last executing test programs:

29.596367618s ago: executing program 4 (id=4924):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be)
r2 = socket(0x28, 0x801, 0x0)
shutdown(r2, 0x0)
poll(&(0x7f0000000040)=[{r2, 0x82}], 0x1, 0x800)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0)

28.592001423s ago: executing program 4 (id=4946):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
unshare(0x0)
socket$rxrpc(0x21, 0x2, 0x2)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
getsockopt(r0, 0x110, 0x9, 0x0, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="9500000000000000852000000600000007350400100000007c89de2dce0af7a7313d811bdd5b84ce755a3d6e94868c82ae9ee13e1566b2b523c9dd58a818360b9dd37cbf4899e4799fa3b2e67c3c0b22cc01dcd0ab53af308e9d8e47e6367079ec801addcd40759413f2cf68fa3a994ca7d60c70be61951031bab397afebe1a7e22ba9c19d6172ddf89e20116ad71dab7f855fcea6d5ea248b08a4"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x7}, 0x10}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800007d499b8e8e029a6b0000000000711025000000000095000000000000003012433823a6f5e853f701d006e3975525b13f46d554ed43e5b1b97e1125dfa57bfe0cfff060ddd85b363ff1872cafde8774537786797ee310c01f644c10c5f0eeebf1e9c2694c1890436924c780e39e7360a3bd8e5a9e320abe69af715adb299940715a44bbf81ff3d1857b9d9126b384e7e61e510077190859a8af007fd5eb801180e14e2fe6e866117195cf5fa3dbb442e612c889e98c1b144400fabdf25c7c5108fba8d5f2507b705552ec2fc97de6828ef837bf2f95fd145aa6b1b5804f59d5b3f609ec36b8375791194daf83ad8566fbd442d2f2fe96268829ec1c9266068e3cc44826b0f385ab3ea957b4132106fa00a38e2a833021b15ea74d9219878702c2c064821948a2a623d50f3b85c472915d418631b69e80f66f8c1728f3b0030250a45aff48e9638a2a4fb75f3566db97a45b389245d48fb5691d76c089f438e23c0509b70ed248bfb48e83efc25d9ad7b2214cee37cca203dc325fbef0205f3389b4976a4df5ba62bbed1dbf6a765db76b04b654056b4b1ca2ae84a381699d4aa1c5c047af4b9f4368251b7776dd1b3af9509fc01b566d9b9cac93b75958216cfe527c2fa83e6049946107fe025fea7c05358ad26ba9e03234641f3097eb19"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0xad3394dc192dae8b, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x60}, 0x1, 0x0, 0x0, 0x4040851}, 0x24000000)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYRES8=r1, @ANYRES16=r0, @ANYRES8=r0, @ANYRES8=r0], 0x18)
connect$inet6(r2, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001840), 0x3b, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
getsockopt$sock_buf(r4, 0x1, 0x37, 0x0, &(0x7f0000001000)=0x29)
r5 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
sendmsg$inet(r5, &(0x7f0000003740)={0x0, 0x0, 0x0}, 0x4004004)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r7, 0x300, 0x70bd25, 0x25dfdbfd, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x801)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r8, 0x8919, &(0x7f00000002c0)={'batadv0\x00', {0x2, 0x0, @dev}})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[], 0xc8}}, 0x20000804)

27.892169265s ago: executing program 3 (id=4958):
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x7, 'veth0_macvtap\x00', {0x6}, 0x4})
r0 = socket$inet(0x2, 0x3, 0x33) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x8, &(0x7f0000000880)=ANY=[@ANYBLOB="7a0af8ff7525736cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000f700000000b2595285fa97ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5956fc4a33ca263e2b5d47b2b00000000b1a297cfddd73f30f2382f6c2d3ffdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000010000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e3841bef895c5a637b0bf2eac3cb07b74a72291a1a2b523dd81b6651b1ee29e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c92cdfbea882b0b18914781ceb10814cf4ee23ddb79fff5eb156e0a000000000000f2bd164a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8fdf3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c980000cfb215af2c1a3c22243cce23b00000a857d61b0d66c3f6da8aed31027c33204ea0fa0620111920d3f24980e9995a510bd87b06440a0a26130098b901c53a02cfbfd8bcbdec9f34542c3c9652adefde555ecd28ebc88082bab431ee3e1adb5b0ad14c79dd4411ecc96c512f3b72a9b3a0c3e07ec6b427bdc0bf3963e9f802a5feab82a989db62d8d1339f842b3f593d6c24fe015ec63c658ba7c4fae17514f802709ab4fa5caa932d4b65a5ecfc422899513ddde6ec04974f9981a8c155c26e2e3b8f2d0da70e524832ab04dec9ce66a62ceffbb15b1857c93666fe043a266a451f9a1e1f054211b9ae566b58f4f356c7a4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0xd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000080), &(0x7f00000000c0)=0x40)
getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28)

27.209283151s ago: executing program 3 (id=4962):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x14, r1, 0xb01}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r2=>0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000200)=0x4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wg1\x00', <r4=>0x0})
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000340)={@local, @local, <r7=>0x0}, &(0x7f0000000380)=0xc)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd4, r1, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}]}, 0xd4}}, 0x4000)
r8 = socket(0x400000000010, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xc, 0x4, &(0x7f0000000140)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x8b}]}, &(0x7f0000000280)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

27.206502077s ago: executing program 4 (id=4964):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000440), 0xffffffffffffffff) (rerun: 64)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x54, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x401}, {0xc}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x804) (async, rerun: 32)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000005c0)={0x100000001, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r2=>0x0}], 0x87, "b76eab88ba9102"}) (rerun: 32)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000140)={{r2, 0x1, 0x0, 0x5, 0x9, 0x3, 0x100000001, 0x3ff, 0x0, 0x3, 0x1000, 0x5, 0xc0, 0x6, 0x6}, 0x20, [0x0, 0x0, 0x0, 0x0]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async, rerun: 64)
r4 = socket$key(0xf, 0x3, 0x2) (async, rerun: 64)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e000b7300fc040000000000000000000000000000ff020000000000000000000000000001"], 0x0)
sendmsg$key(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0x70bd2d}, 0x10}}, 0x0) (async, rerun: 32)
r5 = socket(0x2a, 0x2, 0x0) (rerun: 32)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000227bd7000fedbdf25210000000600eb000800000008007719580f0001000000040087000600f7000a0200000400870004"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x4850) (async)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c09000056"], 0x398}}, 0x0) (async)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
sendmsg$nl_xfrm(r7, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000080)=ANY=[@ANYBLOB="c40000001900f3fe0000000000000000fe8000000000000000000000000000bbac1e000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000b86b6e0000000000000000000c0008"], 0xc4}}, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r9=>0xffffffffffffffff}) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r9, 0x1, 0x2a, &(0x7f0000000100)=r10, 0x4) (async)
r11 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r11, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000000a0080"], 0x38}}, 0x0) (async)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r5)
sendmsg$TIPC_NL_KEY_FLUSH(r10, &(0x7f0000001600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000015c0)={&(0x7f0000000380)={0x80, r12, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x6c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x91}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1060}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1fe00}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffff8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x24048000}, 0xc0) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000400)=@framed={{0x18, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x88}}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90) (rerun: 32)

27.205149172s ago: executing program 3 (id=4966):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0xa, 0x40000000)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt(r2, 0x1, 0xe, 0x0, &(0x7f0000000080))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000fdff00"/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r3, <r4=>0xffffffffffffffff}, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1, @ANYRES16=r4], 0x4c}}, 0x40000)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

27.204565682s ago: executing program 4 (id=4968):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000940)=ANY=[@ANYBLOB="1401000027000100000000000000000003"], 0x114}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b00000044"], 0x48)

27.203769968s ago: executing program 3 (id=4969):
r0 = socket$key(0xf, 0x3, 0x2)
socket(0x15, 0x5, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x2, 0xe, 0x9, 0x8, 0x1e, 0x0, 0x70bd25, 0x25dfdbfc, [@sadb_x_sa2={0x2, 0x13, 0x0, 0x0, 0x0, 0x70bd27, 0x3506}, @sadb_lifetime={0x4, 0x3, 0x3, 0x101, 0x6, 0x8}, @sadb_x_sec_ctx={0x16, 0x18, 0x4, 0x5a, 0xa5, "597ac54da1fc6247ca864442d56c828fa027b51d709299f744e654f00a12f506f1476b48d4a0e95ebd3a2e01303c95703cb45a598f468bf366cd3489ebd83c33f80226062ca6d16cd91a6ca10aca30aac039c448158bb2269fe67c087fb8f357e0f4a2e2094ce6ae0f9857b4438721ae74568ff6f28b554b7444b0a20b30cda12e281121e5f9af9edca717c1ee804946c2c9c861e637b3ff6a1cdcab5c65bcc860a265e5b5"}]}, 0xf0}}, 0x1)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b0f, &(0x7f0000000000)={'wlan1\x00', @random="00000c37d7ac"})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020f0000100000000000000000000000030005000000000002004e20ffffffff0000000000000000080012000000010000000000000000000600000000000000000000000000000000000000000000000000000000000000fc020000000000000000000000000000030006000000000002000000e000000100000000000000005014cbc349fbcbb16a3f144993c090f0eb"], 0x80}}, 0x0)
socket$key(0xf, 0x3, 0x2)

27.086015921s ago: executing program 4 (id=4970):
r0 = socket$kcm(0x21, 0x2, 0x2)
r1 = socket$inet(0x2, 0x80800, 0x8)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vxcan1\x00', <r3=>0x0})
r4 = socket$pppoe(0x18, 0x1, 0x0)
accept4(r4, 0x0, 0x0, 0x0)
bind$can_j1939(r2, &(0x7f0000000180)={0x1d, r3, 0x0, {0x0, 0x0, 0x1}, 0x2}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="7c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000003c00198008000100400200000800020081040000080002000401000008000100080000000800010040010000080001000000000008000200200f0000080003"], 0x7c}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000040)=0x1)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x38, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ppp={{0x8}, {0xc, 0x2, 0x0, 0x1, {0x8, 0x1, r8}}}}]}, 0x38}}, 0x0)
sendmsg$can_j1939(r2, &(0x7f0000000040)={&(0x7f00000000c0)={0x1d, r3, 0x1, {0x1, 0x1ee, 0x4}}, 0x51, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x28010}, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f00000002c0)={0x0, 'team_slave_1\x00', {0x4}, 0x5})
ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f00000000c0)={0x4, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}, {}, {}, {0x6, 0x3}]})
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000440)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e23, 0x20, @ipv4={'\x00', '\xff\xff', @loopback}}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x10b8}, 0x48d4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
ioctl$sock_ifreq(r0, 0xc536fa97bc44e755, &(0x7f0000000280)={'tunl0\x00', @ifru_names='veth0_to_bond\x00'})
r10 = socket$inet_udp(0x2, 0x2, 0x0)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x420400, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x8924, &(0x7f0000000200)={'veth0_virt_wifi\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r10, 0x89f9, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000180)={@local, @rand_addr=0x64010100, 0xd, 0x8}})
r12 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x18, 0x52, 0x1, 0x0, 0x0, {0x1c}, [@nested={0x4, 0x4}]}, 0x18}}, 0x0)

26.801248435s ago: executing program 3 (id=4973):
r0 = socket$kcm(0x10, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r2)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x111440, 0x0)
ioctl$TUNSETLINK(r4, 0x400454cd, 0x200)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x9}, &(0x7f00000001c0)=0x8)
sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3bbeb48aa31086b8703110000001fa1ff000000000004001400fc000a001d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x4000000)

26.752874105s ago: executing program 3 (id=4974):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
socket$kcm(0x2, 0xa, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="b4050000200080066110480000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498909714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442e05d9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002add8b8ed61d995c1258ea2c22e218f2122a75d10d77aa735e3aa4988bc267d698cc01e56f8ed8b7877f8d217269ab71a634fed1261c399b31bc3f89f6d76816b9e08bed85b33c7cf8527b20ec14f462dad0e1cb64d49d4fa180e0cb32d9f84ffdb28286a810c1d10fdb67ee5148f8c21ddc16c9417570fb3b8c949a940967d71f6441c5f6dbd7fba76ec0bc54575ffea4ac586994450612a3b1080365753cd59300858929c24d40c4f5e6cde531a3be5fb86a50a77187aa095fdd8b3f959b4e47b2053cfafc22ca"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (rerun: 32)
ioctl$SIOCRSSL2CALL(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
sendmsg$rds(r2, 0x0, 0x40800) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
listen(r3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) (async)
write$nci(r0, &(0x7f0000000800)=ANY=[@ANYBLOB="410401", @ANYRES64=r0], 0x4)

26.54428547s ago: executing program 4 (id=4978):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000fcdbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="2ae2794df778b1643174f5f9af94767738aedf89c1d10063f29bfd9409eb1a350fd9797bb859cc467bc1c71e6b6e8580cc55f2e15cd186ef6c7b92794e187cdc87aaec1d2c691f031d805e30442a4551863a009429f37756f06db9614cfb3eac2e390cc31a52e3b4f0f7d28e282cc8447252404aab9e70af75b7751c2ab7cd13bae9216ed1e2229da17dc4d84e0934fa9f86884d5a0148"], 0x1c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x1100, 0x0, 0x3, 0x1}, 0x8)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003640)={0x2c, 0x2b, 0x107, 0xfffffffe, 0x0, {0x3, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @ipv4=@broadcast}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048091}, 0x8010)
bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
listen(r6, 0x0)
ioctl$sock_SIOCINQ(r6, 0x541b, 0x0)
recvmmsg(r4, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0}, 0x104}, {{0x0, 0x0, 0x0}, 0x80000001}, {{0x0, 0x0, 0x0}, 0x8000}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/194, 0xc2}, {&(0x7f00000028c0)=""/236, 0xec}, {&(0x7f0000002b80)=""/4100, 0x1004}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f0000000440)=""/256, 0x100}, {&(0x7f0000000740)=""/251, 0xfb}], 0x6}, 0x272}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0x7ff}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x7fff}, {{0x0, 0x0, 0x0}, 0x9}], 0x9, 0x40004002, 0x0)
r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000000))
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000200)=@ethtool_channels={0x50}})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
sendfile(r8, r10, 0x0, 0x0)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x2, @f={0x7, 0x3, 0x2, 0xe5, {0x5, 0x12, "c71dcc80b3c4f576ebda506287a4ebf7e501"}, 0x2}}, 0x1c)
connect$bt_l2cap(r6, &(0x7f0000000140)={0x1f, 0x40, @none, 0x5}, 0xe)

18.768219366s ago: executing program 0 (id=5101):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0xf5ffffff, {0x7}}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24004810)

18.767669126s ago: executing program 0 (id=5102):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x871a15abc695fb3f, 0x70bd27, 0x1, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5c, 0x8001, 0x3, 0x5, 0xfffffff8}, @multicast1, @multicast1, 0xffffff00, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x6c}}, 0x0) (async)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a1c000000000a010200000000000000000100ffff08000240000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073017a320000000014000000060a0104000000000000000001"], 0x84}}, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 32)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 32)
ioctl$SIOCSIFHWADDR(r2, 0x80108906, 0x0) (async)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4) (async, rerun: 64)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d63200000000000000200100000000000000000000000000000000000000000000000000000700000000000000fc020000000000000000000000000001000000003c00000002000000ac141425000000000000000000000000043500000100000000000000000000000000000000000000000000000000000000000000000000003300000002"], 0x23c}}, 0x4004000) (rerun: 64)

18.7014622s ago: executing program 0 (id=5103):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000ffdbdf25060000004400028006008698165a000000000400b6000000080003b25844401a719bee12aa722cea000400000006000f000500000005000d000100000006000b0002000000080008000000010005000d000100001d00"/111], 0x68}, 0x1, 0x0, 0x0, 0x15}, 0x4000)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r1, 0x8, 0x70bd28, 0x25dfdbfb}, 0x14}}, 0x40810)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="050000000000000073117000000000008510000002000000850000000500010095000000000000009500a505000000009e3c5012d001cd60cd367e723983fe12f001bbc74ec6009f7b78abf5d31bb8b9a7ffbe741a957146d6366d93f6c2a3ea91921bac7551cf105c2b71be23f6099b4811193b2a22b41308da5c4ea5c4d0e798527ebb720848ba65d359070b5a092f6f5f7e65c0ef1f6ad70c1f18d5508ec353876a032f8b0674bc194ad2073619bf3b1beeae23884eb2aacbe52fd0d2bb7fa0a07d15142c915f6f9613"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

18.655207626s ago: executing program 0 (id=5104):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x420001}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x138, 0xa, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_EXPRESSIONS={0x114, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}, {0x1c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}, {0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @queue={{0xa}, @void}}, {0x44, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1c}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xf}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x15}]}}}, {0x3c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MAX={0x8}, @NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x31}, @NFTA_REDIR_REG_PROTO_MAX={0x8}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0xc}]}}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000081}, 0x4010)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, r2, 0x2dce4dc3193475bf, 0x70bd26, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x9, 0x6, 0x3, 0xccd6}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x20040005) (async)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r1)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
pipe(&(0x7f0000000480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r4)
sendmsg$NL80211_CMD_GET_MPATH(r4, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x58, r6, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000081}, 0x4000) (async)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f0000000f40)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0xa085}, 0xc, &(0x7f0000000f00)={&(0x7f0000000680)={0x868, r6, 0x20, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xd270, 0x43}}}}, [@NL80211_ATTR_IE={0x10, 0x2a, [@challenge={0x10, 0x1, 0x56}, @mesh_config={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0xf8, 0xfa, "9e587e0cd790aa9ef66b31206fd016ec82e670cebe789121cbfc12a6f58f24b0ee7c16857eda7258e6260589eace404388e904f79e221b78d6c31797582a515fc8942465a0eb5d6cd217feaae9339644a2a7174c562afaa8e2d2ec56480c2c83ebfe44c92c82562ceacea7a7791d69d6b0fa721019d001b8d0552d4f97c62dfea1d5e0178c9e7d9450a80597e6420f4cee5664449376db1ac62285fb9e4c82ecb5d35c2d9b5658fae0e40f0bca2cc9687f3f723fcccf30b7a1eeff1c65fe676393f8964c482f3fb593ca1fd08777382f681f10fb778d30f443831e652fd79246fd21769da958ee8bbf6364520b484959db835aeb"}, @NL80211_ATTR_FILS_ERP_REALM={0x1d, 0xfa, "3e8a11c2f152f37cc0f292f7d1e3dc5506ec20651db95a65c1"}, @NL80211_ATTR_FILS_ERP_REALM={0xcd, 0xfa, "220494e1f72cba055d4c43d6b6560872a36a5be511fe735083f5f9a6c0fc87743b952ad2925096a180da90a540fb70537058726ed63821b6b615d59fbbe830a6f720c5502c421f1196fa88aa21fc056165b6268561560a75ea6c2ad0d86a838fb477c00fbb401f476d0da965476a63f9594fcd0d6b0cb5962bdc204214016f6f4ed5cb407052c103447d827263e4ef5b7024735609bc964d5f8aad12f67d847f51f36be5bda8c53a72c929a8f730634d6f10aa684a0864ca5fe8bc8b4ab5a48d6082c6a08f8b0038c1"}, @NL80211_ATTR_FILS_ERP_RRK={0xf0, 0xfc, "9cfdf0f5c2eb0dde49055822fb5305bddd7e2ce7d448291c1af805ffe379893a7cc4ec2b67da42ab0c030143cbcbf6415d5df7b32f937d0e46500986a1abcca9666ba3410ae8d24a9fef56ca487b763eced9ac51ce5d646ad8dbfae171b5e3e3fb1df77c29976c0b9ff4b4b13691c92fba490282c492cbd77934c3ec664959df9bd71890956719c5058264b8003c42c702740bacb6aa1245868c6fea04423050aa953e618f50fec9084b64accc80c0402611f1a7f85fcad549ba907c0ba080d4866ef8befed7b5f4691b90d3ac6d0cc7c147c66c7f838da7959128b6306922675226f96d894f9459c0ac83e3"}], @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0xac, 0xfc, "719549a93aaa76755a08de064d92f76909afdc7a569d06cdf872ea960f22f98f4245d7c2b2a532f378534de5a1ed8af6149eb1a95b8c37d1ce13302b287ce15229cf3dd5a4a2504a720a81890b7c2d7f2a68c2e52e574c8114d19f102c84d1d2199d2fcf6c158d0022360636a2322cb89917b63fed32c77a266c834ffc39a7083e1bea5f8860e746a80874a684c03623e8e14b253c3a8a26e088982301a06cf988c2211e2251c63b"}, @NL80211_ATTR_FILS_ERP_REALM={0x70, 0xfa, "cff1bdb41d63c87b8515ab01caa58b3fbf10f4dfe6a04ae3db0aedc7f114b17f835f7e3180808b5e902f37f4d026cba73349eb41f6c68b63a43bf5a9726e2c786d4cced58e029101bbf98e9aecb21ccae60828ca6edbc6cd55e82b640daa5a0849cc137d4adfd516cbb9895c"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x400}], @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0x49, 0xfa, "0733955099fedb24223c5344e9f6d8cc37955870b3bc63ec1c25b6dfc9ff767d9a3927499d323408348d5fdb9428af0fea8e43ce0fb668fba768d9e350e4bd3c0e1d7a94bd"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x5, 0xf9, 'S'}, @NL80211_ATTR_FILS_ERP_USERNAME={0x14, 0xf9, "00c333d138f331abf3b0a6ff13e8650f"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xffff}], @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0x69, 0xfa, "f0927646c02cd2ad32fe8fa4e277e25a0cc10e791c0eb7e695128f18be9e4f211ff63fc35cf6cb8fe4c6c383bbe9a861eb8695fe94119bb6f7ab5eb30247f24908f9b54e4bf77991d36bfee438c8b00407fb49ef1ca478387175e2382424f6e11b158e00ec"}, @NL80211_ATTR_FILS_ERP_RRK={0x4b, 0xfc, "5a2c7559279377262b7a2269eba534bb4caf412bdd53949a6593d7590a30febc4ce15d108e50d9fb4fa8cce63da4238ccda014d426a570b54bf383ad0b5e2bf23002e1bf471523"}, @NL80211_ATTR_FILS_ERP_RRK={0x7e, 0xfc, "002ff958e198dee6dc6fb3ab02b9e4732efda2e2f74c7eeb30bf98ad36d2553b7bcc5e08adbcd994e82e1d06b8b0dca00d95d13fc42e9fb26c8f5d6fc400be23dbcf7bf43b8fde20556b99b4d416bd9428554e31fb9fcd784b1ee9c2c7d5fd72bd5f836076fb15112978d69b7a3e44be1c3745bbd057b606610c"}, @NL80211_ATTR_FILS_ERP_RRK={0x52, 0xfc, "dee0006b8bfa0492c173e67c453d19105c7c6c94d6eb293d6e453340752b7f12b4d50c6bdec08ad123294d0f2b8bfbbceddce1b22ae1d91445e491141697c1076577d6076b20553fc7de5a013668"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x18d}, @NL80211_ATTR_FILS_ERP_REALM={0xcf, 0xfa, "2931fca6ef96cc9f0655db3d9f8b9d7558abd09bfa1a6fea622937727145821d9abe7bf5d9392bab2e22dcf1ee88331396245b374224f41529c5b1857e648b165bc1821f001ad0a8efcbef93b82667afb6808200f45846bab5b80b6b714aa2a7b56d442b29af77ea029e89b4134f8eff35a17509a33ed8c113298af8f890683e6ca313e392ff0a553674f286c3a518b9baaecb7cfdf53421918afd3d0e24cd6639a2d1065fbdd11ae9d799005ab130330a4ef2c9657a6e7bcb8925fd8a2f57dc63e260f8e1fa8d5019cfe4"}, @NL80211_ATTR_FILS_ERP_RRK={0xb6, 0xfc, "104379eee3c01a979331a3691de27190cf7df5a0517903f80a84a7ee0be126a6cd29fa92f0138141c55ddcef13d11ee1065e0ab6879e777ba4142d3d220e5c9f952fe1deb846d0a6029ecb594403d5e6cd8e08bf1e11500577b8385e318142083105d6214f92523fa549076c10f11fb9cae0a8e7834fd269bd60161955bd9547597ecf015d2b5ff9c9c73e3b840ca554d90d50a0082d6d60266e565ef4f8ae05e05f742e0b6fbf00263729bdc3d80800649a"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x12, 0xf9, "dc35fab274db6c6945f5dadf7ef5"}, @NL80211_ATTR_FILS_ERP_RRK={0x99, 0xfc, "fa5334860dd32ab9cec80ac0a804f6bf006e73ce7311ca8d5c8387793509c45b70540fdacae605f4598fd03622d9d1a1eceb05b83191f380c7069c37b8a652c969ba951194a4f0e9f8d244106acc1da862a08ec81439c5f707806405338be5716f300586ce94868cf5a542b4acda222c2de27b5d73f2e1a1b1dce6c1d854a369a2201074a19bbf9e4318f3d04fadf7e53fbfc3c3af"}]]}, 0x868}, 0x1, 0x0, 0x0, 0x40000}, 0x20000010)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000fc0), r5)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000001100)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000010c0)={&(0x7f0000001000)={0xb0, r7, 0x300, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x49}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4004011}, 0x4048092) (async)
r8 = accept4$llc(r5, &(0x7f0000001140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000001180)=0x10, 0x80000)
getsockname$llc(r8, &(0x7f00000011c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000001200)=0x10) (async)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001240)=r5, 0x4) (async)
r9 = accept$inet(r4, 0x0, &(0x7f00000012c0))
splice(r8, &(0x7f0000001280)=0x401, r9, &(0x7f0000001300)=0x1, 0x2, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001380)={<r10=>0x0, @multicast2, @initdev}, &(0x7f00000013c0)=0xc)
sendmsg$DCCPDIAG_GETSOCK(r4, &(0x7f00000017c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001780)={&(0x7f0000001400)={0x360, 0x13, 0x100, 0x70bd2d, 0x25dfdbfb, {0x29, 0xd5, 0x9, 0x7, {0x4e20, 0x4e21, [0x0, 0x3, 0xff, 0x200000], [0x9, 0x3, 0xb, 0xffffffdd], r10, [0x1, 0x6]}, 0xb}, [@INET_DIAG_REQ_BYTECODE={0x54, 0x1, "351d92e57d69c4927384009745ea8d71a3e22160d51da1f6e3101c1eed04a7ca9acb7f993a2c12c5144376235832ef2fa0b82e5898573ee302b46f1105d23ee3552a892457a06dbf553def7e9d43371b"}, @INET_DIAG_REQ_BYTECODE={0x102, 0x1, "e9766d44d0086a1fdab2ed6c73db815fcee3569e80ebdbe49f89b6a56c45aff98821a3f7f02bb096adb33b4b1a1e212b7db4d27c4cf49f56f7926f31786129bfed6e2a751e95dc9da7343b645331db79b13dab99d75f1d44525f3838b70333ded53c34276cabbeb74ef427e5bbfe46aab2ee1dc1e0be0a194f0e38f35793038300af3f388ee27c70c9bd4567186f15598b8507fbf2e18d0dc1e018705974f42fb5286f4d7a5b96241db84a8e1a5c69ca247b3d80455a0498a30ca523ac106537446fb7e73dcb719cbb1cb15c31b40d7a0ed2107507f44f099efe9b13657dedfe12aa3d1032d5334b0d43acbaeed64c24cade2878a21ccc4593bada7b08b0"}, @INET_DIAG_REQ_BYTECODE={0xf9, 0x1, "9d9a4b4b2369fbec330fee98f7f1c53c3be1268d3a9e254564fb1b2d56110f3b22b78eeb75d997b928cd8862b48c060918a283cca7d7cffad5bd5a2cacb43d864195c669f08173775983bb0995985e96ff2bdd23093d6f688dfb62ddf23797e584e590799f5cef8b076044d032c4d2c5513989d40310c8355b5f0e3907a6754b3cf204c8d1fa846daba2fbf0984ab4857cc5d4d5f33374b6011ac130f3f6130fc5db8ff7c1152af6c681dc7807ac79b0d15251fc3367afb8d6ef11dd5826e0af20db86aa6f08d19f022587b8342f85a9789ff9ec8254c02ada784f3a840336b5ec703cb02bbe2401138c71e705adee8f2d4e6125ba"}, @INET_DIAG_REQ_BYTECODE={0x33, 0x1, "1c97ff56c192f96ca796c9d76c60861a9488b726138de285d8bdc74b1c4d092d908fdb02e25b29e6cd58d469a4de9e"}, @INET_DIAG_REQ_BYTECODE={0x89, 0x1, "5e7be97e1a1691c511c124c745b640761b1d75c1affd01591f2d5ec7eb01f12c04ded8fd85ae815ce99181a47f02dd2e9e694bb7d6f7aae3430e5a30c148d517d160c9300355025cd1b659cdf2d6bbc2f101d036873f5ce2537c8a8beed923c13fdc49fb5b412cfdcfd562e85ec2c0d21b59637b0a2f98c7e8dd94736d9f8feb6fe31fe157"}]}, 0x360}, 0x1, 0x0, 0x0, 0x20000080}, 0x810) (async)
sendmsg$nl_generic(r4, &(0x7f0000001900)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001840)={0x7c, 0x27, 0x200, 0x70bd25, 0x25dfdbfc, {0xb}, [@generic="eac4737fde05d524791f905398d57f9b1c97910fb33ced847cc6bd5e043f9f63dffe7f40f56e237dd15b843b62a0500ad6aa3285ccf3e7cf22cb9d3ad8307b875a91c6f7c2c7d0809b5de5efa56d2fe292e763087c89780a09ef24a269fef78fc7502afb66809ab5"]}, 0x7c}, 0x1, 0x0, 0x0, 0xc000}, 0x800) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000001940)={<r11=>0xffffffffffffffff, 0x6, 0x1, 0x7}) (async)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f00000019c0), r1)
sendmsg$TIPC_CMD_DISABLE_BEARER(r11, &(0x7f0000001a80)={&(0x7f0000001980)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x2c, r12, 0x908, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x10, 0x13, @l2={'ib', 0x3a, 'batadv0\x00'}}}, ["", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4842}, 0x44) (async)
write(r0, &(0x7f0000001ac0)="0326703f12bc3af5ff5181c3d38a25ccba3bc0a6e68ebdac148bfde87a7885a077a241011885dbf0a9047ff28d8ae91802d8eb0195b599fef62095083e99553d7a135a5e43f0f5fb5c94b3a3e7c6bfa8d5bcb7803ecbe48646cb7a7deefc2fc1dbfe8ff9d254f6d9902384ac5a8f1184724c29e7c3b29de8bf9868b85398269a42f7924f59bf9f1aad078e2f1b9655e273b9df67559a6020ec4e215ec4996efbf1da367d750fb05a60fe759438315864432f03cbe8fe2ba216012f5ef95eecf8294ab053", 0xc4) (async)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000001bc0), r13)
socket(0xa, 0x800, 0x575) (async)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r4, 0x84, 0x16, &(0x7f0000001c00)={0x6, [0x7, 0x2, 0x8000, 0x3, 0x5, 0x9296]}, &(0x7f0000001c40)=0x10) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002ec0)=@bpf_ext={0x1c, 0x17, &(0x7f0000001c80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@alu={0x4, 0x1, 0x8, 0xa, 0x9, 0x2, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, r11}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001d40)='syzkaller\x00', 0x8, 0x1000, &(0x7f0000001d80)=""/4096, 0x40f00, 0x6, '\x00', r10, 0x0, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2ab1b, r5, 0xa, &(0x7f0000002dc0)=[0xffffffffffffffff], &(0x7f0000002e00)=[{0x5, 0x5, 0x9, 0xb}, {0x0, 0x1, 0x1, 0xa}, {0x4, 0x4, 0x1, 0x1}, {0x0, 0x2, 0x7, 0x7}, {0x1, 0x2, 0x7, 0x1f14938e6863a37b}, {0x4, 0x4, 0x2, 0xc}, {0x0, 0x5, 0x4, 0xb}, {0x4, 0x4, 0xb}, {0x4, 0x5, 0x1, 0xa}, {0x2, 0x1, 0xb}], 0x10, 0x4}, 0x94)

