last executing test programs:

2.534752944s ago: executing program 1 (id=4110):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x7)
bind$ax25(r1, &(0x7f0000000540)={{0x3, @default}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r1)
bind$rxrpc(r0, &(0x7f0000000180)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24)
listen(r0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x6, 0x4}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xffffffff}, 0x90)
sendto$rxrpc(r0, &(0x7f00000005c0)="f643886b3db8a7124b39f6bcd99dbba3144b73ac9b46972ecbbb4de7d9f69999a98a9000d9d5635f4146aa624e7f344d3eaaf13cc6759dc3337021f4075c90c5d8e8774a051ab6b4ac1192864c38f8eab142d6f79b07db6444f8854d6a8fede415b30c89fa73bc97433fb88db8fa94e55ccd52aaf2731500da49c4b562b1ca318ccf127715014c120c8ee6ae54d1ba89284200801dd7eb4914d23e705b73fe01e9d0cad42289dbbb62707794ca1d5bdc34baa23eb8abfbe0553eb6d1f39a", 0xbe, 0x0, &(0x7f0000000040)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e20, @local}}, 0x24)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f00000007c0)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x2, 0x3, 0x1, 0x0, 0x9a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
sendfile(r3, r4, 0x0, 0xffffffff004)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a8bc", 0x18, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x1, 0x2}]}}}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
recvmmsg(r0, &(0x7f00000043c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x142, 0x0)

2.083027986s ago: executing program 1 (id=4117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r0, 0x0, 0x0)

2.054835741s ago: executing program 4 (id=4118):
r0 = socket(0x10, 0x3, 0x40000001)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, 0x1402, 0x1, 0x70bd2a, 0x25dfdc02, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005e000102"], 0x1c}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000000)={0x0, 'nr0\x00', {0x4}, 0xf09})
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4801}, 0x0)
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)="17", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r4, 0x1)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000000)={0x9, 0x8c, 0x7, 0x8, 0x2, 0x3, 0x1, 0x80, 0x0, 0x4, 0x86, 0x9, 0x9, 0x7}, 0xe)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaa0300aaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e6200489078030000000200000088c73b210700000001dbe5712c1c941e1cdafbbb43f09c28e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b4"], 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
r7 = accept4$phonet_pipe(r0, &(0x7f0000000080), &(0x7f00000000c0)=0x10, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(r7, 0x40046721, &(0x7f0000000100)={r2})
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f00000006c0)=0x6, 0x4)

2.000596484s ago: executing program 2 (id=4120):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) (async)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000880)=@security={'security\x00', 0xe, 0x4, 0x480, 0xffffffff, 0xd0, 0xd0, 0x0, 0xffffffff, 0xffffffff, 0x3b0, 0x3b0, 0x3b0, 0xffffffff, 0x4, &(0x7f0000000100), {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x856, 0x1, 0x2}}}, {{@uncond, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:passwd_exec_t:s0\x00'}}}, {{@ipv6={@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff, 0xff, 0xffffffff, 0xff000000], [0xff, 0xffffffff, 0x0, 0xffffffff], 'pim6reg0\x00', 'ipvlan0\x00', {}, {}, 0x2b, 0x1, 0x2, 0x8}, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@icmp6={{0x28}, {0x5, "4bb1"}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "fbeee6ea6c97e784f9615a77636f1b658fd1f203b42ea25877e1216283da"}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e0) (async)
sendmsg$L2TP_CMD_SESSION_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x30, r2, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xff}]}, 0x30}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8000) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000002000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000007"], 0x64}}, 0x0) (async)
connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x3, 0x1, 0x1, 0x2}}, 0x26)

1.893840369s ago: executing program 3 (id=4121):
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x42, 0x40, 0x42}, 0x50)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000180)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f00000001c0)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000880), 0x1006, r0, 0x0, 0xd88d02a0}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r0, &(0x7f0000000100), &(0x7f0000002240)=""/99}, 0x20) (async)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r0, &(0x7f0000000100), &(0x7f0000002240)=""/99}, 0x20)
sendto$rxrpc(0xffffffffffffffff, &(0x7f0000000080)="e3710f00217d24965647c62556fdfd5a1c8fa69473fa99bc395b70edf18e3d94a3c2d0f4fdf009c830bb0000000000006e37126edf502069303187fde7bf2ad4841bdac1a83d6b8519b298517c", 0x4d, 0x24000884, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x5)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r3) (async)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r3)
sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x28, r4, 0x223, 0x0, 0x0, {0x3}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback={0xe0ffff00000000}}]}, 0x28}}, 0x0)

1.893296135s ago: executing program 4 (id=4122):
r0 = epoll_create1(0x0) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="03000000000000000000000000000000851000000500000085000000bb0000006d0000000000000018000000ffff0000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34}, 0x90) (async)
r2 = accept4(r1, 0x0, 0x0, 0x80000) (async)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x6d}, 0x8) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r2)
writev(r2, &(0x7f0000000040)=[{&(0x7f00000012c0)="a4eac90f8e3ae7580e2e693731ef6b447fc2057d9a84e61f40c79e10218d131f865d68b23cd7c3f2b681e2205f67f140252abcc3b8015e176881d81a9e61b6a2c92a9d8e1f51861b64e7b61bf9a131e197f5a6c6d4d887d86c79836e81c69e211d2bf4c595b01c94de464ff9aa72b6058fe774c81142bbce9bd0d83f6239362c3347e3daadb292cf3fee4766a2d43cf006a476ce0e4dd221acdcdefcf67733ed2978c2cd564772844077920cf54543db03688079168e36709dbbf84933a2415a32617f7de4336d89967c2cbcd76a973d88a3c440862bc11e51df6f1cd25f1aa711b721c33703645bcf93b775f1eb28c7640d1b7cbe44b9fc0e55d1a4d8f83b8fd537a231fe75ebb7255387d089ae7924c86b36f11d4c09d27626fd8cd62dbee1662558322e3dffdb4c4816e8ee2501b8e73eda5a8caf70487ea6edede6b8337d5ff348bd874de5b9a5058b85c0659031d237abfcdc40bd6b45d4845b08adc7bdaefa8099bef8d5f6cae07abc605dc651a21b04ae53f6d89d9fac3ec696ca9508a681ca65a4524242fae4d79e40840ce54330107125a916b03459f58e4e6c3215a97e391c069926a24d9486909ef1f0c210514e2cd81cbaa6352a2de4f5829eb670a6500c83eb8c8bd5edbe4005bfb524fce3d4796d028acf27fb9df67851db5d59b2f88d97aa591d607d602dbb9bb4211abbc8641610aae237e8d47f8381dced80019a4e9b3d0e6e2a978ffeec19fe0a6077eb48d3d4d478801eb1902bb3f8552d402dd8de49cb6bb7c78600c75e3bcf53bf58e391d6484423cbfe17cf95f3b30a41b849af63ffd6a7b5aaab0ce5ac6d78519430c27415fd46f150671ee860341b9c473937c498cc9aae0cb64a73f24780b4771b1ea51816bd68f19c49747c4caf0acd418517e88e1f82cd9d2d870abb33624483670269aac3d2fe75fff726d60fe1be2fc2abc47b98eb75ef2f7f4eca0b50450ef48d71921cd10307563d120eed0416e3dcf4b198ec8424d857ab872d9de56e614e3fba275bae2c21793bebe86cdfbe822bffd2c9be6e623fcbb441e202cf8107da69cb06f93f7956a4ee88de99dc881fac8894ea5acaf4cac4c65de055017ab0dcd1adab2a22e1c2a12e73316be0f4d07b405d6bf4adda88fac3f081f8f180b403a067184b26e35860e1064d87748390e6f63217d7db40f002f85c57c125be768d68600e2c795a83a3477481a41b8392a6ae2c3a51cec2da15980c299f528e658641960ef2983ae3e30955586dd9e6a6591d81645ed451dfc14b2c648a89655af1f66067350c6fb356610469ae7b20ccd14cbb0fb04f58bfda8f28f90ebade9b6f8017094f1d467d9df73dfcc48cea0307ca833b72978e64651c8eb429f2b36adab59251452b4abaa2ecb42eaf674b12b49081b40c324d6da586212f187c51e32c42b00622b3fcb1acfecaeb603cec87a0010c199a80cf184894b0992fe709613c672ec91587afe94c637cce86a50dfe9c695c8398e963e68156537014405962d20610846691a352dad6204a33f07f175e5dbdc89aab549ef4150320084fd999a090d86affac5ac371dfe5dd595b7459b39bd78ba5bb77469da251d4f9906356667a27ac58025eed8d0ded3a69cd2a6cae52ac4dd5799802421fd8a818c5bc787da162a42f5dec2175b4ff37a543d214bdf0cc071de0b77c9902ce7dbb42ace340e64a020100b677a73bc4449655f4165f074cb1b85cd491f18f3fbeb03ca708a91fe041a46433d8d8e1693dbff6333981c243b1d412c87741aca8e790f3ebb3151e3b44870ba74c64cc5c3011d7ac138ef0bd48f197a32c31fac8d53ba54ae114119328eb9e8825555ba29e9d45cbe656eeff1b4e39600695d3911ab4f5075c3d5691b731c50adc226d3ebf50d3c38561a5d0cef2c9d16e071bb8221ab4f85a802a63b7071402f88c7cf39cfc916f8622357b3234f3761f89cfbf3aded40c512a614702ae867e197510d3bdb4ee60df96c4e51b5a338b58b07e8ee62be9822e0d166ff874b8d1f9e4486c601d9b56a26eb0b83a80704dee19d10cc05c63b95f7d1efef88177645bc30d8473983ed552926d219bd0c3dbcb0fb464649624ba7a57f5163f49f33fb79a46e7ac9797e300262a843f15f644f5230546f3c62450242fe12a79bd44c61fd946165662b0bfbcffd12deb93e0cb82dc8cc66bebf0721b94a5fa0d66381540246ff78c6225a952ab984c06c07902ed42e40fcc9151b0a59be83f454698f302f349014082ff08bcecbf0b9dea7e32b063449d573ca1b6efc812acf382ef7b7e6cd206185e063c985b8c44fe38d62d4a8d3d15228406f3abed51fe90bae3ddc283069d46e0ebd3a8bb87e4e0eb116dff6fc881e8fd0e5032e6a6494cadfd85652ed1c9c2d7aa00e18ccbde0aa3c857c50ee86975aff735f633471ab8e6db33bfcefeae661bd1bd6dfb55a9a4b4f9be01fd15e27e03fc943ccdb91a799d2eb168d9fdeecd32c19169cc0443ebb8e2f681d773efff72530f61a288cfb49c0217b9a9223ceb3798390e15fbe9475975c05f22a7c4d1990f9400a249d32eec4a5773bea0d15cc0df06d223e057b3693ac906cf632da8c9092e52718bd9f16af452dacfab22cfc2c58a3168de9914570f1035ae9b3092346db21dda270393a992cb967dc074ae2fe8b545df855b9e8b251cac7935a842bda9e850a9efb5309cc0fb83a630dcb3684fec4999ed6c4cc91aea72961420523be74711ff4c3f16a5f6ee906dae87d2bbc194b2d8b7743c157f6c8d80e6f4e377cf05810bef82e51fa5c1e442018466071f7d572cae794fab5cfbbd8e8d398c3a2823e8ce4357572a32123312d0d3976d63dc2a00b2d474ad288762e768e31ab7b4f09e7f3cfcb7a48adbdbca43d30c9bc8f67d115bc34f24eaf0318bb5e2994ff0f8b62c13f46abebdd0846da71a5d106e62266ec3e5a3f2c7166628220568807b595dc73920a0a7a9f2644db70fc53fac0a547cf6cbefe7aee975e0159fe8f413eab912925757581d2fe97cc5f19343f329b2ef081397737414a822432b5f9fa2044aebda92c1d6a065401b70c20a6867fb93e8f6f575aa9fae3e67b6fc6e0418f58731d932b3e5bd1dddbb9854a25144a334d00bea2995d7a751d40a06c37372b05cc584aaf62b90fdd95f87ff53eab367600d50eebbbb4cf04f225824086cfaca6aa82b3e3433881f7ec32cd419780ed0de6fb2234368983282fb93b9d1a6bd96c3d14aff8272328db634b02bbbc5b8957c695e469f80fc50eac333b88303d0bf29c42c13a92a58a9bf30391cfe6a0c5df40cd5b7a8637cbece9a4f251e5aa4aa2fdf883d82d2a430f06416f0372911e426620b25d8839d2ac9d73cb782194f0daddd4caa68f1ff6892981c00d6812d21ffb5fcd9b1cd187d519040968aa2d7f4ccfcc236ffe2cae8d349f39feb3fa574272a428dfbfba0a735a349188b1396b96d1fc2e86069fc797de98985bf338e495d66cbed89c2f5f2cc78ec2b880f04627e5cd49e93bb606d241149b936ab29b790e22022361c483d760e07cabdfdd204114fc3808b7bb7cf977ffe0b8c58584364571578084f1dfbb592e47e0f01c020d02aafc8c83a56299f31836574923a706e7a46861502dfbf0e9d2893a38aca39a16cec44664541e092ec489abfa28128ebd73e7bbe062515384c69c656268ef42c37632ce2db76afd09e6de7928136cfaae1b4fdeaab590617584831a7eb19af64625ec2ca635f79f50caa48524b0fcd1e08a09bcf52e231f3487ab54fc77ae44e13a966976e9e9deaf8ab9da7f804fe6290e16629c6f83110f54e5c206798033c614be334a5ee04f4ecb30f58371eeb3664eab1d00f52725992897279d21d475cefbe2345a7f1df6e916a806e7c39b651866f6c1108d00990673ca858d8af73a26a74e1f8d7818859e7d0123224f866ed0745382b2a29f5374d7c6c0fa54ddf743d89c85dc56cfab74ee786d054a5f4f1db15d85e9fe1a7fdaa3746d9e7429735f2253cb2a600b81f969c7c7e56f22b47f15aa700b3369102ea105106b96cebd1161673ae4725a4d96421833f65f76c64de5aa7957b0df8ab64583e8d5018faa1f4e0376f1d38103ac78403f65f809619c3a9fe43c6b3493d29c52d4c230a39914b1b49c627fba1612c6479205c256ef023cb52ca142c6c37391ec9f74ba334ddebce6438cdf6e99527e68585324cbf6547872366d2d0b7db30a33528a745cbc8820e52a3cf77e50a76935ff4a7f41dfc58c86ff05e24436faf28f423467105b314bd6e4edbf1a352840728e8fe4dd79ee5f770dd987eb62ba3ff5c26c9de6685afefa5a227a4a6dfc1d23ba09eefab45402b138b53b83873a3797096d4b62450c579a894be0c05b947646ef2039ed37955155b58fae377c727605979505b037a0a72e622b883cd1001f69da95ffdd143e68e1fc2cc42db37bde33184ff85c89713a722e1eba4ad292ec9ccd1c8c18674e77bf6394edd47ad635b278ec09921020507104485a6453585c385d0cd4cf611d0c6da50ec3d34eecaf3bba0ae5051a55450ae2e40c4fd0ba420b04b2e1b4d1592e8b80f92d40d42de588e719fe2b022c30a5187c64cc5c48679f680387464d3681edea585006a2e852be2266e8c4230a6bf60dd8efb0e3c1b4dcfed2844d495957ae734470d0199a0e0278f80018a39e9c82c15cb9c73a3deb2579444b414ca7061bfb4f599fe3968334c0ebde54b9a046370bb7d3227c9dd23e8edcf8b07aabf328bb164c79c6df5f0bd46a276413dee370e32da823d5e9839937e72b6480ac0439d104cadba1a8d6d0542f73f720ecdafece52fc6fa291e44b3852af376a3aceb05c2c293a2576175a3b4135ff6799a232d9c3907fcdd49e0d97e80ece0135dac08c37a16a93046d7ca3f3db91d0c28447522759017980f4d3321981ab53000fbe5293b396f6163e3ae016329bc42f6c958d648a30ed5c6e14eeef235fb74cbc24e183a0f89ee89b3c51a8b7106afefb2e406a026619793fe4c3f4bdc7d66fbf98a740afb32485ae5451b905c22bf63f9b3b42b30a3287f266559db4067d1c00d2ffee58378a44614dafed9107d97d9c3048f2bdba374ccc827f302dae2a4637354cedfc0a2d7f2d2462f5ed43f1b682e8167a2081a20741ed8bb94791526355e14a6b191aee05ef45f5d5cd83cf8fa66e5c5b4f38d7bedc90da431a285b239e13a3f9e68399da38eda883b4e443c1d557fc4cec84ce9bccf67a652e7d94c8ff57c277fb0ce233ea35929d98467ea8643cfc0464827aa26e381293c0efc049b4707416551c7d57c40d232a660b2c8d722dcd1cde8629e2b30b476c2ea9da3beec02a6b38f507230ee700f871338007cdb06d3be80450fb20f8493668183d776c902d044d4152c8a4e9ffa909d82d1b6aa27ca390706d7690b307436de72b4a81c094688397281810e98053b8c622bdc1194f54aab47fe1d3d9512733ee3e6b5b7688a90960929a0afee9580440b8964c450e3caeefcbe24c1bf6e74336ad4954f62c874a4a1ba019cae59bd1eb2ffee6174e04324348d92b588a31271a3ac59b91adb5eb22cf5af39d7cb8a7d3d8916aa9cb772c53217c18c7caa1442f9046ea806e48c6b3542d97916091d9485f0d0652427e6224346df7e4ad0820cb532fec7079c32a1dbb09cfdf8dab5f9bf240620937a91f504e7ca5a09447190290ed04ebcffbcde6f17542ab2824c", 0xfd1}], 0x1) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) (async)
close(r3) (async)
r4 = socket$inet_udplite(0x2, 0x2, 0x88) (async)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000040)=0xa44, 0x4) (async)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000000)=[@mss], 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000700), 0x4) (async)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x11, 0x0, 0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r4, &(0x7f0000000040)={0x2000000f})

1.37804823s ago: executing program 0 (id=4123):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc8, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40)
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200ac0100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000800103"], 0x240}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r2=>0x0})
socket$kcm(0x2, 0xa, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030400000000fedbdf2500007400", @ANYRES32=r2, @ANYBLOB="00080000075005003c0012800b00010062726964676500002c00028005001900020000000c0023000100000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) (fail_nth: 6)

1.336949883s ago: executing program 2 (id=4124):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x13, r2, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r3, 0x1, 0x7, &(0x7f0000000340), 0x4)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x9, 0x3, 0x230, 0xe0, 0xffffffff, 0xffffffff, 0xe0, 0xffffffff, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, 0xff000000, 0xff000000, 'bond_slave_0\x00', 'gre0\x00', {0xff}, {}, 0x2f, 0x2, 0x22}, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@icmp={{0x28}, {0xc, "2cb2"}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'veth1_vlan\x00', {0x4}}}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x290)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000003c0)={@default, @default, @default, 0x5, 0x9, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

861.689251ms ago: executing program 1 (id=4125):
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x2}, 0x50)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0x5, 0x3}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0xf, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @map_idx_val={0x18, 0x4}, @printk={@x}, @exit]}, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x3e, &(0x7f0000000340)=""/62, 0x41100, 0x5, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000900)=[r2, 0xffffffffffffffff, r4], &(0x7f0000000940)=[{0x4, 0x4, 0x10, 0x1}, {0x1, 0x4, 0xb, 0x9}, {0x1, 0x3, 0x8, 0x63733dbf9d6934db}, {0x1, 0x2, 0x3, 0x7}, {0x5, 0x3, 0x2, 0x2}], 0x10, 0x2}, 0x94)
r5 = socket$alg(0x26, 0x5, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000300)=0x5, 0x4)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB], 0x6f4}}, 0x0)

861.327624ms ago: executing program 4 (id=4126):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

