last executing test programs:

3.529748592s ago: executing program 0 (id=5652):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0xf8, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0xe, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0xc8, 0x2, [@TCA_FLOW_XOR={0x8, 0x7, 0xffffffff}, @TCA_FLOW_EMATCHES={0x94, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x10}}, @TCA_EMATCH_TREE_LIST={0x88, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x3c, 0x3, 0x0, 0x0, {{0x2, 0x9, 0x28}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0xf4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x90}]}}, @TCF_EM_U32={0x1c, 0x4, 0x0, 0x0, {{0x8, 0x3, 0x2}, {0x4, 0x0, 0x9, 0xffffffff}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7fff, 0x1, 0x8}, {0xc6, 0xdb, 0x200, 0x9, 0x5, 0x1, 0x1}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x2, 0x7, 0x1}, {{0x3, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x1, 0x1}}}}]}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7f}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}]}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}, 0x20}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000040)={<r1=>0x0, 0x7, 0x5, 0x5, 0x800, 0x9}, &(0x7f0000000080)=0x14)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000540)={r1, @in6={{0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x6}}, 0xfffffffc, 0x6, 0x1a83, 0x0, 0x1}, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={r1}, 0x0)

3.168854159s ago: executing program 0 (id=5655):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$can_bcm(0x1d, 0x2, 0x2)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000000)={{0x6, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast]}, 0x48)
connect$netrom(r1, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)
r2 = gettid()
pipe(&(0x7f0000000340)={<r3=>0xffffffffffffffff})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={r2, r3, 0x0, 0x0, 0x0}, 0x30)
socket$inet(0x2, 0x800, 0x3)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000700)={{{@in=@multicast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@private0}, 0x0, @in=@multicast2}}, &(0x7f00000002c0)=0xe8)
r5 = getgid()
setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={r2, r4, r5}, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'dummy0\x00', <r6=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000)
r7 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCGETLINKNAME(r7, 0x89e0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="48000000100003052bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000040010000200012800b0001006d61637365630000100002800c000100ffffffffffffffff08000500", @ANYRES32=r6, @ANYBLOB="2594058aa3def783ad8343876812c2ff797cb34f0165d7d358382d2f9eb1bb9eb4953756d3"], 0x48}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)=@ipv4_getaddr={0x18, 0x16, 0xec35167427e1ca87}, 0x18}}, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000004a"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x10, 0xb, &(0x7f00000009c0)=@framed={{0x18, 0x2}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r12}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xa}, 0x94)
r13 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="1808000000000000000000000000001f851000000600000018100000", @ANYRES32=r13, @ANYBLOB="00000000000000000f8000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="c0000000000101040000000000000000020000007400018014000180080001000000000008000200e00000020c00028005000100000000004300028005000100060000000c0003ef05000100000000000c0002"], 0xc0}}, 0x0)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800010001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x2, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x1}}}})

2.190791311s ago: executing program 0 (id=5666):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00001f00000073013b00000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x68000000}, 0x48)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x90)
sendmsg$nl_route(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)=ANY=[], 0x40}}, 0x0)

1.631154482s ago: executing program 2 (id=5676):
r0 = socket$inet6(0xa, 0x2, 0xfffffffd)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x0, 0x3}}]}}}]}, 0x40}}, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x48, &(0x7f0000000040)=0x9, 0x4)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000cc0)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1}, @exit, @tail_call]}, &(0x7f0000000280)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x2, 0x4, 0x1, 0xbf22, 0x110}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x1, 0x4, 0x6, 0x0, r3}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x1001, 0x16}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r4, &(0x7f00000001c0), &(0x7f0000000600)=@udp6=r5}, 0x20)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1.619351574s ago: executing program 3 (id=5677):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x20000006, 0x4) (async)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x20000006, 0x4)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) (async)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

1.365632235s ago: executing program 1 (id=5679):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="18005e000000fb000000000000000000e500020000000000e500fcff00000000060000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8}, 0x90)

1.256498209s ago: executing program 2 (id=5680):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xfffffffd}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4000000, 0x0, 0x1ff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5}}}}]}]}, 0x70}}, 0x20048000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
setsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000240)={@private0={0xfc, 0x0, '\x00', 0x1}, r2}, 0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
getsockopt$X25_QBITINCL(r4, 0x106, 0x1, 0x0, &(0x7f0000000040)=0x13fe4c102fd7fdb3)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x67, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @timestamp_reply}}}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.246212014s ago: executing program 4 (id=5681):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0xf8, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0xe, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0xc8, 0x2, [@TCA_FLOW_XOR={0x8, 0x7, 0xffffffff}, @TCA_FLOW_EMATCHES={0x94, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x10}}, @TCA_EMATCH_TREE_LIST={0x88, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x3c, 0x3, 0x0, 0x0, {{0x2, 0x9, 0x28}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0xf4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x3}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x90}]}}, @TCF_EM_U32={0x1c, 0x4, 0x0, 0x0, {{0x8, 0x3, 0x2}, {0x4, 0x0, 0x9, 0xffffffff}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7fff, 0x1, 0x8}, {0xc6, 0xdb, 0x200, 0x9, 0x5, 0x1, 0x1}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x2, 0x7, 0x1}, {{0x3, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x1, 0x1}}}}]}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7f}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}]}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}, 0x41}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000040)={<r1=>0x0, 0x7, 0x5, 0x5, 0x800, 0x9}, &(0x7f0000000080)=0x14)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000540)={r1, @in6={{0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x6}}, 0xfffffffc, 0x6, 0x1a83, 0x0, 0x1}, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={r1}, 0x0)

1.185435329s ago: executing program 3 (id=5682):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) (async)
r1 = socket$inet6(0xa, 0x1, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=@newtaction={0x488, 0x30, 0xffff, 0x3, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x2000000, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14880, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x4, 0x20000000, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x7, 0x0, 0x0, 0xfffffffe, {0x3, 0x0, 0x0, 0x0, 0xb, 0x3}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x3, 0x2}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x488}}, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{0x0}], 0x1}}], 0x2, 0x400122a0, 0x0) (async)
r4 = socket(0x1d, 0x2, 0x6)
getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000300000004"], 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000100)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) (async)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

1.158898704s ago: executing program 0 (id=5683):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0xffffffffffffffd6)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000000c0)={0x3, 0x67}, 0x2)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x80000}, 0x1c)

1.0848557s ago: executing program 1 (id=5684):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00'})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008000)

941.730128ms ago: executing program 3 (id=5685):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000340)={0x42, 0x2}, 0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x7e39, 0x200, 0x2, 0x4, <r3=>0x0}, &(0x7f0000000040)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r3, 0x2}, 0x8)
setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001a40)=ANY=[@ANYBLOB="5801000010000100030000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000001600"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000400000033000000ac1414bb00000000000000000000000000000000000000000000000000000000030000000000000004000000000000005700000000000000fdffffffffffffff000000000000010000000000000000007b00000000000000000080000000000000200000000000000000000000000000000000005cfd00000000000000000000000000000a000000aa0000000000000048000100686d61632873686131290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001700010000002bbd70002bbd70002bbd700026bd700004"], 0x158}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)

941.261511ms ago: executing program 4 (id=5686):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x803, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a80)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1, 0xc}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x28, 0x2, [@TCA_CGROUP_EMATCHES={0x24, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xe20c, 0x8, 0xff}, {0x2, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8001}}]}]}}]}, 0x58}}, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 2)

913.11635ms ago: executing program 1 (id=5687):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x3, 0x10, 0xff, {r0, r1/1000+10000}, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{0x4, 0x1}, 0x3, 0x3, 0x0, 0x0, "a367de3a9ca7c873"}}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x20000014)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r2}, 0x38)

900.401824ms ago: executing program 2 (id=5688):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @null, @bpq0, 0xfff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffffff, 0x3, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @null]})

638.450826ms ago: executing program 3 (id=5689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x7, 0x0, 0x20040001, 0x0, 0x2, 0x0, 0x604, 0x400}})

491.227717ms ago: executing program 1 (id=5690):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0x10}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0xd, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe], 0x0, [0x8, 0x4, 0x2, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8, 0x8]}}]}}]}, 0x8c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0xfffffffffffffefc, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x36}, {0x5, 0x8e, 0x1}}]}, 0x4c}}, 0x8000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$inet(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0x10}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0xd, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe], 0x0, [0x8, 0x4, 0x2, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8, 0x8]}}]}}]}, 0x8c}}, 0x0) (async)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0xfffffffffffffefc, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x36}, {0x5, 0x8e, 0x1}}]}, 0x4c}}, 0x8000) (async)

478.862202ms ago: executing program 4 (id=5691):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0xfffffffffffffefc, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x36}, {0x5, 0x8e, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x4c000000}, 0x8000)

450.267575ms ago: executing program 2 (id=5692):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x800}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x44}, 0x1, 0x4000000000000000, 0x0, 0x4}, 0x8004)

313.685389ms ago: executing program 4 (id=5693):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{}, {0x94, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000040)=@ethtool_stats={0x1d, 0x5, [0x101, 0x8, 0x6, 0x9, 0x7]}})

313.43379ms ago: executing program 3 (id=5694):
syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, "0007ffffff00"/100}}}}}}, 0x0)

313.155372ms ago: executing program 2 (id=5695):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x20, 0x3e, 0x301, 0x270bd26, 0x25dfdc00, {0x3}, [@nested={0xc, 0xda, 0x0, 0x1, [@typed={0x7, 0x7, 0x0, 0x0, @str=']!\x00'}]}]}, 0x20}}, 0x8004)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0xc, &(0x7f0000000580)=0x4, 0x4)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x4}]}, 0x38}}, 0x0)
sendmsg$netlink(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="1300000042000106"], 0x1c}], 0x1}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f0000004f40)={0x0, 0x0, &(0x7f0000004f00)={&(0x7f0000000200)=@newtfilter={0x24, 0x2c, 0x11}, 0x24}}, 0x0)
ioctl$sock_netdev_private(r4, 0x89f1, &(0x7f0000000000))
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000340)=0x3, 0x4)
sendmsg$nl_route(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=@getrule={0x14, 0x22, 0x101, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}}, 0x8054)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x24, r9, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x5}, 0x4004080)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000a00)={0x258, r9, 0x100, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x6, 0x23}}}}, [@NL80211_ATTR_IE={0xb, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x0, 0x1}}, @ibss={0x6, 0x2, 0xb}]}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_IE={0x22, 0x2a, [@chsw_timing={0x68, 0x4, {0x0, 0xb}}, @link_id={0x65, 0x12, {@random="131f884f4a46"}}, @ibss={0x6, 0x2, 0x6}]}, @NL80211_ATTR_IE={0x151, 0x2a, [@tim={0x5, 0x9a, {0x0, 0xfb, 0x6, "1be03e797818c22280ee7f62eb4857ab640227e3934a3e8bc312fa2a5bc4ebda59898fef5386b0ef7bffab2da1a32e0318b3488dd54b617f1ba5738830b059984bc6545f3dbdee4212c52bc0e54c6d6ed8c95afe9be181037440144abe660ee166c0d8c5a8f32bcbc6ade462c09431087ccb1620141591a095e1f864d922d122008c9f5f2938cb30ad6861943153842f168fb2d1e4c1e6"}}, @random={0xd8, 0xac, "969622dd210bd7a64069722e60b442dfd1b6db407c4a75703e554d9ea6c772a8e0b1ad3562bb4d81083bc23b2563f45f0310f1092babb99d23ae675704ddd482aa3bce59fbd0f51ca3bdc52ea44308b95712cda1995624f4e24e58d7d89e9e20370b426c668c3bbb30e2971e46011dc59a03a2677e9ec1c5b63dc11a2ea26874bda47939b234a7c86c8ac499baef2e6f9f3c0e5705426d14eca3c3a764c7b0ae54a2bdb009933a96fb7a5c4f"}, @erp={0x2a, 0x1, {0x1, 0x0, 0x1}}]}, @NL80211_ATTR_IE={0xa7, 0x2a, [@ht={0x2d, 0x1a, {0x10, 0x2, 0x5, 0x0, {0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1}, 0x300, 0xf68, 0x56}}, @measure_req={0x26, 0x59, {0x8, 0x67, 0x86, "e5bbfc8b561632009e8c3dface04a4ff23ceeaa93ca8e16694d249e9646769edaf04522c2ccfc24291d8632c12f7a8bb627168da25a1eec0623dd5abb8717593fe6f01edd5231e639ff2aca879c8c6bda07607a6b1bb"}}, @ht={0x2d, 0x1a, {0x40, 0x2, 0x4, 0x0, {0xe, 0xafe, 0x0, 0x7, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x6, 0x3, 0x7b}}, @cf={0x4, 0x6, {0x4, 0x8, 0x7fff, 0x1}}, @gcr_ga={0xbd, 0x6}]}]}, 0x258}, 0x1, 0x0, 0x0, 0x24000012}, 0x20000000)

242.371697ms ago: executing program 4 (id=5696):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000200)=0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@newqdisc={0x80, 0x24, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0x7}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x1ff, 0x4, 0x0, 0x8, 0xfffffffd, 0x8}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x8}]}}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x3, 0xd6b9, 0x3, 0x2, 0x10, 0x7, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x80}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x296}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040885}, 0x40a0)

231.227844ms ago: executing program 1 (id=5697):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00'})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008000)

175.622636ms ago: executing program 0 (id=5698):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="180060000000fb000000000000000000e500020000000000e500fcff00000000060000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8}, 0x90)

132.587957ms ago: executing program 3 (id=5699):
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000140)="b9ff03316844268cb89e14f0080043", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x98)

115.460229ms ago: executing program 2 (id=5700):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r0=>0x0, <r1=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x3, 0x10, 0xff, {r0, r1/1000+10000}, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x1}, 0x1, @can={{0x4, 0x1}, 0x3, 0x3, 0x0, 0x0, "a367de3a9ca7c873"}}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x20000014)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r2}, 0x38)

41.358855ms ago: executing program 4 (id=5701):
r0 = socket$netlink(0x10, 0x3, 0x4)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) (async)
ppoll(&(0x7f0000000000)=[{r0, 0x4000}, {r0, 0x8580}], 0x2, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080)={[0x10000]}, 0x8) (async)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000000c0)=""/44, &(0x7f0000000100)=0x2c) (async)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$BTRFS_IOC_LOGICAL_INO(r2, 0xc0389424, &(0x7f0000000180)={0x627, 0x10, '\x00', 0x1, &(0x7f0000000140)=[0x0, 0x0]}) (async)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000001c0), &(0x7f0000000200)=0x4) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000240)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000000440)={{r2}, r3, 0x14, @unused=[0x9, 0x5, 0x1, 0xa], @subvolid=0x8})
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000001440)={<r4=>0x0, @in={{0x2, 0x4e20, @remote}}}, &(0x7f0000001500)=0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000001540)={r4, @in6={{0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x1ff}}, 0x8, 0xba7}, 0x90)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000001600)={r4, @in={{0x2, 0x4e20, @multicast1}}, 0x4, 0x5}, 0x90) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001700), r0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001740)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000001840)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001800)={&(0x7f0000001780)={0x50, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0xf9, 0x22}}}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x17}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x1}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x2}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7721}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001a40)={0x1b, 0x0, 0x0, 0xdd, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001ac0)={0x1, <r9=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001b80)={0x4, 0x18, &(0x7f0000001880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, {}, {}, [@ldst={0x3, 0x3, 0x0, 0x4, 0x1, 0x18, 0xfffffffffffffffc}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @jmp={0x5, 0x1, 0xc, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0xc, 0x2, 0x8, 0xfffffffffffffffc, 0xffffffffffffffff}, @generic={0x6, 0x1, 0x8, 0x7fff, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001940)='syzkaller\x00', 0x0, 0x31, &(0x7f0000001980)=""/49, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, &(0x7f00000019c0)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000001a00)={0x1, 0xc, 0x6, 0xb93c}, 0x10, 0xffffffffffffffff, r2, 0x2, &(0x7f0000001b00)=[r8, r9], &(0x7f0000001b40)=[{0x5, 0x1, 0x1, 0xa}, {0x3, 0x5, 0x7, 0x9}], 0x10, 0x7fff}, 0x94) (async)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000001c40)={r4, 0xffffffff}, &(0x7f0000001c80)=0x8) (async)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000001d80)={&(0x7f0000001cc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=@newspdinfo={0x34, 0x24, 0x1, 0x70bd29, 0x25dfdbfd, 0x2, [@XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x34}}, 0x2004) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r12 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r12, &(0x7f0000001e80)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001e40)={&(0x7f0000001e00)={0x18, 0x1409, 0x1, 0x70bd2d, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x24000001) (async)
ioctl$sock_inet_SIOCSIFPFLAGS(r10, 0x8934, &(0x7f0000001ec0)={'veth0_virt_wifi\x00', 0x9})
getsockname(r12, &(0x7f0000001f00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000001f80)=0x80)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002000), r0)
sendmsg$NL80211_CMD_GET_INTERFACE(r11, &(0x7f00000020c0)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000002080)={&(0x7f0000002040)={0x14, r13, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}}, 0x844)

41.23063ms ago: executing program 0 (id=5702):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @null, @bpq0, 0xfff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffffff, 0x3, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @null]})

0s ago: executing program 1 (id=5703):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff})
r1 = socket$netlink(0x10, 0x3, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10d00, 0xf)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, r2, 0xa, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x9}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x80000001}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x20000000)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000005c0)="3504000040000511d25a35400c0002000200002037153e370c04018006041000450000002a560000e7ff00000000", 0x2e}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871bdc6598fd32edcba60c675a1e8f4e81e83f73414c179bfb7f329d71fe6e291fb2eaa59b9636cb6a74d0deb46a18c77f37abf0894a7083e0e4c237ff7c24872668ac40e307569a975b2765af8d3268d11b473d5d7544edd1ed0e507c319e128daf7e75c349c9b3de603580d52a6c118acf924216130364bfab8d59969e4dbee0a9208adb7bfa855556be06a666334a0612e4ff3fc6f4ddb9a0c209301081f34824496480d688ae9bd0c3c28ea8ecfe01a2b86dcb3750686a89891d9abf0d584c854b4bc6096293fbc8707312f424996361ef9261ef3ba7cd2ddffb0e3c81e6b962d680e02f7a672dc26476c256459e2c37d94b8461b56ff944edc1a8cd93d0258fcc2f094615c152be66884103af11ff46315cdc9f00"/1031, 0x407}], 0x2}, 0x10049014)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETFILTEREBPF(r4, 0x800454e1, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000200)='veth1_to_bridge\x00', 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r7=>0x0})
setsockopt$inet_mreqn(r5, 0x0, 0x20, &(0x7f0000000440)={@rand_addr=0x64010102, @empty, r7}, 0xc)
r8 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="1400000022000b0fd25880648c6f94f90124fc60", 0x14}], 0x1}, 0x4000010)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000500), 0x4)
setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000540)=r10, 0x4)
r11 = accept4(r9, 0x0, 0x0, 0x0)
sendmsg$alg(r11, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000007c0), r11)
sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="26d0f447f3fbe79092e13ebd6cfc", 0xe}], 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="10010000000000000f010000010000002f368f8ab78f080ca565592c944ddd488edbd4a70d8f11ec7ff95b6ec0878d9758d9ea05cc8120d989bb3429f0e9750b8febfab75a079e69d7e7364eb87acedaa6998d9a205b58338fe6b24dcc69ff0bbc98baf804a8d6e29f3d9dfe96b9a560a28f6e68c9e18729ebde673fa04c277128c3f5c71a73872ff6e8aba7f1867b0d16f7696f19af62b3e9c37e2db242bca7773e5235093c803fe03c67ac6c536ce9eeea56d2f0741c6b724d9fa192e0f3ddadda0ff3f6481bff409509dd63ea844e61008f6b0d261cba217f31cdee0d57c1fecaf2ff5ec28333c2e80f6da8e3b1b34a3a5e56cd225ff0dfc78bc7e6a1590201d9e63c8ad309cfc5b5700580324c00"], 0x110}, 0x20048050)

kernel console output (not intermixed with test programs):