18.571647435s ago: executing program 0 (id=5105):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 32)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) (rerun: 32)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r4=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x3, &(0x7f0000000640)=@framed={{0x18, 0x2, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x3b}}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r4, r3}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x9, &(0x7f0000000e00)=ANY=[@ANYBLOB="611570000000000061138c0000000000bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000005000000160302000ee60060bf350000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773bc14aca"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x9}, 0x8, 0x10, 0x0, 0x0, r4}, 0x94) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r6=>0x0}) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
write$cgroup_devices(r7, 0x0, 0xffdd) (async)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB="90a76505", @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900070000002a000000"], 0x28}}, 0x0) (async)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r7)
sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r8, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x5}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000c000}, 0x50) (async, rerun: 64)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000240), 0x8) (rerun: 64)
ioctl$sock_kcm_SIOCKCMATTACH(r9, 0x89e0, &(0x7f0000000280)={0xffffffffffffffff, r5})

18.539915586s ago: executing program 0 (id=5106):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000040)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="42010102"], 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x300880, 0x2)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0\x00', <r6=>0x0})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNGETFEATURES(r7, 0x800454cf, &(0x7f0000000500))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[], 0x4c}}, 0x4040810)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000001c0)={r6, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_drop_memb(r5, 0x107, 0x2, &(0x7f0000000040)={r6, 0x1, 0x6, @local}, 0x10)
r9 = accept$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @rose}, [@default, @rose, @bcast, @null, @default, @bcast, @bcast, @default]}, &(0x7f0000000140)=0x48)
writev(r9, &(0x7f0000000840)=[{&(0x7f0000000300)="f8975ddfc5ba09caf4592a6e7581779b75ca63585a014c20e57628b90d7efe4a874e284dbbc624a948a2d613fa51e083ccf77c93e39686cf0f47a7313f0a2a5239e0a64e", 0x44}, {&(0x7f0000000380)="db29671406dfae2af51578beb65cae5eba9912507e84e9ec6c9aa7b1d0bcac8fbb3a2e33d424ee70d6d3a6fff15e325bc6d25eb3860d2f608d8db63a8e155a8dbaab6dcff3965f371f46dbc79d11d7fe3387cb960fbd78fa2e06ba1f7d849d0e448ddb61f8fe22f29fb469ac56e78eb8fe6fa9fccf0492c7ffc42ff470f795e67add4aafa44265e2995839000f0d562ca26d8f8c058cbf86e035abce90833500f76c31", 0xa3}, {&(0x7f0000000440)="19a649f0c618772d0dc2fa3d69f7df0d1d8567ede7140192c2f95ce675de7a993f739a93b64cbbf191b3ffc79ad0de7375b9ce3032c69d2d54e23a7f958bd66fc1451bb44d", 0x45}, {&(0x7f00000004c0)="09f590e67c0f72e0fc444633e23513f45f16136742a5b04e468cdc290e890a227e42c735bc909f0e178273d0f60b0586399b3864c751ca1322c1b00a732cc78207d2366643134fa11eee5c0fe06cabeed28a10d4cfd3f519c0f468d054bdd7d80aac255ec8cbc04d445d95618f44bdf4c81b26166d11ba3ce24ceff4912313741ef8668ff9b372307edb8646b1655aeb9a47ec4d7c0f53943ee6cd82921d92090bc37cd6a77dc3b7ac6d481dda640017ea19a0267a90bb8b47e644e52dc27df5db26f5f6b5b5bdff54973f529a576980f2a16abad5c9fabafec97af2997582d60e549ea8f0e7ea0e57759c99b8ef4573e64c606f9db09a0c18b1ed", 0xfb}, {&(0x7f00000005c0)="b5f4c4c65d87a7c50360e7a6c9fa9ec9e3a5fd0ab6a02e78ab411b2899f934817841e4b8212540852c1cd08a857486ed4fc52c483620602a052085b2f73d344e6606d35980af8c815f48126d49ff32c1e78da6b11bd93c570ea181a1ba538b744f4174a19a577b0112ff43132d4977a2360f7ce6d68c72ceab6e783a720d2045a16c5282b53866eb96", 0x89}, {&(0x7f0000000680)="e696a562e0bf03da3295c2cdd761a154af2c46a2c38c46611a4a01031c83f4cb7383bd2132ec97c56ee9a59b1422efcbb323e47875d7151ea16bbc894e348676ecff05aa471a031fb4d157adb4e0", 0x4e}, {&(0x7f0000000700)="a9fef03ef739f11114b6a5ce8c82fd8ea9e7096c18bc8931e958942950f1f1ced59ac8fd9b9f88baf0fba23c5a92f8e69840ea0debf4bb328f8d870b1c063096901215f7f167f84820970d86", 0x4c}, {&(0x7f0000000780)="15810e36143a3a409f9703bb1f6c8f6a1d3bc142dfe0792c10d0f13e9e7bda54e22904d17cbbe90dd9163a63f1218d2e2196f433bdf183379798e8af370be5c8d59d899f68ae588709dcfc2c50598c203c3cd382c5b451431b921d12ddc2f1ec0b691826cbda088be67c8a30ffb966d9585ac26de4e792394075a9126ef650fe648f", 0x82}], 0x8)
socket$netlink(0x10, 0x3, 0x400000000000004)
socket$nl_route(0x10, 0x3, 0x0)
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r10, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xa1ab8d845acc0251}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a010400000000000000000200000048000480440001800c0001007061796c6f616400340002800800044000000000080005400000000008000340000000000800024000000000080006400000a40208000840000000000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
getsockopt$inet_buf(r10, 0x118, 0x2f, 0x0, &(0x7f0000000040))

18.152206751s ago: executing program 2 (id=5112):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0xfffffff5, {0x7}}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24004810)

18.117484561s ago: executing program 2 (id=5113):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00', <r2=>0x0})
sendmsg$can_raw(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f00000005c0)={&(0x7f00000000c0)=@can={{}, 0x80, 0x3, 0x4, 0x2}, 0x210}}, 0x0)
close(r1)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24004810)

18.079067419s ago: executing program 2 (id=5114):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r1 = socket(0x28, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000300)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@getchain={0x24, 0x66, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0x80}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r5, &(0x7f00000000c0), 0x2c8, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000180)={0x40, r0, 0x1, 0x70bd26, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x9, 0x74}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}]]}, 0x40}}, 0x20000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="d80000001c0081064e81f782db44b9040a1d08040e000000000002a1180002000600142603600e1208000f0000810401a8001605200001400200680803600cfab94dcf5c0461c1d67f6f94007134cf61e08000a0e4", 0x55}], 0x1, 0x0, 0x0, 0x7400}, 0x40000)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0x4000}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000940)=ANY=[@ANYRESHEX=r7], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007baaf8ff00000000b7080000341200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000740)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=ANY=[@ANYBLOB="180000001500010029bd7000fedbdf252d"], 0x18}}, 0x20000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r8, 0x2f, 0x28, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e000081007e2288a8", 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00\"\x00'], 0x20}}, 0x0)

15.497400697s ago: executing program 2 (id=5117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="48000000020601040000000000000000000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x48}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="44000000090601020000000000000000070000000900020073797a31000000170500017400070000001c00078003000000fc0100ffffffe400"/69], 0x44}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000084)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400000600005a0bf5467983d1f514a14009ec08001b0000000000"], 0x30}}, 0x0)

15.436379631s ago: executing program 1 (id=5118):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="2d000e0080000000ffffffffffff0802110000000802110000000000000000000003e700640000002503000000000000080026006c09"], 0x80}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x20000004)

15.372165866s ago: executing program 2 (id=5119):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=ANY=[@ANYBLOB="4000000010003b050c0000000000000020000000", @ANYRES32=0x0, @ANYBLOB="c1900000815c00001800128008000100677470000c00028008000200", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x40}}, 0x48010)

15.35641962s ago: executing program 1 (id=5120):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000c80)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd2c, 0x25dfdbfd, {0x2, 0x20, 0x0, 0xfd, r2}, [@IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_ADDRESS={0x8, 0x1, @broadcast}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010101}, @IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}, 0x1, 0x0, 0x0, 0x85}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x92462}, [@IFLA_MAP={0x24, 0xe, {0xd, 0x10001, 0x7, 0xa6a7, 0xb, 0x6}}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x24044800)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

15.279705409s ago: executing program 1 (id=5121):
socket$rxrpc(0x21, 0x2, 0x2)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb"], 0x190)
syz_emit_ethernet(0xd2, &(0x7f00000005c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60120008009c3a00fe8000000000000000000000000300bbff0200000000000000000000000000018200907800"], 0x0)

15.227782978s ago: executing program 2 (id=5122):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="80420000000000001400030076657468305f746f5f626f6e6400000008003a00", @ANYRES32=0x0, @ANYBLOB='\b\x00('], 0x44}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x5, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0x1, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0x2, 0xb}, {0xa, 0x8}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x44840)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
setsockopt$SO_TIMESTAMP(r11, 0x1, 0x1d, &(0x7f0000000000)=0x72d6, 0x4)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0x0, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r13, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010000000000fddbdf25010041000c00050025000000000000000c0002000000000000000000100007800c"], 0x3c}}, 0x0)

15.225075553s ago: executing program 1 (id=5123):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a003080", @ANYRES32=0x0], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="65010000"], 0x188}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a006030"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in6=@private2, 0x8000, 0x0, 0x0, 0x1, 0xa, 0x40, 0x20, 0x0, 0x0, 0xee01}, {}, {0x4, 0x1fc, 0x0, 0x1}}}, 0xb8}}, 0x0)

15.145345808s ago: executing program 1 (id=5124):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000fe8000000000000000833449155bf3c2640000000000000002"], 0xb8}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@getnexthop={0x18, 0x6a, 0x501}, 0x18}}, 0x0)
r2 = accept(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f0000000080)=0x80)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000700)={r4, &(0x7f0000000680)="b6a7ce8ab8bca13e2fd400047b9856959b51bfb299b982a6b0694f71b8bd2593ef7cda4f82ec4e", &(0x7f00000006c0)=@tcp=r3, 0x2}, 0x20)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_SERVICE(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xa4, r5, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3ff}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x81}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x3}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfb04}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7fffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x80}, 0xc241b075203f44ba)
r6 = socket$isdn_base(0x22, 0x3, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r8, 0x29, 0x36, &(0x7f0000000040)=@fragment, 0x8)
getsockopt$inet6_opts(r8, 0x29, 0x36, 0xfffffffffffffffe, &(0x7f0000000840))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f00000001c0)={<r9=>0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e22, @remote}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000400)={r9, @in6={{0xa, 0x4e21, 0x4, @empty, 0x9}}, 0x4, 0x4, 0x624e, 0xa, 0x55, 0x7f}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f00000000c0)={r9, @in={{0x2, 0x6e25, @multicast1}}, 0x3, 0x2, 0x40000002, 0x800000, 0x4c, 0x6, 0x81}, 0x9c)
ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, 0x0)
pipe(&(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000004c0))
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r10, 0x84, 0x18, &(0x7f0000000500)={<r12=>r9, 0x7ff}, &(0x7f0000000540)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000580)={r12, 0x7}, 0x8)
sendmsg$nl_generic(r3, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000880)={0x144, 0x32, 0x301, 0x70bd2d, 0x25dfdbfe, {0x13}, [@generic="38d4e846926aa1d9dd8d2935ef0c11fc180004287a271e7e40c4ccea5e60d7cc941c92cec91b762bb78e9d048a94ec4d668ea5fbbe8b2283906297fc393632d96185beca0c52b6c2a2c79710d53a1291385faa0e46606ffac58648c9d943d150fabaa262b5e38e6f558810489aa1e0daf9faa07b58db5664d3f0a13977ffc377aa58157f00fdaa633832a24d6682c550a240504dee030e50aaf08ff269a88574a1f83640e4a5842ba0", @generic="edd7955c8aead4c41032fdecc4807081d79b1377b6409bdffa83b7e6450c837b00fa83834602469657af128c791ce8237bbba037c597f440451fcc3422aa75cc3b11e07d9c03ed2be5f0e4008866d2a8d90125411fd63480cccf6d7b54311cb92ccf8f2a169b3d9ae7e6a9a3a1939033c6ed27d839b4fcfb845027f20033", @typed={0x8, 0x118, 0x0, 0x0, @fd=r11}]}, 0x144}}, 0x4000)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x188}}, 0x0)

15.102327739s ago: executing program 1 (id=5125):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x488, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0x0, 0xf2ff}, {0xffff, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x450, 0x2, [@TCA_BASIC_POLICE={0x44c, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x8, 0x9, 0x8, 0x0, {0x9, 0x2, 0x2, 0x7, 0x8000, 0x2}, {0x8, 0x2, 0x7, 0xf0, 0x1}, 0x0, 0x3, 0xfffffff9}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x6}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8, 0x3, 0x9, 0x4, 0x4, 0x4, 0x2, 0x0, 0x7, 0x16a, 0x6, 0x4, 0x5, 0x7fffffff, 0x6, 0x7b1, 0xb5, 0x3, 0x5, 0x0, 0x1, 0x7, 0x3, 0xe, 0xfff, 0x19, 0x3, 0xf8a3, 0xff, 0x3, 0x8, 0x2c1, 0x8, 0x6, 0xb, 0x639, 0x7, 0x3ff, 0x200, 0x8, 0xe, 0x3, 0xd65, 0x4, 0x2c, 0xb, 0xc10, 0xfb, 0x2, 0xc, 0xff, 0xffff, 0x4, 0x7ff, 0x3, 0x1, 0x8, 0x2, 0xc, 0x3ff, 0xfff, 0xef, 0x662, 0xfff, 0x0, 0x8, 0x1, 0x7ff, 0x77, 0xd0dc, 0x1, 0x10, 0x3, 0x7, 0x2, 0x5, 0x80000000, 0x0, 0xfffffffb, 0x80000000, 0x57d, 0x5, 0x8, 0x1, 0x8, 0x4, 0x6, 0x1, 0x6, 0x3, 0x0, 0xae, 0x7, 0x8001, 0xe, 0xfffffffe, 0x7, 0x3, 0x8, 0x1, 0x8, 0x7fffffff, 0x6, 0x10001, 0x3, 0x10000, 0x0, 0x8, 0x846, 0x1ff, 0x9, 0x3ff, 0xfffffffa, 0x5, 0x400, 0xaa9, 0x81, 0x8001, 0x3, 0x2c18, 0x8, 0x9, 0x9, 0x0, 0x600, 0x4, 0x80000001, 0x800, 0x100, 0x7, 0x2, 0x32, 0x6, 0x7, 0x2, 0x7, 0x8, 0x4, 0x2, 0x40000000, 0x7f, 0x7, 0x4, 0x7, 0x2, 0x5, 0x5d41, 0x1, 0x2a940, 0x0, 0xb, 0x7, 0x200, 0x10001, 0x9, 0x401, 0x6, 0x1, 0x3, 0x8, 0xc, 0x8, 0x9, 0x0, 0x9, 0x4, 0xc, 0x800, 0xfff, 0x8, 0x32e, 0x5, 0x5, 0x2, 0x40, 0x52, 0xfff, 0x6, 0x2, 0x0, 0x7, 0x9, 0x2, 0x1, 0x9, 0x0, 0x80000001, 0x8, 0x0, 0x1, 0x9, 0x1, 0x1576, 0x8001, 0x7, 0x5, 0x1, 0xcdd6, 0x0, 0x74, 0x8000, 0x80000001, 0x6, 0x5b, 0x7, 0x5, 0xccb9, 0x9b, 0xffff8bf5, 0x7, 0x0, 0x8001, 0x9, 0x5, 0x0, 0x4, 0x8, 0x29, 0x665, 0x8, 0x9, 0x7, 0x6, 0x5c, 0x80, 0xffffffff, 0x4, 0xa000, 0x3, 0x7e8, 0x86f070e5, 0x401, 0x6, 0x4, 0x10, 0x2, 0x3, 0x6, 0x5, 0x5, 0x5, 0x1000, 0xd0, 0x5, 0x10, 0x1e70, 0x4, 0xdbc, 0x1, 0x80000000, 0x8000, 0xff, 0x4, 0xcca, 0x827]}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x488}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x800)

11.556607609s ago: executing program 32 (id=4974):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
socket$kcm(0x2, 0xa, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="b4050000200080066110480000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498909714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442e05d9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002add8b8ed61d995c1258ea2c22e218f2122a75d10d77aa735e3aa4988bc267d698cc01e56f8ed8b7877f8d217269ab71a634fed1261c399b31bc3f89f6d76816b9e08bed85b33c7cf8527b20ec14f462dad0e1cb64d49d4fa180e0cb32d9f84ffdb28286a810c1d10fdb67ee5148f8c21ddc16c9417570fb3b8c949a940967d71f6441c5f6dbd7fba76ec0bc54575ffea4ac586994450612a3b1080365753cd59300858929c24d40c4f5e6cde531a3be5fb86a50a77187aa095fdd8b3f959b4e47b2053cfafc22ca"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (rerun: 32)
ioctl$SIOCRSSL2CALL(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
sendmsg$rds(r2, 0x0, 0x40800) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
listen(r3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) (async)
write$nci(r0, &(0x7f0000000800)=ANY=[@ANYBLOB="410401", @ANYRES64=r0], 0x4)

10.530822619s ago: executing program 33 (id=4978):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000fcdbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="2ae2794df778b1643174f5f9af94767738aedf89c1d10063f29bfd9409eb1a350fd9797bb859cc467bc1c71e6b6e8580cc55f2e15cd186ef6c7b92794e187cdc87aaec1d2c691f031d805e30442a4551863a009429f37756f06db9614cfb3eac2e390cc31a52e3b4f0f7d28e282cc8447252404aab9e70af75b7751c2ab7cd13bae9216ed1e2229da17dc4d84e0934fa9f86884d5a0148"], 0x1c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x1100, 0x0, 0x3, 0x1}, 0x8)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003640)={0x2c, 0x2b, 0x107, 0xfffffffe, 0x0, {0x3, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @ipv4=@broadcast}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048091}, 0x8010)
bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
listen(r6, 0x0)
ioctl$sock_SIOCINQ(r6, 0x541b, 0x0)
recvmmsg(r4, &(0x7f00000018c0)=[{{0x0, 0x0, 0x0}, 0x104}, {{0x0, 0x0, 0x0}, 0x80000001}, {{0x0, 0x0, 0x0}, 0x8000}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/194, 0xc2}, {&(0x7f00000028c0)=""/236, 0xec}, {&(0x7f0000002b80)=""/4100, 0x1004}, {&(0x7f0000000640)=""/68, 0x44}, {&(0x7f0000000440)=""/256, 0x100}, {&(0x7f0000000740)=""/251, 0xfb}], 0x6}, 0x272}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0x7ff}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x7fff}, {{0x0, 0x0, 0x0}, 0x9}], 0x9, 0x40004002, 0x0)
r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000000))
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000200)=@ethtool_channels={0x50}})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
sendfile(r8, r10, 0x0, 0x0)
write$nci(r0, &(0x7f0000000280)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x2, @f={0x7, 0x3, 0x2, 0xe5, {0x5, 0x12, "c71dcc80b3c4f576ebda506287a4ebf7e501"}, 0x2}}, 0x1c)
connect$bt_l2cap(r6, &(0x7f0000000140)={0x1f, 0x40, @none, 0x5}, 0xe)

3.039174988s ago: executing program 34 (id=5106):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000040)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="42010102"], 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x300880, 0x2)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0\x00', <r6=>0x0})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNGETFEATURES(r7, 0x800454cf, &(0x7f0000000500))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[], 0x4c}}, 0x4040810)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000001c0)={r6, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_drop_memb(r5, 0x107, 0x2, &(0x7f0000000040)={r6, 0x1, 0x6, @local}, 0x10)
r9 = accept$netrom(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @rose}, [@default, @rose, @bcast, @null, @default, @bcast, @bcast, @default]}, &(0x7f0000000140)=0x48)
writev(r9, &(0x7f0000000840)=[{&(0x7f0000000300)="f8975ddfc5ba09caf4592a6e7581779b75ca63585a014c20e57628b90d7efe4a874e284dbbc624a948a2d613fa51e083ccf77c93e39686cf0f47a7313f0a2a5239e0a64e", 0x44}, {&(0x7f0000000380)="db29671406dfae2af51578beb65cae5eba9912507e84e9ec6c9aa7b1d0bcac8fbb3a2e33d424ee70d6d3a6fff15e325bc6d25eb3860d2f608d8db63a8e155a8dbaab6dcff3965f371f46dbc79d11d7fe3387cb960fbd78fa2e06ba1f7d849d0e448ddb61f8fe22f29fb469ac56e78eb8fe6fa9fccf0492c7ffc42ff470f795e67add4aafa44265e2995839000f0d562ca26d8f8c058cbf86e035abce90833500f76c31", 0xa3}, {&(0x7f0000000440)="19a649f0c618772d0dc2fa3d69f7df0d1d8567ede7140192c2f95ce675de7a993f739a93b64cbbf191b3ffc79ad0de7375b9ce3032c69d2d54e23a7f958bd66fc1451bb44d", 0x45}, {&(0x7f00000004c0)="09f590e67c0f72e0fc444633e23513f45f16136742a5b04e468cdc290e890a227e42c735bc909f0e178273d0f60b0586399b3864c751ca1322c1b00a732cc78207d2366643134fa11eee5c0fe06cabeed28a10d4cfd3f519c0f468d054bdd7d80aac255ec8cbc04d445d95618f44bdf4c81b26166d11ba3ce24ceff4912313741ef8668ff9b372307edb8646b1655aeb9a47ec4d7c0f53943ee6cd82921d92090bc37cd6a77dc3b7ac6d481dda640017ea19a0267a90bb8b47e644e52dc27df5db26f5f6b5b5bdff54973f529a576980f2a16abad5c9fabafec97af2997582d60e549ea8f0e7ea0e57759c99b8ef4573e64c606f9db09a0c18b1ed", 0xfb}, {&(0x7f00000005c0)="b5f4c4c65d87a7c50360e7a6c9fa9ec9e3a5fd0ab6a02e78ab411b2899f934817841e4b8212540852c1cd08a857486ed4fc52c483620602a052085b2f73d344e6606d35980af8c815f48126d49ff32c1e78da6b11bd93c570ea181a1ba538b744f4174a19a577b0112ff43132d4977a2360f7ce6d68c72ceab6e783a720d2045a16c5282b53866eb96", 0x89}, {&(0x7f0000000680)="e696a562e0bf03da3295c2cdd761a154af2c46a2c38c46611a4a01031c83f4cb7383bd2132ec97c56ee9a59b1422efcbb323e47875d7151ea16bbc894e348676ecff05aa471a031fb4d157adb4e0", 0x4e}, {&(0x7f0000000700)="a9fef03ef739f11114b6a5ce8c82fd8ea9e7096c18bc8931e958942950f1f1ced59ac8fd9b9f88baf0fba23c5a92f8e69840ea0debf4bb328f8d870b1c063096901215f7f167f84820970d86", 0x4c}, {&(0x7f0000000780)="15810e36143a3a409f9703bb1f6c8f6a1d3bc142dfe0792c10d0f13e9e7bda54e22904d17cbbe90dd9163a63f1218d2e2196f433bdf183379798e8af370be5c8d59d899f68ae588709dcfc2c50598c203c3cd382c5b451431b921d12ddc2f1ec0b691826cbda088be67c8a30ffb966d9585ac26de4e792394075a9126ef650fe648f", 0x82}], 0x8)
socket$netlink(0x10, 0x3, 0x400000000000004)
socket$nl_route(0x10, 0x3, 0x0)
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r10, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xa1ab8d845acc0251}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a010400000000000000000200000048000480440001800c0001007061796c6f616400340002800800044000000000080005400000000008000340000000000800024000000000080006400000a40208000840000000000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
getsockopt$inet_buf(r10, 0x118, 0x2f, 0x0, &(0x7f0000000040))

