz.4.2876': attribute type 10 has an invalid length.
[  305.848945][T16115] veth0_vlan: left promiscuous mode
[  305.879860][T16115] veth0_vlan: entered promiscuous mode
[  305.906619][T16115] team0: Device veth0_vlan failed to register rx_handler
[  306.399001][T16155] netlink: 'syz.2.2889': attribute type 11 has an invalid length.
[  306.439060][T16157] syzkaller1: entered allmulticast mode
[  306.596298][T16161] openvswitch: netlink: Duplicate key (type 21).
[  307.615926][T16242] ip6_vti0: Caught tx_queue_len zero misconfig
[  307.805182][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  307.814992][T16253] syzkaller1: entered allmulticast mode
[  307.821699][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  307.830146][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  307.839533][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  307.847740][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  307.868529][ T5837] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  307.876984][ T5837] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  307.884618][ T5837] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  307.886152][T16249] nbd1: detected capacity change from 0 to 127
[  307.899417][ T5837] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  307.909952][ T5837] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  307.910624][   T52] block nbd1: Receive control failed (result -32)
[  307.964532][T16252] lo speed is unknown, defaulting to 1000
[  308.237532][T16252] chnl_net:caif_netlink_parms(): no params data found
[  308.575110][T16280] netlink: 'syz.4.2928': attribute type 1 has an invalid length.
[  308.597852][T16291] pimreg: entered allmulticast mode
[  308.603338][T16252] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.612365][T16252] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.620149][T16252] bridge_slave_0: entered allmulticast mode
[  308.631124][T16252] bridge_slave_0: entered promiscuous mode
[  308.646740][T16291] pimreg: left allmulticast mode
[  308.690330][T16252] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.704646][T16252] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.719948][T16252] bridge_slave_1: entered allmulticast mode
[  308.736270][T16252] bridge_slave_1: entered promiscuous mode
[  308.810885][T16299] syzkaller1: entered allmulticast mode
[  308.830857][T16252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  308.889335][T16306] __nla_validate_parse: 10 callbacks suppressed
[  308.889354][T16306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2934'.
[  308.914690][T16252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.032275][T16252] team0: Port device team_slave_0 added
[  309.069766][T16252] team0: Port device team_slave_1 added
[  309.169563][T16252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.181323][T16252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  309.209443][T16252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.865382][ T8308] bond0 (unregistering): Released all slaves
[  309.959846][ T8308] bond1 (unregistering): Released all slaves
[  309.965983][   T52] Bluetooth: hci5: command tx timeout
[  309.989496][T16252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.996775][T16252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  310.023361][T16252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.146213][ T8308] tipc: Left network mode
[  310.224343][T16353] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2944'.
[  310.281763][T16252] hsr_slave_0: entered promiscuous mode
[  310.300361][T16252] hsr_slave_1: entered promiscuous mode
[  310.364757][T16362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2946'.
[  310.501353][T16356] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input8
[  310.689834][T16353] lo speed is unknown, defaulting to 1000
[  311.013244][T16387] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2952'.
[  311.176311][T16384] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2949'.
[  311.370030][T16391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  311.873300][T16381] lo speed is unknown, defaulting to 1000
[  311.972669][T16399] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2954'.
[  312.002478][T16398] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2954'.
[  312.021280][T16388] lo speed is unknown, defaulting to 1000
[  312.052721][   T52] Bluetooth: hci5: command tx timeout
[  312.246512][T16403] netlink: 1372 bytes leftover after parsing attributes in process `syz.4.2955'.
[  312.404471][ T8308] IPVS: stop unused estimator thread 0...
[  312.654719][T16418] netlink: 456 bytes leftover after parsing attributes in process `syz.0.2958'.
[  312.678258][T16415] pim6reg: entered allmulticast mode
[  312.697597][T16415] pim6reg: left allmulticast mode
[  312.814265][T16252] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  312.849687][T16252] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  312.881000][T16252] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  312.910802][T16429] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  312.918440][T16252] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  313.081870][T16252] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.118441][T16252] 8021q: adding VLAN 0 to HW filter on device team0
[  313.153969][ T2962] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.161361][ T2962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  313.180397][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.187680][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state
[  313.490099][T16463] lo speed is unknown, defaulting to 1000
[  313.499482][T16252] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.592785][T16466] netlink: 6 bytes leftover after parsing attributes in process `syz.4.2969'.
[  313.605306][T16466] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  313.661048][T16252] veth0_vlan: entered promiscuous mode
[  313.673824][T16252] veth1_vlan: entered promiscuous mode
[  313.711516][T16252] veth0_macvtap: entered promiscuous mode
[  313.728106][T16252] veth1_macvtap: entered promiscuous mode
[  313.767990][T16252] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.783318][T16252] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.799963][ T8308] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.830186][ T8308] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.866771][ T8308] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.945874][ T8308] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.064021][ T3067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.079588][ T3067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.125910][   T52] Bluetooth: hci5: command tx timeout
[  314.209738][T16485] netlink: 'syz.3.2973': attribute type 1 has an invalid length.
[  314.357886][T16480] gretap1: entered allmulticast mode
[  314.366161][T16490] xt_bpf: check failed: parse error
[  314.397411][T16480] bond7: (slave gretap1): making interface the new active one
[  314.407492][T16480] bond7: (slave gretap1): Enslaving as an active interface with an up link
[  314.525077][ T2962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.547340][ T2962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.852479][T16502] bond8: Removing last ns target with arp_interval on
[  314.888474][    T9] IPVS: starting estimator thread 0...
[  314.975719][T16508] IPVS: using max 30 ests per chain, 72000 per kthread
[  314.987970][T16495] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2975'.
[  315.063915][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  315.073903][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  315.086859][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  315.094779][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  315.102106][T16484] bond4: option miimon: invalid value (18446744073709551607)
[  315.114357][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  315.156817][T16484] bond4: option miimon: allowed values 0 - 2147483647
[  315.211518][T16484] bond4 (unregistering): Released all slaves
[  315.299526][T16519] IPVS: Scheduler module ip_vs_sip not found
[  315.360374][T16513] IPVS: length: 8 != 133462667632
[  315.383080][T16511] lo speed is unknown, defaulting to 1000
[  315.790698][T16543] netlink: 'syz.2.2988': attribute type 1 has an invalid length.
[  315.836666][T16543] 8021q: adding VLAN 0 to HW filter on device bond4
[  315.853002][T16543] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2988'.
[  315.853078][T16511] chnl_net:caif_netlink_parms(): no params data found
[  315.914278][T16543] bond4: entered promiscuous mode
[  315.958030][T16543] netlink: 'syz.2.2988': attribute type 1 has an invalid length.
[  316.019217][T16549] bond4: (slave dummy0): making interface the new active one
[  316.040853][T16549] dummy0: entered promiscuous mode
[  316.048455][T16549] bond4: (slave dummy0): Enslaving as an active interface with an up link
[  316.092403][T16564] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2991'.
[  316.174577][T16571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.174789][T16568] 
@0Ù: renamed from bond_slave_1 (while UP)
[  316.185746][T16573] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  316.216211][   T52] Bluetooth: hci5: command tx timeout
[  316.256338][T16511] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.280247][T16575] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2993'.
[  316.301165][T16511] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.327625][T16511] bridge_slave_0: entered allmulticast mode
[  316.335422][T16511] bridge_slave_0: entered promiscuous mode
[  316.348750][T16511] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.356468][T16511] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.363729][T16511] bridge_slave_1: entered allmulticast mode
[  316.370729][T16584] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2996'.
[  316.377108][T16511] bridge_slave_1: entered promiscuous mode
[  316.388608][T16568] syzkaller1: entered promiscuous mode
[  316.394144][T16568] syzkaller1: entered allmulticast mode
[  316.433814][T16584] netlink: 'syz.3.2996': attribute type 2 has an invalid length.
[  316.535395][T16589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2998'.
[  316.574162][T16511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  316.604816][T16511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  316.740206][T16600] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  316.786994][T16598] Bluetooth: MGMT ver 1.23
[  316.797697][T16511] team0: Port device team_slave_0 added
[  316.799722][T16598] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3001'.
[  316.817606][T16511] team0: Port device team_slave_1 added
[  316.887665][T16602] syzkaller0: entered promiscuous mode
[  316.893384][T16602] syzkaller0: entered allmulticast mode
[  316.904946][T16511] batman_adv: batadv0: Adding interface: batadv_slave_0
[  316.915256][T16511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  316.941513][T16511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  316.955064][T16511] batman_adv: batadv0: Adding interface: batadv_slave_1
[  316.975904][T16511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  317.002758][T16511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.017661][ T1298] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  317.137135][T16618] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3005'.
[  317.167276][   T52] Bluetooth: hci1: command tx timeout
[  317.249788][T16511] hsr_slave_0: entered promiscuous mode
[  317.278272][T16511] hsr_slave_1: entered promiscuous mode
[  317.284788][T16511] debugfs: 'hsr0' already exists in 'hsr'
[  317.293600][T16511] Cannot create hsr debugfs directory
[  317.555252][T16639] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  317.590203][T16639] syzkaller0: entered promiscuous mode
[  317.595801][T16639] syzkaller0: entered allmulticast mode
[  317.601927][T16639] tipc: Resetting bearer <eth:syzkaller0>
[  317.700426][T16640] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3015'.
[  317.740556][T16640] netlink: 160 bytes leftover after parsing attributes in process `syz.3.3015'.
[  317.750113][T16640] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  317.865203][T16638] tipc: Resetting bearer <eth:syzkaller0>
[  317.896360][   T30] audit: type=1800 audit(1768532653.129:8): pid=16642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3016" name="blkio.bfq.time_recursive" dev="tmpfs" ino=3047 res=0 errno=0
[  318.234609][T16651] FAULT_INJECTION: forcing a failure.
