last executing test programs:

12.456539657s ago: executing program 1 (id=6332):
r0 = socket(0x10, 0x803, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r2 = socket$packet(0x11, 0x2, 0x300) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r3], 0x34}}, 0x0) (async, rerun: 32)
r4 = socket(0x1, 0x803, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x78}}, 0x0) (async, rerun: 64)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (rerun: 64)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x20000, {0xa, 0x40, 0x22, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x510}]}, 0x34}}, 0x0) (async)
writev(r0, &(0x7f00000007c0)=[{&(0x7f0000000240)="555c39fa2f4110dc34d9a9ad1500ad592c15199a8203890c4e8ccdae73bfe0e53333a5a8bbd0401ff71f961da927a89016bfc8be250512ad5385264b550eca4cae4fcf30451bf6a454a7b0154dff3146368b31722ca551c1f30cf9b12b9ae931e9584e820e8266f577", 0x69}, {&(0x7f00000002c0)='<#:M', 0x4}, {&(0x7f0000000340)="78cb3c5ee4254aac2a2d0dc6ee7895ffd98fefbbf9417560521bbcfd97055816bf4fc0981e0610c6b17ea1b3121f6d4a5a64fe7fc5092a8626cde071ad00bcd46b087c072cdef968a5e70c8b4b6112e7a3ee2dc58f3a0e2297914f0d9e97db68d3d7", 0x62}, {&(0x7f0000000480)="0c5010896c47cd23548413291a40de829c2b9d364fee2394a278c60122fe31246068d7553a5c87bf2667578a59a2906378ced03fe76de1af11f32745750b864265f7cd6c407b705d8311ebd9a15945a3b4be09c537f657ee29ddcf4fc7dd9ea7b8e079f6c5fd373ab01dd2aff9c4015b8f12b9fb23b721ec21707e6edde90e53d1eb168375ae49ac4a20404baedd752306342f1cd23a75b310d2710a535c3726add61a40d886b810bc74f77d7dd222e3714dac683000d4de568a60dc89a97aa27ecf", 0xc2}, {&(0x7f0000000580)="3957dcb32ed7709f23c7b9de30cec742726035092bd64cc276810bdc1d0fd78889b1dd31d88ae5c0e8b902e9035b85cc9daa6886f2e3d605d7bff0662f0fca3405fdbcf511a6a0979689ed0344c713826d68c695b2d83e74e3a70727b5e7b626ef14b623d221c7dfcb907d17e8706597498186663d5ebca331611dac8f334cfb6667ff0943496ed56d582dbea43489833a5251a02a895bf56fb90e1992fff5b739ab5cc550e89e035501cead42f57aeedb79b51e9524a7bccfc90c87607423dfcb2077485a6aaeb0eec5432d7b992b83230776c263bac34e37e9c3b0d4e3a3dbb320a8e7b67a2cdb937c2e4543", 0xed}, {&(0x7f0000000680)="8117cfd084321d828f7f756897990277fa4c832e25bba5f8804dcf492fe408191f7f8e68e5a00416f1e5bac6d7e1fa612ba34a8d57ade5cf296bf8dfbd214cfbc3d7333e945156211eccde4c962d8992938c23fd86cb73c5c0d10066c6822b87319d03150cd1f660", 0x68}, {&(0x7f0000000700)="fdcaf646b5367f8734e00d3d3cf3a8b132aedcb497989d1572f73e2a43e6f76e777f8e57722395e2984ee14dea69c19b2bcf26c49c0804ffda7216203d4e30657ecf2ea1d0515ea6d5b353a39bd4f25539b6c94ee4dace4ed58b520b9c35796137849730d6759aa01d76207d4a4c3342da589f5b90c07b326a709fe0ba36302a3afae8d9a7f3808b87ad3d5c1c93db9e", 0x90}], 0x7) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000037c0)={0x3, 0x4, &(0x7f00000036c0)=ANY=[@ANYBLOB="180200000100e1ff0000000000000000850000001900000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x27, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff}, 0x94)

11.957583509s ago: executing program 1 (id=6338):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff) (async)
r3 = accept4$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @rose}, [@rose, @bcast, @netrom, @remote, @remote, @null, @default, @netrom]}, &(0x7f0000000180)=0x48, 0xc0800)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000040)={'wg0\x00', <r4=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d40)={0x0, 0xe0, &(0x7f0000000d00)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000100000000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000000000001050003000000000088000080060001000a0000001400020020010000000000000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r4], 0x22c}}, 0x0)
ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000080)={'bridge_slave_0\x00'})

11.690991955s ago: executing program 1 (id=6341):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@const={0x0, 0x0, 0x0, 0xa, 0x3}]}, {0x0, [0x2e]}}, 0x0, 0x27, 0x0, 0x1}, 0x28)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0), &(0x7f0000000380)=""/100}, 0x20)

11.362930855s ago: executing program 1 (id=6344):
connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x17, @random, 'macvlan1\x00'}}, 0x1e)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0001, 0x0)
ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f0000000340)=0x1)
close(0x3)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$NILFS_IOCTL_SET_SUINFO(r0, 0x40186e8d, &(0x7f0000000280)={&(0x7f00000001c0)=[{0x6, 0x1, 0x0, {0xffffffffffffffff, 0x3}}, {0x5, 0x0, 0x0, {0x8, 0x2}}, {0x0, 0x2, 0x0, {0xe83a, 0x624, 0x2}}], 0x3, 0x20, 0x5, 0xc})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xa, &(0x7f0000000180)=0x8, 0x4)
ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000000))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x7800, 0x7800, 0x0, 0x1, {{0x26, 0x4, 0x0, 0x1, 0x98, 0x68, 0x0, 0x6, 0x2f, 0x0, @loopback, @broadcast, {[@timestamp={0x44, 0x4, 0x36, 0x0, 0x9}, @ssrr={0x89, 0x17, 0x4, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @remote, @rand_addr=0x64010101]}, @timestamp={0x44, 0x24, 0x20, 0x0, 0x5, [0xa4f5, 0xfffffffd, 0x5, 0x10000, 0xd, 0x5, 0x4, 0x800]}, @end, @generic={0x94, 0x3, "cc"}, @timestamp_addr={0x44, 0x2c, 0xc8, 0x1, 0x8, [{@private=0xa010100, 0x8}, {@multicast1, 0x4}, {@empty, 0x2}, {@dev={0xac, 0x14, 0x14, 0x10}, 0x8}, {@remote, 0xfffff800}]}, @timestamp_prespec={0x44, 0x4, 0x85, 0x3, 0x0, [{@empty, 0x1}, {@multicast1, 0x9}]}]}}}}})
r3 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80000)
ioctl$SIOCX25GCALLUSERDATA(r3, 0x89e4, &(0x7f0000000380)={0x63, "5af412de0eafc1171019417b0716b70540a763c3d5871e6552de3095c793782803d2454a227d42481306764ca93185c2b41148de5ab6f01ec4477c51c558551553154a77b2de3d17b6ee6b4dc49d4ad40d7e5da3d23173e568059b916ab78f8c7eed8655561767b47bee5dbabe2187ef6f71435a2f3b8c2f633e2271f427f905"})
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4041)

11.147332768s ago: executing program 1 (id=6351):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18, 0xffffffff}, 0x0)

10.919567901s ago: executing program 1 (id=6355):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000001d40)={@local, @empty, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x4, 0x58, 0x65, 0x300, 0x0, 0x2f, 0x0, @local, @empty}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x1}, {}, {0x1, 0x0, 0x1}, {0x8, 0x88be, 0x1, {{0xa, 0x1, 0x2, 0x1, 0x0, 0x2, 0x7, 0x80}, 0x1, {0xa}}}, {0x8, 0x22eb, 0x2, {{0x0, 0x2, 0x5, 0x3, 0x0, 0x0, 0x1, 0x6}, 0x2, {0x400, 0x6, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x0)

3.146493289s ago: executing program 3 (id=6405):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@const={0x0, 0x0, 0x0, 0xa, 0x3}]}, {0x0, [0x2e]}}, &(0x7f0000000240)=""/76, 0x27, 0x4c, 0x1}, 0x28)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0), &(0x7f0000000380)=""/100}, 0x20)

2.978885602s ago: executing program 3 (id=6406):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'netdevsim0\x00', 0x800})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x308)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3d50, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000004)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r6, r5, 0x25, 0x0, @val=@perf_event={0x200}}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r3}, &(0x7f0000000600), &(0x7f0000000680)=r6}, 0x20)
syz_emit_ethernet(0x3e, &(0x7f0000000cc0)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x8, 0x3a, 0x1, @remote, @private0, {[], @ndisc_rs}}}}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
socket(0x2, 0x80805, 0x0)

2.699585295s ago: executing program 3 (id=6412):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="1802000001000500000000000300000085000000410000001800000003000000000000000400000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)
r2 = socket(0x1e, 0x805, 0x0)
connect$tipc(r2, &(0x7f0000000080)=@id={0x1e, 0x3, 0x2, {0x4e20, 0x2}}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r4, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100280000000000000004000000200001800d0001007564703a73797a32"], 0x34}}, 0x4040)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x54, r4, 0x8, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xf9c}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8}]}]}, 0x54}}, 0x8040)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYRESHEX=r5], 0x2c}}, 0x4000800)
connect$tipc(r2, &(0x7f0000000600)=@name={0x1e, 0x2, 0x3, {{0x42}, 0x2}}, 0x10)
close(r2)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r7, @ANYBLOB="00000000000000006e00000000000000180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_IKEY={0x8, 0x4, 0x45e}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040080}, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r8, 0xc0385869, &(0x7f0000000800)={<r10=>r1, &(0x7f0000000700)='\xff\xff\xff\xff\xff\xff', 0x8001, &(0x7f0000000740)={@_ha_fsid, {0x5, 0x400, 0x27, 0xfffffffffffffff9}}, 0x6, &(0x7f0000000780)={@_ha_fsid}, &(0x7f00000007c0)=0x9})
recvfrom$unix(r10, &(0x7f0000000840)=""/111, 0x6f, 0x40000000, &(0x7f00000008c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6_vti0\x00', <r11=>0x0, 0x2f, 0x6, 0x8, 0x100, 0x38, @mcast2, @private0, 0xf827, 0x700, 0x5, 0x1}})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000300)={r11, 0x1, 0x6, @broadcast}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv6_delrule={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x80, 0x0, 0x0, 0x0, 0x3}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x4, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x25bd33839f9e4759}, 0x20000000)

2.486337323s ago: executing program 2 (id=6415):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="60000000020601080000000000000a000000000005000400000000000900020073797a31000000001400078008001240000000000500140020000000050005000a000000050001000600000011000300686173683a6970"], 0x60}}, 0x0)

2.380630349s ago: executing program 2 (id=6416):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000006080)={0x6, 0xc, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000140)=0x40, 0x4)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/62, 0x328000, 0x800, 0x9, 0x3}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, 0x0, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00'})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0x80000001)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x800, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x4, 0xfe, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0xe)
shutdown(r5, 0x1)
ioctl$SIOCGSTAMPNS(r5, 0x8907, 0x0)
recvmmsg(r5, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x100, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x6, 0x8, 0x8, 0x40}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000480850000002d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r7}, 0xc)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x7, @dev={0xac, 0x14, 0x14, 0x44}}, 0x10)

1.665232081s ago: executing program 3 (id=6419):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x17, @random, 'macvlan1\x00'}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0xc0001, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000340)=0x1)
close(0x3)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$NILFS_IOCTL_SET_SUINFO(r1, 0x40186e8d, &(0x7f0000000280)={&(0x7f00000001c0)=[{0x6, 0x1, 0x0, {0xffffffffffffffff, 0x3}}, {0x5, 0x0, 0x0, {0x8, 0x2}}, {0x0, 0x2, 0x0, {0xe83a, 0x624, 0x2}}], 0x3, 0x20, 0x5, 0xc})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xa, &(0x7f0000000180)=0x8, 0x4)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000000))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x7800, 0x7800, 0x0, 0x1, {{0x26, 0x4, 0x0, 0x1, 0x98, 0x68, 0x0, 0x6, 0x2f, 0x0, @loopback, @broadcast, {[@timestamp={0x44, 0x4, 0x36, 0x0, 0x9}, @ssrr={0x89, 0x17, 0x4, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @remote, @rand_addr=0x64010101]}, @timestamp={0x44, 0x24, 0x20, 0x0, 0x5, [0xa4f5, 0xfffffffd, 0x5, 0x10000, 0xd, 0x5, 0x4, 0x800]}, @end, @generic={0x94, 0x3, "cc"}, @timestamp_addr={0x44, 0x2c, 0xc8, 0x1, 0x8, [{@private=0xa010100, 0x8}, {@multicast1, 0x4}, {@empty, 0x2}, {@dev={0xac, 0x14, 0x14, 0x10}, 0x8}, {@remote, 0xfffff800}]}, @timestamp_prespec={0x44, 0x4, 0x85, 0x3, 0x0, [{@empty, 0x1}, {@multicast1, 0x9}]}]}}}}})
r4 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80000)
ioctl$SIOCX25GCALLUSERDATA(r4, 0x89e4, &(0x7f0000000380)={0x63, "5af412de0eafc1171019417b0716b70540a763c3d5871e6552de3095c793782803d2454a227d42481306764ca93185c2b41148de5ab6f01ec4477c51c558551553154a77b2de3d17b6ee6b4dc49d4ad40d7e5da3d23173e568059b916ab78f8c7eed8655561767b47bee5dbabe2187ef6f71435a2f3b8c2f633e2271f427f905"})
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4041)

1.61079347s ago: executing program 4 (id=6420):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x23}, @local}}}], 0x20}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x2404c080)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
sendmmsg(r6, 0x0, 0x0, 0x44)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000001080)={'ip6_vti0\x00', &(0x7f0000001000)={'syztnl0\x00', 0x0, 0x29, 0x1, 0x7, 0x1, 0x41, @mcast2, @private1, 0x10, 0x80, 0x6, 0xb9a3}})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001100)={'bridge_slave_0\x00', <r7=>0x0})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, &(0x7f0000001180))
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000011c0))
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000017c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001780)={&(0x7f0000001800)=ANY=[@ANYBLOB="68050000", @ANYRES16=0x0, @ANYBLOB="000225bd7000bb0800000100000008000100", @ANYRES32=0x0, @ANYBLOB="7c0002803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1801028064000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000003400040007002200080000000800ab0409000000040043a10000008000007d0409000000ffff0447ce040000000003060500000038000100240001006c625f73746174735f726566726573685f696e74657276616c0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005", @ANYBLOB, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="f001028040000100240001007072696f72697479", @ANYRES32, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c656400"/38, @ANYRES32, @ANYRES32=r7, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000005000300050000000900040068617368000000003c00010024000100757365725f6c696e6b75705f656e61626c656400000000000000000000000000050003000600000004000400080006", @ANYRES32, @ANYBLOB], 0x568}, 0x1, 0x0, 0x0, 0x80}, 0x40844)

1.444184809s ago: executing program 4 (id=6422):
socket$netlink(0x10, 0x3, 0x0) (async)
socket(0x400000000010, 0x3, 0x0) (async, rerun: 32)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106) (async, rerun: 32)
r1 = epoll_create(0xea3)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0xb0000001}) (async, rerun: 32)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e21, @empty}, 0x10) (async, rerun: 32)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000018c0)) (async)
socket(0x400000000010, 0x3, 0x0) (async)
r3 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async)
r6 = socket(0x10, 0x3, 0x0) (async)
pipe(&(0x7f00000001c0))
sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYRESDEC], 0x2c}, 0x1, 0x0, 0x0, 0x4402}, 0x0) (async, rerun: 64)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r3, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x3f)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000440)=0x8, 0x4) (async)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, &(0x7f0000000480))
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r5, &(0x7f0000000140)={0x4}) (async)
r8 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) (async)
r9 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
preadv(r9, &(0x7f0000000240)=[{&(0x7f0000000100)=""/30, 0x1e}], 0x1, 0xe8, 0x8) (async)
bind$llc(r8, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r10 = socket$inet6(0xa, 0x5ea8cac2c10c6e72, 0x3)
setsockopt$inet6_IPV6_HOPOPTS(r10, 0x29, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="a406000000000000c2040000000001050000000000c204000000130106000000000000000100040109c304000000d6000100c20400000200"], 0x38)

1.385305474s ago: executing program 3 (id=6423):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa1200000000000070c0000f8ffffffb702000008000000b70300000000000085000000b9000000950000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x4800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, &(0x7f0000000040), 0x4)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x9, 0x8, 0xfa, 0xa}]})
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000040)=ANY=[], 0x38)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0_to_hsr\x00', 0x800})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)={0x30, r3, 0x1, 0x0, 0xfffffffe, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x40008090}, 0x2048044)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCOUTQ(r5, 0x5411, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071119c00000000008510000002000000850c00002b00000095003300000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff02000000000000000000000000000112006558"], 0xfdef)