37.899542ms ago: executing program 35 (id=5125):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x488, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0x0, 0xf2ff}, {0xffff, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x450, 0x2, [@TCA_BASIC_POLICE={0x44c, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x8, 0x9, 0x8, 0x0, {0x9, 0x2, 0x2, 0x7, 0x8000, 0x2}, {0x8, 0x2, 0x7, 0xf0, 0x1}, 0x0, 0x3, 0xfffffff9}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x6}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8, 0x3, 0x9, 0x4, 0x4, 0x4, 0x2, 0x0, 0x7, 0x16a, 0x6, 0x4, 0x5, 0x7fffffff, 0x6, 0x7b1, 0xb5, 0x3, 0x5, 0x0, 0x1, 0x7, 0x3, 0xe, 0xfff, 0x19, 0x3, 0xf8a3, 0xff, 0x3, 0x8, 0x2c1, 0x8, 0x6, 0xb, 0x639, 0x7, 0x3ff, 0x200, 0x8, 0xe, 0x3, 0xd65, 0x4, 0x2c, 0xb, 0xc10, 0xfb, 0x2, 0xc, 0xff, 0xffff, 0x4, 0x7ff, 0x3, 0x1, 0x8, 0x2, 0xc, 0x3ff, 0xfff, 0xef, 0x662, 0xfff, 0x0, 0x8, 0x1, 0x7ff, 0x77, 0xd0dc, 0x1, 0x10, 0x3, 0x7, 0x2, 0x5, 0x80000000, 0x0, 0xfffffffb, 0x80000000, 0x57d, 0x5, 0x8, 0x1, 0x8, 0x4, 0x6, 0x1, 0x6, 0x3, 0x0, 0xae, 0x7, 0x8001, 0xe, 0xfffffffe, 0x7, 0x3, 0x8, 0x1, 0x8, 0x7fffffff, 0x6, 0x10001, 0x3, 0x10000, 0x0, 0x8, 0x846, 0x1ff, 0x9, 0x3ff, 0xfffffffa, 0x5, 0x400, 0xaa9, 0x81, 0x8001, 0x3, 0x2c18, 0x8, 0x9, 0x9, 0x0, 0x600, 0x4, 0x80000001, 0x800, 0x100, 0x7, 0x2, 0x32, 0x6, 0x7, 0x2, 0x7, 0x8, 0x4, 0x2, 0x40000000, 0x7f, 0x7, 0x4, 0x7, 0x2, 0x5, 0x5d41, 0x1, 0x2a940, 0x0, 0xb, 0x7, 0x200, 0x10001, 0x9, 0x401, 0x6, 0x1, 0x3, 0x8, 0xc, 0x8, 0x9, 0x0, 0x9, 0x4, 0xc, 0x800, 0xfff, 0x8, 0x32e, 0x5, 0x5, 0x2, 0x40, 0x52, 0xfff, 0x6, 0x2, 0x0, 0x7, 0x9, 0x2, 0x1, 0x9, 0x0, 0x80000001, 0x8, 0x0, 0x1, 0x9, 0x1, 0x1576, 0x8001, 0x7, 0x5, 0x1, 0xcdd6, 0x0, 0x74, 0x8000, 0x80000001, 0x6, 0x5b, 0x7, 0x5, 0xccb9, 0x9b, 0xffff8bf5, 0x7, 0x0, 0x8001, 0x9, 0x5, 0x0, 0x4, 0x8, 0x29, 0x665, 0x8, 0x9, 0x7, 0x6, 0x5c, 0x80, 0xffffffff, 0x4, 0xa000, 0x3, 0x7e8, 0x86f070e5, 0x401, 0x6, 0x4, 0x10, 0x2, 0x3, 0x6, 0x5, 0x5, 0x5, 0x1000, 0xd0, 0x5, 0x10, 0x1e70, 0x4, 0xdbc, 0x1, 0x80000000, 0x8000, 0xff, 0x4, 0xcca, 0x827]}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x488}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x800)

0s ago: executing program 36 (id=5122):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="80420000000000001400030076657468305f746f5f626f6e6400000008003a00", @ANYRES32=0x0, @ANYBLOB='\b\x00('], 0x44}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x5, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0x1, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0x2, 0xb}, {0xa, 0x8}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x44840)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x5, 0x0)
setsockopt$SO_TIMESTAMP(r11, 0x1, 0x1d, &(0x7f0000000000)=0x72d6, 0x4)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000540)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0x0, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r13, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010000000000fddbdf25010041000c00050025000000000000000c0002000000000000000000100007800c"], 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