[  318.234609][T16651] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  318.248766][T16651] CPU: 1 UID: 0 PID: 16651 Comm: syz.0.3018 Not tainted syzkaller #0 PREEMPT(full) 
[  318.248791][T16651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  318.248804][T16651] Call Trace:
[  318.248811][T16651]  <TASK>
[  318.248819][T16651]  dump_stack_lvl+0xe8/0x150
[  318.248845][T16651]  should_fail_ex+0x414/0x560
[  318.248876][T16651]  _copy_from_user+0x2d/0xb0
[  318.248896][T16651]  ___sys_sendmsg+0x158/0x2a0
[  318.248920][T16651]  ? __pfx____sys_sendmsg+0x10/0x10
[  318.248967][T16651]  ? __fget_files+0x2a/0x420
[  318.248988][T16651]  ? __fget_files+0x3a0/0x420
[  318.249019][T16651]  __x64_sys_sendmsg+0x19b/0x260
[  318.249044][T16651]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  318.249075][T16651]  ? __pfx_ksys_write+0x10/0x10
[  318.249102][T16651]  do_syscall_64+0xec/0xf80
[  318.249124][T16651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.249142][T16651]  ? trace_irq_disable+0x37/0x100
[  318.249165][T16651]  ? clear_bhb_loop+0x60/0xb0
[  318.249188][T16651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.249205][T16651] RIP: 0033:0x7fe0e338f749
[  318.249220][T16651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.249236][T16651] RSP: 002b:00007fe0e15f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  318.249256][T16651] RAX: ffffffffffffffda RBX: 00007fe0e35e5fa0 RCX: 00007fe0e338f749
[  318.249270][T16651] RDX: 0000000000000804 RSI: 0000200000000380 RDI: 0000000000000004
[  318.249282][T16651] RBP: 00007fe0e15f6090 R08: 0000000000000000 R09: 0000000000000000
[  318.249294][T16651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.249305][T16651] R13: 00007fe0e35e6038 R14: 00007fe0e35e5fa0 R15: 00007ffcf48537b8
[  318.249333][T16651]  </TASK>
[  318.270459][T16657] netlink: 'syz.1.3019': attribute type 11 has an invalid length.
[  319.249125][   T52] Bluetooth: hci1: command tx timeout
[  319.389126][T16638] tipc: Disabling bearer <eth:syzkaller0>
[  319.470045][T16511] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  319.519202][T16511] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  319.558501][T16511] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  319.585333][T16511] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  319.631539][T16673] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  319.899030][T16511] 8021q: adding VLAN 0 to HW filter on device bond0
[  319.961613][T16511] 8021q: adding VLAN 0 to HW filter on device team0
[  319.997653][ T4759] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.004843][ T4759] bridge0: port 1(bridge_slave_0) entered forwarding state
[  320.048259][T16709] netlink: 'syz.0.3031': attribute type 5 has an invalid length.
[  320.065091][T16710] __nla_validate_parse: 4 callbacks suppressed
[  320.065108][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3032'.
[  320.084798][ T6140] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.091953][ T6140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  320.105784][T16710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3032'.
[  320.210044][T16714] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  320.286393][T16713] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3032'.
[  320.326693][T16717] lo speed is unknown, defaulting to 1000
[  320.672394][T16511] 8021q: adding VLAN 0 to HW filter on device batadv0
[  320.739724][T16729] xt_CT: No such helper "snmp"
[  321.257888][T16746] lo speed is unknown, defaulting to 1000
[  321.335893][   T52] Bluetooth: hci1: command tx timeout
[  321.481989][T16511] veth0_vlan: entered promiscuous mode
[  321.643476][T16511] veth1_vlan: entered promiscuous mode
[  321.644134][T16778] x_tables: unsorted entry at hook 2
[  321.688482][T16768] lo speed is unknown, defaulting to 1000
[  321.736072][T16511] veth0_macvtap: entered promiscuous mode
[  321.815409][T16511] veth1_macvtap: entered promiscuous mode
[  321.930473][T16786] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3051'.
[  321.947320][T16786] --map-set only usable from mangle table
[  321.972759][T16786] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3051'.
[  322.121772][T16511] batman_adv: batadv0: Interface activated: batadv_slave_0
[  322.180077][T16511] batman_adv: batadv0: Interface activated: batadv_slave_1
[  322.222953][ T6140] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.247963][ T6140] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  322.266015][ T6140] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  322.308652][ T6140] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  322.559997][T16804] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3055'.
[  322.577556][T16804] netlink: zone id is out of range
[  322.582931][T16804] netlink: zone id is out of range
[  322.661024][T16804] netlink: zone id is out of range
[  322.676657][T16804] netlink: get zone limit has 4 unknown bytes
[  322.831914][ T8308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.863773][ T8308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.006514][T14945] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.014392][T14945] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.277248][T16820] lo speed is unknown, defaulting to 1000
[  323.406128][   T52] Bluetooth: hci1: command tx timeout
[  323.475226][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  323.485435][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  323.493348][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  323.501436][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  323.509171][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  323.655234][T16835] lo speed is unknown, defaulting to 1000
[  323.771808][T16846] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3066'.
[  324.268709][T16868] IPVS: set_ctl: invalid protocol: 59 172.20.20.60:20000
[  324.374872][T16835] chnl_net:caif_netlink_parms(): no params data found
[  324.897868][T16835] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.905019][T16835] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.914347][T16835] bridge_slave_0: entered allmulticast mode
[  324.927557][T16835] bridge_slave_0: entered promiscuous mode
[  324.975212][T16835] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.990013][T16835] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.006771][T16835] bridge_slave_1: entered allmulticast mode
[  325.018178][T16835] bridge_slave_1: entered promiscuous mode
[  325.586847][ T5837] Bluetooth: hci3: command tx timeout
[  326.002253][ T8308] bond5 (unregistering): (slave ip6gretap2): Releasing active interface
[  326.224297][ T8308] bond7 (unregistering): (slave gretap1): Releasing active interface
[  326.847152][ T8308] bond1 (unregistering): Released all slaves
[  326.963190][ T8308] bond2 (unregistering): (slave veth1): Releasing active interface
[  326.973531][ T8308] bond2 (unregistering): Released all slaves
[  327.089602][ T8308] bond3 (unregistering): (slave bond4): Releasing backup interface
[  327.098676][ T8308] bond3 (unregistering): Released all slaves
[  327.204810][ T8308] bond4 (unregistering): Released all slaves
[  327.291867][T16927] netlink: 'syz.0.3084': attribute type 10 has an invalid length.
[  327.311957][ T8308] bond5 (unregistering): Released all slaves
[  327.419136][ T8308] bond0 (unregistering): left allmulticast mode
[  327.425584][ T8308] bond0 (unregistering): left promiscuous mode
[  327.442254][ T8308] team0: Port device macvlan0 removed
[  327.455231][ T8308] bond0 (unregistering): Released all slaves
[  327.472990][ T8308] bond6 (unregistering): Released all slaves
[  327.490498][ T8308] bond7 (unregistering): Released all slaves
[  327.510481][ T8308] bond8 (unregistering): Released all slaves
[  327.537042][T16835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  327.553219][T16921] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3083'.
[  327.571593][T16927] mac80211_hwsim hwsim4 wlan1: entered promiscuous mode
[  327.593901][T16927] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  327.624880][T16835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  327.654944][ T5837] Bluetooth: hci3: command tx timeout
[  327.728335][ T8308] tipc: Left network mode
[  327.734515][T16835] team0: Port device team_slave_0 added
[  327.744794][T16835] team0: Port device team_slave_1 added
[  327.761360][T16928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  327.863024][T16835] batman_adv: batadv0: Adding interface: batadv_slave_0
[  327.872522][T16835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  327.903087][T16835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  327.918286][T16835] batman_adv: batadv0: Adding interface: batadv_slave_1
[  327.925396][T16835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  327.952303][T16835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  328.086852][T16835] hsr_slave_0: entered promiscuous mode
[  328.093610][T16835] hsr_slave_1: entered promiscuous mode
[  328.100594][T16835] debugfs: 'hsr0' already exists in 'hsr'
[  328.106593][T16835] Cannot create hsr debugfs directory
[  328.112148][T16940] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3088'.
[  328.143154][T16940] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3088'.
[  328.317555][T16950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3091'.
[  328.327028][T16950] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3091'.
[  328.354950][ T8308] hsr_slave_0: left promiscuous mode
[  328.361942][ T8308] hsr_slave_1: left promiscuous mode
[  328.375269][ T8308] batman_adv: batadv0: Removing interface: batadv_slave_0
[  328.406286][ T8308] batman_adv: batadv0: Removing interface: batadv_slave_1
[  328.490654][T16960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3091'.
[  328.735731][ T8308] team0 (unregistering): Port device 
7
6žÿ removed
[  328.766184][ T8308] team0 (unregistering): Port device team_slave_0 removed
[  329.091073][T16960] veth1_macvtap: left promiscuous mode
[  329.384291][T16980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3098'.
[  329.444191][ T8308] IPVS: stop unused estimator thread 0...
[  329.625505][T16989] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3103'.
[  329.649967][T16991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3102'.
[  329.661866][T16992] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3102'.
[  329.680972][T16835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  329.704521][T16835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  329.727297][ T5837] Bluetooth: hci3: command tx timeout
[  329.781526][T16835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  329.796802][T16835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  330.218479][T16835] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.299728][T16835] 8021q: adding VLAN 0 to HW filter on device team0
[  330.332747][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.339949][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.391595][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.398783][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.444621][T17036] FAULT_INJECTION: forcing a failure.