1.377450625s ago: executing program 2 (id=6424):
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)={0x20, 0x0, 0x1, 0x70bd2c, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x55ebfcb85e78e904}, 0x4)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84", 0xbd}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2", 0x39}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x78}}], 0x2, 0x20000044)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000088000000b0000000010"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000480850000002d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000ff908500000071"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.249814853s ago: executing program 0 (id=6425):
r0 = socket(0x10, 0x3, 0x0)
getsockopt$sock_int(r0, 0x1, 0x6, 0x0, &(0x7f0000000040))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701feff416ec366166e0314000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
read$alg(r3, &(0x7f00000012c0)=""/4109, 0x100d)
sendmsg$alg(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000940)="7911bf87e318844b7b7ece8fe95693844ba2b4c29049c749521cf970374e19e3e0eb47e456c6b48e9e68bd1805ae07b41faef517790c07a3922b2732c0b26c06681e5f6eeb013cae354f9e4cbdb1e2740ed027e6cea3bf48243cf3a4dfea964f056d9750a3845e1afa1cd4746ed1de3dcd86984fcb49e380144defb2648b5d28438225bdb08ba43fde421a07274d5d77389ddda7dbfec5ce2019fb2b85555c3adbf6812125af1e846cf1c0e4b88a751c58dfad1d210fbec40a1b21115f69230ca80b3ed558b27f6c46fe25c01fe4c11d000000e6861f6eb75b6f4903971921f799a56c12097998d9cfdce430335046f02dd1fef77b36c617b8b67621742664d291f3438ba31b57842446f6aa2fbfff010000264d5b90146b17bc3c0af4eb4c183105af0bf545dc7319b1d15df85b74782fa3ee9ab265ad12d233294e264185a4db3eb0d4c67c7c9f6b8274075dcc548a732bfec549e667222434c994038db46f9580557ead9e92b0ec15bb7af49fd95943f77365def17240bf76611100eacf76c14159d07ddd28fe4bedf9f9f1cc352a5ac349ba0eadd1d9179e26cc83fdb29b0db84695b0c4789bed03b6", 0x1ab}, {&(0x7f0000003240)="efc738a16cc28c4946440ccbad4a5f1d56d06c415fd74d3f7ae7fede9df25861ac370f6d867d6672f8e7024df494ac35bd04b35f68b11663b146746ef3f58b12cfd7cd648c12a75f123d9cf5f9c10bcb48f942b34db9fbddcea5e0c3999da708bc472cd687c8f27748d1839e219628ad9687678201b445a59e0da96ecd38c0ce8bca1acbc78f9a3335e5db0eb0cd454006b4e3a5988e038b05322dad026df32c378b20fd75460e1205020d105c5115d2893e413b8b80e36946d011863b5a21472f1bd0d48b0c58211aff50a91e31112d632b56886d75ee84f49ffe015e33237150d3a3c4d871d348fa8e16f94c9e9d1e08d37c8b58f05f1a7c7133aae433f4564b8120d926c8ed8945d774620ec50deb1b3de7e66655d52f397f1811a024d870a4be151a15908b871992af52db41a28cb43633e1f9727e5373e318da8155d3e00b5b5eb28da52e8d364ec5de7614d8fd52401a6367e32464752d7379aaee4b08445ab9ca96663e47584d7470acf0312c545ffcee66d1903bc965caf4d66faf0c8e82ce4bd9c769d3440aca255e97c95a9810f33244d3963ec5610d0dcf62394ba8241351909acab1c154d1796ab44f683a08b307cc1905573642f6b2ef46e764d7f6d692de0fdefe6363a586f50d385e14b5b4209fd4efd93668ef020eaa8e3a70e6511438f81a2e6236b90628ac919ba9eeb04a9fd736a2681489427fa2fbd7f9fe559db1070fe3876e3217626fa811af2b2e3efb3587b19460f885c277e81a94277bbd3f19d4427538a4d93185e6647c4b8ffba034fe43e288dbb2eaf46299255aa246eb720a58224fc8490ed19cc40edd59552ec36b4645edc4e72e4c0ec8c48be18626f32c6aa982f821c40a0ba2d9b19c18a2e3a6b82e562c11620551de6364cc836ccd438823cbb2be8883a46d1141e136fdef2b1b19b879bd1be9a9993265758044ec33a87c625607ceda2e8245ebd7610b8c779957a1186a1611bd0caf66de3bcfbe904e28bae0174818f47eec3e79d74624b57d0b0dd173bfb5dbc4292e817bb03a0725bf11769fcf53ea95ef538be9a33c841f618fe4bc731cd8c826caec2691aee93ca57624e693947484163b3ae01d947155b499f56d7283b7d82c8000ba4a5457a1b1e40a17b7d4a54b45ebb0e8322e9dc9e2743a030c54f637381f10676d747cf8d1f982285187126b6da1e6fb374a8d87c956f9ad7c0328e8452fb6801e1c4db11dba4fd3ac3c382a05ab7148dcfb2266eac19399469c7aaf60eecbb1a92d6abf4bdda90752059106149645c6f5ea20b66c3ca634145c64b0c86ff46edc2b7d6269df97efd2f3e6fcda4cc9dc636951a9d6f0dc01f51ae273dcfeb66ec749d3cfe7cb11c45a473e126cab55450c5ffa59b3f3afb686f8258200bb8a529faff7f988d632300b890f73d51c60c64f4679cd86cc1f4602089f93ba03a51c846eed467432084f71c38413d0d9d1b83f9605207e9b28142d7bf94c7aedcd19f0fc93d4b95a1fea7babe2cb8de1a1a08f3a2d8d0aa1e718c1460e15329700e9e14c5cffff9c7a62b09df0a025e96ab03fa316e50d5b3b01ca4c5e0c6ac23f9703462e14f5fb6d5c1c2514d714746db1b5a5cee1111640114a9556cc518168b161b13e989e8f9ac51e2c01f7fbefea6ce6a8714c47279093fbb59fb760b7dd3138004343063485b506b120728d22c422324871c34f2dc7c53ce0bbab87bcd3efcf8fd4fa2bce12a10b00bdbb24791758516d02012613dd74caac26a176392ec11250e81d2566b2373a2b6536c3e2f28742cbca11b201934d19b42241d94a9da5b282eff530ddd3ed20318be47e9264b0a8fb0745e78c9c1f612ed03479ae14a176cfe52edb5eb2712c21fae58bf4c4143da57a9ee28acede9f56700bfa0f5c51da975fec9f8141b76cacdbfe69be80a325666cbd8fe458ed7f8965166b120ffb5e28dfbb5b3141cf963fd07548a4a35d2c749ce3adea69e0e0d4fd4158142fb7050d477fc51b2ef7e6f0e09cb8016a9bdfff7a200cd992a71a156339160b5757e163a14246c94fe11a0e210c5946b3147bc6870c9900e102b82e9a66a243a2e23e7ff98f7d9f017301740ac157f804afebf2f5bebbbf68583d86b01daaf02bc086bc2c4ddecf1a30795cb23a37bcff24ac3307545acc9bc7949edb2ea5b851ceb3bf2d34f049f1664100b0fc8ea326000e032bc5e50cdec80803a468e334002cfa7ccbef11f951f7679f403ce0cff42101702999218a15396952a3faa0154764c4359f037414bad967afca45285bd5ab985364e6b8bec744c00b3f95010eda041112ace0f09833c9b1049c36f03cca4e9264485d5784466e4b908b4b6216bd935abf49553dcdd4e48bc39f8b22f9b4bef1339b5121ad34ef3df4051333b8ea4ce83cff7abc863c43440ab6892281bc96fbf848ae9e82cb1a2d791b8bcf98ddb65baada7c08075dfe27cd06aedb0ff458880d600ba5bdb14c0858415c43c0aa6660298a944d568487853e7dac0c955d1268f70874756f6316e6181313f215ed3724ef760d89df82a178b51169506ada831725827c62b80f2e47fdac38b86192f68fe2fe5794f7adeac9c5bfc9e1fa8d5199fd7df202ee6e1ba38d40b7750f900771ea8e4f00d4c25065cf8867dc929c892f8e4652040862d48e8af1a48fc500882e874995c48cace7754bf0be2765be83001958946c8cb794f8813816e505de401d789223bc0af5739045751640272afb39d45d2be00cac743bfbce9a9a7f4b8f55511f3ad26264a09c19f26ed1b45b0fb254f98e5e1473bbccaa21219b327d1bbedab4a4dfdf516259feef632f72f5092bf78d886772e73ed2250f5ec20ac6fa66cf8c2626d3b5973ce9f4f95ead5c8a65db49966de0fd9e9ce97894b764ec3f75093a4f3ec4507e2507256c59a52969fdabfc100e6ae23acf121bb3acf34d190211b4001b632b10a252be0430bd107ee884a0ba16fc50eb717ae36aba0dbb130dc64b5cc21d1fe87856c8787474333c3a793fe81c9b9b56ee41fd2e1f2d6150495dc3379bf66fa4d53f868047b6c50f8c5a4c2ea2a355b5eb1ab3d3f32791b9ffcb08698dbe841f3338be19e5d927dfb14711b4aed2435fc53340162c878bee30d9d7d2409be614240540f7f5702be3e2ba38d8f999a624acdcaef37dabb86d225f35e92691de25bf68e0115e6680107f07380b28254e9df2e54a5179ed064fc9744dcb553b56720171b0325876c9b82d0120add35ac3f38b41fc28b149f944c66555051ca92341a953739a1674fae837bdb8d8d10adf7ef74092f505375c8414d82805176b680908d5c0f6c2a14bd526631c5abeccaf3469e3ae01c4db2371a77219ee109a83d62aef26efff181f240a163bc0cb253405018b69ba8d62ac582cb186c8c89e3c140bffaa4d99fab17975ccd925efab24b6a181773fe1daac55f18ab1e0264f8d1f7aabe395ce80792bb77cbd0b58fcd928ad74f0342876e098c93f9611887022a92e4d9b1da9c911bb7d762bdcdba36f749e16aad0bcf6f8596b2b50fc65a6811b709d9ad6593c2eb9867af3a276de26d6a6f87ec5173ca79e88122bf5151e98dee268fc8a79a4e83f2427a02ed702b0926ecf0b4bb1a3051f0a4d3cf31038fb600c7eb0cedc0d59ac99bff3b31a9065efecca740fcd948fb9c2eb6197b8226c397de7a4c268fa41877ca1618f77ffa93b2e17348301899bb1a5b389422d7364eb1e5ddd0daf2065894cf10886ce0d3920c0a283de54ec57942d456579851ca3590c26f8c360b7cbaa0328c29532aad80b2627b25641e613b38a2accf5881bbbc7086085a8fcf25895da9244c7dd773bff995e159ea3899487f202d97f2977e4527f75ec64a85cb21b120828b2ac24c711ea2b7cba4b0a195a1840aec7d34a4745b42596f186820584b4b75af29fba5b6d3623718efeebf52e848fe48160fbfd5a0f6511649e3e1c58e599c6d9c7597e5e12227e281204921819fbf9e0c9bd16d598aec601bbdc87e8d94225368cb65da83cbb722d79957a7c0bcea91a45f9b52558ccdcd2754da40fc0fbf78abd06c05f1fc7381eb06e4a0afcca6db7cace72aaacdf498cf9ca42c9b3c6615d9df167ef2d1b868e56a9652beea2f72530f24fe373333d9a524ed48e52e51d3784649a9b9a9f1cfdfabd3cdf832b2dda019bb4e1e1e71e75f88cbc3a16a6848ac2385024abb76249841f630008f3805462604d65eebf4e14b6c2ad9f9e2dc2a5a55d7ce5dde8307ac655b4dfcc99d0f050e838d310957915b4fc838f26f2659d72f801e8c62c6477cc33d7f60e659881422ddad61819b93f0f7817acab429b3c7d3923abce00993ada7fd7e5987cab4f4aea02acabad3f27f223c0108f44d8d5833932b4eb427f83f7b336f214293f8adc0ed2cd45d792cc69a84e01f6fe7020f96cd05c1dd792f30f1dec2c21ecf00ca956e4a2c71b52b1c298ae6e319cf845b97b60e07ab82afa30ffe94c16efb971959951746edde9639bb055feebe25611b595e23cade8420a2ee207977ab47dd559f09d17823e6184f83c44b881e4baa5d9abd6e2f8156a1fff943e61eea0e9b2fe26236e8288c5116ae9a8b0f110794f629c800d08729ea2000d56dbe404a747c149b7890bd6ac91319200b7078e2e039a29f45ffac3ecbafbc8b00db9f2e8eeb92ebf0a494bd4616925c9b289522c76f87d2c73342db85cc9a3ff09ae84c2c4b3618ba220bb6442968d9ae9eec02e577412fbedd827678a320b7dd8503d0bab20ca7fe7d982330506fc38eaaa6f1cde45377b08f0b66590b75fd6d390da80d01bf6c6dfc12f3b31312b75d1c6e8c6b86527b4f7c5464465b655b1c76a2b7dc202cf50f88f41bae5d7b8e8c38f3b254628f2418e2fe00b63f8162c60cd95fc9b0b6bba3a0989bbb858d2f1c892713e3bdc1a50bddfbb5c11f242464183ee9b85734b5683c242a264ea415df1284ffd87a36516518a09171cbad0149753e836aa41b27ff441460cf0f0d59ca9c1023b2bac5be5512827d4a64e6d7283e335682f9f4e0ad5471839e447b803c6b43d7daa2709536bc2ab955880cd25d1a50aa78fd646e31b3382426e1e77429d37712968223046698b51362b974a6c6782bfb17f40ade50c82523c1c87b59ba4cab6db7ea321b345133ef90039ddf3465043f05e0c1f0d9322aaf67408cf0c81162c17fd0a3fa195df5b6916b008", 0xe62}], 0x2, 0x0, 0x0, 0x8801}, 0x4000001)
setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000080)={{0xa, 0x4e23, 0x0, @private0, 0x8}, {0xa, 0x4e20, 0x1000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0xffffffffffffffff, {[0x3, 0x3, 0x8f8, 0x8, 0x8, 0x7fffffff, 0x3, 0x7]}}, 0x5c)

1.178095613s ago: executing program 2 (id=6426):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x8}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, &(0x7f0000000100), 0x0}, 0x20) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x7a1280, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x2c, r2, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x4000800)

1.160144521s ago: executing program 4 (id=6427):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, 0x0, &(0x7f0000000c40)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0xfffe, &(0x7f0000000000)={&(0x7f0000000d80)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc509055e8af4e052}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0)

1.033506998s ago: executing program 2 (id=6428):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r0, 0x0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000005c0), 0x10)
recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/97, 0x38}, {0x0}], 0x2}, 0x32}], 0x4000000000000be, 0x122, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="050000007f00000000000100", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}, 0x1, 0x0, 0x0, 0x4044080}, 0x20008800)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

970.061577ms ago: executing program 0 (id=6429):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x2000800)

919.119166ms ago: executing program 3 (id=6430):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x16}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x4, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r1, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000300)
ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x4010006cf324f5)

896.2614ms ago: executing program 4 (id=6431):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000000480)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000600)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x23}, @local}}}], 0x20}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x2404c080)
r6 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
sendmmsg(r6, 0x0, 0x0, 0x44)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000001080)={'ip6_vti0\x00', &(0x7f0000001000)={'syztnl0\x00', 0x0, 0x29, 0x1, 0x7, 0x1, 0x41, @mcast2, @private1, 0x10, 0x80, 0x6, 0xb9a3}})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001100)={'bridge_slave_0\x00', <r7=>0x0})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, &(0x7f0000001180))
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000011c0))
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000017c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001780)={&(0x7f0000001800)=ANY=[@ANYBLOB="68050000", @ANYRES16=0x0, @ANYBLOB="000225bd7000bb0800000100000008000100", @ANYRES32=0x0, @ANYBLOB="7c0002803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1801028064000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b0000003400040007002200080000000800ab0409000000040043a10000008000007d0409000000ffff0447ce040000000003060500000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000180000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040001", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005", @ANYBLOB, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="f001028040000100240001007072696f72697479", @ANYRES32, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c656400"/38, @ANYRES32, @ANYRES32=r7, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000005000300050000000900040068617368000000003c00010024000100757365725f6c696e6b75705f656e61626c656400000000000000000000000000050003000600000004000400080006", @ANYRES32, @ANYBLOB], 0x568}, 0x1, 0x0, 0x0, 0x80}, 0x40844)

820.088836ms ago: executing program 0 (id=6432):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x17, @random, 'macvlan1\x00'}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0xc0001, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000340)=0x1)
close(0x3)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$NILFS_IOCTL_SET_SUINFO(r1, 0x40186e8d, &(0x7f0000000280)={&(0x7f00000001c0)=[{0x6, 0x1, 0x0, {0xffffffffffffffff, 0x3}}, {0x5, 0x0, 0x0, {0x8, 0x2}}, {0x0, 0x2, 0x0, {0xe83a, 0x624, 0x2}}], 0x3, 0x20, 0x5, 0xc})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xa, &(0x7f0000000180)=0x8, 0x4)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000000))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl0\x00', &(0x7f0000000440)={'syztnl2\x00', 0x0, 0x7800, 0x7800, 0x0, 0x1, {{0x26, 0x4, 0x0, 0x1, 0x98, 0x68, 0x0, 0x6, 0x2f, 0x0, @loopback, @broadcast, {[@timestamp={0x44, 0x4, 0x36, 0x0, 0x9}, @ssrr={0x89, 0x17, 0x4, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @remote, @rand_addr=0x64010101]}, @timestamp={0x44, 0x24, 0x20, 0x0, 0x5, [0xa4f5, 0xfffffffd, 0x5, 0x10000, 0xd, 0x5, 0x4, 0x800]}, @end, @generic={0x94, 0x3, "cc"}, @timestamp_addr={0x44, 0x2c, 0xc8, 0x1, 0x8, [{@private=0xa010100, 0x8}, {@multicast1, 0x4}, {@empty, 0x2}, {@dev={0xac, 0x14, 0x14, 0x10}, 0x8}, {@remote, 0xfffff800}]}, @timestamp_prespec={0x44, 0x4, 0x85, 0x3, 0x0, [{@empty, 0x1}, {@multicast1, 0x9}]}]}}}}})
r4 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80000)
ioctl$SIOCX25GCALLUSERDATA(r4, 0x89e4, &(0x7f0000000380)={0x63, "5af412de0eafc1171019417b0716b70540a763c3d5871e6552de3095c793782803d2454a227d42481306764ca93185c2b41148de5ab6f01ec4477c51c558551553154a77b2de3d17b6ee6b4dc49d4ad40d7e5da3d23173e568059b916ab78f8c7eed8655561767b47bee5dbabe2187ef6f71435a2f3b8c2f633e2271f427f905"})
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4041)

782.374742ms ago: executing program 4 (id=6433):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x5e, &(0x7f0000000200)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "43d2ac", 0x28, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @remote}, @private0, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @multicast2}, @dev={0xfe, 0x80, '\x00', 0x39}}}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x30, r4, 0x7, 0x70bd2b, 0x25dfdc01, {{0x8}, {@val={0x8, 0x1, 0x37}, @val={0x8}, @val={0xc, 0x99, {0x4, 0x2}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40d0}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x20, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x810)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x56a7}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x300}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x40050}, 0x0)
write$bt_hci(r2, &(0x7f0000000440)=ANY=[@ANYRES8=r1], 0xa)

606.154008ms ago: executing program 0 (id=6434):
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
socket$alg(0x26, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket$kcm(0x11, 0xa, 0x300)
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001b40)=@newtfilter={0xca0, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3, {0xa, 0x8}, {}, {0xc, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0xc74, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xb, 0xfff3}}, @TCA_FW_POLICE={0x450, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000000, 0x5, 0x3, 0x7fff, 0x49e85, {0xb3, 0x0, 0x3, 0x3}, {0x0, 0x1, 0x4549, 0x7, 0x81, 0xcdd}, 0xffffff76, 0x1ff, 0xffff341b}}, @TCA_POLICE_RATE64={0xc, 0x8, 0x20000}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x5, 0x7, 0x9, 0x0, 0x2, 0x80000000, 0x6, 0x59fa, 0x5, 0x2d1f, 0x1c3, 0x38, 0x40, 0xa, 0x3, 0x4, 0x6, 0x6, 0x3, 0x7ff, 0x8, 0xe, 0xfffffffd, 0x9, 0x7, 0xf1e, 0xa97a, 0x0, 0x1, 0x81, 0x3, 0x9, 0x4, 0xfffffffc, 0x3ff, 0x2, 0x9, 0x7ff8, 0x29, 0x7ff, 0x2, 0x1, 0x6, 0xc7, 0xe7b, 0x9, 0x200, 0x252, 0x5, 0x2, 0x4, 0x9, 0xd, 0x7fff, 0x0, 0x8, 0xeac0, 0x7, 0x1, 0x3, 0x7fff, 0x400000, 0xbb5, 0x4, 0x80, 0xf, 0xa47, 0x70c1, 0xffff, 0x9, 0x5, 0x4, 0x9, 0xffff8001, 0x0, 0x8000, 0x2, 0xc6b76ce, 0x6, 0x9, 0x101, 0x7fff, 0x6, 0x7520, 0x0, 0xcfcd, 0xd6f, 0x7f, 0xf, 0x3, 0xff, 0x7, 0x1, 0x2, 0xfff, 0x23d, 0x5, 0x2, 0x80, 0x5c, 0x6, 0x7, 0x0, 0x8, 0x1c0, 0x89f1, 0x3, 0x40, 0x5, 0x101, 0x7ff, 0x7, 0x9, 0x2000000, 0x1, 0x800, 0x418f, 0x5, 0x12a, 0x9, 0xa6, 0xfffffcf2, 0x4, 0x2, 0x5, 0x8, 0x9, 0x5, 0x81, 0xffff177d, 0x55, 0xfd41, 0x30d, 0x2, 0x0, 0x5, 0x3, 0x6, 0x0, 0x2, 0xe965, 0x4, 0xfffffdf2, 0x1, 0x9, 0x1000, 0x70, 0x1, 0x1, 0x6422c554, 0x9, 0x7, 0x1, 0x800, 0x10, 0xffff, 0x0, 0x10000, 0x80, 0x9, 0x5, 0xffffffff, 0x6, 0x96, 0xa, 0x7f, 0x909d, 0x10, 0x1ff, 0x4, 0xfffffffa, 0x8, 0x9, 0x1, 0x5, 0x9, 0x5, 0x1ff, 0x9, 0x81, 0x800, 0xb6, 0x4c, 0x2, 0x87940000, 0x10000, 0x4, 0x80, 0x6, 0xa, 0x81, 0x93fb, 0x9, 0x4, 0x4, 0x7, 0x2, 0x8, 0x4, 0x10001, 0x3, 0x8, 0xe801, 0x984, 0x1, 0x4, 0x7, 0x3ff, 0x8000, 0x59, 0x90d2, 0x9, 0x6, 0x6, 0x78, 0x3, 0xe0, 0x6, 0x6, 0xf05c, 0x7, 0xffffff74, 0x8, 0x7, 0x1, 0x2, 0x37, 0x7, 0x0, 0x7, 0xfffffffb, 0xa, 0xa8, 0x9ef, 0x8, 0x6, 0x2, 0x6, 0x0, 0x8, 0x6, 0x1, 0x2, 0x1, 0x8, 0x2, 0x800, 0x5, 0x0, 0xdcc, 0x3, 0x10001, 0x4, 0x8]}]}, @TCA_FW_ACT={0x7fc, 0x4, [@m_skbmod={0xe4, 0x19, 0x0, 0x0, {{0xb}, {0x80, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x5, 0x0, 0x1, 0x0, 0x10001}, 0x2}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x2}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x2, 0x6, 0x400}, 0x2}}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x9}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}]}, {0x3a, 0x6, "e627a2235d6e25af4c49485264e48f5db8e85aaff4ebff8343c2704cc8bf4f696dedc1189e83a933d0748e5989a17c7311b97d561a62"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_gact={0xd4, 0x7, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x21b6, 0x5}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x40, 0x10000004, 0x7, 0x4}}]}, {0x81, 0x6, "bc8ee03fa371a140280b986df1a54220d083d5cb38ae70e86acec650aa5fa3d29363ab8204f5f87088e35c85822e287920f7f4eb474fdace994059f7791621292d1043dfbc0ed989638437fe477e9db4e4eb90db56e00ae106f20463b80bfff0ebe06af91eeaae32b3bc3bf5411714230cedf78db90e19c921d08e6135"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_simple={0x194, 0x3, 0x0, 0x0, {{0xb}, {0xd8, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x1, 0xad42, 0x0, 0x0, 0xd63e}}, @TCA_DEF_PARMS={0x18, 0x2, {0x44a, 0x2, 0x10000000, 0x8, 0x101}}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x80, 0x9, 0x0, 0xffffffff, 0x8}}, @TCA_DEF_PARMS={0x18, 0x2, {0x200, 0x0, 0x5, 0x7, 0x40}}, @TCA_DEF_DATA={0x15, 0x3, '/dev/virtual_nci\x00'}, @TCA_DEF_DATA={0xb, 0x3, 'flower\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x2, 0x6000000, 0x5, 0x8, 0x1}}, @TCA_DEF_DATA={0x15, 0x3, '/dev/virtual_nci\x00'}, @TCA_DEF_DATA={0x15, 0x3, '/dev/virtual_nci\x00'}]}, {0x94, 0x6, "640d35a9bb35ac5c905d519365e33cd2d367214fc07f93cf63f1b5e7825fc6c7a7661c09572489660861f20281c696842067d6869fad8d651dd6a7a2324a40264445c5fc75276ec947b232116e7af9f8b47c842acfce1bc8547ef11a80ddb64986ad02c2e9897fe7cb71378ead10c108679108a51adbffef53584d1650567d9a99238e46ea174001d5b82391cb15e85a"}, {0xc, 0x7, {0x237f2ceaf4f508e7, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_nat={0x1d8, 0x1e, 0x0, 0x0, {{0x8}, {0x144, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x2, 0x6, 0x8, 0x2}, @dev={0xac, 0x14, 0x14, 0x3b}, @rand_addr=0x64010102, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x3, 0x2, 0x9fb, 0xb48c}, @rand_addr=0x64010102, @remote, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x4, 0xffffffffffffffff, 0x2, 0x1}, @rand_addr=0x64010100, @empty, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x7, 0x7fffffff, 0x20000003, 0x7fffffff, 0x5}, @dev={0xac, 0x14, 0x14, 0x2f}, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x3, 0xffffffffffffffff, 0x7, 0x40}, @initdev={0xac, 0x1e, 0xc, 0x0}, @remote, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5946, 0xd, 0xfffffffffffffffb, 0x604b, 0x6}, @rand_addr=0x64010100, @multicast2, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x4, 0xf1bbbdff12dde41a, 0x6, 0x732}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x6, 0x10000000, 0x4, 0x40}, @dev={0xac, 0x14, 0x14, 0x39}, @multicast2}}]}, {0x6e, 0x6, "e717063921b95a38eeeb37705b6e03bf531474ee357cab1f9e1ef06e2020420f103764975d211f6c01e76a0093416a650206368b942b11c9414248cfb8b90407af03ed922fe9112d27637de91f3a63b70cddd4899291edc9d4af3ae314ccf93f2c65a7c1a77cfd6a2967"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_connmark={0x170, 0x12, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc8bd, 0x7, 0x7, 0xc95}, 0x401}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x38, 0x7, 0x6, 0x2, 0x4}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x40, 0x2e2b, 0xffffffffffffffff, 0xd, 0xc}, 0xd59}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x0, 0x7, 0x3, 0xffff}, 0x5}}]}, {0xce, 0x6, "dc537e809aa012dec533cd488a34fce570e55b1c1a4dcb7c86ad976b10aa5490d6402cecbd099fd3f2f43ae6058709ecd71fd50c8454b43b93e2875519d8f24794951f53e86b73c3b722a2cd3342dba802641b065db478052143627d48d8323ef4079c676ea5bbe000d250d0c31d6b4cf26f2fd10ef5ce31e5738cdf7f76271c754af6fde9fa0a4022802579b4c3d285268a730640ebe741c59bca97a9f72b929c2953c3c2a374521a850b5d5128173f035a1b7a0c2d5d7858c426eaa1b6d21ed768a4400256d3e443fe"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x4, 0x1}}}}, @m_skbedit={0x164, 0xd, 0x0, 0x0, {{0xc}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xff}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x400, 0x8001, 0x5, 0x8, 0x2}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xffe0, 0x7}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x2}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}]}, {0xed, 0x6, "7ef04ab1879ae4a15688cbf5d53d6d85983349a27793feff249d3adb030604afc6dd6c0e994a3db630fef9f61bd8569908c3c49a65bd0588f4168ab3cb6c2db0aed33a1af777e337e229692fa1832c9963c1965abec16bc2b3a595293137d9af4bdd0bae2686bbc1a5d1924b36ce8b1f8d1193489bceb72279286cd177047f2e22d3c1ea167de0210109b5a095778d5c4166b6c8224227d70483034c82f540e36a1df0e791795da6faa404b087c62a4658cd2f9a0d15064bbde0a602da8dcebcec1b39e6c8389af38bc4e829f84749bb40232661cff9fc1a224e84407b4361fd54764f44097e32f2f4"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x4}}, @TCA_FW_INDEV={0x14, 0x3, 'ip6gre0\x00'}]}}]}, 0xca0}, 0x1, 0x0, 0x0, 0x60000080}, 0x20000000)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0xfc)