000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  527.524996][T21138]  </TASK>
[  527.904380][T21149] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5030'.
[  528.211942][T21165] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5034'.
[  528.234038][T21165] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  528.407214][T21172] FAULT_INJECTION: forcing a failure.
[  528.407214][T21172] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.464695][T21172] CPU: 0 UID: 0 PID: 21172 Comm: syz.3.5038 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  528.464727][T21172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  528.464740][T21172] Call Trace:
[  528.464749][T21172]  <TASK>
[  528.464760][T21172]  dump_stack_lvl+0x189/0x250
[  528.464788][T21172]  ? __pfx____ratelimit+0x10/0x10
[  528.464816][T21172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  528.464837][T21172]  ? __pfx__printk+0x10/0x10
[  528.464862][T21172]  ? __might_fault+0xb0/0x130
[  528.464905][T21172]  should_fail_ex+0x414/0x560
[  528.464942][T21172]  _copy_from_user+0x2d/0xb0
[  528.464971][T21172]  ___sys_sendmsg+0x158/0x2a0
[  528.464996][T21172]  ? __pfx____sys_sendmsg+0x10/0x10
[  528.465059][T21172]  ? __fget_files+0x2a/0x420
[  528.465078][T21172]  ? __fget_files+0x3a0/0x420
[  528.465110][T21172]  __x64_sys_sendmsg+0x19b/0x260
[  528.465136][T21172]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  528.465171][T21172]  ? __pfx_ksys_write+0x10/0x10
[  528.465198][T21172]  ? rcu_is_watching+0x15/0xb0
[  528.465235][T21172]  ? do_syscall_64+0xbe/0x3b0
[  528.465270][T21172]  do_syscall_64+0xfa/0x3b0
[  528.465297][T21172]  ? lockdep_hardirqs_on+0x9c/0x150
[  528.465337][T21172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.465357][T21172]  ? clear_bhb_loop+0x60/0xb0
[  528.465392][T21172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.465412][T21172] RIP: 0033:0x7f479278eb69
[  528.465432][T21172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.465451][T21172] RSP: 002b:00007f4793550038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  528.465475][T21172] RAX: ffffffffffffffda RBX: 00007f47929b5fa0 RCX: 00007f479278eb69
[  528.465491][T21172] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  528.465504][T21172] RBP: 00007f4793550090 R08: 0000000000000000 R09: 0000000000000000
[  528.465518][T21172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.465530][T21172] R13: 0000000000000000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  528.465564][T21172]  </TASK>
[  528.847044][T21189] netlink: 84 bytes leftover after parsing attributes in process `syz.4.5046'.
[  528.877946][T21190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5047'.
[  528.964127][T21190] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  529.112838][T21189] team0 (unregistering): Port device team_slave_0 removed
[  529.159520][T21189] team0 (unregistering): Port device team_slave_1 removed
[  529.201877][T21189] team0 (unregistering): Port device bond1 removed
[  529.295129][T21217] netlink: 'syz.3.5054': attribute type 1 has an invalid length.
[  529.352248][ T9001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  529.761176][T21232] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  529.775584][T21232] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  529.789492][T21232] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  529.886896][T21240] IPVS: length: 214 != 24
[  530.027684][T21247] FAULT_INJECTION: forcing a failure.
[  530.027684][T21247] name failslab, interval 1, probability 0, space 0, times 0
[  530.061078][T21247] CPU: 0 UID: 0 PID: 21247 Comm: syz.2.5062 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  530.061122][T21247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  530.061135][T21247] Call Trace:
[  530.061145][T21247]  <TASK>
[  530.061154][T21247]  dump_stack_lvl+0x189/0x250
[  530.061184][T21247]  ? __pfx____ratelimit+0x10/0x10
[  530.061226][T21247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.061249][T21247]  ? __pfx__printk+0x10/0x10
[  530.061282][T21247]  ? __pfx___might_resched+0x10/0x10
[  530.061311][T21247]  ? fs_reclaim_acquire+0x7d/0x100
[  530.061340][T21247]  should_fail_ex+0x414/0x560
[  530.061377][T21247]  should_failslab+0xa8/0x100
[  530.061400][T21247]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  530.061430][T21247]  ? __alloc_skb+0x112/0x2d0
[  530.061466][T21247]  __alloc_skb+0x112/0x2d0
[  530.061497][T21247]  netlink_ack+0x146/0xa50
[  530.061523][T21247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  530.061568][T21247]  netlink_rcv_skb+0x28c/0x470
[  530.061594][T21247]  ? __lock_acquire+0xab9/0xd20
[  530.061623][T21247]  ? __pfx_genl_rcv_msg+0x10/0x10
[  530.061647][T21247]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  530.061696][T21247]  ? down_read+0x1ad/0x2e0
[  530.061731][T21247]  genl_rcv+0x28/0x40
[  530.061752][T21247]  netlink_unicast+0x82c/0x9e0
[  530.061789][T21247]  ? __pfx_netlink_unicast+0x10/0x10
[  530.061824][T21247]  ? netlink_sendmsg+0x642/0xb30
[  530.061851][T21247]  ? skb_put+0x11b/0x210
[  530.061877][T21247]  netlink_sendmsg+0x805/0xb30
[  530.061918][T21247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.061954][T21247]  ? aa_sock_msg_perm+0x94/0x160
[  530.061982][T21247]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  530.062005][T21247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.062035][T21247]  __sock_sendmsg+0x21c/0x270
[  530.062064][T21247]  __sys_sendto+0x3bd/0x520
[  530.062098][T21247]  ? __pfx___sys_sendto+0x10/0x10
[  530.062141][T21247]  ? count_memcg_event_mm+0x21/0x260
[  530.062191][T21247]  ? rcu_is_watching+0x15/0xb0
[  530.062226][T21247]  __x64_sys_sendto+0xde/0x100
[  530.062261][T21247]  do_syscall_64+0xfa/0x3b0
[  530.062288][T21247]  ? lockdep_hardirqs_on+0x9c/0x150
[  530.062314][T21247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.062334][T21247]  ? clear_bhb_loop+0x60/0xb0
[  530.062357][T21247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.062374][T21247] RIP: 0033:0x7f61237909fc
[  530.062394][T21247] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  530.062412][T21247] RSP: 002b:00007f61245d3e90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  530.062436][T21247] RAX: ffffffffffffffda RBX: 00007f61245d3fa0 RCX: 00007f61237909fc
[  530.062451][T21247] RDX: 0000000000000028 RSI: 00007f61245d3ff0 RDI: 0000000000000007
[  530.062463][T21247] RBP: 0000000000000000 R08: 00007f61245d3ee4 R09: 000000000000000c
[  530.062476][T21247] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[  530.062488][T21247] R13: 00007f61245d3f38 R14: 00007f61245d3ff0 R15: 0000000000000000
[  530.062525][T21247]  </TASK>
[  530.071198][T21248] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  530.385870][T21259] FAULT_INJECTION: forcing a failure.
[  530.385870][T21259] name failslab, interval 1, probability 0, space 0, times 0
[  530.430131][T21245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  530.449297][T21259] CPU: 1 UID: 0 PID: 21259 Comm: syz.0.5065 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  530.449327][T21259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  530.449341][T21259] Call Trace:
[  530.449350][T21259]  <TASK>
[  530.449360][T21259]  dump_stack_lvl+0x189/0x250
[  530.449389][T21259]  ? __pfx____ratelimit+0x10/0x10
[  530.449427][T21259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.449449][T21259]  ? __pfx__printk+0x10/0x10
[  530.449483][T21259]  ? __pfx___might_resched+0x10/0x10
[  530.449519][T21259]  should_fail_ex+0x414/0x560
[  530.449558][T21259]  should_failslab+0xa8/0x100
[  530.449581][T21259]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  530.449612][T21259]  ? __alloc_skb+0x112/0x2d0
[  530.449646][T21259]  __alloc_skb+0x112/0x2d0
[  530.449681][T21259]  netlink_sendmsg+0x5c6/0xb30
[  530.449724][T21259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.449757][T21259]  ? aa_sock_msg_perm+0x94/0x160
[  530.449785][T21259]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  530.449807][T21259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.449836][T21259]  __sock_sendmsg+0x21c/0x270
[  530.449865][T21259]  ____sys_sendmsg+0x505/0x830
[  530.449892][T21259]  ? __pfx_____sys_sendmsg+0x10/0x10
[  530.449923][T21259]  ? import_iovec+0x74/0xa0
[  530.449955][T21259]  ___sys_sendmsg+0x21f/0x2a0
[  530.449977][T21259]  ? __pfx____sys_sendmsg+0x10/0x10
[  530.450043][T21259]  ? __fget_files+0x2a/0x420
[  530.450062][T21259]  ? __fget_files+0x3a0/0x420
[  530.450096][T21259]  __x64_sys_sendmsg+0x19b/0x260
[  530.450121][T21259]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  530.450157][T21259]  ? __pfx_ksys_write+0x10/0x10
[  530.450182][T21259]  ? rcu_is_watching+0x15/0xb0
[  530.450220][T21259]  ? do_syscall_64+0xbe/0x3b0
[  530.450254][T21259]  do_syscall_64+0xfa/0x3b0
[  530.450282][T21259]  ? lockdep_hardirqs_on+0x9c/0x150
[  530.450309][T21259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.450329][T21259]  ? clear_bhb_loop+0x60/0xb0
[  530.450355][T21259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.450409][T21259] RIP: 0033:0x7f248e78eb69
[  530.450429][T21259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.450448][T21259] RSP: 002b:00007f248f6e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  530.450472][T21259] RAX: ffffffffffffffda RBX: 00007f248e9b5fa0 RCX: 00007f248e78eb69
[  530.450488][T21259] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  530.450502][T21259] RBP: 00007f248f6e3090 R08: 0000000000000000 R09: 0000000000000000
[  530.450515][T21259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.450528][T21259] R13: 0000000000000000 R14: 00007f248e9b5fa0 R15: 00007ffc4c5bc548
[  530.450563][T21259]  </TASK>
[  530.845868][T21261] chnl_net:caif_netlink_parms(): no params data found
[  531.167141][T21284] __nla_validate_parse: 4 callbacks suppressed
[  531.167165][T21284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5077'.
[  531.448246][T21296] bond0: Device is already in use.
[  531.494982][T21300] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  531.509297][T21300] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address
[  531.535702][T21300] bond0: (slave ipvlan4): Error -95 calling set_mac_address
[  531.663464][ T5846] Bluetooth: hci4: link tx timeout
[  531.668947][ T5846] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  531.761551][T21314] FAULT_INJECTION: forcing a failure.
[  531.761551][T21314] name failslab, interval 1, probability 0, space 0, times 0
[  531.767917][T21313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5087'.
[  531.776194][T21314] CPU: 1 UID: 0 PID: 21314 Comm: syz.4.5091 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  531.776222][T21314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  531.776234][T21314] Call Trace:
[  531.776242][T21314]  <TASK>
[  531.776251][T21314]  dump_stack_lvl+0x189/0x250
[  531.776277][T21314]  ? __pfx____ratelimit+0x10/0x10
[  531.776303][T21314]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.776323][T21314]  ? __pfx__printk+0x10/0x10
[  531.776353][T21314]  ? __pfx___might_resched+0x10/0x10
[  531.776387][T21314]  should_fail_ex+0x414/0x560
[  531.776421][T21314]  should_failslab+0xa8/0x100
[  531.776442][T21314]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  531.776470][T21314]  ? __alloc_skb+0x112/0x2d0
[  531.776504][T21314]  __alloc_skb+0x112/0x2d0
[  531.776536][T21314]  netlink_dump+0x1b7/0xe90
[  531.776576][T21314]  ? __pfx_netlink_dump+0x10/0x10
[  531.776622][T21314]  ? genl_start+0x499/0x6c0
[  531.776652][T21314]  __netlink_dump_start+0x5cb/0x7e0
[  531.776687][T21314]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  531.776721][T21314]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  531.776741][T21314]  ? genl_get_cmd+0x7d9/0x910
[  531.776764][T21314]  ? __pfx___mutex_lock+0x10/0x10
[  531.776793][T21314]  ? __pfx_genl_start+0x10/0x10
[  531.776811][T21314]  ? __pfx_genl_dumpit+0x10/0x10
[  531.776829][T21314]  ? __pfx_genl_done+0x10/0x10
[  531.776877][T21314]  ? stack_trace_save+0x9c/0xe0
[  531.776905][T21314]  genl_rcv_msg+0x5da/0x790
[  531.776935][T21314]  ? __pfx_genl_rcv_msg+0x10/0x10
[  531.776955][T21314]  ? __pfx_nl802154_dump_interface+0x10/0x10
[  531.776999][T21314]  netlink_rcv_skb+0x208/0x470
[  531.777023][T21314]  ? __lock_acquire+0xab9/0xd20
[  531.777049][T21314]  ? __pfx_genl_rcv_msg+0x10/0x10
[  531.777072][T21314]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  531.777121][T21314]  ? down_read+0x1ad/0x2e0
[  531.777142][T21314]  genl_rcv+0x28/0x40
[  531.777161][T21314]  netlink_unicast+0x82c/0x9e0
[  531.777196][T21314]  ? __pfx_netlink_unicast+0x10/0x10
[  531.777223][T21314]  ? netlink_sendmsg+0x642/0xb30
[  531.777248][T21314]  ? skb_put+0x11b/0x210
[  531.777278][T21314]  netlink_sendmsg+0x805/0xb30
[  531.777323][T21314]  ? __pfx_netlink_sendmsg+0x10/0x10
[  531.777354][T21314]  ? aa_sock_msg_perm+0x94/0x160
[  531.777381][T21314]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  531.777402][T21314]  ? __pfx_netlink_sendmsg+0x10/0x10
[  531.777430][T21314]  __sock_sendmsg+0x21c/0x270
[  531.777459][T21314]  ____sys_sendmsg+0x505/0x830
[  531.777487][T21314]  ? __pfx_____sys_sendmsg+0x10/0x10
[  531.777518][T21314]  ? import_iovec+0x74/0xa0
[  531.777548][T21314]  ___sys_sendmsg+0x21f/0x2a0
[  531.777570][T21314]  ? __pfx____sys_sendmsg+0x10/0x10
[  531.777633][T21314]  ? __fget_files+0x2a/0x420
[  531.777650][T21314]  ? __fget_files+0x3a0/0x420
[  531.777681][T21314]  __x64_sys_sendmsg+0x19b/0x260
[  531.777721][T21314]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  531.777763][T21314]  ? __pfx_ksys_write+0x10/0x10
[  531.777792][T21314]  ? rcu_is_watching+0x15/0xb0
[  531.777833][T21314]  ? do_syscall_64+0xbe/0x3b0
[  531.777870][T21314]  do_syscall_64+0xfa/0x3b0
[  531.777894][T21314]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.777919][T21314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.777937][T21314]  ? clear_bhb_loop+0x60/0xb0
[  531.777961][T21314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.777978][T21314] RIP: 0033:0x7fd9f898eb69
[  531.778002][T21314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.778018][T21314] RSP: 002b:00007fd9f97e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  531.778048][T21314] RAX: ffffffffffffffda RBX: 00007fd9f8bb5fa0 RCX: 00007fd9f898eb69
[  531.778068][T21314] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000004
[  531.778080][T21314] RBP: 00007fd9f97e1090 R08: 0000000000000000 R09: 0000000000000000
[  531.778092][T21314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.778109][T21314] R13: 0000000000000000 R14: 00007fd9f8bb5fa0 R15: 00007ffcfe673998
[  531.778157][T21314]  </TASK>
[  532.493221][T21342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5098'.
[  532.599698][T21333] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  532.632882][T21351] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5103'.
[  532.698377][T21333] syzkaller0: entered promiscuous mode
[  532.716955][T21333] syzkaller0: entered allmulticast mode
[  532.797351][T21331] tipc: Resetting bearer <eth:syzkaller0>
[  533.746200][T20759] Bluetooth: hci4: command 0x0405 tx timeout
[  533.925097][T21373] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5112'.
[  535.033866][T21331] tipc: Disabling bearer <eth:syzkaller0>
[  535.135092][T21377] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5113'.
[  535.157852][T21377] openvswitch: netlink: Flow key attr not present in new flow.
[  535.257318][T21377] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5113'.
[  535.674665][T21405] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  535.714114][T21405] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address
[  535.740579][T21405] bond0: (slave ipvlan4): Error -95 calling set_mac_address
[  536.061103][T21421] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  536.088458][T21421] syzkaller0: entered promiscuous mode
[  536.112545][T21421] syzkaller0: entered allmulticast mode
[  536.147810][T21421] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  536.186418][T21421] syzkaller0: mtu greater than device maximum
[  536.208731][T21420] tipc: Resetting bearer <eth:syzkaller0>
[  536.253366][T21420] tipc: Disabling bearer <eth:syzkaller0>
[  536.677691][T21440] netlink: 'syz.2.5134': attribute type 29 has an invalid length.
[  536.730031][T21444] netlink: 'syz.2.5134': attribute type 29 has an invalid length.
[  536.802488][T21448] netlink: 3 bytes leftover after parsing attributes in process `syz.4.5136'.
[  536.816852][T21448] openvswitch: netlink: Actions may not be safe on all matching packets
[  536.884061][T21445] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  537.054857][T21457] openvswitch: netlink: Actions may not be safe on all matching packets
[  537.068379][T21445] syzkaller0: entered promiscuous mode
[  537.074530][T21445] syzkaller0: entered allmulticast mode
[  537.116860][T21455] syzkaller0: mtu less than device minimum
[  537.130642][T21442] syz.4.5136 (21442) used greatest stack depth: 17864 bytes left
[  537.207298][T21443] tipc: Resetting bearer <eth:syzkaller0>
[  537.235305][T21463] FAULT_INJECTION: forcing a failure.
[  537.235305][T21463] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  537.278407][T21463] CPU: 1 UID: 0 PID: 21463 Comm: syz.2.5143 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  537.278440][T21463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  537.278454][T21463] Call Trace:
[  537.278463][T21463]  <TASK>
[  537.278473][T21463]  dump_stack_lvl+0x189/0x250
[  537.278501][T21463]  ? __pfx____ratelimit+0x10/0x10
[  537.278530][T21463]  ? __pfx_dump_stack_lvl+0x10/0x10
[  537.278551][T21463]  ? __pfx__printk+0x10/0x10
[  537.278577][T21463]  ? __might_fault+0xb0/0x130
[  537.278629][T21463]  should_fail_ex+0x414/0x560
[  537.278667][T21463]  _copy_to_iter+0x1db/0x16f0
[  537.278693][T21463]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  537.278721][T21463]  ? lockdep_hardirqs_on+0x9c/0x150
[  537.278753][T21463]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  537.278781][T21463]  ? __pfx__copy_to_iter+0x10/0x10
[  537.278802][T21463]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  537.278835][T21463]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  537.278866][T21463]  __skb_datagram_iter+0xf8/0x990
[  537.278890][T21463]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  537.278922][T21463]  skb_copy_datagram_iter+0xc5/0x230
[  537.278950][T21463]  netlink_recvmsg+0x2ab/0xa30