829.294356ms ago: executing program 0 (id=4127):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb4, r1, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xd13f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1ff}]}, @TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'eth', 0x3a, 'lo\x00'}}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc44d}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xb}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9c9}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4008044}, 0x20000000) (async, rerun: 32)
ioctl$sock_ifreq(r0, 0x8970, &(0x7f00000001c0)={'veth0\x00', @ifru_ivalue=0x3}) (async, rerun: 32)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r2, &(0x7f00000035c0)=[{{&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000280)=""/47, 0x2f}], 0x1}, 0xc}, {{&(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/163, 0xa3}, {&(0x7f0000000440)=""/157, 0x9d}], 0x2, &(0x7f0000000540)=""/22, 0x16}, 0xdd}, {{&(0x7f0000000580)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000600)}, {&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000000740)=""/53, 0x35}, {&(0x7f0000000780)=""/165, 0xa5}], 0x4, &(0x7f0000000880)=""/255, 0xff}, 0x80}, {{&(0x7f0000000980)=@tipc=@id, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/134, 0x86}, {&(0x7f0000001ac0)=""/44, 0x2c}, {&(0x7f0000001b00)=""/104, 0x68}, {&(0x7f0000001b80)=""/54, 0x36}, {&(0x7f0000001bc0)=""/237, 0xed}], 0x6, &(0x7f0000001d40)=""/76, 0x4c}, 0x1}, {{&(0x7f0000001dc0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f00000023c0)=[{&(0x7f0000001e40)=""/141, 0x8d}, {&(0x7f0000001f00)=""/190, 0xbe}, {&(0x7f0000001fc0)=""/90, 0x5a}, {&(0x7f0000002040)=""/151, 0x97}, {&(0x7f0000002100)=""/124, 0x7c}, {&(0x7f0000002180)=""/233, 0xe9}, {&(0x7f0000002280)=""/177, 0xb1}, {&(0x7f0000002340)=""/117, 0x75}], 0x8, &(0x7f0000002440)=""/211, 0xd3}, 0x7fff}, {{&(0x7f0000002540)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000002a40)=[{&(0x7f00000025c0)=""/90, 0x5a}, {&(0x7f0000002640)=""/100, 0x64}, {&(0x7f00000026c0)=""/170, 0xaa}, {&(0x7f0000002780)=""/188, 0xbc}, {&(0x7f0000002840)=""/255, 0xff}, {&(0x7f0000002940)}, {&(0x7f0000002980)=""/63, 0x3f}, {&(0x7f00000029c0)=""/61, 0x3d}, {&(0x7f0000002a00)=""/23, 0x17}], 0x9, &(0x7f0000002b00)=""/159, 0x9f}, 0x7}, {{0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000002bc0)=""/79, 0x4f}, {&(0x7f0000002c40)=""/159, 0x9f}, {&(0x7f0000002d00)=""/202, 0xca}, {&(0x7f0000002e00)=""/210, 0xd2}, {&(0x7f0000002f00)=""/93, 0x5d}, {&(0x7f0000002f80)=""/26, 0x1a}, {&(0x7f0000002fc0)=""/37, 0x25}], 0x7, &(0x7f0000003080)=""/92, 0x5c}, 0x3}, {{&(0x7f0000003100)=@hci, 0x80, &(0x7f0000003540)=[{&(0x7f0000003180)=""/202, 0xca}, {&(0x7f0000003280)=""/153, 0x99}, {&(0x7f0000003340)=""/24, 0x18}, {&(0x7f0000003380)=""/247, 0xf7}, {&(0x7f0000003480)=""/133, 0x85}], 0x5}, 0x8}], 0x8, 0x40, &(0x7f00000037c0)={0x77359400}) (async)
ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f0000003800)) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000003980)={&(0x7f0000003840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000003940)={&(0x7f0000003880)={0xb4, 0x0, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x1a}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x1c}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8090}, 0x800)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000039c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x50) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000003ac0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000003a40), &(0x7f0000003a80)}, 0x20) (rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000003b80)={{r4, <r9=>0xffffffffffffffff}, &(0x7f0000003b00), &(0x7f0000003b40)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000003c40)={{0x1, <r10=>0xffffffffffffffff}, &(0x7f0000003bc0), &(0x7f0000003c00)}, 0x20) (async)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000003c80)=@bloom_filter={0x1e, 0xb2e3, 0x2, 0x1, 0x2040, 0x1, 0x610, '\x00', 0x0, r5, 0x3, 0x4, 0x4, 0x7}, 0x50) (async, rerun: 32)
getsockname$packet(0xffffffffffffffff, &(0x7f0000003e80)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000003ec0)=0x14) (async, rerun: 32)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000003f80)={0x7f, <r13=>0x0}, 0x8) (async, rerun: 32)
r14 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000004000)=@o_path={&(0x7f0000003fc0)='./file0\x00', 0x0, 0x0, r5}, 0x18) (async, rerun: 32)
pipe(&(0x7f0000004040)={<r15=>0xffffffffffffffff, <r16=>0xffffffffffffffff}) (async)
r17 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000040c0)=@generic={&(0x7f0000004080)='./file0\x00', 0x0, 0x10}, 0x18) (async)
r18 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000004140)=@o_path={&(0x7f0000004100)='./file0\x00', 0x0, 0x8, r3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000004240)={0x1b, 0x25, &(0x7f0000003d00)=@raw=[@exit, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x6, 0x1, 0x0, r7}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @ldst={0x3, 0x2, 0x3, 0xa, 0x0, 0xfffffffffffffff4, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, r9}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x8, 0x2, 0x0, r10, 0x0, 0x0, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000003e40)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x34, '\x00', r12, @fallback=0xa, 0xffffffffffffffff, 0x8, &(0x7f0000003f00)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000003f40)={0x2, 0x4, 0x800, 0xc2}, 0x10, r13, r14, 0x5, &(0x7f0000004180)=[r16, r17, r18, 0xffffffffffffffff], &(0x7f00000041c0)=[{0x4, 0x1, 0xc, 0x6}, {0x5, 0x5, 0x5, 0x7}, {0x2, 0x4, 0xe, 0x4}, {0x0, 0x2, 0x4, 0x3}, {0x2, 0x5, 0xd, 0x5}], 0x10, 0x7}, 0x94) (async, rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000004440)={'gre0\x00', &(0x7f0000004300)={'erspan0\x00', r12, 0x0, 0x1, 0x8, 0x5, {{0x3c, 0x4, 0x0, 0x4, 0xf0, 0x67, 0x0, 0x4, 0x4, 0x0, @empty, @private=0xa010101, {[@rr={0x7, 0xf, 0x43, [@loopback, @multicast1, @dev={0xac, 0x14, 0x14, 0x2e}]}, @noop, @generic={0x7, 0x11, "033e5ae5d24bbc91e4a28056f117a4"}, @timestamp={0x44, 0x20, 0x52, 0x0, 0x7, [0x2, 0x0, 0x9, 0x1, 0x3, 0x8000, 0x2]}, @timestamp_prespec={0x44, 0x54, 0xde, 0x3, 0x1, [{@multicast1, 0xed8}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x1}, {@multicast2, 0x50000000}, {@multicast2, 0xfffff000}, {@private=0xa010101, 0x2}, {@multicast1, 0xfffffffc}, {@broadcast, 0x5}, {@multicast2, 0xadc}, {@remote, 0x8}, {@empty}]}, @ssrr={0x89, 0x7, 0xbb, [@dev={0xac, 0x14, 0x14, 0x40}]}, @noop, @rr={0x7, 0x23, 0x7b, [@multicast1, @dev={0xac, 0x14, 0x14, 0x25}, @loopback, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0xf}, @private=0xa010101, @rand_addr=0x64010100, @broadcast]}, @ssrr={0x89, 0x1b, 0xc1, [@remote, @local, @remote, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x31}, @local]}]}}}}}) (rerun: 64)
recvmsg$unix(r15, &(0x7f0000004740)={&(0x7f0000004480)=@abs, 0x6e, &(0x7f00000046c0)=[{&(0x7f0000004500)=""/3, 0x3}, {&(0x7f0000004540)=""/255, 0xff}, {&(0x7f0000004640)=""/56, 0x38}, {&(0x7f0000004680)=""/47, 0x2f}], 0x4, &(0x7f0000004700)}, 0x40010150) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000004800)={r8, &(0x7f0000004780)="849c66", &(0x7f00000047c0)=""/45}, 0x20) (async)
r19 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$sock_netdev_private(r19, 0x89f3, &(0x7f0000004840)="bbe3e42fd242974a9f9ebd7db87d57f5fe34f3a0abb000f67ad59530515015e937e2bf17946b80215b0565ef38a0a41a10e8e767b27e95b05e556c060caec0a2e87496fa26cd46129f67656ca73e12c37a8cdaa9c6eefb2d7105bf8150c2adb3183ebca2f2a2107fa08ffa91424f65bbf265d7bc193c90666878da6521b758ad7958a5573818a4a4bdcc89bb919b5db7e9d92348d5706c68734614e085b5024d11635e026319a922d25cffda99af8f2eba34feebbdcccd4474609fcca54cdd36115988c53e02381c213196")
socketpair(0x3ed0feab2a4bc712, 0xa, 0x0, &(0x7f0000004940)={0xffffffffffffffff, <r20=>0xffffffffffffffff})
getsockname$packet(r20, &(0x7f0000004980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000049c0)=0x14) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004e80)={{r8}, &(0x7f0000004a00), &(0x7f0000004e40)}, 0x20) (rerun: 64)

828.800066ms ago: executing program 3 (id=4128):
r0 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@rand_addr=0x4, @in6=@private0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x20, 0x20}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@remote, 0x4d3, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8) (async)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) (async)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@netrom={'nr', 0x0}, 0x83)
ioctl$sock_netdev_private(r3, 0x8924, &(0x7f0000000000)) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x8004000}, 0x40)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, 0x0, 0x0) (async)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000300)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x3b}, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x2e4e}, {0x0, 0xfffffffffffffffd, 0x1}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x6c}, 0xa, @in=@empty}}, 0xe8) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r6) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800000}}, 0x0, 0x4f1}, 0x90) (async)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21a8}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x1) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r9, 0x6a, 0x2, 0x20000000, 0x3)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)

756.473839ms ago: executing program 1 (id=4129):
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x50)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001d00)={0x6, 0xc, &(0x7f0000001dc0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000003e00)=""/4088, 0xff8}, {&(0x7f0000000440)=""/234, 0xea}], 0x3}, 0x101}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x1194, 0x0}, 0x10001}, {{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000002e00)=""/4094, 0xffe}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f00000003c0)=""/124, 0x7c}, {&(0x7f0000000680)=""/129, 0x81}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}, {{&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast1}}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000240)=""/91, 0x5b}, {&(0x7f0000000600)=""/98, 0x62}, {&(0x7f0000000080)=""/43, 0x2b}], 0x3, &(0x7f00000001c0)}, 0x8001}], 0x9, 0x40010000, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

630.824386ms ago: executing program 4 (id=4130):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x2}, 0x50)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0x5, 0x3}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYRES16, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a004e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d400", @ANYRES16=r1], 0x21c}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}}, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940), 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

630.571825ms ago: executing program 3 (id=4131):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}}, 0xb8}}, 0x0)

630.315233ms ago: executing program 1 (id=4132):
r0 = socket(0x40000000015, 0xa, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x3c, r2, 0x821, 0x70bd2c, 0x2ddfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x41}, 0x404c044)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r5=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000080)={r5, @in6={{0xa, 0x4e23, 0x4004, @empty, 0xc}}, 0x9, 0xb73}, 0x90)
r6 = socket(0x15, 0x5, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
getsockopt(r6, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000000)=0x18ff9)

572.912874ms ago: executing program 1 (id=4133):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ff8100000000000000"], 0x1c}}, 0x4000000)
recvmmsg$unix(r0, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000100)=""/147, 0x93}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f0000001d00)=""/229, 0xe5}, {&(0x7f0000000540)=""/245, 0xf5}, {&(0x7f00000008c0)=""/215, 0xd7}, {&(0x7f0000000740)=""/254, 0xfe}], 0x6}}], 0x3, 0x0, 0x0)

558.636745ms ago: executing program 0 (id=4134):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
pwritev(r0, &(0x7f0000000380)=[{&(0x7f0000000040)="c021", 0x2}], 0x1, 0x7, 0x1)
ioctl$PPPIOCSMRU1(r0, 0x40047452, &(0x7f0000000100))

459.010053ms ago: executing program 3 (id=4135):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552da15f6", @ANYRES32=0x0, @ANYBLOB="000000293c000000280012800a00010076786c616e00000018000280140013"], 0x48}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x6)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)

427.777301ms ago: executing program 4 (id=4136):
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004001560000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

427.254243ms ago: executing program 2 (id=4137):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000740ab487b1b512f33a8dbd67a8b35f2405127f309901ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d9"], 0x558}}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000004c0)={0x60, 0xd, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f00000000c0)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x11, 0x0, 0x300, 0x80, 0xfffffffd, 0x9, 0x0, 0x0, 0x2}})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f00000003c0)={&(0x7f0000000200)=""/221, 0xdd, 0x0, &(0x7f0000000300)=""/132, 0x84}}, 0x10)

388.364884ms ago: executing program 0 (id=4138):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./cgroup/cgroup.procs/../file0\x00', 0x0, 0x8}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, 0x9, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}, @IPSET_ATTR_ETHER={0xa, 0x11, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x86}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0xe4e}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000000)=ANY=[@ANYBLOB="e8dcff07002e178382234e748ac7", @ANYRES32=r1, @ANYBLOB="00000000fffeffffffffffff00"/28, @ANYRES32=r1, @ANYBLOB="000000000400"/28])

270.820319ms ago: executing program 0 (id=4139):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$kcm(0xa, 0x922000000003, 0x11)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc8, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40)
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200ac0100000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a3000000000800103"], 0x240}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r2=>0x0})
socket$kcm(0x2, 0xa, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030400070000fedbdf2500007400", @ANYRES32=r2, @ANYBLOB="00080000075005003c0012800b00010062726964676500002c00028005001900020000000c0023000100000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

83.658567ms ago: executing program 3 (id=4140):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xffe0}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002480)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x1}, {}, {0xe, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)

82.874576ms ago: executing program 2 (id=4141):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@RTM_DELMDB={0x38, 0x55, 0x1, 0x0, 0x0, {0x7, r1}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@ip4=@empty, 0x800}}}]}, 0x38}}, 0x0)