511.485796ms ago: executing program 4 (id=6435):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000980)=[{r4, 0x8401}, {0xffffffffffffffff, 0x500}, {r1, 0x4}], 0x3, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff0200000000000000000000000000018600907800ff0bdb0000000000000000180aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af030200010000000500000000260004001f18fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad88af49fe41605e609d7209cd539477a2499a9a0527f75b655a679acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb04619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc237ae0e9f6a1afd6a3ed5304d642081ba42399907ccd0a562db212baa39eb8164e240069f604d3a05fecf894222a141123167f010000000000000090aa235a6706030b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107b8a3e10090cf6164000000020000000000000000000000ffff008879e66485201a0015ca837c7357a0274500f70000000000000000000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0005d5170000dce9674a36da018dff09e70b8b14c4b7a94fe18e88600000000000"], 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000), 0x4)
sendmsg$sock(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x2, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[@timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x9}}], 0x48}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000700)={0x0, r0}, 0x8)
r5 = socket(0x10, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000740)={<r6=>0x0, 0x79, "78d9b4f5c09c973f306a7a9e63d29c662d86c0a24400ab17b31f49ef94196aaeb001676a09b0aec9168baf3165a0d8943a4802866d005f7ec8e5c71cfa9bf8d8798cafd6e7b02bfe0aeda48f06730088b9107113540bb9279dc50acd91952a8e6f9501777f4af179a1fc193d9e15b6f72df188de74df4e6f71"}, &(0x7f0000000900)=0x81)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000001cc0)={r6, 0xd8, &(0x7f0000001bc0)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e21, 0x3ed, @mcast2, 0x7}, @in6={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x7}, 0x2}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x1000}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e23, 0x3f1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, @in6={0xa, 0x4e23, 0x10001, @empty, 0xda}, @in6={0xa, 0x4e20, 0x8, @mcast1, 0xa0e}, @in={0x2, 0x4e21, @remote}]}, &(0x7f0000001d00)=0x10)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000019c0), 0x4)
r8 = bpf$ITER_CREATE(0x21, &(0x7f0000001a80), 0x8)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000000400000018110000", @ANYRES32=r10, @ANYBLOB="8000000000000000b7080000000000007b8af8ff04000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001b00)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000880)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @map_val={0x18, 0x5}], &(0x7f00000008c0)='GPL\x00', 0xc6d, 0x1000, &(0x7f00000009c0)=""/4096, 0x41000, 0x5e, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f0000001a00)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x1, 0x6, 0x3}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001ac0)=[r8, r9, r10], 0x0, 0x10, 0xa}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r11, 0x0, 0x46, 0xde, &(0x7f0000000480)="bbc792b7b05300090f89672e100f2a742e76362fe76e537f9fb66369ee41984a0879ecfa88ad61939b17d4441b7e59ea81a3a1917be71256ea40e019bbbe647360b7c7be09a6", &(0x7f0000000500)=""/222, 0x3, 0x0, 0x27, 0x2b, &(0x7f0000000600)="b43a8baf4b404d87380c49517b8788eab910bb5504d441c86a6fd39e54fa8251be1d85a17f1f60", &(0x7f0000000640)="f8f410eb15faf40753d59ac0d25d8ad66a84d687153be88bfc014a2b8cb5d7a507a4b9716f9de49ba57fbf", 0x5, 0x0, 0x8}, 0x50)

423.901543ms ago: executing program 0 (id=6436):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@const={0x0, 0x0, 0x0, 0xa, 0x3}]}, {0x0, [0x2e]}}, &(0x7f0000000240)=""/76, 0x27, 0x4c, 0x1}, 0x28)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0), &(0x7f0000000380)=""/100}, 0x20)

250.103166ms ago: executing program 0 (id=6437):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001007b62000000000000000000000600140000001100010000000000000000000000000a"], 0x28}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200082c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa3a000005", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907886ecc00d0000"], 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000fcdbdf251b1800000700210030", @ANYRESOCT], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000880), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x24, r3, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x80)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000140)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x3, 0x3, 0x0, 0x66c3}, 0x20)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e23, @loopback}}, [0x5, 0xffffffffffffffff, 0x8, 0x3, 0x4, 0x0, 0xffffffff7fffffff, 0x5, 0xffffffff, 0x7, 0x200, 0x80000002, 0xfd, 0x3, 0x82]}, &(0x7f0000000300)=0x100)
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETVIFCNT(r5, 0x89e0, &(0x7f0000000540)={0xffffffffffffffff})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x3261e)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000010005fba9a7d09a39f00000000000000", @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b0000000000080028005bdb000008002900f8ff0700"], 0x38}}, 0x800)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000580), 0xffffffffffffffff)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000100), r9)
sendmsg$NLBL_CIPSOV4_C_ADD(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x50, r10, 0x1, 0x0, 0x1, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0xc082}, 0x24004080)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000005c0)={{{@in=@remote, @in6=@private1}}, {{@in6=@private0}, 0x0, @in=@multicast1}}, &(0x7f0000000700)=0xe8)
setsockopt$ARPT_SO_SET_REPLACE(r8, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3e0, 0x110, 0x110, 0x210, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @mac=@remote, @loopback, @local, 0x1, 0x1}}}, {{@uncond, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "716ebd2e1aa0cc683e62f312359594df00da56317f76121697127951fdba"}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)

0s ago: executing program 2 (id=6438):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000980)=[{r4, 0x8401}, {0xffffffffffffffff, 0x500}, {r1, 0x4}], 0x3, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff0200000000000000000000000000018600907800ff0bdb0000000000000000180aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af030200010000000500000000260004001f18fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad88af49fe41605e609d7209cd539477a2499a9a0527f75b655a679acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb04619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc237ae0e9f6a1afd6a3ed5304d642081ba42399907ccd0a562db212baa39eb8164e240069f604d3a05fecf894222a141123167f010000000000000090aa235a6706030b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107b8a3e10090cf6164000000020000000000000000000000ffff008879e66485201a0015ca837c7357a0274500f70000000000000000000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0005d5170000dce9674a36da018dff09e70b8b14c4b7a94fe18e88600000000000"], 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000), 0x4)
sendmsg$sock(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x2, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[@timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x9}}], 0x48}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000700)={0x0, r0}, 0x8)
r5 = socket(0x10, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000740)={<r6=>0x0, 0x79, "78d9b4f5c09c973f306a7a9e63d29c662d86c0a24400ab17b31f49ef94196aaeb001676a09b0aec9168baf3165a0d8943a4802866d005f7ec8e5c71cfa9bf8d8798cafd6e7b02bfe0aeda48f06730088b9107113540bb9279dc50acd91952a8e6f9501777f4af179a1fc193d9e15b6f72df188de74df4e6f71"}, &(0x7f0000000900)=0x81)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000001cc0)={r6, 0xd8, &(0x7f0000001bc0)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e21, 0x3ed, @mcast2, 0x7}, @in6={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x7}, 0x2}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x1000}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e23, 0x3f1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, @in6={0xa, 0x4e23, 0x10001, @empty, 0xda}, @in6={0xa, 0x4e20, 0x8, @mcast1, 0xa0e}, @in={0x2, 0x4e21, @remote}]}, &(0x7f0000001d00)=0x10)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000019c0), 0x4)
r8 = bpf$ITER_CREATE(0x21, &(0x7f0000001a80), 0x8)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000000400000018110000", @ANYRES32=r10, @ANYBLOB="8000000000000000b7080000000000007b8af8ff04000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001b00)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000880)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xf}, @map_val={0x18, 0x5}], &(0x7f00000008c0)='GPL\x00', 0xc6d, 0x1000, &(0x7f00000009c0)=""/4096, 0x41000, 0x5e, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f0000001a00)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x4, 0x1, 0x6, 0x3}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001ac0)=[r8, r9, r10], 0x0, 0x10, 0xa}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r11, 0x0, 0x46, 0xde, &(0x7f0000000480)="bbc792b7b05300090f89672e100f2a742e76362fe76e537f9fb66369ee41984a0879ecfa88ad61939b17d4441b7e59ea81a3a1917be71256ea40e019bbbe647360b7c7be09a6", &(0x7f0000000500)=""/222, 0x3, 0x0, 0x27, 0x2b, &(0x7f0000000600)="b43a8baf4b404d87380c49517b8788eab910bb5504d441c86a6fd39e54fa8251be1d85a17f1f60", &(0x7f0000000640)="f8f410eb15faf40753d59ac0d25d8ad66a84d687153be88bfc014a2b8cb5d7a507a4b9716f9de49ba57fbf", 0x5, 0x0, 0x8}, 0x50)

kernel console output (not intermixed with test programs):