x10/0x10
[  509.226615][T18860]  ? import_iovec+0x74/0xa0
[  509.226646][T18860]  ___sys_sendmsg+0x21f/0x2a0
[  509.226675][T18860]  ? __pfx____sys_sendmsg+0x10/0x10
[  509.226744][T18860]  ? __fget_files+0x2a/0x420
[  509.226767][T18860]  ? __fget_files+0x3a0/0x420
[  509.226803][T18860]  __x64_sys_sendmsg+0x19b/0x260
[  509.226843][T18860]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  509.226884][T18860]  ? __pfx_ksys_write+0x10/0x10
[  509.226911][T18860]  ? do_syscall_64+0xbe/0xfa0
[  509.226943][T18860]  do_syscall_64+0xfa/0xfa0
[  509.226969][T18860]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.226996][T18860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.227016][T18860]  ? clear_bhb_loop+0x60/0xb0
[  509.227042][T18860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.227061][T18860] RIP: 0033:0x7f9b7cd8eec9
[  509.227080][T18860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.227098][T18860] RSP: 002b:00007f9b7aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  509.227121][T18860] RAX: ffffffffffffffda RBX: 00007f9b7cfe5fa0 RCX: 00007f9b7cd8eec9
[  509.227136][T18860] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  509.227148][T18860] RBP: 00007f9b7aff6090 R08: 0000000000000000 R09: 0000000000000000
[  509.227160][T18860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  509.227172][T18860] R13: 00007f9b7cfe6038 R14: 00007f9b7cfe5fa0 R15: 00007ffc7a317ea8
[  509.227211][T18860]  </TASK>
[  509.860825][T18879] __nla_validate_parse: 7 callbacks suppressed
[  509.860847][T18879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3676'.
[  510.145328][T18898] FAULT_INJECTION: forcing a failure.
[  510.145328][T18898] name failslab, interval 1, probability 0, space 0, times 0
[  510.158530][T18898] CPU: 1 UID: 0 PID: 18898 Comm: syz.3.3682 Not tainted syzkaller #0 PREEMPT(full) 
[  510.158560][T18898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  510.158582][T18898] Call Trace:
[  510.158591][T18898]  <TASK>
[  510.158599][T18898]  dump_stack_lvl+0x189/0x250
[  510.158627][T18898]  ? __pfx____ratelimit+0x10/0x10
[  510.158656][T18898]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.158676][T18898]  ? __pfx__printk+0x10/0x10
[  510.158705][T18898]  ? __pfx___might_resched+0x10/0x10
[  510.158734][T18898]  ? fs_reclaim_acquire+0x7d/0x100
[  510.158765][T18898]  should_fail_ex+0x414/0x560
[  510.158792][T18898]  should_failslab+0xa8/0x100
[  510.158818][T18898]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  510.158840][T18898]  ? __alloc_skb+0x112/0x2d0
[  510.158870][T18898]  __alloc_skb+0x112/0x2d0
[  510.158901][T18898]  netlink_ack+0x146/0xa50
[  510.158923][T18898]  ? __pfx_genl_rcv_msg+0x10/0x10
[  510.158941][T18898]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  510.158970][T18898]  ? __pfx_nl802154_post_doit+0x10/0x10
[  510.159017][T18898]  netlink_rcv_skb+0x28c/0x470
[  510.159039][T18898]  ? __lock_acquire+0xab9/0xd20
[  510.159066][T18898]  ? __pfx_genl_rcv_msg+0x10/0x10
[  510.159088][T18898]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  510.159137][T18898]  ? down_read+0x1ad/0x2e0
[  510.159162][T18898]  genl_rcv+0x28/0x40
[  510.159180][T18898]  netlink_unicast+0x82f/0x9e0
[  510.159214][T18898]  ? __pfx_netlink_unicast+0x10/0x10
[  510.159240][T18898]  ? netlink_sendmsg+0x642/0xb30
[  510.159264][T18898]  ? skb_put+0x11b/0x210
[  510.159295][T18898]  netlink_sendmsg+0x805/0xb30
[  510.159333][T18898]  ? __pfx_netlink_sendmsg+0x10/0x10
[  510.159363][T18898]  ? aa_sock_msg_perm+0xf1/0x1d0
[  510.159391][T18898]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  510.159419][T18898]  ? __pfx_netlink_sendmsg+0x10/0x10
[  510.159446][T18898]  __sock_sendmsg+0x21c/0x270
[  510.159473][T18898]  ____sys_sendmsg+0x505/0x830
[  510.159510][T18898]  ? __pfx_____sys_sendmsg+0x10/0x10
[  510.159550][T18898]  ? import_iovec+0x74/0xa0
[  510.159591][T18898]  ___sys_sendmsg+0x21f/0x2a0
[  510.159622][T18898]  ? __pfx____sys_sendmsg+0x10/0x10
[  510.159696][T18898]  ? __fget_files+0x2a/0x420
[  510.159720][T18898]  ? __fget_files+0x3a0/0x420
[  510.159756][T18898]  __x64_sys_sendmsg+0x19b/0x260
[  510.159789][T18898]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  510.159829][T18898]  ? __pfx_ksys_write+0x10/0x10
[  510.159855][T18898]  ? do_syscall_64+0xbe/0xfa0
[  510.159889][T18898]  do_syscall_64+0xfa/0xfa0
[  510.159915][T18898]  ? lockdep_hardirqs_on+0x9c/0x150
[  510.159943][T18898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.159963][T18898]  ? clear_bhb_loop+0x60/0xb0
[  510.159988][T18898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.160007][T18898] RIP: 0033:0x7f75b2b8eec9
[  510.160024][T18898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.160042][T18898] RSP: 002b:00007f75b3ad1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  510.160065][T18898] RAX: ffffffffffffffda RBX: 00007f75b2de5fa0 RCX: 00007f75b2b8eec9
[  510.160079][T18898] RDX: 0000000000000800 RSI: 0000200000001180 RDI: 0000000000000005
[  510.160093][T18898] RBP: 00007f75b3ad1090 R08: 0000000000000000 R09: 0000000000000000
[  510.160105][T18898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  510.160117][T18898] R13: 00007f75b2de6038 R14: 00007f75b2de5fa0 R15: 00007fffbb887c38
[  510.160151][T18898]  </TASK>
[  510.590675][T18907] netlink: 'syz.3.3684': attribute type 1 has an invalid length.
[  510.651909][T18907] 8021q: adding VLAN 0 to HW filter on device bond1
[  510.766225][T18913] bond1: (slave veth0_to_bond): making interface the new active one
[  510.778036][T18913] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  510.808498][T18917] tipc: Invalid UDP bearer configuration
[  510.808575][T18917] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  511.132163][T18932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3690'.
[  511.171487][T18934] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3693'.
[  511.194689][T18934] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3693'.
[  511.531966][T18955] Bluetooth: MGMT ver 1.23
[  511.590325][T18947] bond5: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  511.638985][T18947] bond5 (unregistering): Released all slaves
[  511.715987][T18965] ªªªªªª: renamed from lo (while UP)
[  511.721450][T18965] FAULT_INJECTION: forcing a failure.
[  511.721450][T18965] name failslab, interval 1, probability 0, space 0, times 0
[  511.738794][T18965] CPU: 1 UID: 0 PID: 18965 Comm: syz.2.3697 Not tainted syzkaller #0 PREEMPT(full) 
[  511.738822][T18965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  511.738834][T18965] Call Trace:
[  511.738841][T18965]  <TASK>
[  511.738849][T18965]  dump_stack_lvl+0x189/0x250
[  511.738875][T18965]  ? __pfx____ratelimit+0x10/0x10
[  511.738902][T18965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  511.738921][T18965]  ? __pfx__printk+0x10/0x10
[  511.738947][T18965]  ? __pfx___might_resched+0x10/0x10
[  511.738999][T18965]  should_fail_ex+0x414/0x560
[  511.739025][T18965]  should_failslab+0xa8/0x100
[  511.739049][T18965]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  511.739069][T18965]  ? device_rename+0xb3/0x1f0
[  511.739137][T18965]  kstrdup+0x42/0x100
[  511.739164][T18965]  device_rename+0xb3/0x1f0
[  511.739197][T18965]  netif_change_name+0x28c/0x960
[  511.739224][T18965]  ? __mutex_lock+0x5bb/0x1350
[  511.739241][T18965]  ? dev_change_name+0x125/0x260
[  511.739267][T18965]  ? dev_ioctl+0x5dc/0x1150
[  511.739289][T18965]  ? __pfx_netif_change_name+0x10/0x10
[  511.739313][T18965]  ? netdev_name_node_lookup+0xdf/0x120
[  511.739348][T18965]  dev_change_name+0x125/0x260
[  511.739393][T18965]  dev_ioctl+0x5ec/0x1150
[  511.739426][T18965]  sock_do_ioctl+0x22c/0x300
[  511.739454][T18965]  ? __pfx_sock_do_ioctl+0x10/0x10
[  511.739493][T18965]  sock_ioctl+0x576/0x790
[  511.739515][T18965]  ? __pfx_sock_ioctl+0x10/0x10
[  511.739544][T18965]  ? __fget_files+0x3a0/0x420
[  511.739571][T18965]  ? __fget_files+0x2a/0x420
[  511.739596][T18965]  ? bpf_lsm_file_ioctl+0x9/0x20
[  511.739614][T18965]  ? __pfx_sock_ioctl+0x10/0x10
[  511.739631][T18965]  __se_sys_ioctl+0xf9/0x170
[  511.739662][T18965]  do_syscall_64+0xfa/0xfa0
[  511.739695][T18965]  ? lockdep_hardirqs_on+0x9c/0x150
[  511.739733][T18965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.739759][T18965]  ? clear_bhb_loop+0x60/0xb0
[  511.739807][T18965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.739831][T18965] RIP: 0033:0x7f6fffb8eec9
[  511.739848][T18965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.739865][T18965] RSP: 002b:00007f7000a21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.739887][T18965] RAX: ffffffffffffffda RBX: 00007f6fffde6090 RCX: 00007f6fffb8eec9
[  511.739901][T18965] RDX: 0000200000000480 RSI: 0000000000008923 RDI: 0000000000000005
[  511.739912][T18965] RBP: 00007f7000a21090 R08: 0000000000000000 R09: 0000000000000000
[  511.739924][T18965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.739934][T18965] R13: 00007f6fffde6128 R14: 00007f6fffde6090 R15: 00007fffd68110d8
[  511.739970][T18965]  </TASK>
[  512.154651][T18974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3700'.
[  512.165838][T18974] netlink: 'syz.4.3700': attribute type 3 has an invalid length.
[  512.371568][T18989] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3705'.
[  512.424499][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms
[  512.432578][    C1] lec:lec_tx_timeout: lec0
[  512.496272][T18993] netlink: 248 bytes leftover after parsing attributes in process `syz.0.3706'.
[  512.512877][T18994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3707'.
[  512.536960][T18994] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3707'.
[  512.591455][T18994] gretap0: entered promiscuous mode
[  512.600684][T18994] gretap0: left promiscuous mode
[  512.628124][T18996] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3708'.
[  512.897296][T19015] FAULT_INJECTION: forcing a failure.
[  512.897296][T19015] name failslab, interval 1, probability 0, space 0, times 0
[  512.949845][T19015] CPU: 0 UID: 0 PID: 19015 Comm: syz.0.3712 Not tainted syzkaller #0 PREEMPT(full) 
[  512.949875][T19015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  512.949887][T19015] Call Trace:
[  512.949896][T19015]  <TASK>
[  512.949905][T19015]  dump_stack_lvl+0x189/0x250
[  512.949933][T19015]  ? __pfx____ratelimit+0x10/0x10
[  512.949963][T19015]  ? __pfx_dump_stack_lvl+0x10/0x10
[  512.949984][T19015]  ? __pfx__printk+0x10/0x10
[  512.950014][T19015]  ? __pfx___might_resched+0x10/0x10
[  512.950042][T19015]  ? fs_reclaim_acquire+0x7d/0x100
[  512.950075][T19015]  should_fail_ex+0x414/0x560
[  512.950103][T19015]  should_failslab+0xa8/0x100
[  512.950129][T19015]  __kmalloc_cache_noprof+0x70/0x3d0
[  512.950150][T19015]  ? nl80211_dump_station+0x47b/0xca0
[  512.950185][T19015]  nl80211_dump_station+0x47b/0xca0
[  512.950210][T19015]  ? __kmalloc_node_track_caller_noprof+0x271/0x4e0
[  512.950230][T19015]  ? kmalloc_reserve+0x136/0x290
[  512.950253][T19015]  ? __alloc_skb+0x142/0x2d0
[  512.950274][T19015]  ? netlink_dump+0x1b7/0xe90
[  512.950315][T19015]  ? __pfx_nl80211_dump_station+0x10/0x10
[  512.950391][T19015]  ? trace_kmalloc+0x1f/0xd0
[  512.950409][T19015]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  512.950441][T19015]  ? __build_skb_around+0x257/0x3e0
[  512.950474][T19015]  genl_dumpit+0x10b/0x1b0
[  512.950508][T19015]  netlink_dump+0x6e4/0xe90
[  512.950549][T19015]  ? __pfx_netlink_dump+0x10/0x10
[  512.950595][T19015]  ? genl_start+0x499/0x6c0
[  512.950625][T19015]  __netlink_dump_start+0x5cb/0x7e0
[  512.950660][T19015]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  512.950686][T19015]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  512.950704][T19015]  ? genl_get_cmd+0x7d9/0x910
[  512.950729][T19015]  ? __pfx_genl_start+0x10/0x10
[  512.950745][T19015]  ? __pfx_genl_dumpit+0x10/0x10
[  512.950761][T19015]  ? __pfx_genl_done+0x10/0x10
[  512.950800][T19015]  genl_rcv_msg+0x5da/0x790
[  512.950828][T19015]  ? __pfx_genl_rcv_msg+0x10/0x10
[  512.950846][T19015]  ? __pfx_nl80211_dump_station+0x10/0x10
[  512.950881][T19015]  ? __asan_memcpy+0x40/0x70
[  512.950909][T19015]  ? __pfx_ref_tracker_free+0x10/0x10
[  512.950942][T19015]  netlink_rcv_skb+0x205/0x470
[  512.950964][T19015]  ? __lock_acquire+0xab9/0xd20
[  512.950992][T19015]  ? __pfx_genl_rcv_msg+0x10/0x10
[  512.951014][T19015]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  512.951065][T19015]  ? down_read+0x1ad/0x2e0
[  512.951090][T19015]  genl_rcv+0x28/0x40
[  512.951107][T19015]  netlink_unicast+0x82f/0x9e0
[  512.951142][T19015]  ? __pfx_netlink_unicast+0x10/0x10
[  512.951169][T19015]  ? netlink_sendmsg+0x642/0xb30
[  512.951192][T19015]  ? skb_put+0x11b/0x210
[  512.951223][T19015]  netlink_sendmsg+0x805/0xb30
[  512.951261][T19015]  ? __pfx_netlink_sendmsg+0x10/0x10
[  512.951291][T19015]  ? aa_sock_msg_perm+0xf1/0x1d0
[  512.951319][T19015]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  512.951344][T19015]  ? __pfx_netlink_sendmsg+0x10/0x10
[  512.951369][T19015]  __sock_sendmsg+0x21c/0x270
[  512.951396][T19015]  ____sys_sendmsg+0x505/0x830
[  512.951431][T19015]  ? __pfx_____sys_sendmsg+0x10/0x10
[  512.951472][T19015]  ? import_iovec+0x74/0xa0
[  512.951512][T19015]  ___sys_sendmsg+0x21f/0x2a0
[  512.951543][T19015]  ? __pfx____sys_sendmsg+0x10/0x10
[  512.951619][T19015]  ? __fget_files+0x2a/0x420
[  512.951642][T19015]  ? __fget_files+0x3a0/0x420
[  512.951679][T19015]  __x64_sys_sendmsg+0x19b/0x260
[  512.951712][T19015]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  512.951751][T19015]  ? __pfx_ksys_write+0x10/0x10
[  512.951779][T19015]  ? do_syscall_64+0xbe/0xfa0
[  512.951812][T19015]  do_syscall_64+0xfa/0xfa0
[  512.951838][T19015]  ? lockdep_hardirqs_on+0x9c/0x150
[  512.951867][T19015]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.951886][T19015]  ? clear_bhb_loop+0x60/0xb0
[  512.951911][T19015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.951929][T19015] RIP: 0033:0x7f9b7cd8eec9
[  512.951949][T19015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.951967][T19015] RSP: 002b:00007f9b7aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  512.951989][T19015] RAX: ffffffffffffffda RBX: 00007f9b7cfe5fa0 RCX: 00007f9b7cd8eec9
[  512.952003][T19015] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  512.952016][T19015] RBP: 00007f9b7aff6090 R08: 0000000000000000 R09: 0000000000000000
[  512.952028][T19015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  512.952039][T19015] R13: 00007f9b7cfe6038 R14: 00007f9b7cfe5fa0 R15: 00007ffc7a317ea8
[  512.952078][T19015]  </TASK>
[  513.548533][T19030] netlink: 'syz.3.3717': attribute type 10 has an invalid length.
[  513.569833][T19036] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  513.590043][T19030] veth0_vlan: entered allmulticast mode
[  513.908378][T19048] netlink: 'syz.1.3721': attribute type 1 has an invalid length.
[  514.061462][T19054] xt_limit: Overflow, try lower: 604147548/4200216962
[  514.325141][T19066] netem: change failed
[  514.327192][T19068] netlink: 'syz.2.3727': attribute type 11 has an invalid length.
[  514.367869][T19068] netlink: 'syz.2.3727': attribute type 11 has an invalid length.
[  514.453063][T19080] ªªªªªª: renamed from lo (while UP)
[  514.858570][T19099] batadv_slave_1: entered promiscuous mode
[  514.868937][T19099] batadv_slave_1: left promiscuous mode
[  515.392367][T19129] __nla_validate_parse: 7 callbacks suppressed
[  515.392392][T19129] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3742'.
[  515.442588][T19129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3742'.
[  515.459325][T19129] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3742'.
[  515.791628][T19151] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3748'.
[  515.814114][T19152] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3749'.
[  516.158900][T19171] ªªªªªª: renamed from lo (while UP)
[  516.319723][T19177] netlink: 'syz.4.3754': attribute type 58 has an invalid length.
[  516.366904][T19177] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3754'.
[  516.414145][T19169] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3754'.
[  516.617349][T19197] bridge0: port 3(batadv1) entered blocking state
[  516.624273][T19197] bridge0: port 3(batadv1) entered disabled state
[  516.634338][T19197] batadv1: entered allmulticast mode
[  516.642773][T19197] batadv1: entered promiscuous mode
[  516.821233][T19203] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3763'.
[  517.115938][   T13] batman_adv: batadv1: IGMP Querier appeared
[  517.122371][   T13] batman_adv: batadv1: MLD Querier appeared
[  517.415813][T19220] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3769'.
[  517.719714][T19234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3772'.
[  517.769241][T19234] batadv_slave_1: entered promiscuous mode
[  517.821116][T19234] batadv_slave_1: left promiscuous mode
[  518.113515][T19252] ªªªªªª: renamed from lo (while UP)
[  518.187517][T19253] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.221174][T19259] netlink: 'syz.2.3779': attribute type 12 has an invalid length.
[  518.241827][T19253] syzkaller0: entered promiscuous mode
[  518.251250][T19253] syzkaller0: entered allmulticast mode
[  518.415944][T19266] netlink: 'syz.3.3780': attribute type 1 has an invalid length.
[  518.836552][T19254] tipc: Resetting bearer <eth:syzkaller0>
[  518.935483][T19254] tipc: Disabling bearer <eth:syzkaller0>
[  519.481202][T19304] netlink: 'syz.3.3792': attribute type 1 has an invalid length.
[  520.118552][T19343] netlink: 'syz.0.3804': attribute type 1 has an invalid length.
[  520.280246][  T978] IPVS: starting estimator thread 0...
[  520.394685][T19356] IPVS: using max 27 ests per chain, 64800 per kthread
[  520.467045][T19355] IPVS: Error connecting to the multicast addr
[  521.045819][T19386] __nla_validate_parse: 5 callbacks suppressed
[  521.045841][T19386] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3813'.
[  521.103837][T19386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3813'.
[  521.156393][T19391] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3815'.
[  521.197779][T19391] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3815'.
[  521.382877][T19402] netlink: 520 bytes leftover after parsing attributes in process `syz.0.3816'.
[  521.514249][T19408] nbd: must specify a size in bytes for the device
[  521.709263][T19418] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3824'.
[  521.735201][T19420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3826'.
[  521.926673][T19430] batadv_slave_1: entered promiscuous mode
[  521.932802][T19430] batadv_slave_1: left promiscuous mode
[  522.022129][T19437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3830'.
[  522.078294][T19430] rdma_op ffff88802816c9f0 conn xmit_rdma 0000000000000000
[  522.171984][T19440] syzkaller1: entered promiscuous mode
[  522.189191][T19440] syzkaller1: entered allmulticast mode
[  522.281186][T19442] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  522.695945][T19466] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3840'.
[  522.864898][T19475] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3842'.
[  522.920858][T19475] netlink: 'syz.2.3842': attribute type 10 has an invalid length.
[  522.959446][T19475] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.992505][T19475] bridge_slave_1: left allmulticast mode
[  522.998987][T19475] bridge_slave_1: left promiscuous mode
[  523.028135][T19475] bridge0: port 2(bridge_slave_1) entered disabled state
[  523.083618][T19475] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  523.223374][T19491] netlink: 'syz.1.3846': attribute type 23 has an invalid length.
[  523.908137][T19519] netlink: 'syz.0.3853': attribute type 5 has an invalid length.
[  524.024993][T19525] netlink: 'syz.0.3853': attribute type 2 has an invalid length.
[  524.217917][T19534] netlink: 'syz.3.3859': attribute type 4 has an invalid length.
[  524.292846][T19534] `: renamed from bond0 (while UP)
[  525.558465][T19566] tipc: Started in network mode
[  525.563622][T19566] tipc: Node identity 6e134ebfdc43, cluster identity 4711
[  525.584715][T19566] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  525.603060][T19567] syzkaller0: entered promiscuous mode
[  525.615020][T19567] syzkaller0: entered allmulticast mode
[  525.787183][T19567] tipc: Resetting bearer <eth:syzkaller0>
[  525.896035][T19567] tipc: Disabling bearer <eth:syzkaller0>
[  526.042013][ T3095] IPVS: starting estimator thread 0...
[  526.092919][T19599] __nla_validate_parse: 7 callbacks suppressed
[  526.092942][T19599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3879'.
[  526.144814][T19596] IPVS: using max 23 ests per chain, 55200 per kthread
[  526.495338][T19605] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  526.683721][T19628] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3889'.
[  526.965292][T19639] netlink: 'syz.3.3893': attribute type 4 has an invalid length.
[  527.242825][T19656] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3899'.
[  527.726080][T19694] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3904'.
[  527.735776][T19694] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3904'.
[  528.230715][T19720] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3911'.
[  528.678088][T19726] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  528.744242][T19726] syzkaller0: entered promiscuous mode
[  528.754132][T19726] syzkaller0: entered allmulticast mode
[  528.773764][T19726] tipc: Resetting bearer <eth:syzkaller0>
[  528.784017][T19726] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3915'.
[  528.805721][T19726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3915'.
[  528.959213][T19725] tipc: Resetting bearer <eth:syzkaller0>
[  529.032182][T19725] tipc: Disabling bearer <eth:syzkaller0>
[  529.124874][T19747] bridge0: port 4(batadv3) entered blocking state
[  529.135785][T19747] bridge0: port 4(batadv3) entered disabled state
[  529.164753][T19747] batadv3: entered allmulticast mode
[  529.204144][T19747] batadv3: entered promiscuous mode
[  529.280934][T19755] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3925'.
[  529.476818][T19768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3929'.
[  529.606319][   T37] batman_adv: batadv3: IGMP Querier appeared
[  529.612386][   T37] batman_adv: batadv3: MLD Querier appeared
[  530.169613][T19774] can: request_module (can-proto-0) failed.
[  530.526788][T19796] netlink: 'syz.1.3936': attribute type 1 has an invalid length.
[  530.736019][T19809] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  531.017560][T19823] FAULT_INJECTION: forcing a failure.
[  531.017560][T19823] name failslab, interval 1, probability 0, space 0, times 0
[  531.067130][T19823] CPU: 0 UID: 0 PID: 19823 Comm: syz.1.3946 Not tainted syzkaller #0 PREEMPT(full) 
[  531.067167][T19823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  531.067180][T19823] Call Trace:
[  531.067188][T19823]  <TASK>
[  531.067197][T19823]  dump_stack_lvl+0x189/0x250
[  531.067226][T19823]  ? __pfx____ratelimit+0x10/0x10
[  531.067253][T19823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.067274][T19823]  ? __pfx__printk+0x10/0x10
[  531.067298][T19823]  ? __lock_acquire+0xab9/0xd20
[  531.067337][T19823]  should_fail_ex+0x414/0x560
[  531.067373][T19823]  should_failslab+0xa8/0x100
[  531.067399][T19823]  kmem_cache_alloc_noprof+0x73/0x3c0
[  531.067419][T19823]  ? skb_clone+0x212/0x3a0
[  531.067453][T19823]  skb_clone+0x212/0x3a0
[  531.067486][T19823]  __netlink_deliver_tap+0x404/0x850
[  531.067527][T19823]  ? netlink_deliver_tap+0x2e/0x1b0
[  531.067555][T19823]  netlink_deliver_tap+0x19c/0x1b0
[  531.067582][T19823]  netlink_unicast+0x7fa/0x9e0
[  531.067624][T19823]  ? __pfx_netlink_unicast+0x10/0x10
[  531.067649][T19823]  ? netlink_sendmsg+0x642/0xb30
[  531.067672][T19823]  ? skb_put+0x11b/0x210
[  531.067703][T19823]  netlink_sendmsg+0x805/0xb30
[  531.067740][T19823]  ? __pfx_netlink_sendmsg+0x10/0x10
[  531.067770][T19823]  ? aa_sock_msg_perm+0xf1/0x1d0
[  531.067798][T19823]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  531.067823][T19823]  ? __pfx_netlink_sendmsg+0x10/0x10
[  531.067851][T19823]  __sock_sendmsg+0x21c/0x270
[  531.067878][T19823]  ____sys_sendmsg+0x505/0x830
[  531.067913][T19823]  ? __pfx_____sys_sendmsg+0x10/0x10
[  531.067953][T19823]  ? import_iovec+0x74/0xa0
[  531.067986][T19823]  ___sys_sendmsg+0x21f/0x2a0
[  531.068017][T19823]  ? __pfx____sys_sendmsg+0x10/0x10
[  531.068090][T19823]  ? __fget_files+0x2a/0x420
[  531.068113][T19823]  ? __fget_files+0x3a0/0x420
[  531.068149][T19823]  __x64_sys_sendmsg+0x19b/0x260
[  531.068182][T19823]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  531.068222][T19823]  ? __pfx_ksys_write+0x10/0x10
[  531.068248][T19823]  ? do_syscall_64+0xbe/0xfa0
[  531.068282][T19823]  do_syscall_64+0xfa/0xfa0
[  531.068309][T19823]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.068337][T19823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.068366][T19823]  ? clear_bhb_loop+0x60/0xb0
[  531.068391][T19823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.068411][T19823] RIP: 0033:0x7fa64d58eec9
[  531.068430][T19823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.068448][T19823] RSP: 002b:00007fa64e4f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  531.068471][T19823] RAX: ffffffffffffffda RBX: 00007fa64d7e5fa0 RCX: 00007fa64d58eec9
[  531.068485][T19823] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000005
[  531.068498][T19823] RBP: 00007fa64e4f8090 R08: 0000000000000000 R09: 0000000000000000
[  531.068510][T19823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.068522][T19823] R13: 00007fa64d7e6038 R14: 00007fa64d7e5fa0 R15: 00007fff5af15f08
[  531.068559][T19823]  </TASK>
[  531.906562][T19850] netlink: 'syz.1.3951': attribute type 21 has an invalid length.
[  531.931751][T19855] __nla_validate_parse: 5 callbacks suppressed
[  531.931769][T19855] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3954'.
[  531.962162][T19852] ªªªªªª: renamed from lo (while UP)
[  531.965232][T19850] IPv6: NLM_F_CREATE should be specified when creating new route
[  532.216171][T19861] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  532.237326][T19861] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.286163][T19863] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3955'.
[  532.358541][T19863] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3955'.
[  532.519708][T19861] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  532.540520][T19861] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.711818][T19861] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  532.740201][T19861] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  532.959199][T19893] FAULT_INJECTION: forcing a failure.
[  532.959199][T19893] name failslab, interval 1, probability 0, space 0, times 0
[  533.021231][T19893] CPU: 0 UID: 0 PID: 19893 Comm: syz.2.3961 Not tainted syzkaller #0 PREEMPT(full) 
[  533.021261][T19893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  533.021274][T19893] Call Trace:
[  533.021282][T19893]  <TASK>
[  533.021291][T19893]  dump_stack_lvl+0x189/0x250
[  533.021332][T19893]  ? __pfx____ratelimit+0x10/0x10
[  533.021359][T19893]  ? __pfx_dump_stack_lvl+0x10/0x10
[  533.021381][T19893]  ? __pfx__printk+0x10/0x10
[  533.021409][T19893]  ? __pfx___might_resched+0x10/0x10
[  533.021437][T19893]  ? fs_reclaim_acquire+0x7d/0x100
[  533.021468][T19893]  should_fail_ex+0x414/0x560
[  533.021496][T19893]  should_failslab+0xa8/0x100
[  533.021521][T19893]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  533.021544][T19893]  ? __alloc_skb+0x112/0x2d0
[  533.021573][T19893]  __alloc_skb+0x112/0x2d0
[  533.021603][T19893]  netlink_ack+0x146/0xa50
[  533.021627][T19893]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  533.021650][T19893]  ? ref_tracker_free+0x63a/0x7d0
[  533.021673][T19893]  ? __asan_memcpy+0x40/0x70
[  533.021701][T19893]  ? __pfx_ref_tracker_free+0x10/0x10
[  533.021735][T19893]  netlink_rcv_skb+0x28c/0x470
[  533.021762][T19893]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  533.021789][T19893]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  533.021826][T19893]  ? netlink_deliver_tap+0x2e/0x1b0
[  533.021861][T19893]  netlink_unicast+0x82f/0x9e0
[  533.021893][T19893]  ? __pfx_netlink_unicast+0x10/0x10
[  533.021919][T19893]  ? netlink_sendmsg+0x642/0xb30
[  533.021957][T19893]  ? skb_put+0x11b/0x210
[  533.021987][T19893]  netlink_sendmsg+0x805/0xb30
[  533.022023][T19893]  ? __pfx_netlink_sendmsg+0x10/0x10
[  533.022053][T19893]  ? aa_sock_msg_perm+0xf1/0x1d0
[  533.022082][T19893]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  533.022108][T19893]  ? __pfx_netlink_sendmsg+0x10/0x10
[  533.022136][T19893]  __sock_sendmsg+0x21c/0x270
[  533.022162][T19893]  ____sys_sendmsg+0x505/0x830
[  533.022198][T19893]  ? __pfx_____sys_sendmsg+0x10/0x10
[  533.022236][T19893]  ? import_iovec+0x74/0xa0
[  533.022267][T19893]  ___sys_sendmsg+0x21f/0x2a0
[  533.022306][T19893]  ? __pfx____sys_sendmsg+0x10/0x10
[  533.022378][T19893]  ? __fget_files+0x2a/0x420
[  533.022402][T19893]  ? __fget_files+0x3a0/0x420
[  533.022439][T19893]  __x64_sys_sendmsg+0x19b/0x260
[  533.022472][T19893]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  533.022513][T19893]  ? __pfx_ksys_write+0x10/0x10
[  533.022541][T19893]  ? do_syscall_64+0xbe/0xfa0
[  533.022574][T19893]  do_syscall_64+0xfa/0xfa0
[  533.022602][T19893]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.022631][T19893]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.022652][T19893]  ? clear_bhb_loop+0x60/0xb0
[  533.022679][T19893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.022699][T19893] RIP: 0033:0x7f6fffb8eec9
[  533.022719][T19893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.022737][T19893] RSP: 002b:00007f7000a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  533.022762][T19893] RAX: ffffffffffffffda RBX: 00007f6fffde5fa0 RCX: 00007f6fffb8eec9
[  533.022777][T19893] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000005
[  533.022791][T19893] RBP: 00007f7000a42090 R08: 0000000000000000 R09: 0000000000000000
[  533.022805][T19893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.022818][T19893] R13: 00007f6fffde6038 R14: 00007f6fffde5fa0 R15: 00007fffd68110d8
[  533.022854][T19893]  </TASK>
[  533.361288][T19861] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  533.374184][T19861] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.419700][   T36] batadv0: left allmulticast mode
[  533.425006][   T36] batadv0: left promiscuous mode
[  533.430303][   T36] bridge0: port 1(batadv0) entered disabled state
[  533.682875][   T36] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  533.916452][   T36] bond5 (unregistering): (slave gretap2): Releasing active interface
[  533.925485][   T36] gretap2 (unregistering): left promiscuous mode
[  533.931861][   T36] gretap2 (unregistering): left allmulticast mode
[  534.134538][T19921] ieee802154 phy0 wpan0: encryption failed: -22
[  534.501154][   T36] bond0 (unregistering): Released all slaves
[  534.522109][   T36] bond1 (unregistering): Released all slaves
[  534.650206][   T36] bond2 (unregistering): Released all slaves
[  534.774832][   T36] bond3 (unregistering): Released all slaves
[  534.790655][   T36] bond4 (unregistering): Released all slaves
[  534.825326][   T51] Bluetooth: hci5: command 0x0406 tx timeout
[  534.950748][   T36] bond5 (unregistering): Released all slaves
[  534.965044][   T36] bond6 (unregistering): Released all slaves
[  534.979014][   T36] bond7 (unregistering): Released all slaves
[  535.000040][   T36] bond8 (unregistering): Released all slaves
[  535.016709][   T36] bond9 (unregistering): Released all slaves
[  535.040954][   T36] bond10 (unregistering): Released all slaves
[  535.061920][   T36] bond11 (unregistering): (slave veth5): Releasing backup interface
[  535.072607][   T36] bond11 (unregistering): Released all slaves
[  535.091006][   T36] bond12 (unregistering): (slave veth9): Releasing backup interface
[  535.101104][   T36] bond12 (unregistering): Released all slaves
[  535.380665][   T36] tipc: Left network mode
[  535.432779][   T59] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  535.447555][T19931] sctp: [Deprecated]: syz.0.3967 (pid 19931) Use of struct sctp_assoc_value in delayed_ack socket option.
[  535.447555][T19931] Use struct sctp_sack_info instead
[  535.455000][   T59] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  535.473464][T19931] sctp: [Deprecated]: syz.0.3967 (pid 19931) Use of struct sctp_assoc_value in delayed_ack socket option.
[  535.473464][T19931] Use struct sctp_sack_info instead
[  535.512877][T19930] vlan2: entered allmulticast mode
[  535.518881][T19930] bond0: entered allmulticast mode
[  535.545999][T19930] bond_slave_0: entered allmulticast mode
[  535.551796][T19930] bond_slave_1: entered allmulticast mode
[  535.568985][   T36] IPVS: stopping master sync thread 5975 ...
[  535.589268][T19930] bridge_slave_1: entered allmulticast mode
[  535.629342][T19932] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.636987][T19932] bridge0: port 2(bridge_slave_1) entered forwarding state
[  535.644746][T19932] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.652065][T19932] bridge0: port 1(bridge_slave_0) entered forwarding state
[  535.698834][T19932] 8021q: adding VLAN 0 to HW filter on device `
[  535.756444][T19932] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  535.816307][   T59] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  535.833915][   T59] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  535.872837][ T7357] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  535.883157][ T7357] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.003413][ T7357] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  536.004309][T19940] FAULT_INJECTION: forcing a failure.