[  330.444621][T17036] name failslab, interval 1, probability 0, space 0, times 0
[  330.460791][T17036] CPU: 1 UID: 0 PID: 17036 Comm: syz.4.3114 Not tainted syzkaller #0 PREEMPT(full) 
[  330.460818][T17036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  330.460830][T17036] Call Trace:
[  330.460837][T17036]  <TASK>
[  330.460844][T17036]  dump_stack_lvl+0xe8/0x150
[  330.460873][T17036]  should_fail_ex+0x414/0x560
[  330.460908][T17036]  should_failslab+0xa8/0x100
[  330.460933][T17036]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  330.460961][T17036]  ? __alloc_skb+0x198/0x3b0
[  330.460980][T17036]  ? __alloc_skb+0x1dc/0x3b0
[  330.460996][T17036]  ? __local_bh_enable_ip+0xd0/0x130
[  330.461016][T17036]  ? __alloc_skb+0x198/0x3b0
[  330.461037][T17036]  __alloc_skb+0x1dc/0x3b0
[  330.461061][T17036]  netlink_sendmsg+0x5c6/0xb30
[  330.461094][T17036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.461122][T17036]  ? aa_sock_msg_perm+0xf1/0x1b0
[  330.461148][T17036]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  330.461166][T17036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.461194][T17036]  __sock_sendmsg+0x21c/0x270
[  330.461224][T17036]  sock_write_iter+0x279/0x360
[  330.461253][T17036]  ? __pfx_sock_write_iter+0x10/0x10
[  330.461290][T17036]  ? kstrtoull+0x12f/0x1d0
[  330.461325][T17036]  do_iter_readv_writev+0x623/0x8c0
[  330.461351][T17036]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  330.461369][T17036]  ? common_file_perm+0x1b5/0x220
[  330.461395][T17036]  ? bpf_lsm_file_permission+0x9/0x20
[  330.461423][T17036]  ? security_file_permission+0x75/0x290
[  330.461443][T17036]  ? rw_verify_area+0x255/0x4d0
[  330.461473][T17036]  vfs_writev+0x31a/0x960
[  330.461502][T17036]  ? __pfx_vfs_writev+0x10/0x10
[  330.461537][T17036]  ? __fget_files+0x2a/0x420
[  330.461561][T17036]  ? __fget_files+0x3a0/0x420
[  330.461582][T17036]  ? __fget_files+0x2a/0x420
[  330.461612][T17036]  do_writev+0x14d/0x2d0
[  330.461636][T17036]  ? __pfx_do_writev+0x10/0x10
[  330.461667][T17036]  do_syscall_64+0xec/0xf80
[  330.461689][T17036]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.461706][T17036]  ? trace_irq_disable+0x37/0x100
[  330.461730][T17036]  ? clear_bhb_loop+0x60/0xb0
[  330.461754][T17036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.461771][T17036] RIP: 0033:0x7f8e99b8f749
[  330.461788][T17036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.461805][T17036] RSP: 002b:00007f8e9aaa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  330.461825][T17036] RAX: ffffffffffffffda RBX: 00007f8e99de5fa0 RCX: 00007f8e99b8f749
[  330.461841][T17036] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000005
[  330.461853][T17036] RBP: 00007f8e9aaa8090 R08: 0000000000000000 R09: 0000000000000000
[  330.461865][T17036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.461877][T17036] R13: 00007f8e99de6038 R14: 00007f8e99de5fa0 R15: 00007ffdf89148a8
[  330.461908][T17036]  </TASK>
[  330.815858][T17035] netlink: 'syz.2.3113': attribute type 1 has an invalid length.
[  331.038518][T16835] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.094232][T16835] veth0_vlan: entered promiscuous mode
[  331.112860][T16835] veth1_vlan: entered promiscuous mode
[  331.146893][T17049] xt_connbytes: Forcing CT accounting to be enabled
[  331.178881][T16835] veth0_macvtap: entered promiscuous mode
[  331.189691][T16835] veth1_macvtap: entered promiscuous mode
[  331.290670][T16835] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.328835][T16835] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.353666][ T6140] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.364956][ T6140] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.398024][ T6140] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.408223][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.565453][ T6140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.584003][ T6140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.667036][ T4759] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  331.684151][ T4759] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  331.807712][ T5837] Bluetooth: hci3: command tx timeout
[  331.894565][T17069] netlink: 'syz.4.3122': attribute type 2 has an invalid length.
[  331.912623][T17069] !: entered promiscuous mode
[  331.930261][T17069] netlink: 'syz.4.3122': attribute type 2 has an invalid length.
[  331.946241][T17069] !: left promiscuous mode
[  332.361408][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  332.374156][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  332.383830][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  332.393380][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  332.401190][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  332.993161][T17093] xt_CT: You must specify a L4 protocol and not use inversions on it
[  333.029113][T17099] __nla_validate_parse: 3 callbacks suppressed
[  333.029131][T17099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3134'.
[  333.052143][T17078] chnl_net:caif_netlink_parms(): no params data found
[  333.478649][T17078] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.497965][T17078] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.514078][T17078] bridge_slave_0: entered allmulticast mode
[  333.522926][T17078] bridge_slave_0: entered promiscuous mode
[  333.581381][T17078] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.595586][T17078] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.603502][T17078] bridge_slave_1: entered allmulticast mode
[  333.620297][T17078] bridge_slave_1: entered promiscuous mode
[  333.827674][T17127] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  334.455814][   T52] Bluetooth: hci0: command tx timeout
[  334.778364][T17135] xt_CT: You must specify a L4 protocol and not use inversions on it
[  335.502279][T17078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  336.442759][T17078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  336.526966][   T52] Bluetooth: hci0: command tx timeout
[  336.592665][T17140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3147'.
[  336.594981][T17078] team0: Port device team_slave_0 added
[  336.611048][T17078] team0: Port device team_slave_1 added
[  336.792714][T17078] batman_adv: batadv0: Adding interface: batadv_slave_0
[  336.816305][T17078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  336.869176][T17078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  336.914035][T17078] batman_adv: batadv0: Adding interface: batadv_slave_1
[  336.925055][T17078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  336.971009][T17078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  337.146146][T17172] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3154'.
[  337.234929][T17160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3151'.
[  337.244976][T17160] netlink: 'syz.4.3151': attribute type 29 has an invalid length.
[  337.260160][T17176] FAULT_INJECTION: forcing a failure.
[  337.260160][T17176] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  337.276533][T17176] CPU: 0 UID: 0 PID: 17176 Comm: syz.3.3155 Not tainted syzkaller #0 PREEMPT(full) 
[  337.276559][T17176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  337.276571][T17176] Call Trace:
[  337.276578][T17176]  <TASK>
[  337.276587][T17176]  dump_stack_lvl+0xe8/0x150
[  337.276616][T17176]  should_fail_ex+0x414/0x560
[  337.276651][T17176]  _copy_from_iter+0x1cd/0x1630
[  337.276682][T17176]  ? __pfx__copy_from_iter+0x10/0x10
[  337.276703][T17176]  ? __build_skb_around+0x22d/0x3c0
[  337.276726][T17176]  ? __alloc_skb+0x198/0x3b0
[  337.276748][T17176]  ? netlink_sendmsg+0x642/0xb30
[  337.276772][T17176]  ? skb_put+0x11b/0x210
[  337.276797][T17176]  netlink_sendmsg+0x6b2/0xb30
[  337.276831][T17176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.276861][T17176]  ? aa_sock_msg_perm+0xf1/0x1b0
[  337.276888][T17176]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  337.276906][T17176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  337.276933][T17176]  __sock_sendmsg+0x21c/0x270
[  337.276963][T17176]  ____sys_sendmsg+0x505/0x820
[  337.276992][T17176]  ? __pfx_____sys_sendmsg+0x10/0x10
[  337.277033][T17176]  ? import_iovec+0x74/0xa0
[  337.277059][T17176]  ___sys_sendmsg+0x21f/0x2a0
[  337.277086][T17176]  ? __pfx____sys_sendmsg+0x10/0x10
[  337.277143][T17176]  ? __fget_files+0x2a/0x420
[  337.277165][T17176]  ? __fget_files+0x3a0/0x420
[  337.277195][T17176]  __x64_sys_sendmsg+0x19b/0x260
[  337.277222][T17176]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  337.277255][T17176]  ? __pfx_ksys_write+0x10/0x10
[  337.277285][T17176]  do_syscall_64+0xec/0xf80
[  337.277308][T17176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.277326][T17176]  ? trace_irq_disable+0x37/0x100
[  337.277350][T17176]  ? clear_bhb_loop+0x60/0xb0
[  337.277373][T17176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.277392][T17176] RIP: 0033:0x7fd3db38f749
[  337.277408][T17176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.277426][T17176] RSP: 002b:00007fd3dc19a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  337.277447][T17176] RAX: ffffffffffffffda RBX: 00007fd3db5e5fa0 RCX: 00007fd3db38f749
[  337.277462][T17176] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  337.277474][T17176] RBP: 00007fd3dc19a090 R08: 0000000000000000 R09: 0000000000000000
[  337.277487][T17176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  337.277498][T17176] R13: 00007fd3db5e6038 R14: 00007fd3db5e5fa0 R15: 00007ffe56ad2b58
[  337.277530][T17176]  </TASK>
[  337.706947][T17078] hsr_slave_0: entered promiscuous mode
[  337.713613][T17078] hsr_slave_1: entered promiscuous mode
[  337.720375][T17078] debugfs: 'hsr0' already exists in 'hsr'
[  337.726326][T17078] Cannot create hsr debugfs directory
[  337.732106][T17184] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3159'.
[  337.876443][T17193] xt_CT: You must specify a L4 protocol and not use inversions on it
[  337.968819][T17188] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3157'.
[  338.320731][ T8312] bond0 (unregistering): (slave lo): Releasing backup interface
[  338.334435][ T8312] bond0 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  338.348693][ T8312] bond0 (unregistering): Released all slaves
[  338.361854][ T8312] bond1 (unregistering): Released all slaves
[  338.460100][ T8312] bond2 (unregistering): Released all slaves
[  338.569656][ T8312] bond3 (unregistering): (slave veth5): Releasing active interface
[  338.579011][ T8312] bond3 (unregistering): Released all slaves
[  338.606582][   T52] Bluetooth: hci0: command tx timeout
[  338.678414][ T8312] bond4 (unregistering): (slave dummy0): Releasing active interface
[  338.687024][ T8312] dummy0: left promiscuous mode
[  338.694728][ T8312] bond4 (unregistering): Released all slaves
[  338.707038][ T8312] bond5 (unregistering): Released all slaves
[  338.742472][T17197] gre0: MTU too low for tipc bearer
[  338.777203][T17197] tipc: Disabling bearer <eth:gre0>
[  338.841401][ T8312] tipc: Left network mode
[  339.067870][T17212] 8021q: VLANs not supported on ip_vti0
[  339.203336][T17214] FAULT_INJECTION: forcing a failure.