[  537.278992][T21463]  ? __pfx_netlink_recvmsg+0x10/0x10
[  537.279028][T21463]  ? aa_sock_msg_perm+0x94/0x160
[  537.279059][T21463]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  537.279081][T21463]  ? security_socket_recvmsg+0x7e/0x2e0
[  537.279101][T21463]  ? __pfx_netlink_recvmsg+0x10/0x10
[  537.279131][T21463]  sock_recvmsg+0x22c/0x270
[  537.279164][T21463]  __sys_recvfrom+0x1f6/0x340
[  537.279188][T21463]  ? __pfx___sys_recvfrom+0x10/0x10
[  537.279220][T21463]  ? count_memcg_event_mm+0x21/0x260
[  537.279267][T21463]  ? rcu_is_watching+0x15/0xb0
[  537.279304][T21463]  __x64_sys_recvfrom+0xde/0x100
[  537.279326][T21463]  do_syscall_64+0xfa/0x3b0
[  537.279354][T21463]  ? lockdep_hardirqs_on+0x9c/0x150
[  537.279380][T21463]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.279400][T21463]  ? clear_bhb_loop+0x60/0xb0
[  537.279424][T21463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.279442][T21463] RIP: 0033:0x7f6123790934
[  537.279462][T21463] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[  537.279479][T21463] RSP: 002b:00007f61245d3f00 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  537.279501][T21463] RAX: ffffffffffffffda RBX: 000000000000002d RCX: 00007f6123790934
[  537.279516][T21463] RDX: 0000000000001000 RSI: 00007f61245d3ff0 RDI: 0000000000000007
[  537.279529][T21463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  537.279540][T21463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6123812ba8
[  537.279553][T21463] R13: 00007f61245d3fa0 R14: 0000000000000013 R15: 0000000000000000
[  537.279586][T21463]  </TASK>
[  537.580723][T21466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  538.039103][T21462] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.735107][T21443] tipc: Disabling bearer <eth:syzkaller0>
[  539.918887][T21484] netlink: 'syz.0.5149': attribute type 29 has an invalid length.
[  539.956839][T21484] netlink: 'syz.0.5149': attribute type 29 has an invalid length.
[  540.332742][T21504] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5159'.
[  540.349135][T21509] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5160'.
[  540.380676][T21511] FAULT_INJECTION: forcing a failure.
[  540.380676][T21511] name failslab, interval 1, probability 0, space 0, times 0
[  540.402891][T21511] CPU: 1 UID: 0 PID: 21511 Comm: syz.3.5162 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  540.402923][T21511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  540.402937][T21511] Call Trace:
[  540.402946][T21511]  <TASK>
[  540.402956][T21511]  dump_stack_lvl+0x189/0x250
[  540.402985][T21511]  ? __pfx____ratelimit+0x10/0x10
[  540.403015][T21511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  540.403037][T21511]  ? __pfx__printk+0x10/0x10
[  540.403061][T21511]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  540.403098][T21511]  ? ref_tracker_alloc+0x318/0x460
[  540.403124][T21511]  should_fail_ex+0x414/0x560
[  540.403161][T21511]  should_failslab+0xa8/0x100
[  540.403185][T21511]  kmem_cache_alloc_noprof+0x73/0x3c0
[  540.403214][T21511]  ? skb_clone+0x212/0x3a0
[  540.403242][T21511]  skb_clone+0x212/0x3a0
[  540.403270][T21511]  __netlink_deliver_tap+0x404/0x850
[  540.403317][T21511]  ? netlink_deliver_tap+0x2e/0x1b0
[  540.403348][T21511]  netlink_deliver_tap+0x19c/0x1b0
[  540.403377][T21511]  __netlink_sendskb+0x47/0x90
[  540.403421][T21511]  netlink_dump+0xa84/0xe90
[  540.403474][T21511]  ? __pfx_netlink_dump+0x10/0x10
[  540.403499][T21511]  ? __netlink_lookup+0x752/0x810
[  540.403540][T21511]  ? netlink_lookup+0x30/0x200
[  540.403567][T21511]  ? netlink_lookup+0x30/0x200
[  540.403591][T21511]  ? netlink_lookup+0x30/0x200
[  540.403633][T21511]  __netlink_dump_start+0x5cb/0x7e0
[  540.403673][T21511]  rtnetlink_rcv_msg+0x9eb/0xb70
[  540.403706][T21511]  ? __pfx_rtm_dump_nexthop_bucket+0x10/0x10
[  540.403731][T21511]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  540.403759][T21511]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  540.403785][T21511]  ? ref_tracker_free+0x63a/0x7d0
[  540.403805][T21511]  ? __pfx_rtnl_dumpit+0x10/0x10
[  540.403832][T21511]  ? __pfx_rtm_dump_nexthop_bucket+0x10/0x10
[  540.403872][T21511]  netlink_rcv_skb+0x208/0x470
[  540.403903][T21511]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  540.403934][T21511]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  540.403977][T21511]  ? netlink_deliver_tap+0x2e/0x1b0
[  540.404016][T21511]  netlink_unicast+0x82c/0x9e0
[  540.404053][T21511]  ? __pfx_netlink_unicast+0x10/0x10
[  540.404082][T21511]  ? netlink_sendmsg+0x642/0xb30
[  540.404108][T21511]  ? skb_put+0x11b/0x210
[  540.404131][T21511]  netlink_sendmsg+0x805/0xb30
[  540.404171][T21511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.404204][T21511]  ? aa_sock_msg_perm+0x94/0x160
[  540.404233][T21511]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  540.404256][T21511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.404288][T21511]  __sock_sendmsg+0x21c/0x270
[  540.404319][T21511]  ____sys_sendmsg+0x505/0x830
[  540.404348][T21511]  ? __pfx_____sys_sendmsg+0x10/0x10
[  540.404382][T21511]  ? import_iovec+0x74/0xa0
[  540.404415][T21511]  ___sys_sendmsg+0x21f/0x2a0
[  540.404441][T21511]  ? __pfx____sys_sendmsg+0x10/0x10
[  540.404519][T21511]  ? __fget_files+0x2a/0x420
[  540.404539][T21511]  ? __fget_files+0x3a0/0x420
[  540.404573][T21511]  __x64_sys_sendmsg+0x19b/0x260
[  540.404599][T21511]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  540.404651][T21511]  ? __pfx_ksys_write+0x10/0x10
[  540.404676][T21511]  ? rcu_is_watching+0x15/0xb0
[  540.404713][T21511]  ? do_syscall_64+0xbe/0x3b0
[  540.404748][T21511]  do_syscall_64+0xfa/0x3b0
[  540.404775][T21511]  ? lockdep_hardirqs_on+0x9c/0x150
[  540.404801][T21511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.404822][T21511]  ? clear_bhb_loop+0x60/0xb0
[  540.404848][T21511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.404868][T21511] RIP: 0033:0x7f479278eb69
[  540.404888][T21511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.404907][T21511] RSP: 002b:00007f4793550038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  540.404932][T21511] RAX: ffffffffffffffda RBX: 00007f47929b5fa0 RCX: 00007f479278eb69
[  540.404947][T21511] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  540.404961][T21511] RBP: 00007f4793550090 R08: 0000000000000000 R09: 0000000000000000
[  540.404974][T21511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.404987][T21511] R13: 0000000000000000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  540.405025][T21511]  </TASK>
[  540.832892][T21513] veth0_to_bond: left allmulticast mode
[  540.840941][T21513] veth0_to_bond: left promiscuous mode
[  540.849623][T21513] bridge18: port 1(veth0_to_bond) entered disabled state
[  540.930681][T21508] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5161'.
[  540.944866][T21504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5159'.
[  540.960242][T21508] bond0: entered promiscuous mode
[  540.986456][T21508] bond0: left promiscuous mode
[  541.082501][T21512] tunl0: entered allmulticast mode
[  541.089137][T21512] gre0: entered allmulticast mode
[  541.094529][T21512] gretap0: entered allmulticast mode
[  541.101948][T21512] erspan0: entered allmulticast mode
[  541.108212][T21512] ip_vti0: entered allmulticast mode
[  541.114199][T21512] ip6_vti0: entered allmulticast mode
[  541.120915][T21512] sit0: left promiscuous mode
[  541.126818][T21512] sit0: entered allmulticast mode
[  541.132297][T21512] ip6tnl0: entered allmulticast mode
[  541.142652][T21512] ip6gre0: entered allmulticast mode
[  541.149538][T21512] syz_tun: left promiscuous mode
[  541.159343][T21512] ip6gretap0: entered allmulticast mode
[  541.165405][T21512] vcan0: entered allmulticast mode
[  541.174413][T21512] nlmon0: entered allmulticast mode
[  541.181576][T21512] caif0: entered allmulticast mode
[  541.191577][T21512] veth0: entered allmulticast mode
[  541.198067][T21512] wg0: entered allmulticast mode
[  541.203570][T21512] wg1: entered allmulticast mode
[  541.211020][T21512] wg2: entered allmulticast mode
[  541.233147][T21512] veth0_to_bridge: left promiscuous mode
[  541.242114][T21512] veth1_to_bridge: entered allmulticast mode
[  541.247107][T21530] FAULT_INJECTION: forcing a failure.
[  541.247107][T21530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  541.250572][T21512] bond_slave_0: entered allmulticast mode
[  541.271282][T21512] veth1_to_bond: entered allmulticast mode
[  541.272257][T21530] CPU: 0 UID: 0 PID: 21530 Comm: syz.3.5167 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  541.272283][T21530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  541.272295][T21530] Call Trace:
[  541.272303][T21530]  <TASK>
[  541.272311][T21530]  dump_stack_lvl+0x189/0x250
[  541.272337][T21530]  ? __pfx____ratelimit+0x10/0x10
[  541.272364][T21530]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.272384][T21530]  ? __pfx__printk+0x10/0x10
[  541.272408][T21530]  ? __might_fault+0xb0/0x130
[  541.272447][T21530]  should_fail_ex+0x414/0x560
[  541.272482][T21530]  _copy_from_iter+0x1db/0x16f0
[  541.272510][T21530]  ? rcu_is_watching+0x15/0xb0
[  541.272540][T21530]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  541.272570][T21530]  ? __pfx__copy_from_iter+0x10/0x10
[  541.272603][T21530]  ? __build_skb_around+0x257/0x3e0
[  541.272635][T21530]  ? netlink_sendmsg+0x642/0xb30
[  541.272660][T21530]  ? skb_put+0x11b/0x210
[  541.272682][T21530]  netlink_sendmsg+0x6b2/0xb30
[  541.272719][T21530]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.272750][T21530]  ? aa_sock_msg_perm+0x94/0x160
[  541.272776][T21530]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  541.272797][T21530]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.272825][T21530]  __sock_sendmsg+0x21c/0x270
[  541.272852][T21530]  ____sys_sendmsg+0x505/0x830
[  541.272878][T21530]  ? __pfx_____sys_sendmsg+0x10/0x10
[  541.272908][T21530]  ? import_iovec+0x74/0xa0
[  541.272937][T21530]  ___sys_sendmsg+0x21f/0x2a0
[  541.272959][T21530]  ? __pfx____sys_sendmsg+0x10/0x10
[  541.273018][T21530]  ? __fget_files+0x2a/0x420
[  541.273036][T21530]  ? __fget_files+0x3a0/0x420
[  541.273066][T21530]  __x64_sys_sendmsg+0x19b/0x260
[  541.273089][T21530]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  541.273120][T21530]  ? __pfx_ksys_write+0x10/0x10
[  541.273143][T21530]  ? rcu_is_watching+0x15/0xb0
[  541.273175][T21530]  ? do_syscall_64+0xbe/0x3b0
[  541.273213][T21530]  do_syscall_64+0xfa/0x3b0
[  541.273237][T21530]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.273262][T21530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.273280][T21530]  ? clear_bhb_loop+0x60/0xb0
[  541.273304][T21530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.273322][T21530] RIP: 0033:0x7f479278eb69
[  541.273339][T21530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.273356][T21530] RSP: 002b:00007f4793550038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  541.273377][T21530] RAX: ffffffffffffffda RBX: 00007f47929b5fa0 RCX: 00007f479278eb69
[  541.273391][T21530] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  541.273404][T21530] RBP: 00007f4793550090 R08: 0000000000000000 R09: 0000000000000000
[  541.273416][T21530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  541.273427][T21530] R13: 0000000000000000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  541.273458][T21530]  </TASK>
[  541.606550][T21512] bond_slave_1: entered allmulticast mode
[  541.612881][T21512] veth0_to_team: entered allmulticast mode
[  541.620589][T21512] team_slave_0: entered allmulticast mode
[  541.627257][T21512] veth1_to_team: entered allmulticast mode
[  541.633559][T21512] team_slave_1: entered allmulticast mode
[  541.640310][T21512] veth0_to_batadv: entered allmulticast mode
[  541.647180][T21512] batadv_slave_0: entered allmulticast mode
[  541.653690][T21512] veth1_to_batadv: entered allmulticast mode
[  541.661185][T21512] batadv_slave_1: entered allmulticast mode
[  541.668388][T21512] xfrm0: entered allmulticast mode
[  541.674227][T21512] veth0_to_hsr: entered allmulticast mode
[  541.681293][T21512] hsr0: left promiscuous mode
[  541.688274][T21512] veth1_virt_wifi: entered allmulticast mode
[  541.694603][T21512] veth0_virt_wifi: entered allmulticast mode
[  541.701285][T21512] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  541.709154][T21512] veth1_vlan: entered allmulticast mode
[  541.715113][T21512] vlan0: entered allmulticast mode
[  541.720787][T21512] vlan1: entered allmulticast mode
[  541.726183][T21512] macvlan0: entered allmulticast mode
[  541.732009][T21512] macvlan1: entered allmulticast mode
[  541.739376][T21512] ipvlan0: entered allmulticast mode
[  541.745511][T21512] veth1_macvtap: entered allmulticast mode
[  541.752878][T21512] veth0_macvtap: entered allmulticast mode
[  541.760262][T21512] macsec0: entered allmulticast mode
[  541.767148][T21512] geneve0: entered allmulticast mode
[  541.773555][T21512] geneve1: entered allmulticast mode
[  541.783575][T21512] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  541.794374][T21512] bond1: entered allmulticast mode
[  541.800320][T21512] @: entered allmulticast mode
[  541.805541][T21512] veth2: entered allmulticast mode
[  541.811469][T21512] veth3: entered allmulticast mode
[  541.817725][T21512] veth4: entered allmulticast mode
[  541.823539][T21512] veth5: entered allmulticast mode
[  541.831813][T21512] bridge1: entered allmulticast mode
[  541.839816][T21512] ip6erspan0: left promiscuous mode
[  541.845366][T21512] ip6erspan0: entered allmulticast mode
[  541.851931][T21512] bridge2: entered allmulticast mode
[  541.858311][T21512] bridge3: entered allmulticast mode
[  541.864254][T21512] vlan2: entered allmulticast mode
[  541.870587][T21512] gre1: entered allmulticast mode
[  541.876786][T21512] gre2: entered allmulticast mode
[  541.882261][T21512] bridge4: entered allmulticast mode
[  541.888305][T21512] veth6: entered allmulticast mode
[  541.894126][T21512] veth7: entered allmulticast mode
[  541.900607][T21512] gre3: entered allmulticast mode
[  541.907309][T21512] bond2: entered allmulticast mode
[  541.912784][T21512] gretap1: entered allmulticast mode
[  541.919157][T21512] gretap1: left promiscuous mode
[  541.925046][T21512] gre4: entered allmulticast mode
[  541.931926][T21512] bridge5: entered allmulticast mode
[  541.939412][T21512] syztnl2: entered allmulticast mode
[  541.947670][T21512] bridge6: entered allmulticast mode
[  541.956837][T21512] bridge7: entered allmulticast mode
[  541.963998][T21512] netdevsim netdevsim4 eth0: entered allmulticast mode
[  541.972375][T21512] netdevsim netdevsim4 eth1: entered allmulticast mode
[  541.979981][T21512] netdevsim netdevsim4 eth2: entered allmulticast mode
[  541.988941][T21512] netdevsim netdevsim4 eth3: entered allmulticast mode
[  541.997090][T21512] gre5: entered allmulticast mode
[  542.003738][T21512] bridge8: entered allmulticast mode
[  542.012742][T21512] bridge9: entered allmulticast mode
[  542.020477][T21512] bridge10: entered allmulticast mode
[  542.027771][T21512] bond0: entered allmulticast mode
[  542.035068][T21512] sit1: entered allmulticast mode
[  542.043707][T21512] bridge11: entered allmulticast mode
[  542.053859][T21512] geneve2: entered allmulticast mode
[  542.064004][T21512] bridge12: entered allmulticast mode
[  542.072499][T21512] bridge13: entered allmulticast mode
[  542.083165][T21512] bridge14: entered allmulticast mode
[  542.092932][T21512] bridge15: entered allmulticast mode
[  542.101132][T21512] bridge16: entered allmulticast mode
[  542.109706][T21512] bridge17: entered allmulticast mode
[  542.117802][T21512] veth8: entered allmulticast mode
[  542.123901][T21512] veth9: entered allmulticast mode
[  542.131613][T21512] bridge18: entered allmulticast mode
[  542.139723][T21512] ip6tnl1: entered allmulticast mode
[  542.147976][T21512] bridge19: entered allmulticast mode
[  542.155890][T21512] bridge20: entered allmulticast mode
[  542.164842][T21512] bridge21: entered allmulticast mode
[  542.176780][T21512] bridge22: entered allmulticast mode
[  542.184538][T21512] bridge23: entered allmulticast mode
[  542.192750][T21512] gtp0: entered allmulticast mode
[  542.199884][T21512] bridge24: entered allmulticast mode
[  542.209520][T21512] bridge25: entered allmulticast mode
[  542.324987][T21541] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  542.353517][T21541] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address
[  542.375153][T21541] bond0: (slave ipvlan4): Error -95 calling set_mac_address
[  542.422782][   T13] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  542.452778][T21546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5173'.
[  542.459390][T21553] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5175'.
[  542.478053][T21552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  542.490349][T21552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  542.523097][T21552] hsr0: entered promiscuous mode
[  542.548754][   T13] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  542.599575][T21556] veth0_to_bond: left allmulticast mode
[  542.611972][T21553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5175'.
[  542.625795][T21556] veth0_to_bond: left promiscuous mode
[  542.641126][T21556] bridge24: port 1(veth0_to_bond) entered disabled state
[  542.654168][T21556] bridge26: port 1(veth0_to_bond) entered blocking state
[  542.665880][T21556] bridge26: port 1(veth0_to_bond) entered disabled state
[  542.681511][T21556] veth0_to_bond: entered allmulticast mode
[  542.692877][T21556] veth0_to_bond: entered promiscuous mode
[  542.705776][   T13] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  542.720607][   T13] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  542.973122][T21575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.007750][T21574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.078728][T21581] netlink: 'syz.4.5182': attribute type 21 has an invalid length.
[  543.099488][T21581] netlink: 'syz.4.5182': attribute type 1 has an invalid length.
[  543.104677][T21580] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  543.144901][T21580] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  543.660547][T21605] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5192'.
[  543.742265][T21605] bridge13: port 1(veth0_to_bond) entered blocking state
[  543.779172][T21605] bridge13: port 1(veth0_to_bond) entered disabled state