[  536.004309][T19940] name failslab, interval 1, probability 0, space 0, times 0
[  536.015126][ T7357] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.027566][   T13] batman_adv: batadv3: MLD Querier disappeared - multicast optimizations disabled
[  536.046579][T19940] CPU: 1 UID: 0 PID: 19940 Comm: syz.1.3971 Not tainted syzkaller #0 PREEMPT(full) 
[  536.046610][T19940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  536.046623][T19940] Call Trace:
[  536.046633][T19940]  <TASK>
[  536.046642][T19940]  dump_stack_lvl+0x189/0x250
[  536.046670][T19940]  ? __pfx____ratelimit+0x10/0x10
[  536.046700][T19940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.046722][T19940]  ? __pfx__printk+0x10/0x10
[  536.046747][T19940]  ? __lock_acquire+0xab9/0xd20
[  536.046788][T19940]  should_fail_ex+0x414/0x560
[  536.046815][T19940]  should_failslab+0xa8/0x100
[  536.046842][T19940]  kmem_cache_alloc_noprof+0x73/0x3c0
[  536.046864][T19940]  ? skb_clone+0x212/0x3a0
[  536.046898][T19940]  skb_clone+0x212/0x3a0
[  536.046932][T19940]  __netlink_deliver_tap+0x404/0x850
[  536.046975][T19940]  ? netlink_deliver_tap+0x2e/0x1b0
[  536.047004][T19940]  netlink_deliver_tap+0x19c/0x1b0
[  536.047033][T19940]  netlink_unicast+0x7fa/0x9e0
[  536.047068][T19940]  ? __pfx_netlink_unicast+0x10/0x10
[  536.047095][T19940]  ? netlink_sendmsg+0x642/0xb30
[  536.047119][T19940]  ? skb_put+0x11b/0x210
[  536.047152][T19940]  netlink_sendmsg+0x805/0xb30
[  536.047191][T19940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.047222][T19940]  ? aa_sock_msg_perm+0xf1/0x1d0
[  536.047252][T19940]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  536.047278][T19940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.047306][T19940]  __sock_sendmsg+0x21c/0x270
[  536.047334][T19940]  sock_write_iter+0x279/0x360
[  536.047366][T19940]  ? __pfx_sock_write_iter+0x10/0x10
[  536.047416][T19940]  do_iter_readv_writev+0x620/0x8c0
[  536.047448][T19940]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  536.047469][T19940]  ? common_file_perm+0x1b5/0x230
[  536.047500][T19940]  ? bpf_lsm_file_permission+0x9/0x20
[  536.047536][T19940]  ? security_file_permission+0x75/0x290
[  536.047559][T19940]  ? rw_verify_area+0x255/0x4d0
[  536.047586][T19940]  vfs_writev+0x31a/0x960
[  536.047618][T19940]  ? __lock_acquire+0xab9/0xd20
[  536.047648][T19940]  ? __pfx_vfs_writev+0x10/0x10
[  536.047702][T19940]  ? __fget_files+0x2a/0x420
[  536.047733][T19940]  ? __fget_files+0x3a0/0x420
[  536.047756][T19940]  ? __fget_files+0x2a/0x420
[  536.047793][T19940]  do_writev+0x14d/0x2d0
[  536.047823][T19940]  ? __pfx_do_writev+0x10/0x10
[  536.047854][T19940]  ? do_syscall_64+0xbe/0xfa0
[  536.047896][T19940]  do_syscall_64+0xfa/0xfa0
[  536.047923][T19940]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.047953][T19940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.047973][T19940]  ? clear_bhb_loop+0x60/0xb0
[  536.047998][T19940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.048019][T19940] RIP: 0033:0x7fa64d58eec9
[  536.048039][T19940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.048058][T19940] RSP: 002b:00007fa64e4f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  536.048082][T19940] RAX: ffffffffffffffda RBX: 00007fa64d7e5fa0 RCX: 00007fa64d58eec9
[  536.048097][T19940] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000008
[  536.048111][T19940] RBP: 00007fa64e4f8090 R08: 0000000000000000 R09: 0000000000000000
[  536.048124][T19940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  536.048137][T19940] R13: 00007fa64d7e6038 R14: 00007fa64d7e5fa0 R15: 00007fff5af15f08
[  536.048176][T19940]  </TASK>
[  536.049413][T19940] netlink: 'syz.1.3971': attribute type 4 has an invalid length.
[  536.088589][ T1105] batman_adv: batadv1: MLD Querier disappeared - multicast optimizations disabled
[  536.944209][   T36] hsr_slave_0: left promiscuous mode
[  536.946479][T19966] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3979'.
[  536.984215][   T36] hsr_slave_1: left promiscuous mode
[  537.019861][   T36] vlan0: left allmulticast mode
[  537.034514][   T36] veth0_vlan: left allmulticast mode
[  537.058691][   T36] vlan0: left promiscuous mode
[  537.073046][   T36] veth1_macvtap: left promiscuous mode
[  537.095147][   T36] veth0_macvtap: left promiscuous mode
[  537.108180][   T36] veth1_vlan: left promiscuous mode
[  537.123505][   T36] veth0_vlan: left promiscuous mode
[  539.262950][T20023] netlink: 'syz.2.3992': attribute type 4 has an invalid length.
[  539.275672][T20026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3994'.
[  539.342509][T20031] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3991'.
[  539.343119][T20026] batadv_slave_1: entered promiscuous mode
[  539.358248][T20026] batadv_slave_1: left promiscuous mode
[  539.472944][T20031] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3991'.
[  539.583345][T20041] netlink: 'syz.4.3996': attribute type 1 has an invalid length.
[  539.672316][T20041] bond1: entered promiscuous mode
[  539.688921][T20041] 8021q: adding VLAN 0 to HW filter on device bond1
[  539.782644][T20044] 8021q: adding VLAN 0 to HW filter on device bond1
[  539.796748][T20044] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  539.810499][T20044] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  539.830968][T20044] bond1: (slave wireguard0): making interface the new active one
[  539.858340][T20044] wireguard0: entered promiscuous mode
[  539.867336][T20044] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[  539.950135][   T51] Bluetooth: hci0: command 0x040f tx timeout
[  540.154905][T20046] bond1 (unregistering): (slave wireguard0): Releasing backup interface
[  540.163646][T20046] wireguard0: left promiscuous mode
[  540.184225][T20046] bond1 (unregistering): Released all slaves
[  540.462709][T20075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4003'.
[  540.577797][T20081] netlink: 'syz.4.4005': attribute type 10 has an invalid length.
[  540.602025][T20083] netlink: 'syz.3.4006': attribute type 4 has an invalid length.
[  540.615839][T20081] veth1_macvtap: left promiscuous mode
[  540.804888][T20088] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  540.916307][T20105] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4010'.
[  541.234197][T20125] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4013'.
[  541.829249][T20150] syzkaller0: refused to change device tx_queue_len
[  542.139188][T20167] netlink: 'syz.4.4027': attribute type 1 has an invalid length.
[  542.169910][T20167] netlink: 172 bytes leftover after parsing attributes in process `syz.4.4027'.
[  542.373538][T20181] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4031'.
[  542.413253][T20185] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4033'.
[  542.484104][T20185] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4033'.
[  542.503709][T20190] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4035'.
[  542.623171][T20197] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  542.721537][T20201] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4039'.
[  542.733361][T20201] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4039'.
[  542.760252][T20201] netlink: 124 bytes leftover after parsing attributes in process `syz.0.4039'.
[  543.176269][T20224] netlink: 160 bytes leftover after parsing attributes in process `syz.0.4049'.
[  543.213547][T20228] netlink: 'syz.3.4047': attribute type 18 has an invalid length.
[  543.378790][T20234] netlink: 84 bytes leftover after parsing attributes in process `syz.4.4050'.
[  543.609540][T20248] bridge0: port 3(batadv2) entered blocking state
[  543.626085][T20248] bridge0: port 3(batadv2) entered disabled state
[  543.632973][T20248] batadv2: entered allmulticast mode
[  543.643398][T20248] batadv2: entered promiscuous mode
[  544.098155][ T7357] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled
[  544.108445][ T7357] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled
[  544.324047][T20286] delete_channel: no stack
[  544.589281][T20302] batadv_slave_1: entered promiscuous mode
[  544.609232][T20302] batadv_slave_1: left promiscuous mode
[  544.686425][T20309] netlink: 'syz.3.4075': attribute type 39 has an invalid length.
[  544.933085][T20321] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  545.062530][T20329] bridge0: port 4(batadv3) entered blocking state
[  545.072346][T20329] bridge0: port 4(batadv3) entered disabled state
[  545.082551][T20329] batadv3: entered allmulticast mode
[  545.091343][T20329] batadv3: entered promiscuous mode
[  545.100876][T20328] netlink: 'syz.0.4082': attribute type 4 has an invalid length.
[  545.152937][T20330] netlink: 'syz.0.4082': attribute type 4 has an invalid length.
[  545.442613][T20345] batadv_slave_1: entered promiscuous mode
[  545.449114][T20345] batadv_slave_1: left promiscuous mode
[  545.485333][T20350] netlink: 'syz.2.4091': attribute type 8 has an invalid length.
[  545.568008][ T7357] batman_adv: batadv3: No IGMP Querier present - multicast optimizations disabled
[  545.577778][ T7357] batman_adv: batadv3: No MLD Querier present - multicast optimizations disabled
[  545.882289][T20374] FAULT_INJECTION: forcing a failure.
[  545.882289][T20374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  545.935489][T20374] CPU: 0 UID: 0 PID: 20374 Comm: syz.1.4096 Not tainted syzkaller #0 PREEMPT(full) 
[  545.935517][T20374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  545.935530][T20374] Call Trace:
[  545.935538][T20374]  <TASK>
[  545.935547][T20374]  dump_stack_lvl+0x189/0x250
[  545.935572][T20374]  ? __pfx____ratelimit+0x10/0x10
[  545.935599][T20374]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.935617][T20374]  ? __pfx__printk+0x10/0x10
[  545.935637][T20374]  ? __might_fault+0xb0/0x130
[  545.935668][T20374]  should_fail_ex+0x414/0x560
[  545.935693][T20374]  _copy_from_iter+0x1de/0x1790
[  545.935716][T20374]  ? txopt_get+0x7a/0x3f0
[  545.935747][T20374]  ? txopt_get+0x7a/0x3f0
[  545.935765][T20374]  ? txopt_get+0x7a/0x3f0
[  545.935786][T20374]  ? __pfx__copy_from_iter+0x10/0x10
[  545.935806][T20374]  ? txopt_get+0x335/0x3f0
[  545.935827][T20374]  ? txopt_get+0x7a/0x3f0
[  545.935846][T20374]  ? __pfx_txopt_get+0x10/0x10
[  545.935882][T20374]  rawv6_sendmsg+0xb5f/0x1830
[  545.935923][T20374]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  545.935970][T20374]  ? __pfx_aa_sk_perm+0x10/0x10
[  545.935996][T20374]  ? sock_rps_record_flow+0x19/0x410
[  545.936022][T20374]  ? inet_sendmsg+0x2f4/0x370
[  545.936043][T20374]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  545.936074][T20374]  __sock_sendmsg+0x19c/0x270
[  545.936099][T20374]  __sys_sendto+0x3bd/0x520
[  545.936126][T20374]  ? __pfx___sys_sendto+0x10/0x10
[  545.936150][T20374]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  545.936183][T20374]  ? __fget_files+0x3a0/0x420
[  545.936219][T20374]  ? ksys_write+0x22a/0x250
[  545.936243][T20374]  ? __pfx_ksys_write+0x10/0x10
[  545.936269][T20374]  __x64_sys_sendto+0xde/0x100
[  545.936301][T20374]  do_syscall_64+0xfa/0xfa0
[  545.936328][T20374]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.936356][T20374]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.936376][T20374]  ? clear_bhb_loop+0x60/0xb0
[  545.936400][T20374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.936428][T20374] RIP: 0033:0x7fa64d58eec9
[  545.936446][T20374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.936464][T20374] RSP: 002b:00007fa64e4f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  545.936492][T20374] RAX: ffffffffffffffda RBX: 00007fa64d7e5fa0 RCX: 00007fa64d58eec9
[  545.936509][T20374] RDX: 0000000000000018 RSI: 0000200000000300 RDI: 0000000000000003
[  545.936522][T20374] RBP: 00007fa64e4f8090 R08: 0000000000000000 R09: fffffffffffffdfd
[  545.936537][T20374] R10: 0000000000003b00 R11: 0000000000000246 R12: 0000000000000001
[  545.936567][T20374] R13: 00007fa64d7e6038 R14: 00007fa64d7e5fa0 R15: 00007fff5af15f08
[  545.936602][T20374]  </TASK>
[  546.400675][T20379] A link change request failed with some changes committed already. Interface ªªªªªª may have been left with an inconsistent configuration, please check.
[  546.610117][T20389] batadv_slave_1: entered promiscuous mode
[  546.626829][T20389] batadv_slave_1: left promiscuous mode
[  546.672297][T20392] netlink: 'syz.1.4105': attribute type 4 has an invalid length.
[  546.726767][T20396] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸Ú‡v°ýÙ[£DŒw˜�z
[  546.860175][T20399] FAULT_INJECTION: forcing a failure.
[  546.860175][T20399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  546.896890][T20399] CPU: 1 UID: 0 PID: 20399 Comm: syz.0.4109 Not tainted syzkaller #0 PREEMPT(full) 
[  546.896921][T20399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  546.896933][T20399] Call Trace:
[  546.896943][T20399]  <TASK>
[  546.896952][T20399]  dump_stack_lvl+0x189/0x250
[  546.896980][T20399]  ? __pfx____ratelimit+0x10/0x10
[  546.897009][T20399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.897031][T20399]  ? __pfx__printk+0x10/0x10
[  546.897052][T20399]  ? __might_fault+0xb0/0x130
[  546.897088][T20399]  should_fail_ex+0x414/0x560
[  546.897131][T20399]  _copy_from_iter+0x1de/0x1790
[  546.897166][T20399]  ? rcu_is_watching+0x15/0xb0
[  546.897187][T20399]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  546.897212][T20399]  ? __pfx__copy_from_iter+0x10/0x10
[  546.897240][T20399]  ? __build_skb_around+0x257/0x3e0
[  546.897271][T20399]  ? netlink_sendmsg+0x642/0xb30
[  546.897297][T20399]  ? skb_put+0x11b/0x210
[  546.897327][T20399]  netlink_sendmsg+0x6b2/0xb30
[  546.897365][T20399]  ? __pfx_netlink_sendmsg+0x10/0x10
[  546.897395][T20399]  ? aa_sock_msg_perm+0xf1/0x1d0
[  546.897423][T20399]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  546.897451][T20399]  ? __pfx_netlink_sendmsg+0x10/0x10
[  546.897478][T20399]  __sock_sendmsg+0x21c/0x270
[  546.897504][T20399]  ____sys_sendmsg+0x505/0x830
[  546.897539][T20399]  ? __pfx_____sys_sendmsg+0x10/0x10
[  546.897578][T20399]  ? import_iovec+0x74/0xa0
[  546.897609][T20399]  ___sys_sendmsg+0x21f/0x2a0
[  546.897641][T20399]  ? __pfx____sys_sendmsg+0x10/0x10
[  546.897713][T20399]  ? __fget_files+0x2a/0x420
[  546.897737][T20399]  ? __fget_files+0x3a0/0x420
[  546.897773][T20399]  __x64_sys_sendmsg+0x19b/0x260
[  546.897806][T20399]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  546.897844][T20399]  ? __pfx_ksys_write+0x10/0x10
[  546.897870][T20399]  ? do_syscall_64+0xbe/0xfa0
[  546.897903][T20399]  do_syscall_64+0xfa/0xfa0
[  546.897930][T20399]  ? lockdep_hardirqs_on+0x9c/0x150
[  546.897957][T20399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.897976][T20399]  ? clear_bhb_loop+0x60/0xb0
[  546.898001][T20399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.898020][T20399] RIP: 0033:0x7f9b7cd8eec9
[  546.898046][T20399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  546.898064][T20399] RSP: 002b:00007f9b7aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  546.898087][T20399] RAX: ffffffffffffffda RBX: 00007f9b7cfe5fa0 RCX: 00007f9b7cd8eec9
[  546.898102][T20399] RDX: 0000000024000084 RSI: 0000200000000080 RDI: 0000000000000004
[  546.898123][T20399] RBP: 00007f9b7aff6090 R08: 0000000000000000 R09: 0000000000000000
[  546.898136][T20399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  546.898148][T20399] R13: 00007f9b7cfe6038 R14: 00007f9b7cfe5fa0 R15: 00007ffc7a317ea8
[  546.898181][T20399]  </TASK>
[  546.951334][T20403] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  547.210163][T20405] netlink: 'syz.4.4108': attribute type 1 has an invalid length.
[  547.250868][T20420] __nla_validate_parse: 16 callbacks suppressed
[  547.250891][T20420] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4113'.
[  547.260171][T20421] netlink: 'syz.2.4114': attribute type 10 has an invalid length.
[  547.288680][T20418] erspan0: mtu less than device minimum
[  547.453347][T20427] netlink: 'syz.1.4118': attribute type 5 has an invalid length.
[  547.467563][T20427] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4118'.
[  547.614299][T20435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4120'.
[  547.635948][T20435] netlink: 'syz.2.4120': attribute type 12 has an invalid length.
[  547.649765][T20435] netlink: 'syz.2.4120': attribute type 4 has an invalid length.
[  547.730605][T20443] netlink: 'syz.2.4123': attribute type 4 has an invalid length.
[  547.816118][T20445] FAULT_INJECTION: forcing a failure.
[  547.816118][T20445] name failslab, interval 1, probability 0, space 0, times 0
[  547.829949][T20445] CPU: 1 UID: 0 PID: 20445 Comm: syz.2.4124 Not tainted syzkaller #0 PREEMPT(full) 
[  547.829978][T20445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  547.829990][T20445] Call Trace:
[  547.830000][T20445]  <TASK>
[  547.830009][T20445]  dump_stack_lvl+0x189/0x250
[  547.830037][T20445]  ? __pfx____ratelimit+0x10/0x10
[  547.830066][T20445]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.830088][T20445]  ? __pfx__printk+0x10/0x10
[  547.830112][T20445]  ? __lock_acquire+0xab9/0xd20
[  547.830151][T20445]  should_fail_ex+0x414/0x560
[  547.830181][T20445]  should_failslab+0xa8/0x100
[  547.830208][T20445]  kmem_cache_alloc_noprof+0x73/0x3c0
[  547.830230][T20445]  ? skb_clone+0x212/0x3a0
[  547.830267][T20445]  skb_clone+0x212/0x3a0
[  547.830301][T20445]  __netlink_deliver_tap+0x404/0x850
[  547.830345][T20445]  ? netlink_deliver_tap+0x2e/0x1b0
[  547.830373][T20445]  netlink_deliver_tap+0x19c/0x1b0
[  547.830410][T20445]  netlink_unicast+0x7fa/0x9e0
[  547.830447][T20445]  ? __pfx_netlink_unicast+0x10/0x10
[  547.830473][T20445]  ? netlink_sendmsg+0x642/0xb30
[  547.830497][T20445]  ? skb_put+0x11b/0x210
[  547.830528][T20445]  netlink_sendmsg+0x805/0xb30
[  547.830567][T20445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.830598][T20445]  ? aa_sock_msg_perm+0xf1/0x1d0
[  547.830627][T20445]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  547.830653][T20445]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.830682][T20445]  __sock_sendmsg+0x21c/0x270
[  547.830709][T20445]  ____sys_sendmsg+0x505/0x830
[  547.830746][T20445]  ? __pfx_____sys_sendmsg+0x10/0x10
[  547.830792][T20445]  ? import_iovec+0x74/0xa0
[  547.830826][T20445]  ___sys_sendmsg+0x21f/0x2a0
[  547.830858][T20445]  ? __pfx____sys_sendmsg+0x10/0x10
[  547.830934][T20445]  ? __fget_files+0x2a/0x420
[  547.830957][T20445]  ? __fget_files+0x3a0/0x420
[  547.830995][T20445]  __x64_sys_sendmsg+0x19b/0x260
[  547.831028][T20445]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  547.831070][T20445]  ? __pfx_ksys_write+0x10/0x10
[  547.831099][T20445]  ? do_syscall_64+0xbe/0xfa0
[  547.831133][T20445]  do_syscall_64+0xfa/0xfa0
[  547.831160][T20445]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.831188][T20445]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.831209][T20445]  ? clear_bhb_loop+0x60/0xb0
[  547.831236][T20445]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.831256][T20445] RIP: 0033:0x7f6fffb8eec9
[  547.831276][T20445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.831294][T20445] RSP: 002b:00007f7000a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  547.831317][T20445] RAX: ffffffffffffffda RBX: 00007f6fffde5fa0 RCX: 00007f6fffb8eec9
[  547.831332][T20445] RDX: 0000000000000840 RSI: 00002000000001c0 RDI: 0000000000000003
[  547.831347][T20445] RBP: 00007f7000a42090 R08: 0000000000000000 R09: 0000000000000000
[  547.831360][T20445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.831373][T20445] R13: 00007f6fffde6038 R14: 00007f6fffde5fa0 R15: 00007fffd68110d8
[  547.831422][T20445]  </TASK>
[  548.425668][T20449] syzkaller0: entered allmulticast mode
[  548.448680][T20449] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4126'.
[  550.945127][T20465] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4130'.
[  551.029910][T20461] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4130'.
[  551.061900][T20461] netlink: 'syz.4.4130': attribute type 30 has an invalid length.
[  551.178063][T20470] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4130'.
[  551.251433][T20471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4130'.
[  551.692631][T20481] netlink: 'syz.1.4134': attribute type 4 has an invalid length.
[  553.013154][T20486] FAULT_INJECTION: forcing a failure.
[  553.013154][T20486] name failslab, interval 1, probability 0, space 0, times 0
[  553.083961][T20486] CPU: 0 UID: 0 PID: 20486 Comm: syz.2.4136 Not tainted syzkaller #0 PREEMPT(full) 
[  553.083994][T20486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  553.084006][T20486] Call Trace:
[  553.084015][T20486]  <TASK>
[  553.084024][T20486]  dump_stack_lvl+0x189/0x250
[  553.084052][T20486]  ? __pfx____ratelimit+0x10/0x10
[  553.084082][T20486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.084102][T20486]  ? __pfx__printk+0x10/0x10
[  553.084137][T20486]  ? __pfx___might_resched+0x10/0x10
[  553.084165][T20486]  ? fs_reclaim_acquire+0x7d/0x100
[  553.084196][T20486]  should_fail_ex+0x414/0x560
[  553.084225][T20486]  should_failslab+0xa8/0x100
[  553.084249][T20486]  __kmalloc_noprof+0xcb/0x4f0
[  553.084270][T20486]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  553.084298][T20486]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  553.084326][T20486]  genl_family_rcv_msg_doit+0xb8/0x300
[  553.084356][T20486]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  553.084388][T20486]  ? apparmor_capable+0x137/0x1b0
[  553.084420][T20486]  ? bpf_lsm_capable+0x9/0x20
[  553.084440][T20486]  ? security_capable+0x7e/0x2e0
[  553.084470][T20486]  genl_rcv_msg+0x60e/0x790
[  553.084498][T20486]  ? __pfx_genl_rcv_msg+0x10/0x10
[  553.084517][T20486]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  553.084542][T20486]  ? __pfx_nl80211_start_ap+0x10/0x10
[  553.084567][T20486]  ? __pfx_nl80211_post_doit+0x10/0x10
[  553.084593][T20486]  ? __asan_memcpy+0x40/0x70
[  553.084620][T20486]  ? __pfx_ref_tracker_free+0x10/0x10
[  553.084652][T20486]  netlink_rcv_skb+0x205/0x470
[  553.084676][T20486]  ? __lock_acquire+0xab9/0xd20
[  553.084703][T20486]  ? __pfx_genl_rcv_msg+0x10/0x10
[  553.084725][T20486]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  553.084773][T20486]  ? down_read+0x1ad/0x2e0
[  553.084797][T20486]  genl_rcv+0x28/0x40
[  553.084813][T20486]  netlink_unicast+0x82f/0x9e0
[  553.084848][T20486]  ? __pfx_netlink_unicast+0x10/0x10
[  553.084873][T20486]  ? netlink_sendmsg+0x642/0xb30
[  553.084895][T20486]  ? skb_put+0x11b/0x210
[  553.084927][T20486]  netlink_sendmsg+0x805/0xb30
[  553.084965][T20486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.084994][T20486]  ? aa_sock_msg_perm+0xf1/0x1d0
[  553.085021][T20486]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  553.085047][T20486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.085074][T20486]  __sock_sendmsg+0x21c/0x270
[  553.085101][T20486]  ____sys_sendmsg+0x505/0x830
[  553.085161][T20486]  ? __pfx_____sys_sendmsg+0x10/0x10
[  553.085202][T20486]  ? import_iovec+0x74/0xa0
[  553.085234][T20486]  ___sys_sendmsg+0x21f/0x2a0
[  553.085266][T20486]  ? __pfx____sys_sendmsg+0x10/0x10
[  553.085339][T20486]  ? __fget_files+0x2a/0x420
[  553.085362][T20486]  ? __fget_files+0x3a0/0x420
[  553.085398][T20486]  __x64_sys_sendmsg+0x19b/0x260
[  553.085429][T20486]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  553.085469][T20486]  ? __pfx_ksys_write+0x10/0x10
[  553.085496][T20486]  ? do_syscall_64+0xbe/0xfa0
[  553.085530][T20486]  do_syscall_64+0xfa/0xfa0
[  553.085561][T20486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.085580][T20486]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  553.085600][T20486]  ? clear_bhb_loop+0x60/0xb0
[  553.085625][T20486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.085645][T20486] RIP: 0033:0x7f6fffb8eec9
[  553.085665][T20486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  553.085683][T20486] RSP: 002b:00007f7000a42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  553.085706][T20486] RAX: ffffffffffffffda RBX: 00007f6fffde5fa0 RCX: 00007f6fffb8eec9
[  553.085722][T20486] RDX: 0000000000000840 RSI: 00002000000001c0 RDI: 0000000000000003
[  553.085735][T20486] RBP: 00007f7000a42090 R08: 0000000000000000 R09: 0000000000000000
[  553.085748][T20486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  553.085761][T20486] R13: 00007f6fffde6038 R14: 00007f6fffde5fa0 R15: 00007fffd68110d8
[  553.085799][T20486]  </TASK>
[  553.595612][T20500] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4141'.
[  553.657002][T20502] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  553.670258][T20502] syzkaller0: entered promiscuous mode
[  553.676341][T20502] syzkaller0: entered allmulticast mode
[  553.686020][T20502] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  553.761032][T20510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4143'.
[  553.821732][T20512] tipc: Resetting bearer <eth:syzkaller0>
[  553.843279][T20501] tipc: Resetting bearer <eth:syzkaller0>
[  553.890679][T20501] tipc: Disabling bearer <eth:syzkaller0>
[  554.131301][T20527] netlink: 'syz.3.4150': attribute type 1 has an invalid length.
[  554.153173][T20525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4148'.
[  554.267469][T20532] netlink: 'syz.3.4152': attribute type 1 has an invalid length.
[  554.313338][T20537] syz_tun: entered allmulticast mode
[  554.328836][T20532] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  554.340042][T20532] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  554.367454][T20537] syz_tun: left allmulticast mode
[  554.369685][T20538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4152'.
[  554.393928][T20538] macvlan2: entered promiscuous mode
[  554.402005][T20538] macvlan2: entered allmulticast mode
[  554.413654][T20538] bond3: entered promiscuous mode
[  554.421142][T20538] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  554.449540][T20538] bond3: left promiscuous mode
[  554.495074][T20542] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4156'.
[  554.528328][T20540] bridge4: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  554.818633][T20560] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  557.378838][T20607] netlink: 'syz.4.4178': attribute type 4 has an invalid length.
[  557.451875][T20604] bond1: (slave bond_slave_1): Device is not our slave
[  557.462779][T20612] netlink: 'syz.4.4178': attribute type 4 has an invalid length.
[  557.470744][T20604] bond1: option active_slave: invalid value (bond_slave_1)
[  557.490556][T20604] bond1 (unregistering): Released all slaves
[  557.596031][T20620] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4180'.
[  557.811586][T20626] geneve2: entered promiscuous mode
[  557.889154][ T1111] tipc: Subscription rejected, illegal request
[  557.996210][T20636] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4187'.
[  558.015631][T20636] netlink: 'syz.1.4187': attribute type 7 has an invalid length.
[  558.034042][T20636] netlink: 'syz.1.4187': attribute type 8 has an invalid length.
[  558.057073][T20636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4187'.
[  558.072840][T20641] netlink: 'syz.2.4190': attribute type 4 has an invalid length.
[  558.179960][T20651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4193'.
[  558.301874][T20654] FAULT_INJECTION: forcing a failure.
[  558.301874][T20654] name failslab, interval 1, probability 0, space 0, times 0
[  558.320433][T20654] CPU: 0 UID: 0 PID: 20654 Comm: syz.1.4192 Not tainted syzkaller #0 PREEMPT(full) 
[  558.320465][T20654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  558.320478][T20654] Call Trace:
[  558.320487][T20654]  <TASK>
[  558.320497][T20654]  dump_stack_lvl+0x189/0x250
[  558.320527][T20654]  ? __pfx____ratelimit+0x10/0x10
[  558.320555][T20654]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.320577][T20654]  ? __pfx__printk+0x10/0x10
[  558.320594][T20654]  ? genl_rcv+0x28/0x40
[  558.320614][T20654]  ? ____sys_sendmsg+0x505/0x830
[  558.320641][T20654]  ? __x64_sys_sendmsg+0x19b/0x260
[  558.320681][T20654]  should_fail_ex+0x414/0x560
[  558.320709][T20654]  should_failslab+0xa8/0x100
[  558.320736][T20654]  kmem_cache_alloc_noprof+0x73/0x3c0
[  558.320757][T20654]  ? skb_clone+0x212/0x3a0
[  558.320792][T20654]  skb_clone+0x212/0x3a0
[  558.320825][T20654]  __netlink_deliver_tap+0x404/0x850
[  558.320868][T20654]  ? netlink_deliver_tap+0x2e/0x1b0
[  558.320896][T20654]  netlink_deliver_tap+0x19c/0x1b0
[  558.320922][T20654]  netlink_sendskb+0x68/0x140
[  558.320948][T20654]  netlink_unicast+0x397/0x9e0
[  558.320969][T20654]  ? __asan_memcpy+0x40/0x70
[  558.321009][T20654]  ? __pfx_netlink_unicast+0x10/0x10
[  558.321045][T20654]  netlink_rcv_skb+0x28c/0x470
[  558.321080][T20654]  ? __lock_acquire+0xab9/0xd20
[  558.321107][T20654]  ? __pfx_genl_rcv_msg+0x10/0x10
[  558.321128][T20654]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  558.321175][T20654]  ? down_read+0x1ad/0x2e0
[  558.321201][T20654]  genl_rcv+0x28/0x40
[  558.321218][T20654]  netlink_unicast+0x82f/0x9e0
[  558.321254][T20654]  ? __pfx_netlink_unicast+0x10/0x10
[  558.321280][T20654]  ? netlink_sendmsg+0x642/0xb30
[  558.321303][T20654]  ? skb_put+0x11b/0x210
[  558.321334][T20654]  netlink_sendmsg+0x805/0xb30
[  558.321372][T20654]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.321403][T20654]  ? aa_sock_msg_perm+0xf1/0x1d0
[  558.321433][T20654]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  558.321466][T20654]  ? __pfx_netlink_sendmsg+0x10/0x10
[  558.321494][T20654]  __sock_sendmsg+0x21c/0x270
[  558.321521][T20654]  ____sys_sendmsg+0x505/0x830
[  558.321557][T20654]  ? __pfx_____sys_sendmsg+0x10/0x10
[  558.321597][T20654]  ? import_iovec+0x74/0xa0
[  558.321631][T20654]  ___sys_sendmsg+0x21f/0x2a0
[  558.321664][T20654]  ? __pfx____sys_sendmsg+0x10/0x10
[  558.321738][T20654]  ? __fget_files+0x2a/0x420
[  558.321762][T20654]  ? __fget_files+0x3a0/0x420
[  558.321800][T20654]  __x64_sys_sendmsg+0x19b/0x260
[  558.321832][T20654]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  558.321873][T20654]  ? __pfx_ksys_write+0x10/0x10
[  558.321901][T20654]  ? do_syscall_64+0xbe/0xfa0
[  558.321934][T20654]  do_syscall_64+0xfa/0xfa0
[  558.321960][T20654]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.321989][T20654]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.322008][T20654]  ? clear_bhb_loop+0x60/0xb0
[  558.322033][T20654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.322052][T20654] RIP: 0033:0x7fa64d58eec9
[  558.322080][T20654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.322098][T20654] RSP: 002b:00007fa64e4d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  558.322121][T20654] RAX: ffffffffffffffda RBX: 00007fa64d7e6090 RCX: 00007fa64d58eec9
[  558.322137][T20654] RDX: 0000000000000840 RSI: 00002000000001c0 RDI: 0000000000000003
[  558.322158][T20654] RBP: 00007fa64e4d7090 R08: 0000000000000000 R09: 0000000000000000
[  558.322170][T20654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  558.322182][T20654] R13: 00007fa64d7e6128 R14: 00007fa64d7e6090 R15: 00007fff5af15f08
[  558.322219][T20654]  </TASK>
[  560.794795][T20669] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4195'.
[  561.518902][T20706] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  561.553191][T20707] FAULT_INJECTION: forcing a failure.
[  561.553191][T20707] name failslab, interval 1, probability 0, space 0, times 0
[  561.599297][T20707] CPU: 1 UID: 0 PID: 20707 Comm: syz.0.4204 Not tainted syzkaller #0 PREEMPT(full) 
[  561.599327][T20707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  561.599340][T20707] Call Trace:
[  561.599350][T20707]  <TASK>
[  561.599360][T20707]  dump_stack_lvl+0x189/0x250
[  561.599388][T20707]  ? __pfx____ratelimit+0x10/0x10
[  561.599417][T20707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  561.599437][T20707]  ? __pfx__printk+0x10/0x10
[  561.599455][T20707]  ? genl_rcv+0x28/0x40
[  561.599475][T20707]  ? ____sys_sendmsg+0x505/0x830
[  561.599502][T20707]  ? __x64_sys_sendmsg+0x19b/0x260
[  561.599541][T20707]  should_fail_ex+0x414/0x560
[  561.599569][T20707]  should_failslab+0xa8/0x100
[  561.599595][T20707]  kmem_cache_alloc_noprof+0x73/0x3c0
[  561.599616][T20707]  ? skb_clone+0x212/0x3a0
[  561.599650][T20707]  skb_clone+0x212/0x3a0
[  561.599685][T20707]  __netlink_deliver_tap+0x404/0x850
[  561.599725][T20707]  ? netlink_deliver_tap+0x2e/0x1b0
[  561.599753][T20707]  netlink_deliver_tap+0x19c/0x1b0
[  561.599780][T20707]  netlink_sendskb+0x68/0x140
[  561.599806][T20707]  netlink_unicast+0x397/0x9e0
[  561.599827][T20707]  ? __asan_memcpy+0x40/0x70
[  561.599866][T20707]  ? __pfx_netlink_unicast+0x10/0x10
[  561.599901][T20707]  netlink_rcv_skb+0x28c/0x470
[  561.599924][T20707]  ? __lock_acquire+0xab9/0xd20
[  561.599952][T20707]  ? __pfx_genl_rcv_msg+0x10/0x10
[  561.599974][T20707]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  561.600031][T20707]  ? down_read+0x1ad/0x2e0
[  561.600055][T20707]  genl_rcv+0x28/0x40
[  561.600072][T20707]  netlink_unicast+0x82f/0x9e0
[  561.600105][T20707]  ? __pfx_netlink_unicast+0x10/0x10
[  561.600130][T20707]  ? netlink_sendmsg+0x642/0xb30
[  561.600152][T20707]  ? skb_put+0x11b/0x210
[  561.600183][T20707]  netlink_sendmsg+0x805/0xb30
[  561.600220][T20707]  ? __pfx_netlink_sendmsg+0x10/0x10
[  561.600249][T20707]  ? aa_sock_msg_perm+0xf1/0x1d0
[  561.600283][T20707]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  561.600309][T20707]  ? __pfx_netlink_sendmsg+0x10/0x10
[  561.600336][T20707]  __sock_sendmsg+0x21c/0x270
[  561.600362][T20707]  ____sys_sendmsg+0x505/0x830
[  561.600397][T20707]  ? __pfx_____sys_sendmsg+0x10/0x10
[  561.600447][T20707]  ? import_iovec+0x74/0xa0
[  561.600478][T20707]  ___sys_sendmsg+0x21f/0x2a0