[  339.203336][T17214] name failslab, interval 1, probability 0, space 0, times 0
[  339.223554][T17214] CPU: 1 UID: 0 PID: 17214 Comm: syz.0.3166 Not tainted syzkaller #0 PREEMPT(full) 
[  339.223581][T17214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  339.223593][T17214] Call Trace:
[  339.223601][T17214]  <TASK>
[  339.223610][T17214]  dump_stack_lvl+0xe8/0x150
[  339.223643][T17214]  should_fail_ex+0x414/0x560
[  339.223680][T17214]  should_failslab+0xa8/0x100
[  339.223704][T17214]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  339.223736][T17214]  ? __alloc_skb+0x1dc/0x3b0
[  339.223756][T17214]  ? __local_bh_enable_ip+0xd0/0x130
[  339.223778][T17214]  ? __alloc_skb+0x198/0x3b0
[  339.223800][T17214]  __alloc_skb+0x1dc/0x3b0
[  339.223825][T17214]  netlink_ack+0x146/0xa50
[  339.223849][T17214]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.223869][T17214]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  339.223893][T17214]  ? __pfx_nl80211_post_doit+0x10/0x10
[  339.223931][T17214]  netlink_rcv_skb+0x28c/0x470
[  339.223959][T17214]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.223981][T17214]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  339.224005][T17214]  ? genl_rcv+0x19/0x40
[  339.224040][T17214]  ? down_read+0x274/0x2e0
[  339.224063][T17214]  ? genl_rcv+0xd/0x40
[  339.224085][T17214]  genl_rcv+0x28/0x40
[  339.224103][T17214]  netlink_unicast+0x82f/0x9e0
[  339.224136][T17214]  ? __pfx_netlink_unicast+0x10/0x10
[  339.224159][T17214]  ? __alloc_skb+0x198/0x3b0
[  339.224180][T17214]  ? netlink_sendmsg+0x642/0xb30
[  339.224205][T17214]  ? skb_put+0x11b/0x210
[  339.224231][T17214]  netlink_sendmsg+0x805/0xb30
[  339.224267][T17214]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.224298][T17214]  ? aa_sock_msg_perm+0xf1/0x1b0
[  339.224325][T17214]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  339.224343][T17214]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.224370][T17214]  __sock_sendmsg+0x21c/0x270
[  339.224402][T17214]  ____sys_sendmsg+0x505/0x820
[  339.224433][T17214]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.224467][T17214]  ? import_iovec+0x74/0xa0
[  339.224493][T17214]  ___sys_sendmsg+0x21f/0x2a0
[  339.224528][T17214]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.224586][T17214]  ? __fget_files+0x2a/0x420
[  339.224609][T17214]  ? __fget_files+0x3a0/0x420
[  339.224641][T17214]  __x64_sys_sendmsg+0x19b/0x260
[  339.224668][T17214]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  339.224702][T17214]  ? __pfx_ksys_write+0x10/0x10
[  339.224730][T17214]  do_syscall_64+0xec/0xf80
[  339.224753][T17214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.224769][T17214]  ? trace_irq_disable+0x37/0x100
[  339.224793][T17214]  ? clear_bhb_loop+0x60/0xb0
[  339.224816][T17214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.224834][T17214] RIP: 0033:0x7fe0e338f749
[  339.224852][T17214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.224868][T17214] RSP: 002b:00007fe0e15f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.224889][T17214] RAX: ffffffffffffffda RBX: 00007fe0e35e5fa0 RCX: 00007fe0e338f749
[  339.224904][T17214] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  339.224916][T17214] RBP: 00007fe0e15f6090 R08: 0000000000000000 R09: 0000000000000000
[  339.224929][T17214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.224941][T17214] R13: 00007fe0e35e6038 R14: 00007fe0e35e5fa0 R15: 00007ffcf48537b8
[  339.224974][T17214]  </TASK>
[  339.898411][ T8312] hsr_slave_0: left promiscuous mode
[  339.913870][ T8312] hsr_slave_1: left promiscuous mode
[  339.923717][T17232] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3174'.
[  339.972104][T17237] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3171'.
[  340.100831][T17246] xt_CT: You must specify a L4 protocol and not use inversions on it
[  340.265386][ T8312] team0 (unregistering): Port device team_slave_1 removed
[  340.316920][ T8312] team0 (unregistering): Port device team_slave_0 removed
[  340.687274][   T52] Bluetooth: hci0: command tx timeout
[  340.752361][T17242] bond6: invalid ARP target 0.0.0.0 specified for addition
[  340.765108][T17242] bond6: option arp_ip_target: invalid value (0)
[  340.773962][T17242] bond6 (unregistering): Released all slaves
[  341.235421][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.279716][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.305989][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.322650][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.351273][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.385299][T17280] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3185'.
[  341.386854][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3182'.
[  341.396247][T17281] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3184'.
[  341.507906][T17271] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.515689][T17271] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.703858][T17271] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.739793][T17271] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.832712][T17289] xt_CT: You must specify a L4 protocol and not use inversions on it
[  341.923932][T17283] bond0: Caught tx_queue_len zero misconfig
[  341.942389][ T8315] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  342.024137][ T8315] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  342.042714][ T8315] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  342.062740][ T8315] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  342.096233][T17078] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  342.099422][ T8312] IPVS: stop unused estimator thread 0...
[  342.154381][T17078] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  342.190992][T17078] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  342.210659][   T52] block nbd2: Receive control failed (result -107)
[  342.217795][T17078] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  342.236967][T17297] sock: sock_set_timeout: `syz.4.3190' (pid 17297) tries to set negative timeout
[  342.432896][T17303] netlink: 'syz.0.3189': attribute type 1 has an invalid length.
[  342.526259][T17303] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  342.673583][T17078] 8021q: adding VLAN 0 to HW filter on device bond0
[  342.729101][T17078] 8021q: adding VLAN 0 to HW filter on device team0
[  342.783504][ T8312] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.790713][ T8312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  342.835391][ T8315] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.842575][ T8315] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.041643][T17337] FAULT_INJECTION: forcing a failure.
[  343.041643][T17337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.085342][T17337] CPU: 0 UID: 0 PID: 17337 Comm: syz.1.3203 Not tainted syzkaller #0 PREEMPT(full) 
[  343.085370][T17337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  343.085382][T17337] Call Trace:
[  343.085391][T17337]  <TASK>
[  343.085399][T17337]  dump_stack_lvl+0xe8/0x150
[  343.085429][T17337]  should_fail_ex+0x414/0x560
[  343.085463][T17337]  _copy_from_iter+0x1cd/0x1630
[  343.085497][T17337]  ? __pfx__copy_from_iter+0x10/0x10
[  343.085519][T17337]  ? __build_skb_around+0x22d/0x3c0
[  343.085544][T17337]  ? __alloc_skb+0x198/0x3b0
[  343.085565][T17337]  ? netlink_sendmsg+0x642/0xb30
[  343.085591][T17337]  ? skb_put+0x11b/0x210
[  343.085618][T17337]  netlink_sendmsg+0x6b2/0xb30
[  343.085652][T17337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.085681][T17337]  ? aa_sock_msg_perm+0xf1/0x1b0
[  343.085707][T17337]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  343.085726][T17337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.085753][T17337]  __sock_sendmsg+0x21c/0x270
[  343.085785][T17337]  ____sys_sendmsg+0x505/0x820
[  343.085815][T17337]  ? __pfx_____sys_sendmsg+0x10/0x10
[  343.085846][T17337]  ? import_iovec+0x74/0xa0
[  343.085872][T17337]  ___sys_sendmsg+0x21f/0x2a0
[  343.085898][T17337]  ? __pfx____sys_sendmsg+0x10/0x10
[  343.085955][T17337]  ? __fget_files+0x2a/0x420
[  343.085978][T17337]  ? __fget_files+0x3a0/0x420
[  343.086012][T17337]  __x64_sys_sendmsg+0x19b/0x260
[  343.086038][T17337]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  343.086072][T17337]  ? __pfx_ksys_write+0x10/0x10
[  343.086102][T17337]  do_syscall_64+0xec/0xf80
[  343.086125][T17337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.086144][T17337]  ? trace_irq_disable+0x37/0x100
[  343.086169][T17337]  ? clear_bhb_loop+0x60/0xb0
[  343.086191][T17337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.086217][T17337] RIP: 0033:0x7fe43678f749
[  343.086234][T17337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.086251][T17337] RSP: 002b:00007fe437551038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  343.086272][T17337] RAX: ffffffffffffffda RBX: 00007fe4369e5fa0 RCX: 00007fe43678f749
[  343.086287][T17337] RDX: 0000000000000804 RSI: 0000200000000380 RDI: 0000000000000004
[  343.086299][T17337] RBP: 00007fe437551090 R08: 0000000000000000 R09: 0000000000000000
[  343.086312][T17337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.086324][T17337] R13: 00007fe4369e6038 R14: 00007fe4369e5fa0 R15: 00007ffcd5023dc8
[  343.086355][T17337]  </TASK>
[  343.396428][T17342] FAULT_INJECTION: forcing a failure.
[  343.396428][T17342] name failslab, interval 1, probability 0, space 0, times 0
[  343.409502][T17342] CPU: 0 UID: 0 PID: 17342 Comm: syz.3.3204 Not tainted syzkaller #0 PREEMPT(full) 
[  343.409527][T17342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  343.409538][T17342] Call Trace:
[  343.409545][T17342]  <TASK>
[  343.409554][T17342]  dump_stack_lvl+0xe8/0x150
[  343.409583][T17342]  should_fail_ex+0x414/0x560
[  343.409614][T17342]  should_failslab+0xa8/0x100
[  343.409638][T17342]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  343.409670][T17342]  ? __alloc_skb+0x1dc/0x3b0
[  343.409687][T17342]  ? __local_bh_enable_ip+0xd0/0x130
[  343.409707][T17342]  ? __alloc_skb+0x198/0x3b0
[  343.409727][T17342]  __alloc_skb+0x1dc/0x3b0
[  343.409751][T17342]  netlink_dump+0x1b7/0xe90
[  343.409780][T17342]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  343.409804][T17342]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  343.409832][T17342]  ? __pfx_netlink_dump+0x10/0x10
[  343.409872][T17342]  ? genl_start+0x581/0x6c0
[  343.409901][T17342]  __netlink_dump_start+0x5cb/0x7e0
[  343.409934][T17342]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  343.409958][T17342]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  343.409977][T17342]  ? genl_get_cmd+0x7d9/0x910
[  343.409998][T17342]  ? __pfx___mutex_lock+0x10/0x10
[  343.410020][T17342]  ? __pfx_genl_start+0x10/0x10
[  343.410039][T17342]  ? __pfx_genl_dumpit+0x10/0x10
[  343.410057][T17342]  ? __pfx_genl_done+0x10/0x10
[  343.410090][T17342]  genl_rcv_msg+0x5da/0x790
[  343.410117][T17342]  ? __pfx_genl_rcv_msg+0x10/0x10
[  343.410146][T17342]  ? __pfx_tipc_dump_start+0x10/0x10
[  343.410169][T17342]  ? __pfx_tipc_nl_sk_dump+0x10/0x10
[  343.410192][T17342]  ? __pfx_tipc_dump_done+0x10/0x10
[  343.410219][T17342]  ? __asan_memcpy+0x40/0x70
[  343.410246][T17342]  ? __pfx_ref_tracker_free+0x10/0x10
[  343.410274][T17342]  netlink_rcv_skb+0x208/0x470
[  343.410301][T17342]  ? __pfx_genl_rcv_msg+0x10/0x10
[  343.410324][T17342]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  343.410349][T17342]  ? genl_rcv+0x19/0x40
[  343.410385][T17342]  ? down_read+0x274/0x2e0
[  343.410408][T17342]  ? genl_rcv+0xd/0x40
[  343.410428][T17342]  genl_rcv+0x28/0x40
[  343.410447][T17342]  netlink_unicast+0x82f/0x9e0
[  343.410480][T17342]  ? __pfx_netlink_unicast+0x10/0x10
[  343.410503][T17342]  ? __alloc_skb+0x198/0x3b0
[  343.410524][T17342]  ? netlink_sendmsg+0x642/0xb30
[  343.410548][T17342]  ? skb_put+0x11b/0x210
[  343.410575][T17342]  netlink_sendmsg+0x805/0xb30
[  343.410613][T17342]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.410644][T17342]  ? aa_sock_msg_perm+0xf1/0x1b0
[  343.410671][T17342]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  343.410689][T17342]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.410717][T17342]  __sock_sendmsg+0x21c/0x270
[  343.410749][T17342]  ____sys_sendmsg+0x505/0x820
[  343.410779][T17342]  ? __pfx_____sys_sendmsg+0x10/0x10
[  343.410814][T17342]  ? import_iovec+0x74/0xa0
[  343.410841][T17342]  ___sys_sendmsg+0x21f/0x2a0
[  343.410868][T17342]  ? __pfx____sys_sendmsg+0x10/0x10
[  343.410926][T17342]  ? __fget_files+0x2a/0x420
[  343.410948][T17342]  ? __fget_files+0x3a0/0x420
[  343.410981][T17342]  __x64_sys_sendmsg+0x19b/0x260
[  343.411007][T17342]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  343.411041][T17342]  ? __pfx_ksys_write+0x10/0x10
[  343.411071][T17342]  do_syscall_64+0xec/0xf80
[  343.411091][T17342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.411109][T17342]  ? trace_irq_disable+0x37/0x100
[  343.411140][T17342]  ? clear_bhb_loop+0x60/0xb0
[  343.411162][T17342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.411180][T17342] RIP: 0033:0x7fd3db38f749
[  343.411197][T17342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.411215][T17342] RSP: 002b:00007fd3dc19a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  343.411235][T17342] RAX: ffffffffffffffda RBX: 00007fd3db5e5fa0 RCX: 00007fd3db38f749
[  343.411249][T17342] RDX: 00000000000000a4 RSI: 0000200000000200 RDI: 0000000000000003
[  343.411261][T17342] RBP: 00007fd3dc19a090 R08: 0000000000000000 R09: 0000000000000000
[  343.411273][T17342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.411284][T17342] R13: 00007fd3db5e6038 R14: 00007fd3db5e5fa0 R15: 00007ffe56ad2b58
[  343.411316][T17342]  </TASK>
[  344.085789][T17360] FAULT_INJECTION: forcing a failure.