[  543.790488][T21605] veth0_to_bond: entered allmulticast mode
[  543.799861][T21607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5192'.
[  543.801811][T21605] veth0_to_bond: entered promiscuous mode
[  543.844416][T21608] FAULT_INJECTION: forcing a failure.
[  543.844416][T21608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.896456][T21608] CPU: 0 UID: 0 PID: 21608 Comm: syz.3.5193 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  543.896494][T21608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  543.896507][T21608] Call Trace:
[  543.896517][T21608]  <TASK>
[  543.896526][T21608]  dump_stack_lvl+0x189/0x250
[  543.896555][T21608]  ? __pfx____ratelimit+0x10/0x10
[  543.896584][T21608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.896606][T21608]  ? __pfx__printk+0x10/0x10
[  543.896633][T21608]  ? __might_fault+0xb0/0x130
[  543.896676][T21608]  should_fail_ex+0x414/0x560
[  543.896715][T21608]  _copy_to_iter+0x575/0x16f0
[  543.896756][T21608]  ? __pfx__copy_to_iter+0x10/0x10
[  543.896778][T21608]  ? __skb_try_recv_from_queue+0x58f/0x730
[  543.896812][T21608]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  543.896844][T21608]  __skb_datagram_iter+0xf8/0x990
[  543.896870][T21608]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  543.896905][T21608]  skb_copy_datagram_iter+0xc5/0x230
[  543.896935][T21608]  netlink_recvmsg+0x2ab/0xa30
[  543.896979][T21608]  ? __pfx_netlink_recvmsg+0x10/0x10
[  543.897016][T21608]  ? __lock_acquire+0xab9/0xd20
[  543.897042][T21608]  ? aa_sock_msg_perm+0x94/0x160
[  543.897072][T21608]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  543.897097][T21608]  ? __pfx_netlink_recvmsg+0x10/0x10
[  543.897129][T21608]  sock_recvmsg_nosec+0x183/0x1c0
[  543.897162][T21608]  ____sys_recvmsg+0x3aa/0x460
[  543.897197][T21608]  ? __pfx_____sys_recvmsg+0x10/0x10
[  543.897240][T21608]  ? import_iovec+0x74/0xa0
[  543.897272][T21608]  ___sys_recvmsg+0x1b5/0x510
[  543.897302][T21608]  ? __pfx____sys_recvmsg+0x10/0x10
[  543.897373][T21608]  ? __might_fault+0xb0/0x130
[  543.897408][T21608]  do_recvmmsg+0x307/0x770
[  543.897442][T21608]  ? __pfx_do_recvmmsg+0x10/0x10
[  543.897481][T21608]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  543.897535][T21608]  __x64_sys_recvmmsg+0x190/0x240
[  543.897563][T21608]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  543.897583][T21608]  ? rcu_is_watching+0x15/0xb0
[  543.897621][T21608]  ? do_syscall_64+0xbe/0x3b0
[  543.897656][T21608]  do_syscall_64+0xfa/0x3b0
[  543.897683][T21608]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.897710][T21608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.897731][T21608]  ? clear_bhb_loop+0x60/0xb0
[  543.897757][T21608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.897776][T21608] RIP: 0033:0x7f479278eb69
[  543.897797][T21608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.897815][T21608] RSP: 002b:00007f4793550038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  543.897839][T21608] RAX: ffffffffffffffda RBX: 00007f47929b5fa0 RCX: 00007f479278eb69
[  543.897854][T21608] RDX: 0000000000000004 RSI: 00002000000086c0 RDI: 0000000000000003
[  543.897868][T21608] RBP: 00007f4793550090 R08: 0000000000000000 R09: 0000000000000000
[  543.897882][T21608] R10: 0000000000004022 R11: 0000000000000246 R12: 0000000000000002
[  543.897895][T21608] R13: 0000000000000000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  543.897930][T21608]  </TASK>
[  544.589359][T21620] netlink: 576 bytes leftover after parsing attributes in process `syz.1.5196'.
[  544.893970][T21631] syzkaller0: entered promiscuous mode
[  544.920698][T21631] syzkaller0: entered allmulticast mode
[  545.201081][T21640] netlink: 'syz.0.5204': attribute type 10 has an invalid length.
[  545.272838][T21645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5206'.
[  545.297888][T21640] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  545.300677][T21646] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  545.391754][T21641] team0: Port device vlan0 removed
[  545.419687][T21641] bond0: (slave wlan1): Releasing backup interface
[  545.436871][T21653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5206'.
[  545.465398][T21641] bond6: (slave geneve2): Releasing active interface
[  545.538181][T21648] veth0_to_bond: left allmulticast mode
[  545.546642][T21648] veth0_to_bond: left promiscuous mode
[  545.552815][T21648] bridge13: port 1(veth0_to_bond) entered disabled state
[  545.582136][T21648] bridge14: port 1(veth0_to_bond) entered blocking state
[  545.602677][T21648] bridge14: port 1(veth0_to_bond) entered disabled state
[  545.628984][T21648] veth0_to_bond: entered allmulticast mode
[  545.648765][T21648] veth0_to_bond: entered promiscuous mode
[  545.905791][T21664] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  545.931788][T21664] syzkaller0: entered promiscuous mode
[  545.945104][T21664] syzkaller0: entered allmulticast mode
[  545.970174][T21664] syzkaller0: mtu less than device minimum
[  546.002597][T21663] tipc: Resetting bearer <eth:syzkaller0>
[  546.073793][T21663] tipc: Disabling bearer <eth:syzkaller0>
[  546.204190][T21676] syzkaller0: entered promiscuous mode
[  546.210886][T21676] syzkaller0: entered allmulticast mode
[  546.229462][T21678] netlink: 'syz.2.5215': attribute type 10 has an invalid length.
[  546.470157][T21678] team0: Device ipvlan1 failed to register rx_handler
[  546.567187][T21693] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5221'.
[  546.625180][T21693] veth0_to_bond: left allmulticast mode
[  546.635156][T21697] FAULT_INJECTION: forcing a failure.
[  546.635156][T21697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  546.635425][T21693] veth0_to_bond: left promiscuous mode
[  546.652050][T21697] CPU: 1 UID: 0 PID: 21697 Comm: syz.1.5224 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  546.652081][T21697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  546.652094][T21697] Call Trace:
[  546.652102][T21697]  <TASK>
[  546.652111][T21697]  dump_stack_lvl+0x189/0x250
[  546.652138][T21697]  ? __pfx____ratelimit+0x10/0x10
[  546.652165][T21697]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.652185][T21697]  ? __pfx__printk+0x10/0x10
[  546.652210][T21697]  ? __might_fault+0xb0/0x130
[  546.652249][T21697]  should_fail_ex+0x414/0x560
[  546.652298][T21697]  _copy_from_iter+0x1db/0x16f0
[  546.652336][T21697]  ? __pfx__copy_from_iter+0x10/0x10
[  546.652363][T21697]  ? rcu_is_watching+0x15/0xb0
[  546.652393][T21697]  ? trace_kmalloc+0x1f/0xd0
[  546.652418][T21697]  ? kernfs_fop_write_iter+0x158/0x4f0
[  546.652452][T21697]  kernfs_fop_write_iter+0x19f/0x4f0
[  546.652487][T21697]  vfs_write+0x54b/0xa90
[  546.652520][T21697]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  546.652549][T21697]  ? __pfx_vfs_write+0x10/0x10
[  546.652587][T21697]  ? __fget_files+0x2a/0x420
[  546.652617][T21697]  ksys_write+0x145/0x250
[  546.652647][T21697]  ? __pfx_ksys_write+0x10/0x10
[  546.652670][T21697]  ? rcu_is_watching+0x15/0xb0
[  546.652703][T21697]  ? do_syscall_64+0xbe/0x3b0
[  546.652736][T21697]  do_syscall_64+0xfa/0x3b0
[  546.652760][T21697]  ? lockdep_hardirqs_on+0x9c/0x150
[  546.652785][T21697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.652803][T21697]  ? clear_bhb_loop+0x60/0xb0
[  546.652827][T21697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.652845][T21697] RIP: 0033:0x7f5af4f8eb69
[  546.652863][T21697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.652879][T21697] RSP: 002b:00007f5af4df7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  546.652900][T21697] RAX: ffffffffffffffda RBX: 00007f5af51b5fa0 RCX: 00007f5af4f8eb69
[  546.652915][T21697] RDX: 0000000000000012 RSI: 0000200000000080 RDI: 0000000000000004
[  546.652927][T21697] RBP: 00007f5af4df7090 R08: 0000000000000000 R09: 0000000000000000
[  546.652939][T21697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.652950][T21697] R13: 0000000000000000 R14: 00007f5af51b5fa0 R15: 00007ffd5fa79ff8
[  546.652983][T21697]  </TASK>
[  546.677734][T21701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5221'.
[  546.708333][T21693] bridge23: port 1(veth0_to_bond) entered disabled state
[  546.820785][T21709] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  546.940845][T21693] bridge24: port 1(veth0_to_bond) entered blocking state
[  546.951506][T21693] bridge24: port 1(veth0_to_bond) entered disabled state
[  546.965073][T21693] veth0_to_bond: entered allmulticast mode
[  546.980321][T21693] veth0_to_bond: entered promiscuous mode
[  547.227277][T21720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.453607][T21727] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  547.600624][T21733] __nla_validate_parse: 2 callbacks suppressed
[  547.600646][T21733] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5234'.
[  547.634092][T21717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  547.686727][T21733] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5234'.
[  547.714717][T21741] sctp: [Deprecated]: syz.1.5237 (pid 21741) Use of int in max_burst socket option deprecated.
[  547.714717][T21741] Use struct sctp_assoc_value instead
[  548.030759][T21753] vlan4: entered allmulticast mode
[  548.224428][T21767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  548.324785][T21771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5246'.
[  548.381724][T21771] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  548.532602][T21779] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  548.545507][T21779] syzkaller0: entered promiscuous mode
[  548.552538][T21779] syzkaller0: entered allmulticast mode
[  548.573439][T21779] tipc: Resetting bearer <eth:syzkaller0>
[  548.703370][T21777] tipc: Resetting bearer <eth:syzkaller0>
[  548.734212][T21777] tipc: Disabling bearer <eth:syzkaller0>
[  548.990508][T21797] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5257'.
[  549.047078][T21801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5257'.
[  549.108499][T21804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5261'.
[  549.116294][T21807] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5260'.
[  549.181131][T21807] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  549.184039][T21810] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5262'.
[  549.460081][T21821] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  549.490254][T21825] netlink: 'syz.2.5267': attribute type 1 has an invalid length.
[  549.515887][T21825] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5267'.
[  549.773176][T21836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5270'.
[  549.808328][T21838] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  549.822000][T21838] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  549.834656][T21838] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  550.045421][T21843] veth0_to_bond: left allmulticast mode
[  550.053785][T21843] veth0_to_bond: left promiscuous mode
[  550.069968][T21843] bridge26: port 1(veth0_to_bond) entered disabled state
[  550.089662][T21843] bridge27: port 1(veth0_to_bond) entered blocking state
[  550.104095][T21843] bridge27: port 1(veth0_to_bond) entered disabled state
[  550.112764][T21843] veth0_to_bond: entered allmulticast mode
[  550.151094][T21843] veth0_to_bond: entered promiscuous mode
[  550.169354][T21845] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  550.404853][T21868] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  550.609556][T21879] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  550.644553][T21879] syzkaller0: entered promiscuous mode
[  550.660743][T21879] syzkaller0: entered allmulticast mode
[  550.686930][T21879] syzkaller0: mtu greater than device maximum
[  550.702742][T21885] FAULT_INJECTION: forcing a failure.
[  550.702742][T21885] name failslab, interval 1, probability 0, space 0, times 0
[  550.717515][T21875] tipc: Resetting bearer <eth:syzkaller0>
[  550.729680][T21885] CPU: 1 UID: 0 PID: 21885 Comm: syz.4.5288 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  550.729714][T21885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  550.729726][T21885] Call Trace:
[  550.729736][T21885]  <TASK>
[  550.729746][T21885]  dump_stack_lvl+0x189/0x250
[  550.729775][T21885]  ? __pfx____ratelimit+0x10/0x10
[  550.729805][T21885]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.729828][T21885]  ? __pfx__printk+0x10/0x10
[  550.729857][T21885]  ? __pfx___might_resched+0x10/0x10
[  550.729888][T21885]  ? fs_reclaim_acquire+0x7d/0x100
[  550.729917][T21885]  should_fail_ex+0x414/0x560
[  550.729971][T21885]  should_failslab+0xa8/0x100
[  550.729994][T21885]  __kmalloc_noprof+0xcb/0x4f0
[  550.730021][T21885]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  550.730054][T21885]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  550.730089][T21885]  genl_family_rcv_msg_doit+0xb8/0x300
[  550.730122][T21885]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  550.730149][T21885]  ? rcu_is_watching+0x15/0xb0
[  550.730210][T21885]  ? apparmor_capable+0x137/0x1b0
[  550.730234][T21885]  ? bpf_lsm_capable+0x9/0x20
[  550.730268][T21885]  ? security_capable+0x7e/0x2e0
[  550.730305][T21885]  genl_rcv_msg+0x60e/0x790
[  550.730337][T21885]  ? __pfx_genl_rcv_msg+0x10/0x10
[  550.730359][T21885]  ? __pfx_hwsim_register_received_nl+0x10/0x10
[  550.730407][T21885]  netlink_rcv_skb+0x208/0x470
[  550.730433][T21885]  ? __lock_acquire+0xab9/0xd20
[  550.730471][T21885]  ? __pfx_genl_rcv_msg+0x10/0x10
[  550.730495][T21885]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  550.730550][T21885]  ? down_read+0x1ad/0x2e0
[  550.730576][T21885]  genl_rcv+0x28/0x40
[  550.730597][T21885]  netlink_unicast+0x82c/0x9e0
[  550.730636][T21885]  ? __pfx_netlink_unicast+0x10/0x10
[  550.730666][T21885]  ? netlink_sendmsg+0x642/0xb30
[  550.730693][T21885]  ? skb_put+0x11b/0x210
[  550.730719][T21885]  netlink_sendmsg+0x805/0xb30
[  550.730761][T21885]  ? __pfx_netlink_sendmsg+0x10/0x10
[  550.730796][T21885]  ? aa_sock_msg_perm+0x94/0x160
[  550.730825][T21885]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  550.730848][T21885]  ? __pfx_netlink_sendmsg+0x10/0x10
[  550.730879][T21885]  __sock_sendmsg+0x21c/0x270
[  550.730912][T21885]  __sys_sendto+0x3bd/0x520
[  550.730947][T21885]  ? __pfx___sys_sendto+0x10/0x10
[  550.730994][T21885]  ? count_memcg_event_mm+0x21/0x260
[  550.731039][T21885]  ? exc_page_fault+0x76/0xf0
[  550.731081][T21885]  ? do_user_addr_fault+0xc8a/0x1390
[  550.731115][T21885]  __x64_sys_sendto+0xde/0x100
[  550.731150][T21885]  do_syscall_64+0xfa/0x3b0
[  550.731189][T21885]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.731213][T21885]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.731234][T21885]  ? clear_bhb_loop+0x60/0xb0
[  550.731270][T21885]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.731290][T21885] RIP: 0033:0x7fd9f89909fc
[  550.731310][T21885] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  550.731329][T21885] RSP: 002b:00007fd9f97dfee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  550.731352][T21885] RAX: ffffffffffffffda RBX: 00007fd9f97dffa0 RCX: 00007fd9f89909fc
[  550.731368][T21885] RDX: 0000000000000014 RSI: 00007fd9f97dfff0 RDI: 0000000000000007
[  550.731381][T21885] RBP: 0000000000000000 R08: 00007fd9f97dff34 R09: 000000000000000c
[  550.731394][T21885] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[  550.731407][T21885] R13: 0000000000000000 R14: 00007fd9f97dfff0 R15: 0000000000000000
[  550.731444][T21885]  </TASK>
[  551.121344][T21875] tipc: Disabling bearer <eth:syzkaller0>
[  551.139781][T21884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.245911][T21891] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  551.255736][T21889] veth0_to_bond: left allmulticast mode
[  551.265539][T21889] veth0_to_bond: left promiscuous mode
[  551.279432][T21889] bridge14: port 1(veth0_to_bond) entered disabled state
[  551.321551][T21889] bridge15: port 1(veth0_to_bond) entered blocking state
[  551.331200][T21889] bridge15: port 1(veth0_to_bond) entered disabled state
[  551.339788][T21889] veth0_to_bond: entered allmulticast mode
[  551.348839][T21889] veth0_to_bond: entered promiscuous mode
[  551.619613][T21911] openvswitch: netlink: IP tunnel TTL not specified.
[  551.835108][ T5907] IPVS: starting estimator thread 0...
[  551.875330][T21917] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  551.946600][T21918] IPVS: using max 23 ests per chain, 55200 per kthread
[  551.963273][T21904] infiniband syz0: set down
[  551.979422][T21904] infiniband syz0: added bond_slave_1
[  552.244487][T21904] RDS/IB: syz0: added
[  552.275410][T21932] veth0_to_bond: left allmulticast mode
[  552.276615][T21904] smc: adding ib device syz0 with port count 1
[  552.286816][T21932] veth0_to_bond: left promiscuous mode
[  552.294317][T21932] bridge15: port 1(veth0_to_bond) entered disabled state
[  552.315121][T21904] smc:    ib device syz0 port 1 has pnetid 
[  552.352065][T21932] bridge16: port 1(veth0_to_bond) entered blocking state
[  552.372374][T21932] bridge16: port 1(veth0_to_bond) entered disabled state
[  552.406677][T21932] veth0_to_bond: entered allmulticast mode
[  552.433967][T21932] veth0_to_bond: entered promiscuous mode
[  552.880104][T21967] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  553.220878][T21979] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  553.473838][T21989] __nla_validate_parse: 11 callbacks suppressed
[  553.473864][T21989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5320'.
[  553.539660][T21990] veth0_to_bond: left allmulticast mode
[  553.570920][T21990] veth0_to_bond: left promiscuous mode
[  553.593063][T21990] bridge24: port 1(veth0_to_bond) entered disabled state
[  553.629886][T21990] bridge26: port 1(veth0_to_bond) entered blocking state
[  553.638310][T21990] bridge26: port 1(veth0_to_bond) entered disabled state
[  553.647838][T21990] veth0_to_bond: entered allmulticast mode
[  553.665520][T21990] veth0_to_bond: entered promiscuous mode
[  553.812145][T21998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5324'.
[  553.822811][T21998] netlink: 244 bytes leftover after parsing attributes in process `syz.1.5324'.
[  554.064308][T22000] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5325'.
[  554.065894][T22006] netlink: 'syz.2.5327': attribute type 1 has an invalid length.
[  554.086837][T22006] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5327'.
[  554.385632][T22018] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5333'.