78.040179ms ago: executing program 4 (id=4142):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, 0x0, 0x1a)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r4)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r6, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x6}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x400}, 0x40091)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x48, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1916}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}}, 0x20000000)
writev(r3, &(0x7f0000001740)=[{&(0x7f0000000280)="a674676fffa175ccf062b5cac996c34caa92b84d23f2564dadb99a0572d53dbdc82b51ac7d0682a0182f607fbf6a", 0x2e}, {&(0x7f00000002c0)="2251310f7373948a55a5252b611ef6b526bebe6bf23365c6a47f1fc6808c4072e2653cede9bee08498235ec5addfd6aebd6f2cd8d5d4bc1e04dd52dcd8b0828b8746747750bc326936648fc25a6f85", 0x4f}, {&(0x7f0000000340)="d1ad07b7d5a9976feca64a08fcd640f77936a0dc262dae576b9e504c6c3e645ac295b0fd1f5a401b86285446e022b97cbcb2e1982691dcbb746a753e86a3691abf62a25fa0", 0x45}, {&(0x7f00000003c0)="3a48f120fc2ca5c3031cb41b3cfbeb9e219067b69f5c80ebe5e95bb011b159e3052e8e21a90ceafcfeab450d3544df471bec883b71547c6dc9589c84711c4db6b2d38f60893f2595e49794e2fb413948dee667d01d29ce7ee237e295c70f5e8d90ab08e49ea058ac0e5e9c301e430b438b689514ee4239da2b87d354dc35f524f5aa1a019adf4bb586c3f6cdcce67df1165fd5701db53189cb22d863385c253b1734727182d2815fcea337b5c1ede0cb", 0xb0}, {&(0x7f0000000480)="633605f3ab99396b3462dae600cd023c2d72f8abe4b987647f5d1cedd40395f4256cd6643903238c4b68976097725dc2f406c6ba98d00e157193477c947d63a5f9bb165a4d1b5746af5671181f0a5bf31297742c2100d0022ed95e470c71089aee4fec50afe0e9e3e114fc19c21d6f48d956483ecc53417b10460871fbaa0325fcd70e0356d7a1c2ecf16b8a1cafacb6c135b1676e465ad330020d993f89424b14dbbf17f35cd848c422d799e5719c222714d5e63f3e61dbb341d9f4788b28267fbbcb138514dd6e6bfe4b9b3f71d6c7abf9de6f4fd224ac3f324939f46d1cdb49a70f46bab42838c2bd2f9b47baad23211ab06d7eacbd792610f2f62baded712f39ad232ddcd426d8cef14e5f8a6f85d9b2595724bb0dadffbeb8800b2b2e2132e398b76a4fabbac946019b0c9b842234984f3ca026ece26ccf01babe5c1f3c99a2c335e770a5e2d2909824ce7156142884425ccec56b1479198cd5a7e264cb7955b1b9fecf0788d8d870ce33b2bb1197c58fe3c9e580c5090fc35385606dbcb517bba20161043e9a6b8724f824fe49061e918abf08b839e87dce27fe8624eb3c659fcb27d0e9ba730a37bdd4877b62474081831b0f10f485bf0e75ba75d853c18494c1cb299a11ed659abdfaa61949cf8ba6c811305aeba4b0dd93b72bfa113800764c38a86ea91d5b7fffebc7fc7d6588cda42b51490b3403f7787a2e217d404be82e4fb68e5341356f8087d6b5d10fcf925a318c7905441bda34d9c82084731ceb3482ab8e628935b3dd76b5452fbb122e4e3e2d457987b0c3f2b26c70f43fe9c9d807c3ff4f1bc9f53cd2f3cf90bf6b2422038aa85ba3c0706329eaeab94a2e78eef60830a07654ff8ca3aa1e923e71009572853386e6f4c545d2c8a7e17d6d29c8e7ed72cc2ea1705ac6e22362c27cd253730f7776d2e2e81ca15ccaf8051d79dea5174f688f5a95ee315a7a3783b191c1ccf8d31893d252432edc2269b13391306405f3f20882d9d0932abdb2a90ac261150da4ab58f6d69667fdcc1621dd8efc9fb3f246dd103bfa4263e2bc47e968e493927c9fab2af5bf892d12115825a0c001049a0e2e0b9cdce9175049921631286db09242941a29e70cb0fc348ddbe3176f0ffbe5038fb719a6b08fcb7d528b3b06a658cd94d26ea84a92918fd7ca59e90267660837b64c0bad5f8f920ef0574884c53d25600ec020e9bf65feca6c8e52ffd7b08029950ed0ee9870c36ca4859ca903b5305f2ed40ab8d1cc5175d7296ae51e3ffdcce790d2e056eadc79cda9caeed3d0df9b2f5b2fb6e51fbc0585b1b9c419f14a066a07b78ef770f27d477948a3112bc9811b303dd09626f38c346a8f91d380abf004a185f6eaedb92f41175b16e5cbfd02cbd65f3101e673ca64acc3c3194b3f16df1acfba6646d235b2684e0558eddbc4ab373a80674f1f21e7b58fb57c4cefa9e2e8c94605905a52d9a8bbcf11f81fcd3c815751c26a12cd26d7fd5108c27fa72ed8238d25f9ccc033a4f547c9fb9f96e1226e45a0c2c8ccf49ec3e4754f752914d15a704710f717a46f853a4c739a0b2e2fc63acfdcd0def71fa6ff12187e5acf8e48f69f9075ce5cc7c0de78dcf59b03c9e8980e1ce3e058d8074838663e65130c4ac0fe018763a42568982b97c7ad90da423f514a2ac643a5b08eed23eca8916c2e228676df2729a8b5446c74950a77ce30a278b1bb20f5356f50d4b1a11d80a8d4e8ee2964658dcadd15c55966a0b649734e9dcb6b265809fe4888b1f99e72269c425463a8ef9cb820d23b901d22fffcbc2b845e4befae900e6554c07c365a996994fa9ed2d0b3a881878994e0c2fc2616a6696e428ee3090cc0c20401a1a70d14820f74141c8f88ed0af6b31a757dc44020593c1aaa4f3044a83910d9afd1db65d2275d0ab234d932566014fba01ed35b888359691cb8657089d55aa1a6a80b18de8b186ee60f208c579154ac9984b69bf8f3d41e51b17436cfd95ee084521c6f9928da9a366b93deaea006fb10d4bb56dd518dd952bd8d28cfff33ce7dfa9b88a1cee4591b1d8b2976cb1383fa69b155ed8784404bb57ba78cf5ec9d2a1947bcc9123b1d60a691df73050410d0f18b60a6b43f9f3c8ef8affc55c2264e31892ac9397a4538d023f8d219674d29faa1dd816211682ea0567c39c485978829b68ab39c77db9369f6341f901e429867986a00bbee2b063b433a55083585e463811c0194229e83a53e20f18bc006cd77063e1568833f79c9534b065636cafa904d7fa7672c71cc129d359d9515d584e70b5ccc21467ff168c48eaea350bedd88e81a6019ddab42c474348281f528de27ff5ddb499de695be0d71951a11fcdb71a844c0f1c09452f5a6bb00cb79f4c2a7c161105cf1a78ed52f7754fd162f0fe22f2b9eed49a57dc242c874429a3ffdadc1d5577e9fc2503ac48b3c8e496d5289b1a8f57efc539d12755a2069ea88a1f301e0cbe5f61b7638adda17d9436923dc3c4b5ea73ca34361f690db931c70b62973c87b13634089de80b1e6f50510de9528c363f7413891d6559ae9ad598f0e56595802655897d1c9d94608d0323bc2403b8059292053b8d01858ffaf6fd53c2ed6cfb9cd0049f68da487a8a2855e78f3144993791172db32e92686977458caf64c780305b31b1f5d20028a5e124b2f1e51a0576bf316329aea4c18438312ba039f8e84cf5b6b8e4cd135f7868396cfeb3b816c4f5dba761eab18684934877aa0b2c99efd0c6ae4823a4ff510a429c59d0c93896d66a3dc680785d768f9b74ee33db7aff756655de232cb9dcfe440e708c59f6070ed85d270c71c1c913be2f20924aa9cc99c4e04114945347e4a6fdbbd639b09a6802c8709175c7b1ed5543edf33199deb818f60d189c68f0e629a6a51b11597606d7e5d1507f67cf978007990ea154be7388cee0d7ee28fd54b84a85613226b3e83b83e62a84d4c0de1032d4da1e13499c85ce1b18015adc1d5be06c5589f0833133819198577a010f0ae5819d095aba4e13f1331ae23ea0c2efc81808100157ae1478516913f93a8a0aab2c788515b4597fa5176d43f544dc868763b20a022a66ddf11cc6cc2c1b78c500ed62a51eaef8ed784c96ab26e9e132f17c71f5931ca6ed97c81b8d7e40be52911d0fad9b5d0ec580ba0f7b6292826d73f36fe9dd18ca29929d117b54d92f7c267e765a0e8fe568344e0e25c362e8d17549b4ee59c5c5eee43abcd4911ad720c179c1f73f7fa4d0f01b6816b5a924de4366d0bd206e690fe51a299fe09294e60472c2708933622bdb922a04485c667cb892b38df93483bd59f64679f4c7a5dec78aa36df08615af9f1ec3dc0278f7705e06999ff89713c0cbdd8415ba9ca328be77a8ed3b36c749c169aca6b6ca520ce4380dd338decdc731669cc97d1449c3d53dbd984656d12b2105e5c9a10c6e462ebed48e27b7b984fcb6aced3eec32204964c0bda6e22f0636db654156546160443221fbdcafb626a096ef0f049e3f7dd266340225fe5e68e369d844335f656154762705145a9e71ff2f5ec0ff9ad3ae0dbdfc5826c2cf831e6fa070f3bd029c7aea368d2f046b9cca1eff84aa56bb507b70664ece2a8c642717efac359b5d738a92430a9e15e9d2977093c59d353499cc87325bac95d4ceee1846e37cded6a35680dcb877880bcf52e803ebcd5c0a959d5aed5d4a930963fe7e9aa9b1e96ea39aadb463f85888ee1030948b8defce4b5e4148237eb0a009ddd479ed16a0b649cdd988f253321ebd1b11e914765e5a69a5f2e95281bc579cb81954c5c6d1cc8459367fd44c2e8265015b9aba8a7f1c911b08dcf7d7b44d77a004b807c95c38129caeeec140e815b097df22df42555f56e1e14b8ca61ac3b759cb891dafd78df785ea763559d402c6ba4c8dc18ecd5a109ddd0b4cb97dca33995c734415cc115b01cfb7fe729d90c0afe53bdc8c7c820389dd8f552c27f1e3e950ba267e9b99accced65f96b6518143c42955dece3fdee808a4fee579ceb6a9ca6ebf6581f92a88d3c711f6466cf775c0f939bbcac5b0d21cceaeb486cf0400d510dc74eb63d8fef423937131071edaebb532bb4991a201d5c94f3d3ad3978f978575a24b2ce01a22efe6891d7c09513f7746a7fbb86cabc904a1235c56dea4f35163160eccb12fc6970e2971569b1930e83598d7cb0941efca4606a61ce2173c537ad2381ef6aa7a4a8d58eeb750955342a72946c74f69a458c2a081821d72a4485e9a9a462438effc4845b73e2052df6950631f99b53353372bc9c3b0f33dc90062edded0388df626b23047302c6ea4649b23057fc6abfd27d5ee0a193d79c05268220eddcd645bbd95bf4e24ea28ac85fcec4ae096c0300ef9bf7b9ddfb8e0496d8bd52555264b79f5438e60eda99eb77db812bcda056798497e233f9edd70c708758bf48c5e7685a09efb409ba5f0ce5b82dfa06a8f05590f761af74a9058e5788c7120c94c250572309bd7fc0f98d3de48f594c9a98e48a9b0e7696aead6adaf149566eed4b8948c1aa4184b0d25320e38d7b82586dd9c6cb75907968302da84532ec104b31c360acc8e34fee521850c59ce1cd3dbbefd817862ee552eddf2141135aa642c02347ef5c16c54cf913590c37f40e183678525630b3009a1e72bc5be7fe8de489a517ceeb1ea0009f775a90adfa8e2e91bc6a32d741faa2db924e030e686a9919aea3ce36f6623bb6ced468e78044cec781387f66c8a9a86e03e60f9642959f568946497ffa8088380bc615960772e33f7ff458d1f329a8270d3f8da7a276cf600e78072582f499c302e8fcf3dac2d29376bd8621e197e31b09235453b7a6d396665f0c6c79c3a0eb9adc447cc5009d2f023ebebfe5280c77d58396042201c9c709f3ef01cdedf2ae40f697ad945380ba2674913e9a819211e02a6f99bafb61aa9710e9dbf78e181383496cee4d1c2da7c6c73449f26c3956a96275785af37f6cba4869ef46c4095a6239a10caa1562d31a357da4ca0114820f44c9e8f3070a81b75ae96baa74a398a1cc39c898929ce13e157220a93013d5c7147e228d5525d33a81e92e5c5b4fe70614d27f836f04de95c8abd658dd8c703cb88e1d59c3c3be8c0593f348cdc79ef31a18092195dad2d945d2847f3e5d284e3a93f2a99052559a92f8cbd4ca03ee70cf6fd5940d36a1ed6d58a8c95a909ee99519ead0a1188e6cc2b268708412ab7ad7f7f26d23b9e485f246b63a7551a5726399a6c2177544be6677a4cecfb1f7efb104b1c1c258434b91d6130babb50f1ec85f56e65a4ae9143054453854d0aef7a84869a063fbb74b8e8289509083a67b1c107eeae1de8e0ef9d0f1b9c355c6949df1deb4f58c53e74546d085f57164356372f76b9760fc2bebefcf398ae367a2f2d2457b5b64d44872d089e512a4c140f70f25d8e3c46041dade656097923c268cb16fffcb1105ab42081813bf491f0847383d25c63f28268524c2ab95c69fd948e0821b61fa4c00d2465703e2dc4a4b5ef21687162f7fea9820f1248fddd482ded88e80c8220ebfdd7a3ab68795a62c73cdd8402d26d545ab945f0b05116f73528c9a2f9f6899c6ec397b1218f226917a6e3a97fc7a432acf724146c2ad5d7b98099129b556e53907387ace66f6bf376d68a738913266cb52c75917957ec7f81bcc2a19b8fdb1a69a5245dd1b6fe9d25bfc001073fa520657eb0c5cf18c2e72bf88d57f7800e0ccbdb9c619c63b3b4a3a9213d08ebc9657d65714ce8893b26acd01075afc518760bd1a7a40dbacc", 0x1000}, {&(0x7f0000001480)="c9d30dd060bf5225ec807fd36281aadd55c32068b9b278614d0d1a9ee3b9eac051c536f37cb4e15315", 0x29}, {&(0x7f00000014c0)="9ab58a953e24288a9496d9429eed3b027d5d49331e38915f3a196fa4df0cba78b8e1685279aa913f76d956cc8da21486594f8f0f165e3a69b5c9098fbd696066e9bbb0ef35137450bccade171fd2c97755e18016fd66df35df4af6aef8248d9a7f540b9739fd072cf4388fd43e17fa3faeb981f9aa3317c0af18831d31d34d255678e9742fcb46f331fc423fb90b3b834685d01f6acdb22476a845902d2d9ffc6dac1ca5e5923da6880444d1e2571aea70e921c665afce4bccf5734628885cbce1afc5eec63e638d208383de952c0739", 0xd0}, {&(0x7f00000015c0)="a13f761a5e565c7c4f242cf217a946bda8c3cf12c94518a77abaf588b93a1342b1cc03e10948a84f877de94377082c9808aba01efc32f1094f5b7445d813f1ecba0cf79b374c5354d636379b727cac8b6d8ad4efdfa3c24677423136068cc7515ab008e7d74493863c23961b3749c21aa50f13104ac469e98b11f85df2566e2f34c1927767d2241c2b42d92e3375e9708838b48683f6ed6f5b1e3652513f34442d00ab60fe2b9ebb9fe687", 0xab}, {&(0x7f0000001680)="dca60ae1b6b538abacf027c8994ca8881db5c7f8329db4488bb68730695d517b7bae9ac264c43cc0e56bdd414ebcc1668552ff4e655ae1d834fc68e54f81f0c12969bbd800043d9f5c68faf30ff7c8af58854f614f5289f9d5aff9700f83f4b8fce56e43db05f578bf02a0adf6e3f1b4cf067da9cb0fb7e9aa97583f8a0e4ba1660bcf09c484ef", 0x87}], 0x9)

77.357609ms ago: executing program 2 (id=4143):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x14c, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xfff3}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_IP_TOS_MASK={0x5}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x100, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xe8, 0x1, [@m_connmark={0x7c, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x49, 0x6, "4eebdf2408e8952792009f587075f394796b87f5e6c0508e4deec5a86d24a64dacafd73234200ce6fe5d4aea9687c8c641b998a1c77c0f725ce22b72f10b8a2d3a770951c3"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_tunnel_key={0x68, 0x1d, 0x0, 0x0, {{0xf}, {0x4}, {0x35, 0x6, "309e7046678cfa85254c612d61e3d2c3e3b6590ca2f3e70c7fcdf5868b95845dfa60edad38b3b8c47659e35d235cfa416f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, 0x0)

76.572129ms ago: executing program 3 (id=4144):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x28, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {}, {}, {0xfff3, 0xfff2}}, [@TCA_STAB={0x4}]}, 0x28}}, 0x1)
shutdown(r3, 0x1)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_PAN_ID(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x28, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000340)={r7, r7, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r8, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r4, @ANYBLOB="0100000000070000000009000000780003800800030004000000060007004e21000014000600fc010600000000010000000000000001060007004e20000008000100010000001400020076657468315f746f5f7465616d000000050008000100000008000500e0"], 0x8c}}, 0x0)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf250f0000001c0007800c00040000000000000000000c0003000900000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20008884)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r5)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r5, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r10, 0x1, 0x70bd2b, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg2\x00', <r11=>0x0})
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000129bd7000fedbdf2504000000080002000540000008000200010000001400018008000700", @ANYRES32=r11, @ANYBLOB="080006001a00000008000400090000000800040055ea0000"], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4)

39.674937ms ago: executing program 0 (id=4145):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
sendto$inet6(r1, 0x0, 0x0, 0xf7ffff7f, 0x0, 0xffe0)

0s ago: executing program 2 (id=4146):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000700)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x2}, 0x50)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x66}, @initr0, @exit, @alu={0x7, 0x0, 0x5, 0x3}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYRES16, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a004e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d400", @ANYRES16=r1], 0x21c}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}}, &(0x7f00000002c0)='GPL\x00', 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0xc, 0x7, 0x43e64c37}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940), 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

m netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.922242][T13123] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.943047][T13123] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.036356][ T5855] Bluetooth: hci3: command tx timeout
[  329.139344][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.175011][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.226412][ T2125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.238185][ T2125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.423204][T13396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2899'.
[  330.059809][T13433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2910'.
[  330.097518][T13433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2910'.
[  330.137814][T13433] netlink: 'syz.3.2910': attribute type 13 has an invalid length.
[  330.247027][T13439] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2915'.
[  330.260221][T13443] netlink: 'syz.1.2917': attribute type 4 has an invalid length.
[  330.332748][T13449] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  330.340134][T13449] IPv6: NLM_F_CREATE should be set when creating new route
[  330.488204][T13457] FAULT_INJECTION: forcing a failure.
[  330.488204][T13457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  330.501817][T13457] CPU: 1 UID: 0 PID: 13457 Comm: syz.1.2920 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  330.501853][T13457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  330.501866][T13457] Call Trace:
[  330.501875][T13457]  <TASK>
[  330.501884][T13457]  dump_stack_lvl+0x189/0x250
[  330.501915][T13457]  ? __pfx____ratelimit+0x10/0x10
[  330.501937][T13457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.501962][T13457]  ? __pfx__printk+0x10/0x10
[  330.501991][T13457]  ? __might_fault+0xb0/0x130
[  330.502033][T13457]  should_fail_ex+0x414/0x560
[  330.502061][T13457]  _copy_from_iter+0x1db/0x16f0
[  330.502092][T13457]  ? rcu_is_watching+0x15/0xb0
[  330.502119][T13457]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  330.502153][T13457]  ? __pfx__copy_from_iter+0x10/0x10
[  330.502181][T13457]  ? __build_skb_around+0x257/0x3e0
[  330.502215][T13457]  ? netlink_sendmsg+0x642/0xb30
[  330.502243][T13457]  ? skb_put+0x11b/0x210
[  330.502276][T13457]  netlink_sendmsg+0x6b2/0xb30
[  330.502317][T13457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.502349][T13457]  ? __lock_acquire+0xab9/0xd20
[  330.502369][T13457]  ? aa_sock_msg_perm+0x94/0x160
[  330.502394][T13457]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  330.502416][T13457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.502447][T13457]  __sock_sendmsg+0x21c/0x270
[  330.502475][T13457]  ____sys_sendmsg+0x505/0x830
[  330.502513][T13457]  ? __pfx_____sys_sendmsg+0x10/0x10
[  330.502556][T13457]  ? import_iovec+0x74/0xa0
[  330.502590][T13457]  ___sys_sendmsg+0x21f/0x2a0
[  330.502625][T13457]  ? __pfx____sys_sendmsg+0x10/0x10
[  330.502697][T13457]  ? __fget_files+0x2a/0x420
[  330.502716][T13457]  ? __fget_files+0x3a0/0x420
[  330.502766][T13457]  __x64_sys_sendmsg+0x19b/0x260
[  330.502802][T13457]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  330.502853][T13457]  ? __pfx_ksys_write+0x10/0x10
[  330.502880][T13457]  ? rcu_is_watching+0x15/0xb0
[  330.502911][T13457]  ? do_syscall_64+0xbe/0x3b0
[  330.502940][T13457]  do_syscall_64+0xfa/0x3b0
[  330.502963][T13457]  ? lockdep_hardirqs_on+0x9c/0x150
[  330.502984][T13457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.503006][T13457]  ? clear_bhb_loop+0x60/0xb0
[  330.503033][T13457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.503055][T13457] RIP: 0033:0x7ff255d8e929
[  330.503073][T13457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.503093][T13457] RSP: 002b:00007ff256b95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  330.503116][T13457] RAX: ffffffffffffffda RBX: 00007ff255fb5fa0 RCX: 00007ff255d8e929
[  330.503132][T13457] RDX: 0000000024040000 RSI: 0000200000000140 RDI: 0000000000000003
[  330.503147][T13457] RBP: 00007ff256b95090 R08: 0000000000000000 R09: 0000000000000000
[  330.503160][T13457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.503173][T13457] R13: 0000000000000000 R14: 00007ff255fb5fa0 R15: 00007ffdbf923088
[  330.503207][T13457]  </TASK>
[  330.794647][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  331.270016][T13480] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  331.304424][T13480] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.306809][T13482] x_tables: duplicate underflow at hook 1
[  331.314077][T13480] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.191163][T13523] __nla_validate_parse: 3 callbacks suppressed
[  332.191184][T13523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2947'.
[  332.606049][T13535] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2951'.
[  332.799311][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  332.807863][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  332.818025][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  332.829801][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  332.838567][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  333.186460][T13554] sctp: [Deprecated]: syz.1.2958 (pid 13554) Use of int in max_burst socket option.
[  333.186460][T13554] Use struct sctp_assoc_value instead
[  333.218856][T13552] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2957'.
[  333.261774][T13558] sctp: [Deprecated]: syz.1.2958 (pid 13558) Use of int in max_burst socket option.
[  333.261774][T13558] Use struct sctp_assoc_value instead
[  333.518694][T13543] chnl_net:caif_netlink_parms(): no params data found
[  333.594688][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  333.733716][T13579] netlink: 'syz.3.2966': attribute type 64 has an invalid length.
[  333.805101][T13579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2966'.
[  333.817255][T13543] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.829829][T13582] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2967'.
[  333.842849][T13543] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.860592][T13543] bridge_slave_0: entered allmulticast mode
[  333.875649][T13543] bridge_slave_0: entered promiscuous mode
[  333.903412][T13543] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.921682][T13543] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.940285][T13543] bridge_slave_1: entered allmulticast mode
[  333.963657][T13543] bridge_slave_1: entered promiscuous mode
[  333.974317][T13588] xt_HMARK: proto mask must be zero with L3 mode
[  333.979823][T13587] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2969'.
[  334.128917][T13543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.153370][T13543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.212949][T13597] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2974'.
[  334.312774][T13543] team0: Port device team_slave_0 added
[  334.358635][T13543] team0: Port device team_slave_1 added
[  334.408630][T13607] netlink: 'syz.4.2977': attribute type 1 has an invalid length.
[  334.512213][T13543] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.520833][T13543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.563798][T13543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.584032][T13543] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.591201][T13543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.611030][T13616] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2981'.
[  334.627862][T13543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.652829][T13607] 8021q: adding VLAN 0 to HW filter on device bond8
[  334.875529][   T51] Bluetooth: hci4: command tx timeout
[  334.903308][T13543] hsr_slave_0: entered promiscuous mode
[  334.939916][T13543] hsr_slave_1: entered promiscuous mode
[  334.980831][T13543] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  335.009954][T13543] Cannot create hsr debugfs directory
[  335.201055][T13635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2988'.
[  335.457815][T13543] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  335.469762][T13543] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.482108][T13649] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  335.599402][T13543] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  335.613255][T13543] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.715526][T13543] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  335.727334][T13543] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.751296][T13657] vlan2: entered promiscuous mode
[  335.790304][T13543] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  335.801170][T13543] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.981808][T13543] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  335.995215][T13543] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  336.019991][T13543] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  336.030777][T13543] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  336.203587][T13543] 8021q: adding VLAN 0 to HW filter on device bond0
[  336.260418][T13543] 8021q: adding VLAN 0 to HW filter on device team0
[  336.299421][ T2125] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.306717][ T2125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  336.351833][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.359106][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.635437][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3009'.
[  336.658992][T13691] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  336.954565][   T51] Bluetooth: hci4: command tx timeout
[  337.206752][T13543] 8021q: adding VLAN 0 to HW filter on device batadv0
[  337.408726][T13543] veth0_vlan: entered promiscuous mode
[  337.429668][T13543] veth1_vlan: entered promiscuous mode
[  337.513323][T13543] veth0_macvtap: entered promiscuous mode
[  337.537856][T13543] veth1_macvtap: entered promiscuous mode
[  337.551359][T13722] __nla_validate_parse: 1 callbacks suppressed
[  337.551379][T13722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3020'.
[  337.582676][T13722] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  337.639463][T13543] batman_adv: batadv0: Interface activated: batadv_slave_0
[  337.670808][T13543] batman_adv: batadv0: Interface activated: batadv_slave_1
[  337.728024][T13543] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.740157][T13543] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.774552][T13543] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.783323][T13543] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.910120][T13737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3025'.
[  338.145457][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.181311][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.274558][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.289567][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.773040][T13766] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3038'.
[  339.036374][   T51] Bluetooth: hci4: command tx timeout
[  339.274752][T13781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3045'.
[  339.533613][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  339.547288][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  339.560509][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  339.569419][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  339.577720][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  339.744604][T13801] netlink: 'syz.0.3052': attribute type 4 has an invalid length.
[  339.829961][T13803] netlink: 'syz.2.3054': attribute type 29 has an invalid length.
[  339.839842][T13803] netlink: 'syz.2.3054': attribute type 29 has an invalid length.
[  340.176418][T13813] vlan1: entered allmulticast mode
[  340.190704][T13813] veth0_vlan: entered allmulticast mode
[  340.334110][T13819] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3057'.
[  340.342257][T13812] syzkaller0: entered promiscuous mode
[  340.349238][T13812] syzkaller0: entered allmulticast mode
[  340.372417][T13819] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3057'.
[  340.485297][T13819] gretap1: entered promiscuous mode
[  340.490866][T13819] gretap1: entered allmulticast mode
[  340.580558][T13823] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3061'.
[  340.659715][T13823] wg1: entered promiscuous mode
[  340.833566][T13833] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3066'.
[  341.116118][ T5855] Bluetooth: hci4: command tx timeout
[  341.677572][ T5855] Bluetooth: hci5: command tx timeout
[  342.001470][T13833] bond0: entered promiscuous mode
[  342.023911][T13833] bond_slave_0: entered promiscuous mode
[  342.068319][T13833] bond_slave_1: entered promiscuous mode
[  342.087748][T13833] bond0: left promiscuous mode
[  342.107251][T13833] bond_slave_0: left promiscuous mode
[  342.112905][T13833] bond_slave_1: left promiscuous mode
[  342.150982][T13788] chnl_net:caif_netlink_parms(): no params data found
[  342.540229][T13788] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.561386][T13788] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.587911][T13788] bridge_slave_0: entered allmulticast mode
[  342.641753][T13788] bridge_slave_0: entered promiscuous mode
[  343.359438][   T13] bond5 (unregistering): (slave bridge0): Releasing backup interface
[  343.543240][   T13] bond0 (unregistering): left promiscuous mode
[  343.550587][   T13] bond0 (unregistering): Released all slaves
[  343.565898][   T13] bond1 (unregistering): Released all slaves
[  343.584662][   T13] bond2 (unregistering): Released all slaves
[  343.604875][   T13] bond3 (unregistering): Released all slaves
[  343.623896][   T13] bond4 (unregistering): Released all slaves
[  343.735250][   T13] bond5 (unregistering): Released all slaves
[  343.754652][ T5855] Bluetooth: hci5: command tx timeout
[  343.832978][   T13] bond6 (unregistering): Released all slaves
[  343.849047][   T13] bond7 (unregistering): Released all slaves
[  343.866681][   T13] bond8 (unregistering): Released all slaves
[  343.972300][   T13] bond9 (unregistering): Released all slaves
[  343.989741][T13788] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.999869][T13788] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.007750][T13788] bridge_slave_1: entered allmulticast mode
[  344.016631][T13788] bridge_slave_1: entered promiscuous mode
[  344.221747][T13788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  344.254967][T13788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  344.328310][   T13] IPVS: stopping master sync thread 6659 ...
[  344.517382][T13788] team0: Port device team_slave_0 added
[  344.538063][T13788] team0: Port device team_slave_1 added
[  344.625372][T13906] netlink: 'syz.1.3091': attribute type 4 has an invalid length.
[  344.692234][T13788] batman_adv: batadv0: Adding interface: batadv_slave_0
[  344.709354][T13788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.749479][T13788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.809078][T13788] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.822365][T13788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.830303][T13914] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  344.887277][T13788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  345.136573][T13788] hsr_slave_0: entered promiscuous mode
[  345.137212][T13929] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3097'.
[  345.152472][T13788] hsr_slave_1: entered promiscuous mode
[  345.176549][T13788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  345.195691][T13788] Cannot create hsr debugfs directory
[  345.309984][T13933] netlink: 'syz.1.3100': attribute type 1 has an invalid length.
[  345.390888][T13936] sctp: [Deprecated]: syz.0.3099 (pid 13936) Use of int in maxseg socket option.
[  345.390888][T13936] Use struct sctp_assoc_value instead
[  345.537450][   T13] batadv0: left promiscuous mode
[  345.556124][   T13] hsr_slave_0: left promiscuous mode
[  345.569413][   T13] hsr_slave_1: left promiscuous mode
[  345.662758][   T13] pimreg (unregistering): left allmulticast mode
[  345.718915][   T13] pim6reg (unregistering): left allmulticast mode
[  345.844510][ T5855] Bluetooth: hci5: command tx timeout
[  346.260980][T13955] Cannot find set identified by id 0 to match
[  346.459270][T13953] netlink: 'syz.1.3105': attribute type 23 has an invalid length.
[  346.570739][T13963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3108'.
[  346.633790][T13965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3109'.
[  346.671242][T13963] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3108'.
[  346.948067][T13976] syz_tun: entered allmulticast mode
[  347.589178][T13788] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  347.630776][T13788] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  347.662147][T13788] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  347.678470][T14004] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3125'.
[  347.701456][T13788] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  347.721713][T13975] syz_tun: left allmulticast mode
[  347.790967][T14012] netlink: 'syz.4.3126': attribute type 10 has an invalid length.
[  347.847758][T14012] 8021q: adding VLAN 0 to HW filter on device team0
[  347.861757][T14012] team0: entered promiscuous mode
[  347.871497][T14012] bond0: (slave team0): Enslaving as an active interface with an up link
[  347.915627][ T5855] Bluetooth: hci5: command tx timeout
[  348.102002][T13788] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.151707][T13788] 8021q: adding VLAN 0 to HW filter on device team0
[  348.195165][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.202379][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.228846][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.236111][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.646487][T14046] netlink: 'syz.2.3140': attribute type 23 has an invalid length.
[  348.952356][T13788] 8021q: adding VLAN 0 to HW filter on device batadv0
[  349.088764][T13788] veth0_vlan: entered promiscuous mode
[  349.131853][T13788] veth1_vlan: entered promiscuous mode
[  349.171194][T14063] netlink: 'syz.1.3147': attribute type 29 has an invalid length.
[  349.209289][T14063] netlink: 'syz.1.3147': attribute type 29 has an invalid length.
[  349.247529][T13788] veth0_macvtap: entered promiscuous mode
[  349.272036][T13788] veth1_macvtap: entered promiscuous mode
[  349.291722][T14065] Cannot find set identified by id 0 to match
[  349.342589][T13788] batman_adv: batadv0: Interface activated: batadv_slave_0
[  349.388723][T13788] batman_adv: batadv0: Interface activated: batadv_slave_1
[  349.407240][T14068] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3149'.
[  349.423495][T13788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  349.423749][T14069] netlink: 'syz.1.3150': attribute type 1 has an invalid length.
[  349.447736][T13788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  349.461637][T13788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  349.483474][T13788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  349.727608][T14082] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3154'.
[  349.920134][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  349.954083][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  350.081745][T14096] netlink: 'syz.4.3159': attribute type 29 has an invalid length.
[  350.091707][T14096] netlink: 'syz.4.3159': attribute type 29 has an invalid length.
[  350.163924][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.206348][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  350.234331][T14101] syz_tun: entered allmulticast mode
[  350.501595][T14110] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3164'.
[  350.770508][T14116] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  351.078910][T14100] syz_tun: left allmulticast mode
[  351.155243][T14125] netlink: 'syz.2.3172': attribute type 4 has an invalid length.
[  351.166180][T14127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3171'.
[  351.426811][T14132] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3175'.
[  351.461196][T14132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3175'.
[  351.501367][ T2988] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.667717][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  351.668582][T14144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3178'.
[  351.697110][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  351.706874][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  351.723555][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  351.732089][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  351.767901][ T2988] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.796645][T14144] bond0: entered promiscuous mode
[  351.801844][T14144] bond_slave_0: entered promiscuous mode
[  351.808523][T14144] bond_slave_1: entered promiscuous mode
[  351.816784][T14144] batadv0: entered promiscuous mode
[  351.831075][T14144] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  351.840680][T14144] Cannot create hsr debugfs directory
[  351.851866][T14144] 8021q: adding VLAN 0 to HW filter on device hsr1
[  351.966726][ T2988] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.031988][T14153] x_tables: unsorted underflow at hook 4
[  352.064610][T14153] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3182'.
[  352.092585][T14153] tc_dump_action: action bad kind
[  352.166488][ T2988] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.222924][ T2988] bond0 (unregistering): left promiscuous mode
[  353.229234][ T2988] team0: left promiscuous mode
[  353.237622][ T2988] bond0 (unregistering): (slave team0): Releasing backup interface
[  353.251566][ T2988] bond0 (unregistering): Released all slaves
[  353.350032][ T2988] bond1 (unregistering): Released all slaves
[  353.369864][ T2988] bond2 (unregistering): Released all slaves
[  353.464142][ T2988] bond3 (unregistering): Released all slaves
[  353.559787][ T2988] bond4 (unregistering): Released all slaves
[  353.653022][ T2988] bond5 (unregistering): Released all slaves
[  353.758779][ T2988] bond6 (unregistering): Released all slaves
[  353.837725][   T51] Bluetooth: hci0: command tx timeout
[  353.861018][ T2988] bond7 (unregistering): Released all slaves
[  353.951438][ T2988] bond8 (unregistering): Released all slaves
[  354.263075][ T2988] tipc: Disabling bearer <udp:syz0>
[  354.284783][ T2988] tipc: Left network mode
[  354.459576][T14140] chnl_net:caif_netlink_parms(): no params data found
[  354.502152][T14214] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3200'.
[  354.560111][T14216] netlink: 'syz.2.3203': attribute type 23 has an invalid length.
[  354.916948][T14140] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.934138][T14140] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.957772][T14140] bridge_slave_0: entered allmulticast mode
[  354.974327][T14140] bridge_slave_0: entered promiscuous mode
[  355.020677][T14140] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.030717][T14140] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.054695][T14140] bridge_slave_1: entered allmulticast mode
[  355.062597][T14140] bridge_slave_1: entered promiscuous mode
[  355.216393][T14140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.217825][T14240] netlink: 'syz.2.3210': attribute type 1 has an invalid length.
[  355.243621][T14240] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3210'.
[  355.267853][T14240] netlink: 'syz.2.3210': attribute type 1 has an invalid length.
[  355.292535][T14140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.303221][T14247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3210'.
[  355.515247][T14140] team0: Port device team_slave_0 added
[  355.525341][T14140] team0: Port device team_slave_1 added
[  355.542860][T14262] netlink: 'syz.0.3215': attribute type 4 has an invalid length.