[  344.085789][T17360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.099908][T17360] CPU: 0 UID: 0 PID: 17360 Comm: syz.4.3208 Not tainted syzkaller #0 PREEMPT(full) 
[  344.099935][T17360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  344.099947][T17360] Call Trace:
[  344.099954][T17360]  <TASK>
[  344.099962][T17360]  dump_stack_lvl+0xe8/0x150
[  344.099993][T17360]  should_fail_ex+0x414/0x560
[  344.100027][T17360]  _copy_from_user+0x2d/0xb0
[  344.100052][T17360]  ___sys_sendmsg+0x158/0x2a0
[  344.100079][T17360]  ? __pfx____sys_sendmsg+0x10/0x10
[  344.100136][T17360]  ? __fget_files+0x2a/0x420
[  344.100159][T17360]  ? __fget_files+0x3a0/0x420
[  344.100191][T17360]  __x64_sys_sendmsg+0x19b/0x260
[  344.100217][T17360]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  344.100249][T17360]  ? __pfx_ksys_write+0x10/0x10
[  344.100277][T17360]  do_syscall_64+0xec/0xf80
[  344.100299][T17360]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.100323][T17360]  ? trace_irq_disable+0x37/0x100
[  344.100347][T17360]  ? clear_bhb_loop+0x60/0xb0
[  344.100370][T17360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.100389][T17360] RIP: 0033:0x7f8e99b8f749
[  344.100406][T17360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.100424][T17360] RSP: 002b:00007f8e9aa66038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.100444][T17360] RAX: ffffffffffffffda RBX: 00007f8e99de6180 RCX: 00007f8e99b8f749
[  344.100459][T17360] RDX: 0000000000000000 RSI: 0000200000000e40 RDI: 0000000000000004
[  344.100471][T17360] RBP: 00007f8e9aa66090 R08: 0000000000000000 R09: 0000000000000000
[  344.100483][T17360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.100495][T17360] R13: 00007f8e99de6218 R14: 00007f8e99de6180 R15: 00007ffdf89148a8
[  344.100525][T17360]  </TASK>
[  344.128979][T17078] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.441628][T17078] veth0_vlan: entered promiscuous mode
[  344.463403][T17078] veth1_vlan: entered promiscuous mode
[  344.513925][T17078] veth0_macvtap: entered promiscuous mode
[  344.527874][T17078] veth1_macvtap: entered promiscuous mode
[  344.558689][T17078] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.577121][T17078] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.598661][ T8315] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.654840][ T8315] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.666608][ T8315] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.677223][ T8315] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.730141][ T8312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.746588][ T8312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.780193][ T8312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.789213][ T8312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.123127][T17377] __nla_validate_parse: 149 callbacks suppressed
[  345.123147][T17377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3211'.
[  345.420418][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  345.431605][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  345.441379][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  345.450571][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  345.459653][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  345.817397][T17394] FAULT_INJECTION: forcing a failure.
[  345.817397][T17394] name failslab, interval 1, probability 0, space 0, times 0
[  345.844721][T17394] CPU: 1 UID: 0 PID: 17394 Comm: syz.2.3216 Not tainted syzkaller #0 PREEMPT(full) 
[  345.844749][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  345.844762][T17394] Call Trace:
[  345.844770][T17394]  <TASK>
[  345.844778][T17394]  dump_stack_lvl+0xe8/0x150
[  345.844807][T17394]  should_fail_ex+0x414/0x560
[  345.844842][T17394]  should_failslab+0xa8/0x100
[  345.844867][T17394]  kmem_cache_alloc_noprof+0x88/0x710
[  345.844895][T17394]  ? sk_filter_trim_cap+0x1e1/0xd60
[  345.844923][T17394]  ? skb_clone+0x212/0x3a0
[  345.844953][T17394]  skb_clone+0x212/0x3a0
[  345.844982][T17394]  __netlink_deliver_tap+0x404/0x850
[  345.845022][T17394]  ? netlink_deliver_tap+0x2e/0x1b0
[  345.845050][T17394]  netlink_deliver_tap+0x19c/0x1b0
[  345.845079][T17394]  netlink_dump+0x92b/0xe90
[  345.845117][T17394]  ? __pfx_netlink_dump+0x10/0x10
[  345.845182][T17394]  ? genl_start+0x581/0x6c0
[  345.845210][T17394]  __netlink_dump_start+0x5cb/0x7e0
[  345.845251][T17394]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  345.845276][T17394]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  345.845297][T17394]  ? genl_get_cmd+0x7d9/0x910
[  345.845320][T17394]  ? __pfx___mutex_lock+0x10/0x10
[  345.845344][T17394]  ? __pfx_genl_start+0x10/0x10
[  345.845363][T17394]  ? __pfx_genl_dumpit+0x10/0x10
[  345.845381][T17394]  ? __pfx_genl_done+0x10/0x10
[  345.845417][T17394]  genl_rcv_msg+0x5da/0x790
[  345.845444][T17394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  345.845463][T17394]  ? __pfx_tipc_dump_start+0x10/0x10
[  345.845486][T17394]  ? __pfx_tipc_nl_sk_dump+0x10/0x10
[  345.845509][T17394]  ? __pfx_tipc_dump_done+0x10/0x10
[  345.845534][T17394]  ? __asan_memcpy+0x40/0x70
[  345.845562][T17394]  ? __pfx_ref_tracker_free+0x10/0x10
[  345.845590][T17394]  netlink_rcv_skb+0x208/0x470
[  345.845620][T17394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  345.845640][T17394]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  345.845662][T17394]  ? genl_rcv+0x19/0x40
[  345.845695][T17394]  ? down_read+0x274/0x2e0
[  345.845715][T17394]  ? genl_rcv+0xd/0x40
[  345.845734][T17394]  genl_rcv+0x28/0x40
[  345.845751][T17394]  netlink_unicast+0x82f/0x9e0
[  345.845782][T17394]  ? __pfx_netlink_unicast+0x10/0x10
[  345.845804][T17394]  ? __alloc_skb+0x198/0x3b0
[  345.845825][T17394]  ? netlink_sendmsg+0x642/0xb30
[  345.845849][T17394]  ? skb_put+0x11b/0x210
[  345.845874][T17394]  netlink_sendmsg+0x805/0xb30
[  345.845911][T17394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  345.845942][T17394]  ? aa_sock_msg_perm+0xf1/0x1b0
[  345.845968][T17394]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  345.845985][T17394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  345.846012][T17394]  __sock_sendmsg+0x21c/0x270
[  345.846044][T17394]  ____sys_sendmsg+0x505/0x820
[  345.846075][T17394]  ? __pfx_____sys_sendmsg+0x10/0x10
[  345.846108][T17394]  ? import_iovec+0x74/0xa0
[  345.846135][T17394]  ___sys_sendmsg+0x21f/0x2a0
[  345.846161][T17394]  ? __pfx____sys_sendmsg+0x10/0x10
[  345.846222][T17394]  ? __fget_files+0x2a/0x420
[  345.846251][T17394]  ? __fget_files+0x3a0/0x420
[  345.846284][T17394]  __x64_sys_sendmsg+0x19b/0x260
[  345.846311][T17394]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  345.846343][T17394]  ? __pfx_ksys_write+0x10/0x10
[  345.846373][T17394]  do_syscall_64+0xec/0xf80
[  345.846396][T17394]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.846414][T17394]  ? trace_irq_disable+0x37/0x100
[  345.846438][T17394]  ? clear_bhb_loop+0x60/0xb0
[  345.846461][T17394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.846480][T17394] RIP: 0033:0x7fa6edf8f749
[  345.846498][T17394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.846514][T17394] RSP: 002b:00007fa6eee7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  345.846535][T17394] RAX: ffffffffffffffda RBX: 00007fa6ee1e5fa0 RCX: 00007fa6edf8f749
[  345.846550][T17394] RDX: 00000000000000a4 RSI: 0000200000000200 RDI: 0000000000000003
[  345.846563][T17394] RBP: 00007fa6eee7f090 R08: 0000000000000000 R09: 0000000000000000
[  345.846575][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.846586][T17394] R13: 00007fa6ee1e6038 R14: 00007fa6ee1e5fa0 R15: 00007ffdcb38f3f8
[  345.846618][T17394]  </TASK>
[  346.401926][T17398] netlink: 'syz.4.3218': attribute type 10 has an invalid length.