ftover after parsing attributes in process `syz.0.5525'.
[  622.995172][T23906] netlink: 'syz.0.5533': attribute type 14 has an invalid length.
[  623.198120][T23910] netlink: 'syz.4.5535': attribute type 1 has an invalid length.
[  623.637973][T23922] netlink: 'syz.1.5539': attribute type 3 has an invalid length.
[  623.656218][T23922] netlink: 'syz.1.5539': attribute type 3 has an invalid length.
[  623.929019][T23934] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  623.942405][T23934] syzkaller0: entered promiscuous mode
[  623.948265][T23934] syzkaller0: entered allmulticast mode
[  624.656945][T23938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  624.720878][T23933] tipc: Resetting bearer <eth:syzkaller0>
[  624.819521][T23933] tipc: Disabling bearer <eth:syzkaller0>
[  625.398954][T23971] nbd: socks must be embedded in a SOCK_ITEM attr
[  625.413751][T23971] block nbd1: shutting down sockets
[  629.139702][T24096] __nla_validate_parse: 7 callbacks suppressed
[  629.139724][T24096] netlink: 156 bytes leftover after parsing attributes in process `syz.4.5587'.
[  629.163783][T24095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5586'.
[  629.826254][T24132] netlink: 'syz.2.5598': attribute type 1 has an invalid length.
[  629.834500][T24132] netlink: 'syz.2.5598': attribute type 2 has an invalid length.
[  629.842541][T24132] netlink: 'syz.2.5598': attribute type 1 has an invalid length.
[  629.850774][T24132] netlink: 'syz.2.5598': attribute type 3 has an invalid length.
[  629.858739][T24132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5598'.
[  629.932568][T24136] block nbd0: NBD_DISCONNECT
[  629.962598][T24136] block nbd0: Send disconnect failed -32
[  629.991542][T24136] block nbd0: shutting down sockets
[  630.029551][T24139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5601'.
[  630.154690][T24143] veth1_to_bridge: entered allmulticast mode
[  630.161402][T24143] A link change request failed with some changes committed already. Interface veth1_to_bridge may have been left with an inconsistent configuration, please check.
[  630.196196][T24143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5603'.
[  630.351431][T24152] FAULT_INJECTION: forcing a failure.
[  630.351431][T24152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  630.365474][T24152] CPU: 1 UID: 0 PID: 24152 Comm: syz.3.5607 Not tainted syzkaller #0 PREEMPT(full) 
[  630.365505][T24152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  630.365519][T24152] Call Trace:
[  630.365528][T24152]  <TASK>
[  630.365537][T24152]  dump_stack_lvl+0xe8/0x150
[  630.365575][T24152]  should_fail_ex+0x412/0x560
[  630.365613][T24152]  _copy_to_user+0x31/0xb0
[  630.365642][T24152]  simple_read_from_buffer+0xe1/0x170
[  630.365679][T24152]  proc_fail_nth_read+0x1bb/0x230
[  630.365715][T24152]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  630.365750][T24152]  ? rw_verify_area+0x2a6/0x4d0
[  630.365773][T24152]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  630.365806][T24152]  vfs_read+0x20c/0xa70
[  630.365828][T24152]  ? fdget_pos+0x246/0x320
[  630.365854][T24152]  ? __pfx___mutex_lock+0x10/0x10
[  630.365878][T24152]  ? __pfx_vfs_read+0x10/0x10
[  630.365904][T24152]  ? __fget_files+0x2a/0x420
[  630.365929][T24152]  ? __fget_files+0x3a0/0x420
[  630.365947][T24152]  ? __fget_files+0x2a/0x420
[  630.365977][T24152]  ksys_read+0x150/0x270
[  630.366004][T24152]  ? __pfx_ksys_read+0x10/0x10
[  630.366041][T24152]  do_syscall_64+0x14d/0xf80
[  630.366061][T24152]  ? trace_irq_disable+0x3b/0x150
[  630.366080][T24152]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.366102][T24152]  ? clear_bhb_loop+0x40/0x90
[  630.366128][T24152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.366149][T24152] RIP: 0033:0x7f6f9ef5d04e
[  630.366170][T24152] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  630.366199][T24152] RSP: 002b:00007f6f9fd9efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  630.366223][T24152] RAX: ffffffffffffffda RBX: 00007f6f9fd9f6c0 RCX: 00007f6f9ef5d04e
[  630.366240][T24152] RDX: 000000000000000f RSI: 00007f6f9fd9f0a0 RDI: 0000000000000004
[  630.366259][T24152] RBP: 00007f6f9fd9f090 R08: 0000000000000000 R09: 0000000000000000
[  630.366273][T24152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  630.366286][T24152] R13: 00007f6f9f216038 R14: 00007f6f9f215fa0 R15: 00007ffff9d58268
[  630.366321][T24152]  </TASK>
[  630.624098][T24155] FAULT_INJECTION: forcing a failure.
[  630.624098][T24155] name failslab, interval 1, probability 0, space 0, times 0
[  630.637988][T24155] CPU: 0 UID: 0 PID: 24155 Comm: syz.3.5608 Not tainted syzkaller #0 PREEMPT(full) 
[  630.638017][T24155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  630.638030][T24155] Call Trace:
[  630.638038][T24155]  <TASK>
[  630.638047][T24155]  dump_stack_lvl+0xe8/0x150
[  630.638082][T24155]  should_fail_ex+0x412/0x560
[  630.638119][T24155]  should_failslab+0xa8/0x100
[  630.638145][T24155]  ? skb_clone+0x212/0x3a0
[  630.638165][T24155]  kmem_cache_alloc_noprof+0x87/0x650
[  630.638198][T24155]  skb_clone+0x212/0x3a0
[  630.638222][T24155]  __netlink_deliver_tap+0x404/0x850
[  630.638273][T24155]  ? netlink_deliver_tap+0x2e/0x1b0
[  630.638303][T24155]  netlink_deliver_tap+0x19c/0x1b0
[  630.638331][T24155]  netlink_sendskb+0x68/0x140
[  630.638359][T24155]  netlink_unicast+0x3a3/0x9b0
[  630.638394][T24155]  ? __pfx_netlink_unicast+0x10/0x10
[  630.638429][T24155]  netlink_rcv_skb+0x2b6/0x4b0
[  630.638457][T24155]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  630.638486][T24155]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  630.638526][T24155]  ? netlink_deliver_tap+0x2e/0x1b0
[  630.638562][T24155]  netlink_unicast+0x80f/0x9b0
[  630.638596][T24155]  ? __pfx_netlink_unicast+0x10/0x10
[  630.638623][T24155]  ? netlink_sendmsg+0x650/0xb40
[  630.638648][T24155]  ? skb_put+0x11b/0x210
[  630.638679][T24155]  netlink_sendmsg+0x813/0xb40
[  630.638717][T24155]  ? __pfx_netlink_sendmsg+0x10/0x10
[  630.638749][T24155]  ? aa_sock_msg_perm+0xf1/0x1b0
[  630.638772][T24155]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  630.638799][T24155]  ____sys_sendmsg+0x972/0x9f0
[  630.638838][T24155]  ? __pfx_____sys_sendmsg+0x10/0x10
[  630.638877][T24155]  ? import_iovec+0x73/0xa0
[  630.638907][T24155]  ___sys_sendmsg+0x2a5/0x360
[  630.638944][T24155]  ? __pfx____sys_sendmsg+0x10/0x10
[  630.639011][T24155]  ? __fget_files+0x2a/0x420
[  630.639030][T24155]  ? __fget_files+0x3a0/0x420
[  630.639059][T24155]  __x64_sys_sendmsg+0x1bd/0x2a0
[  630.639093][T24155]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  630.639134][T24155]  ? __pfx_ksys_write+0x10/0x10
[  630.639170][T24155]  do_syscall_64+0x14d/0xf80
[  630.639191][T24155]  ? trace_irq_disable+0x3b/0x150
[  630.639208][T24155]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.639229][T24155]  ? clear_bhb_loop+0x40/0x90
[  630.639265][T24155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  630.639285][T24155] RIP: 0033:0x7f6f9ef9c819
[  630.639304][T24155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  630.639322][T24155] RSP: 002b:00007f6f9fd9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  630.639344][T24155] RAX: ffffffffffffffda RBX: 00007f6f9f215fa0 RCX: 00007f6f9ef9c819
[  630.639358][T24155] RDX: 0000000000040000 RSI: 0000200000000100 RDI: 0000000000000003
[  630.639371][T24155] RBP: 00007f6f9fd9f090 R08: 0000000000000000 R09: 0000000000000000
[  630.639384][T24155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  630.639397][T24155] R13: 00007f6f9f216038 R14: 00007f6f9f215fa0 R15: 00007ffff9d58268
[  630.639430][T24155]  </TASK>
[  631.110117][T24161] netlink: 'syz.3.5611': attribute type 1 has an invalid length.
[  631.169280][T24165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  631.170405][T24160] bond3: entered promiscuous mode
[  631.277571][T24157] netlink: 'syz.0.5609': attribute type 10 has an invalid length.
[  631.315709][T24157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5609'.
[  631.457934][T24157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  631.548181][T24173] veth1_to_bridge: entered allmulticast mode
[  631.565292][T24173] A link change request failed with some changes committed already. Interface veth1_to_bridge may have been left with an inconsistent configuration, please check.
[  631.602009][T24173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5616'.
[  631.662088][T24177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5613'.
[  631.736360][T24181] netlink: 'syz.1.5619': attribute type 1 has an invalid length.
[  631.749742][T24180] netlink: 'syz.3.5618': attribute type 1 has an invalid length.
[  631.787306][T24181] 8021q: adding VLAN 0 to HW filter on device bond4
[  632.121499][T24197] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5622'.
[  632.154316][T24197] netlink: 'syz.0.5622': attribute type 7 has an invalid length.
[  632.174631][T24197] netlink: 'syz.0.5622': attribute type 8 has an invalid length.
[  632.207304][T24197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5622'.
[  632.783193][T24232] FAULT_INJECTION: forcing a failure.
[  632.783193][T24232] name failslab, interval 1, probability 0, space 0, times 0
[  632.814126][T24232] CPU: 0 UID: 0 PID: 24232 Comm: syz.3.5634 Not tainted syzkaller #0 PREEMPT(full) 
[  632.814158][T24232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  632.814172][T24232] Call Trace:
[  632.814181][T24232]  <TASK>
[  632.814192][T24232]  dump_stack_lvl+0xe8/0x150
[  632.814228][T24232]  should_fail_ex+0x412/0x560
[  632.814266][T24232]  should_failslab+0xa8/0x100
[  632.814297][T24232]  __kmalloc_noprof+0xe8/0x760
[  632.814322][T24232]  ? ethnl_default_set_doit+0x16a/0xad0
[  632.814361][T24232]  ethnl_default_set_doit+0x16a/0xad0
[  632.814394][T24232]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  632.814416][T24232]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  632.814447][T24232]  genl_family_rcv_msg_doit+0x22a/0x330
[  632.814471][T24232]  ? __asan_memcpy+0x40/0x70
[  632.814497][T24232]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  632.814534][T24232]  ? bpf_lsm_capable+0x9/0x20
[  632.814562][T24232]  ? security_capable+0x7e/0x2c0
[  632.814601][T24232]  genl_rcv_msg+0x61c/0x7a0
[  632.814629][T24232]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.814651][T24232]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  632.814684][T24232]  ? __lock_acquire+0x6b5/0x2cf0
[  632.814724][T24232]  netlink_rcv_skb+0x232/0x4b0
[  632.814753][T24232]  ? __pfx_genl_rcv_msg+0x10/0x10
[  632.814777][T24232]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  632.814844][T24232]  ? down_read+0x272/0x2e0
[  632.814866][T24232]  ? genl_rcv+0xd/0x40
[  632.814889][T24232]  genl_rcv+0x28/0x40
[  632.814908][T24232]  netlink_unicast+0x80f/0x9b0
[  632.814944][T24232]  ? __pfx_netlink_unicast+0x10/0x10
[  632.814972][T24232]  ? netlink_sendmsg+0x650/0xb40
[  632.814998][T24232]  ? skb_put+0x11b/0x210
[  632.815038][T24232]  netlink_sendmsg+0x813/0xb40
[  632.815077][T24232]  ? __pfx_netlink_sendmsg+0x10/0x10
[  632.815115][T24232]  ? aa_sock_msg_perm+0xf1/0x1b0
[  632.815138][T24232]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  632.815167][T24232]  ____sys_sendmsg+0x972/0x9f0
[  632.815208][T24232]  ? __pfx_____sys_sendmsg+0x10/0x10
[  632.815249][T24232]  ? import_iovec+0x73/0xa0
[  632.815277][T24232]  ___sys_sendmsg+0x2a5/0x360
[  632.815314][T24232]  ? __pfx____sys_sendmsg+0x10/0x10
[  632.815385][T24232]  ? __fget_files+0x2a/0x420
[  632.815405][T24232]  ? __fget_files+0x3a0/0x420
[  632.815437][T24232]  __x64_sys_sendmsg+0x1bd/0x2a0
[  632.815471][T24232]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  632.815514][T24232]  ? __pfx_ksys_write+0x10/0x10
[  632.815552][T24232]  do_syscall_64+0x14d/0xf80
[  632.815572][T24232]  ? trace_irq_disable+0x3b/0x150
[  632.815591][T24232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.815613][T24232]  ? clear_bhb_loop+0x40/0x90
[  632.815639][T24232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.815660][T24232] RIP: 0033:0x7f6f9ef9c819
[  632.815681][T24232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  632.815700][T24232] RSP: 002b:00007f6f9fd9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  632.815724][T24232] RAX: ffffffffffffffda RBX: 00007f6f9f215fa0 RCX: 00007f6f9ef9c819
[  632.815740][T24232] RDX: 0000000000008090 RSI: 0000200000001540 RDI: 0000000000000003
[  632.815754][T24232] RBP: 00007f6f9fd9f090 R08: 0000000000000000 R09: 0000000000000000
[  632.815767][T24232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  632.815780][T24232] R13: 00007f6f9f216038 R14: 00007f6f9f215fa0 R15: 00007ffff9d58268
[  632.815816][T24232]  </TASK>
[  634.091606][T24267] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  634.142132][T24269] syzkaller0: entered promiscuous mode
[  634.158446][T24269] syzkaller0: entered allmulticast mode
[  634.223703][T24271] bridge4: the hash_elasticity option has been deprecated and is always 16
[  634.237981][T24271] bridge4: entered allmulticast mode
[  634.485043][T24277] __nla_validate_parse: 5 callbacks suppressed
[  634.485066][T24277] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5651'.
[  634.634577][T24287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5655'.
[  635.398875][T24318] validate_nla: 4 callbacks suppressed
[  635.398898][T24318] netlink: 'syz.0.5665': attribute type 14 has an invalid length.
[  635.623293][T24326] TCP: TCP_TX_DELAY enabled
[  635.667668][T24329] netlink: 'syz.4.5669': attribute type 1 has an invalid length.
[  636.281081][T24346] mac80211_hwsim hwsim37 syzkaller0: entered promiscuous mode
[  636.308078][T24346] mac80211_hwsim hwsim37 syzkaller0: entered allmulticast mode
[  636.409483][T24348] netlink: 'syz.2.5677': attribute type 14 has an invalid length.
[  636.722937][T24357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5680'.
[  636.837228][T24361] netlink: 'syz.4.5683': attribute type 14 has an invalid length.
[  637.062987][T24373] netlink: 'syz.0.5689': attribute type 1 has an invalid length.
[  638.185621][T24415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5701'.
[  638.252845][T24417] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5702'.
[  639.223537][T24453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  639.260162][T24443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5714'.
[  639.362992][T24456] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5713'.
[  639.610259][T24458] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5715'.
[  639.865166][T24460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5716'.
[  640.668383][T24480] FAULT_INJECTION: forcing a failure.
[  640.668383][T24480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  640.733317][T24480] CPU: 1 UID: 0 PID: 24480 Comm: syz.4.5719 Not tainted syzkaller #0 PREEMPT(full) 
[  640.733349][T24480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  640.733362][T24480] Call Trace:
[  640.733371][T24480]  <TASK>
[  640.733381][T24480]  dump_stack_lvl+0xe8/0x150
[  640.733418][T24480]  should_fail_ex+0x412/0x560
[  640.733457][T24480]  _copy_to_iter+0x404/0x17d0
[  640.733484][T24480]  ? do_raw_spin_lock+0x12b/0x2f0
[  640.733517][T24480]  ? __pfx__copy_to_iter+0x10/0x10
[  640.733538][T24480]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  640.733569][T24480]  ? lockdep_hardirqs_on+0x7a/0x110
[  640.733590][T24480]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  640.733620][T24480]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[  640.733659][T24480]  __skb_datagram_iter+0xf8/0x980
[  640.733681][T24480]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  640.733712][T24480]  skb_copy_datagram_iter+0xb5/0x270
[  640.733738][T24480]  netlink_recvmsg+0x2c3/0xa50
[  640.733778][T24480]  ? __pfx_netlink_recvmsg+0x10/0x10
[  640.733804][T24480]  ? is_bpf_text_address+0x26/0x2b0
[  640.733834][T24480]  ? aa_sock_msg_perm+0xf1/0x1b0
[  640.733856][T24480]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  640.733879][T24480]  ? security_socket_recvmsg+0x7e/0x2c0
[  640.733904][T24480]  ? __pfx_netlink_recvmsg+0x10/0x10
[  640.733931][T24480]  sock_recvmsg+0x172/0x1b0
[  640.733960][T24480]  ____sys_recvmsg+0x1e6/0x4a0
[  640.734001][T24480]  ? __pfx_____sys_recvmsg+0x10/0x10
[  640.734049][T24480]  ? import_iovec+0x73/0xa0
[  640.734077][T24480]  ___sys_recvmsg+0x215/0x590
[  640.734106][T24480]  ? get_pid_task+0x20/0x1f0
[  640.734132][T24480]  ? __pfx____sys_recvmsg+0x10/0x10
[  640.734203][T24480]  ? __fget_files+0x3a0/0x420
[  640.734235][T24480]  __x64_sys_recvmsg+0x1ba/0x2a0
[  640.734276][T24480]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  640.734317][T24480]  ? __pfx_ksys_write+0x10/0x10
[  640.734354][T24480]  do_syscall_64+0x14d/0xf80
[  640.734373][T24480]  ? trace_irq_disable+0x3b/0x150
[  640.734391][T24480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.734413][T24480]  ? clear_bhb_loop+0x40/0x90
[  640.734439][T24480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.734460][T24480] RIP: 0033:0x7efe8879c819
[  640.734480][T24480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  640.734498][T24480] RSP: 002b:00007efe895ca028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  640.734521][T24480] RAX: ffffffffffffffda RBX: 00007efe88a15fa0 RCX: 00007efe8879c819
[  640.734537][T24480] RDX: 0000000000002000 RSI: 0000200000000540 RDI: 0000000000000003
[  640.734551][T24480] RBP: 00007efe895ca090 R08: 0000000000000000 R09: 0000000000000000
[  640.734564][T24480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.734576][T24480] R13: 00007efe88a16038 R14: 00007efe88a15fa0 R15: 00007fff9737cea8
[  640.734609][T24480]  </TASK>
[  642.053054][T24517] FAULT_INJECTION: forcing a failure.
[  642.053054][T24517] name failslab, interval 1, probability 0, space 0, times 0
[  642.067797][T24511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5730'.
[  642.106664][T24517] CPU: 1 UID: 0 PID: 24517 Comm: syz.1.5733 Not tainted syzkaller #0 PREEMPT(full) 
[  642.106695][T24517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  642.106708][T24517] Call Trace:
[  642.106716][T24517]  <TASK>
[  642.106726][T24517]  dump_stack_lvl+0xe8/0x150
[  642.106762][T24517]  should_fail_ex+0x412/0x560
[  642.106799][T24517]  should_failslab+0xa8/0x100
[  642.106829][T24517]  __kmalloc_noprof+0xe8/0x760
[  642.106854][T24517]  ? __kvmalloc_node_noprof+0x545/0x8a0
[  642.106878][T24517]  ? nla_strdup+0x9d/0x140
[  642.106899][T24517]  ? nf_tables_newset+0x1354/0x2580
[  642.106926][T24517]  nla_strdup+0x9d/0x140
[  642.106947][T24517]  ? nft_rhash_estimate+0x7f/0xa0
[  642.106975][T24517]  nf_tables_newset+0x1393/0x2580
[  642.107011][T24517]  ? __pfx_nf_tables_newset+0x10/0x10
[  642.107055][T24517]  ? __nla_parse+0x40/0x60
[  642.107083][T24517]  nfnetlink_rcv+0x1240/0x27b0
[  642.107145][T24517]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  642.107197][T24517]  ? ref_tracker_free+0x693/0x840
[  642.107249][T24517]  ? __netlink_deliver_tap+0x807/0x850
[  642.107276][T24517]  ? netlink_deliver_tap+0x2e/0x1b0
[  642.107321][T24517]  netlink_unicast+0x80f/0x9b0
[  642.107357][T24517]  ? __pfx_netlink_unicast+0x10/0x10
[  642.107384][T24517]  ? netlink_sendmsg+0x650/0xb40
[  642.107409][T24517]  ? skb_put+0x11b/0x210
[  642.107441][T24517]  netlink_sendmsg+0x813/0xb40
[  642.107480][T24517]  ? __pfx_netlink_sendmsg+0x10/0x10
[  642.107511][T24517]  ? aa_sock_msg_perm+0xf1/0x1b0
[  642.107533][T24517]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  642.107560][T24517]  ____sys_sendmsg+0x972/0x9f0
[  642.107598][T24517]  ? __pfx_____sys_sendmsg+0x10/0x10
[  642.107636][T24517]  ? import_iovec+0x73/0xa0
[  642.107664][T24517]  ___sys_sendmsg+0x2a5/0x360
[  642.107702][T24517]  ? __pfx____sys_sendmsg+0x10/0x10
[  642.107770][T24517]  ? __fget_files+0x2a/0x420
[  642.107788][T24517]  ? __fget_files+0x3a0/0x420
[  642.107819][T24517]  __x64_sys_sendmsg+0x1bd/0x2a0
[  642.107853][T24517]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  642.107892][T24517]  ? __pfx_ksys_write+0x10/0x10
[  642.107927][T24517]  do_syscall_64+0x14d/0xf80
[  642.107945][T24517]  ? trace_irq_disable+0x3b/0x150
[  642.107961][T24517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.107982][T24517]  ? clear_bhb_loop+0x40/0x90
[  642.108005][T24517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.108024][T24517] RIP: 0033:0x7f86f019c819
[  642.108045][T24517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  642.108062][T24517] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  642.108085][T24517] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  642.108101][T24517] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  642.108115][T24517] RBP: 00007f86f1020090 R08: 0000000000000000 R09: 0000000000000000
[  642.108128][T24517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  642.108141][T24517] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  642.108176][T24517]  </TASK>
[  642.741090][T24530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5735'.
[  642.776653][T24530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5735'.
[  642.935391][T24539] FAULT_INJECTION: forcing a failure.
[  642.935391][T24539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  642.967071][T24541] syzkaller1: entered promiscuous mode
[  642.976753][T24541] syzkaller1: entered allmulticast mode
[  642.985921][T24541] FAULT_INJECTION: forcing a failure.
[  642.985921][T24541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.000593][T24541] CPU: 0 UID: 0 PID: 24541 Comm: syz.2.5741 Not tainted syzkaller #0 PREEMPT(full) 
[  643.000622][T24541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  643.000635][T24541] Call Trace:
[  643.000644][T24541]  <TASK>
[  643.000653][T24541]  dump_stack_lvl+0xe8/0x150
[  643.000689][T24541]  should_fail_ex+0x412/0x560
[  643.000727][T24541]  _copy_from_iter+0x1d3/0x1670
[  643.000763][T24541]  ? __pfx__copy_from_iter+0x10/0x10
[  643.000783][T24541]  ? sock_alloc_send_pskb+0x896/0x990
[  643.000812][T24541]  ? __pfx__copy_from_iter+0x10/0x10
[  643.000837][T24541]  ? page_copy_sane+0x16a/0x270
[  643.000867][T24541]  copy_page_from_iter+0xdd/0x170
[  643.000901][T24541]  skb_copy_datagram_from_iter+0x306/0x710
[  643.000935][T24541]  tun_get_user+0xc38/0x3ed0
[  643.000981][T24541]  ? aa_file_perm+0x50e/0x15e0
[  643.001004][T24541]  ? __pfx_tun_get_user+0x10/0x10
[  643.001027][T24541]  ? aa_file_perm+0x192/0x15e0
[  643.001054][T24541]  ? __lock_acquire+0x6b5/0x2cf0
[  643.001092][T24541]  ? ref_tracker_alloc+0x35c/0x4c0
[  643.001126][T24541]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  643.001154][T24541]  ? tun_get+0x1c/0x2f0
[  643.001184][T24541]  ? tun_get+0x1c/0x2f0
[  643.001209][T24541]  ? tun_get+0x1c/0x2f0
[  643.001238][T24541]  tun_chr_write_iter+0x113/0x200
[  643.001267][T24541]  vfs_write+0x61d/0xb90
[  643.001300][T24541]  ? __pfx_vfs_write+0x10/0x10
[  643.001335][T24541]  ? __fget_files+0x2a/0x420
[  643.001365][T24541]  ksys_write+0x150/0x270
[  643.001391][T24541]  ? __pfx_ksys_write+0x10/0x10
[  643.001427][T24541]  do_syscall_64+0x14d/0xf80
[  643.001447][T24541]  ? trace_irq_disable+0x3b/0x150
[  643.001466][T24541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.001487][T24541]  ? clear_bhb_loop+0x40/0x90
[  643.001513][T24541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.001534][T24541] RIP: 0033:0x7f126d59c819
[  643.001554][T24541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  643.001572][T24541] RSP: 002b:00007f126e41b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  643.001595][T24541] RAX: ffffffffffffffda RBX: 00007f126d815fa0 RCX: 00007f126d59c819
[  643.001611][T24541] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000006
[  643.001624][T24541] RBP: 00007f126e41b090 R08: 0000000000000000 R09: 0000000000000000
[  643.001637][T24541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.001650][T24541] R13: 00007f126d816038 R14: 00007f126d815fa0 R15: 00007ffc27c67758
[  643.001683][T24541]  </TASK>
[  643.016173][T24539] CPU: 1 UID: 0 PID: 24539 Comm: syz.1.5740 Not tainted syzkaller #0 PREEMPT(full) 
[  643.016201][T24539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  643.016213][T24539] Call Trace:
[  643.016221][T24539]  <TASK>
[  643.016230][T24539]  dump_stack_lvl+0xe8/0x150
[  643.016264][T24539]  should_fail_ex+0x412/0x560
[  643.016299][T24539]  _copy_from_iter+0x1d3/0x1670
[  643.016324][T24539]  ? rcu_is_watching+0x15/0xb0
[  643.016356][T24539]  ? __pfx__copy_from_iter+0x10/0x10