[  561.600509][T20707]  ? __pfx____sys_sendmsg+0x10/0x10
[  561.600580][T20707]  ? __fget_files+0x2a/0x420
[  561.600602][T20707]  ? __fget_files+0x3a0/0x420
[  561.600638][T20707]  __x64_sys_sendmsg+0x19b/0x260
[  561.600669][T20707]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  561.600709][T20707]  ? __pfx_ksys_write+0x10/0x10
[  561.600734][T20707]  ? do_syscall_64+0xbe/0xfa0
[  561.600767][T20707]  do_syscall_64+0xfa/0xfa0
[  561.600794][T20707]  ? lockdep_hardirqs_on+0x9c/0x150
[  561.600821][T20707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.600841][T20707]  ? clear_bhb_loop+0x60/0xb0
[  561.600865][T20707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.600884][T20707] RIP: 0033:0x7f9b7cd8eec9
[  561.600904][T20707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.600921][T20707] RSP: 002b:00007f9b7afd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  561.600944][T20707] RAX: ffffffffffffffda RBX: 00007f9b7cfe6090 RCX: 00007f9b7cd8eec9
[  561.600959][T20707] RDX: 0000000000000840 RSI: 00002000000001c0 RDI: 0000000000000003
[  561.600972][T20707] RBP: 00007f9b7afd5090 R08: 0000000000000000 R09: 0000000000000000
[  561.600984][T20707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  561.600996][T20707] R13: 00007f9b7cfe6128 R14: 00007f9b7cfe6090 R15: 00007ffc7a317ea8
[  561.601040][T20707]  </TASK>
[  562.085729][T20682] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  562.102836][T20682] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.110371][T20682] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.220450][T20715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4207'.
[  562.591685][T20732] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4212'.
[  562.615323][T20732] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4212'.
[  562.648995][T20735] syzkaller1: entered promiscuous mode
[  562.654618][T20735] syzkaller1: entered allmulticast mode
[  562.790629][T20739] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4215'.
[  562.911853][T20744] netlink: 'syz.3.4216': attribute type 4 has an invalid length.
[  563.032182][T20747] FAULT_INJECTION: forcing a failure.
[  563.032182][T20747] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.058371][T20747] CPU: 0 UID: 0 PID: 20747 Comm: syz.1.4218 Not tainted syzkaller #0 PREEMPT(full) 
[  563.058400][T20747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  563.058413][T20747] Call Trace:
[  563.058422][T20747]  <TASK>
[  563.058432][T20747]  dump_stack_lvl+0x189/0x250
[  563.058460][T20747]  ? __pfx____ratelimit+0x10/0x10
[  563.058490][T20747]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.058511][T20747]  ? __pfx__printk+0x10/0x10
[  563.058534][T20747]  ? __might_fault+0xb0/0x130
[  563.058571][T20747]  should_fail_ex+0x414/0x560
[  563.058600][T20747]  _copy_from_user+0x2d/0xb0
[  563.058636][T20747]  kstrtouint_from_user+0xc4/0x170
[  563.058664][T20747]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  563.058710][T20747]  proc_fail_nth_write+0x88/0x200
[  563.058740][T20747]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  563.058777][T20747]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  563.058809][T20747]  vfs_write+0x27e/0xb30
[  563.058842][T20747]  ? __pfx_vfs_write+0x10/0x10
[  563.058867][T20747]  ? __fget_files+0x2a/0x420
[  563.058897][T20747]  ? __fget_files+0x3a0/0x420
[  563.058920][T20747]  ? __fget_files+0x2a/0x420
[  563.058955][T20747]  ksys_write+0x145/0x250
[  563.058980][T20747]  ? __pfx_ksys_write+0x10/0x10
[  563.059006][T20747]  ? do_syscall_64+0xbe/0xfa0
[  563.059041][T20747]  do_syscall_64+0xfa/0xfa0
[  563.059067][T20747]  ? lockdep_hardirqs_on+0x9c/0x150
[  563.059096][T20747]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.059116][T20747]  ? clear_bhb_loop+0x60/0xb0
[  563.059142][T20747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.059163][T20747] RIP: 0033:0x7fa64d58d97f
[  563.059183][T20747] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  563.059201][T20747] RSP: 002b:00007fa64e4f8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  563.059235][T20747] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa64d58d97f
[  563.059251][T20747] RDX: 0000000000000001 RSI: 00007fa64e4f80a0 RDI: 0000000000000004
[  563.059264][T20747] RBP: 00007fa64e4f8090 R08: 0000000000000000 R09: 0000000000000000
[  563.059277][T20747] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  563.059290][T20747] R13: 00007fa64d7e6038 R14: 00007fa64d7e5fa0 R15: 00007fff5af15f08
[  563.059328][T20747]  </TASK>
[  563.492657][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.502489][ T1301] lec:lec_start_xmit: lec0:No lecd attached
[  563.937198][T20781] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4226'.
[  563.987312][T20774] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4226'.
[  564.043753][T20787] netlink: 'syz.3.4230': attribute type 4 has an invalid length.
[  564.315689][T20801] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4227'.
[  564.492370][T20807] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4235'.
[  564.838721][T20819] netlink: 'syz.1.4240': attribute type 2 has an invalid length.
[  564.854553][T20819] netlink: 11 bytes leftover after parsing attributes in process `syz.1.4240'.
[  565.205773][T20842] netlink: 'syz.3.4244': attribute type 1 has an invalid length.
[  565.323776][T20829] netlink: 'syz.3.4244': attribute type 6 has an invalid length.
[  565.334301][T20844] ieee802154 phy0 wpan0: encryption failed: -22
[  565.549781][T20859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  565.553123][T20862] bridge0: port 3(ipvlan2) entered blocking state
[  565.593093][T20862] bridge0: port 3(ipvlan2) entered disabled state
[  565.608224][T20862] ipvlan2: entered allmulticast mode
[  565.613589][T20862] bridge0: entered allmulticast mode
[  565.622100][T20862] ipvlan2: left allmulticast mode
[  565.627904][T20862] bridge0: left allmulticast mode
[  566.113948][T20893] __nla_validate_parse: 2 callbacks suppressed
[  566.113972][T20893] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4265'.
[  566.143031][T20893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4265'.
[  566.257677][T20900] IPVS: set_ctl: invalid protocol: 58 0.0.0.0:20000
[  566.274195][T20902] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4269'.
[  566.312348][T20902] netlink: 'syz.4.4269': attribute type 24 has an invalid length.
[  566.324330][T20903] netlink: 'syz.1.4267': attribute type 13 has an invalid length.
[  566.337345][T20903] netlink: 'syz.1.4267': attribute type 58 has an invalid length.
[  566.346618][T20903] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4267'.
[  566.519524][T20912] netlink: 'syz.0.4273': attribute type 11 has an invalid length.
[  566.558489][T20912] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4273'.
[  566.690757][T20928] A link change request failed with some changes committed already. Interface ªªªªªª may have been left with an inconsistent configuration, please check.
[  566.778366][T20931] netlink: 'syz.4.4279': attribute type 4 has an invalid length.
[  566.988387][T20944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4285'.
[  567.006110][T20942] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4283'.
[  567.019094][T20944] batadv_slave_1: entered promiscuous mode
[  567.027403][T20944] batadv_slave_1: left promiscuous mode
[  567.089743][T20951] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4286'.
[  567.221953][T20956] bridge0: port 5(batadv4) entered blocking state
[  567.229223][T20956] bridge0: port 5(batadv4) entered disabled state
[  567.236509][T20956] batadv4: entered allmulticast mode
[  567.255301][T20956] batadv4: entered promiscuous mode
[  567.368164][T20960] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  567.424344][T20967] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4292'.
[  567.609932][T20975] A link change request failed with some changes committed already. Interface ªªªªªª may have been left with an inconsistent configuration, please check.
[  567.676880][T20979] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4297'.
[  567.716018][   T59] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled
[  567.726759][   T59] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled
[  568.135189][T21001] bond2: down delay (33554432) is not a multiple of miimon (640), value rounded to 33553920 ms
[  568.149714][T21004] veth1_to_bond: entered allmulticast mode
[  568.224767][T21001] bond0: (slave bond_slave_1): Releasing backup interface
[  568.233793][T21001] bond_slave_1 (unregistering): left promiscuous mode
[  568.242451][T21001] bond_slave_1 (unregistering): left allmulticast mode
[  568.287080][T21001] veth1_to_bond (unregistering): left allmulticast mode
[  568.391623][T21024] delete_channel: no stack
[  568.399238][T21020] IPVS: length: 239 != 24
[  568.524401][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  568.532590][    C1] lec:lec_tx_timeout: lec0
[  568.628313][T21016] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  568.981474][T21049] netlink: 'syz.3.4316': attribute type 10 has an invalid length.
[  569.054838][T21049] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.098801][T21049] bridge_slave_1: left allmulticast mode
[  569.110020][T21049] bridge_slave_1: left promiscuous mode
[  569.116822][T21049] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.188269][T21049] `: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  569.409372][T21067] netlink: 'syz.2.4322': attribute type 4 has an invalid length.
[  569.574803][T21079] Unsupported ieee802154 address type: 0
[  569.670061][T21081] mac80211_hwsim hwsim32 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  569.737953][T21088] netlink: 'syz.3.4329': attribute type 11 has an invalid length.
[  570.517514][T21146] IPVS: set_ctl: invalid protocol: 51 255.255.255.255:20000
[  570.653347][T21160] netlink: 'syz.4.4345': attribute type 4 has an invalid length.
[  571.117850][T21178] __nla_validate_parse: 13 callbacks suppressed
[  571.117874][T21178] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4349'.
[  571.266486][T21188] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4355'.
[  571.307674][T21192] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4354'.
[  571.328220][T21194] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4356'.
[  571.460108][T21202] netlink: 'syz.0.4356': attribute type 2 has an invalid length.
[  571.482396][T21203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4358'.
[  571.549553][T21203] bond2: Invalid ad_actor_system MAC address.
[  571.556196][T21203] bond2: option ad_actor_system: invalid value (1)
[  571.565087][T21203] bond2 (unregistering): Released all slaves
[  571.607375][T21194] netlink: 'syz.0.4356': attribute type 1 has an invalid length.
[  571.735823][T21214] netlink: 277 bytes leftover after parsing attributes in process `syz.0.4362'.
[  571.839209][T21222] netlink: 256 bytes leftover after parsing attributes in process `syz.2.4364'.
[  572.043622][T21238] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4369'.
[  572.265687][T21256] netlink: 277 bytes leftover after parsing attributes in process `syz.2.4375'.
[  572.427224][   T36] wlan1: Trigger new scan to find an IBSS to join
[  572.515591][T21270] veth1_virt_wifi: mtu less than device minimum
[  572.591997][T21270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4380'.
[  572.706027][T21276] geneve3: entered promiscuous mode
[  572.716999][T21276] geneve3: entered allmulticast mode
[  572.755152][   T59] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 19999 - 0
[  572.805283][   T59] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 19999 - 0
[  572.813634][   T59] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 19999 - 0
[  572.844666][   T59] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 19999 - 0
[  572.957931][T21291] netlink: 'syz.1.4388': attribute type 1 has an invalid length.
[  573.375246][T21320] syzkaller1: entered promiscuous mode
[  573.380926][T21320] syzkaller1: entered allmulticast mode
[  573.558961][T21335] netlink: 'syz.1.4399': attribute type 3 has an invalid length.
[  573.793913][T21346] netlink: 'syz.3.4405': attribute type 11 has an invalid length.
[  575.337531][T21402] netlink: 'syz.0.4418': attribute type 11 has an invalid length.
[  575.397303][   T36] wlan1: Trigger new scan to find an IBSS to join
[  577.126156][T21401] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  577.135022][T21401] tipc: Enabled bearer <udp:syz0>, priority 10
[  577.378198][T21423] __nla_validate_parse: 10 callbacks suppressed
[  577.378219][T21423] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4421'.
[  577.636012][T21439] netlink: 'syz.1.4429': attribute type 4 has an invalid length.
[  577.667638][T21434] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4427'.
[  577.968818][T21464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4433'.
[  577.981568][T21446] syzkaller0: entered promiscuous mode
[  577.988205][T21464] netlink: 'syz.2.4433': attribute type 5 has an invalid length.
[  578.013909][T21446] syzkaller0: entered allmulticast mode
[  578.016678][T21464] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4433'.
[  578.060596][T21467] netlink: 'syz.3.4435': attribute type 1 has an invalid length.
[  578.426905][ T1105] wlan1: Trigger new scan to find an IBSS to join
[  579.337897][ T1105] wlan1: Creating new IBSS network, BSSID 02:22:29:b9:ff:b4
[  580.446145][T21464] geneve3: entered promiscuous mode
[  580.451546][T21464] geneve3: entered allmulticast mode
[  580.463964][T21467] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  580.485652][T21473] bond1: (slave veth0_to_bond): Releasing active interface
[  580.602904][ T1105] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  580.623775][ T1105] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  580.644615][   T36] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  580.652868][   T36] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  580.784250][T21518] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4444'.
[  581.097682][T21537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  581.407015][T21563] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4458'.
[  581.416234][T21563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4458'.
[  581.426349][T21563] netlink: 'syz.4.4458': attribute type 12 has an invalid length.
[  581.434271][T21563] netlink: 'syz.4.4458': attribute type 11 has an invalid length.
[  582.058214][T21598] netlink: 'syz.0.4469': attribute type 1 has an invalid length.
[  582.156405][T21603] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4471'.
[  582.254063][T21609] IPv6: sit1: Disabled Multicast RS
[  582.295101][T21609] sit1: entered allmulticast mode
[  582.389141][T21616] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4476'.
[  582.586791][T21627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4479'.
[  582.629586][T21627] batadv_slave_1: entered promiscuous mode
[  582.648708][T21627] batadv_slave_1: left promiscuous mode
[  582.689671][T21633] netlink: 'syz.3.4480': attribute type 4 has an invalid length.
[  583.083598][T21649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4483'.
[  583.161134][T21649] veth0_macvtap: left promiscuous mode
[  583.344164][T21660] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4486'.
[  583.543128][T21671] netlink: 256 bytes leftover after parsing attributes in process `syz.3.4490'.
[  584.097175][T21710] 8021q: VLANs not supported on ip6_vti0
[  584.118836][T21710] netlink: 'syz.0.4497': attribute type 1 has an invalid length.
[  584.192198][T21720] batadv1: entered allmulticast mode
[  584.329637][T21725] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4500'.
[  584.368292][T21725] gretap0: entered promiscuous mode
[  584.397180][T21733] netlink: 5 bytes leftover after parsing attributes in process `syz.0.4500'.
[  584.442859][T21733] 0ªî{X¹¦: renamed from gretap0
[  584.516802][T21733] 0ªî{X¹¦: left promiscuous mode
[  584.522105][T21733] 0ªî{X¹¦: entered allmulticast mode
[  584.531539][T21733] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  585.013117][T21771] netlink: 'syz.0.4516': attribute type 16 has an invalid length.
[  585.022262][T21771] netlink: 'syz.0.4516': attribute type 3 has an invalid length.
[  585.047106][T21773] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4514'.
[  585.065765][T21771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4516'.
[  585.142672][T21778] netlink: 277 bytes leftover after parsing attributes in process `syz.4.4517'.
[  585.692023][T21809] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.699923][T21809] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.090712][T21833] netlink: 'syz.2.4536': attribute type 4 has an invalid length.
[  586.571005][T21864] netlink: 'syz.1.4546': attribute type 4 has an invalid length.
[  586.576561][T21863] netlink: 'syz.4.4547': attribute type 3 has an invalid length.
[  586.683890][T21866] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  587.402034][T21903] syzkaller0: entered promiscuous mode
[  587.424639][T21903] syzkaller0: entered allmulticast mode
[  587.518189][T21916] __nla_validate_parse: 8 callbacks suppressed
[  587.518211][T21916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4562'.
[  587.598466][T21916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4562'.
[  587.905688][T21933] sctp: [Deprecated]: syz.4.4563 (pid 21933) Use of struct sctp_assoc_value in delayed_ack socket option.
[  587.905688][T21933] Use struct sctp_sack_info instead
[  589.911021][T21939] netlink: 'syz.2.4567': attribute type 27 has an invalid length.
[  590.140342][T21955] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4572'.
[  590.210484][T21959] netlink: 'syz.1.4575': attribute type 32 has an invalid length.
[  590.219061][T21959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4575'.
[  590.284296][T21959] bond5: option coupled_control: invalid value (52)
[  590.301126][T21959] bond5 (unregistering): Released all slaves
[  590.759824][   T30] audit: type=1800 audit(1759821370.019:12): pid=21997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4583" name="memory.events" dev="tmpfs" ino=1220 res=0 errno=0
[  590.812171][   T30] audit: type=1804 audit(1759821370.039:13): pid=21997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.4583" name="/newroot/237/memory.events" dev="tmpfs" ino=1220 res=1 errno=0
[  590.881520][T22006] openvswitch: netlink: Unknown key attributes 2
[  591.144908][ T5144] Bluetooth: hci2: command 0x0405 tx timeout
[  591.167906][T22004] netlink: 'syz.1.4585': attribute type 2 has an invalid length.
[  591.176992][T22004] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4585'.
[  591.423023][T22017] dvmrp0: entered allmulticast mode
[  591.565076][T22029] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4593'.
[  591.712643][T22031] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  591.722088][T22031] syzkaller0: entered promiscuous mode
[  591.733592][T22031] syzkaller0: entered allmulticast mode
[  591.810132][T22034] tipc: Resetting bearer <eth:syzkaller0>
[  591.869218][T22030] tipc: Resetting bearer <eth:syzkaller0>
[  591.917072][T22042] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4598'.
[  591.971642][T22030] tipc: Disabling bearer <eth:syzkaller0>
[  592.003832][T22049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4601'.
[  592.025922][T22049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4601'.
[  592.047383][T22049] netlink: 'syz.3.4601': attribute type 12 has an invalid length.
[  592.057487][T22049] netlink: 'syz.3.4601': attribute type 11 has an invalid length.
[  592.344145][T22063] netlink: 'syz.0.4605': attribute type 25 has an invalid length.
[  592.365443][T22063] netlink: 'syz.0.4605': attribute type 7 has an invalid length.
[  592.675800][T22088] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4613'.
[  592.977915][T22099] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4616'.
[  593.008127][T22097] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  593.388502][T22120] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4621'.
[  593.399464][T22120] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4621'.
[  593.521523][T22128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4624'.
[  593.566465][T22130] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4625'.
[  593.582526][T22128] batadv_slave_1: entered promiscuous mode
[  593.589859][T22128] batadv_slave_1: left promiscuous mode
[  593.815825][T22141] netlink: 'syz.4.4630': attribute type 1 has an invalid length.
[  593.853591][T22145] netlink: 'syz.3.4632': attribute type 1 has an invalid length.
[  593.878631][T22141] netlink: 'syz.4.4630': attribute type 1 has an invalid length.
[  594.153759][T22163] netlink: 277 bytes leftover after parsing attributes in process `syz.2.4636'.
[  594.370792][T22176] bridge5: entered promiscuous mode
[  594.387627][T22176] bridge5: entered allmulticast mode
[  594.470799][T22188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4642'.
[  594.517939][T22188] batadv_slave_1: entered promiscuous mode
[  594.542475][T22188] batadv_slave_1: left promiscuous mode
[  594.945354][T22206] pim6reg1: entered promiscuous mode
[  594.962790][T22206] pim6reg1: entered allmulticast mode
[  595.015374][T22214] netlink: 9 bytes leftover after parsing attributes in process `syz.2.4649'.
[  595.081488][T22216] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4649'.
[  595.112891][T22214] gretap0: entered promiscuous mode
[  595.123725][T22218] netlink: 'syz.3.4651': attribute type 1 has an invalid length.
[  595.147779][T22216] 0ªî{X¹¦: renamed from gretap0
[  595.181476][T22216] 0ªî{X¹¦: left promiscuous mode
[  595.195030][T22216] 0ªî{X¹¦: entered allmulticast mode
[  595.204276][T22216] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  595.333208][T22218] 8021q: adding VLAN 0 to HW filter on device bond5
[  595.376680][T22222] bond5: (slave veth5): Enslaving as an active interface with a down link
[  595.409704][T22226] bond5: (slave veth0_to_bond): making interface the new active one
[  595.420243][T22226] veth0_to_bond: entered promiscuous mode
[  595.427047][T22226] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  595.436625][T22229] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  595.499806][T22236] bond5: (slave veth7): Enslaving as an active interface with a down link
[  596.193339][T22274] batadv_slave_1: entered promiscuous mode
[  596.200455][T22274] batadv_slave_1: left promiscuous mode
[  596.228498][T22273] netlink: 'syz.1.4665': attribute type 1 has an invalid length.
[  596.608126][T22293] can: request_module (can-proto-0) failed.
[  596.788422][T22289] team0 (unregistering): Port device team_slave_0 removed
[  596.816645][T22289] team0 (unregistering): Port device team_slave_1 removed
[  596.906630][T22288] veth0: entered promiscuous mode
[  596.921674][T22302] 8021q: VLANs not supported on ip6_vti0
[  597.142544][T22318] netlink: 'syz.0.4677': attribute type 4 has an invalid length.
[  597.264218][T22286] veth0: left promiscuous mode
[  597.290587][T22323] batadv_slave_1: entered promiscuous mode
[  597.299738][T22323] batadv_slave_1: left promiscuous mode
[  597.614911][T22333] can: request_module (can-proto-0) failed.
[  597.689590][T22340] Unsupported ieee802154 address type: 0
[  598.035487][T22356] netlink: 'syz.0.4691': attribute type 1 has an invalid length.
[  598.100265][T22357] __nla_validate_parse: 15 callbacks suppressed
[  598.100288][T22357] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4691'.
[  598.121445][T22361] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4692'.
[  598.194539][T22361] sctp: [Deprecated]: syz.1.4692 (pid 22361) Use of struct sctp_assoc_value in delayed_ack socket option.
[  598.194539][T22361] Use struct sctp_sack_info instead
[  598.554087][T22391] netlink: 'syz.3.4701': attribute type 27 has an invalid length.
[  599.011476][T22411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4706'.
[  599.037515][T22394] team0 (unregistering): Port device team_slave_0 removed
[  599.053689][T22394] team0 (unregistering): Port device team_slave_1 removed
[  599.077797][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4706'.
[  599.091208][T22409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4706'.
[  599.101127][T22409] netlink: 'syz.0.4706': attribute type 20 has an invalid length.
[  599.149090][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4706'.
[  599.149717][ T1105] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  599.177564][T22409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4706'.
[  599.196065][ T1105] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  599.197737][T22409] netlink: 'syz.0.4706': attribute type 20 has an invalid length.
[  599.216098][ T1105] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  599.249912][ T1105] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  599.505089][T22422] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4711'.
[  599.767126][T22438] gre1: entered promiscuous mode
[  599.772266][T22438] gre1: entered allmulticast mode
[  599.892668][T22449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4719'.
[  599.983184][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880280f7000: rx timeout, send abort
[  599.994579][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880280f7000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  600.171633][T22468] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4725'.
[  600.268077][T22473] batadv_slave_1: entered promiscuous mode
[  600.276235][T22473] batadv_slave_1: left promiscuous mode
[  602.981943][T22525] batadv_slave_1: entered promiscuous mode
[  603.005418][T22525] batadv_slave_1: left promiscuous mode
[  603.125573][T22533] __nla_validate_parse: 2 callbacks suppressed
[  603.125597][T22533] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4745'.
[  603.176247][T22533] lo: entered allmulticast mode
[  603.195505][T22533] tunl0: entered allmulticast mode
[  603.216152][T22533] gre0: entered allmulticast mode
[  603.267576][T22537] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4747'.
[  603.298126][T22533] gretap0: entered allmulticast mode
[  603.379353][T22533] erspan0: entered allmulticast mode
[  603.439595][T22533] ip_vti0: entered allmulticast mode
[  603.479991][T22533] ip6_vti0: entered allmulticast mode
[  603.510614][T22533] sit0: entered allmulticast mode
[  603.556497][T22533] ip6tnl0: entered allmulticast mode
[  603.612363][T22533] ip6gre0: entered allmulticast mode
[  603.638266][T22533] ip6gretap0: entered allmulticast mode
[  603.675000][T22533] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.685385][T22533] bridge0: entered allmulticast mode
[  603.728813][T22533] vcan0: entered allmulticast mode
[  603.758829][T22533] `: entered allmulticast mode
[  603.763756][T22533] bond_slave_0: entered allmulticast mode
[  603.778596][T22533] bond_slave_1: entered allmulticast mode
[  603.795717][T22533] bridge_slave_1: entered allmulticast mode
[  603.804049][T22533] dummy0: entered allmulticast mode
[  603.830193][T22533] nlmon0: entered allmulticast mode
[  603.845949][T22533] caif0: entered allmulticast mode
[  603.862240][T22533] batadv0: entered allmulticast mode
[  603.884208][T22533] vxcan0: entered allmulticast mode
[  603.908692][T22533] vxcan1: entered allmulticast mode
[  603.926319][T22533] veth0: entered allmulticast mode
[  603.956709][T22533] veth1: entered allmulticast mode
[  603.978223][T22533] wg0: entered allmulticast mode
[  603.993369][T22533] wg1: entered allmulticast mode
[  604.004334][T22533] wg2: entered allmulticast mode
[  604.020094][T22533] veth0_to_bridge: entered allmulticast mode
[  604.038119][T22533] veth1_to_bridge: entered allmulticast mode
[  604.055071][T22533] veth0_to_bond: entered allmulticast mode
[  604.068569][T22533] veth1_to_bond: entered allmulticast mode
[  604.111577][T22533] veth0_to_team: entered allmulticast mode
[  604.126921][T22533] team_slave_0: entered allmulticast mode
[  604.136498][T22533] veth1_to_team: entered allmulticast mode
[  604.142761][T22533] team_slave_1: entered allmulticast mode
[  604.150226][T22533] veth0_to_batadv: entered allmulticast mode
[  604.167756][T22533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  604.176828][T22533] batadv_slave_0: entered allmulticast mode
[  604.191382][T22533] veth1_to_batadv: entered allmulticast mode
[  604.207095][T22533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  604.222150][T22533] batadv_slave_1: entered allmulticast mode
[  604.241650][T22533] xfrm0: entered allmulticast mode
[  604.248214][T22533] veth0_to_hsr: entered allmulticast mode
[  604.262362][T22533] hsr_slave_0: entered allmulticast mode
[  604.279071][T22533] veth1_to_hsr: entered allmulticast mode
[  604.295077][T22533] hsr_slave_1: entered allmulticast mode
[  604.308509][T22533] hsr0: entered allmulticast mode
[  604.321930][T22533] veth1_virt_wifi: entered allmulticast mode
[  604.343340][T22533] veth0_virt_wifi: entered allmulticast mode
[  604.375061][T22533] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  604.383176][T22533] veth1_vlan: entered allmulticast mode
[  604.401102][T22533] vlan0: entered allmulticast mode
[  604.406660][T22533] vlan1: entered allmulticast mode
[  604.416292][T22533] macvlan0: entered allmulticast mode
[  604.436115][T22533] macvlan1: entered allmulticast mode
[  604.458781][T22533] ipvlan0: entered allmulticast mode
[  604.466249][T22533] ipvlan1: entered allmulticast mode
[  604.479302][T22533] veth1_macvtap: entered allmulticast mode
[  604.519153][T22533] macsec0: entered allmulticast mode
[  604.535088][T22533] geneve0: entered allmulticast mode
[  604.553547][T22533] geneve1: entered allmulticast mode
[  604.584032][T22533] mac80211_hwsim hwsim33 wlan0: entered allmulticast mode
[  604.609058][T22533] mac80211_hwsim hwsim34 wlan1: entered allmulticast mode
[  604.625021][T22533] mac80211_hwsim hwsim35 wlan2: entered allmulticast mode
[  604.633171][T22533] bridge1: entered allmulticast mode
[  604.644235][T22533] veth2: entered allmulticast mode
[  604.652263][T22533] veth3: entered allmulticast mode
[  604.658602][T22533] vlan4094: entered allmulticast mode
[  604.664254][T22533] geneve2: entered allmulticast mode
[  604.681394][T22533] vxlan0: entered allmulticast mode
[  604.694720][T22533] bond1: entered allmulticast mode
[  604.704065][T22533] bond2: entered allmulticast mode
[  604.709862][T22533] batadv1: entered allmulticast mode
[  604.716797][T22533] bridge2: entered allmulticast mode
[  604.731657][T22533] netdevsim netdevsim3 eth0: entered allmulticast mode
[  604.739393][T22533] netdevsim netdevsim3 eth1: entered allmulticast mode
[  604.747816][T22533] netdevsim netdevsim3 eth2: entered allmulticast mode
[  604.755296][T22533] netdevsim netdevsim3 eth3: entered allmulticast mode
[  604.763088][T22533] bridge3: entered allmulticast mode
[  604.772752][T22533] bond0: entered allmulticast mode
[  604.778911][T22533] bond3: entered allmulticast mode
[  604.784231][T22533] batadv2: entered allmulticast mode
[  604.789956][T22533] bond4: entered allmulticast mode
[  604.796119][T22533] mac80211_hwsim hwsim33 pim6reg0: entered allmulticast mode
[  604.803738][T22533] gre1: entered allmulticast mode
[  604.809986][T22533] geneve3: left promiscuous mode
[  604.820705][T22533] xfrm1: entered allmulticast mode
[  604.827025][T22533] mac80211_hwsim hwsim52 wlan3: entered allmulticast mode
[  604.834292][T22533] bridge4: entered allmulticast mode
[  604.840454][T22533] bridge5: entered allmulticast mode
[  604.848530][T22533] bond5: entered allmulticast mode
[  604.857422][T22533] veth4: entered allmulticast mode
[  604.863509][T22533] veth5: entered allmulticast mode
[  604.873375][T22533] veth6: entered allmulticast mode
[  604.879319][T22533] veth7: entered allmulticast mode
[  604.889962][T22533] ip6tnl1: entered allmulticast mode
[  604.934520][   T13] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  604.965827][   T13] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  604.996811][   T13] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 19999 - 0
[  605.024883][   T13] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  605.033951][   T13] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  605.062760][   T13] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 19999 - 0
[  605.166193][   T13] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  605.186005][   T13] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  605.205950][   T13] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 19999 - 0
[  605.225150][ T1111] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  605.254631][ T1111] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  605.270632][ T1111] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 19999 - 0
[  605.528398][T22576] netlink: 277 bytes leftover after parsing attributes in process `syz.0.4757'.
[  605.743465][T22593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4763'.
[  605.808229][T22593] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4763'.
[  605.971566][T22609] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4765'.
[  606.027218][T22597] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4765'.
[  606.350414][T22621] IPv6: Can't replace route, no match found
[  606.672855][T22633] netlink: 277 bytes leftover after parsing attributes in process `syz.1.4772'.
[  606.699637][T22637] ksmbd: Unknown IPC event: 3, ignore.
[  606.921433][T22644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4776'.
[  607.114254][T22657] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4777'.
[  608.866365][T22649] kthread_run failed with err -4
[  608.871779][T22651] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4778'.
[  608.933889][T22665] netlink: 284 bytes leftover after parsing attributes in process `syz.0.4780'.