[  346.416662][T17380] chnl_net:caif_netlink_parms(): no params data found
[  346.464627][T17398] team0: Device ipvlan1 failed to register rx_handler
[  346.800158][T17380] bridge0: port 1(bridge_slave_0) entered blocking state
[  346.845873][T17380] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.875967][T17380] bridge_slave_0: entered allmulticast mode
[  346.896495][T17380] bridge_slave_0: entered promiscuous mode
[  346.935272][T17380] bridge0: port 2(bridge_slave_1) entered blocking state
[  346.952896][T17380] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.959817][T17417] siw: device registration error -23
[  346.962518][T17380] bridge_slave_1: entered allmulticast mode
[  346.984959][T17380] bridge_slave_1: entered promiscuous mode
[  347.115217][T17380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  347.142357][T17380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.257160][T17380] team0: Port device team_slave_0 added
[  347.277081][T17380] team0: Port device team_slave_1 added
[  347.282791][T17419] syzkaller0: entered promiscuous mode
[  347.288468][T17419] syzkaller0: entered allmulticast mode
[  347.437970][T17380] batman_adv: batadv0: Adding interface: batadv_slave_0
[  347.444944][T17380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  347.496200][   T52] Bluetooth: hci2: command tx timeout
[  347.516647][T17380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  347.543205][T17380] batman_adv: batadv0: Adding interface: batadv_slave_1
[  347.567052][T17380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  347.618613][T17380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.659058][T17425] syzkaller1: entered allmulticast mode
[  347.686078][T17427] tap0: tun_chr_ioctl cmd 2148553947
[  347.722413][T17427] tap0: tun_chr_ioctl cmd 2147767521
[  347.741488][T17427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3229'.
[  347.797828][T17427] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  347.805248][T17427] batman_adv: batadv0: Removing interface: batadv_slave_0
[  347.837414][T17427] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  347.844901][T17427] batman_adv: batadv0: Removing interface: batadv_slave_1
[  347.917507][T17380] hsr_slave_0: entered promiscuous mode
[  347.935002][T17380] hsr_slave_1: entered promiscuous mode
[  347.946481][T17380] debugfs: 'hsr0' already exists in 'hsr'
[  347.963862][T17380] Cannot create hsr debugfs directory
[  348.448409][T17444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3235'.
[  348.787782][T17461] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  348.878411][T17380] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  348.908282][T17380] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  348.928869][T17380] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  348.950453][T17380] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  349.097141][T17380] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.131284][T17380] 8021q: adding VLAN 0 to HW filter on device team0
[  349.149951][ T3067] bridge0: port 1(bridge_slave_0) entered blocking state
[  349.157166][ T3067] bridge0: port 1(bridge_slave_0) entered forwarding state
[  349.204340][ T3067] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.211635][ T3067] bridge0: port 2(bridge_slave_1) entered forwarding state
[  349.499096][T17487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3245'.
[  349.570543][   T52] Bluetooth: hci2: command tx timeout
[  349.652759][T17493] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3246'.
[  349.765301][T17380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  349.901437][T17380] veth0_vlan: entered promiscuous mode
[  349.915570][T17380] veth1_vlan: entered promiscuous mode
[  349.965176][T17380] veth0_macvtap: entered promiscuous mode
[  349.991502][T17496] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  350.037716][T17380] veth1_macvtap: entered promiscuous mode
[  350.106515][T17380] batman_adv: batadv0: Interface activated: batadv_slave_0
[  350.123418][T17380] batman_adv: batadv0: Interface activated: batadv_slave_1
[  350.169381][ T8315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  350.194684][ T8315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  350.244127][ T8315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  350.255118][ T8315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  350.341958][T17526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3251'.
[  350.382857][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3251'.
[  350.441967][T17528] netlink: 'syz.3.3254': attribute type 39 has an invalid length.
[  350.576108][T17531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3251'.
[  350.739998][T17534] vcan0: tx drop: invalid da for name 0x0000000000000001
[  350.763683][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.785824][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  350.868938][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.888862][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.107561][T17543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3256'.
[  351.160127][T17546] tipc: Started in network mode
[  351.165244][T17546] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  351.185948][T17546] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  351.211933][T17549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3257'.
[  351.211975][T17547] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  351.341957][T17555] FAULT_INJECTION: forcing a failure.
[  351.341957][T17555] name failslab, interval 1, probability 0, space 0, times 0
[  351.354749][T17555] CPU: 0 UID: 0 PID: 17555 Comm: syz.0.3258 Not tainted syzkaller #0 PREEMPT(full) 
[  351.354792][T17555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  351.354815][T17555] Call Trace:
[  351.354824][T17555]  <TASK>
[  351.354832][T17555]  dump_stack_lvl+0xe8/0x150
[  351.354863][T17555]  should_fail_ex+0x414/0x560
[  351.354899][T17555]  should_failslab+0xa8/0x100
[  351.354923][T17555]  kmem_cache_alloc_noprof+0x88/0x710
[  351.354951][T17555]  ? __netlink_lookup+0xbd/0x8a0
[  351.354978][T17555]  ? skb_clone+0x212/0x3a0
[  351.355008][T17555]  skb_clone+0x212/0x3a0
[  351.355034][T17555]  __netlink_deliver_tap+0x404/0x850
[  351.355071][T17555]  ? netlink_deliver_tap+0x2e/0x1b0
[  351.355097][T17555]  netlink_deliver_tap+0x19c/0x1b0
[  351.355123][T17555]  netlink_unicast+0x7fa/0x9e0
[  351.355153][T17555]  ? __pfx_netlink_unicast+0x10/0x10
[  351.355175][T17555]  ? __alloc_skb+0x198/0x3b0
[  351.355195][T17555]  ? netlink_sendmsg+0x642/0xb30
[  351.355219][T17555]  ? skb_put+0x11b/0x210
[  351.355244][T17555]  netlink_sendmsg+0x805/0xb30
[  351.355278][T17555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.355308][T17555]  ? aa_sock_msg_perm+0xf1/0x1b0
[  351.355333][T17555]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  351.355350][T17555]  ? __pfx_netlink_sendmsg+0x10/0x10
[  351.355376][T17555]  __sock_sendmsg+0x21c/0x270
[  351.355414][T17555]  ____sys_sendmsg+0x505/0x820
[  351.355443][T17555]  ? __pfx_____sys_sendmsg+0x10/0x10
[  351.355475][T17555]  ? import_iovec+0x74/0xa0
[  351.355499][T17555]  ___sys_sendmsg+0x21f/0x2a0
[  351.355526][T17555]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.355582][T17555]  ? __fget_files+0x2a/0x420
[  351.355608][T17555]  ? __fget_files+0x3a0/0x420
[  351.355638][T17555]  __x64_sys_sendmsg+0x19b/0x260
[  351.355663][T17555]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.355693][T17555]  ? __pfx_ksys_write+0x10/0x10
[  351.355723][T17555]  do_syscall_64+0xec/0xf80
[  351.355746][T17555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.355763][T17555]  ? trace_irq_disable+0x37/0x100
[  351.355786][T17555]  ? clear_bhb_loop+0x60/0xb0
[  351.355807][T17555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.355826][T17555] RIP: 0033:0x7f816b38f749
[  351.355843][T17555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.355860][T17555] RSP: 002b:00007f81695f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.355881][T17555] RAX: ffffffffffffffda RBX: 00007f816b5e6090 RCX: 00007f816b38f749
[  351.355894][T17555] RDX: 0000000000000000 RSI: 0000200000000e40 RDI: 0000000000000005
[  351.355907][T17555] RBP: 00007f81695f6090 R08: 0000000000000000 R09: 0000000000000000
[  351.355920][T17555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.355931][T17555] R13: 00007f816b5e6128 R14: 00007f816b5e6090 R15: 00007ffe79496368
[  351.355963][T17555]  </TASK>
[  351.655809][ T5837] Bluetooth: hci2: command tx timeout
[  351.736331][T17555] netlink: 'syz.0.3258': attribute type 11 has an invalid length.
[  351.805721][T17555] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3258'.
[  351.914478][T17565] bond1: up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms
[  351.926185][T17565] bond1: down delay (4) is not a multiple of miimon (100), value rounded to 0 ms
[  352.080158][T17574] pimreg3: entered allmulticast mode
[  352.164536][T17581] IPVS: length: 132 != 8
[  352.204011][T17583] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3268'.
[  352.273340][T17589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3267'.
[  352.277002][T17581] pimreg: entered allmulticast mode
[  352.317558][T17590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3268'.
[  352.327226][T17581] pimreg: left allmulticast mode
[  352.380593][T17592] netlink: 'syz.0.3271': attribute type 6 has an invalid length.
[  352.395528][T17588] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3270'.
[  352.666523][T17609] tipc: Failed to remove unknown binding: 66,1,1/0:2144572784/2144572786
[  352.684560][T17609] tipc: Failed to remove unknown binding: 66,1,1/0:2144572784/2144572786
[  352.698566][T17609] tipc: Failed to remove unknown binding: 66,1,1/0:2144572784/2144572786
[  353.740588][ T5837] Bluetooth: hci2: command 0x0419 tx timeout
[  354.134739][T17687] syzkaller0: entered promiscuous mode
[  354.148176][T17687] syzkaller0: entered allmulticast mode
[  354.476510][T17696] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[  354.921101][T17727] bridge_slave_1: left allmulticast mode
[  354.941905][T17727] bridge_slave_1: left promiscuous mode
[  354.952259][T17727] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.970506][T17727] bridge_slave_0: left allmulticast mode
[  354.976570][T17727] bridge_slave_0: left promiscuous mode
[  354.982356][T17727] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.084256][T17723] netlink: 'syz.1.3309': attribute type 9 has an invalid length.
[  355.336834][T17745] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[  355.596488][T17768] xt_CT: You must specify a L4 protocol and not use inversions on it
[  355.807066][ T5837] Bluetooth: hci2: command 0x0419 tx timeout
[  355.937349][T17787] __nla_validate_parse: 7 callbacks suppressed
[  355.937372][T17787] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3332'.
[  355.974835][T17787] block nbd0: reconnected socket
[  356.011586][T17787] syzkaller0: entered promiscuous mode
[  356.032146][T17787] syzkaller0: entered allmulticast mode
[  356.131344][ T5837] block nbd0: Receive control failed (result -32)
[  356.190306][T17801] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3338'.