[  643.016383][T24539]  ? netlink_sendmsg+0x650/0xb40
[  643.016407][T24539]  ? skb_put+0x11b/0x210
[  643.016442][T24539]  netlink_sendmsg+0x6c0/0xb40
[  643.016476][T24539]  ? __pfx_netlink_sendmsg+0x10/0x10
[  643.016504][T24539]  ? aa_sock_msg_perm+0xf1/0x1b0
[  643.016525][T24539]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  643.016550][T24539]  ____sys_sendmsg+0x972/0x9f0
[  643.016586][T24539]  ? __pfx_____sys_sendmsg+0x10/0x10
[  643.016623][T24539]  ? import_iovec+0x73/0xa0
[  643.016648][T24539]  ___sys_sendmsg+0x2a5/0x360
[  643.016681][T24539]  ? __pfx____sys_sendmsg+0x10/0x10
[  643.016749][T24539]  ? __fget_files+0x2a/0x420
[  643.016766][T24539]  ? __fget_files+0x3a0/0x420
[  643.016793][T24539]  __x64_sys_sendmsg+0x1bd/0x2a0
[  643.016823][T24539]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  643.016860][T24539]  ? __pfx_ksys_write+0x10/0x10
[  643.016904][T24539]  do_syscall_64+0x14d/0xf80
[  643.016923][T24539]  ? trace_irq_disable+0x3b/0x150
[  643.016940][T24539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.016960][T24539]  ? clear_bhb_loop+0x40/0x90
[  643.016983][T24539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.017002][T24539] RIP: 0033:0x7f86f019c819
[  643.017021][T24539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  643.017038][T24539] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  643.017060][T24539] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  643.017074][T24539] RDX: 0000000000008804 RSI: 00002000000001c0 RDI: 0000000000000006
[  643.017087][T24539] RBP: 00007f86f1020090 R08: 0000000000000000 R09: 0000000000000000
[  643.017099][T24539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.017110][T24539] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  643.017140][T24539]  </TASK>
[  643.598487][T24547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5743'.
[  643.610976][T24547] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5743'.
[  643.729426][T24551] netlink: 'syz.0.5747': attribute type 14 has an invalid length.
[  643.811753][T24558] netlink: 'syz.2.5748': attribute type 3 has an invalid length.
[  643.819681][T24558] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.5748'.
[  643.829655][T24558] netlink: 'syz.2.5748': attribute type 3 has an invalid length.
[  643.838693][T24558] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.5748'.
[  643.972890][T24564] syzkaller1: entered promiscuous mode
[  643.995373][T24564] syzkaller1: entered allmulticast mode
[  644.028598][T24571] IPVS: set_ctl: invalid protocol: 0 172.20.20.67:20003
[  644.149948][T24572] gre0 speed is unknown, defaulting to 1000
[  644.200836][T24579] netlink: 'syz.2.5755': attribute type 1 has an invalid length.
[  644.435950][T24593] netlink: 'syz.2.5761': attribute type 3 has an invalid length.
[  644.444091][T24593] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.5761'.
[  644.454278][T24593] netlink: 'syz.2.5761': attribute type 3 has an invalid length.
[  644.613156][T24602] netlink: 'syz.3.5764': attribute type 14 has an invalid length.
[  644.641136][T24602] __nla_validate_parse: 2 callbacks suppressed
[  644.641157][T24602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5764'.
[  644.697320][T24604] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5765'.
[  644.709649][T24604] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5765'.
[  644.959114][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  644.996306][T24617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5769'.
[  644.999924][T24616] netlink: 'syz.1.5768': attribute type 1 has an invalid length.
[  645.021806][T24617] bridge0: entered promiscuous mode
[  645.028505][T24617] macvlan2: entered allmulticast mode
[  645.039377][T24617] bridge0: entered allmulticast mode
[  645.059448][T24617] bridge0: port 3(macvlan2) entered blocking state
[  645.069107][T24617] bridge0: port 3(macvlan2) entered disabled state
[  645.099597][T24617] bridge0: left allmulticast mode
[  645.104829][T24617] bridge0: left promiscuous mode
[  645.422496][T24632] netlink: 'syz.3.5773': attribute type 3 has an invalid length.
[  645.430367][T24632] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.5773'.
[  645.443881][T24632] netlink: 'syz.3.5773': attribute type 3 has an invalid length.
[  645.471435][T24632] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.5773'.
[  645.490838][T24636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5776'.
[  645.939050][T24660] syzkaller0: entered promiscuous mode
[  645.956748][T24660] syzkaller0: entered allmulticast mode
[  646.798570][T24711] syzkaller1: tun_chr_ioctl cmd 1074025677
[  646.804637][T24711] syzkaller1: linktype set to 0
[  647.452046][T24718] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5800'.
[  647.462089][T24718] FAULT_INJECTION: forcing a failure.
[  647.462089][T24718] name failslab, interval 1, probability 0, space 0, times 0
[  647.475723][T24718] CPU: 0 UID: 0 PID: 24718 Comm: syz.0.5800 Not tainted syzkaller #0 PREEMPT(full) 
[  647.475754][T24718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  647.475767][T24718] Call Trace:
[  647.475776][T24718]  <TASK>
[  647.475785][T24718]  dump_stack_lvl+0xe8/0x150
[  647.475822][T24718]  should_fail_ex+0x412/0x560
[  647.475859][T24718]  should_failslab+0xa8/0x100
[  647.475888][T24718]  __kvmalloc_node_noprof+0x178/0x8a0
[  647.475912][T24718]  ? __nf_register_net_hook+0x232/0x930
[  647.475943][T24718]  ? nf_hook_entries_grow+0x288/0x720
[  647.475979][T24718]  nf_hook_entries_grow+0x288/0x720
[  647.476025][T24718]  __nf_register_net_hook+0x2c9/0x930
[  647.476068][T24718]  nf_register_net_hook+0xb2/0x190
[  647.476101][T24718]  nf_register_net_hooks+0x44/0x1b0
[  647.476145][T24718]  nf_ct_netns_do_get+0x3bf/0x5c0
[  647.476176][T24718]  ? rcu_is_watching+0x15/0xb0
[  647.476207][T24718]  ? __pfx_nf_ct_netns_do_get+0x10/0x10
[  647.476240][T24718]  ? __kmalloc_noprof+0x37d/0x760
[  647.476268][T24718]  ? nf_ct_netns_get+0xe9/0x320
[  647.476302][T24718]  nf_tables_newrule+0x17ac/0x28b0
[  647.476340][T24718]  ? __pfx_nf_tables_newrule+0x10/0x10
[  647.476363][T24718]  ? nfnl_pernet+0x23/0x240
[  647.476397][T24718]  ? __nla_parse+0x40/0x60
[  647.476431][T24718]  nfnetlink_rcv+0x1240/0x27b0
[  647.476455][T24718]  ? is_bpf_text_address+0x26/0x2b0
[  647.476517][T24718]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  647.476555][T24718]  ? __lock_acquire+0x6b5/0x2cf0
[  647.476620][T24718]  ? netlink_deliver_tap+0x2e/0x1b0
[  647.476669][T24718]  netlink_unicast+0x80f/0x9b0
[  647.476705][T24718]  ? __pfx_netlink_unicast+0x10/0x10
[  647.476733][T24718]  ? netlink_sendmsg+0x650/0xb40
[  647.476758][T24718]  ? skb_put+0x11b/0x210
[  647.476791][T24718]  netlink_sendmsg+0x813/0xb40
[  647.476830][T24718]  ? __pfx_netlink_sendmsg+0x10/0x10
[  647.476862][T24718]  ? aa_sock_msg_perm+0xf1/0x1b0
[  647.476885][T24718]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  647.476913][T24718]  ____sys_sendmsg+0x972/0x9f0
[  647.476955][T24718]  ? __pfx_____sys_sendmsg+0x10/0x10
[  647.476996][T24718]  ? import_iovec+0x73/0xa0
[  647.477027][T24718]  ___sys_sendmsg+0x2a5/0x360
[  647.477064][T24718]  ? __pfx____sys_sendmsg+0x10/0x10
[  647.477147][T24718]  ? __fget_files+0x2a/0x420
[  647.477166][T24718]  ? __fget_files+0x3a0/0x420
[  647.477199][T24718]  __x64_sys_sendmsg+0x1bd/0x2a0
[  647.477232][T24718]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  647.477274][T24718]  ? __pfx_ksys_write+0x10/0x10
[  647.477312][T24718]  do_syscall_64+0x14d/0xf80
[  647.477332][T24718]  ? trace_irq_disable+0x3b/0x150
[  647.477351][T24718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.477372][T24718]  ? clear_bhb_loop+0x40/0x90
[  647.477398][T24718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.477419][T24718] RIP: 0033:0x7f15e8b9c819
[  647.477440][T24718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  647.477457][T24718] RSP: 002b:00007f15e9999028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  647.477479][T24718] RAX: ffffffffffffffda RBX: 00007f15e8e15fa0 RCX: 00007f15e8b9c819
[  647.477495][T24718] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  647.477508][T24718] RBP: 00007f15e9999090 R08: 0000000000000000 R09: 0000000000000000
[  647.477522][T24718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  647.477534][T24718] R13: 00007f15e8e16038 R14: 00007f15e8e15fa0 R15: 00007fff7c6702b8
[  647.477570][T24718]  </TASK>
[  648.886862][T24663] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  649.307774][T24758] netlink: 144 bytes leftover after parsing attributes in process `syz.2.5811'.
[  649.388482][T24763] validate_nla: 2 callbacks suppressed
[  649.388503][T24763] netlink: 'syz.3.5819': attribute type 1 has an invalid length.
[  649.605787][T24773] netlink: 'syz.3.5823': attribute type 32 has an invalid length.
[  649.731819][T24778] FAULT_INJECTION: forcing a failure.
[  649.731819][T24778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  649.763752][T24778] CPU: 1 UID: 0 PID: 24778 Comm: syz.1.5825 Not tainted syzkaller #0 PREEMPT(full) 
[  649.763784][T24778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  649.763797][T24778] Call Trace:
[  649.763806][T24778]  <TASK>
[  649.763815][T24778]  dump_stack_lvl+0xe8/0x150
[  649.763850][T24778]  should_fail_ex+0x412/0x560
[  649.763888][T24778]  _copy_from_user+0x2d/0xb0
[  649.763924][T24778]  ___sys_recvmsg+0x175/0x590
[  649.763953][T24778]  ? __lock_acquire+0x6b5/0x2cf0
[  649.763986][T24778]  ? __pfx____sys_recvmsg+0x10/0x10
[  649.764055][T24778]  do_recvmmsg+0x334/0x800
[  649.764085][T24778]  ? __pfx_do_recvmmsg+0x10/0x10
[  649.764128][T24778]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  649.764167][T24778]  __x64_sys_recvmmsg+0x198/0x250
[  649.764192][T24778]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  649.764224][T24778]  do_syscall_64+0x14d/0xf80
[  649.764244][T24778]  ? trace_irq_disable+0x3b/0x150
[  649.764264][T24778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.764285][T24778]  ? clear_bhb_loop+0x40/0x90
[  649.764311][T24778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.764332][T24778] RIP: 0033:0x7f86f019c819
[  649.764353][T24778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  649.764372][T24778] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  649.764397][T24778] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  649.764412][T24778] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  649.764427][T24778] RBP: 00007f86f1020090 R08: 0000000000000000 R09: 0000000000000000
[  649.764440][T24778] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  649.764452][T24778] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  649.764484][T24778]  </TASK>
[  650.103416][T24783] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  650.138824][  T796] gre0 speed is unknown, defaulting to 1000
[  650.162027][   T36] bridge_slave_1: left allmulticast mode
[  650.172131][   T36] bridge_slave_1: left promiscuous mode
[  650.193773][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.217897][   T36] bridge_slave_0: left allmulticast mode
[  650.223626][   T36] bridge_slave_0: left promiscuous mode
[  650.240126][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.327419][   T36] pimreg: left allmulticast mode
[  650.402553][T24798] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5832'.
[  650.428568][T24805] netlink: 'syz.2.5835': attribute type 3 has an invalid length.
[  650.439463][T24805] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5835'.
[  650.578389][   T36] gretap0 (unregistering): left promiscuous mode
[  650.639566][   T36] bond0 (unregistering): (slave bridge1): Releasing active interface
[  650.647764][   T36] bridge1 (unregistering): left promiscuous mode
[  650.654139][   T36] bridge1 (unregistering): left allmulticast mode
[  650.768376][   T36] bond0 (unregistering): left promiscuous mode
[  650.778708][   T36] bond0 (unregistering): Released all slaves
[  650.793776][   T36] bond1 (unregistering): (slave veth9): Releasing active interface
[  650.806037][   T36] bond1 (unregistering): Released all slaves
[  650.822901][   T36] bond2 (unregistering): Released all slaves
[  650.949745][   T36] !: left promiscuous mode
[  651.070221][   T36] tipc: Disabling bearer <eth:syzkaller0>
[  651.081929][   T36] tipc: Left network mode
[  651.447573][T24829] netlink: 144 bytes leftover after parsing attributes in process `syz.3.5844'.
[  651.474575][T24829] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  651.592146][T24842] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5844'.
[  651.617745][T24842] openvswitch: netlink: Flow key attr not present in new flow.
[  651.656740][T24844] netlink: 'syz.2.5847': attribute type 1 has an invalid length.
[  651.674716][T24844] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5847'.
[  651.696667][T24844] netlink: 1 bytes leftover after parsing attributes in process `syz.2.5847'.
[  651.770379][T24850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5849'.
[  651.780690][T24851] netlink: 'syz.0.5848': attribute type 1 has an invalid length.
[  651.800042][T24851] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5848'.
[  652.340752][T24873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5853'.
[  652.401317][T24877] xt_hashlimit: size too large, truncated to 1048576
[  652.490739][T24873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5853'.
[  653.478906][   T36] hsr_slave_0: left promiscuous mode
[  653.518783][   T36] hsr_slave_1: left promiscuous mode
[  653.543986][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.592007][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.614965][   T36] batman_adv: batadv0: Removing interface: dummy0
[  653.800711][   T36] veth0_macvtap (unregistering): left allmulticast mode
[  654.111684][   T36] team0 (unregistering): Port device team_slave_1 removed
[  654.133707][   T36] team0 (unregistering): Port device team_slave_0 removed
[  654.351091][T24916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  655.174936][   T36] IPVS: stop unused estimator thread 0...
[  655.482423][T24985] __nla_validate_parse: 1 callbacks suppressed
[  655.482444][T24985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5876'.
[  655.675606][T24991] FAULT_INJECTION: forcing a failure.
[  655.675606][T24991] name failslab, interval 1, probability 0, space 0, times 0
[  655.716955][T24991] CPU: 0 UID: 0 PID: 24991 Comm: syz.1.5877 Not tainted syzkaller #0 PREEMPT(full) 
[  655.716990][T24991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  655.717003][T24991] Call Trace:
[  655.717012][T24991]  <TASK>
[  655.717022][T24991]  dump_stack_lvl+0xe8/0x150
[  655.717061][T24991]  should_fail_ex+0x412/0x560
[  655.717099][T24991]  should_failslab+0xa8/0x100
[  655.717141][T24991]  __kmalloc_cache_noprof+0x88/0x660
[  655.717168][T24991]  ? sctp_add_bind_addr+0x8c/0x370
[  655.717196][T24991]  sctp_add_bind_addr+0x8c/0x370
[  655.717223][T24991]  sctp_copy_local_addr_list+0x314/0x4f0
[  655.717249][T24991]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  655.717272][T24991]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  655.717306][T24991]  ? sctp_v6_is_any+0x64/0x80
[  655.717329][T24991]  ? sctp_copy_one_addr+0x93/0x360
[  655.717357][T24991]  sctp_bind_addr_copy+0xb3/0x3c0
[  655.717380][T24991]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  655.717413][T24991]  sctp_connect_new_asoc+0x2ff/0x6b0
[  655.717451][T24991]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  655.717485][T24991]  ? __local_bh_enable_ip+0xd0/0x130
[  655.717512][T24991]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  655.717539][T24991]  ? security_sctp_bind_connect+0x7e/0x2c0
[  655.717570][T24991]  sctp_sendmsg+0x1528/0x2c10
[  655.717610][T24991]  ? __pfx_sctp_sendmsg+0x10/0x10
[  655.717639][T24991]  ? aa_sk_perm+0x6d5/0x900
[  655.717679][T24991]  ? __pfx_aa_sk_perm+0x10/0x10
[  655.717714][T24991]  ? sock_rps_record_flow+0x19/0x350
[  655.717743][T24991]  ? __pfx_inet_sendmsg+0x10/0x10
[  655.717774][T24991]  ? inet_sendmsg+0x2f4/0x370
[  655.717803][T24991]  ? __pfx_inet_sendmsg+0x10/0x10
[  655.717833][T24991]  __sys_sendto+0x5de/0x710
[  655.717864][T24991]  ? __pfx___sys_sendto+0x10/0x10
[  655.717889][T24991]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  655.717927][T24991]  ? __fget_files+0x3a0/0x420
[  655.717960][T24991]  ? ksys_write+0x242/0x270
[  655.717989][T24991]  ? __pfx_ksys_write+0x10/0x10
[  655.718020][T24991]  __x64_sys_sendto+0xde/0x100
[  655.718053][T24991]  do_syscall_64+0x14d/0xf80
[  655.718074][T24991]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.718096][T24991]  ? clear_bhb_loop+0x40/0x90
[  655.718132][T24991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.718153][T24991] RIP: 0033:0x7f86f019c819
[  655.718175][T24991] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  655.718193][T24991] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  655.718218][T24991] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  655.718234][T24991] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003
[  655.718248][T24991] RBP: 00007f86f1020090 R08: 000020000005ffe4 R09: 000000000000001c
[  655.718262][T24991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  655.718275][T24991] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  655.718310][T24991]  </TASK>
[  656.622897][T25017] netlink: 41 bytes leftover after parsing attributes in process `syz.1.5885'.
[  656.633602][T25017] netlink: 140 bytes leftover after parsing attributes in process `syz.1.5885'.
[  656.643799][T25017] netlink: 41 bytes leftover after parsing attributes in process `syz.1.5885'.
[  656.671579][T25017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5885'.
[  656.790917][T25027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5888'.
[  656.912918][T25033] syzkaller1: entered promiscuous mode
[  656.918688][T25033] syzkaller1: entered allmulticast mode
[  657.256735][T25049] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5894'.
[  657.278982][T25049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5894'.
[  657.309448][T25049] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5894'.
[  657.328822][T25049] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5894'.
[  657.651187][T25056] netlink: 'syz.3.5895': attribute type 12 has an invalid length.
[  658.350328][T25097] FAULT_INJECTION: forcing a failure.
[  658.350328][T25097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.412748][T25097] CPU: 0 UID: 0 PID: 25097 Comm: syz.0.5905 Not tainted syzkaller #0 PREEMPT(full) 
[  658.412781][T25097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  658.412794][T25097] Call Trace:
[  658.412802][T25097]  <TASK>
[  658.412812][T25097]  dump_stack_lvl+0xe8/0x150
[  658.412846][T25097]  should_fail_ex+0x412/0x560
[  658.412883][T25097]  _copy_from_user+0x2d/0xb0
[  658.412909][T25097]  ___sys_sendmsg+0x1c6/0x360
[  658.412946][T25097]  ? __pfx____sys_sendmsg+0x10/0x10
[  658.413012][T25097]  ? __fget_files+0x2a/0x420
[  658.413031][T25097]  ? __fget_files+0x3a0/0x420
[  658.413060][T25097]  __x64_sys_sendmsg+0x1bd/0x2a0
[  658.413103][T25097]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  658.413144][T25097]  ? __pfx_ksys_write+0x10/0x10
[  658.413181][T25097]  do_syscall_64+0x14d/0xf80
[  658.413201][T25097]  ? trace_irq_disable+0x3b/0x150
[  658.413220][T25097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.413242][T25097]  ? clear_bhb_loop+0x40/0x90
[  658.413267][T25097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.413288][T25097] RIP: 0033:0x7f15e8b9c819
[  658.413309][T25097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  658.413327][T25097] RSP: 002b:00007f15e9999028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  658.413350][T25097] RAX: ffffffffffffffda RBX: 00007f15e8e15fa0 RCX: 00007f15e8b9c819
[  658.413366][T25097] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  658.413380][T25097] RBP: 00007f15e9999090 R08: 0000000000000000 R09: 0000000000000000
[  658.413393][T25097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.413407][T25097] R13: 00007f15e8e16038 R14: 00007f15e8e15fa0 R15: 00007fff7c6702b8
[  658.413441][T25097]  </TASK>
[  658.617804][T25107] x_tables: duplicate underflow at hook 4
[  658.634601][T25110] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  658.641988][T25110] IPv6: NLM_F_CREATE should be set when creating new route
[  658.649306][T25110] IPv6: NLM_F_CREATE should be set when creating new route
[  659.010511][T25124] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  659.030770][T25124] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  659.151105][T25124] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  659.532763][T25151] netlink: 'syz.2.5916': attribute type 5 has an invalid length.
[  659.773687][T25159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.828224][T25159] netlink: 'syz.4.5917': attribute type 10 has an invalid length.
[  659.903832][T25159] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.979365][T25168] netlink: 'syz.0.5920': attribute type 14 has an invalid length.
[  660.392741][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  660.464551][   T30] audit: type=1107 audit(1775815829.831:8): pid=25182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  661.197741][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  661.721585][T25216] __nla_validate_parse: 12 callbacks suppressed
[  661.721607][T25216] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5935'.
[  662.022478][T25223] FAULT_INJECTION: forcing a failure.
[  662.022478][T25223] name failslab, interval 1, probability 0, space 0, times 0
[  662.049662][T25223] CPU: 1 UID: 0 PID: 25223 Comm: syz.0.5939 Not tainted syzkaller #0 PREEMPT(full) 
[  662.049694][T25223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  662.049706][T25223] Call Trace:
[  662.049715][T25223]  <TASK>
[  662.049723][T25223]  dump_stack_lvl+0xe8/0x150
[  662.049757][T25223]  should_fail_ex+0x412/0x560
[  662.049794][T25223]  should_failslab+0xa8/0x100
[  662.049820][T25223]  ? dst_alloc+0x105/0x170
[  662.049839][T25223]  kmem_cache_alloc_noprof+0x87/0x650
[  662.049860][T25223]  ? __lock_acquire+0x6b5/0x2cf0
[  662.049895][T25223]  dst_alloc+0x105/0x170
[  662.049913][T25223]  ? ip_check_mc_rcu+0x400/0x680
[  662.049940][T25223]  ip_route_output_key_hash_rcu+0x14d0/0x25d0
[  662.049979][T25223]  ? ip_route_output_key_hash+0xd8/0x2a0
[  662.050009][T25223]  ip_route_output_key_hash+0x18d/0x2a0
[  662.050040][T25223]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  662.050097][T25223]  ip_route_output_flow+0x2a/0x150
[  662.050122][T25223]  ? security_sk_classify_flow+0x6d/0x150
[  662.050151][T25223]  raw_sendmsg+0x1199/0x1a50
[  662.050195][T25223]  ? __pfx_raw_sendmsg+0x10/0x10
[  662.050239][T25223]  ? irqentry_exit+0x59e/0x620
[  662.050259][T25223]  ? lockdep_hardirqs_on+0x7a/0x110
[  662.050292][T25223]  ? sock_rps_record_flow+0x19/0x350
[  662.050324][T25223]  ? inet_sendmsg+0x2f4/0x370
[  662.050356][T25223]  ____sys_sendmsg+0x80a/0x9f0
[  662.050395][T25223]  ? __pfx_____sys_sendmsg+0x10/0x10
[  662.050434][T25223]  ? import_iovec+0x73/0xa0
[  662.050462][T25223]  ___sys_sendmsg+0x2a5/0x360
[  662.050497][T25223]  ? __pfx____sys_sendmsg+0x10/0x10
[  662.050537][T25223]  ? finish_task_switch+0x240/0x920
[  662.050561][T25223]  ? lockdep_hardirqs_on+0x7a/0x110
[  662.050607][T25223]  ? __fget_files+0x2a/0x420
[  662.050626][T25223]  ? __fget_files+0x3a0/0x420
[  662.050655][T25223]  __x64_sys_sendmsg+0x1bd/0x2a0
[  662.050687][T25223]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  662.050726][T25223]  ? rcu_is_watching+0x15/0xb0
[  662.050766][T25223]  do_syscall_64+0x14d/0xf80
[  662.050785][T25223]  ? trace_irq_disable+0x3b/0x150
[  662.050802][T25223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.050823][T25223]  ? clear_bhb_loop+0x40/0x90
[  662.050848][T25223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.050873][T25223] RIP: 0033:0x7f15e8b9c819
[  662.050894][T25223] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  662.050911][T25223] RSP: 002b:00007f15e9999028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  662.050934][T25223] RAX: ffffffffffffffda RBX: 00007f15e8e15fa0 RCX: 00007f15e8b9c819
[  662.050948][T25223] RDX: 000000002400c804 RSI: 0000200000000900 RDI: 0000000000000003
[  662.050961][T25223] RBP: 00007f15e9999090 R08: 0000000000000000 R09: 0000000000000000