[  554.439317][T22017] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  554.457310][T22018] veth0_to_bond: left allmulticast mode
[  554.477170][T22018] veth0_to_bond: left promiscuous mode
[  554.497543][T22018] bridge27: port 1(veth0_to_bond) entered disabled state
[  554.551519][T22018] bridge28: port 1(veth0_to_bond) entered blocking state
[  554.571725][T22018] bridge28: port 1(veth0_to_bond) entered disabled state
[  554.600404][T22018] veth0_to_bond: entered allmulticast mode
[  554.641148][T22018] veth0_to_bond: entered promiscuous mode
[  555.412935][T22060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.508514][T22050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.552175][T22050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.598736][T22050] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  555.802235][T22074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5345'.
[  555.901040][T22077] veth0_to_bond: left allmulticast mode
[  555.928561][T22077] veth0_to_bond: left promiscuous mode
[  555.944754][T22077] bridge19: port 1(veth0_to_bond) entered disabled state
[  555.982440][T22077] bridge21: port 1(veth0_to_bond) entered blocking state
[  555.993211][T22077] bridge21: port 1(veth0_to_bond) entered disabled state
[  556.002002][T22077] veth0_to_bond: entered allmulticast mode
[  556.014749][T22077] veth0_to_bond: entered promiscuous mode
[  556.133839][T22084] syzkaller0: entered promiscuous mode
[  556.147046][T22084] syzkaller0: entered allmulticast mode
[  556.163400][T22086] FAULT_INJECTION: forcing a failure.
[  556.163400][T22086] name failslab, interval 1, probability 0, space 0, times 0
[  556.221560][T22086] CPU: 1 UID: 0 PID: 22086 Comm: syz.2.5350 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  556.221591][T22086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.221603][T22086] Call Trace:
[  556.221612][T22086]  <TASK>
[  556.221620][T22086]  dump_stack_lvl+0x189/0x250
[  556.221647][T22086]  ? __pfx____ratelimit+0x10/0x10
[  556.221676][T22086]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.221697][T22086]  ? __pfx__printk+0x10/0x10
[  556.221725][T22086]  ? __pfx___might_resched+0x10/0x10
[  556.221754][T22086]  ? fs_reclaim_acquire+0x7d/0x100
[  556.221782][T22086]  should_fail_ex+0x414/0x560
[  556.221819][T22086]  should_failslab+0xa8/0x100
[  556.221841][T22086]  __kmalloc_noprof+0xcb/0x4f0
[  556.221869][T22086]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  556.221900][T22086]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  556.221933][T22086]  genl_family_rcv_msg_doit+0xb8/0x300
[  556.221965][T22086]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  556.221991][T22086]  ? rcu_is_watching+0x15/0xb0
[  556.222024][T22086]  ? apparmor_capable+0x137/0x1b0
[  556.222047][T22086]  ? bpf_lsm_capable+0x9/0x20
[  556.222073][T22086]  ? security_capable+0x7e/0x2e0
[  556.222106][T22086]  genl_rcv_msg+0x60e/0x790
[  556.222137][T22086]  ? __pfx_genl_rcv_msg+0x10/0x10
[  556.222158][T22086]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  556.222178][T22086]  ? __pfx_nl80211_register_mgmt+0x10/0x10
[  556.222204][T22086]  ? __pfx_nl80211_post_doit+0x10/0x10
[  556.222251][T22086]  netlink_rcv_skb+0x208/0x470
[  556.222280][T22086]  ? __lock_acquire+0xab9/0xd20
[  556.222308][T22086]  ? __pfx_genl_rcv_msg+0x10/0x10
[  556.222332][T22086]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  556.222384][T22086]  ? down_read+0x1ad/0x2e0
[  556.222409][T22086]  genl_rcv+0x28/0x40
[  556.222430][T22086]  netlink_unicast+0x82c/0x9e0
[  556.222470][T22086]  ? __pfx_netlink_unicast+0x10/0x10
[  556.222498][T22086]  ? netlink_sendmsg+0x642/0xb30
[  556.222525][T22086]  ? skb_put+0x11b/0x210
[  556.222550][T22086]  netlink_sendmsg+0x805/0xb30
[  556.222596][T22086]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.222629][T22086]  ? aa_sock_msg_perm+0x94/0x160
[  556.222657][T22086]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  556.222680][T22086]  ? __pfx_netlink_sendmsg+0x10/0x10
[  556.222710][T22086]  __sock_sendmsg+0x21c/0x270
[  556.222740][T22086]  ____sys_sendmsg+0x505/0x830
[  556.222770][T22086]  ? __pfx_____sys_sendmsg+0x10/0x10
[  556.222802][T22086]  ? import_iovec+0x74/0xa0
[  556.222834][T22086]  ___sys_sendmsg+0x21f/0x2a0
[  556.222858][T22086]  ? __pfx____sys_sendmsg+0x10/0x10
[  556.222928][T22086]  ? __fget_files+0x2a/0x420
[  556.222946][T22086]  ? __fget_files+0x3a0/0x420
[  556.222979][T22086]  __x64_sys_sendmsg+0x19b/0x260
[  556.223004][T22086]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  556.223038][T22086]  ? __pfx_ksys_write+0x10/0x10
[  556.223063][T22086]  ? rcu_is_watching+0x15/0xb0
[  556.223101][T22086]  ? do_syscall_64+0xbe/0x3b0
[  556.223135][T22086]  do_syscall_64+0xfa/0x3b0
[  556.223185][T22086]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.223212][T22086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.223241][T22086]  ? clear_bhb_loop+0x60/0xb0
[  556.223267][T22086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.223287][T22086] RIP: 0033:0x7f612378eb69
[  556.223308][T22086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.223325][T22086] RSP: 002b:00007f61245d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  556.223348][T22086] RAX: ffffffffffffffda RBX: 00007f61239b5fa0 RCX: 00007f612378eb69
[  556.223363][T22086] RDX: 0000000020008040 RSI: 0000200000000440 RDI: 0000000000000003
[  556.223377][T22086] RBP: 00007f61245d5090 R08: 0000000000000000 R09: 0000000000000000
[  556.223389][T22086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.223402][T22086] R13: 0000000000000000 R14: 00007f61239b5fa0 R15: 00007ffdcfc06208
[  556.223437][T22086]  </TASK>
[  556.717364][T22088] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5351'.
[  556.757111][T22088] bridge_slave_1: default FDB implementation only supports local addresses
[  556.929588][T22100] netlink: 'syz.2.5354': attribute type 3 has an invalid length.
[  557.181352][T22108] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5360'.
[  557.242572][T22108] veth0_to_bond: left allmulticast mode
[  557.269655][T22108] veth0_to_bond: left promiscuous mode
[  557.286076][T22108] bridge26: port 1(veth0_to_bond) entered disabled state
[  557.395373][T22108] bridge27: port 1(veth0_to_bond) entered blocking state
[  557.433745][T22108] bridge27: port 1(veth0_to_bond) entered disabled state
[  557.444589][T22108] veth0_to_bond: entered allmulticast mode
[  557.505121][T22108] veth0_to_bond: entered promiscuous mode
[  558.085279][T22147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  558.200259][T22155] netlink: 'syz.2.5374': attribute type 8 has an invalid length.
[  558.291604][T22159] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5374'.
[  558.348233][T22160] veth0_to_bond: left allmulticast mode
[  558.353947][T22160] veth0_to_bond: left promiscuous mode
[  558.385887][T22160] bridge27: port 1(veth0_to_bond) entered disabled state
[  558.402480][T22160] bridge28: port 1(veth0_to_bond) entered blocking state
[  558.411032][T22160] bridge28: port 1(veth0_to_bond) entered disabled state
[  558.419373][T22160] veth0_to_bond: entered allmulticast mode
[  558.428402][T22160] veth0_to_bond: entered promiscuous mode
[  558.745253][T22175] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  558.804707][T22175] __nla_validate_parse: 2 callbacks suppressed
[  558.804729][T22175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5381'.
[  559.190151][T22200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5391'.
[  559.308753][T22210] veth0_to_bond: left allmulticast mode
[  559.335138][T22210] veth0_to_bond: left promiscuous mode
[  559.366798][T22210] bridge21: port 1(veth0_to_bond) entered disabled state
[  559.377919][T22200] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5391'.
[  559.420424][T22210] bridge22: port 1(veth0_to_bond) entered blocking state
[  559.459350][T22210] bridge22: port 1(veth0_to_bond) entered disabled state
[  559.477756][T22210] veth0_to_bond: entered allmulticast mode
[  559.523613][T22210] veth0_to_bond: entered promiscuous mode
[  559.583458][T22209] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  559.607642][T22209] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address
[  559.646334][T22209] bond0: (slave ipvlan4): Error -95 calling set_mac_address
[  559.868990][T22232] netlink: 'syz.4.5399': attribute type 29 has an invalid length.
[  559.912403][T22232] netlink: 'syz.4.5399': attribute type 29 has an invalid length.
[  560.103551][T22242] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5403'.
[  560.287492][T22249] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  560.371228][T22257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5411'.
[  560.402909][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5410'.
[  560.423670][T22259] veth0_to_bond: left allmulticast mode
[  560.460499][T22259] veth0_to_bond: left promiscuous mode
[  560.476756][T22258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5410'.
[  560.494611][T22259] bridge28: port 1(veth0_to_bond) entered disabled state
[  560.520945][T22262] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5411'.
[  560.724713][T22274] netlink: 'syz.0.5415': attribute type 29 has an invalid length.
[  560.757848][T22274] netlink: 'syz.0.5415': attribute type 29 has an invalid length.
[  560.792779][T22279] FAULT_INJECTION: forcing a failure.
[  560.792779][T22279] name failslab, interval 1, probability 0, space 0, times 0
[  560.841390][T22279] CPU: 0 UID: 0 PID: 22279 Comm: syz.4.5417 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  560.841423][T22279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  560.841436][T22279] Call Trace:
[  560.841445][T22279]  <TASK>
[  560.841455][T22279]  dump_stack_lvl+0x189/0x250
[  560.841482][T22279]  ? __pfx____ratelimit+0x10/0x10
[  560.841511][T22279]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.841533][T22279]  ? __pfx__printk+0x10/0x10
[  560.841567][T22279]  ? __pfx___might_resched+0x10/0x10
[  560.841603][T22279]  should_fail_ex+0x414/0x560
[  560.841640][T22279]  should_failslab+0xa8/0x100
[  560.841663][T22279]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  560.841694][T22279]  ? __alloc_skb+0x112/0x2d0
[  560.841731][T22279]  __alloc_skb+0x112/0x2d0
[  560.841767][T22279]  netlink_sendmsg+0x5c6/0xb30
[  560.841810][T22279]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.841845][T22279]  ? aa_sock_msg_perm+0x94/0x160
[  560.841875][T22279]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  560.841899][T22279]  ? __pfx_netlink_sendmsg+0x10/0x10
[  560.841930][T22279]  __sock_sendmsg+0x21c/0x270
[  560.841961][T22279]  __sys_sendto+0x3bd/0x520
[  560.841995][T22279]  ? __pfx___sys_sendto+0x10/0x10
[  560.842040][T22279]  ? count_memcg_event_mm+0x21/0x260
[  560.842084][T22279]  ? exc_page_fault+0x76/0xf0
[  560.842118][T22279]  ? do_user_addr_fault+0xc8a/0x1390
[  560.842153][T22279]  __x64_sys_sendto+0xde/0x100
[  560.842188][T22279]  do_syscall_64+0xfa/0x3b0
[  560.842228][T22279]  ? lockdep_hardirqs_on+0x9c/0x150
[  560.842256][T22279]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.842276][T22279]  ? clear_bhb_loop+0x60/0xb0
[  560.842302][T22279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.842322][T22279] RIP: 0033:0x7fd9f89909fc
[  560.842343][T22279] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  560.842361][T22279] RSP: 002b:00007fd9f97dfee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  560.842386][T22279] RAX: ffffffffffffffda RBX: 00007fd9f97dffa0 RCX: 00007fd9f89909fc
[  560.842401][T22279] RDX: 0000000000000074 RSI: 00007fd9f97dfff0 RDI: 0000000000000007
[  560.842416][T22279] RBP: 0000000000000000 R08: 00007fd9f97dff34 R09: 000000000000000c
[  560.842429][T22279] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[  560.842442][T22279] R13: 0000000000000000 R14: 00007fd9f97dfff0 R15: 0000000000000000
[  560.842475][T22279]  </TASK>
[  560.842790][T22279] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.003467][T22286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.445071][T22309] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5427'.
[  561.561714][T22309] bridge22: port 1(veth0_to_bond) entered blocking state
[  561.578176][T22309] bridge22: port 1(veth0_to_bond) entered disabled state
[  561.601299][T22319] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5427'.
[  561.638329][T22309] veth0_to_bond: entered allmulticast mode
[  561.670564][T22309] veth0_to_bond: entered promiscuous mode
[  561.682996][T22321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  561.933080][T22333] FAULT_INJECTION: forcing a failure.
[  561.933080][T22333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.005004][T22333] CPU: 1 UID: 0 PID: 22333 Comm: syz.0.5433 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  562.005036][T22333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  562.005049][T22333] Call Trace:
[  562.005058][T22333]  <TASK>
[  562.005068][T22333]  dump_stack_lvl+0x189/0x250
[  562.005097][T22333]  ? __pfx____ratelimit+0x10/0x10
[  562.005137][T22333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.005159][T22333]  ? __pfx__printk+0x10/0x10
[  562.005200][T22333]  should_fail_ex+0x414/0x560
[  562.005238][T22333]  _copy_from_user+0x2d/0xb0
[  562.005268][T22333]  get_user_ifreq+0x6c/0x180
[  562.005297][T22333]  sock_ioctl+0x6dd/0x790
[  562.005325][T22333]  ? __pfx_sock_ioctl+0x10/0x10
[  562.005352][T22333]  ? __fget_files+0x3a0/0x420
[  562.005371][T22333]  ? __fget_files+0x2a/0x420
[  562.005396][T22333]  ? bpf_lsm_file_ioctl+0x9/0x20
[  562.005423][T22333]  ? __pfx_sock_ioctl+0x10/0x10
[  562.005447][T22333]  __se_sys_ioctl+0xf9/0x170
[  562.005478][T22333]  do_syscall_64+0xfa/0x3b0
[  562.005506][T22333]  ? lockdep_hardirqs_on+0x9c/0x150
[  562.005533][T22333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.005554][T22333]  ? clear_bhb_loop+0x60/0xb0
[  562.005580][T22333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.005600][T22333] RIP: 0033:0x7f248e78eb69
[  562.005620][T22333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.005638][T22333] RSP: 002b:00007f248f6e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  562.005662][T22333] RAX: ffffffffffffffda RBX: 00007f248e9b5fa0 RCX: 00007f248e78eb69
[  562.005678][T22333] RDX: 00002000000001c0 RSI: 00000000000089f0 RDI: 0000000000000003
[  562.005691][T22333] RBP: 00007f248f6e3090 R08: 0000000000000000 R09: 0000000000000000
[  562.005704][T22333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.005717][T22333] R13: 0000000000000000 R14: 00007f248e9b5fa0 R15: 00007ffc4c5bc548
[  562.005752][T22333]  </TASK>
[  562.430992][T22351] bond0: Device is already in use.
[  562.679175][T22357] bridge30: port 1(veth0_to_bond) entered blocking state
[  562.702538][T22357] bridge30: port 1(veth0_to_bond) entered disabled state
[  562.718134][T22365] FAULT_INJECTION: forcing a failure.
[  562.718134][T22365] name failslab, interval 1, probability 0, space 0, times 0
[  562.739860][T22357] veth0_to_bond: entered allmulticast mode
[  562.768073][T22365] CPU: 1 UID: 0 PID: 22365 Comm: syz.3.5444 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  562.768106][T22365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  562.768119][T22365] Call Trace:
[  562.768136][T22365]  <TASK>
[  562.768146][T22365]  dump_stack_lvl+0x189/0x250
[  562.768174][T22365]  ? __pfx____ratelimit+0x10/0x10
[  562.768204][T22365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.768225][T22365]  ? __pfx__printk+0x10/0x10
[  562.768258][T22365]  ? __pfx___might_resched+0x10/0x10
[  562.768294][T22365]  should_fail_ex+0x414/0x560
[  562.768332][T22365]  should_failslab+0xa8/0x100
[  562.768354][T22365]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  562.768384][T22365]  ? __alloc_skb+0x112/0x2d0
[  562.768421][T22365]  __alloc_skb+0x112/0x2d0
[  562.768456][T22365]  netlink_sendmsg+0x5c6/0xb30
[  562.768497][T22365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  562.768529][T22365]  ? aa_sock_msg_perm+0x94/0x160
[  562.768557][T22365]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  562.768579][T22365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  562.768609][T22365]  __sock_sendmsg+0x21c/0x270
[  562.768639][T22365]  ____sys_sendmsg+0x505/0x830
[  562.768666][T22365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  562.768697][T22365]  ? import_iovec+0x74/0xa0
[  562.768738][T22365]  ___sys_sendmsg+0x21f/0x2a0
[  562.768762][T22365]  ? __pfx____sys_sendmsg+0x10/0x10
[  562.768828][T22365]  ? __fget_files+0x2a/0x420
[  562.768848][T22365]  ? __fget_files+0x3a0/0x420
[  562.768881][T22365]  __x64_sys_sendmsg+0x19b/0x260
[  562.768906][T22365]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  562.768939][T22365]  ? __pfx_ksys_write+0x10/0x10
[  562.768966][T22365]  ? rcu_is_watching+0x15/0xb0
[  562.769009][T22365]  ? do_syscall_64+0xbe/0x3b0
[  562.769044][T22365]  do_syscall_64+0xfa/0x3b0
[  562.769070][T22365]  ? lockdep_hardirqs_on+0x9c/0x150
[  562.769096][T22365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.769115][T22365]  ? clear_bhb_loop+0x60/0xb0
[  562.769149][T22365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.769169][T22365] RIP: 0033:0x7f479278eb69
[  562.769189][T22365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.769208][T22365] RSP: 002b:00007f4793550038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  562.769230][T22365] RAX: ffffffffffffffda RBX: 00007f47929b5fa0 RCX: 00007f479278eb69
[  562.769244][T22365] RDX: 0000000000000000 RSI: 0000200000000880 RDI: 0000000000000003
[  562.769257][T22365] RBP: 00007f4793550090 R08: 0000000000000000 R09: 0000000000000000
[  562.769269][T22365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.769281][T22365] R13: 0000000000000000 R14: 00007f47929b5fa0 R15: 00007ffd58529b28
[  562.769314][T22365]  </TASK>
[  562.769421][T22366] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  562.800742][T22357] veth0_to_bond: entered promiscuous mode
[  563.348970][T22389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.394196][T22383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.973803][T22415] __nla_validate_parse: 6 callbacks suppressed
[  563.973827][T22415] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5461'.
[  564.068973][T22422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5463'.
[  564.142030][T22422] veth0_to_bond: left allmulticast mode
[  564.187024][T22422] veth0_to_bond: left promiscuous mode
[  564.214430][T22422] bridge22: port 1(veth0_to_bond) entered disabled state