[  355.571452][T14259] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3216'.
[  355.671959][T14140] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.694161][T14140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.723937][T14140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.738149][T14140] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.745449][T14140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.773624][T14140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.792741][ T2988] batadv0: left promiscuous mode
[  355.815885][ T2988] hsr_slave_0: left promiscuous mode
[  355.822420][ T2988] hsr_slave_1: left promiscuous mode
[  355.857828][ T2988] vlan0: left allmulticast mode
[  355.862872][ T2988] veth0_vlan: left allmulticast mode
[  355.868447][ T2988] vlan0: left promiscuous mode
[  355.874282][ T2988] veth1_macvtap: left promiscuous mode
[  355.880647][ T2988] veth0_macvtap: left promiscuous mode
[  355.886741][ T2988] veth1_vlan: left promiscuous mode
[  355.892030][T14272] IPVS: set_ctl: invalid protocol: 43 0.0.0.0:20000
[  355.899106][ T2988] veth0_vlan: left promiscuous mode
[  355.909174][T14272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3219'.
[  355.919902][   T51] Bluetooth: hci0: command tx timeout
[  356.343260][ T2988] pim6reg (unregistering): left allmulticast mode
[  357.268587][T14248] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  357.308383][T14140] hsr_slave_0: entered promiscuous mode
[  357.326082][T14140] hsr_slave_1: entered promiscuous mode
[  357.332495][T14140] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  357.364562][T14140] Cannot create hsr debugfs directory
[  357.763465][ T1157] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  357.773962][ T2988] IPVS: stop unused estimator thread 0...
[  357.883460][T14293] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.3229'.
[  357.981322][T14298] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3230'.
[  357.991030][T14298] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.998820][T14298] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.008295][   T51] Bluetooth: hci0: command 0x040f tx timeout
[  358.224258][T14309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3237'.
[  358.373718][T14313] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3239'.
[  358.387900][T14313] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3239'.
[  358.519752][T14320] netlink: 1196 bytes leftover after parsing attributes in process `syz.1.3241'.
[  358.529547][T14319] netlink: 1196 bytes leftover after parsing attributes in process `syz.1.3241'.
[  358.849077][T14140] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  358.900466][T14140] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  358.955969][T14140] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  358.991324][T14140] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  359.065962][T14347] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3253'.
[  359.335369][T14140] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.399637][T14140] 8021q: adding VLAN 0 to HW filter on device team0
[  359.441746][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.449028][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.489137][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.496398][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.536019][T14370] veth1_macvtap: left promiscuous mode
[  360.067401][T14394] netlink: 'syz.2.3266': attribute type 4 has an invalid length.
[  360.075778][   T51] Bluetooth: hci0: command 0x040f tx timeout
[  360.302394][T14140] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.601654][T14410] netlink: 'syz.1.3272': attribute type 1 has an invalid length.
[  360.609810][T14410] __nla_validate_parse: 2 callbacks suppressed
[  360.609829][T14410] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3272'.
[  360.858727][T14426] netlink: 'syz.1.3278': attribute type 29 has an invalid length.
[  360.895463][T14426] netlink: 'syz.1.3278': attribute type 29 has an invalid length.
[  360.970640][T14430] FAULT_INJECTION: forcing a failure.
[  360.970640][T14430] name failslab, interval 1, probability 0, space 0, times 0
[  360.992698][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz.0.3280 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  360.992729][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.992742][T14430] Call Trace:
[  360.992751][T14430]  <TASK>
[  360.992760][T14430]  dump_stack_lvl+0x189/0x250
[  360.992793][T14430]  ? __pfx____ratelimit+0x10/0x10
[  360.992815][T14430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.992841][T14430]  ? __pfx__printk+0x10/0x10
[  360.992878][T14430]  ? ref_tracker_alloc+0x318/0x460
[  360.992924][T14430]  should_fail_ex+0x414/0x560
[  360.992953][T14430]  should_failslab+0xa8/0x100
[  360.992988][T14430]  kmem_cache_alloc_noprof+0x73/0x3c0
[  360.993018][T14430]  ? skb_clone+0x212/0x3a0
[  360.993045][T14430]  skb_clone+0x212/0x3a0
[  360.993070][T14430]  __netlink_deliver_tap+0x404/0x850
[  360.993115][T14430]  ? netlink_deliver_tap+0x2e/0x1b0
[  360.993149][T14430]  netlink_deliver_tap+0x19c/0x1b0
[  360.993181][T14430]  netlink_unicast+0x730/0x8e0
[  360.993222][T14430]  netlink_sendmsg+0x805/0xb30
[  360.993264][T14430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.993308][T14430]  ? aa_sock_msg_perm+0x94/0x160
[  360.993335][T14430]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  360.993359][T14430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.993392][T14430]  __sock_sendmsg+0x21c/0x270
[  360.993422][T14430]  ____sys_sendmsg+0x505/0x830
[  360.993462][T14430]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.993507][T14430]  ? import_iovec+0x74/0xa0
[  360.993548][T14430]  ___sys_sendmsg+0x21f/0x2a0
[  360.993584][T14430]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.993662][T14430]  ? __fget_files+0x2a/0x420
[  360.993680][T14430]  ? __fget_files+0x3a0/0x420
[  360.993714][T14430]  __x64_sys_sendmsg+0x19b/0x260
[  360.993751][T14430]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  360.993797][T14430]  ? __pfx_ksys_write+0x10/0x10
[  360.993824][T14430]  ? rcu_is_watching+0x15/0xb0
[  360.993857][T14430]  ? do_syscall_64+0xbe/0x3b0
[  360.993886][T14430]  do_syscall_64+0xfa/0x3b0
[  360.993909][T14430]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.993931][T14430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.993953][T14430]  ? clear_bhb_loop+0x60/0xb0
[  360.993980][T14430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.994002][T14430] RIP: 0033:0x7f083ab8e929
[  360.994022][T14430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.994041][T14430] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.994065][T14430] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  360.994081][T14430] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  360.994095][T14430] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  360.994109][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.994122][T14430] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  360.994157][T14430]  </TASK>
[  361.523194][T14140] veth0_vlan: entered promiscuous mode
[  361.585754][T14140] veth1_vlan: entered promiscuous mode
[  361.677301][T14140] veth0_macvtap: entered promiscuous mode
[  361.701630][T14140] veth1_macvtap: entered promiscuous mode
[  361.714862][T14448] netlink: 'syz.0.3286': attribute type 1 has an invalid length.
[  361.735159][T14448] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3286'.
[  361.778432][T14140] batman_adv: batadv0: Interface activated: batadv_slave_0
[  361.809926][T14140] batman_adv: batadv0: Interface activated: batadv_slave_1
[  361.847598][T14140] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.877935][T14140] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.900082][T14140] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.919150][T14140] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.113025][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.134365][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.164597][   T51] Bluetooth: hci0: command 0x040f tx timeout
[  362.172431][T14462] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3292'.
[  362.191287][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.191298][T14462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3292'.
[  362.263328][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.532262][T14478] netlink: 'syz.4.3166': attribute type 1 has an invalid length.
[  362.589603][T14482] FAULT_INJECTION: forcing a failure.
[  362.589603][T14482] name failslab, interval 1, probability 0, space 0, times 0
[  362.606740][T14482] CPU: 1 UID: 0 PID: 14482 Comm: syz.0.3300 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  362.606777][T14482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  362.606791][T14482] Call Trace:
[  362.606812][T14482]  <TASK>
[  362.606822][T14482]  dump_stack_lvl+0x189/0x250
[  362.606852][T14482]  ? __pfx____ratelimit+0x10/0x10
[  362.606875][T14482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.606900][T14482]  ? __pfx__printk+0x10/0x10
[  362.606933][T14482]  ? __pfx___might_resched+0x10/0x10
[  362.606958][T14482]  ? fs_reclaim_acquire+0x7d/0x100
[  362.606985][T14482]  should_fail_ex+0x414/0x560
[  362.607013][T14482]  should_failslab+0xa8/0x100
[  362.607047][T14482]  __kmalloc_noprof+0xcb/0x4f0
[  362.607075][T14482]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  362.607098][T14482]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  362.607129][T14482]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  362.607161][T14482]  genl_family_rcv_msg_doit+0xb8/0x300
[  362.607192][T14482]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  362.607218][T14482]  ? rcu_is_watching+0x15/0xb0
[  362.607247][T14482]  ? apparmor_capable+0x137/0x1b0
[  362.607278][T14482]  ? bpf_lsm_capable+0x9/0x20
[  362.607306][T14482]  ? security_capable+0x7e/0x2e0
[  362.607335][T14482]  genl_rcv_msg+0x60e/0x790
[  362.607372][T14482]  ? __pfx_genl_rcv_msg+0x10/0x10
[  362.607391][T14482]  ? ref_tracker_free+0x63a/0x7d0
[  362.607413][T14482]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  362.607448][T14482]  ? __pfx_ref_tracker_free+0x10/0x10
[  362.607484][T14482]  netlink_rcv_skb+0x208/0x470
[  362.607514][T14482]  ? __pfx_genl_rcv_msg+0x10/0x10
[  362.607538][T14482]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  362.607587][T14482]  ? down_read+0x1ad/0x2e0
[  362.607615][T14482]  genl_rcv+0x28/0x40
[  362.607634][T14482]  netlink_unicast+0x759/0x8e0
[  362.607673][T14482]  netlink_sendmsg+0x805/0xb30
[  362.607713][T14482]  ? __pfx_netlink_sendmsg+0x10/0x10
[  362.607747][T14482]  ? aa_sock_msg_perm+0x94/0x160
[  362.607772][T14482]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  362.607795][T14482]  ? __pfx_netlink_sendmsg+0x10/0x10
[  362.607825][T14482]  __sock_sendmsg+0x21c/0x270
[  362.607854][T14482]  ____sys_sendmsg+0x505/0x830
[  362.607893][T14482]  ? __pfx_____sys_sendmsg+0x10/0x10
[  362.607936][T14482]  ? import_iovec+0x74/0xa0
[  362.607970][T14482]  ___sys_sendmsg+0x21f/0x2a0
[  362.608005][T14482]  ? __pfx____sys_sendmsg+0x10/0x10
[  362.608079][T14482]  ? __fget_files+0x2a/0x420
[  362.608115][T14482]  ? __fget_files+0x3a0/0x420
[  362.608148][T14482]  __x64_sys_sendmsg+0x19b/0x260
[  362.608185][T14482]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  362.608231][T14482]  ? __pfx_ksys_write+0x10/0x10
[  362.608257][T14482]  ? rcu_is_watching+0x15/0xb0
[  362.608289][T14482]  ? do_syscall_64+0xbe/0x3b0
[  362.608318][T14482]  do_syscall_64+0xfa/0x3b0
[  362.608346][T14482]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.608368][T14482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.608390][T14482]  ? clear_bhb_loop+0x60/0xb0
[  362.608417][T14482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.608438][T14482] RIP: 0033:0x7f083ab8e929
[  362.608458][T14482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.608477][T14482] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  362.608500][T14482] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  362.608516][T14482] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  362.608530][T14482] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  362.608544][T14482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.608557][T14482] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  362.608591][T14482]  </TASK>
[  362.976608][T14485] FAULT_INJECTION: forcing a failure.
[  362.976608][T14485] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.992492][T14485] CPU: 0 UID: 0 PID: 14485 Comm: syz.3.3301 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  362.992524][T14485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  362.992538][T14485] Call Trace:
[  362.992546][T14485]  <TASK>
[  362.992556][T14485]  dump_stack_lvl+0x189/0x250
[  362.992587][T14485]  ? __pfx____ratelimit+0x10/0x10
[  362.992610][T14485]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.992636][T14485]  ? __pfx__printk+0x10/0x10
[  362.992665][T14485]  ? __might_fault+0xb0/0x130
[  362.992708][T14485]  should_fail_ex+0x414/0x560
[  362.992736][T14485]  _copy_from_user+0x2d/0xb0
[  362.992767][T14485]  ax25_ctl_ioctl+0xc5/0xa50
[  362.992796][T14485]  ? __pfx_ax25_ctl_ioctl+0x10/0x10
[  362.992820][T14485]  ? aa_get_newest_label+0xf7/0x5d0
[  362.992855][T14485]  ? rcu_is_watching+0x15/0xb0
[  362.992889][T14485]  ? bpf_lsm_capable+0x9/0x20
[  362.992917][T14485]  ? security_capable+0x7e/0x2e0
[  362.992964][T14485]  ax25_ioctl+0x757/0xca0
[  362.992993][T14485]  ? __pfx_ax25_ioctl+0x10/0x10
[  362.993018][T14485]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  362.993063][T14485]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  362.993099][T14485]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  362.993133][T14485]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  362.993169][T14485]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  362.993216][T14485]  sock_do_ioctl+0xdc/0x300
[  362.993245][T14485]  ? __pfx_sock_do_ioctl+0x10/0x10
[  362.993267][T14485]  ? __lock_acquire+0xab9/0xd20
[  362.993309][T14485]  sock_ioctl+0x576/0x790
[  362.993336][T14485]  ? __pfx_sock_ioctl+0x10/0x10
[  362.993360][T14485]  ? __fget_files+0x2a/0x420
[  362.993379][T14485]  ? __fget_files+0x3a0/0x420
[  362.993398][T14485]  ? __fget_files+0x2a/0x420
[  362.993422][T14485]  ? bpf_lsm_file_ioctl+0x9/0x20
[  362.993450][T14485]  ? __pfx_sock_ioctl+0x10/0x10
[  362.993472][T14485]  __se_sys_ioctl+0xfc/0x170
[  362.993512][T14485]  do_syscall_64+0xfa/0x3b0
[  362.993536][T14485]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.993558][T14485]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.993580][T14485]  ? clear_bhb_loop+0x60/0xb0
[  362.993607][T14485]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.993629][T14485] RIP: 0033:0x7fadc878e929
[  362.993649][T14485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.993667][T14485] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  362.993690][T14485] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  362.993707][T14485] RDX: 00002000000003c0 RSI: 00000000000089e8 RDI: 0000000000000004
[  362.993721][T14485] RBP: 00007fadc959a090 R08: 0000000000000000 R09: 0000000000000000
[  362.993735][T14485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.993748][T14485] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  362.993782][T14485]  </TASK>
[  363.552077][T14492] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3304'.
[  363.603113][T14498] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3305'.
[  363.614542][T14492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3304'.
[  363.655365][T14498] bond0: entered promiscuous mode
[  363.664998][T14498] bond_slave_0: entered promiscuous mode
[  363.690062][T14498] bond_slave_1: entered promiscuous mode
[  363.709418][T14498] bond0: left promiscuous mode
[  363.724561][T14498] bond_slave_0: left promiscuous mode
[  363.732509][T14498] bond_slave_1: left promiscuous mode
[  363.939323][T14505] netlink: 'syz.3.3311': attribute type 21 has an invalid length.
[  363.949598][T14506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3310'.
[  364.492630][ T5855] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  364.502737][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  364.514589][ T5855] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  364.533018][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  364.543144][ T5855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  364.592766][T14533] netlink: 'syz.2.3319': attribute type 1 has an invalid length.
[  364.790851][T14542] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3322'.
[  364.793978][T14540] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  364.902331][T14549] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3323'.
[  364.903161][T14542] bond0: entered promiscuous mode
[  364.941941][T14542] bond_slave_0: entered promiscuous mode
[  364.955369][T14542] bond_slave_1: entered promiscuous mode
[  364.963371][T14542] batadv0: entered promiscuous mode
[  364.976290][T14542] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  364.983892][T14542] Cannot create hsr debugfs directory
[  365.013644][T14542] 8021q: adding VLAN 0 to HW filter on device hsr1
[  365.249652][T14557] bridge0: entered promiscuous mode
[  365.269279][T14557] vlan2: entered promiscuous mode
[  365.633941][T14574] mac80211_hwsim hwsim33 wlan0: entered promiscuous mode
[  366.023665][ T2988] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[  366.379157][ T2988] bond0 (unregistering): left promiscuous mode
[  366.385515][ T2988] bond_slave_0: left promiscuous mode
[  366.391173][ T2988] bond_slave_1: left promiscuous mode
[  366.400761][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  366.411948][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.422170][ T2988] bond0 (unregistering): Released all slaves
[  366.532079][ T2988] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  366.542587][ T2988] bond1 (unregistering): (slave vlan3): Releasing active interface
[  366.551789][ T2988] bond1 (unregistering): Released all slaves
[  366.571655][ T2988] bond2 (unregistering): Released all slaves
[  366.587990][ T2988] bond3 (unregistering): Released all slaves
[  366.641006][   T51] Bluetooth: hci1: command tx timeout
[  366.699808][ T2988] bond4 (unregistering): Released all slaves
[  366.716151][ T2988] bond5 (unregistering): Released all slaves
[  366.732955][ T2988] bond6 (unregistering): Released all slaves
[  366.932991][T14524] chnl_net:caif_netlink_parms(): no params data found
[  367.509786][T14524] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.518028][T14524] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.528680][T14524] bridge_slave_0: entered allmulticast mode
[  367.537487][T14524] bridge_slave_0: entered promiscuous mode
[  367.595267][T14524] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.614891][T14524] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.630046][T14524] bridge_slave_1: entered allmulticast mode
[  367.663892][T14524] bridge_slave_1: entered promiscuous mode
[  367.839868][T14524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.903075][T14524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.027599][ T2988] batadv0: left promiscuous mode
[  368.049973][ T2988] hsr_slave_0: left promiscuous mode
[  368.066510][ T2988] hsr_slave_1: left promiscuous mode
[  368.072309][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  368.098921][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.145715][ T2988] pim6reg (unregistering): left allmulticast mode
[  368.462779][T14651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3361'.
[  368.716490][   T51] Bluetooth: hci1: command tx timeout
[  368.980236][T14524] team0: Port device team_slave_0 added
[  368.989861][T14524] team0: Port device team_slave_1 added
[  369.118297][T14524] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.126986][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.168540][T14524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.200420][T14524] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.233871][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.301005][T14524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.309120][T14660] netlink: 248 bytes leftover after parsing attributes in process `syz.4.3366'.
[  369.333136][T14660] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3366'.
[  369.380102][T14657] syzkaller1: entered promiscuous mode
[  369.394951][T14657] syzkaller1: entered allmulticast mode
[  369.571347][T14524] hsr_slave_0: entered promiscuous mode
[  369.580225][T14524] hsr_slave_1: entered promiscuous mode
[  369.711805][T14676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3371'.
[  369.771935][T14678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3370'.
[  369.826983][ T2988] IPVS: stop unused estimator thread 0...
[  370.098811][T14694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3380'.
[  370.153140][T14696] vcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[  370.380184][T14524] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  370.411559][T14524] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  370.438312][T14524] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  370.453657][T14524] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  370.794559][   T51] Bluetooth: hci1: command tx timeout
[  370.801801][T14524] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.841075][T14524] 8021q: adding VLAN 0 to HW filter on device team0
[  370.861338][ T2125] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.868576][ T2125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.884561][T14724] ieee802154 phy0 wpan0: encryption failed: -22
[  370.928184][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.935405][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.082123][T14524] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  371.294169][T14743] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3397'.
[  371.561867][T14524] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.727351][T14524] veth0_vlan: entered promiscuous mode
[  371.773245][T14524] veth1_vlan: entered promiscuous mode
[  371.882681][T14524] veth0_macvtap: entered promiscuous mode
[  371.930901][T14524] veth1_macvtap: entered promiscuous mode
[  371.997684][T14524] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.062043][T14524] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.102093][T14774] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3411'.
[  372.116858][T14524] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.131025][T14524] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.140250][T14774] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  372.149626][T14524] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.194478][T14524] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.428009][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.451896][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.556096][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.604586][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.850760][T14809] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3427'.
[  372.874574][   T51] Bluetooth: hci1: command tx timeout
[  373.026306][T14818] Bluetooth: MGMT ver 1.23
[  373.034302][T14820] netlink: 'syz.2.3432': attribute type 23 has an invalid length.
[  373.594615][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  373.662399][T14850] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3440'.
[  373.798539][T14860] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3440'.
[  373.867568][T14850] netlink: 'syz.2.3440': attribute type 6 has an invalid length.
[  374.170375][T14878] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3451'.