[  662.050974][T25223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.050986][T25223] R13: 00007f15e8e16038 R14: 00007f15e8e15fa0 R15: 00007fff7c6702b8
[  662.051019][T25223]  </TASK>
[  662.152207][T25226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5938'.
[  662.370200][T25226] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5938'.
[  662.465751][T25238] FAULT_INJECTION: forcing a failure.
[  662.465751][T25238] name failslab, interval 1, probability 0, space 0, times 0
[  662.515315][T25238] CPU: 1 UID: 0 PID: 25238 Comm: syz.3.5942 Not tainted syzkaller #0 PREEMPT(full) 
[  662.515343][T25238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  662.515356][T25238] Call Trace:
[  662.515364][T25238]  <TASK>
[  662.515372][T25238]  dump_stack_lvl+0xe8/0x150
[  662.515407][T25238]  should_fail_ex+0x412/0x560
[  662.515440][T25238]  should_failslab+0xa8/0x100
[  662.515468][T25238]  __kvmalloc_node_noprof+0x178/0x8a0
[  662.515493][T25238]  ? xt_alloc_table_info+0x40/0xb0
[  662.515517][T25238]  xt_alloc_table_info+0x40/0xb0
[  662.515535][T25238]  do_ip6t_set_ctl+0x90c/0xe10
[  662.515559][T25238]  ? rcu_is_watching+0x15/0xb0
[  662.515587][T25238]  ? trace_contention_end+0x3d/0x150
[  662.515606][T25238]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  662.515640][T25238]  ? __pfx___mutex_lock+0x10/0x10
[  662.515661][T25238]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  662.515685][T25238]  ? __pfx_aa_sk_perm+0x10/0x10
[  662.515725][T25238]  nf_setsockopt+0x26f/0x290
[  662.515746][T25238]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  662.515770][T25238]  do_sock_setsockopt+0x17c/0x1b0
[  662.515800][T25238]  __x64_sys_setsockopt+0x13d/0x1b0
[  662.515832][T25238]  do_syscall_64+0x14d/0xf80
[  662.515851][T25238]  ? trace_irq_disable+0x3b/0x150
[  662.515867][T25238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.515886][T25238]  ? clear_bhb_loop+0x40/0x90
[  662.515907][T25238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.515926][T25238] RIP: 0033:0x7f6f9ef9c819
[  662.515946][T25238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  662.515961][T25238] RSP: 002b:00007f6f9fd9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  662.515982][T25238] RAX: ffffffffffffffda RBX: 00007f6f9f215fa0 RCX: 00007f6f9ef9c819
[  662.515996][T25238] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  662.516008][T25238] RBP: 00007f6f9fd9f090 R08: 0000000000000458 R09: 0000000000000000
[  662.516021][T25238] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  662.516034][T25238] R13: 00007f6f9f216038 R14: 00007f6f9f215fa0 R15: 00007ffff9d58268
[  662.516078][T25238]  </TASK>
[  662.839034][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  662.873046][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  662.907295][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  662.933554][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  662.942132][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  663.052362][T25244] gre0 speed is unknown, defaulting to 1000
[  663.231992][T25260] FAULT_INJECTION: forcing a failure.
[  663.231992][T25260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  663.286685][T25260] CPU: 0 UID: 0 PID: 25260 Comm: syz.1.5948 Not tainted syzkaller #0 PREEMPT(full) 
[  663.286718][T25260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  663.286731][T25260] Call Trace:
[  663.286740][T25260]  <TASK>
[  663.286749][T25260]  dump_stack_lvl+0xe8/0x150
[  663.286784][T25260]  should_fail_ex+0x412/0x560
[  663.286821][T25260]  _copy_from_user+0x2d/0xb0
[  663.286848][T25260]  kstrtouint_from_user+0xd6/0x180
[  663.286873][T25260]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  663.286911][T25260]  proc_fail_nth_write+0x8e/0x210
[  663.286943][T25260]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  663.286985][T25260]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  663.287016][T25260]  vfs_write+0x29a/0xb90
[  663.287049][T25260]  ? __pfx_vfs_write+0x10/0x10
[  663.287087][T25260]  ? __fget_files+0x2a/0x420
[  663.287112][T25260]  ? __fget_files+0x3a0/0x420
[  663.287130][T25260]  ? __fget_files+0x2a/0x420
[  663.287160][T25260]  ksys_write+0x150/0x270
[  663.287187][T25260]  ? __pfx_ksys_write+0x10/0x10
[  663.287222][T25260]  do_syscall_64+0x14d/0xf80
[  663.287243][T25260]  ? trace_irq_disable+0x3b/0x150
[  663.287262][T25260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.287283][T25260]  ? clear_bhb_loop+0x40/0x90
[  663.287309][T25260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.287329][T25260] RIP: 0033:0x7f86f015d04e
[  663.287349][T25260] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  663.287368][T25260] RSP: 002b:00007f86f0ffefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  663.287392][T25260] RAX: ffffffffffffffda RBX: 00007f86f0fff6c0 RCX: 00007f86f015d04e
[  663.287407][T25260] RDX: 0000000000000001 RSI: 00007f86f0fff0a0 RDI: 0000000000000003
[  663.287420][T25260] RBP: 00007f86f0fff090 R08: 0000000000000000 R09: 0000000000000000
[  663.287433][T25260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.287445][T25260] R13: 00007f86f0416128 R14: 00007f86f0416090 R15: 00007ffe696d8898
[  663.287479][T25260]  </TASK>
[  663.698176][T15867] syz_tun (unregistering): left allmulticast mode
[  663.704716][T15867] syz_tun (unregistering): left promiscuous mode
[  663.711388][T15867] bridge0: port 1(syz_tun) entered disabled state
[  663.752128][T25250] gre0 speed is unknown, defaulting to 1000
[  663.855944][T25272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5950'.
[  664.296094][T25280] "syz.2.5953" (25280) uses obsolete ecb(arc4) skcipher
[  664.568240][T25244] chnl_net:caif_netlink_parms(): no params data found
[  665.038623][ T5833] Bluetooth: hci0: command tx timeout
[  665.059256][ T9143] bridge_slave_1: left allmulticast mode
[  665.064982][ T9143] bridge_slave_1: left promiscuous mode
[  665.071613][ T9143] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.081865][ T9143] bond1: left allmulticast mode
[  665.087045][ T9143] bond1: left promiscuous mode
[  665.092083][ T9143] bridge1: port 1(bond1) entered disabled state
[  665.355841][T25320] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5963'.
[  665.541714][ T9143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  665.550830][ T9143] bond_slave_0: left promiscuous mode
[  665.557954][ T9143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  665.567291][ T9143] bond_slave_1: left promiscuous mode
[  665.573243][ T9143] bond0 (unregistering): Released all slaves
[  665.583387][ T9143] bond1 (unregistering): Released all slaves
[  665.604551][ T9143] bond2 (unregistering): (slave batadv1): Releasing active interface
[  665.616099][ T9143] batadv1: left promiscuous mode
[  665.622084][ T9143] batadv1: left allmulticast mode
[  665.628118][ T9143] bond2 (unregistering): Released all slaves
[  665.641812][ T9143] bond3 (unregistering): Released all slaves
[  665.662461][T25244] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.670584][T25244] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.678280][T25244] bridge_slave_0: entered allmulticast mode
[  665.685618][T25244] bridge_slave_0: entered promiscuous mode
[  665.703362][T25244] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.737738][T25244] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.745068][T25244] bridge_slave_1: entered allmulticast mode
[  665.795827][T25244] bridge_slave_1: entered promiscuous mode
[  665.854511][ T9143] !: left promiscuous mode
[  666.066632][T25244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  666.130500][T25244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  666.133082][T25332] netlink: 'syz.1.5966': attribute type 3 has an invalid length.
[  666.166715][T25332] netlink: 4344 bytes leftover after parsing attributes in process `syz.1.5966'.
[  666.229975][T25332] netlink: 'syz.1.5966': attribute type 3 has an invalid length.
[  666.316562][T25332] netlink: 4344 bytes leftover after parsing attributes in process `syz.1.5966'.
[  666.458529][T25341] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5967'.
[  666.498675][T25244] team0: Port device team_slave_0 added
[  666.526184][T25244] team0: Port device team_slave_1 added
[  666.808260][T25244] batman_adv: batadv0: Adding interface: batadv_slave_0
[  666.824799][T25359] netlink: 'syz.1.5969': attribute type 1 has an invalid length.
[  666.825639][T25244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  666.914888][T25244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  666.990503][T25244] batman_adv: batadv0: Adding interface: batadv_slave_1
[  667.006945][T25244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  667.117428][ T5833] Bluetooth: hci0: command tx timeout
[  667.168620][T25244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  667.376728][T25381] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5970'.
[  667.670434][T25244] hsr_slave_0: entered promiscuous mode
[  667.685701][T25244] hsr_slave_1: entered promiscuous mode
[  667.721045][T25244] debugfs: 'hsr0' already exists in 'hsr'
[  667.757110][T25244] Cannot create hsr debugfs directory
[  667.896261][ T9143] hsr_slave_0: left promiscuous mode
[  667.902679][ T9143] hsr_slave_1: left promiscuous mode
[  667.909431][ T9143] batman_adv: batadv0: Removing interface: batadv_slave_0
[  667.939836][ T9143] batman_adv: batadv0: Removing interface: batadv_slave_1
[  667.949275][ T9143] batman_adv: batadv0: Removing interface: dummy0
[  668.294104][ T9143] team0 (unregistering): Port device team_slave_1 removed
[  668.329537][ T9143] team0 (unregistering): Port device team_slave_0 removed
[  668.402210][T25418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5975'.
[  668.960089][T25435] netlink: 'syz.1.5978': attribute type 10 has an invalid length.
[  669.034893][T25441] netlink: 164 bytes leftover after parsing attributes in process `syz.3.5980'.
[  669.184982][T25449] netlink: 'syz.1.5982': attribute type 1 has an invalid length.
[  669.198476][ T5833] Bluetooth: hci0: command tx timeout
[  669.231361][ T5892] hid-generic 0005:15C2:0006.0005: item fetching failed at offset 0/1
[  669.249317][ T5892] hid-generic 0005:15C2:0006.0005: probe with driver hid-generic failed with error -22
[  669.443905][ T9143] IPVS: stop unused estimator thread 0...
[  669.745039][T25473] netlink: 'syz.2.5986': attribute type 2 has an invalid length.
[  669.820315][T25469] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5986'.
[  669.861209][T25473] !©�9: entered promiscuous mode
[  670.082386][T25244] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  670.109364][T25244] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  670.139723][T25244] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  670.176409][T25244] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  670.404528][T25499] netlink: 'syz.1.5992': attribute type 2 has an invalid length.
[  670.458229][T25497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5992'.
[  670.495483][T25499] !©�9: entered promiscuous mode
[  670.765420][T25244] 8021q: adding VLAN 0 to HW filter on device bond0
[  670.861256][T25244] 8021q: adding VLAN 0 to HW filter on device team0
[  670.932690][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.939956][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  670.990753][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.998069][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  671.277531][ T5833] Bluetooth: hci0: command tx timeout
[  671.677056][T25553] lo: Caught tx_queue_len zero misconfig
[  671.867738][T25563] FAULT_INJECTION: forcing a failure.
[  671.867738][T25563] name failslab, interval 1, probability 0, space 0, times 0
[  671.922028][T25553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6000'.
[  671.944899][T25563] CPU: 0 UID: 0 PID: 25563 Comm: syz.1.6002 Not tainted syzkaller #0 PREEMPT(full) 
[  671.944941][T25563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  671.944954][T25563] Call Trace:
[  671.944962][T25563]  <TASK>
[  671.944972][T25563]  dump_stack_lvl+0xe8/0x150
[  671.945008][T25563]  should_fail_ex+0x412/0x560
[  671.945048][T25563]  should_failslab+0xa8/0x100
[  671.945079][T25563]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  671.945105][T25563]  ? __alloc_skb+0x1d0/0x7d0
[  671.945131][T25563]  ? __local_bh_enable_ip+0xd0/0x130
[  671.945164][T25563]  __alloc_skb+0x1d0/0x7d0
[  671.945198][T25563]  mgmt_cmd_status+0x41/0x500
[  671.945231][T25563]  set_bredr+0x190/0xa40
[  671.945267][T25563]  ? __pfx_set_bredr+0x10/0x10
[  671.945316][T25563]  hci_mgmt_cmd+0xa14/0xfa0
[  671.945355][T25563]  hci_sock_sendmsg+0x6dd/0xf40
[  671.945378][T25563]  ? __pfx_aa_sk_perm+0x10/0x10
[  671.945414][T25563]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  671.945437][T25563]  ? aa_sock_msg_perm+0xf1/0x1b0
[  671.945461][T25563]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  671.945488][T25563]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  671.945509][T25563]  sock_write_iter+0x49b/0x4f0
[  671.945536][T25563]  ? __pfx_sock_write_iter+0x10/0x10
[  671.945572][T25563]  ? bpf_lsm_file_permission+0x9/0x20
[  671.945598][T25563]  ? security_file_permission+0x75/0x260
[  671.945638][T25563]  vfs_write+0x61d/0xb90
[  671.945673][T25563]  ? __pfx_vfs_write+0x10/0x10
[  671.945708][T25563]  ? __fget_files+0x2a/0x420
[  671.945741][T25563]  ksys_write+0x150/0x270
[  671.945768][T25563]  ? __pfx_ksys_write+0x10/0x10
[  671.945813][T25563]  do_syscall_64+0x14d/0xf80
[  671.945835][T25563]  ? trace_irq_disable+0x3b/0x150
[  671.945852][T25563]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.945872][T25563]  ? clear_bhb_loop+0x40/0x90
[  671.945897][T25563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.945925][T25563] RIP: 0033:0x7f86f019c819
[  671.945944][T25563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  671.945963][T25563] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  671.945985][T25563] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  671.946001][T25563] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000006
[  671.946014][T25563] RBP: 00007f86f1020090 R08: 0000000000000000 R09: 0000000000000000
[  671.946027][T25563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.946040][T25563] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  671.946077][T25563]  </TASK>
[  671.997423][T25553] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6000'.
[  672.318465][T25244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  672.544575][T25581] netlink: 'syz.1.6006': attribute type 13 has an invalid length.
[  672.612855][T25575] xt_CT: No such helper "snmp_trap"
[  672.791456][T25595] netlink: 'syz.0.6008': attribute type 2 has an invalid length.
[  672.841971][T25591] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6008'.
[  672.875393][T25598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6007'.
[  672.919420][T25598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6007'.
[  673.048923][T25581] bridge0: port 2(bridge_slave_1) entered disabled state
[  673.057006][T25581] bridge0: port 1(bridge_slave_0) entered disabled state
[  673.652016][T25581] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  673.765043][T25581] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  674.372136][T22525] gre0 speed is unknown, defaulting to 1000
[  674.389039][T22525] syz1: Port: 1 Link DOWN
[  674.394283][T22525] gre0 speed is unknown, defaulting to 1000
[  674.421507][T25595] !©�9: entered promiscuous mode
[  674.476535][   T12] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  674.508611][   T12] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  674.577282][   T12] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  674.585759][   T12] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  675.021306][T25244] veth0_vlan: entered promiscuous mode
[  675.069827][T25244] veth1_vlan: entered promiscuous mode
[  675.167988][T25244] veth0_macvtap: entered promiscuous mode
[  675.182387][T25244] veth1_macvtap: entered promiscuous mode
[  675.315605][T25244] batman_adv: batadv0: Interface activated: batadv_slave_0
[  675.375699][T25244] batman_adv: batadv0: Interface activated: batadv_slave_1
[  675.459731][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  675.478603][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  675.514004][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  675.558234][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  675.587768][T25680] FAULT_INJECTION: forcing a failure.
[  675.587768][T25680] name failslab, interval 1, probability 0, space 0, times 0
[  675.669721][T25680] CPU: 0 UID: 0 PID: 25680 Comm: syz.2.6018 Not tainted syzkaller #0 PREEMPT(full) 
[  675.669751][T25680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  675.669763][T25680] Call Trace:
[  675.669772][T25680]  <TASK>
[  675.669781][T25680]  dump_stack_lvl+0xe8/0x150
[  675.669816][T25680]  should_fail_ex+0x412/0x560
[  675.669853][T25680]  should_failslab+0xa8/0x100
[  675.669882][T25680]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  675.669907][T25680]  ? __alloc_skb+0x186/0x7d0
[  675.669932][T25680]  ? __alloc_skb+0x1d0/0x7d0
[  675.669957][T25680]  ? __local_bh_enable_ip+0xd0/0x130
[  675.669999][T25680]  __alloc_skb+0x1d0/0x7d0
[  675.670031][T25680]  alloc_skb_with_frags+0xca/0x890
[  675.670067][T25680]  ? __lock_acquire+0x6b5/0x2cf0
[  675.670100][T25680]  sock_alloc_send_pskb+0x878/0x990
[  675.670128][T25680]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  675.670160][T25680]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  675.670185][T25680]  ? dev_get_by_index+0x22/0x2e0
[  675.670207][T25680]  ? dev_get_by_index+0x22/0x2e0
[  675.670233][T25680]  packet_sendmsg+0x33eb/0x50f0
[  675.670261][T25680]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  675.670298][T25680]  ? __lock_acquire+0x6b5/0x2cf0
[  675.670361][T25680]  ? aa_sk_perm+0x6d5/0x900
[  675.670390][T25680]  ? __pfx_packet_sendmsg+0x10/0x10
[  675.670420][T25680]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  675.670448][T25680]  ? aa_sock_msg_perm+0xf1/0x1b0
[  675.670470][T25680]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  675.670497][T25680]  ____sys_sendmsg+0x972/0x9f0
[  675.670536][T25680]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.670574][T25680]  ? import_iovec+0x73/0xa0
[  675.670602][T25680]  ___sys_sendmsg+0x2a5/0x360
[  675.670637][T25680]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.670702][T25680]  ? __fget_files+0x2a/0x420
[  675.670719][T25680]  ? __fget_files+0x3a0/0x420
[  675.670748][T25680]  __x64_sys_sendmsg+0x1bd/0x2a0
[  675.670780][T25680]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  675.670820][T25680]  ? __pfx_ksys_write+0x10/0x10
[  675.670854][T25680]  do_syscall_64+0x14d/0xf80
[  675.670879][T25680]  ? trace_irq_disable+0x3b/0x150
[  675.670898][T25680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.670918][T25680]  ? clear_bhb_loop+0x40/0x90
[  675.670942][T25680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.670961][T25680] RIP: 0033:0x7f126d59c819
[  675.670988][T25680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  675.671005][T25680] RSP: 002b:00007f126e41b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  675.671027][T25680] RAX: ffffffffffffffda RBX: 00007f126d815fa0 RCX: 00007f126d59c819
[  675.671042][T25680] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000003
[  675.671055][T25680] RBP: 00007f126e41b090 R08: 0000000000000000 R09: 0000000000000000
[  675.671068][T25680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.671080][T25680] R13: 00007f126d816038 R14: 00007f126d815fa0 R15: 00007ffc27c67758
[  675.671112][T25680]  </TASK>
[  676.254136][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  676.276940][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  676.385303][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  676.403031][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  676.437403][T25686] Bluetooth: MGMT ver 1.23
[  676.443045][T25686] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6019'.
[  676.568564][T25689] netlink: 'syz.2.6021': attribute type 2 has an invalid length.
[  676.593822][T25689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6021'.
[  676.741034][T25696] FAULT_INJECTION: forcing a failure.
[  676.741034][T25696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.769824][T25704] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6022'.
[  676.789059][T25696] CPU: 0 UID: 0 PID: 25696 Comm: syz.0.6023 Not tainted syzkaller #0 PREEMPT(full) 
[  676.789087][T25696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  676.789100][T25696] Call Trace:
[  676.789108][T25696]  <TASK>
[  676.789118][T25696]  dump_stack_lvl+0xe8/0x150
[  676.789154][T25696]  should_fail_ex+0x412/0x560
[  676.789188][T25696]  _copy_from_user+0x2d/0xb0
[  676.789215][T25696]  ___sys_sendmsg+0x1c6/0x360
[  676.789250][T25696]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.789316][T25696]  ? __fget_files+0x2a/0x420
[  676.789336][T25696]  ? __fget_files+0x3a0/0x420
[  676.789366][T25696]  __x64_sys_sendmsg+0x1bd/0x2a0
[  676.789400][T25696]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  676.789441][T25696]  ? __pfx_ksys_write+0x10/0x10
[  676.789477][T25696]  do_syscall_64+0x14d/0xf80
[  676.789499][T25696]  ? trace_irq_disable+0x3b/0x150
[  676.789518][T25696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.789539][T25696]  ? clear_bhb_loop+0x40/0x90
[  676.789566][T25696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.789587][T25696] RIP: 0033:0x7f15e8b9c819
[  676.789607][T25696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  676.789626][T25696] RSP: 002b:00007f15e9999028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.789650][T25696] RAX: ffffffffffffffda RBX: 00007f15e8e15fa0 RCX: 00007f15e8b9c819
[  676.789666][T25696] RDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000005
[  676.789679][T25696] RBP: 00007f15e9999090 R08: 0000000000000000 R09: 0000000000000000
[  676.789692][T25696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.789713][T25696] R13: 00007f15e8e16038 R14: 00007f15e8e15fa0 R15: 00007fff7c6702b8
[  676.789746][T25696]  </TASK>
[  677.815471][T25731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6033'.
[  677.869826][T25737] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6032'.
[  677.912593][ T5144] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  677.925648][ T5144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  677.937240][ T5144] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  677.956315][ T5144] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  677.964284][ T5144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  678.113614][T25738] gre0 speed is unknown, defaulting to 1000
[  678.520002][T25756] IPv6: NLM_F_CREATE should be specified when creating new route
[  678.526663][T25744] nbd0: detected capacity change from 0 to 63
[  678.606739][ T5833] block nbd0: Receive control failed (result -104)
[  678.608170][ T5144] block nbd0: Receive control failed (result -32)
[  678.649639][T25759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6039'.
[  678.712259][T25762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6039'.
[  678.817591][T25759] veth0: entered promiscuous mode
[  678.846638][T25759] macvtap2: entered promiscuous mode
[  678.873302][T25759] macvtap2: entered allmulticast mode
[  678.886720][T25759] veth0: entered allmulticast mode
[  678.953314][T25762] veth0: left allmulticast mode
[  678.996028][T25762] veth0: left promiscuous mode
[  679.997305][ T5144] Bluetooth: hci3: command tx timeout
[  680.119676][T25738] chnl_net:caif_netlink_parms(): no params data found
[  680.280560][T25792] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6044'.
[  680.635366][T25738] bridge0: port 1(bridge_slave_0) entered blocking state
[  680.670640][T25738] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.688770][T25738] bridge_slave_0: entered allmulticast mode
[  680.705879][T25738] bridge_slave_0: entered promiscuous mode
[  680.745174][T25738] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.770570][T25738] bridge0: port 2(bridge_slave_1) entered disabled state
[  680.808670][T25738] bridge_slave_1: entered allmulticast mode
[  680.837796][T25738] bridge_slave_1: entered promiscuous mode
[  680.973743][T25738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  681.001889][T25738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  681.150677][T25738] team0: Port device team_slave_0 added