[  564.305114][T22422] bridge23: port 1(veth0_to_bond) entered blocking state
[  564.348180][T22426] netlink: 'syz.2.5465': attribute type 1 has an invalid length.
[  564.379725][T22426] netlink: 208 bytes leftover after parsing attributes in process `syz.2.5465'.
[  564.412428][T22422] bridge23: port 1(veth0_to_bond) entered disabled state
[  564.425909][T22426] netlink: 'syz.2.5465': attribute type 1 has an invalid length.
[  564.445522][T22426] netlink: 'syz.2.5465': attribute type 2 has an invalid length.
[  564.455762][T22422] veth0_to_bond: entered allmulticast mode
[  564.491644][T22422] veth0_to_bond: entered promiscuous mode
[  564.518808][T22434] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5463'.
[  564.562312][T22435] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  564.718886][T22446] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5468'.
[  564.749957][T22446] openvswitch: netlink: EtherType 0 is less than min 600
[  564.836512][T22451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  564.985052][T22451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  565.060463][T22451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  565.301393][T22466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5473'.
[  565.354000][T22470] openvswitch: netlink: IP tunnel dst address not specified
[  565.371013][T22471] bridge0: port 1(veth0_to_bridge) entered blocking state
[  565.390952][T22471] bridge0: port 1(veth0_to_bridge) entered disabled state
[  565.414003][T22471] veth0_to_bridge: entered allmulticast mode
[  565.449202][T22471] veth0_to_bridge: entered promiscuous mode
[  565.556829][T22466] ip6gre1: entered allmulticast mode
[  565.586957][T22466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5473'.
[  565.651670][T22481] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5473'.
[  565.729777][ T9010] wlan1: failed to finalize CSA on link 0, disconnecting
[  565.795683][T22493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5480'.
[  565.888250][T22495] veth0_to_bond: left allmulticast mode
[  565.894237][T22495] veth0_to_bond: left promiscuous mode
[  565.914763][T22495] bridge23: port 1(veth0_to_bond) entered disabled state
[  565.945177][T22501] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5480'.
[  565.947449][T22502] FAULT_INJECTION: forcing a failure.
[  565.947449][T22502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  565.990283][T22502] CPU: 0 UID: 0 PID: 22502 Comm: syz.4.5483 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  565.990315][T22502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  565.990327][T22502] Call Trace:
[  565.990337][T22502]  <TASK>
[  565.990347][T22502]  dump_stack_lvl+0x189/0x250
[  565.990374][T22502]  ? __pfx____ratelimit+0x10/0x10
[  565.990404][T22502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  565.990426][T22502]  ? __pfx__printk+0x10/0x10
[  565.990451][T22502]  ? __might_fault+0xb0/0x130
[  565.990494][T22502]  should_fail_ex+0x414/0x560
[  565.990532][T22502]  _copy_from_iter+0x1db/0x16f0
[  565.990564][T22502]  ? rcu_is_watching+0x15/0xb0
[  565.990597][T22502]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  565.990629][T22502]  ? __pfx__copy_from_iter+0x10/0x10
[  565.990656][T22502]  ? __build_skb_around+0x257/0x3e0
[  565.990691][T22502]  ? netlink_sendmsg+0x642/0xb30
[  565.990718][T22502]  ? skb_put+0x11b/0x210
[  565.990743][T22502]  netlink_sendmsg+0x6b2/0xb30
[  565.990784][T22502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  565.990819][T22502]  ? aa_sock_msg_perm+0x94/0x160
[  565.990848][T22502]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  565.990871][T22502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  565.990902][T22502]  __sock_sendmsg+0x21c/0x270
[  565.990933][T22502]  ____sys_sendmsg+0x505/0x830
[  565.990962][T22502]  ? __pfx_____sys_sendmsg+0x10/0x10
[  565.990995][T22502]  ? import_iovec+0x74/0xa0
[  565.991028][T22502]  ___sys_sendmsg+0x21f/0x2a0
[  565.991053][T22502]  ? __pfx____sys_sendmsg+0x10/0x10
[  565.991129][T22502]  ? __fget_files+0x2a/0x420
[  565.991148][T22502]  ? __fget_files+0x3a0/0x420
[  565.991181][T22502]  __x64_sys_sendmsg+0x19b/0x260
[  565.991207][T22502]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  565.991241][T22502]  ? __pfx_ksys_write+0x10/0x10
[  565.991267][T22502]  ? rcu_is_watching+0x15/0xb0
[  565.991303][T22502]  ? do_syscall_64+0xbe/0x3b0
[  565.991337][T22502]  do_syscall_64+0xfa/0x3b0
[  565.991363][T22502]  ? lockdep_hardirqs_on+0x9c/0x150
[  565.991391][T22502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.991411][T22502]  ? clear_bhb_loop+0x60/0xb0
[  565.991438][T22502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  565.991457][T22502] RIP: 0033:0x7fd9f898eb69
[  565.991477][T22502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.991495][T22502] RSP: 002b:00007fd9f97e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  565.991519][T22502] RAX: ffffffffffffffda RBX: 00007fd9f8bb5fa0 RCX: 00007fd9f898eb69
[  565.991535][T22502] RDX: 0000000000000000 RSI: 0000200000000880 RDI: 0000000000000003
[  565.991549][T22502] RBP: 00007fd9f97e1090 R08: 0000000000000000 R09: 0000000000000000
[  565.991562][T22502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  565.991575][T22502] R13: 0000000000000000 R14: 00007fd9f8bb5fa0 R15: 00007ffcfe673998
[  565.991610][T22502]  </TASK>
[  566.342269][T22508] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  566.360241][T22508] tipc: Resetting bearer <eth:syzkaller0>
[  566.460117][T22512] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  566.497955][T22512] syzkaller0: entered promiscuous mode
[  566.521986][T22512] syzkaller0: entered allmulticast mode
[  566.649268][T22507] tipc: Disabling bearer <eth:syzkaller0>
[  566.734193][T22519] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  566.772419][T22529] openvswitch: netlink: EtherType 0 is less than min 600
[  566.784949][T22524] syzkaller0: mtu greater than device maximum
[  566.847348][T22511] tipc: Resetting bearer <eth:syzkaller0>
[  566.961832][T22511] tipc: Disabling bearer <eth:syzkaller0>
[  567.255475][T22550] netlink: 'syz.0.5494': attribute type 7 has an invalid length.
[  567.287954][T22550] netlink: 'syz.0.5494': attribute type 8 has an invalid length.
[  567.327389][T22550] gretap0: entered promiscuous mode
[  567.375659][T22550] gretap0: left promiscuous mode
[  567.393798][T22552] mac80211_hwsim hwsim11 ÿ
: renamed from wlan1
[  567.423917][T22558] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  567.443103][T22560] FAULT_INJECTION: forcing a failure.
[  567.443103][T22560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.449652][T22558] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  567.475705][T22560] CPU: 1 UID: 0 PID: 22560 Comm: syz.3.5498 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  567.475736][T22560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.475749][T22560] Call Trace:
[  567.475758][T22560]  <TASK>
[  567.475767][T22560]  dump_stack_lvl+0x189/0x250
[  567.475794][T22560]  ? __pfx____ratelimit+0x10/0x10
[  567.475823][T22560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.475844][T22560]  ? __pfx__printk+0x10/0x10
[  567.475870][T22560]  ? __might_fault+0xb0/0x130
[  567.475914][T22560]  should_fail_ex+0x414/0x560
[  567.475956][T22560]  _copy_to_iter+0x1db/0x16f0
[  567.475981][T22560]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  567.476009][T22560]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.476038][T22560]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  567.476064][T22560]  ? __pfx__copy_to_iter+0x10/0x10
[  567.476085][T22560]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  567.476114][T22560]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  567.476145][T22560]  __skb_datagram_iter+0xf8/0x990
[  567.476170][T22560]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  567.476203][T22560]  skb_copy_datagram_iter+0xc5/0x230
[  567.476231][T22560]  netlink_recvmsg+0x2ab/0xa30
[  567.476271][T22560]  ? __pfx_netlink_recvmsg+0x10/0x10
[  567.476306][T22560]  ? aa_sock_msg_perm+0x94/0x160
[  567.476333][T22560]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  567.476364][T22560]  ? security_socket_recvmsg+0x7e/0x2e0
[  567.476382][T22560]  ? __pfx_netlink_recvmsg+0x10/0x10
[  567.476412][T22560]  sock_recvmsg+0x22c/0x270
[  567.476444][T22560]  __sys_recvfrom+0x1f6/0x340
[  567.476468][T22560]  ? __pfx___sys_recvfrom+0x10/0x10
[  567.476502][T22560]  ? count_memcg_event_mm+0x21/0x260
[  567.476549][T22560]  ? rcu_is_watching+0x15/0xb0
[  567.476586][T22560]  __x64_sys_recvfrom+0xde/0x100
[  567.476611][T22560]  do_syscall_64+0xfa/0x3b0
[  567.476638][T22560]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.476664][T22560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.476684][T22560]  ? clear_bhb_loop+0x60/0xb0
[  567.476710][T22560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.476729][T22560] RIP: 0033:0x7f4792790934
[  567.476750][T22560] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04
[  567.476769][T22560] RSP: 002b:00007f479354eef0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  567.476792][T22560] RAX: ffffffffffffffda RBX: 00007f479354efa0 RCX: 00007f4792790934
[  567.476808][T22560] RDX: 0000000000001000 RSI: 00007f479354eff0 RDI: 0000000000000007
[  567.476822][T22560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  567.476835][T22560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  567.476848][T22560] R13: 0000000000000000 R14: 00007f479354eff0 R15: 0000000000000000
[  567.476880][T22560]  </TASK>
[  567.498588][T22558] bond0: (slave ipvlan2): Error -95 calling set_mac_address
[  567.540134][T22560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.553731][T22564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.825183][T22541] syzkaller1: entered promiscuous mode
[  567.831478][T22541] syzkaller1: entered allmulticast mode
[  568.052763][T22570] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  568.068749][T22570] tipc: Resetting bearer <eth:syzkaller0>
[  568.087451][T22569] tipc: Disabling bearer <eth:syzkaller0>
[  568.372064][T22590] openvswitch: netlink: EtherType 0 is less than min 600
[  568.630401][T22599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  568.780801][T22599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  568.829944][T22599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  568.868690][T22599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  569.035230][T22619] __nla_validate_parse: 7 callbacks suppressed
[  569.035253][T22619] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5514'.
[  569.103572][T22618] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  569.134440][T22618] tipc: Resetting bearer <eth:syzkaller0>
[  569.148636][T22624] FAULT_INJECTION: forcing a failure.
[  569.148636][T22624] name failslab, interval 1, probability 0, space 0, times 0
[  569.178446][T22624] CPU: 1 UID: 0 PID: 22624 Comm: syz.0.5517 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  569.178478][T22624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  569.178491][T22624] Call Trace:
[  569.178500][T22624]  <TASK>
[  569.178511][T22624]  dump_stack_lvl+0x189/0x250
[  569.178540][T22624]  ? __pfx____ratelimit+0x10/0x10
[  569.178569][T22624]  ? __pfx_dump_stack_lvl+0x10/0x10
[  569.178591][T22624]  ? __pfx__printk+0x10/0x10
[  569.178625][T22624]  ? __pfx___might_resched+0x10/0x10
[  569.178661][T22624]  should_fail_ex+0x414/0x560
[  569.178699][T22624]  should_failslab+0xa8/0x100
[  569.178728][T22624]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  569.178759][T22624]  ? __alloc_skb+0x112/0x2d0
[  569.178786][T22624]  ? __pfx___mutex_trylock_common+0x10/0x10
[  569.178813][T22624]  __alloc_skb+0x112/0x2d0
[  569.178849][T22624]  netlink_dump+0x1b7/0xe90
[  569.178885][T22624]  ? __netlink_lookup+0xbd/0x810
[  569.178909][T22624]  ? __pfx_netlink_dump+0x10/0x10
[  569.178933][T22624]  ? __netlink_lookup+0x752/0x810
[  569.178984][T22624]  ? netlink_lookup+0x30/0x200
[  569.179010][T22624]  ? netlink_lookup+0x30/0x200
[  569.179034][T22624]  ? netlink_lookup+0x30/0x200
[  569.179069][T22624]  __netlink_dump_start+0x5cb/0x7e0
[  569.179107][T22624]  rtnetlink_rcv_msg+0x9eb/0xb70
[  569.179135][T22624]  ? __pfx_rtnl_bridge_getlink+0x10/0x10
[  569.179160][T22624]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  569.179183][T22624]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  569.179204][T22624]  ? ref_tracker_free+0x63a/0x7d0
[  569.179221][T22624]  ? __pfx_rtnl_dumpit+0x10/0x10
[  569.179247][T22624]  ? __pfx_rtnl_bridge_getlink+0x10/0x10
[  569.179312][T22624]  netlink_rcv_skb+0x208/0x470
[  569.179342][T22624]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  569.179388][T22624]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  569.179432][T22624]  ? netlink_deliver_tap+0x2e/0x1b0
[  569.179470][T22624]  netlink_unicast+0x82c/0x9e0
[  569.179509][T22624]  ? __pfx_netlink_unicast+0x10/0x10
[  569.179538][T22624]  ? netlink_sendmsg+0x642/0xb30
[  569.179565][T22624]  ? skb_put+0x11b/0x210
[  569.179589][T22624]  netlink_sendmsg+0x805/0xb30
[  569.179630][T22624]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.179663][T22624]  ? aa_sock_msg_perm+0x94/0x160
[  569.179702][T22624]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  569.179725][T22624]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.179755][T22624]  __sock_sendmsg+0x21c/0x270
[  569.179785][T22624]  ____sys_sendmsg+0x505/0x830
[  569.179814][T22624]  ? __pfx_____sys_sendmsg+0x10/0x10
[  569.179847][T22624]  ? import_iovec+0x74/0xa0
[  569.179880][T22624]  ___sys_sendmsg+0x21f/0x2a0
[  569.179915][T22624]  ? __pfx____sys_sendmsg+0x10/0x10
[  569.179983][T22624]  ? __fget_files+0x2a/0x420
[  569.180002][T22624]  ? __fget_files+0x3a0/0x420
[  569.180036][T22624]  __x64_sys_sendmsg+0x19b/0x260
[  569.180061][T22624]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  569.180095][T22624]  ? __pfx_ksys_write+0x10/0x10
[  569.180119][T22624]  ? rcu_is_watching+0x15/0xb0
[  569.180156][T22624]  ? do_syscall_64+0xbe/0x3b0
[  569.180186][T22624]  do_syscall_64+0xfa/0x3b0
[  569.180212][T22624]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.180238][T22624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.180256][T22624]  ? clear_bhb_loop+0x60/0xb0
[  569.180281][T22624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.180300][T22624] RIP: 0033:0x7f248e78eb69
[  569.180320][T22624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.180338][T22624] RSP: 002b:00007f248f6e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  569.180414][T22624] RAX: ffffffffffffffda RBX: 00007f248e9b5fa0 RCX: 00007f248e78eb69
[  569.180429][T22624] RDX: 0000000000000000 RSI: 0000200000000880 RDI: 0000000000000003
[  569.180442][T22624] RBP: 00007f248f6e3090 R08: 0000000000000000 R09: 0000000000000000
[  569.180454][T22624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  569.180466][T22624] R13: 0000000000000000 R14: 00007f248e9b5fa0 R15: 00007ffc4c5bc548
[  569.180501][T22624]  </TASK>
[  569.742109][T22615] tipc: Disabling bearer <eth:syzkaller0>
[  569.805070][T22627] syzkaller1: entered promiscuous mode
[  569.853402][T22627] syzkaller1: entered allmulticast mode
[  569.908682][T22631] bond0: Device is already in use.
[  569.951181][T22627] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5518'.
[  570.002902][T22642] FAULT_INJECTION: forcing a failure.
[  570.002902][T22642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  570.022055][T22642] CPU: 1 UID: 0 PID: 22642 Comm: syz.3.5522 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  570.022086][T22642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  570.022107][T22642] Call Trace:
[  570.022116][T22642]  <TASK>
[  570.022125][T22642]  dump_stack_lvl+0x189/0x250
[  570.022153][T22642]  ? __pfx____ratelimit+0x10/0x10
[  570.022181][T22642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.022200][T22642]  ? __pfx__printk+0x10/0x10
[  570.022224][T22642]  ? __might_fault+0xb0/0x130
[  570.022264][T22642]  should_fail_ex+0x414/0x560
[  570.022300][T22642]  _copy_from_user+0x2d/0xb0
[  570.022327][T22642]  __sys_sendto+0x25c/0x520
[  570.022360][T22642]  ? __pfx___sys_sendto+0x10/0x10
[  570.022404][T22642]  ? count_memcg_event_mm+0x21/0x260
[  570.022446][T22642]  ? exc_page_fault+0x76/0xf0
[  570.022477][T22642]  ? do_user_addr_fault+0xc8a/0x1390
[  570.022512][T22642]  __x64_sys_sendto+0xde/0x100
[  570.022548][T22642]  do_syscall_64+0xfa/0x3b0
[  570.022576][T22642]  ? lockdep_hardirqs_on+0x9c/0x150
[  570.022604][T22642]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.022624][T22642]  ? clear_bhb_loop+0x60/0xb0
[  570.022651][T22642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.022670][T22642] RIP: 0033:0x7f47927909fc
[  570.022690][T22642] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  570.022709][T22642] RSP: 002b:00007f479354eee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  570.022733][T22642] RAX: ffffffffffffffda RBX: 00007f479354efa0 RCX: 00007f47927909fc
[  570.022749][T22642] RDX: 0000000000000074 RSI: 00007f479354eff0 RDI: 0000000000000007
[  570.022763][T22642] RBP: 0000000000000000 R08: 00007f479354ef34 R09: 000000000000000c
[  570.022776][T22642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000007
[  570.022789][T22642] R13: 0000000000000000 R14: 00007f479354eff0 R15: 0000000000000000
[  570.022824][T22642]  </TASK>
[  570.023182][T22642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  570.080769][T22636] sch_tbf: peakrate 8 is lower than or equals to rate 5628977692805006585 !
[  570.284142][T22647] netlink: 'syz.4.5524': attribute type 1 has an invalid length.
[  570.302706][T22647] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5524'.
[  570.304885][T22640] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  570.343429][T22650] C: entered promiscuous mode
[  570.349839][T22650] tunl0: entered promiscuous mode
[  570.376558][T22650] gre0: entered promiscuous mode
[  570.389560][T22650] 1ªî{X¹¦: entered promiscuous mode
[  570.399817][T22650] 1ªî{X¹¦: left allmulticast mode
[  570.445380][T22650] erspan0: entered promiscuous mode
[  570.465635][T22650] ip_vti0: entered promiscuous mode
[  570.498882][T22650] ip6_vti0: entered promiscuous mode
[  570.504707][T22650] ip6_vti0: left allmulticast mode
[  570.518286][T22650] sit0: entered promiscuous mode
[  570.526762][T22650] ip6tnl0: entered promiscuous mode
[  570.531679][T22656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5527'.