[  609.020293][T22666] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4780'.
[  609.134747][T22677] netlink: 108 bytes leftover after parsing attributes in process `syz.3.4784'.
[  609.324790][T22686] netlink: 277 bytes leftover after parsing attributes in process `syz.2.4786'.
[  609.335362][ T1105] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  609.386863][T22691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4789'.
[  609.419622][T22691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4789'.
[  609.548713][T22698] netlink: 'syz.4.4791': attribute type 1 has an invalid length.
[  609.589560][T22697] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  609.597685][T22697] syzkaller0: entered promiscuous mode
[  609.603370][T22697] syzkaller0: entered allmulticast mode
[  609.646808][T22697] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  609.685696][T22697] tipc: Resetting bearer <eth:syzkaller0>
[  609.720467][T22709] netlink: 800 bytes leftover after parsing attributes in process `syz.3.4794'.
[  609.740046][T22695] tipc: Resetting bearer <eth:syzkaller0>
[  609.768801][T22695] tipc: Disabling bearer <eth:syzkaller0>
[  609.795669][T22706] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  609.824877][T22711] syzkaller0: entered promiscuous mode
[  609.842313][T22711] syzkaller0: entered allmulticast mode
[  610.020585][T22703] tipc: Resetting bearer <eth:syzkaller0>
[  610.088886][T22703] tipc: Disabling bearer <eth:syzkaller0>
[  610.133430][T22729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4800'.
[  610.213874][T22729] pim6reg1: entered promiscuous mode
[  610.226696][T22729] pim6reg1: entered allmulticast mode
[  610.491170][T22753] netlink: 'syz.3.4807': attribute type 10 has an invalid length.
[  610.514879][T22752] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4806'.
[  610.546565][T22754] netlink: 'syz.3.4807': attribute type 10 has an invalid length.
[  610.563885][T22753] dummy0: left allmulticast mode
[  610.602579][T22754] dummy0: entered allmulticast mode
[  610.620366][T22754] `: (slave dummy0): Enslaving as an active interface with an up link
[  610.671873][T22753] xt_nfacct: accounting object `\�$‚9ZúM#íü¾mUµ|±^cÁ\F9YⳈ«ÃÖ' does not exist
[  610.770579][T22772] netlink: 'syz.4.4813': attribute type 10 has an invalid length.
[  610.779963][T22772] veth0_virt_wifi: entered allmulticast mode
[  610.869622][T22769] bond5: entered promiscuous mode
[  610.874956][T22769] bond5: entered allmulticast mode
[  610.883004][T22769] 8021q: adding VLAN 0 to HW filter on device bond5
[  610.917846][T22777] netlink: 'syz.2.4812': attribute type 39 has an invalid length.
[  611.625590][T22701] Bluetooth: hci3: command 0x0405 tx timeout
[  611.631844][T10625] Bluetooth: hci1: command 0x0406 tx timeout
[  611.690822][T22799] netlink: 'syz.2.4822': attribute type 29 has an invalid length.
[  611.869337][T22810] 8021q: VLANs not supported on ip6gre0
[  612.188372][T22832] netlink: 'syz.3.4832': attribute type 6 has an invalid length.
[  612.204245][T22828] netlink: 'syz.4.4830': attribute type 11 has an invalid length.
[  612.598262][T22857] bridge0: port 6(batadv5) entered blocking state
[  612.615497][T22857] bridge0: port 6(batadv5) entered disabled state
[  612.622317][T22857] batadv5: entered allmulticast mode
[  612.630693][T22857] batadv5: entered promiscuous mode
[  612.657228][T22860] macvtap0: entered promiscuous mode
[  612.674811][T22860] macvtap0: entered allmulticast mode
[  612.682515][T22860] veth0_macvtap: entered allmulticast mode
[  612.922926][T22875] veth0: entered promiscuous mode
[  613.020956][T22879] bond3: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-tlb(5)
[  613.075861][   T13] batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled
[  613.085429][   T13] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled
[  613.098450][T22879] bond3 (unregistering): Released all slaves
[  613.140218][T22871] veth0: left promiscuous mode
[  613.352865][T22894] bridge0: port 3(batadv4) entered blocking state
[  613.360581][T22894] bridge0: port 3(batadv4) entered disabled state
[  613.367696][T22894] batadv4: entered allmulticast mode
[  613.376760][T22894] batadv4: entered promiscuous mode
[  613.778165][T22924] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  613.787149][T22924] syzkaller0: entered promiscuous mode
[  613.793756][T22924] syzkaller0: entered allmulticast mode
[  613.813730][T22924] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  613.843091][T22928] nftables ruleset with unbound chain
[  613.847918][T22924] tipc: Resetting bearer <eth:syzkaller0>
[  613.855116][ T1111] batman_adv: batadv4: No IGMP Querier present - multicast optimizations disabled
[  613.864724][ T1111] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled
[  613.876950][T22923] tipc: Resetting bearer <eth:syzkaller0>
[  613.912506][T22923] tipc: Disabling bearer <eth:syzkaller0>
[  614.069824][T22939] xt_l2tp: unknown flags: 10
[  614.122247][T22942] IPVS: set_ctl: invalid protocol: 103 255.255.255.255:21
[  614.176638][T22939] bond3: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  614.193870][T22939] bond3 (unregistering): Released all slaves
[  614.317570][T22956] __nla_validate_parse: 11 callbacks suppressed
[  614.317594][T22956] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4876'.
[  614.620001][T22961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4879'.
[  614.648484][T22976] tipc: Enabling of bearer <eth:vlan1> rejected, failed to enable media
[  614.671572][T22961] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  614.728731][T22979] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4883'.
[  614.857341][T22961] batman_adv: batadv0: Removing interface: batadv_slave_1
[  614.941910][T22976] vlan0: entered promiscuous mode
[  614.955188][T22976] bridge0: entered promiscuous mode
[  615.163336][T22998] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4889'.
[  615.238346][T23000] C: renamed from ªªªªªª
[  615.266991][T23000] netlink: 'syz.2.4891': attribute type 33 has an invalid length.
[  615.275612][T23000] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4891'.
[  615.292032][T23000] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4891'.
[  615.455712][T23011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4894'.
[  615.553223][T23017] sctp: [Deprecated]: syz.1.4898 (pid 23017) Use of int in max_burst socket option.
[  615.553223][T23017] Use struct sctp_assoc_value instead
[  615.569026][T23018] sctp: [Deprecated]: syz.1.4898 (pid 23018) Use of int in max_burst socket option.
[  615.569026][T23018] Use struct sctp_assoc_value instead
[  615.586998][T23017] sctp: [Deprecated]: syz.1.4898 (pid 23017) Use of struct sctp_assoc_value in delayed_ack socket option.
[  615.586998][T23017] Use struct sctp_sack_info instead
[  615.792852][T23031] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4902'.
[  615.985467][T23043] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4904'.
[  616.027200][T23045] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4904'.
[  616.093680][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888059905c00: rx timeout, send abort
[  616.593843][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888059907800: rx timeout, send abort
[  617.102432][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888059907800: abort rx timeout. Force session deactivation
[  617.106364][T23093] geneve2: entered promiscuous mode
[  617.120990][T23093] geneve2: entered allmulticast mode
[  617.187359][T23098] openvswitch: netlink: Flow key attr not present in new flow.
[  617.566143][T23121] netlink: 'syz.3.4926': attribute type 10 has an invalid length.
[  617.588226][T23121] geneve0: left allmulticast mode
[  617.594020][T23121] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  618.288591][T23160] netlink: 'syz.3.4941': attribute type 8 has an invalid length.
[  618.346208][T23160] bridge6: entered allmulticast mode
[  618.530447][T23183] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  618.632457][T23180] veth9: entered allmulticast mode
[  618.745192][ T5830] Bluetooth: hci3: command 0x0405 tx timeout
[  619.107648][T23211] netlink: 'syz.1.4957': attribute type 3 has an invalid length.
[  619.249888][T23220] netlink: 'syz.0.4959': attribute type 19 has an invalid length.
[  619.280895][T23220] netlink: 'syz.0.4959': attribute type 19 has an invalid length.
[  619.757735][T23243] __nla_validate_parse: 11 callbacks suppressed
[  619.757761][T23243] netlink: 256 bytes leftover after parsing attributes in process `syz.4.4968'.
[  619.980892][T23252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4965'.
[  620.480093][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.511745][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.553530][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.570547][T23279] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  620.607528][T23279] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  620.646758][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.656077][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.666155][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.727578][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.760340][T23279] wlan0 speed is unknown, defaulting to 1000
[  620.785114][T23279] wlan0 speed is unknown, defaulting to 1000
[  621.001768][T23306] vxcan1: tx drop: invalid da for name 0x0000000000000001
[  621.012138][T23306] netlink: 1044 bytes leftover after parsing attributes in process `syz.2.4983'.
[  621.086733][T23306] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:7f00:0001 with DS=0xb
[  621.126390][T23297] netlink: 'syz.4.4978': attribute type 1 has an invalid length.
[  621.134951][T23297] netlink: 'syz.4.4978': attribute type 1 has an invalid length.
[  621.280116][T23312] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4986'.
[  621.302146][T23312] ip6erspan0: entered promiscuous mode
[  621.308751][T23312] ip6erspan0: entered allmulticast mode
[  621.321859][T23312] netlink: 'syz.1.4986': attribute type 10 has an invalid length.
[  621.330316][T23312] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4986'.
[  621.351329][T23312] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  621.531034][T23319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4987'.
[  621.570923][T23317] IPVS: persistence engine module ip_vs_pe_À
 not found
[  622.253626][T23354] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5000'.
[  622.273891][T23354] bridge0: port 5(batadv4) entered blocking state
[  622.282009][T23354] bridge0: port 5(batadv4) entered disabled state
[  622.290596][T23354] batadv4: entered allmulticast mode
[  622.298527][T23354] batadv4: entered promiscuous mode
[  622.420431][T23361] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5003'.
[  622.438858][T23361] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5003'.
[  622.525413][T23365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5005'.
[  622.785231][   T59] batman_adv: batadv4: IGMP Querier appeared
[  622.791349][   T59] batman_adv: batadv4: No MLD Querier present - multicast optimizations disabled
[  622.798361][T23380] bridge0: port 4(batadv5) entered blocking state
[  622.807432][T23380] bridge0: port 4(batadv5) entered disabled state
[  622.814070][T23380] batadv5: entered allmulticast mode
[  622.821291][T23380] batadv5: entered promiscuous mode
[  622.993730][ T5144] Bluetooth: hci5: command 0x0406 tx timeout
[  623.000161][T23292] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  623.014773][T23292] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  623.295708][   T59] batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled
[  623.305913][   T59] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled
[  623.560086][T23416] bridge0: port 6(batadv5) entered blocking state
[  623.567494][T23416] bridge0: port 6(batadv5) entered disabled state
[  623.568021][T23292] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  623.574927][T23416] batadv5: entered allmulticast mode
[  623.583103][T23292] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  623.588140][T23416] batadv5: entered promiscuous mode
[  623.679193][T23292] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  623.689048][T23292] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  623.709297][T23292] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  623.715872][T23292] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  623.754847][  T978] wlan0 speed is unknown, defaulting to 1000
[  623.761207][  T978] syz1: Port: 1 Link DOWN
[  623.794103][T23292] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  623.808512][T23292] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  624.076048][T12537] batman_adv: batadv5: IGMP Querier appeared
[  624.082109][T12537] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled
[  624.202724][T23440] netlink: 'syz.0.5032': attribute type 30 has an invalid length.
[  624.398990][T23450] geneve2: entered promiscuous mode
[  624.404502][T23450] geneve2: entered allmulticast mode
[  624.411349][T12537] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0
[  624.435367][T12537] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0
[  624.444238][T12537] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0
[  624.455285][T12537] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0
[  624.539354][T23457] netlink: 'syz.2.5038': attribute type 1 has an invalid length.
[  624.543138][T23450] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.559798][T23450] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  624.605659][T23457] 8021q: adding VLAN 0 to HW filter on device bond2
[  624.647563][T23457] veth9: entered promiscuous mode
[  624.659546][T23457] bond2: (slave veth9): Enslaving as an active interface with a down link
[  624.704594][T23450] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.716699][T23450] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  624.748118][T23465] bond2: entered allmulticast mode
[  624.827375][T23450] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.858962][T23450] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  624.879879][T23473] sctp: [Deprecated]: syz.0.5043 (pid 23473) Use of struct sctp_assoc_value in delayed_ack socket option.
[  624.879879][T23473] Use struct sctp_sack_info instead
[  624.918987][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  624.931277][ T1301] lec:lec_start_xmit: lec0:No lecd attached
[  624.995063][T23450] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.012855][T23450] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  625.178310][   T59] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 19999 - 0
[  625.187435][   T59] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  625.238014][   T59] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 19999 - 0
[  625.256401][   T59] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  625.285813][T23484] syzkaller1: entered promiscuous mode
[  625.291707][T23484] syzkaller1: entered allmulticast mode
[  625.299691][   T59] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 19999 - 0
[  625.321036][   T59] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  625.372253][   T59] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 19999 - 0
[  625.381022][   T59] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  625.466282][T23491] bridge: RTM_NEWNEIGH with invalid ether address
[  625.477161][T23492] __nla_validate_parse: 7 callbacks suppressed
[  625.477180][T23492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5050'.
[  625.505131][T23492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5050'.
[  625.567762][T23492] bridge0: port 7(vlan0) entered blocking state
[  625.577482][T23492] bridge0: port 7(vlan0) entered disabled state
[  625.584697][T23492] vlan0: entered allmulticast mode
[  625.589945][T23492] bridge0: entered allmulticast mode
[  625.599039][T23492] vlan0: left allmulticast mode
[  625.604724][T23492] bridge0: left allmulticast mode
[  626.032432][T23518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5059'.
[  626.138164][T23524] bridge: RTM_NEWNEIGH with invalid ether address
[  626.497372][T23545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5070'.
[  626.524241][T23545] chnl_net:caif_netlink_parms(): no params data found
[  626.550488][T23550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5070'.
[  626.742214][T23558] bridge: RTM_NEWNEIGH with invalid ether address
[  626.908223][T23566] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  626.923184][T23566] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  626.931355][T23566] gretap1: entered promiscuous mode
[  626.938038][T23566] gretap1: entered allmulticast mode
[  627.117851][T23577] netlink: 173 bytes leftover after parsing attributes in process `syz.2.5081'.
[  627.347277][T23589] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  627.355785][T23589] syzkaller0: entered promiscuous mode
[  627.361411][T23589] syzkaller0: entered allmulticast mode
[  627.384235][T23589] syzkaller0: mtu less than device minimum
[  627.392533][T23587] tipc: Resetting bearer <eth:syzkaller0>
[  627.420503][T23587] tipc: Disabling bearer <eth:syzkaller0>
[  627.430381][T23592] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  627.617089][T23597] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5090'.
[  627.675913][T23605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5092'.
[  628.005293][T23621] netlink: 'syz.0.5098': attribute type 64 has an invalid length.
[  628.013555][T23621] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5098'.
[  628.025585][T23621] team_slave_1: entered promiscuous mode
[  628.031304][T23621] team_slave_1: entered allmulticast mode
[  628.607242][T23652] veth0: entered promiscuous mode
[  628.612875][T23652] veth0: left promiscuous mode
[  628.705718][T23656] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5108'.
[  630.434417][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5500 ms
[  630.442811][    C1] lec:lec_tx_timeout: lec0
[  631.548630][T23676] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5117'.
[  631.561823][T23676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5117'.
[  631.615500][T23678] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5118'.
[  631.691461][T23682] netlink: 51 bytes leftover after parsing attributes in process `syz.1.5120'.
[  631.810792][T23688] netlink: 173 bytes leftover after parsing attributes in process `syz.1.5123'.
[  631.827887][T23689] veth0_to_bond: entered allmulticast mode
[  631.955955][T23695] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  632.143195][T23699] nbd: socks must be embedded in a SOCK_ITEM attr
[  686.349678][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  686.360438][ T1301] lec:lec_start_xmit: lec0:No lecd attached
[  691.384422][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  691.393317][    C1] lec:lec_tx_timeout: lec0
[  747.788072][ T1301] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  747.802260][ T1301] lec:lec_start_xmit: lec0:No lecd attached
[  753.384534][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5580 ms
[  753.393440][    C1] lec:lec_tx_timeout: lec0
[  779.147816][   T31] INFO: task kworker/0:1:10 blocked for more than 143 seconds.
[  779.155736][   T31]       Not tainted syzkaller #0
[  779.160826][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  779.169798][   T31] task:kworker/0:1     state:D stack:22200 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00080000
[  779.182162][   T31] Workqueue: events rfkill_uevent_work
[  779.188503][   T31] Call Trace:
[  779.192252][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  779.195647][   T31]  __schedule+0x1798/0x4cc0
[  779.200352][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  779.206405][   T31]  ? __pfx___schedule+0x10/0x10
[  779.211441][   T31]  ? schedule+0x91/0x360
[  779.216744][   T31]  schedule+0x165/0x360
[  779.221435][   T31]  schedule_preempt_disabled+0x13/0x30
[  779.227393][   T31]  __mutex_lock+0x7e6/0x1350
[  779.275029][   T31]  ? __mutex_lock+0x5bb/0x1350
[  779.280767][   T31]  ? rfkill_uevent_work+0x1d/0xa0
[  779.305687][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  779.310817][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  779.321126][   T31]  rfkill_uevent_work+0x1d/0xa0
[  779.327321][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  779.333448][   T31]  process_scheduled_works+0xade/0x17b0
[  779.340124][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  779.347095][   T31]  worker_thread+0x8a0/0xda0
[  779.351871][   T31]  kthread+0x711/0x8a0
[  779.356299][   T31]  ? __pfx_worker_thread+0x10/0x10
[  779.361572][   T31]  ? __pfx_kthread+0x10/0x10
[  779.366865][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  779.372299][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  779.377854][   T31]  ? __pfx_kthread+0x10/0x10
[  779.382485][   T31]  ret_from_fork+0x4b9/0x870
[  779.387880][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  779.393369][   T31]  ? __switch_to_asm+0x39/0x70
[  779.399014][   T31]  ? __switch_to_asm+0x33/0x70
[  779.404020][   T31]  ? __pfx_kthread+0x10/0x10
[  779.408813][   T31]  ret_from_fork_asm+0x1a/0x30
[  779.413653][   T31]  </TASK>
[  779.417014][   T31] INFO: task kworker/1:4:5900 blocked for more than 143 seconds.
[  779.425465][   T31]       Not tainted syzkaller #0
[  779.430507][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  779.439667][   T31] task:kworker/1:4     state:D stack:22296 pid:5900  tgid:5900  ppid:2      task_flags:0x4208060 flags:0x00080000
[  779.454935][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  779.461946][   T31] Call Trace:
[  779.466809][   T31]  <TASK>
[  779.469789][   T31]  __schedule+0x1798/0x4cc0
[  779.479511][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  779.485378][   T31]  ? __pfx___schedule+0x10/0x10
[  779.490375][   T31]  ? schedule+0x91/0x360
[  779.494730][   T31]  schedule+0x165/0x360
[  779.499662][   T31]  schedule_preempt_disabled+0x13/0x30
[  779.505659][   T31]  __mutex_lock+0x7e6/0x1350
[  779.510462][   T31]  ? __mutex_lock+0x5bb/0x1350
[  779.515827][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  779.522144][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  779.528158][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  779.534126][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  779.540036][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  779.546717][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  779.553092][   T31]  process_scheduled_works+0xade/0x17b0
[  779.559405][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  779.566192][   T31]  worker_thread+0x8a0/0xda0
[  779.570912][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  779.578048][   T31]  ? __kthread_parkme+0x7b/0x200
[  779.584078][   T31]  kthread+0x711/0x8a0
[  779.588633][   T31]  ? __pfx_worker_thread+0x10/0x10
[  779.594587][   T31]  ? __pfx_kthread+0x10/0x10
[  779.599517][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  779.605160][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  779.610655][   T31]  ? __pfx_kthread+0x10/0x10
[  779.615427][   T31]  ret_from_fork+0x4b9/0x870
[  779.620244][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  779.625918][   T31]  ? __switch_to_asm+0x39/0x70
[  779.631333][   T31]  ? __switch_to_asm+0x33/0x70
[  779.636730][   T31]  ? __pfx_kthread+0x10/0x10
[  779.641365][   T31]  ret_from_fork_asm+0x1a/0x30
[  779.646328][   T31]  </TASK>
[  779.649423][   T31] INFO: task syz.3.4974:23268 blocked for more than 143 seconds.
[  779.657426][   T31]       Not tainted syzkaller #0
[  779.662847][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  779.672369][   T31] task:syz.3.4974      state:D stack:25096 pid:23268 tgid:23268 ppid:16609  task_flags:0x400040 flags:0x00080003
[  779.685347][   T31] Call Trace:
[  779.689012][   T31]  <TASK>
[  779.692830][   T31]  __schedule+0x1798/0x4cc0
[  779.698258][   T31]  ? __lock_acquire+0xab9/0xd20
[  779.703346][   T31]  ? __lock_acquire+0xab9/0xd20
[  779.709015][   T31]  ? __pfx___schedule+0x10/0x10
[  779.714383][   T31]  ? schedule+0x91/0x360
[  779.719286][   T31]  schedule+0x165/0x360
[  779.723853][   T31]  schedule_preempt_disabled+0x13/0x30
[  779.730046][   T31]  __mutex_lock+0x7e6/0x1350
[  779.735552][   T31]  ? __mutex_lock+0x5bb/0x1350
[  779.740604][   T31]  ? rfkill_unregister+0xc8/0x220
[  779.745830][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  779.751157][   T31]  ? __pfx_device_del+0x10/0x10
[  779.756510][   T31]  rfkill_unregister+0xc8/0x220
[  779.761602][   T31]  nfc_unregister_device+0x96/0x2a0
[  779.767087][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  779.773195][   T31]  virtual_ncidev_close+0x56/0x90
[  779.778397][   T31]  __fput+0x44c/0xa70
[  779.782420][   T31]  task_work_run+0x1d1/0x260
[  779.787405][   T31]  ? __pfx_task_work_run+0x10/0x10
[  779.792647][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  779.798252][   T31]  exit_to_user_mode_loop+0xe9/0x110
[  779.803681][   T31]  do_syscall_64+0x2bd/0xfa0
[  779.808731][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.815581][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  779.821841][   T31]  ? clear_bhb_loop+0x60/0xb0
[  779.827542][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.833727][   T31] RIP: 0033:0x7f75b2b8eec9
[  779.838367][   T31] RSP: 002b:00007fffbb887d98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  779.847721][   T31] RAX: 0000000000000000 RBX: 00007f75b2de7da0 RCX: 00007f75b2b8eec9
[  779.856411][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  779.864950][   T31] RBP: 00007f75b2de7da0 R08: 0000000000000000 R09: 00000011bb88808f
[  779.873325][   T31] R10: 00007f75b2de7cb0 R11: 0000000000000246 R12: 0000000000097a0c
[  779.883200][   T31] R13: 00007f75b2de6180 R14: ffffffffffffffff R15: 00007fffbb887eb0
[  779.891306][   T31]  </TASK>
[  779.894676][   T31] INFO: task syz.4.4978:23285 blocked for more than 144 seconds.
[  779.902543][   T31]       Not tainted syzkaller #0
[  779.908139][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  779.917940][   T31] task:syz.4.4978      state:D stack:24032 pid:23285 tgid:23285 ppid:17616  task_flags:0x400040 flags:0x00080003
[  779.930069][   T31] Call Trace:
[  779.933353][   T31]  <TASK>
[  779.936651][   T31]  __schedule+0x1798/0x4cc0
[  779.941217][   T31]  ? __lock_acquire+0xab9/0xd20
[  779.946324][   T31]  ? __lock_acquire+0xab9/0xd20
[  779.952177][   T31]  ? __pfx___schedule+0x10/0x10
[  779.957740][   T31]  ? schedule+0x91/0x360
[  779.962372][   T31]  schedule+0x165/0x360
[  779.966839][   T31]  schedule_preempt_disabled+0x13/0x30
[  779.972620][   T31]  __mutex_lock+0x7e6/0x1350
[  779.977610][   T31]  ? __mutex_lock+0x5bb/0x1350
[  779.982547][   T31]  ? rfkill_unregister+0xc8/0x220
[  779.987796][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  779.993053][   T31]  ? __pfx_device_del+0x10/0x10
[  779.998301][   T31]  rfkill_unregister+0xc8/0x220
[  780.003693][   T31]  nfc_unregister_device+0x96/0x2a0
[  780.009361][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  780.015857][   T31]  virtual_ncidev_close+0x56/0x90
[  780.021433][   T31]  __fput+0x44c/0xa70
[  780.025956][   T31]  task_work_run+0x1d1/0x260
[  780.030683][   T31]  ? __pfx_task_work_run+0x10/0x10
[  780.035866][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  780.041613][   T31]  exit_to_user_mode_loop+0xe9/0x110
[  780.047088][   T31]  do_syscall_64+0x2bd/0xfa0
[  780.051845][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.058306][   T31]  ? asm_common_interrupt+0x26/0x40
[  780.063695][   T31]  ? clear_bhb_loop+0x60/0xb0
[  780.068566][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.074689][   T31] RIP: 0033:0x7ff42738eec9
[  780.079379][   T31] RSP: 002b:00007fff88a228a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  780.088407][   T31] RAX: 0000000000000000 RBX: 00007ff4275e7da0 RCX: 00007ff42738eec9
[  780.096793][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  780.105849][   T31] RBP: 00007ff4275e7da0 R08: 0000000000000194 R09: 0000001788a22b9f
[  780.114736][   T31] R10: 00007ff4275e7cb0 R11: 0000000000000246 R12: 0000000000097b26
[  780.122933][   T31] R13: 00007ff4275e6270 R14: ffffffffffffffff R15: 00007fff88a229c0
[  780.131685][   T31]  </TASK>
[  780.136314][   T31] INFO: task syz.4.4978:23292 blocked for more than 144 seconds.
[  780.144815][   T31]       Not tainted syzkaller #0
[  780.150174][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  780.159316][   T31] task:syz.4.4978      state:D stack:23944 pid:23292 tgid:23285 ppid:17616  task_flags:0x400040 flags:0x00080003
[  780.172150][   T31] Call Trace:
[  780.175814][   T31]  <TASK>
[  780.178775][   T31]  __schedule+0x1798/0x4cc0
[  780.183580][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.190020][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.195068][   T31]  ? __pfx___schedule+0x10/0x10
[  780.199969][   T31]  ? schedule+0x91/0x360
[  780.204786][   T31]  schedule+0x165/0x360
[  780.209159][   T31]  schedule_preempt_disabled+0x13/0x30
[  780.215147][   T31]  __mutex_lock+0x7e6/0x1350
[  780.219780][   T31]  ? __mutex_lock+0x5bb/0x1350
[  780.224840][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  780.230188][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  780.235555][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  780.240792][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  780.246749][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  780.253403][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  780.259556][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  780.265408][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  780.271560][   T31]  rfkill_set_block+0x1d2/0x440
[  780.277074][   T31]  rfkill_fop_write+0x44b/0x570
[  780.281994][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  780.287478][   T31]  ? security_kernfs_init_security+0x220/0x290
[  780.293960][   T31]  ? rw_verify_area+0x255/0x4d0
[  780.299239][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.304378][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  780.309960][   T31]  vfs_write+0x27e/0xb30
[  780.314244][   T31]  ? __pfx_vfs_write+0x10/0x10
[  780.319186][   T31]  ? __fget_files+0x2a/0x420
[  780.323840][   T31]  ? __fget_files+0x2a/0x420
[  780.328864][   T31]  ? __fget_files+0x3a0/0x420
[  780.334153][   T31]  ? __fget_files+0x2a/0x420
[  780.339691][   T31]  ksys_write+0x145/0x250
[  780.344340][   T31]  ? __pfx_ksys_write+0x10/0x10
[  780.349259][   T31]  ? do_syscall_64+0xbe/0xfa0
[  780.354247][   T31]  do_syscall_64+0xfa/0xfa0
[  780.359323][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  780.364835][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.371476][   T31]  ? clear_bhb_loop+0x60/0xb0
[  780.376559][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.382672][   T31] RIP: 0033:0x7ff42738eec9
[  780.387395][   T31] RSP: 002b:00007ff428248038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  780.395879][   T31] RAX: ffffffffffffffda RBX: 00007ff4275e6090 RCX: 00007ff42738eec9
[  780.403854][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000006
[  780.411964][   T31] RBP: 00007ff427411f91 R08: 0000000000000000 R09: 0000000000000000
[  780.420248][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.428614][   T31] R13: 00007ff4275e6128 R14: 00007ff4275e6090 R15: 00007fff88a22748
[  780.436933][   T31]  </TASK>
[  780.440176][   T31] INFO: task syz.0.5106:23646 blocked for more than 144 seconds.
[  780.448877][   T31]       Not tainted syzkaller #0
[  780.454354][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  780.463430][   T31] task:syz.0.5106      state:D stack:26664 pid:23646 tgid:23645 ppid:16162  task_flags:0x400140 flags:0x00080002
[  780.476735][   T31] Call Trace:
[  780.480225][   T31]  <TASK>
[  780.483281][   T31]  __schedule+0x1798/0x4cc0
[  780.488049][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.493023][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.498372][   T31]  ? __pfx___schedule+0x10/0x10
[  780.503464][   T31]  ? schedule+0x91/0x360
[  780.509382][   T31]  schedule+0x165/0x360
[  780.513783][   T31]  schedule_preempt_disabled+0x13/0x30
[  780.519781][   T31]  __mutex_lock+0x7e6/0x1350
[  780.524483][   T31]  ? __mutex_lock+0x5bb/0x1350
[  780.529993][   T31]  ? rfkill_register+0x37/0x8e0
[  780.535328][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  780.540476][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  780.545980][   T31]  ? device_initialize+0x24b/0x440
[  780.551317][   T31]  rfkill_register+0x37/0x8e0
[  780.565475][   T31]  nfc_register_device+0x14a/0x320
[  780.571184][   T31]  nci_register_device+0x87f/0x9d0
[  780.577069][   T31]  ? __pfx_nci_register_device+0x10/0x10
[  780.583374][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  780.588895][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  780.594772][   T31]  virtual_ncidev_open+0x129/0x1a0
[  780.600304][   T31]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  780.606178][   T31]  misc_open+0x2b9/0x330
[  780.610666][   T31]  chrdev_open+0x4c9/0x5e0
[  780.615223][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  780.620458][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  780.627206][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  780.632269][   T31]  do_dentry_open+0x950/0x13f0
[  780.637283][   T31]  vfs_open+0x3b/0x340
[  780.641408][   T31]  ? path_openat+0x2ecd/0x3830
[  780.646727][   T31]  path_openat+0x2ee5/0x3830
[  780.651386][   T31]  ? arch_stack_walk+0xfc/0x150
[  780.656753][   T31]  ? stack_depot_save_flags+0x40/0x860
[  780.662352][   T31]  ? __pfx_path_openat+0x10/0x10
[  780.667509][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.673703][   T31]  do_filp_open+0x1fa/0x410