[  681.175437][T25738] team0: Port device team_slave_1 added
[  681.341774][T25738] batman_adv: batadv0: Adding interface: batadv_slave_0
[  681.372332][T25738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  681.712904][T25738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  681.820720][T25738] batman_adv: batadv0: Adding interface: batadv_slave_1
[  681.861897][T25738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  682.000089][T25738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  682.001978][T25842] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6055'.
[  682.076806][ T5144] Bluetooth: hci3: command tx timeout
[  682.248985][T25738] hsr_slave_0: entered promiscuous mode
[  682.287968][T25738] hsr_slave_1: entered promiscuous mode
[  682.307929][T25738] debugfs: 'hsr0' already exists in 'hsr'
[  682.313724][T25738] Cannot create hsr debugfs directory
[  682.697713][T25738] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.886703][T25738] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.957241][T25872] mac80211_hwsim hwsim37 syzkaller0: left promiscuous mode
[  682.965475][T25872] mac80211_hwsim hwsim37 syzkaller0: left allmulticast mode
[  683.020830][T25738] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  683.109994][T25738] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  683.194579][T25877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6065'.
[  683.550062][T25738] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  683.587748][T25738] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  683.609842][T25738] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  683.710447][T25738] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  684.059682][T25738] 8021q: adding VLAN 0 to HW filter on device bond0
[  684.138477][T25738] 8021q: adding VLAN 0 to HW filter on device team0
[  684.158234][ T5144] Bluetooth: hci3: command tx timeout
[  684.176147][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  684.183402][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  684.204340][T25906] netlink: 'syz.3.6073': attribute type 1 has an invalid length.
[  684.268413][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  684.275643][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  684.299245][T22520] hid-generic 0005:15C2:0006.0006: item fetching failed at offset 0/1
[  684.347557][T22520] hid-generic 0005:15C2:0006.0006: probe with driver hid-generic failed with error -22
[  684.550249][T25913] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6075'.
[  686.236585][ T5144] Bluetooth: hci3: command tx timeout
[  686.957227][T25916] veth0_to_bridge: mtu less than device minimum
[  687.545917][T25738] 8021q: adding VLAN 0 to HW filter on device batadv0
[  687.681842][T25738] veth0_vlan: entered promiscuous mode
[  687.692367][T25938] netlink: 'syz.3.6083': attribute type 3 has an invalid length.
[  687.712967][T25738] veth1_vlan: entered promiscuous mode
[  687.732824][T25938] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.6083'.
[  687.748429][T25938] netlink: 'syz.3.6083': attribute type 3 has an invalid length.
[  687.779587][T25938] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.6083'.
[  687.810794][T25738] veth0_macvtap: entered promiscuous mode
[  687.823378][T25738] veth1_macvtap: entered promiscuous mode
[  687.873766][T25738] batman_adv: batadv0: Interface activated: batadv_slave_0
[  687.901311][T25738] batman_adv: batadv0: Interface activated: batadv_slave_1
[  687.923709][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  688.047907][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  688.060586][T25945] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6086'.
[  688.412131][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  688.421831][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  688.666757][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  688.674966][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  688.754202][T25956] FAULT_INJECTION: forcing a failure.
[  688.754202][T25956] name failslab, interval 1, probability 0, space 0, times 0
[  688.791068][T25951] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.803776][T25956] CPU: 1 UID: 0 PID: 25956 Comm: syz.4.6090 Not tainted syzkaller #0 PREEMPT(full) 
[  688.803813][T25956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  688.803827][T25956] Call Trace:
[  688.803845][T25956]  <TASK>
[  688.803855][T25956]  dump_stack_lvl+0xe8/0x150
[  688.803891][T25956]  should_fail_ex+0x412/0x560
[  688.803928][T25956]  should_failslab+0xa8/0x100
[  688.803958][T25956]  __kvmalloc_node_noprof+0x178/0x8a0
[  688.803985][T25956]  ? map_get_next_key+0x234/0x620
[  688.804009][T25956]  ? _copy_from_user+0x94/0xb0
[  688.804037][T25956]  map_get_next_key+0x234/0x620
[  688.804059][T25956]  ? bpf_lsm_bpf+0x9/0x20
[  688.804090][T25956]  __sys_bpf+0x768/0x950
[  688.804112][T25956]  ? __pfx___sys_bpf+0x10/0x10
[  688.804149][T25956]  ? ksys_write+0x242/0x270
[  688.804175][T25956]  ? __pfx_ksys_write+0x10/0x10
[  688.804206][T25956]  __x64_sys_bpf+0x7c/0x90
[  688.804235][T25956]  do_syscall_64+0x14d/0xf80
[  688.804255][T25956]  ? trace_irq_disable+0x3b/0x150
[  688.804272][T25956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.804292][T25956]  ? clear_bhb_loop+0x40/0x90
[  688.804317][T25956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.804338][T25956] RIP: 0033:0x7fd92079c819
[  688.804357][T25956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  688.804375][T25956] RSP: 002b:00007fd921685028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  688.804398][T25956] RAX: ffffffffffffffda RBX: 00007fd920a16090 RCX: 00007fd92079c819
[  688.804413][T25956] RDX: 0000000000000020 RSI: 00002000000001c0 RDI: 0000000000000004
[  688.804427][T25956] RBP: 00007fd921685090 R08: 0000000000000000 R09: 0000000000000000
[  688.804440][T25956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.804451][T25956] R13: 00007fd920a16128 R14: 00007fd920a16090 R15: 00007ffdbb1ce8e8
[  688.804483][T25956]  </TASK>
[  689.027540][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  689.035467][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  689.046826][T25951] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.143537][T25960] netlink: 'syz.0.6091': attribute type 8 has an invalid length.
[  689.163073][T25951] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.204139][T25962] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6029'.
[  689.237090][T25962] bridge0: port 2(bridge_slave_1) entered disabled state
[  689.246221][T25962] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.288585][T25951] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.509597][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  689.572128][   T36] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  689.636619][ T1154] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  689.678460][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  689.853785][T25979] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6098'.
[  690.190353][T25989] netlink: 'syz.2.6101': attribute type 3 has an invalid length.
[  690.225991][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  690.238232][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  690.242806][T25989] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6101'.
[  690.258563][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  690.266994][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  690.274957][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  690.280041][T25989] netlink: 'syz.2.6101': attribute type 3 has an invalid length.
[  690.330002][T25989] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6101'.
[  690.457487][T25991] gre0 speed is unknown, defaulting to 1000
[  690.578903][T15469] syz_tun (unregistering): left allmulticast mode
[  690.856252][T25998] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6105'.
[  691.382787][T26013] xt_hashlimit: size too large, truncated to 1048576
[  691.514717][T26016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6110'.
[  691.863243][T26023] netlink: 'syz.4.6112': attribute type 2 has an invalid length.
[  691.877032][T25991] chnl_net:caif_netlink_parms(): no params data found
[  691.949856][T26023] !: entered promiscuous mode
[  692.057436][T26023] FAULT_INJECTION: forcing a failure.
[  692.057436][T26023] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.107002][T26023] CPU: 1 UID: 0 PID: 26023 Comm: syz.4.6112 Not tainted syzkaller #0 PREEMPT(full) 
[  692.107033][T26023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  692.107046][T26023] Call Trace:
[  692.107054][T26023]  <TASK>
[  692.107063][T26023]  dump_stack_lvl+0xe8/0x150
[  692.107098][T26023]  should_fail_ex+0x412/0x560
[  692.107135][T26023]  _copy_from_iter+0x1d3/0x1670
[  692.107162][T26023]  ? rcu_is_watching+0x15/0xb0
[  692.107197][T26023]  ? __pfx__copy_from_iter+0x10/0x10
[  692.107228][T26023]  ? netlink_sendmsg+0x650/0xb40
[  692.107255][T26023]  ? skb_put+0x11b/0x210
[  692.107288][T26023]  netlink_sendmsg+0x6c0/0xb40
[  692.107325][T26023]  ? __pfx_netlink_sendmsg+0x10/0x10
[  692.107358][T26023]  ? aa_sock_msg_perm+0xf1/0x1b0
[  692.107380][T26023]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  692.107409][T26023]  ____sys_sendmsg+0x972/0x9f0
[  692.107449][T26023]  ? __pfx_____sys_sendmsg+0x10/0x10
[  692.107489][T26023]  ? import_iovec+0x73/0xa0
[  692.107518][T26023]  ___sys_sendmsg+0x2a5/0x360
[  692.107555][T26023]  ? __pfx____sys_sendmsg+0x10/0x10
[  692.107631][T26023]  ? __fget_files+0x2a/0x420
[  692.107650][T26023]  ? __fget_files+0x3a0/0x420
[  692.107680][T26023]  __x64_sys_sendmsg+0x1bd/0x2a0
[  692.107714][T26023]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  692.107754][T26023]  ? __pfx_ksys_write+0x10/0x10
[  692.107791][T26023]  do_syscall_64+0x14d/0xf80
[  692.107811][T26023]  ? trace_irq_disable+0x3b/0x150
[  692.107829][T26023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.107851][T26023]  ? clear_bhb_loop+0x40/0x90
[  692.107876][T26023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.107897][T26023] RIP: 0033:0x7fd92079c819
[  692.107918][T26023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  692.107937][T26023] RSP: 002b:00007fd9216a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.107961][T26023] RAX: ffffffffffffffda RBX: 00007fd920a15fa0 RCX: 00007fd92079c819
[  692.107977][T26023] RDX: 0000000000000004 RSI: 0000200000004680 RDI: 0000000000000007
[  692.107991][T26023] RBP: 00007fd9216a6090 R08: 0000000000000000 R09: 0000000000000000
[  692.108004][T26023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.108018][T26023] R13: 00007fd920a16038 R14: 00007fd920a15fa0 R15: 00007ffdbb1ce8e8
[  692.108052][T26023]  </TASK>
[  692.392929][ T5144] Bluetooth: hci4: command tx timeout
[  692.582552][T25991] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.590418][T25991] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.597870][T25991] bridge_slave_0: entered allmulticast mode
[  692.606043][T25991] bridge_slave_0: entered promiscuous mode
[  692.617041][T25991] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.624448][T25991] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.632031][T25991] bridge_slave_1: entered allmulticast mode
[  692.640941][T25991] bridge_slave_1: entered promiscuous mode
[  692.684143][T25991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.703772][T25991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  692.768108][T25991] team0: Port device team_slave_0 added
[  692.789282][T25991] team0: Port device team_slave_1 added
[  692.848117][T26043] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6115'.
[  693.038337][T25991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  693.045455][T25991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  693.106501][T25991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  693.136360][T25991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  693.151732][T25991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  693.187466][T25991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  693.403655][T25991] hsr_slave_0: entered promiscuous mode
[  693.433359][T25991] hsr_slave_1: entered promiscuous mode
[  693.476680][T25991] debugfs: 'hsr0' already exists in 'hsr'
[  693.487092][T25991] Cannot create hsr debugfs directory
[  693.775004][T26066] netlink: 'syz.1.6119': attribute type 2 has an invalid length.
[  693.792949][T26062] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6119'.
[  693.805406][T26063] netlink: 'syz.0.6122': attribute type 1 has an invalid length.
[  693.835138][T26063] netlink: 248 bytes leftover after parsing attributes in process `syz.0.6122'.
[  694.093573][T26076] batman_adv: batadv0: Adding interface: dummy0
[  694.100707][T26075] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6120'.
[  694.116967][T26076] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  694.169701][T26076] batman_adv: batadv0: Interface activated: dummy0
[  694.223747][T25991] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.372974][T25991] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.481071][ T5144] Bluetooth: hci4: command tx timeout
[  694.556201][T25991] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.741070][T25991] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.778699][T26097] netlink: 'syz.1.6129': attribute type 11 has an invalid length.
[  694.917689][T26102] netlink: 'syz.2.6130': attribute type 3 has an invalid length.
[  694.925495][T26102] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6130'.
[  694.941052][T26102] netlink: 'syz.2.6130': attribute type 3 has an invalid length.
[  694.968000][T26102] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6130'.
[  695.071025][ T5489] veth0_vlan: left promiscuous mode
[  695.131626][ T5489] veth0_vlan: entered promiscuous mode
[  695.243390][T26109] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6131'.
[  695.357239][T25991] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  695.384019][T25991] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  695.406046][T25991] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  695.460562][T25991] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  695.711660][T26127] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6135'.
[  695.902305][T25991] 8021q: adding VLAN 0 to HW filter on device bond0
[  695.942205][T26137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  695.959817][T25991] 8021q: adding VLAN 0 to HW filter on device team0
[  696.007078][T26137] netlink: 276 bytes leftover after parsing attributes in process `syz.0.6137'.
[  696.099516][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state
[  696.106829][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  696.129803][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state
[  696.137063][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  696.281267][T26149] netlink: 'syz.4.6141': attribute type 3 has an invalid length.
[  696.289176][T26149] netlink: 4344 bytes leftover after parsing attributes in process `syz.4.6141'.
[  696.300878][T26149] netlink: 'syz.4.6141': attribute type 3 has an invalid length.
[  696.331135][T26149] netlink: 4344 bytes leftover after parsing attributes in process `syz.4.6141'.
[  696.558673][ T5144] Bluetooth: hci4: command tx timeout
[  696.955668][T25991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  696.966724][T26180] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6149'.
[  697.145630][T26184] netlink: 'syz.4.6150': attribute type 29 has an invalid length.
[  697.189596][T25991] veth0_vlan: entered promiscuous mode
[  697.274138][T25991] veth1_vlan: entered promiscuous mode
[  697.596116][T25991] veth0_macvtap: entered promiscuous mode
[  697.631161][T25991] veth1_macvtap: entered promiscuous mode
[  697.734475][T25991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  697.781766][T25991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  697.848669][T25379] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  697.876219][T25379] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  697.912344][T25379] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  697.965436][T25379] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  697.996877][T26202] netlink: 'syz.2.6156': attribute type 1 has an invalid length.
[  698.074399][T25586] hid-generic 0005:15C2:0006.0007: item fetching failed at offset 0/1
[  698.102415][T25586] hid-generic 0005:15C2:0006.0007: probe with driver hid-generic failed with error -22
[  698.254270][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.289466][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.404562][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.438915][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.640752][ T5144] Bluetooth: hci4: command tx timeout
[  698.880615][T26238] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6164'.
[  698.985050][T26242] netlink: 'syz.3.6167': attribute type 1 has an invalid length.
[  700.402093][T26281] netlink: 'syz.1.6177': attribute type 3 has an invalid length.
[  700.427596][T26281] netlink: 4344 bytes leftover after parsing attributes in process `syz.1.6177'.
[  700.448676][T26283] netlink: 'syz.4.6178': attribute type 1 has an invalid length.
[  700.644895][T26289] netlink: 'syz.1.6180': attribute type 3 has an invalid length.
[  700.693618][T26289] netlink: 4344 bytes leftover after parsing attributes in process `syz.1.6180'.
[  700.715962][T26289] FAULT_INJECTION: forcing a failure.
[  700.715962][T26289] name failslab, interval 1, probability 0, space 0, times 0
[  700.763651][T26289] CPU: 1 UID: 0 PID: 26289 Comm: syz.1.6180 Not tainted syzkaller #0 PREEMPT(full) 
[  700.763683][T26289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  700.763696][T26289] Call Trace:
[  700.763706][T26289]  <TASK>
[  700.763716][T26289]  dump_stack_lvl+0xe8/0x150
[  700.763752][T26289]  should_fail_ex+0x412/0x560
[  700.763790][T26289]  should_failslab+0xa8/0x100
[  700.763819][T26289]  __kmalloc_noprof+0xe8/0x760
[  700.763842][T26289]  ? __pfx_nft_data_init+0x10/0x10
[  700.763871][T26289]  ? nft_pernet+0x23/0x240
[  700.763890][T26289]  ? nft_set_elem_init+0xa8/0x7e0
[  700.763921][T26289]  nft_set_elem_init+0xa8/0x7e0
[  700.763956][T26289]  nf_tables_newsetelem+0x22f3/0x4340
[  700.763980][T26289]  ? do_trace_netlink_extack+0x80/0x200
[  700.764047][T26289]  ? __pfx_nf_tables_newsetelem+0x10/0x10
[  700.764084][T26289]  ? nla_validate_array+0xfc/0x260
[  700.764141][T26289]  ? __pfx___nla_validate_parse+0x10/0x10
[  700.764172][T26289]  ? __pfx_nf_tables_newset+0x10/0x10
[  700.764203][T26289]  ? nfnl_pernet+0x23/0x240
[  700.764239][T26289]  ? __nla_parse+0x40/0x60
[  700.764267][T26289]  nfnetlink_rcv+0x1240/0x27b0
[  700.764330][T26289]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  700.764368][T26289]  ? do_user_addr_fault+0xbad/0x1340
[  700.764436][T26289]  ? netlink_deliver_tap+0x2e/0x1b0
[  700.764482][T26289]  netlink_unicast+0x80f/0x9b0
[  700.764517][T26289]  ? __pfx_netlink_unicast+0x10/0x10
[  700.764540][T26289]  ? __kvmalloc_node_noprof+0x393/0x8a0
[  700.764577][T26289]  ? netlink_sendmsg+0x650/0xb40
[  700.764602][T26289]  ? skb_put+0x11b/0x210
[  700.764640][T26289]  netlink_sendmsg+0x813/0xb40
[  700.764678][T26289]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.764710][T26289]  ? aa_sock_msg_perm+0xf1/0x1b0
[  700.764734][T26289]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  700.764763][T26289]  ____sys_sendmsg+0x972/0x9f0
[  700.764803][T26289]  ? __pfx_____sys_sendmsg+0x10/0x10
[  700.764843][T26289]  ? import_iovec+0x73/0xa0
[  700.764872][T26289]  ___sys_sendmsg+0x2a5/0x360
[  700.764908][T26289]  ? __pfx____sys_sendmsg+0x10/0x10
[  700.764977][T26289]  ? __fget_files+0x2a/0x420
[  700.764996][T26289]  ? __fget_files+0x3a0/0x420
[  700.765027][T26289]  __x64_sys_sendmsg+0x1bd/0x2a0
[  700.765061][T26289]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  700.765101][T26289]  ? __pfx_ksys_write+0x10/0x10
[  700.765138][T26289]  do_syscall_64+0x14d/0xf80
[  700.765158][T26289]  ? trace_irq_disable+0x3b/0x150
[  700.765177][T26289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.765199][T26289]  ? clear_bhb_loop+0x40/0x90
[  700.765226][T26289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.765248][T26289] RIP: 0033:0x7f86f019c819
[  700.765268][T26289] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  700.765287][T26289] RSP: 002b:00007f86f1020028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  700.765311][T26289] RAX: ffffffffffffffda RBX: 00007f86f0415fa0 RCX: 00007f86f019c819
[  700.765326][T26289] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  700.765340][T26289] RBP: 00007f86f1020090 R08: 0000000000000000 R09: 0000000000000000
[  700.765353][T26289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  700.765366][T26289] R13: 00007f86f0416038 R14: 00007f86f0415fa0 R15: 00007ffe696d8898
[  700.765400][T26289]  </TASK>
[  701.302828][T26300] FAULT_INJECTION: forcing a failure.
[  701.302828][T26300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  701.391537][T26300] CPU: 1 UID: 0 PID: 26300 Comm: syz.3.6185 Not tainted syzkaller #0 PREEMPT(full) 
[  701.391567][T26300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  701.391580][T26300] Call Trace:
[  701.391589][T26300]  <TASK>
[  701.391598][T26300]  dump_stack_lvl+0xe8/0x150
[  701.391634][T26300]  should_fail_ex+0x412/0x560
[  701.391671][T26300]  _copy_to_user+0x31/0xb0
[  701.391697][T26300]  simple_read_from_buffer+0xe1/0x170
[  701.391731][T26300]  proc_fail_nth_read+0x1bb/0x230
[  701.391766][T26300]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  701.391811][T26300]  ? rw_verify_area+0x2a6/0x4d0
[  701.391835][T26300]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  701.391866][T26300]  vfs_read+0x20c/0xa70
[  701.391888][T26300]  ? fdget_pos+0x246/0x320
[  701.391912][T26300]  ? __pfx___mutex_lock+0x10/0x10
[  701.391935][T26300]  ? __pfx_vfs_read+0x10/0x10
[  701.391960][T26300]  ? __fget_files+0x2a/0x420
[  701.391984][T26300]  ? __fget_files+0x3a0/0x420
[  701.392002][T26300]  ? __fget_files+0x2a/0x420
[  701.392030][T26300]  ksys_read+0x150/0x270
[  701.392056][T26300]  ? __pfx_ksys_read+0x10/0x10
[  701.392093][T26300]  do_syscall_64+0x14d/0xf80
[  701.392114][T26300]  ? trace_irq_disable+0x3b/0x150
[  701.392134][T26300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.392156][T26300]  ? clear_bhb_loop+0x40/0x90
[  701.392183][T26300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.392204][T26300] RIP: 0033:0x7f3151b5d04e
[  701.392225][T26300] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  701.392244][T26300] RSP: 002b:00007f31529d2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  701.392268][T26300] RAX: ffffffffffffffda RBX: 00007f31529d36c0 RCX: 00007f3151b5d04e
[  701.392284][T26300] RDX: 000000000000000f RSI: 00007f31529d30a0 RDI: 0000000000000004
[  701.392297][T26300] RBP: 00007f31529d3090 R08: 0000000000000000 R09: 0000000000000000
[  701.392310][T26300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.392323][T26300] R13: 00007f3151e16038 R14: 00007f3151e15fa0 R15: 00007ffeae53d5d8
[  701.392358][T26300]  </TASK>
[  701.704916][T26305] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6184'.
[  702.262507][T26324] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6189'.
[  702.284053][T26326] netlink: 'syz.4.6191': attribute type 1 has an invalid length.
[  702.293178][T26324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6189'.
[  702.936988][T26353] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6195'.
[  703.083994][T26353] netlink: 7060 bytes leftover after parsing attributes in process `syz.4.6195'.
[  703.104998][T26353] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6195'.
[  703.527324][T26358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6196'.
[  703.537419][T26358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6196'.
[  703.606113][T26374] siw: device registration error -23
[  703.630885][T26374] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  703.824355][T26377] netlink: 'syz.4.6203': attribute type 1 has an invalid length.
[  704.011851][T26384] syzkaller1: entered promiscuous mode
[  704.025555][T26384] syzkaller1: entered allmulticast mode
[  704.264732][T26384] gre0 speed is unknown, defaulting to 1000
[  705.745563][T26445] netlink: 'syz.1.6218': attribute type 1 has an invalid length.
[  705.803720][T25615] hid-generic 0005:15C2:0006.0008: item fetching failed at offset 0/1