[  356.236514][T17798] xt_CT: You must specify a L4 protocol and not use inversions on it
[  356.339474][T17804] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3340'.
[  356.797723][T17824] x_tables: duplicate underflow at hook 2
[  356.918440][T17826] batadv_slave_0: entered promiscuous mode
[  356.984134][T17825] batadv_slave_0: left promiscuous mode
[  357.284022][T17845] netlink: 'syz.3.3349': attribute type 12 has an invalid length.
[  357.342301][T17840] raw_sendmsg: syz.3.3349 forgot to set AF_INET. Fix it!
[  358.186143][T17871] netlink: 'syz.4.3354': attribute type 2 has an invalid length.
[  358.210555][T17871] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3354'.
[  358.300749][T17871] bridge_slave_1: left allmulticast mode
[  358.311104][T17880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3358'.
[  358.327153][T17880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3358'.
[  358.342854][T17871] bridge_slave_1: left promiscuous mode
[  358.366337][T17871] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.409077][T17871] bridge_slave_0: left allmulticast mode
[  358.415554][T17871] bridge_slave_0: left promiscuous mode
[  358.422742][T17871] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.171209][T17923] syzkaller0: entered promiscuous mode
[  359.185793][T17923] syzkaller0: entered allmulticast mode
[  359.214431][T17920] openvswitch: netlink: Message has 4 unknown bytes.
[  359.334987][T17929] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input9
[  360.176549][T17965] FAULT_INJECTION: forcing a failure.
[  360.176549][T17965] name failslab, interval 1, probability 0, space 0, times 0
[  360.216612][T17965] CPU: 0 UID: 0 PID: 17965 Comm: syz.3.3377 Not tainted syzkaller #0 PREEMPT(full) 
[  360.216639][T17965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.216651][T17965] Call Trace:
[  360.216659][T17965]  <TASK>
[  360.216667][T17965]  dump_stack_lvl+0xe8/0x150
[  360.216698][T17965]  should_fail_ex+0x414/0x560
[  360.216731][T17965]  should_failslab+0xa8/0x100
[  360.216755][T17965]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  360.216784][T17965]  ? __alloc_skb+0x198/0x3b0
[  360.216804][T17965]  ? __alloc_skb+0x1dc/0x3b0
[  360.216821][T17965]  ? __local_bh_enable_ip+0xd0/0x130
[  360.216843][T17965]  ? __alloc_skb+0x198/0x3b0
[  360.216864][T17965]  __alloc_skb+0x1dc/0x3b0
[  360.216889][T17965]  netlink_ack+0x146/0xa50
[  360.216918][T17965]  ? __pfx___up_read+0x10/0x10
[  360.216953][T17965]  rdma_nl_rcv+0x3c8/0x980
[  360.216988][T17965]  ? __pfx_rdma_nl_rcv+0x10/0x10
[  360.217031][T17965]  ? netlink_deliver_tap+0x2e/0x1b0
[  360.217065][T17965]  netlink_unicast+0x82f/0x9e0
[  360.217097][T17965]  ? __pfx_netlink_unicast+0x10/0x10
[  360.217119][T17965]  ? __alloc_skb+0x198/0x3b0
[  360.217141][T17965]  ? netlink_sendmsg+0x642/0xb30
[  360.217165][T17965]  ? skb_put+0x11b/0x210
[  360.217189][T17965]  netlink_sendmsg+0x805/0xb30
[  360.217224][T17965]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.217253][T17965]  ? aa_sock_msg_perm+0xf1/0x1b0
[  360.217280][T17965]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  360.217298][T17965]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.217326][T17965]  __sock_sendmsg+0x21c/0x270
[  360.217357][T17965]  ____sys_sendmsg+0x505/0x820
[  360.217387][T17965]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.217420][T17965]  ? import_iovec+0x74/0xa0
[  360.217445][T17965]  ___sys_sendmsg+0x21f/0x2a0
[  360.217472][T17965]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.217529][T17965]  ? __fget_files+0x2a/0x420
[  360.217551][T17965]  ? __fget_files+0x3a0/0x420
[  360.217590][T17965]  __x64_sys_sendmsg+0x19b/0x260
[  360.217617][T17965]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  360.217650][T17965]  ? __pfx_ksys_write+0x10/0x10
[  360.217679][T17965]  do_syscall_64+0xec/0xf80
[  360.217702][T17965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.217720][T17965]  ? trace_irq_disable+0x37/0x100
[  360.217744][T17965]  ? clear_bhb_loop+0x60/0xb0
[  360.217767][T17965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.217786][T17965] RIP: 0033:0x7fd3db38f749
[  360.217803][T17965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.217818][T17965] RSP: 002b:00007fd3dc19a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.217839][T17965] RAX: ffffffffffffffda RBX: 00007fd3db5e5fa0 RCX: 00007fd3db38f749
[  360.217854][T17965] RDX: 0000000024001850 RSI: 00002000000028c0 RDI: 0000000000000003
[  360.217866][T17965] RBP: 00007fd3dc19a090 R08: 0000000000000000 R09: 0000000000000000
[  360.217879][T17965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.217890][T17965] R13: 00007fd3db5e6038 R14: 00007fd3db5e5fa0 R15: 00007ffe56ad2b58
[  360.217922][T17965]  </TASK>
[  360.616857][T17967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3378'.
[  360.805942][T17960] nbd3: detected capacity change from 0 to 127
[  361.016308][ T5837] block nbd3: Receive control failed (result -32)
[  361.117343][T17982] netlink: 'syz.4.3381': attribute type 2 has an invalid length.
[  361.465351][T18005] IPv6: addrconf: prefix option has invalid lifetime
[  362.037179][T18024] netlink: 'syz.0.3394': attribute type 1 has an invalid length.
[  362.187360][T18032] IPVS: rr: FWM 3 0x00000003 - no destination available
[  362.198635][ T7077] IPVS: starting estimator thread 0...
[  362.246984][    C1] IPVS: rr: FWM 3 0x00000003 - no destination available
[  362.286384][T18033] IPVS: using max 29 ests per chain, 69600 per kthread
[  362.293577][T18031] 8021q: adding VLAN 0 to HW filter on device bond2
[  362.303518][T18031] bond1: (slave bond2): making interface the new active one
[  362.312412][T18031] bond1: (slave bond2): Enslaving as an active interface with an up link
[  362.321387][T18032] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3394'.
[  362.357474][T18024] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  362.369536][T18032] 8021q: adding VLAN 0 to HW filter on device bond1
[  362.425340][T18040] tipc: Started in network mode
[  362.430578][T18040] tipc: Node identity fe7b17c1c995, cluster identity 4711
[  362.438027][T18040] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  362.459653][T18024] vlan2: entered promiscuous mode
[  362.464763][T18024] bond1: entered promiscuous mode
[  362.470579][T18024] bond2: entered promiscuous mode
[  362.528177][T18037] syzkaller0: entered promiscuous mode
[  362.533959][T18037] syzkaller0: entered allmulticast mode
[  362.556935][T18043] syzkaller0: entered promiscuous mode
[  362.562679][T18043] syzkaller0: entered allmulticast mode
[  362.662165][T18037] tipc: Resetting bearer <eth:syzkaller0>
[  362.924663][T18040] batadv_slave_0: entered promiscuous mode
[  363.000971][T18059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3401'.
[  363.025826][T18059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3401'.
[  363.152634][T18035] tipc: Resetting bearer <eth:syzkaller0>
[  363.152939][T18059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3401'.
[  363.183352][T18059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3401'.
[  363.239237][T18035] tipc: Disabling bearer <eth:syzkaller0>
[  363.251599][ T8308] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  363.285350][ T8308] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  363.318443][ T8308] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  363.357678][ T8308] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  363.448653][T18072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3405'.
[  363.479542][T18074] netlink: 'syz.1.3406': attribute type 1 has an invalid length.
[  363.697307][T18090] syzkaller0: entered promiscuous mode
[  363.713108][T18090] syzkaller0: entered allmulticast mode
[  363.775549][T18074] bond2: (slave geneve3): making interface the new active one
[  363.783934][T18074] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  363.796153][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  363.828379][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  363.843240][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  363.943073][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  364.148089][T18108] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3416'.
[  364.185455][T18106] syzkaller0: entered promiscuous mode
[  364.191722][T18106] syzkaller0: entered allmulticast mode
[  364.219445][T18106] netlink: 84 bytes leftover after parsing attributes in process `syz.2.3415'.
[  364.245467][T18111] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3416'.
[  364.866140][T18146] nbd: socks must be embedded in a SOCK_ITEM attr
[  364.893394][T18148] vlan0: entered promiscuous mode
[  365.135058][T18162] bridge_slave_0: left allmulticast mode
[  365.190440][T18162] bridge_slave_0: left promiscuous mode
[  365.202397][T18162] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.256837][T18162] bridge_slave_1: left allmulticast mode
[  365.262527][T18162] bridge_slave_1: left promiscuous mode
[  365.288268][T18167] IPVS: length: 35 != 1272
[  365.334916][T18162] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.406692][T18162] bond0: (slave bond_slave_0): Releasing backup interface
[  365.454212][T18162] bond0: (slave bond_slave_1): Releasing backup interface
[  365.542356][T18162] team0: Port device team_slave_0 removed
[  365.594432][T18162] team0: Port device team_slave_1 removed
[  365.620186][T18162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.650434][T18162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.663603][T18162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.684979][T18162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.715174][T18162] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  365.765779][T18169] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  365.796703][T18170] syzkaller0: entered promiscuous mode
[  365.815442][T18170] syzkaller0: entered allmulticast mode
[  365.867867][T18174] tipc: Resetting bearer <eth:syzkaller0>
[  365.912923][T18174] tipc: Disabling bearer <eth:syzkaller0>
[  366.049096][T18204] netlink: 'syz.4.3439': attribute type 1 has an invalid length.
[  366.114721][T18207] netlink: 116 bytes leftover after parsing attributes in process `syz.2.3436'.
[  366.258553][T18217] netem: change failed
[  367.078084][T18256] syzkaller0: entered promiscuous mode
[  367.083834][T18256] syzkaller0: entered allmulticast mode
[  367.096070][T18256] tipc: Started in network mode
[  367.101187][T18256] tipc: Node identity a2fc1b2873aa, cluster identity 4711
[  367.113687][T18256] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  367.134509][T18256] tipc: Resetting bearer <eth:syzkaller0>
[  367.158690][T18255] tipc: Resetting bearer <eth:syzkaller0>
[  367.240842][T18255] tipc: Disabling bearer <eth:syzkaller0>
[  367.627792][T18283] __nla_validate_parse: 4 callbacks suppressed
[  367.627811][T18283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3465'.