[  374.197514][T14878] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  374.239595][T14878] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.248311][T14878] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.722974][T14906] FAULT_INJECTION: forcing a failure.
[  374.722974][T14906] name failslab, interval 1, probability 0, space 0, times 0
[  374.794910][T14906] CPU: 0 UID: 0 PID: 14906 Comm: syz.3.3459 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  374.794942][T14906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  374.794959][T14906] Call Trace:
[  374.794968][T14906]  <TASK>
[  374.794977][T14906]  dump_stack_lvl+0x189/0x250
[  374.795009][T14906]  ? __pfx____ratelimit+0x10/0x10
[  374.795032][T14906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  374.795064][T14906]  ? __pfx__printk+0x10/0x10
[  374.795101][T14906]  ? __pfx___might_resched+0x10/0x10
[  374.795125][T14906]  ? fs_reclaim_acquire+0x7d/0x100
[  374.795153][T14906]  should_fail_ex+0x414/0x560
[  374.795180][T14906]  should_failslab+0xa8/0x100
[  374.795215][T14906]  __kmalloc_noprof+0xcb/0x4f0
[  374.795243][T14906]  ? kfree+0x4d/0x440
[  374.795267][T14906]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  374.795299][T14906]  tomoyo_realpath_from_path+0xe3/0x5d0
[  374.795328][T14906]  ? tomoyo_domain+0xd9/0x130
[  374.795360][T14906]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  374.795394][T14906]  tomoyo_path_number_perm+0x1e8/0x5a0
[  374.795432][T14906]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  374.795485][T14906]  ? __lock_acquire+0xab9/0xd20
[  374.795530][T14906]  ? __fget_files+0x2a/0x420
[  374.795552][T14906]  ? __fget_files+0x2a/0x420
[  374.795571][T14906]  ? __fget_files+0x3a0/0x420
[  374.795588][T14906]  ? __fget_files+0x2a/0x420
[  374.795612][T14906]  security_file_ioctl+0xcb/0x2d0
[  374.795647][T14906]  __se_sys_ioctl+0x47/0x170
[  374.795678][T14906]  do_syscall_64+0xfa/0x3b0
[  374.795699][T14906]  ? lockdep_hardirqs_on+0x9c/0x150
[  374.795720][T14906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.795742][T14906]  ? clear_bhb_loop+0x60/0xb0
[  374.795768][T14906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.795792][T14906] RIP: 0033:0x7fadc878e929
[  374.795811][T14906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.795829][T14906] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  374.795852][T14906] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  374.795868][T14906] RDX: 0000200000000080 RSI: 000000000000890b RDI: 0000000000000004
[  374.795882][T14906] RBP: 00007fadc959a090 R08: 0000000000000000 R09: 0000000000000000
[  374.795895][T14906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.795908][T14906] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  374.795940][T14906]  </TASK>
[  374.795949][T14906] ERROR: Out of memory at tomoyo_realpath_from_path.
[  375.335881][T14930] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3466'.
[  375.618604][T14944] FAULT_INJECTION: forcing a failure.
[  375.618604][T14944] name failslab, interval 1, probability 0, space 0, times 0
[  375.664785][T14944] CPU: 1 UID: 0 PID: 14944 Comm: syz.3.3472 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  375.664818][T14944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.664831][T14944] Call Trace:
[  375.664840][T14944]  <TASK>
[  375.664849][T14944]  dump_stack_lvl+0x189/0x250
[  375.664880][T14944]  ? __pfx____ratelimit+0x10/0x10
[  375.664902][T14944]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.664928][T14944]  ? __pfx__printk+0x10/0x10
[  375.664964][T14944]  ? __pfx___might_resched+0x10/0x10
[  375.664987][T14944]  ? fs_reclaim_acquire+0x7d/0x100
[  375.665014][T14944]  should_fail_ex+0x414/0x560
[  375.665041][T14944]  should_failslab+0xa8/0x100
[  375.665073][T14944]  __kmalloc_noprof+0xcb/0x4f0
[  375.665101][T14944]  ? kfree+0x4d/0x440
[  375.665124][T14944]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  375.665155][T14944]  tomoyo_realpath_from_path+0xe3/0x5d0
[  375.665183][T14944]  ? tomoyo_domain+0xd9/0x130
[  375.665213][T14944]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  375.665246][T14944]  tomoyo_path_number_perm+0x1e8/0x5a0
[  375.665281][T14944]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  375.665332][T14944]  ? __lock_acquire+0xab9/0xd20
[  375.665374][T14944]  ? __fget_files+0x2a/0x420
[  375.665407][T14944]  ? __fget_files+0x2a/0x420
[  375.665422][T14944]  ? __fget_files+0x3a0/0x420
[  375.665437][T14944]  ? __fget_files+0x2a/0x420
[  375.665457][T14944]  security_file_ioctl+0xcb/0x2d0
[  375.665487][T14944]  __se_sys_ioctl+0x47/0x170
[  375.665515][T14944]  do_syscall_64+0xfa/0x3b0
[  375.665535][T14944]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.665553][T14944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.665573][T14944]  ? clear_bhb_loop+0x60/0xb0
[  375.665596][T14944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.665616][T14944] RIP: 0033:0x7fadc878e929
[  375.665634][T14944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.665653][T14944] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  375.665673][T14944] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  375.665688][T14944] RDX: 0000200000001080 RSI: 000000000000890c RDI: 0000000000000004
[  375.665701][T14944] RBP: 00007fadc959a090 R08: 0000000000000000 R09: 0000000000000000
[  375.665714][T14944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.665726][T14944] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  375.665774][T14944]  </TASK>
[  375.665782][T14944] ERROR: Out of memory at tomoyo_realpath_from_path.
[  375.943675][T14948] gretap0: entered promiscuous mode
[  375.983068][T14948] vlan2: entered promiscuous mode
[  376.010921][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3478'.
[  376.024685][T14959] netlink: 'syz.2.3478': attribute type 30 has an invalid length.
[  376.040167][T14959] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3478'.
[  376.263656][T14967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3481'.
[  376.316651][T14971] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3482'.
[  376.353942][T14971] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.361797][T14971] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.722364][T14995] netlink: 'syz.4.3489': attribute type 29 has an invalid length.
[  376.769036][T14997] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3490'.
[  376.774664][T14995] netlink: 'syz.4.3489': attribute type 29 has an invalid length.
[  377.021296][T15013] Cannot find set identified by id 0 to match
[  377.931137][T15048] lo: entered allmulticast mode
[  378.260544][T15060] syzkaller0: entered promiscuous mode
[  378.270523][T15060] syzkaller0: entered allmulticast mode
[  378.390256][T15067] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3515'.
[  379.734822][T15069] lo: left allmulticast mode
[  380.344887][T15104] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3529'.
[  380.575958][T15119] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3536'.
[  380.586522][T15120] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3537'.
[  380.613753][T15120] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3537'.
[  380.913216][T15136] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3544'.
[  381.007715][T15142] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3548'.
[  381.221329][T15151] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3552'.
[  381.251328][T15151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3552'.
[  381.532903][T15167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3559'.
[  381.607040][T15174] netlink: 'syz.4.3562': attribute type 1 has an invalid length.
[  381.791403][T15178] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  381.817701][T15174] 8021q: adding VLAN 0 to HW filter on device bond1
[  381.823092][T15187] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3566'.
[  381.828882][ T1149] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  382.014560][ T1157] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  382.187591][T15199] vlan2: entered promiscuous mode
[  382.192718][T15199] bridge0: entered promiscuous mode
[  382.583118][T15224] FAULT_INJECTION: forcing a failure.
[  382.583118][T15224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.602705][T15224] CPU: 1 UID: 0 PID: 15224 Comm: syz.2.3583 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  382.602737][T15224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  382.602751][T15224] Call Trace:
[  382.602760][T15224]  <TASK>
[  382.602769][T15224]  dump_stack_lvl+0x189/0x250
[  382.602801][T15224]  ? __pfx____ratelimit+0x10/0x10
[  382.602823][T15224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.602850][T15224]  ? __pfx__printk+0x10/0x10
[  382.602880][T15224]  ? __might_fault+0xb0/0x130
[  382.602929][T15224]  should_fail_ex+0x414/0x560
[  382.602957][T15224]  _copy_from_user+0x2d/0xb0
[  382.602989][T15224]  kstrtouint_from_user+0xc4/0x170
[  382.603017][T15224]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  382.603062][T15224]  proc_fail_nth_write+0x88/0x240
[  382.603083][T15224]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  382.603112][T15224]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  382.603135][T15224]  vfs_write+0x27b/0xa90
[  382.603175][T15224]  ? __pfx_vfs_write+0x10/0x10
[  382.603206][T15224]  ? __fget_files+0x2a/0x420
[  382.603231][T15224]  ? __fget_files+0x3a0/0x420
[  382.603249][T15224]  ? __fget_files+0x2a/0x420
[  382.603279][T15224]  ksys_write+0x145/0x250
[  382.603306][T15224]  ? __fget_files+0x3a0/0x420
[  382.603327][T15224]  ? __pfx_ksys_write+0x10/0x10
[  382.603363][T15224]  ? do_syscall_64+0xbe/0x3b0
[  382.603391][T15224]  do_syscall_64+0xfa/0x3b0
[  382.603413][T15224]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.603435][T15224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.603456][T15224]  ? clear_bhb_loop+0x60/0xb0
[  382.603483][T15224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.603504][T15224] RIP: 0033:0x7fd565b8d3df
[  382.603523][T15224] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  382.603541][T15224] RSP: 002b:00007fd566a0f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  382.603563][T15224] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd565b8d3df
[  382.603578][T15224] RDX: 0000000000000001 RSI: 00007fd566a0f0a0 RDI: 0000000000000003
[  382.603592][T15224] RBP: 00007fd566a0f090 R08: 0000000000000000 R09: 0000000000000000
[  382.603605][T15224] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  382.603618][T15224] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  382.603651][T15224]  </TASK>
[  383.325227][T15256] netlink: 'syz.3.3595': attribute type 1 has an invalid length.
[  383.464967][T15258] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  383.551377][T15256] 8021q: adding VLAN 0 to HW filter on device bond1
[  383.559260][T15268] netlink: 'syz.4.3601': attribute type 1 has an invalid length.
[  383.559698][   T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  383.568716][T15268] netlink: 'syz.4.3601': attribute type 4 has an invalid length.
[  383.712765][T15272] netlink: 'syz.3.3603': attribute type 4 has an invalid length.
[  383.714874][   T78] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  383.839932][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  384.234598][T15298] Cannot find set identified by id 0 to match
[  384.268544][T15296] macvtap1: entered allmulticast mode
[  384.277216][T15296] veth0_macvtap: entered allmulticast mode
[  384.385479][ T1149] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  384.844104][T15321] geneve2: entered promiscuous mode
[  384.872045][T15323] netlink: 'syz.2.3625': attribute type 153 has an invalid length.
[  385.044935][T15331] netlink: 'syz.2.3629': attribute type 32 has an invalid length.
[  385.438191][T15352] __nla_validate_parse: 12 callbacks suppressed
[  385.438212][T15352] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3639'.
[  385.456916][T15352] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3639'.
[  385.556232][T15356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3641'.
[  386.176249][T15386] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3654'.
[  386.939414][T15431] x_tables: duplicate underflow at hook 1
[  388.028175][T15482] vlan2: entered promiscuous mode
[  388.033273][T15482] bridge0: entered promiscuous mode
[  388.346493][T15503] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3704'.
[  388.384461][T15503] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3704'.
[  388.768232][T15527] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3714'.
[  389.055517][T15537] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3719'.
[  389.104448][T15537] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3719'.
[  389.602982][T15562] 8021q: adding VLAN 0 to HW filter on device bond1
[  389.712277][T15576] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3735'.
[  389.838754][T15582] netlink: 'syz.4.3739': attribute type 23 has an invalid length.
[  389.841353][T15576] netlink: 'syz.0.3735': attribute type 10 has an invalid length.
[  389.880734][T15576] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  389.976906][T15590] tipc: Started in network mode
[  389.982072][T15590] tipc: Node identity 09, cluster identity 4711
[  390.493919][T15607] 8021q: adding VLAN 0 to HW filter on device bond2
[  390.569594][T15615] gretap1: entered promiscuous mode
[  390.588650][T15615] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  390.607911][ T5913] IPVS: starting estimator thread 0...
[  390.630401][T15617] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  390.640509][T15618] erspan1: entered promiscuous mode
[  390.659499][T15618] erspan1: entered allmulticast mode
[  390.715041][T15624] IPVS: using max 30 ests per chain, 72000 per kthread
[  391.801183][T15679] FAULT_INJECTION: forcing a failure.
[  391.801183][T15679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.842684][T15679] CPU: 0 UID: 0 PID: 15679 Comm: syz.2.3774 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  391.842716][T15679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  391.842729][T15679] Call Trace:
[  391.842738][T15679]  <TASK>
[  391.842747][T15679]  dump_stack_lvl+0x189/0x250
[  391.842782][T15679]  ? __pfx____ratelimit+0x10/0x10
[  391.842805][T15679]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.842831][T15679]  ? __pfx__printk+0x10/0x10
[  391.842873][T15679]  should_fail_ex+0x414/0x560
[  391.842900][T15679]  _copy_to_user+0x31/0xb0
[  391.842932][T15679]  simple_read_from_buffer+0xe1/0x170
[  391.842969][T15679]  proc_fail_nth_read+0x1df/0x250
[  391.842995][T15679]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.843020][T15679]  ? rw_verify_area+0x258/0x650
[  391.843047][T15679]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.843070][T15679]  vfs_read+0x1fd/0x980
[  391.843105][T15679]  ? __pfx___mutex_lock+0x10/0x10
[  391.843129][T15679]  ? __pfx_vfs_read+0x10/0x10
[  391.843165][T15679]  ? __fget_files+0x2a/0x420
[  391.843189][T15679]  ? __fget_files+0x3a0/0x420
[  391.843206][T15679]  ? __fget_files+0x2a/0x420
[  391.843235][T15679]  ksys_read+0x145/0x250
[  391.843261][T15679]  ? __fget_files+0x3a0/0x420
[  391.843292][T15679]  ? __pfx_ksys_read+0x10/0x10
[  391.843325][T15679]  ? do_syscall_64+0xbe/0x3b0
[  391.843350][T15679]  do_syscall_64+0xfa/0x3b0
[  391.843371][T15679]  ? lockdep_hardirqs_on+0x9c/0x150
[  391.843390][T15679]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.843410][T15679]  ? clear_bhb_loop+0x60/0xb0
[  391.843434][T15679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.843453][T15679] RIP: 0033:0x7fd565b8d33c
[  391.843470][T15679] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  391.843488][T15679] RSP: 002b:00007fd566a0f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  391.843509][T15679] RAX: ffffffffffffffda RBX: 00007fd565db5fa0 RCX: 00007fd565b8d33c
[  391.843523][T15679] RDX: 000000000000000f RSI: 00007fd566a0f0a0 RDI: 0000000000000003
[  391.843535][T15679] RBP: 00007fd566a0f090 R08: 0000000000000000 R09: 0000000000000000
[  391.843547][T15679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.843559][T15679] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  391.843590][T15679]  </TASK>
[  392.197995][T15687] __nla_validate_parse: 3 callbacks suppressed
[  392.198015][T15687] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3778'.
[  392.289313][T15691] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3780'.
[  392.587706][   T49] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  392.699690][T15715] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3789'.
[  392.723123][T15715] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3789'.
[  392.936737][T15718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  392.949542][T15718] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.961228][T15718] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  392.981208][T15718] batman_adv: batadv0: Removing interface: batadv_slave_1
[  393.054090][T15718] batadv0 (unregistering): left promiscuous mode
[  393.235146][T15734] Cannot find set identified by id 0 to match
[  393.382079][T15739] netlink: 'syz.0.3799': attribute type 29 has an invalid length.
[  393.451714][T15739] netlink: 'syz.0.3799': attribute type 29 has an invalid length.
[  393.484863][T15739] netlink: 'syz.0.3799': attribute type 29 has an invalid length.
[  393.669959][T15757] netlink: 'syz.4.3806': attribute type 1 has an invalid length.
[  393.745921][T15757] 8021q: adding VLAN 0 to HW filter on device bond2
[  394.153220][T15784] netlink: 'syz.4.3816': attribute type 21 has an invalid length.
[  394.178449][T15784] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3816'.
[  394.399075][T15796] FAULT_INJECTION: forcing a failure.
[  394.399075][T15796] name failslab, interval 1, probability 0, space 0, times 0
[  394.442354][T15796] CPU: 0 UID: 0 PID: 15796 Comm: syz.4.3820 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  394.442385][T15796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  394.442399][T15796] Call Trace:
[  394.442407][T15796]  <TASK>
[  394.442416][T15796]  dump_stack_lvl+0x189/0x250
[  394.442447][T15796]  ? __pfx____ratelimit+0x10/0x10
[  394.442469][T15796]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.442495][T15796]  ? __pfx__printk+0x10/0x10
[  394.442527][T15796]  ? __pfx___might_resched+0x10/0x10
[  394.442571][T15796]  ? fs_reclaim_acquire+0x7d/0x100
[  394.442598][T15796]  should_fail_ex+0x414/0x560
[  394.442633][T15796]  should_failslab+0xa8/0x100
[  394.442668][T15796]  __kmalloc_noprof+0xcb/0x4f0
[  394.442697][T15796]  ? iovec_from_user+0x87/0x250
[  394.442733][T15796]  iovec_from_user+0x87/0x250
[  394.442768][T15796]  __import_iovec+0x163/0x7f0
[  394.442810][T15796]  import_iovec+0x74/0xa0
[  394.442845][T15796]  ___sys_recvmsg+0x43a/0x510
[  394.442886][T15796]  ? __pfx____sys_recvmsg+0x10/0x10
[  394.442949][T15796]  ? __fget_files+0x3a0/0x420
[  394.442981][T15796]  do_recvmmsg+0x307/0x770
[  394.443022][T15796]  ? __pfx_do_recvmmsg+0x10/0x10
[  394.443056][T15796]  ? _copy_from_user+0x94/0xb0
[  394.443103][T15796]  __x64_sys_recvmmsg+0x1af/0x240
[  394.443127][T15796]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  394.443145][T15796]  ? rcu_is_watching+0x15/0xb0
[  394.443176][T15796]  ? do_syscall_64+0xbe/0x3b0
[  394.443203][T15796]  do_syscall_64+0xfa/0x3b0
[  394.443225][T15796]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.443246][T15796]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.443267][T15796]  ? clear_bhb_loop+0x60/0xb0
[  394.443292][T15796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.443313][T15796] RIP: 0033:0x7fa72758e929
[  394.443333][T15796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.443351][T15796] RSP: 002b:00007fa72843c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  394.443374][T15796] RAX: ffffffffffffffda RBX: 00007fa7277b5fa0 RCX: 00007fa72758e929
[  394.443389][T15796] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  394.443404][T15796] RBP: 00007fa72843c090 R08: 0000200000003700 R09: 0000000000000000
[  394.443419][T15796] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  394.443432][T15796] R13: 0000000000000000 R14: 00007fa7277b5fa0 R15: 00007ffdc820b4d8
[  394.443465][T15796]  </TASK>
[  394.864224][T15798] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.871629][T15798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.879253][T15798] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.886447][T15798] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.966110][T15798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  395.739173][T15834] openvswitch: netlink: IP tunnel dst address not specified
[  396.102093][T15852] netlink: 'syz.3.3844': attribute type 23 has an invalid length.
[  396.451175][T15866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3850'.
[  396.623644][T15874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3853'.
[  396.678926][T15878] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3856'.
[  397.351972][T15910] netlink: 'syz.2.3869': attribute type 29 has an invalid length.
[  397.374079][T15910] netlink: 'syz.2.3869': attribute type 29 has an invalid length.
[  397.568323][T15920] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3873'.
[  397.673695][T15920] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  397.868882][T15937] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3881'.
[  397.913377][T15937] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3881'.
[  398.101185][T15949] netlink: 'syz.0.3886': attribute type 23 has an invalid length.
[  399.250233][T16002] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  399.276455][T16002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3909'.
[  399.283308][T16005] FAULT_INJECTION: forcing a failure.
[  399.283308][T16005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.316741][T16005] CPU: 0 UID: 0 PID: 16005 Comm: syz.2.3910 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  399.316773][T16005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.316786][T16005] Call Trace:
[  399.316795][T16005]  <TASK>
[  399.316804][T16005]  dump_stack_lvl+0x189/0x250
[  399.316836][T16005]  ? __pfx____ratelimit+0x10/0x10
[  399.316859][T16005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.316885][T16005]  ? __pfx__printk+0x10/0x10
[  399.316915][T16005]  ? __might_fault+0xb0/0x130
[  399.316957][T16005]  should_fail_ex+0x414/0x560
[  399.316985][T16005]  _copy_from_user+0x2d/0xb0
[  399.317016][T16005]  ___sys_sendmsg+0x158/0x2a0
[  399.317052][T16005]  ? __pfx____sys_sendmsg+0x10/0x10
[  399.317126][T16005]  ? __fget_files+0x2a/0x420
[  399.317145][T16005]  ? __fget_files+0x3a0/0x420
[  399.317176][T16005]  __x64_sys_sendmsg+0x19b/0x260
[  399.317212][T16005]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  399.317255][T16005]  ? __pfx_ksys_write+0x10/0x10
[  399.317282][T16005]  ? rcu_is_watching+0x15/0xb0
[  399.317313][T16005]  ? do_syscall_64+0xbe/0x3b0
[  399.317341][T16005]  do_syscall_64+0xfa/0x3b0
[  399.317362][T16005]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.317389][T16005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.317410][T16005]  ? clear_bhb_loop+0x60/0xb0
[  399.317437][T16005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.317457][T16005] RIP: 0033:0x7fd565b8e929
[  399.317476][T16005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.317494][T16005] RSP: 002b:00007fd566a0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.317517][T16005] RAX: ffffffffffffffda RBX: 00007fd565db5fa0 RCX: 00007fd565b8e929
[  399.317533][T16005] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000008
[  399.317547][T16005] RBP: 00007fd566a0f090 R08: 0000000000000000 R09: 0000000000000000
[  399.317560][T16005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.317573][T16005] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  399.317605][T16005]  </TASK>