[  705.867333][T25615] hid-generic 0005:15C2:0006.0008: probe with driver hid-generic failed with error -22
[  705.987058][T26453] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6219'.
[  706.733937][T26485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6225'.
[  707.353012][T26510] netlink: 'syz.1.6230': attribute type 1 has an invalid length.
[  707.439428][T26514] syzkaller1: entered promiscuous mode
[  707.444976][T26514] syzkaller1: entered allmulticast mode
[  707.614368][T26523] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6236'.
[  707.749642][T26526] netlink: 'syz.2.6237': attribute type 3 has an invalid length.
[  707.774921][T26526] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6237'.
[  707.807674][T26526] netlink: 'syz.2.6237': attribute type 3 has an invalid length.
[  707.816056][T26526] netlink: 4344 bytes leftover after parsing attributes in process `syz.2.6237'.
[  707.893910][T26535] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6241'.
[  708.076032][T26543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6244'.
[  708.109767][T26543] FAULT_INJECTION: forcing a failure.
[  708.109767][T26543] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  708.139879][T26543] CPU: 1 UID: 0 PID: 26543 Comm: syz.0.6244 Not tainted syzkaller #0 PREEMPT(full) 
[  708.139909][T26543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  708.139924][T26543] Call Trace:
[  708.139933][T26543]  <TASK>
[  708.139942][T26543]  dump_stack_lvl+0xe8/0x150
[  708.139976][T26543]  should_fail_ex+0x412/0x560
[  708.140014][T26543]  _copy_from_user+0x2d/0xb0
[  708.140039][T26543]  ___sys_recvmsg+0x175/0x590
[  708.140068][T26543]  ? get_pid_task+0x20/0x1f0
[  708.140087][T26543]  ? get_pid_task+0x20/0x1f0
[  708.140110][T26543]  ? __pfx____sys_recvmsg+0x10/0x10
[  708.140165][T26543]  ? __fget_files+0x3a0/0x420
[  708.140196][T26543]  __x64_sys_recvmsg+0x1ba/0x2a0
[  708.140231][T26543]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  708.140269][T26543]  ? __pfx_ksys_write+0x10/0x10
[  708.140304][T26543]  do_syscall_64+0x14d/0xf80
[  708.140324][T26543]  ? trace_irq_disable+0x3b/0x150
[  708.140342][T26543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.140362][T26543]  ? clear_bhb_loop+0x40/0x90
[  708.140388][T26543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.140408][T26543] RIP: 0033:0x7f15e8b9c819
[  708.140429][T26543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  708.140447][T26543] RSP: 002b:00007f15e9999028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  708.140470][T26543] RAX: ffffffffffffffda RBX: 00007f15e8e15fa0 RCX: 00007f15e8b9c819
[  708.140485][T26543] RDX: 0000000000002040 RSI: 0000200000000540 RDI: 0000000000000003
[  708.140498][T26543] RBP: 00007f15e9999090 R08: 0000000000000000 R09: 0000000000000000
[  708.140510][T26543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.140522][T26543] R13: 00007f15e8e16038 R14: 00007f15e8e15fa0 R15: 00007fff7c6702b8
[  708.140552][T26543]  </TASK>
[  708.966713][ T5193] block nbd0: Connection timed out, retrying (0/2 alive)
[  708.974236][ T5193] block nbd0: Connection timed out, retrying (0/2 alive)
[  708.982538][ T5193] block nbd0: Connection timed out, retrying (0/2 alive)
[  708.991864][   T11] block nbd0: Dead connection, failed to find a fallback
[  708.999191][   T11] block nbd0: shutting down sockets
[  709.004426][   T11] blk_print_req_error: 286 callbacks suppressed
[  709.004447][   T11] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.022479][ T5193] block nbd0: Connection timed out, retrying (0/2 alive)
[  709.030061][   T11] buffer_io_error: 286 callbacks suppressed
[  709.030079][   T11] Buffer I/O error on dev nbd0, logical block 1, async page read
[  709.044928][   T11] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.055003][   T11] Buffer I/O error on dev nbd0, logical block 0, async page read
[  709.063259][   T11] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.073235][   T11] Buffer I/O error on dev nbd0, logical block 3, async page read
[  709.081747][   T11] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.091746][   T11] Buffer I/O error on dev nbd0, logical block 2, async page read
[  709.100085][T24577] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.117634][T24577] Buffer I/O error on dev nbd0, logical block 0, async page read
[  709.125502][T24577] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.156527][T24577] Buffer I/O error on dev nbd0, logical block 1, async page read
[  709.164399][T24577] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.188978][T24577] Buffer I/O error on dev nbd0, logical block 2, async page read
[  709.206776][T24577] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.216319][T24577] Buffer I/O error on dev nbd0, logical block 3, async page read
[  709.243711][T24577] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.266498][T24577] Buffer I/O error on dev nbd0, logical block 0, async page read
[  709.274466][T24577] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  709.347258][T24577] Buffer I/O error on dev nbd0, logical block 1, async page read
[  709.355830][T24577] ldm_validate_partition_table(): Disk read failed.
[  709.437442][T24577] Dev nbd0: unable to read RDB block 0
[  709.443673][T24577]  nbd0: unable to read partition table
[  709.494488][T26592] nbd: socks must be embedded in a SOCK_ITEM attr
[  709.565931][T24577] ldm_validate_partition_table(): Disk read failed.
[  709.585149][T24577] Dev nbd0: unable to read RDB block 0
[  709.634296][T24577]  nbd0: unable to read partition table
[  709.905960][T26599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6245'.
[  710.004693][T26609] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6265'.
[  710.060955][T26609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6265'.
[  710.160360][T26599] geneve2: entered promiscuous mode
[  710.361011][T26619] bridge0: port 3(syz_tun) entered blocking state
[  710.387566][T26619] bridge0: port 3(syz_tun) entered disabled state
[  710.394295][T26619] syz_tun: entered allmulticast mode
[  710.426118][T26619] syz_tun: left allmulticast mode
[  710.449690][T26627] netlink: 'syz.0.6271': attribute type 4 has an invalid length.
[  710.961261][T26641] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.969335][T26641] bridge0: port 1(bridge_slave_0) entered disabled state
[  711.192667][T26641] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  711.225186][T26641] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  711.462375][T25379] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  711.486629][T25379] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  711.523043][T25379] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  711.545862][T25379] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  711.768801][T26665] syzkaller0: entered promiscuous mode
[  711.788046][T26665] syzkaller0: entered allmulticast mode
[  712.299465][T26681] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  712.376318][T26700] ipip0: entered promiscuous mode
[  712.461835][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  712.478981][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  712.974849][T26722] __nla_validate_parse: 6 callbacks suppressed
[  712.974868][T26722] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6303'.
[  713.143242][T26731] netlink: 'syz.1.6307': attribute type 3 has an invalid length.
[  713.175286][T26731] netlink: 'syz.1.6307': attribute type 2 has an invalid length.
[  713.202521][T26731] netlink: 'syz.1.6307': attribute type 2 has an invalid length.
[  713.213062][T26732] netlink: 'syz.1.6307': attribute type 1 has an invalid length.
[  713.341169][T26731] bond5: (slave geneve2): making interface the new active one
[  713.360352][T26732] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6307'.
[  713.369722][T26731] bond5: (slave geneve2): Enslaving as an active interface with an up link
[  713.380199][   T36] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  713.405626][T26732] 8021q: adding VLAN 0 to HW filter on device bond5
[  713.420038][   T36] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  713.433685][   T36] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  713.446018][T26747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6310'.
[  713.637033][T24907] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  715.836720][ T5144] Bluetooth: hci4: command 0x0405 tx timeout
[  716.305864][T26739] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  716.658054][T26816] tipc: Started in network mode
[  716.676919][T26816] tipc: Node identity ac14140f, cluster identity 4711
[  716.692034][T26816] tipc: New replicast peer: 255.255.255.255
[  716.718177][T26816] tipc: Enabled bearer <udp:syz2>, priority 6
[  717.688096][T26868] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6347'.
[  717.829035][T25614] tipc: Node number set to 2886997007
[  717.928394][T26880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6352'.
[  717.956549][T26880] openvswitch: netlink: EtherType 0 is less than min 600
[  718.838023][T26909] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6359'.
[  718.917598][T26912] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6362'.
[  718.968910][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  718.980284][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  718.989142][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  718.998980][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  719.006965][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  721.120610][ T5144] Bluetooth: hci5: command tx timeout
[  722.249899][T26914] gre0 speed is unknown, defaulting to 1000
[  722.340722][T26952] mac80211_hwsim hwsim37 syzkaller0: entered promiscuous mode
[  722.366654][T26952] mac80211_hwsim hwsim37 syzkaller0: entered allmulticast mode
[  722.399977][T26953] netlink: 'syz.3.6370': attribute type 14 has an invalid length.
[  722.437135][T26959] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  722.574890][T26961] ipip0: entered promiscuous mode
[  722.598360][T26964] FAULT_INJECTION: forcing a failure.
[  722.598360][T26964] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  722.656695][T26964] CPU: 1 UID: 0 PID: 26964 Comm: syz.2.6373 Not tainted syzkaller #0 PREEMPT(full) 
[  722.656728][T26964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  722.656741][T26964] Call Trace:
[  722.656750][T26964]  <TASK>
[  722.656760][T26964]  dump_stack_lvl+0xe8/0x150
[  722.656797][T26964]  should_fail_ex+0x412/0x560
[  722.656835][T26964]  _copy_from_user+0x2d/0xb0
[  722.656862][T26964]  do_sock_getsockopt+0x165/0x3f0
[  722.656896][T26964]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  722.656926][T26964]  ? __fget_files+0x3a0/0x420
[  722.656947][T26964]  ? __fget_files+0x2a/0x420
[  722.656974][T26964]  __x64_sys_getsockopt+0x1a4/0x240
[  722.657014][T26964]  do_syscall_64+0x14d/0xf80
[  722.657035][T26964]  ? trace_irq_disable+0x3b/0x150
[  722.657055][T26964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.657076][T26964]  ? clear_bhb_loop+0x40/0x90
[  722.657102][T26964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.657122][T26964] RIP: 0033:0x7f166899c819
[  722.657143][T26964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  722.657161][T26964] RSP: 002b:00007f16697a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  722.657184][T26964] RAX: ffffffffffffffda RBX: 00007f1668c15fa0 RCX: 00007f166899c819
[  722.657200][T26964] RDX: 0000000000000004 RSI: 0000000000000112 RDI: 0000000000000004
[  722.657213][T26964] RBP: 00007f16697a4090 R08: 0000200000000080 R09: 0000000000000000
[  722.657227][T26964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  722.657239][T26964] R13: 00007f1668c16038 R14: 00007f1668c15fa0 R15: 00007ffea848ad48
[  722.657273][T26964]  </TASK>
[  722.908225][T26967] netlink: 'syz.3.6374': attribute type 21 has an invalid length.
[  722.916103][T26967] IPv6: NLM_F_CREATE should be specified when creating new route
[  722.924013][T26967] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  722.931276][T26967] IPv6: NLM_F_CREATE should be set when creating new route
[  722.938598][T26967] IPv6: NLM_F_CREATE should be set when creating new route
[  722.945851][T26967] IPv6: NLM_F_CREATE should be set when creating new route
[  722.957388][T26967] netlink: 'syz.3.6374': attribute type 21 has an invalid length.
[  722.986652][T26967] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  723.196916][ T5144] Bluetooth: hci5: command tx timeout
[  723.584136][T25614] tipc: Node number set to 1968605459
[  723.676378][T26992] netlink: 'syz.2.6383': attribute type 2 has an invalid length.
[  723.692950][T26914] chnl_net:caif_netlink_parms(): no params data found
[  723.777178][T26992] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6383'.
[  723.863230][T27003] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  723.883067][T26996] netlink: 'syz.4.6385': attribute type 3 has an invalid length.
[  723.906257][T26996] netlink: 4344 bytes leftover after parsing attributes in process `syz.4.6385'.
[  723.976808][T26996] netlink: 'syz.4.6385': attribute type 3 has an invalid length.
[  723.997352][T26996] netlink: 4344 bytes leftover after parsing attributes in process `syz.4.6385'.
[  724.056668][T26914] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.072945][T26914] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.092857][T26914] bridge_slave_0: entered allmulticast mode
[  724.113358][T26914] bridge_slave_0: entered promiscuous mode
[  724.143650][T27010] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  724.166385][T27010] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  724.239960][T27014] "syz.3.6389" (27014) uses obsolete ecb(arc4) skcipher
[  724.294699][T26914] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.306666][T26914] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.324605][T26914] bridge_slave_1: entered allmulticast mode
[  724.344501][T26914] bridge_slave_1: entered promiscuous mode
[  724.489694][T26914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  724.525673][T26914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  724.643840][T26914] team0: Port device team_slave_0 added
[  724.663366][T26914] team0: Port device team_slave_1 added
[  725.087447][T27029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  725.120963][T27029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  725.277384][ T5144] Bluetooth: hci5: command tx timeout
[  725.452762][T27043] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  725.479504][T27046] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6399'.
[  725.519267][T25379] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  725.553210][T25379] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  725.649241][T25379] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  725.674699][T25379] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  725.707467][T26914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  725.720775][T26914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  725.769669][T27058] netlink: 180 bytes leftover after parsing attributes in process `syz.0.6403'.
[  725.795605][T26914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  725.816701][T27058] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6403'.
[  725.829395][T26914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  725.846047][T26914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  725.888702][T26914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  726.064254][T26914] hsr_slave_0: entered promiscuous mode
[  726.086057][T26914] hsr_slave_1: entered promiscuous mode
[  726.100938][T26914] debugfs: 'hsr0' already exists in 'hsr'
[  726.123681][T26914] Cannot create hsr debugfs directory
[  726.360499][T27083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6413'.
[  726.422724][T27083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6413'.
[  726.452755][T27083] gretap0: refused to change device tx_queue_len
[  726.461454][T27083] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  726.500480][T27081] tipc: Started in network mode
[  726.515515][T27081] tipc: Node identity ac14140f, cluster identity 4711
[  726.539687][T27081] tipc: New replicast peer: 255.255.255.255
[  726.553863][T27081] tipc: Enabled bearer <udp:syz2>, priority 6
[  726.561416][T27090] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6412'.
[  726.690884][T26914] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  726.911034][T26914] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  726.977402][T27096] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6417'.
[  727.013784][T27096] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6417'.
[  727.025363][T26914] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  727.122428][T26914] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  727.358656][ T5144] Bluetooth: hci5: command tx timeout
[  727.586197][T26914] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  727.637266][T26914] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  727.690225][T25619] tipc: Node number set to 2886997007
[  727.697766][T26914] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  727.726852][T26914] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  727.853292][T27130] team0: Device ipvlan2 failed to register rx_handler
[  728.103623][T26914] 8021q: adding VLAN 0 to HW filter on device bond0
[  728.159900][T26914] 8021q: adding VLAN 0 to HW filter on device team0
[  728.193452][T25540] bridge0: port 1(bridge_slave_0) entered blocking state
[  728.200726][T25540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  728.255198][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state
[  728.262452][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  728.813738][T26914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  729.007584][T26914] veth0_vlan: entered promiscuous mode
[  729.353949][T26914] veth1_vlan: entered promiscuous mode
[  729.485848][ T9143] ------------[ cut here ]------------
[  729.491671][ T9143] conntrack cleanup blocked for 60s
[  729.491690][ T9143] WARNING: net/netfilter/nf_conntrack_core.c:2512 at nf_conntrack_cleanup_net_list+0x234/0x340, CPU#0: kworker/u8:11/9143
[  729.509887][ T9143] Modules linked in:
[  729.514450][ T9143] CPU: 0 UID: 0 PID: 9143 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  729.524149][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  729.534503][ T9143] Workqueue: netns cleanup_net
[  729.539392][ T9143] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[  729.546289][ T9143] Code: 08 48 89 df e8 4d 45 63 f8 4c 8b 3b 49 39 df 74 69 e8 f0 f2 f8 f7 45 31 e4 e9 8e fe ff ff e8 e3 f2 f8 f7 48 8d 3d cc 26 54 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[  729.567196][ T9143] RSP: 0018:ffffc9001b7df8b0 EFLAGS: 00010293
[  729.573322][ T9143] RAX: ffffffff89ccbd0d RBX: ffffc9001b7dfa50 RCX: ffff888077923d00
[  729.581609][ T9143] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffff9020e3e0
[  729.589806][ T9143] RBP: 0000000000000001 R08: ffff8880227a4803 R09: 1ffff110044f4900
[  729.598147][ T9143] R10: dffffc0000000000 R11: ffffed10044f4901 R12: 0000000000000001
[  729.603822][T26914] veth0_macvtap: entered promiscuous mode
[  729.606156][ T9143] R13: dffffc0000000000 R14: 000000010000a703 R15: 000000010000a704
[  729.620085][ T9143] FS:  0000000000000000(0000) GS:ffff88812544e000(0000) knlGS:0000000000000000
[  729.629307][ T9143] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  729.636027][ T9143] CR2: 0000558357f74828 CR3: 000000006edae000 CR4: 00000000003526f0
[  729.644156][ T9143] Call Trace:
[  729.647546][ T9143]  <TASK>
[  729.650530][ T9143]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[  729.657167][ T9143]  ops_undo_list+0x52b/0x940
[  729.661819][ T9143]  ? __pfx_ops_undo_list+0x10/0x10
[  729.667196][ T9143]  ? idr_destroy+0x227/0x290
[  729.672014][ T9143]  cleanup_net+0x56b/0x800
[  729.677461][ T9143]  ? __pfx_cleanup_net+0x10/0x10
[  729.682463][ T9143]  ? process_scheduled_works+0xa8d/0x18c0
[  729.688291][ T9143]  ? process_scheduled_works+0xa8d/0x18c0
[  729.694094][ T9143]  process_scheduled_works+0xb6e/0x18c0
[  729.699906][ T9143]  ? __pfx_process_scheduled_works+0x10/0x10
[  729.705934][ T9143]  ? assign_work+0x3d5/0x5e0
[  729.710661][ T9143]  worker_thread+0xa53/0xfc0
[  729.715322][ T9143]  kthread+0x388/0x470
[  729.719562][ T9143]  ? __pfx_worker_thread+0x10/0x10
[  729.724725][ T9143]  ? __pfx_kthread+0x10/0x10
[  729.729420][ T9143]  ret_from_fork+0x51e/0xb90
[  729.734164][ T9143]  ? __pfx_ret_from_fork+0x10/0x10
[  729.739491][ T9143]  ? __switch_to+0xc7d/0x1450
[  729.744237][ T9143]  ? __pfx_kthread+0x10/0x10
[  729.749048][ T9143]  ret_from_fork_asm+0x1a/0x30
[  729.753885][ T9143]  </TASK>
[  729.757289][ T9143] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  729.764604][ T9143] CPU: 0 UID: 0 PID: 9143 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  729.774181][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  729.784276][ T9143] Workqueue: netns cleanup_net
[  729.789093][ T9143] Call Trace:
[  729.792404][ T9143]  <TASK>
[  729.795351][ T9143]  vpanic+0x56c/0xa60
[  729.799435][ T9143]  ? __pfx__printk+0x10/0x10
[  729.804051][ T9143]  ? __pfx_vpanic+0x10/0x10
[  729.808575][ T9143]  ? is_bpf_text_address+0x292/0x2b0
[  729.813871][ T9143]  ? is_bpf_text_address+0x26/0x2b0
[  729.819089][ T9143]  panic+0xc5/0xd0
[  729.822828][ T9143]  ? __pfx_panic+0x10/0x10
[  729.827264][ T9143]  ? ret_from_fork_asm+0x1a/0x30
[  729.832219][ T9143]  __warn+0x315/0x4f0
[  729.836211][ T9143]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  729.842460][ T9143]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  729.848631][ T9143]  __report_bug+0x29a/0x540
[  729.853159][ T9143]  ? __lock_acquire+0x6b5/0x2cf0
[  729.858112][ T9143]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  729.864368][ T9143]  ? __pfx___report_bug+0x10/0x10
[  729.869535][ T9143]  ? nf_conntrack_cleanup_net_list+0x13e/0x340
[  729.875705][ T9143]  report_bug_entry+0x19a/0x290
[  729.880662][ T9143]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[  729.886823][ T9143]  ? nf_conntrack_cleanup_net_list+0x239/0x340
[  729.893010][ T9143]  handle_bug+0xce/0x200
[  729.897271][ T9143]  exc_invalid_op+0x1a/0x50
[  729.901830][ T9143]  asm_exc_invalid_op+0x1a/0x20
[  729.906698][ T9143] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[  729.913469][ T9143] Code: 08 48 89 df e8 4d 45 63 f8 4c 8b 3b 49 39 df 74 69 e8 f0 f2 f8 f7 45 31 e4 e9 8e fe ff ff e8 e3 f2 f8 f7 48 8d 3d cc 26 54 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[  729.933092][ T9143] RSP: 0018:ffffc9001b7df8b0 EFLAGS: 00010293
[  729.939173][ T9143] RAX: ffffffff89ccbd0d RBX: ffffc9001b7dfa50 RCX: ffff888077923d00
[  729.947244][ T9143] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffff9020e3e0
[  729.955219][ T9143] RBP: 0000000000000001 R08: ffff8880227a4803 R09: 1ffff110044f4900
[  729.963216][ T9143] R10: dffffc0000000000 R11: ffffed10044f4901 R12: 0000000000000001
[  729.971203][ T9143] R13: dffffc0000000000 R14: 000000010000a703 R15: 000000010000a704
[  729.979279][ T9143]  ? nf_conntrack_cleanup_net_list+0x22d/0x340
[  729.985460][ T9143]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[  729.991552][ T9143]  ops_undo_list+0x52b/0x940
[  729.996219][ T9143]  ? __pfx_ops_undo_list+0x10/0x10
[  730.001366][ T9143]  ? idr_destroy+0x227/0x290
[  730.005992][ T9143]  cleanup_net+0x56b/0x800
[  730.010430][ T9143]  ? __pfx_cleanup_net+0x10/0x10
[  730.015390][ T9143]  ? process_scheduled_works+0xa8d/0x18c0
[  730.021124][ T9143]  ? process_scheduled_works+0xa8d/0x18c0
[  730.026946][ T9143]  process_scheduled_works+0xb6e/0x18c0
[  730.032539][ T9143]  ? __pfx_process_scheduled_works+0x10/0x10
[  730.038537][ T9143]  ? assign_work+0x3d5/0x5e0
[  730.043235][ T9143]  worker_thread+0xa53/0xfc0
[  730.047950][ T9143]  kthread+0x388/0x470
[  730.052029][ T9143]  ? __pfx_worker_thread+0x10/0x10
[  730.057159][ T9143]  ? __pfx_kthread+0x10/0x10
[  730.061786][ T9143]  ret_from_fork+0x51e/0xb90
[  730.066400][ T9143]  ? __pfx_ret_from_fork+0x10/0x10
[  730.071534][ T9143]  ? __switch_to+0xc7d/0x1450
[  730.076229][ T9143]  ? __pfx_kthread+0x10/0x10
[  730.081189][ T9143]  ret_from_fork_asm+0x1a/0x30
[  730.086005][ T9143]  </TASK>
[  730.089196][ T9143] Kernel Offset: disabled
[  730.093703][ T9143] Rebooting in 86400 seconds..