[  367.649889][T18278] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3463'.
[  367.792547][T18283] 8021q: adding VLAN 0 to HW filter on device bond3
[  367.888199][T18294] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  367.995795][ T8311] ------------[ cut here ]------------
[  368.001717][ T8311] wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
[  368.015498][ T8311] WARNING: net/mac80211/tx.c:758 at ieee80211_tx_h_rate_ctrl+0xbdd/0x1760, CPU#1: kworker/u8:16/8311
[  368.026415][ T8311] Modules linked in:
[  368.030592][ T8311] CPU: 1 UID: 0 PID: 8311 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(full) 
[  368.040202][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  368.050305][ T8311] Workqueue: events_unbound cfg80211_wiphy_work
[  368.056638][ T8311] RIP: 0010:ieee80211_tx_h_rate_ctrl+0xc4a/0x1760
[  368.063075][ T8311] Code: 00 00 48 8b 44 24 50 8b 30 45 31 ff 83 e6 07 41 0f 95 c7 31 ff e8 e6 f3 e8 f6 43 8d 0c 7f 83 c1 02 48 89 df 4c 89 f6 4c 89 e2 <67> 48 0f b9 3a 41 be 01 00 00 00 49 bf 00 00 00 00 00 fc ff df e9
[  368.082728][ T8311] RSP: 0018:ffffc9000bfdf3c0 EFLAGS: 00010206
[  368.088878][ T8311] RAX: ffffffff8ad8081a RBX: ffffffff8f9306f0 RCX: 0000000000000005
[  368.096892][ T8311] RDX: ffff88803b69cd44 RSI: ffff888057f117c8 RDI: ffffffff8f9306f0
[  368.104890][ T8311] RBP: ffffc9000bfdf528 R08: ffff88807836a9c7 R09: 1ffff1100f06d538
[  368.112921][ T8311] R10: dffffc0000000000 R11: ffffed100f06d539 R12: ffff88803b69cd44
[  368.120938][ T8311] R13: 1ffff920017fbe8c R14: ffff888057f117c8 R15: 0000000000000001
[  368.129046][ T8311] FS:  0000000000000000(0000) GS:ffff888125f1e000(0000) knlGS:0000000000000000
[  368.138031][ T8311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  368.144622][ T8311] CR2: 00007f816b3b74e0 CR3: 000000008e1f6000 CR4: 00000000003526f0
[  368.152667][ T8311] Call Trace:
[  368.155979][ T8311]  <TASK>
[  368.158932][ T8311]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  368.165023][ T8311]  ? ieee80211_is_bufferable_mmpdu+0x103/0x200
[  368.171248][ T8311]  invoke_tx_handlers_late+0xba/0x18a0
[  368.176849][ T8311]  ? invoke_tx_handlers_early+0xa0c/0x1d50
[  368.182695][ T8311]  ieee80211_tx+0x2ac/0x460
[  368.187251][ T8311]  ? __pfx_ieee80211_tx+0x10/0x10
[  368.192309][ T8311]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  368.198348][ T8311]  __ieee80211_tx_skb_tid_band+0x50f/0x680
[  368.204176][ T8311]  ? ieee80211_scan_state_send_probe+0x4e8/0xa00
[  368.210558][ T8311]  ieee80211_scan_state_send_probe+0x594/0xa00
[  368.216774][ T8311]  ieee80211_scan_work+0x65f/0x1c50
[  368.222020][ T8311]  cfg80211_wiphy_work+0x2ab/0x450
[  368.227193][ T8311]  ? process_scheduled_works+0x9ef/0x1770
[  368.232925][ T8311]  process_scheduled_works+0xad1/0x1770
[  368.238547][ T8311]  ? __pfx_process_scheduled_works+0x10/0x10
[  368.244536][ T8311]  ? do_raw_spin_lock+0x121/0x290
[  368.249729][ T8311]  worker_thread+0x8a0/0xda0
[  368.254369][ T8311]  kthread+0x711/0x8a0
[  368.258509][ T8311]  ? __pfx_worker_thread+0x10/0x10
[  368.263636][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.265133][T18308] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3472'.
[  368.268284][ T8311]  ? _raw_spin_unlock_irq+0x23/0x50
[  368.268346][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.268373][ T8311]  ret_from_fork+0x510/0xa50
[  368.268396][ T8311]  ? __pfx_ret_from_fork+0x10/0x10
[  368.268415][ T8311]  ? __switch_to+0xc9e/0x1480
[  368.301586][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.306248][ T8311]  ret_from_fork_asm+0x1a/0x30
[  368.311052][ T8311]  </TASK>
[  368.314129][ T8311] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  368.321411][ T8311] CPU: 1 UID: 0 PID: 8311 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(full) 
[  368.330960][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  368.341063][ T8311] Workqueue: events_unbound cfg80211_wiphy_work
[  368.347324][ T8311] Call Trace:
[  368.350598][ T8311]  <TASK>
[  368.353521][ T8311]  vpanic+0x1e0/0x670
[  368.357506][ T8311]  panic+0xb9/0xc0
[  368.361225][ T8311]  ? __pfx_panic+0x10/0x10
[  368.365649][ T8311]  ? ret_from_fork_asm+0x1a/0x30
[  368.370598][ T8311]  __warn+0x317/0x4b0
[  368.374571][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xbdd/0x1760
[  368.380373][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xbdd/0x1760
[  368.386170][ T8311]  __report_bug+0x288/0x500
[  368.390665][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xbdd/0x1760
[  368.396470][ T8311]  ? __pfx___report_bug+0x10/0x10
[  368.401508][ T8311]  ? kasan_save_track+0x4f/0x80
[  368.406358][ T8311]  ? kasan_save_track+0x3e/0x80
[  368.411206][ T8311]  ? __kasan_slab_alloc+0x6c/0x80
[  368.416227][ T8311]  ? kmalloc_reserve+0xbd/0x290
[  368.421073][ T8311]  ? __alloc_skb+0x204/0x3b0
[  368.425665][ T8311]  ? __netdev_alloc_skb+0xc1/0x810
[  368.430772][ T8311]  ? ieee80211_probereq_get+0x60/0x270
[  368.436256][ T8311]  ? ieee80211_build_probe_req+0x178/0x480
[  368.442058][ T8311]  report_bug_entry+0x19a/0x290
[  368.446906][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xc4a/0x1760
[  368.452703][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xc4f/0x1760
[  368.458589][ T8311]  handle_bug+0xca/0x200
[  368.462829][ T8311]  exc_invalid_op+0x1a/0x50
[  368.467331][ T8311]  asm_exc_invalid_op+0x1a/0x20
[  368.472171][ T8311] RIP: 0010:ieee80211_tx_h_rate_ctrl+0xc4a/0x1760
[  368.478578][ T8311] Code: 00 00 48 8b 44 24 50 8b 30 45 31 ff 83 e6 07 41 0f 95 c7 31 ff e8 e6 f3 e8 f6 43 8d 0c 7f 83 c1 02 48 89 df 4c 89 f6 4c 89 e2 <67> 48 0f b9 3a 41 be 01 00 00 00 49 bf 00 00 00 00 00 fc ff df e9
[  368.498263][ T8311] RSP: 0018:ffffc9000bfdf3c0 EFLAGS: 00010206
[  368.504321][ T8311] RAX: ffffffff8ad8081a RBX: ffffffff8f9306f0 RCX: 0000000000000005
[  368.512278][ T8311] RDX: ffff88803b69cd44 RSI: ffff888057f117c8 RDI: ffffffff8f9306f0
[  368.520248][ T8311] RBP: ffffc9000bfdf528 R08: ffff88807836a9c7 R09: 1ffff1100f06d538
[  368.528221][ T8311] R10: dffffc0000000000 R11: ffffed100f06d539 R12: ffff88803b69cd44
[  368.536194][ T8311] R13: 1ffff920017fbe8c R14: ffff888057f117c8 R15: 0000000000000001
[  368.544183][ T8311]  ? ieee80211_tx_h_rate_ctrl+0xc3a/0x1760
[  368.550018][ T8311]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  368.556089][ T8311]  ? ieee80211_is_bufferable_mmpdu+0x103/0x200
[  368.562334][ T8311]  invoke_tx_handlers_late+0xba/0x18a0
[  368.567799][ T8311]  ? invoke_tx_handlers_early+0xa0c/0x1d50
[  368.573610][ T8311]  ieee80211_tx+0x2ac/0x460
[  368.578106][ T8311]  ? __pfx_ieee80211_tx+0x10/0x10
[  368.583140][ T8311]  ? __ieee80211_tx_skb_tid_band+0x4cb/0x680
[  368.589122][ T8311]  __ieee80211_tx_skb_tid_band+0x50f/0x680
[  368.594927][ T8311]  ? ieee80211_scan_state_send_probe+0x4e8/0xa00
[  368.601251][ T8311]  ieee80211_scan_state_send_probe+0x594/0xa00
[  368.607424][ T8311]  ieee80211_scan_work+0x65f/0x1c50
[  368.612741][ T8311]  cfg80211_wiphy_work+0x2ab/0x450
[  368.617856][ T8311]  ? process_scheduled_works+0x9ef/0x1770
[  368.623575][ T8311]  process_scheduled_works+0xad1/0x1770
[  368.629134][ T8311]  ? __pfx_process_scheduled_works+0x10/0x10
[  368.635103][ T8311]  ? do_raw_spin_lock+0x121/0x290
[  368.640140][ T8311]  worker_thread+0x8a0/0xda0
[  368.644742][ T8311]  kthread+0x711/0x8a0
[  368.648900][ T8311]  ? __pfx_worker_thread+0x10/0x10
[  368.654004][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.658588][ T8311]  ? _raw_spin_unlock_irq+0x23/0x50
[  368.663778][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.668450][ T8311]  ret_from_fork+0x510/0xa50
[  368.673126][ T8311]  ? __pfx_ret_from_fork+0x10/0x10
[  368.678225][ T8311]  ? __switch_to+0xc9e/0x1480
[  368.682904][ T8311]  ? __pfx_kthread+0x10/0x10
[  368.687490][ T8311]  ret_from_fork_asm+0x1a/0x30
[  368.692270][ T8311]  </TASK>
[  368.695694][ T8311] Kernel Offset: disabled
[  368.700003][ T8311] Rebooting in 86400 seconds..