[  399.770889][T16018] FAULT_INJECTION: forcing a failure.
[  399.770889][T16018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.785778][T16018] CPU: 0 UID: 0 PID: 16018 Comm: syz.2.3918 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  399.785808][T16018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.785822][T16018] Call Trace:
[  399.785830][T16018]  <TASK>
[  399.785839][T16018]  dump_stack_lvl+0x189/0x250
[  399.785870][T16018]  ? __pfx____ratelimit+0x10/0x10
[  399.785892][T16018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.785917][T16018]  ? __pfx__printk+0x10/0x10
[  399.785947][T16018]  ? __might_fault+0xb0/0x130
[  399.785989][T16018]  should_fail_ex+0x414/0x560
[  399.786016][T16018]  _copy_to_iter+0x3f5/0x16f0
[  399.786055][T16018]  ? __pfx__copy_to_iter+0x10/0x10
[  399.786076][T16018]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  399.786106][T16018]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  399.786134][T16018]  __skb_datagram_iter+0xf8/0x990
[  399.786157][T16018]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  399.786189][T16018]  skb_copy_datagram_iter+0xc5/0x230
[  399.786215][T16018]  netlink_recvmsg+0x2ab/0xa30
[  399.786256][T16018]  ? __pfx_netlink_recvmsg+0x10/0x10
[  399.786292][T16018]  ? aa_sock_msg_perm+0x94/0x160
[  399.786323][T16018]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  399.786364][T16018]  ? security_socket_recvmsg+0x7e/0x2e0
[  399.786394][T16018]  ? __pfx_netlink_recvmsg+0x10/0x10
[  399.786425][T16018]  sock_recvmsg+0x22c/0x270
[  399.786456][T16018]  ____sys_recvmsg+0x1c9/0x460
[  399.786500][T16018]  ? __pfx_____sys_recvmsg+0x10/0x10
[  399.786552][T16018]  ? import_iovec+0x74/0xa0
[  399.786586][T16018]  ___sys_recvmsg+0x1b5/0x510
[  399.786627][T16018]  ? __pfx____sys_recvmsg+0x10/0x10
[  399.786689][T16018]  ? __fget_files+0x3a0/0x420
[  399.786721][T16018]  do_recvmmsg+0x307/0x770
[  399.786752][T16018]  ? __pfx_do_recvmmsg+0x10/0x10
[  399.786787][T16018]  ? _copy_from_user+0x94/0xb0
[  399.786835][T16018]  __x64_sys_recvmmsg+0x1af/0x240
[  399.786859][T16018]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  399.786878][T16018]  ? rcu_is_watching+0x15/0xb0
[  399.786910][T16018]  ? do_syscall_64+0xbe/0x3b0
[  399.786939][T16018]  do_syscall_64+0xfa/0x3b0
[  399.786961][T16018]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.786983][T16018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.787005][T16018]  ? clear_bhb_loop+0x60/0xb0
[  399.787032][T16018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.787053][T16018] RIP: 0033:0x7fd565b8e929
[  399.787072][T16018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.787091][T16018] RSP: 002b:00007fd566a0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  399.787113][T16018] RAX: ffffffffffffffda RBX: 00007fd565db5fa0 RCX: 00007fd565b8e929
[  399.787130][T16018] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  399.787145][T16018] RBP: 00007fd566a0f090 R08: 0000200000003700 R09: 0000000000000000
[  399.787160][T16018] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  399.787173][T16018] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  399.787207][T16018]  </TASK>
[  400.502492][T16047] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3929'.
[  400.529710][T16049] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3928'.
[  400.529806][T16050] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3928'.
[  400.691501][T16057] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3931'.
[  400.920141][T16067] Cannot find set identified by id 0 to match
[  401.007178][T16070] FAULT_INJECTION: forcing a failure.
[  401.007178][T16070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.036563][T16070] CPU: 1 UID: 0 PID: 16070 Comm: syz.3.3939 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  401.036593][T16070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  401.036605][T16070] Call Trace:
[  401.036613][T16070]  <TASK>
[  401.036622][T16070]  dump_stack_lvl+0x189/0x250
[  401.036651][T16070]  ? __pfx____ratelimit+0x10/0x10
[  401.036673][T16070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.036697][T16070]  ? __pfx__printk+0x10/0x10
[  401.036727][T16070]  ? __pfx___mutex_lock+0x10/0x10
[  401.036757][T16070]  should_fail_ex+0x414/0x560
[  401.036783][T16070]  _copy_to_user+0x31/0xb0
[  401.036821][T16070]  rfcomm_dev_ioctl+0xee0/0x1d40
[  401.036860][T16070]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  401.036891][T16070]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  401.036930][T16070]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  401.036962][T16070]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  401.036991][T16070]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  401.037021][T16070]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  401.037063][T16070]  sock_do_ioctl+0xdc/0x300
[  401.037088][T16070]  ? __pfx_sock_do_ioctl+0x10/0x10
[  401.037108][T16070]  ? __lock_acquire+0xab9/0xd20
[  401.037144][T16070]  sock_ioctl+0x576/0x790
[  401.037168][T16070]  ? __pfx_sock_ioctl+0x10/0x10
[  401.037190][T16070]  ? __fget_files+0x2a/0x420
[  401.037207][T16070]  ? __fget_files+0x3a0/0x420
[  401.037225][T16070]  ? __fget_files+0x2a/0x420
[  401.037245][T16070]  ? bpf_lsm_file_ioctl+0x9/0x20
[  401.037270][T16070]  ? __pfx_sock_ioctl+0x10/0x10
[  401.037290][T16070]  __se_sys_ioctl+0xfc/0x170
[  401.037315][T16070]  do_syscall_64+0xfa/0x3b0
[  401.037335][T16070]  ? lockdep_hardirqs_on+0x9c/0x150
[  401.037355][T16070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.037374][T16070]  ? clear_bhb_loop+0x60/0xb0
[  401.037398][T16070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.037423][T16070] RIP: 0033:0x7fadc878e929
[  401.037441][T16070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.037459][T16070] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  401.037480][T16070] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  401.037496][T16070] RDX: 0000200000000100 RSI: 00000000800452d2 RDI: 0000000000000004
[  401.037509][T16070] RBP: 00007fadc959a090 R08: 0000000000000000 R09: 0000000000000000
[  401.037522][T16070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.037533][T16070] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  401.037567][T16070]  </TASK>
[  401.043512][T16073] netlink: 'syz.1.3940': attribute type 29 has an invalid length.
[  401.056123][T16074] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3941'.
[  401.104595][T16073] netlink: 'syz.1.3940': attribute type 29 has an invalid length.
[  401.495127][T16088] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3944'.
[  401.593993][T16097] bridge0: port 3(vlan2) entered blocking state
[  401.601416][T16097] bridge0: port 3(vlan2) entered disabled state
[  401.608491][T16097] vlan2: entered allmulticast mode
[  401.613935][T16097] bridge0: entered allmulticast mode
[  401.628979][T16097] vlan2: left allmulticast mode
[  401.634072][T16097] bridge0: left allmulticast mode
[  401.672548][T16099] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  402.215187][T16129] FAULT_INJECTION: forcing a failure.
[  402.215187][T16129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  402.238164][T16129] CPU: 0 UID: 0 PID: 16129 Comm: syz.2.3961 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  402.238194][T16129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  402.238218][T16129] Call Trace:
[  402.238225][T16129]  <TASK>
[  402.238234][T16129]  dump_stack_lvl+0x189/0x250
[  402.238262][T16129]  ? __pfx____ratelimit+0x10/0x10
[  402.238283][T16129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.238307][T16129]  ? __pfx__printk+0x10/0x10
[  402.238334][T16129]  ? __might_fault+0xb0/0x130
[  402.238389][T16129]  should_fail_ex+0x414/0x560
[  402.238415][T16129]  _copy_from_user+0x2d/0xb0
[  402.238443][T16129]  ___sys_sendmsg+0x158/0x2a0
[  402.238477][T16129]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.238543][T16129]  ? __fget_files+0x2a/0x420
[  402.238561][T16129]  ? __fget_files+0x3a0/0x420
[  402.238589][T16129]  __x64_sys_sendmsg+0x19b/0x260
[  402.238623][T16129]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  402.238663][T16129]  ? __pfx_ksys_write+0x10/0x10
[  402.238688][T16129]  ? rcu_is_watching+0x15/0xb0
[  402.238717][T16129]  ? do_syscall_64+0xbe/0x3b0
[  402.238741][T16129]  do_syscall_64+0xfa/0x3b0
[  402.238761][T16129]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.238781][T16129]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.238808][T16129]  ? clear_bhb_loop+0x60/0xb0
[  402.238832][T16129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.238851][T16129] RIP: 0033:0x7fd565b8e929
[  402.238868][T16129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.238886][T16129] RSP: 002b:00007fd566a0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.238907][T16129] RAX: ffffffffffffffda RBX: 00007fd565db5fa0 RCX: 00007fd565b8e929
[  402.238921][T16129] RDX: 0000000020008884 RSI: 0000200000000300 RDI: 0000000000000003
[  402.238934][T16129] RBP: 00007fd566a0f090 R08: 0000000000000000 R09: 0000000000000000
[  402.238946][T16129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.238958][T16129] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  402.238986][T16129]  </TASK>
[  402.867533][T16149] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  402.952052][T16158] __nla_validate_parse: 3 callbacks suppressed
[  402.952071][T16158] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3975'.
[  403.022540][T16158] bond0: entered promiscuous mode
[  403.033200][T16158] bond_slave_0: entered promiscuous mode
[  403.045896][T16158] bond_slave_1: entered promiscuous mode
[  403.073477][T16158] batadv0: entered promiscuous mode
[  403.090863][T16158] 8021q: adding VLAN 0 to HW filter on device hsr1
[  403.452714][T16182] FAULT_INJECTION: forcing a failure.
[  403.452714][T16182] name failslab, interval 1, probability 0, space 0, times 0
[  403.470655][T16182] CPU: 1 UID: 0 PID: 16182 Comm: syz.4.3987 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  403.470695][T16182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  403.470708][T16182] Call Trace:
[  403.470717][T16182]  <TASK>
[  403.470725][T16182]  dump_stack_lvl+0x189/0x250
[  403.470755][T16182]  ? __pfx____ratelimit+0x10/0x10
[  403.470781][T16182]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.470807][T16182]  ? __pfx__printk+0x10/0x10
[  403.470843][T16182]  ? __pfx___might_resched+0x10/0x10
[  403.470874][T16182]  should_fail_ex+0x414/0x560
[  403.470902][T16182]  should_failslab+0xa8/0x100
[  403.470937][T16182]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  403.470967][T16182]  ? __x64_sys_sendmsg+0x19b/0x260
[  403.470999][T16182]  ? __alloc_skb+0x112/0x2d0
[  403.471026][T16182]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.471053][T16182]  __alloc_skb+0x112/0x2d0
[  403.471087][T16182]  tipc_nl_compat_doit+0x15d/0x5f0
[  403.471120][T16182]  ? __pfx_aa_get_newest_label+0x10/0x10
[  403.471144][T16182]  ? __pfx_aa_get_newest_label+0x10/0x10
[  403.471167][T16182]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[  403.471201][T16182]  ? rcu_is_watching+0x15/0xb0
[  403.471230][T16182]  ? apparmor_capable+0x137/0x1b0
[  403.471261][T16182]  ? bpf_lsm_capable+0x9/0x20
[  403.471290][T16182]  ? security_capable+0x7e/0x2e0
[  403.471320][T16182]  tipc_nl_compat_recv+0x83c/0xbe0
[  403.471356][T16182]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  403.471389][T16182]  ? __mutex_trylock_common+0x153/0x260
[  403.471419][T16182]  ? __pfx___tipc_nl_net_set+0x10/0x10
[  403.471448][T16182]  ? __pfx_tipc_nl_compat_net_set+0x10/0x10
[  403.471479][T16182]  ? __pfx___mutex_trylock_common+0x10/0x10
[  403.471505][T16182]  ? __local_bh_enable_ip+0x12d/0x1c0
[  403.471534][T16182]  ? rcu_is_watching+0x15/0xb0
[  403.471580][T16182]  genl_family_rcv_msg_doit+0x212/0x300
[  403.471610][T16182]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  403.471656][T16182]  genl_rcv_msg+0x60e/0x790
[  403.471690][T16182]  ? __pfx_genl_rcv_msg+0x10/0x10
[  403.471708][T16182]  ? ref_tracker_free+0x63a/0x7d0
[  403.471729][T16182]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  403.471760][T16182]  ? __pfx_ref_tracker_free+0x10/0x10
[  403.471811][T16182]  netlink_rcv_skb+0x208/0x470
[  403.471853][T16182]  ? __pfx_genl_rcv_msg+0x10/0x10
[  403.471875][T16182]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  403.471920][T16182]  ? down_read+0x1ad/0x2e0
[  403.471947][T16182]  genl_rcv+0x28/0x40
[  403.471965][T16182]  netlink_unicast+0x759/0x8e0
[  403.472021][T16182]  netlink_sendmsg+0x805/0xb30
[  403.472061][T16182]  ? __pfx_netlink_sendmsg+0x10/0x10
[  403.472106][T16182]  ? aa_sock_msg_perm+0x94/0x160
[  403.472129][T16182]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  403.472151][T16182]  ? __pfx_netlink_sendmsg+0x10/0x10
[  403.472181][T16182]  __sock_sendmsg+0x21c/0x270
[  403.472208][T16182]  ____sys_sendmsg+0x505/0x830
[  403.472244][T16182]  ? __pfx_____sys_sendmsg+0x10/0x10
[  403.472286][T16182]  ? import_iovec+0x74/0xa0
[  403.472318][T16182]  ___sys_sendmsg+0x21f/0x2a0
[  403.472350][T16182]  ? __pfx____sys_sendmsg+0x10/0x10
[  403.472440][T16182]  ? __fget_files+0x2a/0x420
[  403.472458][T16182]  ? __fget_files+0x3a0/0x420
[  403.472486][T16182]  __x64_sys_sendmsg+0x19b/0x260
[  403.472523][T16182]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  403.472567][T16182]  ? __pfx_ksys_write+0x10/0x10
[  403.472594][T16182]  ? rcu_is_watching+0x15/0xb0
[  403.472625][T16182]  ? do_syscall_64+0xbe/0x3b0
[  403.472654][T16182]  do_syscall_64+0xfa/0x3b0
[  403.472682][T16182]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.472703][T16182]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.472723][T16182]  ? clear_bhb_loop+0x60/0xb0
[  403.472747][T16182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.472767][T16182] RIP: 0033:0x7fa72758e929
[  403.472785][T16182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.472803][T16182] RSP: 002b:00007fa72843c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  403.472823][T16182] RAX: ffffffffffffffda RBX: 00007fa7277b5fa0 RCX: 00007fa72758e929
[  403.472837][T16182] RDX: 0000000000008800 RSI: 0000200000002c00 RDI: 0000000000000003
[  403.472850][T16182] RBP: 00007fa72843c090 R08: 0000000000000000 R09: 0000000000000000
[  403.472863][T16182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.472874][T16182] R13: 0000000000000000 R14: 00007fa7277b5fa0 R15: 00007ffdc820b4d8
[  403.472905][T16182]  </TASK>
[  403.988595][T16192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3990'.
[  404.266346][T16208] netlink: 'syz.2.3997': attribute type 10 has an invalid length.
[  404.276427][T16208] veth0_vlan: entered allmulticast mode
[  404.295508][T16208] veth0_vlan: left promiscuous mode
[  404.304903][T16208] veth0_vlan: entered promiscuous mode
[  404.319240][T16208] team0: Device veth0_vlan failed to register rx_handler
[  404.583865][T16224] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4001'.
[  404.589210][T16223] FAULT_INJECTION: forcing a failure.
[  404.589210][T16223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.634217][T16223] CPU: 1 UID: 0 PID: 16223 Comm: syz.0.4003 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  404.634248][T16223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.634261][T16223] Call Trace:
[  404.634269][T16223]  <TASK>
[  404.634278][T16223]  dump_stack_lvl+0x189/0x250
[  404.634308][T16223]  ? __pfx____ratelimit+0x10/0x10
[  404.634329][T16223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.634358][T16223]  ? __pfx__printk+0x10/0x10
[  404.634395][T16223]  ? __might_fault+0xb0/0x130
[  404.634436][T16223]  should_fail_ex+0x414/0x560
[  404.634477][T16223]  _copy_from_user+0x2d/0xb0
[  404.634523][T16223]  ___sys_sendmsg+0x158/0x2a0
[  404.634557][T16223]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.634623][T16223]  ? __fget_files+0x2a/0x420
[  404.634640][T16223]  ? __fget_files+0x3a0/0x420
[  404.634668][T16223]  __sys_sendmmsg+0x227/0x430
[  404.634704][T16223]  ? __pfx___sys_sendmmsg+0x10/0x10
[  404.634732][T16223]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  404.634791][T16223]  ? ksys_write+0x22a/0x250
[  404.634819][T16223]  ? __pfx_ksys_write+0x10/0x10
[  404.634841][T16223]  ? rcu_is_watching+0x15/0xb0
[  404.634869][T16223]  __x64_sys_sendmmsg+0xa0/0xc0
[  404.634899][T16223]  do_syscall_64+0xfa/0x3b0
[  404.634937][T16223]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.634956][T16223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.634975][T16223]  ? clear_bhb_loop+0x60/0xb0
[  404.634999][T16223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.635019][T16223] RIP: 0033:0x7f083ab8e929
[  404.635036][T16223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.635053][T16223] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  404.635075][T16223] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  404.635089][T16223] RDX: 0000000000000003 RSI: 0000200000000cc0 RDI: 0000000000000003
[  404.635101][T16223] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  404.635112][T16223] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  404.635123][T16223] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  404.635151][T16223]  </TASK>
[  404.686865][T16230] netlink: 'syz.3.4005': attribute type 4 has an invalid length.
[  404.908421][T16236] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4007'.
[  404.956304][T16236] openvswitch: netlink: Flow actions attr not present in new flow.
[  405.123211][T16246] tipc: Started in network mode
[  405.136618][T16246] tipc: Node identity 09, cluster identity 4711
[  405.159173][T16248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4012'.
[  405.171815][T16248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4012'.
[  405.320519][T16255] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4015'.
[  405.367414][T16255] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4015'.
[  405.411777][T16262] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4017'.
[  405.438208][T16255] bridge0: port 3(vlan2) entered blocking state
[  405.454845][T16255] bridge0: port 3(vlan2) entered disabled state
[  405.471564][T16255] vlan2: entered allmulticast mode
[  405.569725][T16269] FAULT_INJECTION: forcing a failure.
[  405.569725][T16269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.594250][T16269] CPU: 0 UID: 0 PID: 16269 Comm: syz.2.4018 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  405.594292][T16269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  405.594305][T16269] Call Trace:
[  405.594317][T16269]  <TASK>
[  405.594326][T16269]  dump_stack_lvl+0x189/0x250
[  405.594356][T16269]  ? __pfx____ratelimit+0x10/0x10
[  405.594377][T16269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.594409][T16269]  ? __pfx__printk+0x10/0x10
[  405.594441][T16269]  ? __might_fault+0xb0/0x130
[  405.594480][T16269]  should_fail_ex+0x414/0x560
[  405.594504][T16269]  _copy_from_user+0x2d/0xb0
[  405.594532][T16269]  ___sys_sendmsg+0x158/0x2a0
[  405.594567][T16269]  ? __pfx____sys_sendmsg+0x10/0x10
[  405.594633][T16269]  ? __fget_files+0x2a/0x420
[  405.594651][T16269]  ? __fget_files+0x3a0/0x420
[  405.594676][T16269]  __x64_sys_sendmsg+0x19b/0x260
[  405.594708][T16269]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  405.594748][T16269]  ? __pfx_ksys_write+0x10/0x10
[  405.594772][T16269]  ? rcu_is_watching+0x15/0xb0
[  405.594801][T16269]  ? do_syscall_64+0xbe/0x3b0
[  405.594827][T16269]  do_syscall_64+0xfa/0x3b0
[  405.594847][T16269]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.594866][T16269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.594886][T16269]  ? clear_bhb_loop+0x60/0xb0
[  405.594910][T16269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.594929][T16269] RIP: 0033:0x7fd565b8e929
[  405.594948][T16269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.594966][T16269] RSP: 002b:00007fd566a0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  405.594987][T16269] RAX: ffffffffffffffda RBX: 00007fd565db5fa0 RCX: 00007fd565b8e929
[  405.595001][T16269] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[  405.595014][T16269] RBP: 00007fd566a0f090 R08: 0000000000000000 R09: 0000000000000000
[  405.595027][T16269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.595039][T16269] R13: 0000000000000000 R14: 00007fd565db5fa0 R15: 00007fffc4ef8448
[  405.595070][T16269]  </TASK>
[  405.665267][T16255] bridge0: entered allmulticast mode
[  405.828311][T16255] vlan2: left allmulticast mode
[  405.839610][T16255] bridge0: left allmulticast mode
[  406.055719][T16273] Cannot find set identified by id 0 to match
[  406.579823][T16296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4031'.
[  406.631437][T16298] netlink: 'syz.4.4027': attribute type 29 has an invalid length.
[  406.755952][T16304] netlink: 'syz.0.4034': attribute type 29 has an invalid length.
[  406.849044][T16309] !€ÿ: renamed from bond0 (while UP)
[  406.899960][T16312] x_tables: duplicate underflow at hook 1
[  407.078187][T16321] netlink: 'syz.4.4041': attribute type 2 has an invalid length.
[  407.199128][ T2988] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  407.395060][T16340] FAULT_INJECTION: forcing a failure.
[  407.395060][T16340] name failslab, interval 1, probability 0, space 0, times 0
[  407.428662][T16340] CPU: 1 UID: 0 PID: 16340 Comm: syz.3.4050 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  407.428692][T16340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.428704][T16340] Call Trace:
[  407.428713][T16340]  <TASK>
[  407.428722][T16340]  dump_stack_lvl+0x189/0x250
[  407.428761][T16340]  ? __pfx____ratelimit+0x10/0x10
[  407.428783][T16340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.428807][T16340]  ? __pfx__printk+0x10/0x10
[  407.428841][T16340]  ? __pfx___might_resched+0x10/0x10
[  407.428864][T16340]  ? fs_reclaim_acquire+0x7d/0x100
[  407.428889][T16340]  should_fail_ex+0x414/0x560
[  407.428918][T16340]  should_failslab+0xa8/0x100
[  407.428950][T16340]  __kmalloc_noprof+0xcb/0x4f0
[  407.428978][T16340]  ? rds_info_getsockopt+0x1db/0x470
[  407.429006][T16340]  rds_info_getsockopt+0x1db/0x470
[  407.429036][T16340]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  407.429062][T16340]  ? __might_fault+0xb0/0x130
[  407.429094][T16340]  ? rds_getsockopt+0x2e6/0x500
[  407.429123][T16340]  ? __pfx_rds_getsockopt+0x10/0x10
[  407.429155][T16340]  do_sock_getsockopt+0x36f/0x450
[  407.429189][T16340]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  407.429224][T16340]  ? do_syscall_64+0x40/0x3b0
[  407.429246][T16340]  ? __fget_files+0x3a0/0x420
[  407.429263][T16340]  ? __fget_files+0x2a/0x420
[  407.429289][T16340]  __x64_sys_getsockopt+0x1a5/0x250
[  407.429318][T16340]  ? do_syscall_64+0x40/0x3b0
[  407.429342][T16340]  ? do_syscall_64+0x40/0x3b0
[  407.429367][T16340]  do_syscall_64+0xfa/0x3b0
[  407.429388][T16340]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.429407][T16340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.429427][T16340]  ? clear_bhb_loop+0x60/0xb0
[  407.429451][T16340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.429470][T16340] RIP: 0033:0x7fadc878e929
[  407.429487][T16340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.429504][T16340] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  407.429525][T16340] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  407.429540][T16340] RDX: 0000000000002715 RSI: 0000200000000114 RDI: 0000000000000004
[  407.429553][T16340] RBP: 00007fadc959a090 R08: 0000200000000000 R09: 0000000000000000
[  407.429567][T16340] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  407.429580][T16340] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  407.429609][T16340]  </TASK>
[  407.963887][T16359] netlink: 'syz.1.4059': attribute type 58 has an invalid length.
[  408.001349][T16359] __nla_validate_parse: 4 callbacks suppressed