[  570.535500][T22650] ip6gre0: entered promiscuous mode
[  570.561643][T22650] ip6gretap0: entered promiscuous mode
[  570.575809][T22650] bridge0: entered promiscuous mode
[  570.584106][T22650] bond0: entered promiscuous mode
[  570.595036][T22650] dummy0: entered promiscuous mode
[  570.601712][T22650] nlmon0: entered promiscuous mode
[  570.611899][T22650] caif0: entered promiscuous mode
[  570.618832][T22650] vxcan0: entered promiscuous mode
[  570.624532][T22650] vxcan1: entered promiscuous mode
[  570.633941][T22650] veth0: entered promiscuous mode
[  570.640514][T22650] veth1: entered promiscuous mode
[  570.651023][T22650] wg0: entered promiscuous mode
[  570.664435][T22650] wg1: entered promiscuous mode
[  570.673823][T22650] wg2: entered promiscuous mode
[  570.680359][T22650] veth0_to_bridge: entered promiscuous mode
[  570.692643][T22650] bridge_slave_0: entered promiscuous mode
[  570.702120][T22650] veth1_to_bridge: entered promiscuous mode
[  570.721427][T22650] bridge_slave_1: entered promiscuous mode
[  570.731816][T22650] bond_slave_0: entered promiscuous mode
[  570.739568][T22650] veth1_to_bond: entered promiscuous mode
[  570.749800][T22650] bond_slave_1: entered promiscuous mode
[  570.756911][T22650] veth0_to_team: entered promiscuous mode
[  570.763537][T22650] team_slave_0: entered promiscuous mode
[  570.784665][T22650] veth1_to_team: entered promiscuous mode
[  570.791622][T22650] team_slave_1: entered promiscuous mode
[  570.798835][T22650] veth0_to_batadv: entered promiscuous mode
[  570.805208][T22650] batadv_slave_0: entered promiscuous mode
[  570.814111][T22650] veth1_to_batadv: entered promiscuous mode
[  570.822166][T22650] batadv_slave_1: entered promiscuous mode
[  570.832007][T22650] xfrm0: entered promiscuous mode
[  570.838666][T22650] veth0_to_hsr: entered promiscuous mode
[  570.845597][T22650] hsr0: left allmulticast mode
[  570.853822][T22650] hsr_slave_0: left allmulticast mode
[  570.870868][T22650] veth1_virt_wifi: entered promiscuous mode
[  570.877888][T22650] veth0_virt_wifi: entered promiscuous mode
[  570.884558][T22650] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  570.893459][T22650] vlan0: entered promiscuous mode
[  570.910583][T22650] vlan1: entered promiscuous mode
[  570.923254][T22650] macvlan0: entered promiscuous mode
[  570.930314][T22650] macvlan1: entered promiscuous mode
[  570.938105][T22650] ipvlan0: entered promiscuous mode
[  570.945227][T22650] ipvlan1: entered promiscuous mode
[  570.957247][T22650] macsec0: entered promiscuous mode
[  570.963596][T22650] geneve0: entered promiscuous mode
[  570.970116][T22650] geneve1: entered promiscuous mode
[  570.975510][T22650] netdevsim netdevsim1 ÿÿÿÿÿÿ: entered promiscuous mode
[  570.983872][T22650] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[  570.991844][T22650] netdevsim netdevsim1 netdevsim2: entered promiscuous mode
[  571.000137][T22650] netdevsim netdevsim1 netdevsim3: entered promiscuous mode
[  571.009555][T22650] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  571.020046][T22650] @: entered promiscuous mode
[  571.034758][T22650] bond1: entered promiscuous mode
[  571.041191][T22650] bridge1: entered promiscuous mode
[  571.047929][T22650] dvmrp8: entered promiscuous mode
[  571.053871][T22650] veth2: entered promiscuous mode
[  571.060511][T22650] veth3: entered promiscuous mode
[  571.067582][T22650] gre1: entered promiscuous mode
[  571.072941][T22650] gre2: entered promiscuous mode
[  571.078943][T22650] veth4: entered promiscuous mode
[  571.084650][T22650] veth5: entered promiscuous mode
[  571.090633][T22650] gre3: entered promiscuous mode
[  571.096961][T22650] bond2: entered promiscuous mode
[  571.102498][T22650] geneve2: entered promiscuous mode
[  571.108799][T22650] sit1: entered promiscuous mode
[  571.114055][T22650] bridge2: entered promiscuous mode
[  571.120297][T22650] bridge3: entered promiscuous mode
[  571.135089][T22650] veth6: entered promiscuous mode
[  571.142400][T22650] veth7: entered promiscuous mode
[  571.150353][T22650] ip6erspan0: entered promiscuous mode
[  571.198554][T22650] vxlan0: entered promiscuous mode
[  571.225281][T22650] bridge4: entered promiscuous mode
[  571.255732][T22650] bridge5: entered promiscuous mode
[  571.274757][T22650] bond3: entered promiscuous mode
[  571.301182][T22650] gretap0: entered promiscuous mode
[  571.308646][T22650] gre4: entered promiscuous mode
[  571.314439][T22650] ip6gretap1: entered promiscuous mode
[  571.328742][T22650] bridge6: entered promiscuous mode
[  571.357531][T22650] vlan2: entered promiscuous mode
[  571.363130][T22650] vlan2: left allmulticast mode
[  571.387388][T22650] batadv1: entered promiscuous mode
[  571.395744][T22650] gretap1: left allmulticast mode
[  571.408391][T22650] macvlan2: entered promiscuous mode
[  571.430617][T22650] ipvlan2: entered promiscuous mode
[  571.440258][T22650] bridge7: entered promiscuous mode
[  571.458525][T22650] bridge8: entered promiscuous mode
[  571.478327][T22650] bond4: entered promiscuous mode
[  571.491393][T22650] bridge9: entered promiscuous mode
[  571.520973][T22650] bridge10: entered promiscuous mode
[  571.535474][T22650] ip6tnl1: entered promiscuous mode
[  571.543249][T22650] macsec1: entered promiscuous mode
[  571.552166][T22650] bridge11: entered promiscuous mode
[  571.561168][T22650] bridge12: entered promiscuous mode
[  571.582694][T22650] bridge13: entered promiscuous mode
[  571.599736][T22650] xfrm1: entered promiscuous mode
[  571.607267][T22650] bridge14: entered promiscuous mode
[  571.620694][T22650] bridge15: entered promiscuous mode
[  571.630243][T22650] bridge16: entered promiscuous mode
[  571.641811][T22650] ip6gre1: entered promiscuous mode
[  571.648561][T22650] ip6gre1: left allmulticast mode
[  571.742025][T22674] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  571.752250][ T1098] netdevsim netdevsim1 ÿÿÿÿÿÿ: unset [0, 0] type 1 family 0 port 8472 - 0
[  571.783103][ T1098] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  571.795664][T22675] syzkaller0: entered promiscuous mode
[  571.836183][T22675] syzkaller0: entered allmulticast mode
[  571.853692][T22683] syzkaller0: mtu greater than device maximum
[  571.889849][T22671] tipc: Resetting bearer <eth:syzkaller0>
[  571.983846][T22671] tipc: Disabling bearer <eth:syzkaller0>
[  571.985605][T22699] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5534'.
[  572.010912][ T1098] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  572.061079][ T1098] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  572.106887][T22705] netlink: 'syz.0.5536': attribute type 29 has an invalid length.
[  572.119099][T22705] netlink: 'syz.0.5536': attribute type 29 has an invalid length.
[  572.290727][T22709] dvmrp8: entered allmulticast mode
[  572.405685][T22709] veth15: entered allmulticast mode
[  572.408975][T22718] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  572.569420][T22732] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5547'.
[  573.098790][T22764] netlink: 'syz.4.5557': attribute type 1 has an invalid length.
[  573.116943][T22764] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5557'.
[  573.328705][T22774] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5561'.
[  573.774729][T22795] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  573.814499][T22794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.100729][T22814] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5574'.
[  574.212711][T22818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5576'.
[  574.255207][T22822] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  574.265026][T22822] syzkaller0: entered promiscuous mode
[  574.271360][T22822] syzkaller0: entered allmulticast mode
[  574.297504][T22822] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  574.365915][T22827] syzkaller0: mtu less than device minimum
[  574.382988][T22821] tipc: Resetting bearer <eth:syzkaller0>
[  574.467625][T22821] tipc: Disabling bearer <eth:syzkaller0>
[  574.629463][T22840] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5582'.
[  574.657284][T22837] netlink: 'syz.4.5583': attribute type 29 has an invalid length.
[  574.668639][T22837] netlink: 'syz.4.5583': attribute type 29 has an invalid length.
[  574.921377][T22852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5588'.
[  575.245795][T22866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5595'.
[  575.281914][T22866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5595'.
[  575.399750][T22874] netlink: 'syz.4.5598': attribute type 29 has an invalid length.
[  575.422184][T22874] netlink: 'syz.4.5598': attribute type 29 has an invalid length.
[  575.712247][T22893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5603'.
[  575.879971][T22901] FAULT_INJECTION: forcing a failure.
[  575.879971][T22901] name failslab, interval 1, probability 0, space 0, times 0
[  575.922006][T22905] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  575.930245][T22901] CPU: 1 UID: 0 PID: 22901 Comm: syz.1.5607 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  575.930274][T22901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  575.930286][T22901] Call Trace:
[  575.930294][T22901]  <TASK>
[  575.930302][T22901]  dump_stack_lvl+0x189/0x250
[  575.930406][T22901]  ? __pfx____ratelimit+0x10/0x10
[  575.930434][T22901]  ? __pfx_dump_stack_lvl+0x10/0x10
[  575.930454][T22901]  ? __pfx__printk+0x10/0x10
[  575.930480][T22901]  ? __pfx___might_resched+0x10/0x10
[  575.930508][T22901]  ? fs_reclaim_acquire+0x7d/0x100
[  575.930534][T22901]  should_fail_ex+0x414/0x560
[  575.930569][T22901]  should_failslab+0xa8/0x100
[  575.930590][T22901]  __kmalloc_noprof+0xcb/0x4f0
[  575.930615][T22901]  ? ethnl_default_start+0x16f/0x3f0
[  575.930641][T22901]  ethnl_default_start+0x16f/0x3f0
[  575.930668][T22901]  genl_start+0x4c0/0x6c0
[  575.930700][T22901]  __netlink_dump_start+0x466/0x7e0
[  575.930737][T22901]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  575.930764][T22901]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  575.930784][T22901]  ? genl_get_cmd+0x67f/0x910
[  575.930812][T22901]  ? __pfx_genl_start+0x10/0x10
[  575.930830][T22901]  ? __pfx_genl_dumpit+0x10/0x10
[  575.930848][T22901]  ? __pfx_genl_done+0x10/0x10
[  575.930878][T22901]  ? stack_trace_save+0x9c/0xe0
[  575.930907][T22901]  genl_rcv_msg+0x5da/0x790
[  575.930939][T22901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  575.930960][T22901]  ? __pfx_ethnl_default_start+0x10/0x10
[  575.930978][T22901]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  575.930995][T22901]  ? __pfx_ethnl_default_done+0x10/0x10
[  575.931032][T22901]  netlink_rcv_skb+0x208/0x470
[  575.931058][T22901]  ? __lock_acquire+0xab9/0xd20
[  575.931085][T22901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  575.931109][T22901]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  575.931162][T22901]  ? down_read+0x1ad/0x2e0
[  575.931185][T22901]  genl_rcv+0x28/0x40
[  575.931204][T22901]  netlink_unicast+0x82c/0x9e0
[  575.931256][T22901]  ? __pfx_netlink_unicast+0x10/0x10
[  575.931290][T22901]  ? netlink_sendmsg+0x642/0xb30
[  575.931328][T22901]  ? skb_put+0x11b/0x210
[  575.931352][T22901]  netlink_sendmsg+0x805/0xb30
[  575.931393][T22901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  575.931426][T22901]  ? aa_sock_msg_perm+0x94/0x160
[  575.931455][T22901]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  575.931477][T22901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  575.931507][T22901]  __sock_sendmsg+0x21c/0x270
[  575.931537][T22901]  ____sys_sendmsg+0x505/0x830
[  575.931566][T22901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  575.931598][T22901]  ? import_iovec+0x74/0xa0
[  575.931630][T22901]  ___sys_sendmsg+0x21f/0x2a0
[  575.931654][T22901]  ? __pfx____sys_sendmsg+0x10/0x10
[  575.931722][T22901]  ? __fget_files+0x2a/0x420
[  575.931740][T22901]  ? __fget_files+0x3a0/0x420
[  575.931773][T22901]  __x64_sys_sendmsg+0x19b/0x260
[  575.931798][T22901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  575.931830][T22901]  ? __pfx_ksys_write+0x10/0x10
[  575.931853][T22901]  ? rcu_is_watching+0x15/0xb0
[  575.931888][T22901]  ? do_syscall_64+0xbe/0x3b0
[  575.931919][T22901]  do_syscall_64+0xfa/0x3b0
[  575.931944][T22901]  ? lockdep_hardirqs_on+0x9c/0x150
[  575.931969][T22901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  575.931987][T22901]  ? clear_bhb_loop+0x60/0xb0
[  575.932012][T22901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  575.932030][T22901] RIP: 0033:0x7f5af4f8eb69
[  575.932049][T22901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.932064][T22901] RSP: 002b:00007f5af4df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  575.932086][T22901] RAX: ffffffffffffffda RBX: 00007f5af51b5fa0 RCX: 00007f5af4f8eb69
[  575.932116][T22901] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  575.932129][T22901] RBP: 00007f5af4df7090 R08: 0000000000000000 R09: 0000000000000000
[  575.932141][T22901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  575.932152][T22901] R13: 0000000000000000 R14: 00007f5af51b5fa0 R15: 00007ffd5fa79ff8
[  575.932185][T22901]  </TASK>
[  576.575491][T22926] netlink: 'syz.1.5613': attribute type 29 has an invalid length.
[  576.604086][T22926] netlink: 'syz.1.5613': attribute type 29 has an invalid length.
[  576.650254][T22931] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5614'.
[  576.677478][T22931] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5614'.
[  576.882278][T22943] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5618'.
[  577.141135][T22955] netlink: 'syz.0.5622': attribute type 1 has an invalid length.
[  577.148474][T22959] FAULT_INJECTION: forcing a failure.
[  577.148474][T22959] name failslab, interval 1, probability 0, space 0, times 0
[  577.216880][T22959] CPU: 0 UID: 0 PID: 22959 Comm: syz.1.5624 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  577.216911][T22959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  577.216924][T22959] Call Trace:
[  577.216934][T22959]  <TASK>
[  577.216944][T22959]  dump_stack_lvl+0x189/0x250
[  577.216973][T22959]  ? __pfx____ratelimit+0x10/0x10
[  577.217002][T22959]  ? __pfx_dump_stack_lvl+0x10/0x10
[  577.217025][T22959]  ? __pfx__printk+0x10/0x10
[  577.217059][T22959]  ? __pfx___might_resched+0x10/0x10
[  577.217096][T22959]  should_fail_ex+0x414/0x560
[  577.217136][T22959]  should_failslab+0xa8/0x100
[  577.217166][T22959]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  577.217197][T22959]  ? __alloc_skb+0x112/0x2d0
[  577.217234][T22959]  __alloc_skb+0x112/0x2d0
[  577.217270][T22959]  netlink_dump+0x1b7/0xe90
[  577.217308][T22959]  ? ethnl_default_start+0x16f/0x3f0
[  577.217349][T22959]  ? __pfx_netlink_dump+0x10/0x10
[  577.217379][T22959]  ? ethnl_default_parse+0x195/0x290
[  577.217419][T22959]  ? genl_start+0x581/0x6c0
[  577.217453][T22959]  __netlink_dump_start+0x5cb/0x7e0
[  577.217494][T22959]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  577.217524][T22959]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  577.217546][T22959]  ? genl_get_cmd+0x67f/0x910
[  577.217576][T22959]  ? __pfx_genl_start+0x10/0x10
[  577.217596][T22959]  ? __pfx_genl_dumpit+0x10/0x10
[  577.217616][T22959]  ? __pfx_genl_done+0x10/0x10
[  577.217647][T22959]  ? stack_trace_save+0x9c/0xe0
[  577.217678][T22959]  genl_rcv_msg+0x5da/0x790
[  577.217712][T22959]  ? __pfx_genl_rcv_msg+0x10/0x10
[  577.217733][T22959]  ? __pfx_ethnl_default_start+0x10/0x10
[  577.217752][T22959]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  577.217769][T22959]  ? __pfx_ethnl_default_done+0x10/0x10
[  577.217809][T22959]  netlink_rcv_skb+0x208/0x470
[  577.217836][T22959]  ? __lock_acquire+0xab9/0xd20
[  577.217865][T22959]  ? __pfx_genl_rcv_msg+0x10/0x10
[  577.217891][T22959]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  577.217947][T22959]  ? down_read+0x1ad/0x2e0
[  577.217971][T22959]  genl_rcv+0x28/0x40
[  577.217992][T22959]  netlink_unicast+0x82c/0x9e0
[  577.218032][T22959]  ? __pfx_netlink_unicast+0x10/0x10
[  577.218062][T22959]  ? netlink_sendmsg+0x642/0xb30
[  577.218088][T22959]  ? skb_put+0x11b/0x210
[  577.218113][T22959]  netlink_sendmsg+0x805/0xb30
[  577.218156][T22959]  ? __pfx_netlink_sendmsg+0x10/0x10
[  577.218191][T22959]  ? aa_sock_msg_perm+0x94/0x160
[  577.218221][T22959]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  577.218245][T22959]  ? __pfx_netlink_sendmsg+0x10/0x10
[  577.218277][T22959]  __sock_sendmsg+0x21c/0x270
[  577.218310][T22959]  ____sys_sendmsg+0x505/0x830
[  577.218350][T22959]  ? __pfx_____sys_sendmsg+0x10/0x10
[  577.218385][T22959]  ? import_iovec+0x74/0xa0
[  577.218418][T22959]  ___sys_sendmsg+0x21f/0x2a0
[  577.218445][T22959]  ? __pfx____sys_sendmsg+0x10/0x10
[  577.218517][T22959]  ? __fget_files+0x2a/0x420
[  577.218537][T22959]  ? __fget_files+0x3a0/0x420
[  577.218572][T22959]  __x64_sys_sendmsg+0x19b/0x260
[  577.218598][T22959]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  577.218633][T22959]  ? __pfx_ksys_write+0x10/0x10
[  577.218659][T22959]  ? rcu_is_watching+0x15/0xb0
[  577.218698][T22959]  ? do_syscall_64+0xbe/0x3b0
[  577.218733][T22959]  do_syscall_64+0xfa/0x3b0
[  577.218760][T22959]  ? lockdep_hardirqs_on+0x9c/0x150
[  577.218789][T22959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.218809][T22959]  ? clear_bhb_loop+0x60/0xb0
[  577.218836][T22959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.218856][T22959] RIP: 0033:0x7f5af4f8eb69
[  577.218876][T22959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.218896][T22959] RSP: 002b:00007f5af4df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  577.218921][T22959] RAX: ffffffffffffffda RBX: 00007f5af51b5fa0 RCX: 00007f5af4f8eb69
[  577.218937][T22959] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  577.218951][T22959] RBP: 00007f5af4df7090 R08: 0000000000000000 R09: 0000000000000000
[  577.218965][T22959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.218978][T22959] R13: 0000000000000000 R14: 00007f5af51b5fa0 R15: 00007ffd5fa79ff8
[  577.219014][T22959]  </TASK>
[  577.701707][T22963] sctp: [Deprecated]: syz.3.5625 (pid 22963) Use of struct sctp_assoc_value in delayed_ack socket option.
[  577.701707][T22963] Use struct sctp_sack_info instead
[  578.164414][T22992] FAULT_INJECTION: forcing a failure.
[  578.164414][T22992] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.182893][T22992] CPU: 1 UID: 0 PID: 22992 Comm: syz.0.5632 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  578.182924][T22992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  578.182938][T22992] Call Trace:
[  578.182947][T22992]  <TASK>
[  578.182956][T22992]  dump_stack_lvl+0x189/0x250
[  578.182997][T22992]  ? __pfx____ratelimit+0x10/0x10
[  578.183026][T22992]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.183048][T22992]  ? __pfx__printk+0x10/0x10
[  578.183074][T22992]  ? __might_fault+0xb0/0x130
[  578.183118][T22992]  should_fail_ex+0x414/0x560
[  578.183156][T22992]  _copy_from_user+0x2d/0xb0
[  578.183185][T22992]  ___sys_recvmsg+0x12e/0x510
[  578.183213][T22992]  ? __pfx____sys_recvmsg+0x10/0x10
[  578.183274][T22992]  ? __fget_files+0x3a0/0x420
[  578.183308][T22992]  do_recvmmsg+0x307/0x770
[  578.183340][T22992]  ? __pfx_do_recvmmsg+0x10/0x10
[  578.183375][T22992]  ? _copy_from_user+0x94/0xb0
[  578.183417][T22992]  __x64_sys_recvmmsg+0x1af/0x240
[  578.183442][T22992]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  578.183484][T22992]  ? do_syscall_64+0xbe/0x3b0
[  578.183517][T22992]  do_syscall_64+0xfa/0x3b0
[  578.183559][T22992]  ? lockdep_hardirqs_on+0x9c/0x150
[  578.183586][T22992]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.183606][T22992]  ? clear_bhb_loop+0x60/0xb0
[  578.183632][T22992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.183658][T22992] RIP: 0033:0x7f248e78eb69
[  578.183677][T22992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.183694][T22992] RSP: 002b:00007f248f6c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  578.183718][T22992] RAX: ffffffffffffffda RBX: 00007f248e9b6080 RCX: 00007f248e78eb69
[  578.183733][T22992] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  578.183747][T22992] RBP: 00007f248f6c2090 R08: 0000200000003700 R09: 0000000000000000
[  578.183761][T22992] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  578.183775][T22992] R13: 0000000000000001 R14: 00007f248e9b6080 R15: 00007ffc4c5bc548
[  578.183815][T22992]  </TASK>
[  578.819430][T23007] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  578.902156][T23007] bond0: (slave ipvlan3): The slave device specified does not support setting the MAC address
[  578.986985][T23007] bond0: (slave ipvlan3): Error -95 calling set_mac_address
[  579.389251][T23033] hsr0: entered promiscuous mode
[  579.401374][T23033] hsr0: entered allmulticast mode
[  579.436947][T23033] hsr_slave_0: entered allmulticast mode
[  579.444667][T23042] FAULT_INJECTION: forcing a failure.
[  579.444667][T23042] name failslab, interval 1, probability 0, space 0, times 0
[  579.526772][T23042] CPU: 0 UID: 0 PID: 23042 Comm: syz.1.5649 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  579.526805][T23042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  579.526818][T23042] Call Trace:
[  579.526828][T23042]  <TASK>
[  579.526838][T23042]  dump_stack_lvl+0x189/0x250
[  579.526865][T23042]  ? __pfx____ratelimit+0x10/0x10
[  579.526893][T23042]  ? __pfx_dump_stack_lvl+0x10/0x10
[  579.526916][T23042]  ? __pfx__printk+0x10/0x10
[  579.526950][T23042]  ? __pfx___might_resched+0x10/0x10
[  579.526979][T23042]  ? fs_reclaim_acquire+0x7d/0x100
[  579.527003][T23042]  should_fail_ex+0x414/0x560
[  579.527035][T23042]  should_failslab+0xa8/0x100
[  579.527054][T23042]  __kmalloc_cache_noprof+0x70/0x3d0
[  579.527079][T23042]  ? genl_start+0x1c9/0x6c0
[  579.527107][T23042]  genl_start+0x1c9/0x6c0
[  579.527127][T23042]  ? netlink_lookup+0x30/0x200
[  579.527162][T23042]  __netlink_dump_start+0x466/0x7e0
[  579.527201][T23042]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  579.527230][T23042]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  579.527264][T23042]  ? genl_get_cmd+0x7d9/0x910
[  579.527293][T23042]  ? __pfx_genl_start+0x10/0x10
[  579.527314][T23042]  ? __pfx_genl_dumpit+0x10/0x10
[  579.527334][T23042]  ? __pfx_genl_done+0x10/0x10
[  579.527365][T23042]  ? stack_trace_save+0x9c/0xe0
[  579.527403][T23042]  genl_rcv_msg+0x5da/0x790
[  579.527438][T23042]  ? __pfx_genl_rcv_msg+0x10/0x10
[  579.527461][T23042]  ? __pfx_tcp_metrics_nl_dump+0x10/0x10
[  579.527508][T23042]  netlink_rcv_skb+0x208/0x470
[  579.527534][T23042]  ? __lock_acquire+0xab9/0xd20
[  579.527562][T23042]  ? __pfx_genl_rcv_msg+0x10/0x10
[  579.527587][T23042]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  579.527638][T23042]  ? down_read+0x1ad/0x2e0
[  579.527663][T23042]  genl_rcv+0x28/0x40
[  579.527684][T23042]  netlink_unicast+0x82c/0x9e0
[  579.527722][T23042]  ? __pfx_netlink_unicast+0x10/0x10
[  579.527750][T23042]  ? netlink_sendmsg+0x642/0xb30
[  579.527778][T23042]  ? skb_put+0x11b/0x210
[  579.527804][T23042]  netlink_sendmsg+0x805/0xb30
[  579.527846][T23042]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.527878][T23042]  ? aa_sock_msg_perm+0x94/0x160
[  579.527906][T23042]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  579.527928][T23042]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.527960][T23042]  __sock_sendmsg+0x21c/0x270
[  579.527991][T23042]  ____sys_sendmsg+0x505/0x830
[  579.528020][T23042]  ? __pfx_____sys_sendmsg+0x10/0x10
[  579.528053][T23042]  ? import_iovec+0x74/0xa0
[  579.528089][T23042]  ___sys_sendmsg+0x21f/0x2a0
[  579.528115][T23042]  ? __pfx____sys_sendmsg+0x10/0x10
[  579.528189][T23042]  ? __fget_files+0x2a/0x420
[  579.528209][T23042]  ? __fget_files+0x3a0/0x420
[  579.528303][T23042]  __x64_sys_sendmsg+0x19b/0x260
[  579.528332][T23042]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  579.528368][T23042]  ? __pfx_ksys_write+0x10/0x10
[  579.528394][T23042]  ? rcu_is_watching+0x15/0xb0
[  579.528432][T23042]  ? do_syscall_64+0xbe/0x3b0
[  579.528468][T23042]  do_syscall_64+0xfa/0x3b0
[  579.528496][T23042]  ? lockdep_hardirqs_on+0x9c/0x150
[  579.528523][T23042]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.528544][T23042]  ? clear_bhb_loop+0x60/0xb0
[  579.528572][T23042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.528593][T23042] RIP: 0033:0x7f5af4f8eb69
[  579.528614][T23042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.528632][T23042] RSP: 002b:00007f5af4df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  579.528656][T23042] RAX: ffffffffffffffda RBX: 00007f5af51b5fa0 RCX: 00007f5af4f8eb69
[  579.528672][T23042] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003
[  579.528686][T23042] RBP: 00007f5af4df7090 R08: 0000000000000000 R09: 0000000000000000
[  579.528700][T23042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.528714][T23042] R13: 0000000000000000 R14: 00007f5af51b5fa0 R15: 00007ffd5fa79ff8
[  579.528752][T23042]  </TASK>
[  579.547205][T23046] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  580.115559][T23061] __nla_validate_parse: 3 callbacks suppressed
[  580.115583][T23061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5656'.
[  580.134418][T23059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5654'.
[  580.272007][T23066] netlink: 'syz.2.5657': attribute type 29 has an invalid length.
[  580.298611][T23066] netlink: 'syz.2.5657': attribute type 29 has an invalid length.
[  580.344804][T23068] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  580.384674][T23068] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address
[  580.402048][T23068] bond0: (slave ipvlan4): Error -95 calling set_mac_address
[  580.549799][T23079] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.5657'.
[  580.694696][T23086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  580.750201][T23086] hsr0: entered allmulticast mode
[  580.755571][T23086] hsr_slave_0: entered allmulticast mode
[  580.784041][T23091] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  582.249450][T23161] FAULT_INJECTION: forcing a failure.
[  582.249450][T23161] name failslab, interval 1, probability 0, space 0, times 0
[  582.303160][T23161] CPU: 0 UID: 0 PID: 23161 Comm: syz.4.5686 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  582.303190][T23161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  582.303203][T23161] Call Trace:
[  582.303212][T23161]  <TASK>
[  582.303232][T23161]  dump_stack_lvl+0x189/0x250
[  582.303261][T23161]  ? __pfx____ratelimit+0x10/0x10
[  582.303290][T23161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  582.303312][T23161]  ? __pfx__printk+0x10/0x10
[  582.303345][T23161]  ? __pfx___might_resched+0x10/0x10
[  582.303381][T23161]  should_fail_ex+0x414/0x560
[  582.303420][T23161]  should_failslab+0xa8/0x100
[  582.303443][T23161]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  582.303474][T23161]  ? __alloc_skb+0x112/0x2d0
[  582.303510][T23161]  __alloc_skb+0x112/0x2d0
[  582.303546][T23161]  netlink_sendmsg+0x5c6/0xb30
[  582.303589][T23161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  582.303624][T23161]  ? aa_sock_msg_perm+0x94/0x160
[  582.303653][T23161]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  582.303677][T23161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  582.303708][T23161]  __sock_sendmsg+0x21c/0x270
[  582.303740][T23161]  ____sys_sendmsg+0x52d/0x830
[  582.303769][T23161]  ? __pfx_____sys_sendmsg+0x10/0x10
[  582.303803][T23161]  ? import_iovec+0x74/0xa0
[  582.303837][T23161]  ___sys_sendmsg+0x21f/0x2a0
[  582.303863][T23161]  ? __pfx____sys_sendmsg+0x10/0x10
[  582.303933][T23161]  ? __fget_files+0x2a/0x420
[  582.303953][T23161]  ? __fget_files+0x3a0/0x420
[  582.303984][T23161]  __sys_sendmmsg+0x227/0x430
[  582.304015][T23161]  ? __pfx___sys_sendmmsg+0x10/0x10
[  582.304035][T23161]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  582.304098][T23161]  ? ksys_write+0x22a/0x250
[  582.304130][T23161]  ? __pfx_ksys_write+0x10/0x10
[  582.304156][T23161]  ? rcu_is_watching+0x15/0xb0
[  582.304196][T23161]  __x64_sys_sendmmsg+0xa0/0xc0
[  582.304230][T23161]  do_syscall_64+0xfa/0x3b0
[  582.304258][T23161]  ? lockdep_hardirqs_on+0x9c/0x150
[  582.304285][T23161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.304305][T23161]  ? clear_bhb_loop+0x60/0xb0
[  582.304331][T23161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.304351][T23161] RIP: 0033:0x7fd9f898eb69
[  582.304371][T23161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.304391][T23161] RSP: 002b:00007fd9f97e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  582.304415][T23161] RAX: ffffffffffffffda RBX: 00007fd9f8bb5fa0 RCX: 00007fd9f898eb69
[  582.304431][T23161] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[  582.304446][T23161] RBP: 00007fd9f97e1090 R08: 0000000000000000 R09: 0000000000000000
[  582.304460][T23161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.304473][T23161] R13: 0000000000000000 R14: 00007fd9f8bb5fa0 R15: 00007ffcfe673998
[  582.304510][T23161]  </TASK>
[  582.733610][T23172] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5690'.
[  582.774514][T23172] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5690'.
[  583.196735][T23200] 
[  583.199222][T23200] ======================================================
[  583.206880][T23200] WARNING: possible circular locking dependency detected
[  583.214368][T23200] 6.16.0-syzkaller-06588-g759dfc7d04ba #0 Not tainted
[  583.221326][T23200] ------------------------------------------------------
[  583.228540][T23200] syz.0.5702/23200 is trying to acquire lock:
[  583.234868][T23200] ffffffff8f65e158 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0
[  583.244737][T23200] 
[  583.244737][T23200] but task is already holding lock:
[  583.252191][T23200] ffff888077c07170 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  583.261691][T23200] 
[  583.261691][T23200] which lock already depends on the new lock.
[  583.261691][T23200] 
[  583.272799][T23200] 
[  583.272799][T23200] the existing dependency chain (in reverse order) is:
[  583.282098][T23200] 
[  583.282098][T23200] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  583.290286][T23200]        lock_acquire+0x120/0x360
[  583.295508][T23200]        _raw_spin_lock_bh+0x36/0x50
[  583.301325][T23200]        nr_rt_device_down+0x12a/0x720
[  583.307146][T23200]        nr_device_event+0x137/0x150
[  583.312617][T23200]        notifier_call_chain+0x1b3/0x3e0
[  583.318780][T23200]        __dev_notify_flags+0x18d/0x2e0
[  583.324944][T23200]        netif_change_flags+0xe8/0x1a0
[  583.331553][T23200]        dev_change_flags+0x130/0x260
[  583.338513][T23200]        dev_ioctl+0x7b4/0x1150
[  583.343834][T23200]        sock_do_ioctl+0x22c/0x300
[  583.349341][T23200]        sock_ioctl+0x576/0x790
[  583.354571][T23200]        __se_sys_ioctl+0xf9/0x170
[  583.360105][T23200]        do_syscall_64+0xfa/0x3b0
[  583.365854][T23200]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.372555][T23200] 
[  583.372555][T23200] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  583.380924][T23200]        lock_acquire+0x120/0x360
[  583.386409][T23200]        _raw_spin_lock_bh+0x36/0x50
[  583.391825][T23200]        nr_rt_device_down+0xa9/0x720
[  583.397960][T23200]        nr_device_event+0x137/0x150
[  583.403620][T23200]        notifier_call_chain+0x1b3/0x3e0
[  583.409370][T23200]        __dev_notify_flags+0x18d/0x2e0
[  583.414931][T23200]        netif_change_flags+0xe8/0x1a0
[  583.420509][T23200]        dev_change_flags+0x130/0x260
[  583.426412][T23200]        dev_ioctl+0x7b4/0x1150
[  583.431542][T23200]        sock_do_ioctl+0x22c/0x300
[  583.436987][T23200]        sock_ioctl+0x576/0x790
[  583.441930][T23200]        __se_sys_ioctl+0xf9/0x170
[  583.447322][T23200]        do_syscall_64+0xfa/0x3b0
[  583.452791][T23200]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.459699][T23200] 
[  583.459699][T23200] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  583.467906][T23200]        validate_chain+0xb9b/0x2140
[  583.473723][T23200]        __lock_acquire+0xab9/0xd20
[  583.479227][T23200]        lock_acquire+0x120/0x360
[  583.484436][T23200]        _raw_spin_lock_bh+0x36/0x50
[  583.489987][T23200]        nr_remove_neigh+0x25/0xe0
[  583.495376][T23200]        nr_add_node+0x1d9f/0x2570
[  583.500686][T23200]        nr_rt_ioctl+0xc12/0xd50
[  583.505897][T23200]        sock_do_ioctl+0xdc/0x300
[  583.511223][T23200]        sock_ioctl+0x576/0x790
[  583.516455][T23200]        __se_sys_ioctl+0xf9/0x170
[  583.522252][T23200]        do_syscall_64+0xfa/0x3b0
[  583.527464][T23200]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.534055][T23200] 
[  583.534055][T23200] other info that might help us debug this:
[  583.534055][T23200] 
[  583.544643][T23200] Chain exists of:
[  583.544643][T23200]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  583.544643][T23200] 
[  583.559105][T23200]  Possible unsafe locking scenario:
[  583.559105][T23200] 
[  583.566751][T23200]        CPU0                    CPU1
[  583.572386][T23200]        ----                    ----
[  583.578113][T23200]   lock(&nr_node->node_lock);
[  583.583425][T23200]                                lock(nr_node_list_lock);
[  583.590903][T23200]                                lock(&nr_node->node_lock);
[  583.598295][T23200]   lock(nr_neigh_list_lock);
[  583.603670][T23200] 
[  583.603670][T23200]  *** DEADLOCK ***
[  583.603670][T23200] 
[  583.612164][T23200] 1 lock held by syz.0.5702/23200:
[  583.617399][T23200]  #0: ffff888077c07170 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  583.627518][T23200] 
[  583.627518][T23200] stack backtrace:
[  583.633695][T23200] CPU: 1 UID: 0 PID: 23200 Comm: syz.0.5702 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba #0 PREEMPT(full) 
[  583.633721][T23200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  583.633732][T23200] Call Trace:
[  583.633742][T23200]  <TASK>
[  583.633750][T23200]  dump_stack_lvl+0x189/0x250
[  583.633772][T23200]  ? __pfx_dump_stack_lvl+0x10/0x10
[  583.633788][T23200]  ? __pfx__printk+0x10/0x10
[  583.633806][T23200]  ? stack_trace_save+0x9c/0xe0
[  583.633830][T23200]  print_circular_bug+0x2ee/0x310
[  583.633849][T23200]  check_noncircular+0x134/0x160
[  583.633868][T23200]  validate_chain+0xb9b/0x2140
[  583.633892][T23200]  __lock_acquire+0xab9/0xd20
[  583.633917][T23200]  ? nr_remove_neigh+0x25/0xe0
[  583.633937][T23200]  lock_acquire+0x120/0x360
[  583.633959][T23200]  ? nr_remove_neigh+0x25/0xe0
[  583.633982][T23200]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  583.634007][T23200]  ? nr_remove_neigh+0x25/0xe0
[  583.634027][T23200]  _raw_spin_lock_bh+0x36/0x50
[  583.634046][T23200]  ? nr_remove_neigh+0x25/0xe0
[  583.634065][T23200]  nr_remove_neigh+0x25/0xe0
[  583.634086][T23200]  nr_add_node+0x1d9f/0x2570
[  583.634106][T23200]  ? __asan_memcpy+0x40/0x70
[  583.634129][T23200]  ? nr_call_to_digi+0x126/0x1b0
[  583.634151][T23200]  nr_rt_ioctl+0xc12/0xd50
[  583.634174][T23200]  ? kasan_quarantine_put+0xdd/0x220
[  583.634195][T23200]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  583.634219][T23200]  ? apparmor_capable+0x137/0x1b0
[  583.634238][T23200]  ? capable+0x89/0xe0
[  583.634262][T23200]  ? nr_ioctl+0x1b1/0x3b0
[  583.634278][T23200]  sock_do_ioctl+0xdc/0x300
[  583.634300][T23200]  ? __pfx_sock_do_ioctl+0x10/0x10
[  583.634319][T23200]  ? __lock_acquire+0xab9/0xd20
[  583.634346][T23200]  sock_ioctl+0x576/0x790
[  583.634366][T23200]  ? __pfx_sock_ioctl+0x10/0x10
[  583.634385][T23200]  ? __fget_files+0x2a/0x420
[  583.634399][T23200]  ? __fget_files+0x3a0/0x420
[  583.634414][T23200]  ? __fget_files+0x2a/0x420
[  583.634429][T23200]  ? bpf_lsm_file_ioctl+0x9/0x20
[  583.634451][T23200]  ? __pfx_sock_ioctl+0x10/0x10
[  583.634469][T23200]  __se_sys_ioctl+0xf9/0x170
[  583.634491][T23200]  do_syscall_64+0xfa/0x3b0
[  583.634515][T23200]  ? lockdep_hardirqs_on+0x9c/0x150
[  583.634536][T23200]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.634552][T23200]  ? clear_bhb_loop+0x60/0xb0
[  583.634570][T23200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.634586][T23200] RIP: 0033:0x7f248e78eb69
[  583.634602][T23200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  583.634617][T23200] RSP: 002b:00007f248f6e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  583.634635][T23200] RAX: ffffffffffffffda RBX: 00007f248e9b5fa0 RCX: 00007f248e78eb69
[  583.634647][T23200] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  583.634658][T23200] RBP: 00007f248e811df1 R08: 0000000000000000 R09: 0000000000000000
[  583.634669][T23200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  583.634679][T23200] R13: 0000000000000000 R14: 00007f248e9b5fa0 R15: 00007ffc4c5bc548
[  583.634697][T23200]  </TASK>
[  583.969650][T23204] netlink: 'syz.1.5703': attribute type 1 has an invalid length.
[  583.978404][T23204] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5703'.