[  780.678340][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.683413][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  780.688885][   T31]  ? _raw_spin_unlock+0x28/0x50
[  780.693780][   T31]  ? alloc_fd+0x64c/0x6c0
[  780.698203][   T31]  do_sys_openat2+0x121/0x1c0
[  780.703089][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  780.708470][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  780.713984][   T31]  __x64_sys_openat+0x138/0x170
[  780.719289][   T31]  do_syscall_64+0xfa/0xfa0
[  780.723837][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  780.729299][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.735437][   T31]  ? clear_bhb_loop+0x60/0xb0
[  780.740209][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.746690][   T31] RIP: 0033:0x7f9b7cd8eec9
[  780.751321][   T31] RSP: 002b:00007f9b7aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  780.759821][   T31] RAX: ffffffffffffffda RBX: 00007f9b7cfe5fa0 RCX: 00007f9b7cd8eec9
[  780.767836][   T31] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  780.777881][   T31] RBP: 00007f9b7ce11f91 R08: 0000000000000000 R09: 0000000000000000
[  780.786795][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.794939][   T31] R13: 00007f9b7cfe6038 R14: 00007f9b7cfe5fa0 R15: 00007ffc7a317ea8
[  780.803231][   T31]  </TASK>
[  780.806560][   T31] INFO: task syz.0.5106:23651 blocked for more than 145 seconds.
[  780.814448][   T31]       Not tainted syzkaller #0
[  780.819516][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  780.828372][   T31] task:syz.0.5106      state:D stack:27784 pid:23651 tgid:23645 ppid:16162  task_flags:0x400140 flags:0x00080002
[  780.840968][   T31] Call Trace:
[  780.844374][   T31]  <TASK>
[  780.847426][   T31]  __schedule+0x1798/0x4cc0
[  780.851986][   T31]  ? kasan_save_free_info+0x46/0x50
[  780.857544][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.862477][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.868083][   T31]  ? __pfx___schedule+0x10/0x10
[  780.873089][   T31]  ? schedule+0x91/0x360
[  780.877888][   T31]  schedule+0x165/0x360
[  780.882106][   T31]  schedule_preempt_disabled+0x13/0x30
[  780.887750][   T31]  __mutex_lock+0x7e6/0x1350
[  780.892375][   T31]  ? __mutex_lock+0x5bb/0x1350
[  780.897806][   T31]  ? misc_open+0x51/0x330
[  780.902502][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  780.908072][   T31]  misc_open+0x51/0x330
[  780.912367][   T31]  chrdev_open+0x4c9/0x5e0
[  780.916985][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  780.922143][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  780.928995][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  780.934078][   T31]  do_dentry_open+0x950/0x13f0
[  780.939200][   T31]  vfs_open+0x3b/0x340
[  780.943317][   T31]  ? path_openat+0x2ecd/0x3830
[  780.948430][   T31]  path_openat+0x2ee5/0x3830
[  780.953110][   T31]  ? arch_stack_walk+0xfc/0x150
[  780.958673][   T31]  ? stack_depot_save_flags+0x40/0x860
[  780.964421][   T31]  ? __pfx_path_openat+0x10/0x10
[  780.969403][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.975722][   T31]  do_filp_open+0x1fa/0x410
[  780.980440][   T31]  ? __lock_acquire+0xab9/0xd20
[  780.985905][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  780.990982][   T31]  ? _raw_spin_unlock+0x28/0x50
[  780.995984][   T31]  ? alloc_fd+0x64c/0x6c0
[  781.000373][   T31]  do_sys_openat2+0x121/0x1c0
[  781.005197][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  781.010433][   T31]  ? rcu_is_watching+0x15/0xb0
[  781.015865][   T31]  __x64_sys_openat+0x138/0x170
[  781.020805][   T31]  do_syscall_64+0xfa/0xfa0
[  781.025412][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.030798][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.037105][   T31]  ? clear_bhb_loop+0x60/0xb0
[  781.041839][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.048238][   T31] RIP: 0033:0x7f9b7cd8eec9
[  781.052887][   T31] RSP: 002b:00007f9b7afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  781.061496][   T31] RAX: ffffffffffffffda RBX: 00007f9b7cfe6090 RCX: 00007f9b7cd8eec9
[  781.069859][   T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  781.078550][   T31] RBP: 00007f9b7ce11f91 R08: 0000000000000000 R09: 0000000000000000
[  781.086631][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  781.094738][   T31] R13: 00007f9b7cfe6128 R14: 00007f9b7cfe6090 R15: 00007ffc7a317ea8
[  781.103042][   T31]  </TASK>
[  781.106463][   T31] INFO: task syz.2.5122:23686 blocked for more than 145 seconds.
[  781.114233][   T31]       Not tainted syzkaller #0
[  781.119529][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  781.128295][   T31] task:syz.2.5122      state:D stack:28296 pid:23686 tgid:23684 ppid:16747  task_flags:0x400040 flags:0x00080002
[  781.140626][   T31] Call Trace:
[  781.144120][   T31]  <TASK>
[  781.147148][   T31]  __schedule+0x1798/0x4cc0
[  781.151765][   T31]  ? kasan_save_free_info+0x46/0x50
[  781.157490][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.162389][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.167557][   T31]  ? __pfx___schedule+0x10/0x10
[  781.172550][   T31]  ? schedule+0x91/0x360
[  781.176915][   T31]  schedule+0x165/0x360
[  781.181196][   T31]  schedule_preempt_disabled+0x13/0x30
[  781.186844][   T31]  __mutex_lock+0x7e6/0x1350
[  781.191482][   T31]  ? __mutex_lock+0x5bb/0x1350
[  781.197048][   T31]  ? misc_open+0x51/0x330
[  781.201414][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  781.207197][   T31]  misc_open+0x51/0x330
[  781.211526][   T31]  chrdev_open+0x4c9/0x5e0
[  781.216780][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.221980][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  781.230269][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.235551][   T31]  do_dentry_open+0x950/0x13f0
[  781.240737][   T31]  vfs_open+0x3b/0x340
[  781.245018][   T31]  ? path_openat+0x2ecd/0x3830
[  781.249927][   T31]  path_openat+0x2ee5/0x3830
[  781.254963][   T31]  ? arch_stack_walk+0xfc/0x150
[  781.260002][   T31]  ? stack_depot_save_flags+0x40/0x860
[  781.265707][   T31]  ? __pfx_path_openat+0x10/0x10
[  781.270686][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.276881][   T31]  do_filp_open+0x1fa/0x410
[  781.281778][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.287109][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  781.292190][   T31]  ? _raw_spin_unlock+0x28/0x50
[  781.297189][   T31]  ? alloc_fd+0x64c/0x6c0
[  781.301705][   T31]  do_sys_openat2+0x121/0x1c0
[  781.307002][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  781.312333][   T31]  ? exc_page_fault+0x82/0x100
[  781.317750][   T31]  ? do_user_addr_fault+0xc85/0x1380
[  781.323744][   T31]  __x64_sys_openat+0x138/0x170
[  781.328875][   T31]  do_syscall_64+0xfa/0xfa0
[  781.333527][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.339018][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.345747][   T31]  ? clear_bhb_loop+0x60/0xb0
[  781.350564][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.356718][   T31] RIP: 0033:0x7f6fffb8eec9
[  781.361350][   T31] RSP: 002b:00007f7000a42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  781.370593][   T31] RAX: ffffffffffffffda RBX: 00007f6fffde5fa0 RCX: 00007f6fffb8eec9
[  781.379024][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  781.387808][   T31] RBP: 00007f6fffc11f91 R08: 0000000000000000 R09: 0000000000000000
[  781.396106][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  781.404119][   T31] R13: 00007f6fffde6038 R14: 00007f6fffde5fa0 R15: 00007fffd68110d8
[  781.412584][   T31]  </TASK>
[  781.415813][   T31] INFO: task syz.2.5122:23689 blocked for more than 145 seconds.
[  781.423569][   T31]       Not tainted syzkaller #0
[  781.429013][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  781.438723][   T31] task:syz.2.5122      state:D stack:22824 pid:23689 tgid:23684 ppid:16747  task_flags:0x400140 flags:0x00080002
[  781.451354][   T31] Call Trace:
[  781.455683][   T31]  <TASK>
[  781.458683][   T31]  __schedule+0x1798/0x4cc0
[  781.463302][   T31]  ? kasan_save_free_info+0x46/0x50
[  781.470334][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.475711][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.480599][   T31]  ? __pfx___schedule+0x10/0x10
[  781.485949][   T31]  ? schedule+0x91/0x360
[  781.490328][   T31]  schedule+0x165/0x360
[  781.494756][   T31]  schedule_preempt_disabled+0x13/0x30
[  781.500296][   T31]  __mutex_lock+0x7e6/0x1350
[  781.505220][   T31]  ? __mutex_lock+0x5bb/0x1350
[  781.510031][   T31]  ? misc_open+0x51/0x330
[  781.514446][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  781.519617][   T31]  misc_open+0x51/0x330
[  781.523803][   T31]  chrdev_open+0x4c9/0x5e0
[  781.528519][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.533503][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  781.540418][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.545764][   T31]  do_dentry_open+0x950/0x13f0
[  781.550669][   T31]  vfs_open+0x3b/0x340
[  781.554929][   T31]  ? path_openat+0x2ecd/0x3830
[  781.559946][   T31]  path_openat+0x2ee5/0x3830
[  781.565033][   T31]  ? arch_stack_walk+0xfc/0x150
[  781.570217][   T31]  ? stack_depot_save_flags+0x40/0x860
[  781.575811][   T31]  ? __pfx_path_openat+0x10/0x10
[  781.580984][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.587621][   T31]  do_filp_open+0x1fa/0x410
[  781.592264][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.597750][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  781.602953][   T31]  ? _raw_spin_unlock+0x28/0x50
[  781.608536][   T31]  ? alloc_fd+0x64c/0x6c0
[  781.613348][   T31]  do_sys_openat2+0x121/0x1c0
[  781.618122][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  781.623357][   T31]  ? rcu_is_watching+0x15/0xb0
[  781.628426][   T31]  __x64_sys_openat+0x138/0x170
[  781.633307][   T31]  do_syscall_64+0xfa/0xfa0
[  781.638030][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.643882][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.650393][   T31]  ? clear_bhb_loop+0x60/0xb0
[  781.655288][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.661287][   T31] RIP: 0033:0x7f6fffb8eec9
[  781.665884][   T31] RSP: 002b:00007f7000a21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  781.674476][   T31] RAX: ffffffffffffffda RBX: 00007f6fffde6090 RCX: 00007f6fffb8eec9
[  781.682664][   T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  781.691175][   T31] RBP: 00007f6fffc11f91 R08: 0000000000000000 R09: 0000000000000000
[  781.699365][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  781.707816][   T31] R13: 00007f6fffde6128 R14: 00007f6fffde6090 R15: 00007fffd68110d8
[  781.716401][   T31]  </TASK>
[  781.719799][   T31] INFO: task syz.2.5122:23692 blocked for more than 145 seconds.
[  781.728782][   T31]       Not tainted syzkaller #0
[  781.733785][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  781.743208][   T31] task:syz.2.5122      state:D stack:27776 pid:23692 tgid:23684 ppid:16747  task_flags:0x400040 flags:0x00080002
[  781.755911][   T31] Call Trace:
[  781.759264][   T31]  <TASK>
[  781.762222][   T31]  __schedule+0x1798/0x4cc0
[  781.767345][   T31]  ? kasan_save_free_info+0x46/0x50
[  781.772667][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.777732][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.782623][   T31]  ? __pfx___schedule+0x10/0x10
[  781.787800][   T31]  ? schedule+0x91/0x360
[  781.792081][   T31]  schedule+0x165/0x360
[  781.796881][   T31]  schedule_preempt_disabled+0x13/0x30
[  781.802467][   T31]  __mutex_lock+0x7e6/0x1350
[  781.807362][   T31]  ? __mutex_lock+0x5bb/0x1350
[  781.812189][   T31]  ? misc_open+0x51/0x330
[  781.816740][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  781.821975][   T31]  misc_open+0x51/0x330
[  781.826679][   T31]  chrdev_open+0x4c9/0x5e0
[  781.831230][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.836345][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  781.842897][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  781.848212][   T31]  do_dentry_open+0x950/0x13f0
[  781.853902][   T31]  vfs_open+0x3b/0x340
[  781.858479][   T31]  ? path_openat+0x2ecd/0x3830
[  781.863252][   T31]  path_openat+0x2ee5/0x3830
[  781.868056][   T31]  ? arch_stack_walk+0xfc/0x150
[  781.873224][   T31]  ? stack_depot_save_flags+0x40/0x860
[  781.878858][   T31]  ? __pfx_path_openat+0x10/0x10
[  781.883908][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.890870][   T31]  do_filp_open+0x1fa/0x410
[  781.895472][   T31]  ? __lock_acquire+0xab9/0xd20
[  781.900587][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  781.906000][   T31]  ? _raw_spin_unlock+0x28/0x50
[  781.910915][   T31]  ? alloc_fd+0x64c/0x6c0
[  781.915976][   T31]  do_sys_openat2+0x121/0x1c0
[  781.920673][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  781.926093][   T31]  ? rcu_is_watching+0x15/0xb0
[  781.930890][   T31]  __x64_sys_openat+0x138/0x170
[  781.935913][   T31]  do_syscall_64+0xfa/0xfa0
[  781.940807][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.946816][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.953096][   T31]  ? clear_bhb_loop+0x60/0xb0
[  781.958060][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.964097][   T31] RIP: 0033:0x7f6fffb8eec9
[  781.968826][   T31] RSP: 002b:00007f7000a00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  781.978252][   T31] RAX: ffffffffffffffda RBX: 00007f6fffde6180 RCX: 00007f6fffb8eec9
[  781.986462][   T31] RDX: 0000000000000000 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  781.994675][   T31] RBP: 00007f6fffc11f91 R08: 0000000000000000 R09: 0000000000000000
[  782.002751][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  782.011373][   T31] R13: 00007f6fffde6218 R14: 00007f6fffde6180 R15: 00007fffd68110d8
[  782.019703][   T31]  </TASK>
[  782.022761][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  782.032181][   T31] INFO: task syz.2.5122:23695 blocked for more than 146 seconds.
[  782.040470][   T31]       Not tainted syzkaller #0
[  782.045719][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  782.054535][   T31] task:syz.2.5122      state:D stack:25480 pid:23695 tgid:23684 ppid:16747  task_flags:0x400140 flags:0x00080002
[  782.067200][   T31] Call Trace:
[  782.070672][   T31]  <TASK>
[  782.073762][   T31]  __schedule+0x1798/0x4cc0
[  782.078589][   T31]  ? kasan_save_free_info+0x46/0x50
[  782.084103][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.089210][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.094190][   T31]  ? __pfx___schedule+0x10/0x10
[  782.100136][   T31]  ? schedule+0x91/0x360
[  782.104706][   T31]  schedule+0x165/0x360
[  782.109001][   T31]  schedule_preempt_disabled+0x13/0x30
[  782.114747][   T31]  __mutex_lock+0x7e6/0x1350
[  782.119451][   T31]  ? __mutex_lock+0x5bb/0x1350
[  782.125094][   T31]  ? misc_open+0x51/0x330
[  782.129781][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  782.135342][   T31]  misc_open+0x51/0x330
[  782.139629][   T31]  chrdev_open+0x4c9/0x5e0
[  782.144775][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.149830][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  782.156933][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.162017][   T31]  do_dentry_open+0x950/0x13f0
[  782.167156][   T31]  vfs_open+0x3b/0x340
[  782.171466][   T31]  ? path_openat+0x2ecd/0x3830
[  782.176633][   T31]  path_openat+0x2ee5/0x3830
[  782.181333][   T31]  ? arch_stack_walk+0xfc/0x150
[  782.187138][   T31]  ? stack_depot_save_flags+0x40/0x860
[  782.192703][   T31]  ? __pfx_path_openat+0x10/0x10
[  782.197785][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.203911][   T31]  do_filp_open+0x1fa/0x410
[  782.208688][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.213579][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  782.219076][   T31]  ? _raw_spin_unlock+0x28/0x50
[  782.224016][   T31]  ? alloc_fd+0x64c/0x6c0
[  782.228608][   T31]  do_sys_openat2+0x121/0x1c0
[  782.233363][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  782.238757][   T31]  ? __fget_files+0x3a0/0x420
[  782.243473][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  782.249472][   T31]  __x64_sys_openat+0x138/0x170
[  782.254465][   T31]  do_syscall_64+0xfa/0xfa0
[  782.259581][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.265119][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.271340][   T31]  ? clear_bhb_loop+0x60/0xb0
[  782.276842][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.282951][   T31] RIP: 0033:0x7f6fffb8eec9
[  782.287614][   T31] RSP: 002b:00007f70009df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  782.296307][   T31] RAX: ffffffffffffffda RBX: 00007f6fffde6270 RCX: 00007f6fffb8eec9
[  782.305017][   T31] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  782.313109][   T31] RBP: 00007f6fffc11f91 R08: 0000000000000000 R09: 0000000000000000
[  782.321268][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  782.329392][   T31] R13: 00007f6fffde6308 R14: 00007f6fffde6270 R15: 00007fffd68110d8
[  782.338013][   T31]  </TASK>
[  782.341041][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  782.350545][   T31] INFO: task syz.1.5125:23694 blocked for more than 146 seconds.
[  782.358729][   T31]       Not tainted syzkaller #0
[  782.363687][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  782.373445][   T31] task:syz.1.5125      state:D stack:28296 pid:23694 tgid:23693 ppid:15621  task_flags:0x400140 flags:0x00080002
[  782.385767][   T31] Call Trace:
[  782.389052][   T31]  <TASK>
[  782.391981][   T31]  __schedule+0x1798/0x4cc0
[  782.397024][   T31]  ? kasan_save_free_info+0x46/0x50
[  782.402268][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.407269][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.412148][   T31]  ? __pfx___schedule+0x10/0x10
[  782.417179][   T31]  ? schedule+0x91/0x360
[  782.421641][   T31]  schedule+0x165/0x360
[  782.426805][   T31]  schedule_preempt_disabled+0x13/0x30
[  782.432281][   T31]  __mutex_lock+0x7e6/0x1350
[  782.436929][   T31]  ? __mutex_lock+0x5bb/0x1350
[  782.441724][   T31]  ? misc_open+0x51/0x330
[  782.446294][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  782.452156][   T31]  misc_open+0x51/0x330
[  782.456912][   T31]  chrdev_open+0x4c9/0x5e0
[  782.461347][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.466629][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  782.473348][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.478469][   T31]  do_dentry_open+0x950/0x13f0
[  782.483276][   T31]  vfs_open+0x3b/0x340
[  782.488026][   T31]  ? path_openat+0x2ecd/0x3830
[  782.492911][   T31]  path_openat+0x2ee5/0x3830
[  782.497630][   T31]  ? arch_stack_walk+0xfc/0x150
[  782.502640][   T31]  ? stack_depot_save_flags+0x40/0x860
[  782.508974][   T31]  ? __pfx_path_openat+0x10/0x10
[  782.514040][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.520644][   T31]  do_filp_open+0x1fa/0x410
[  782.525299][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.530402][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  782.535605][   T31]  ? _raw_spin_unlock+0x28/0x50
[  782.540484][   T31]  ? alloc_fd+0x64c/0x6c0
[  782.545526][   T31]  do_sys_openat2+0x121/0x1c0
[  782.550361][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  782.555885][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  782.561290][   T31]  __x64_sys_openat+0x138/0x170
[  782.566325][   T31]  do_syscall_64+0xfa/0xfa0
[  782.572186][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.578425][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.587181][   T31]  ? clear_bhb_loop+0x60/0xb0
[  782.592008][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.598754][   T31] RIP: 0033:0x7fa64d58eec9
[  782.603194][   T31] RSP: 002b:00007fa64e4f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  782.612004][   T31] RAX: ffffffffffffffda RBX: 00007fa64d7e5fa0 RCX: 00007fa64d58eec9
[  782.620272][   T31] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  782.628757][   T31] RBP: 00007fa64d611f91 R08: 0000000000000000 R09: 0000000000000000
[  782.637034][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  782.645385][   T31] R13: 00007fa64d7e6038 R14: 00007fa64d7e5fa0 R15: 00007fff5af15f08
[  782.653405][   T31]  </TASK>
[  782.656762][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  782.666124][   T31] INFO: task syz-executor:23707 blocked for more than 146 seconds.
[  782.674131][   T31]       Not tainted syzkaller #0
[  782.679231][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  782.688418][   T31] task:syz-executor    state:D stack:28008 pid:23707 tgid:23707 ppid:1      task_flags:0x400040 flags:0x00080000
[  782.700911][   T31] Call Trace:
[  782.704494][   T31]  <TASK>
[  782.707534][   T31]  __schedule+0x1798/0x4cc0
[  782.712067][   T31]  ? kasan_save_free_info+0x46/0x50
[  782.717579][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.722615][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.728193][   T31]  ? __pfx___schedule+0x10/0x10
[  782.733372][   T31]  ? schedule+0x91/0x360
[  782.738034][   T31]  schedule+0x165/0x360
[  782.742271][   T31]  schedule_preempt_disabled+0x13/0x30
[  782.748241][   T31]  __mutex_lock+0x7e6/0x1350
[  782.752962][   T31]  ? __mutex_lock+0x5bb/0x1350
[  782.758338][   T31]  ? misc_open+0x51/0x330
[  782.762720][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  782.768004][   T31]  misc_open+0x51/0x330
[  782.772298][   T31]  chrdev_open+0x4c9/0x5e0
[  782.777157][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.782353][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  782.788982][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  782.794044][   T31]  do_dentry_open+0x950/0x13f0
[  782.798941][   T31]  vfs_open+0x3b/0x340
[  782.803055][   T31]  ? path_openat+0x2ecd/0x3830
[  782.808193][   T31]  path_openat+0x2ee5/0x3830
[  782.812811][   T31]  ? __pfx_css_rstat_updated+0x10/0x10
[  782.818634][   T31]  ? count_memcg_event_mm+0x21/0x260
[  782.823986][   T31]  ? __pfx_path_openat+0x10/0x10
[  782.829249][   T31]  ? __pfx___up_read+0x10/0x10
[  782.834145][   T31]  ? do_user_addr_fault+0xbbc/0x1380
[  782.839801][   T31]  do_filp_open+0x1fa/0x410
[  782.844728][   T31]  ? __lock_acquire+0xab9/0xd20
[  782.849742][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  782.855180][   T31]  ? _raw_spin_unlock+0x28/0x50
[  782.860111][   T31]  ? alloc_fd+0x64c/0x6c0
[  782.864883][   T31]  do_sys_openat2+0x121/0x1c0
[  782.869720][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  782.875430][   T31]  ? fd_install+0x97/0x540
[  782.880154][   T31]  ? fd_install+0x30d/0x540
[  782.884961][   T31]  __x64_sys_openat+0x138/0x170
[  782.889939][   T31]  do_syscall_64+0xfa/0xfa0
[  782.895205][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.900578][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.906918][   T31]  ? clear_bhb_loop+0x60/0xb0
[  782.911689][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.917715][   T31] RIP: 0033:0x7fac1938d691
[  782.922258][   T31] RSP: 002b:00007ffc85f9e4f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  782.931050][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fac1938d691
[  782.939160][   T31] RDX: 0000000000000002 RSI: 00007fac1941299a RDI: 00000000ffffff9c
[  782.948415][   T31] RBP: 00007fac1941299a R08: 0000000000000000 R09: 00007fac1a11d6c0
[  782.957054][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  782.965343][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  782.973362][   T31]  </TASK>
[  782.976493][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  782.988963][   T31] 
[  782.988963][   T31] Showing all locks held in the system:
[  782.997626][   T31] 3 locks held by kworker/0:1/10:
[  783.002697][   T31]  #0: ffff88801a481148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  783.014064][   T31]  #1: ffffc900000f7ba0 ((work_completion)(&rfkill->uevent_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  783.027839][   T31]  #2: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_uevent_work+0x1d/0xa0
[  783.038243][   T31] 1 lock held by khungtaskd/31:
[  783.043305][   T31]  #0: ffffffff8e13a960 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  783.053816][   T31] 1 lock held by klogd/5183:
[  783.058850][   T31]  #0: ffff8880b863a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  783.068981][   T31] 2 locks held by getty/5587:
[  783.074773][   T31]  #0: ffff8880335a30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  783.085329][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  783.095876][   T31] 3 locks held by kworker/1:4/5900:
[  783.101107][   T31]  #0: ffff88801a481148 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  783.112430][   T31]  #1: ffffc90004507ba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  783.126575][   T31]  #2: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  783.138668][   T31] 2 locks held by syz.3.4974/23268:
[  783.143906][   T31]  #0: ffff888051af9100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  783.155071][   T31]  #1: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  783.165567][   T31] 2 locks held by syz.4.4978/23285:
[  783.170878][   T31]  #0: ffff888031730100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  783.181153][   T31]  #1: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  783.191933][   T31] 2 locks held by syz.4.4978/23292:
[  783.197355][   T31]  #0: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  783.207885][   T31]  #1: ffff888051af9100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  783.218236][   T31] 3 locks held by syz.0.5106/23646:
[  783.223550][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.232413][   T31]  #1: ffff88804bceb100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  783.242175][   T31]  #2: ffffffff8f7b21c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  783.252969][   T31] 1 lock held by syz.0.5106/23651:
[  783.258325][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.267487][   T31] 1 lock held by syz.2.5122/23686:
[  783.273006][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.282229][   T31] 1 lock held by syz.2.5122/23689:
[  783.287827][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.296543][   T31] 1 lock held by syz.2.5122/23692:
[  783.301750][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.310814][   T31] 1 lock held by syz.2.5122/23695:
[  783.316423][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.325121][   T31] 1 lock held by syz.1.5125/23694:
[  783.330509][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.339862][   T31] 1 lock held by syz-executor/23707:
[  783.345869][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.354936][   T31] 1 lock held by syz-executor/23709:
[  783.360310][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.369495][   T31] 1 lock held by syz-executor/23711:
[  783.374986][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.383971][   T31] 1 lock held by syz-executor/23714:
[  783.389636][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.398760][   T31] 1 lock held by syz-executor/23715:
[  783.404190][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.413053][   T31] 1 lock held by syz-executor/23717:
[  783.418572][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.427876][   T31] 1 lock held by syz-executor/23719:
[  783.433165][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.441809][   T31] 1 lock held by syz-executor/23721:
[  783.447245][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.456441][   T31] 1 lock held by syz-executor/23724:
[  783.461740][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.471094][   T31] 1 lock held by syz-executor/23725:
[  783.476797][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.485665][   T31] 1 lock held by syz-executor/23727:
[  783.490975][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.499709][   T31] 1 lock held by syz-executor/23729:
[  783.505237][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.513858][   T31] 1 lock held by syz-executor/23731:
[  783.519802][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.528476][   T31] 1 lock held by syz-executor/23734:
[  783.533853][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.542730][   T31] 1 lock held by syz-executor/23735:
[  783.549053][   T31]  #0: ffffffff8e9822a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  783.557982][   T31] 
[  783.560437][   T31] =============================================
[  783.560437][   T31] 
[  783.569433][   T31] NMI backtrace for cpu 1
[  783.569454][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  783.569475][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  783.569486][   T31] Call Trace:
[  783.569497][   T31]  <TASK>
[  783.569506][   T31]  dump_stack_lvl+0x189/0x250
[  783.569533][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.569554][   T31]  ? __pfx__printk+0x10/0x10
[  783.569595][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  783.569624][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  783.569648][   T31]  ? __pfx__printk+0x10/0x10
[  783.569671][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  783.569690][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  783.569706][   T31]  watchdog+0xf93/0xfe0
[  783.569726][   T31]  ? watchdog+0x1de/0xfe0
[  783.569746][   T31]  kthread+0x711/0x8a0
[  783.569762][   T31]  ? __pfx_watchdog+0x10/0x10
[  783.569778][   T31]  ? __pfx_kthread+0x10/0x10
[  783.569792][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  783.569808][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  783.569824][   T31]  ? __pfx_kthread+0x10/0x10
[  783.569837][   T31]  ret_from_fork+0x4b9/0x870
[  783.569857][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  783.569878][   T31]  ? __switch_to_asm+0x39/0x70
[  783.569891][   T31]  ? __switch_to_asm+0x33/0x70
[  783.569903][   T31]  ? __pfx_kthread+0x10/0x10
[  783.569917][   T31]  ret_from_fork_asm+0x1a/0x30
[  783.569940][   T31]  </TASK>
[  783.569945][   T31] Sending NMI from CPU 1 to CPUs 0:
[  783.720872][    C0] NMI backtrace for cpu 0
[  783.720892][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  783.720911][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  783.720921][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  783.720951][    C0] Code: 43 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 66 23 00 f3 0f 1e fa fb f4 <e9> 18 e8 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  783.720966][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
[  783.720982][    C0] RAX: 15c930f85a7ed200 RBX: ffffffff81958c97 RCX: 15c930f85a7ed200
[  783.720995][    C0] RDX: 0000000000000001 RSI: ffffffff8d7ddd10 RDI: ffffffff8bc03b60
[  783.721007][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632fdb R09: 1ffff110170c65fb
[  783.721019][    C0] R10: dffffc0000000000 R11: ffffed10170c65fc R12: ffffffff8f9d4c30
[  783.721031][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a28
[  783.721042][    C0] FS:  0000000000000000(0000) GS:ffff888125d3b000(0000) knlGS:0000000000000000
[  783.721055][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  783.721067][    C0] CR2: 000055caa5818000 CR3: 000000000df36000 CR4: 00000000003526f0
[  783.721084][    C0] Call Trace:
[  783.721093][    C0]  <TASK>
[  783.721100][    C0]  default_idle+0x13/0x20
[  783.721117][    C0]  default_idle_call+0x73/0xb0
[  783.721135][    C0]  do_idle+0x1e7/0x510
[  783.721157][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  783.721181][    C0]  ? __pfx_do_idle+0x10/0x10
[  783.721207][    C0]  ? do_idle+0x4e7/0x510
[  783.721231][    C0]  cpu_startup_entry+0x44/0x60
[  783.721254][    C0]  rest_init+0x2de/0x300
[  783.721272][    C0]  start_kernel+0x3ae/0x410
[  783.721297][    C0]  x86_64_start_reservations+0x24/0x30
[  783.721314][    C0]  x86_64_start_kernel+0x143/0x1c0
[  783.721332][    C0]  common_startup_64+0x13e/0x147
[  783.721358][    C0]  </TASK>
[  783.727826][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  783.727848][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  783.727871][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  783.727882][   T31] Call Trace:
[  783.727891][   T31]  <TASK>
[  783.727899][   T31]  dump_stack_lvl+0x99/0x250
[  783.727925][   T31]  ? __asan_memcpy+0x40/0x70
[  783.727953][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.727973][   T31]  ? __pfx__printk+0x10/0x10
[  783.728005][   T31]  vpanic+0x281/0x750
[  783.728033][   T31]  ? __pfx_vpanic+0x10/0x10
[  783.728056][   T31]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  783.728078][   T31]  ? preempt_schedule+0xae/0xc0
[  783.728106][   T31]  ? preempt_schedule_common+0x83/0xd0
[  783.728138][   T31]  panic+0xb9/0xc0
[  783.728168][   T31]  ? __pfx_panic+0x10/0x10
[  783.728194][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  783.728225][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  783.728250][   T31]  watchdog+0xfd2/0xfe0
[  783.728282][   T31]  ? watchdog+0x1de/0xfe0
[  783.728313][   T31]  kthread+0x711/0x8a0
[  783.728338][   T31]  ? __pfx_watchdog+0x10/0x10
[  783.728363][   T31]  ? __pfx_kthread+0x10/0x10
[  783.728386][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  783.728411][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  783.728437][   T31]  ? __pfx_kthread+0x10/0x10
[  783.728467][   T31]  ret_from_fork+0x4b9/0x870
[  783.728497][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  783.728531][   T31]  ? __switch_to_asm+0x39/0x70
[  783.728551][   T31]  ? __switch_to_asm+0x33/0x70
[  783.728571][   T31]  ? __pfx_kthread+0x10/0x10
[  783.728593][   T31]  ret_from_fork_asm+0x1a/0x30
[  783.728633][   T31]  </TASK>
[  784.077058][   T31] Kernel Offset: disabled
[  784.081383][   T31] Rebooting in 86400 seconds..