[  408.001369][T16359] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4059'.
[  408.187907][T16367] netlink: 'syz.1.4063': attribute type 1 has an invalid length.
[  408.340844][T16374] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  408.352383][T16367] 8021q: adding VLAN 0 to HW filter on device bond2
[  408.385449][   T36] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  408.461542][T16382] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4067'.
[  408.526322][T16389] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  408.528134][   T49] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  408.594193][T16395] netlink: 'syz.3.4072': attribute type 29 has an invalid length.
[  408.623893][T16395] netlink: 'syz.3.4072': attribute type 29 has an invalid length.
[  408.663293][T16401] FAULT_INJECTION: forcing a failure.
[  408.663293][T16401] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.681772][T16401] CPU: 0 UID: 0 PID: 16401 Comm: syz.1.4075 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  408.681800][T16401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.681812][T16401] Call Trace:
[  408.681819][T16401]  <TASK>
[  408.681827][T16401]  dump_stack_lvl+0x189/0x250
[  408.681854][T16401]  ? __pfx____ratelimit+0x10/0x10
[  408.681875][T16401]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.681897][T16401]  ? __pfx__printk+0x10/0x10
[  408.681923][T16401]  ? __might_fault+0xb0/0x130
[  408.681978][T16401]  should_fail_ex+0x414/0x560
[  408.682003][T16401]  _copy_from_iter+0x1db/0x16f0
[  408.682032][T16401]  ? rcu_is_watching+0x15/0xb0
[  408.682057][T16401]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  408.682093][T16401]  ? __pfx__copy_from_iter+0x10/0x10
[  408.682119][T16401]  ? __build_skb_around+0x257/0x3e0
[  408.682150][T16401]  ? netlink_sendmsg+0x642/0xb30
[  408.682177][T16401]  ? skb_put+0x11b/0x210
[  408.682208][T16401]  netlink_sendmsg+0x6b2/0xb30
[  408.682246][T16401]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.682278][T16401]  ? aa_sock_msg_perm+0x94/0x160
[  408.682301][T16401]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  408.682323][T16401]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.682352][T16401]  __sock_sendmsg+0x21c/0x270
[  408.682379][T16401]  ____sys_sendmsg+0x505/0x830
[  408.682415][T16401]  ? __pfx_____sys_sendmsg+0x10/0x10
[  408.682455][T16401]  ? import_iovec+0x74/0xa0
[  408.682486][T16401]  ___sys_sendmsg+0x21f/0x2a0
[  408.682519][T16401]  ? __pfx____sys_sendmsg+0x10/0x10
[  408.682585][T16401]  ? __fget_files+0x2a/0x420
[  408.682602][T16401]  ? __fget_files+0x3a0/0x420
[  408.682631][T16401]  __x64_sys_sendmsg+0x19b/0x260
[  408.682664][T16401]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  408.682705][T16401]  ? __pfx_ksys_write+0x10/0x10
[  408.682730][T16401]  ? rcu_is_watching+0x15/0xb0
[  408.682758][T16401]  ? do_syscall_64+0xbe/0x3b0
[  408.682785][T16401]  do_syscall_64+0xfa/0x3b0
[  408.682805][T16401]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.682825][T16401]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.682845][T16401]  ? clear_bhb_loop+0x60/0xb0
[  408.682869][T16401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.682889][T16401] RIP: 0033:0x7f5aae38e929
[  408.682906][T16401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.682923][T16401] RSP: 002b:00007f5aaf24b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.682944][T16401] RAX: ffffffffffffffda RBX: 00007f5aae5b5fa0 RCX: 00007f5aae38e929
[  408.682958][T16401] RDX: 0000000020008884 RSI: 0000200000000300 RDI: 0000000000000003
[  408.682972][T16401] RBP: 00007f5aaf24b090 R08: 0000000000000000 R09: 0000000000000000
[  408.682984][T16401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.682996][T16401] R13: 0000000000000000 R14: 00007f5aae5b5fa0 R15: 00007fffd6355e88
[  408.683026][T16401]  </TASK>
[  408.999852][T16402] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4073'.
[  409.207651][T16413] netlink: 'syz.4.4082': attribute type 23 has an invalid length.
[  409.290054][T16419] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4083'.
[  409.762020][T16443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4094'.
[  409.796004][T16442] netlink: 'syz.4.4092': attribute type 1 has an invalid length.
[  409.812017][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4092'.
[  409.826133][T16443] bond0: entered promiscuous mode
[  409.832922][T16447] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4096'.
[  409.835587][T16443] bond_slave_0: entered promiscuous mode
[  409.835821][T16443] bond_slave_1: entered promiscuous mode
[  409.858527][T16443] bond0: left promiscuous mode
[  409.863321][T16443] bond_slave_0: left promiscuous mode
[  409.871064][T16443] bond_slave_1: left promiscuous mode
[  409.978519][T16453] FAULT_INJECTION: forcing a failure.
[  409.978519][T16453] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.016509][T16453] CPU: 0 UID: 0 PID: 16453 Comm: syz.3.4097 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  410.016538][T16453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  410.016549][T16453] Call Trace:
[  410.016557][T16453]  <TASK>
[  410.016565][T16453]  dump_stack_lvl+0x189/0x250
[  410.016592][T16453]  ? __pfx____ratelimit+0x10/0x10
[  410.016612][T16453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.016635][T16453]  ? __pfx__printk+0x10/0x10
[  410.016674][T16453]  should_fail_ex+0x414/0x560
[  410.016698][T16453]  _copy_to_iter+0x575/0x16f0
[  410.016732][T16453]  ? __pfx__copy_to_iter+0x10/0x10
[  410.016753][T16453]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  410.016778][T16453]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  410.016802][T16453]  __skb_datagram_iter+0xf8/0x990
[  410.016823][T16453]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  410.016850][T16453]  skb_copy_datagram_iter+0xc5/0x230
[  410.016873][T16453]  netlink_recvmsg+0x2ab/0xa30
[  410.016909][T16453]  ? __pfx_netlink_recvmsg+0x10/0x10
[  410.016940][T16453]  ? aa_sock_msg_perm+0x94/0x160
[  410.016962][T16453]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  410.016982][T16453]  ? security_socket_recvmsg+0x7e/0x2e0
[  410.017008][T16453]  ? __pfx_netlink_recvmsg+0x10/0x10
[  410.017035][T16453]  sock_recvmsg+0x22c/0x270
[  410.017060][T16453]  ____sys_recvmsg+0x1c9/0x460
[  410.017097][T16453]  ? __pfx_____sys_recvmsg+0x10/0x10
[  410.017138][T16453]  ? import_iovec+0x74/0xa0
[  410.017173][T16453]  ___sys_recvmsg+0x1b5/0x510
[  410.017207][T16453]  ? __pfx____sys_recvmsg+0x10/0x10
[  410.017259][T16453]  ? __fget_files+0x3a0/0x420
[  410.017287][T16453]  do_recvmmsg+0x307/0x770
[  410.017311][T16453]  ? __pfx_do_recvmmsg+0x10/0x10
[  410.017341][T16453]  ? _copy_from_user+0x94/0xb0
[  410.017382][T16453]  __x64_sys_recvmmsg+0x1af/0x240
[  410.017403][T16453]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  410.017419][T16453]  ? rcu_is_watching+0x15/0xb0
[  410.017447][T16453]  ? do_syscall_64+0xbe/0x3b0
[  410.017471][T16453]  do_syscall_64+0xfa/0x3b0
[  410.017490][T16453]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.017509][T16453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.017527][T16453]  ? clear_bhb_loop+0x60/0xb0
[  410.017553][T16453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.017571][T16453] RIP: 0033:0x7fadc878e929
[  410.017588][T16453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.017605][T16453] RSP: 002b:00007fadc959a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  410.017625][T16453] RAX: ffffffffffffffda RBX: 00007fadc89b5fa0 RCX: 00007fadc878e929
[  410.017638][T16453] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  410.017651][T16453] RBP: 00007fadc959a090 R08: 0000200000003700 R09: 0000000000000000
[  410.017663][T16453] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  410.017674][T16453] R13: 0000000000000000 R14: 00007fadc89b5fa0 R15: 00007ffc45d903e8
[  410.017702][T16453]  </TASK>
[  410.347527][T16458] FAULT_INJECTION: forcing a failure.
[  410.347527][T16458] name failslab, interval 1, probability 0, space 0, times 0
[  410.360374][T16458] CPU: 0 UID: 0 PID: 16458 Comm: syz.0.4100 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  410.360397][T16458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  410.360407][T16458] Call Trace:
[  410.360413][T16458]  <TASK>
[  410.360420][T16458]  dump_stack_lvl+0x189/0x250
[  410.360444][T16458]  ? __pfx____ratelimit+0x10/0x10
[  410.360461][T16458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.360480][T16458]  ? __pfx__printk+0x10/0x10
[  410.360506][T16458]  ? __pfx___might_resched+0x10/0x10
[  410.360528][T16458]  should_fail_ex+0x414/0x560
[  410.360548][T16458]  should_failslab+0xa8/0x100
[  410.360572][T16458]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  410.360595][T16458]  ? __alloc_skb+0x112/0x2d0
[  410.360619][T16458]  __alloc_skb+0x112/0x2d0
[  410.360645][T16458]  netlink_sendmsg+0x5c6/0xb30
[  410.360677][T16458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  410.360703][T16458]  ? aa_sock_msg_perm+0x94/0x160
[  410.360723][T16458]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  410.360740][T16458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  410.360763][T16458]  __sock_sendmsg+0x21c/0x270
[  410.360783][T16458]  ____sys_sendmsg+0x505/0x830
[  410.360812][T16458]  ? __pfx_____sys_sendmsg+0x10/0x10
[  410.360844][T16458]  ? import_iovec+0x74/0xa0
[  410.360870][T16458]  ___sys_sendmsg+0x21f/0x2a0
[  410.360909][T16458]  ? __pfx____sys_sendmsg+0x10/0x10
[  410.360957][T16458]  ? __fget_files+0x2a/0x420
[  410.360971][T16458]  ? __fget_files+0x3a0/0x420
[  410.360993][T16458]  __x64_sys_sendmsg+0x19b/0x260
[  410.361036][T16458]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  410.361071][T16458]  ? __pfx_ksys_write+0x10/0x10
[  410.361103][T16458]  ? rcu_is_watching+0x15/0xb0
[  410.361127][T16458]  ? do_syscall_64+0xbe/0x3b0
[  410.361159][T16458]  do_syscall_64+0xfa/0x3b0
[  410.361175][T16458]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.361207][T16458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.361223][T16458]  ? clear_bhb_loop+0x60/0xb0
[  410.361244][T16458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.361261][T16458] RIP: 0033:0x7f083ab8e929
[  410.361277][T16458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.361293][T16458] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  410.361311][T16458] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  410.361325][T16458] RDX: 0000000000000000 RSI: 0000200000000d80 RDI: 0000000000000004
[  410.361337][T16458] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  410.361348][T16458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.361359][T16458] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  410.361387][T16458]  </TASK>
[  410.363185][T16456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4099'.
[  410.661160][T16456] tc_dump_action: action bad kind
[  410.796909][T16475] netlink: 'syz.2.4108': attribute type 1 has an invalid length.
[  410.869283][T16481] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4109'.
[  410.873508][T16475] 8021q: adding VLAN 0 to HW filter on device bond2
[  411.519212][T16509] FAULT_INJECTION: forcing a failure.
[  411.519212][T16509] name failslab, interval 1, probability 0, space 0, times 0
[  411.519831][T16506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4120'.
[  411.570669][T16509] CPU: 0 UID: 0 PID: 16509 Comm: syz.0.4119 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  411.570698][T16509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.570710][T16509] Call Trace:
[  411.570718][T16509]  <TASK>
[  411.570726][T16509]  dump_stack_lvl+0x189/0x250
[  411.570755][T16509]  ? __pfx____ratelimit+0x10/0x10
[  411.570774][T16509]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.570797][T16509]  ? __pfx__printk+0x10/0x10
[  411.570829][T16509]  ? __pfx___might_resched+0x10/0x10
[  411.570857][T16509]  should_fail_ex+0x414/0x560
[  411.570881][T16509]  should_failslab+0xa8/0x100
[  411.570912][T16509]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  411.570940][T16509]  ? __alloc_skb+0x112/0x2d0
[  411.570970][T16509]  __alloc_skb+0x112/0x2d0
[  411.571007][T16509]  tipc_nl_compat_doit+0x1cc/0x5f0
[  411.571036][T16509]  ? __pfx_aa_get_newest_label+0x10/0x10
[  411.571057][T16509]  ? __pfx_aa_get_newest_label+0x10/0x10
[  411.571077][T16509]  ? __pfx_tipc_nl_compat_doit+0x10/0x10
[  411.571117][T16509]  ? bpf_lsm_capable+0x9/0x20
[  411.571142][T16509]  ? security_capable+0x7e/0x2e0
[  411.571170][T16509]  tipc_nl_compat_recv+0x83c/0xbe0
[  411.571201][T16509]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  411.571230][T16509]  ? __mutex_trylock_common+0x153/0x260
[  411.571257][T16509]  ? __pfx___tipc_nl_net_set+0x10/0x10
[  411.571282][T16509]  ? __pfx_tipc_nl_compat_net_set+0x10/0x10
[  411.571310][T16509]  ? __pfx___mutex_trylock_common+0x10/0x10
[  411.571333][T16509]  ? __local_bh_enable_ip+0x12d/0x1c0
[  411.571359][T16509]  ? rcu_is_watching+0x15/0xb0
[  411.571392][T16509]  genl_family_rcv_msg_doit+0x212/0x300
[  411.571421][T16509]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  411.571465][T16509]  genl_rcv_msg+0x60e/0x790
[  411.571491][T16509]  ? __pfx_genl_rcv_msg+0x10/0x10
[  411.571508][T16509]  ? ref_tracker_free+0x63a/0x7d0
[  411.571528][T16509]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  411.571557][T16509]  ? __pfx_ref_tracker_free+0x10/0x10
[  411.571588][T16509]  netlink_rcv_skb+0x208/0x470
[  411.571616][T16509]  ? __pfx_genl_rcv_msg+0x10/0x10
[  411.571637][T16509]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  411.571680][T16509]  ? down_read+0x1ad/0x2e0
[  411.571706][T16509]  genl_rcv+0x28/0x40
[  411.571723][T16509]  netlink_unicast+0x759/0x8e0
[  411.571757][T16509]  netlink_sendmsg+0x805/0xb30
[  411.571793][T16509]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.571823][T16509]  ? aa_sock_msg_perm+0x94/0x160
[  411.571845][T16509]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  411.571865][T16509]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.571893][T16509]  __sock_sendmsg+0x21c/0x270
[  411.571918][T16509]  ____sys_sendmsg+0x505/0x830
[  411.571953][T16509]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.571998][T16509]  ? import_iovec+0x74/0xa0
[  411.572029][T16509]  ___sys_sendmsg+0x21f/0x2a0
[  411.572060][T16509]  ? __pfx____sys_sendmsg+0x10/0x10
[  411.572125][T16509]  ? __fget_files+0x2a/0x420
[  411.572142][T16509]  ? __fget_files+0x3a0/0x420
[  411.572170][T16509]  __x64_sys_sendmsg+0x19b/0x260
[  411.572202][T16509]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  411.572240][T16509]  ? __pfx_ksys_write+0x10/0x10
[  411.572264][T16509]  ? rcu_is_watching+0x15/0xb0
[  411.572291][T16509]  ? do_syscall_64+0xbe/0x3b0
[  411.572316][T16509]  do_syscall_64+0xfa/0x3b0
[  411.572335][T16509]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.572354][T16509]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.572373][T16509]  ? clear_bhb_loop+0x60/0xb0
[  411.572396][T16509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.572414][T16509] RIP: 0033:0x7f083ab8e929
[  411.572430][T16509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.572446][T16509] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  411.572466][T16509] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  411.572480][T16509] RDX: 0000000000008800 RSI: 0000200000002c00 RDI: 0000000000000003
[  411.572492][T16509] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  411.572504][T16509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.572515][T16509] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  411.572545][T16509]  </TASK>
[  412.099077][T16523] FAULT_INJECTION: forcing a failure.
[  412.099077][T16523] name failslab, interval 1, probability 0, space 0, times 0
[  412.116514][T16523] CPU: 0 UID: 0 PID: 16523 Comm: syz.0.4123 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  412.116546][T16523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  412.116560][T16523] Call Trace:
[  412.116569][T16523]  <TASK>
[  412.116578][T16523]  dump_stack_lvl+0x189/0x250
[  412.116610][T16523]  ? __pfx____ratelimit+0x10/0x10
[  412.116633][T16523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.116660][T16523]  ? __pfx__printk+0x10/0x10
[  412.116704][T16523]  ? __pfx___might_resched+0x10/0x10
[  412.116735][T16523]  ? fs_reclaim_acquire+0x7d/0x100
[  412.116769][T16523]  should_fail_ex+0x414/0x560
[  412.116795][T16523]  should_failslab+0xa8/0x100
[  412.116830][T16523]  __kmalloc_cache_noprof+0x70/0x3d0
[  412.116861][T16523]  ? rtnl_newlink+0xed/0x1c70
[  412.116887][T16523]  ? kasan_save_free_info+0x46/0x50
[  412.116914][T16523]  rtnl_newlink+0xed/0x1c70
[  412.116940][T16523]  ? netlink_sendmsg+0x805/0xb30
[  412.116969][T16523]  ? __sock_sendmsg+0x21c/0x270
[  412.116992][T16523]  ? ____sys_sendmsg+0x505/0x830
[  412.117022][T16523]  ? ___sys_sendmsg+0x21f/0x2a0
[  412.117058][T16523]  ? __x64_sys_sendmsg+0x19b/0x260
[  412.117089][T16523]  ? do_syscall_64+0xfa/0x3b0
[  412.117111][T16523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.117141][T16523]  ? __pfx_rtnl_newlink+0x10/0x10
[  412.117194][T16523]  ? kasan_quarantine_put+0xdd/0x220
[  412.117222][T16523]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.117250][T16523]  ? nlmon_xmit+0xb0/0x100
[  412.117276][T16523]  ? kmem_cache_free+0x18f/0x400
[  412.117315][T16523]  ? __local_bh_enable_ip+0x12d/0x1c0
[  412.117339][T16523]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.117362][T16523]  ? __local_bh_enable_ip+0x12d/0x1c0
[  412.117387][T16523]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  412.117416][T16523]  ? __dev_queue_xmit+0x27e/0x3a70
[  412.117452][T16523]  ? __lock_acquire+0xab9/0xd20
[  412.117502][T16523]  ? __pfx_rtnl_newlink+0x10/0x10
[  412.117530][T16523]  rtnetlink_rcv_msg+0x7cf/0xb70
[  412.117562][T16523]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  412.117590][T16523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  412.117615][T16523]  ? ref_tracker_free+0x63a/0x7d0
[  412.117638][T16523]  ? __copy_skb_header+0xa7/0x550
[  412.117687][T16523]  ? __pfx_ref_tracker_free+0x10/0x10
[  412.117710][T16523]  ? __skb_clone+0x63/0x7a0
[  412.117737][T16523]  netlink_rcv_skb+0x208/0x470
[  412.117768][T16523]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  412.117797][T16523]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  412.117840][T16523]  ? netlink_deliver_tap+0x2e/0x1b0
[  412.117869][T16523]  ? netlink_deliver_tap+0x2e/0x1b0
[  412.117914][T16523]  netlink_unicast+0x759/0x8e0
[  412.117949][T16523]  netlink_sendmsg+0x805/0xb30
[  412.118005][T16523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  412.118054][T16523]  ? aa_sock_msg_perm+0x94/0x160
[  412.118077][T16523]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  412.118098][T16523]  ? __pfx_netlink_sendmsg+0x10/0x10
[  412.118127][T16523]  __sock_sendmsg+0x21c/0x270
[  412.118152][T16523]  ____sys_sendmsg+0x505/0x830
[  412.118187][T16523]  ? __pfx_____sys_sendmsg+0x10/0x10
[  412.118227][T16523]  ? import_iovec+0x74/0xa0
[  412.118257][T16523]  ___sys_sendmsg+0x21f/0x2a0
[  412.118289][T16523]  ? __pfx____sys_sendmsg+0x10/0x10
[  412.118356][T16523]  ? __fget_files+0x2a/0x420
[  412.118374][T16523]  ? __fget_files+0x3a0/0x420
[  412.118403][T16523]  __x64_sys_sendmsg+0x19b/0x260
[  412.118435][T16523]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  412.118475][T16523]  ? __pfx_ksys_write+0x10/0x10
[  412.118500][T16523]  ? rcu_is_watching+0x15/0xb0
[  412.118529][T16523]  ? do_syscall_64+0xbe/0x3b0
[  412.118554][T16523]  do_syscall_64+0xfa/0x3b0
[  412.118574][T16523]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.118594][T16523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.118613][T16523]  ? clear_bhb_loop+0x60/0xb0
[  412.118638][T16523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.118657][T16523] RIP: 0033:0x7f083ab8e929
[  412.118674][T16523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.118692][T16523] RSP: 002b:00007f083ba81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  412.118713][T16523] RAX: ffffffffffffffda RBX: 00007f083adb5fa0 RCX: 00007f083ab8e929
[  412.118728][T16523] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000008
[  412.118741][T16523] RBP: 00007f083ba81090 R08: 0000000000000000 R09: 0000000000000000
[  412.118753][T16523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.118765][T16523] R13: 0000000000000000 R14: 00007f083adb5fa0 R15: 00007ffdb5cbc0c8
[  412.118794][T16523]  </TASK>
[  412.989022][T16556] netlink: 'syz.3.4135': attribute type 19 has an invalid length.
[  413.073213][T16560] __nla_validate_parse: 2 callbacks suppressed
[  413.073233][T16560] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4138'.
[  413.096639][T16559] netlink: 996 bytes leftover after parsing attributes in process `syz.2.4137'.
[  413.125801][T16562] netlink: 'syz.4.4136': attribute type 4 has an invalid length.
[  413.241212][T16566] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4139'.
[  413.284070][T16566] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  413.298837][T16566] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.306327][T16566] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.446581][T16570] 
[  413.449000][T16570] ======================================================
[  413.456032][T16570] WARNING: possible circular locking dependency detected
[  413.463064][T16570] 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 Not tainted
[  413.470178][T16570] ------------------------------------------------------
[  413.477191][T16570] syz.4.4142/16570 is trying to acquire lock:
[  413.483256][T16570] ffffffff8e223be8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x286/0x16b0
[  413.492848][T16570] 
[  413.492848][T16570] but task is already holding lock:
[  413.500213][T16570] ffff8880250b58b0 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0
[  413.510513][T16570] 
[  413.510513][T16570] which lock already depends on the new lock.
[  413.510513][T16570] 
[  413.520921][T16570] 
[  413.520921][T16570] the existing dependency chain (in reverse order) is:
[  413.529942][T16570] 
[  413.529942][T16570] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  413.538560][T16570]        lock_acquire+0x120/0x360
[  413.543594][T16570]        blk_alloc_queue+0x538/0x620
[  413.548903][T16570]        __blk_mq_alloc_disk+0x162/0x340
[  413.554555][T16570]        nbd_dev_add+0x476/0xb00
[  413.559511][T16570]        nbd_init+0x21a/0x2d0
[  413.564199][T16570]        do_one_initcall+0x233/0x820
[  413.569495][T16570]        do_initcall_level+0x137/0x1f0
[  413.574966][T16570]        do_initcalls+0x69/0xd0
[  413.579826][T16570]        kernel_init_freeable+0x3d9/0x570
[  413.585562][T16570]        kernel_init+0x1d/0x1d0
[  413.590427][T16570]        ret_from_fork+0x3fc/0x770
[  413.595543][T16570]        ret_from_fork_asm+0x1a/0x30
[  413.600860][T16570] 
[  413.600860][T16570] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  413.608089][T16570]        lock_acquire+0x120/0x360
[  413.613133][T16570]        fs_reclaim_acquire+0x72/0x100
[  413.618622][T16570]        prepare_alloc_pages+0x153/0x610
[  413.624264][T16570]        __alloc_frozen_pages_noprof+0x123/0x370
[  413.630595][T16570]        __alloc_pages_noprof+0xa/0x30
[  413.636062][T16570]        pcpu_populate_chunk+0x182/0xb30
[  413.641706][T16570]        pcpu_alloc_noprof+0xcbf/0x16b0
[  413.647267][T16570]        xt_percpu_counter_alloc+0x161/0x220
[  413.653257][T16570]        translate_table+0x12e9/0x2000
[  413.658729][T16570]        ipt_register_table+0x106/0x7c0
[  413.664294][T16570]        iptable_nat_table_init+0x43/0x2e0
[  413.670118][T16570]        xt_find_table_lock+0x309/0x3e0
[  413.675673][T16570]        xt_request_find_table_lock+0x26/0x100
[  413.681835][T16570]        do_ipt_get_ctl+0x730/0x1180
[  413.687131][T16570]        nf_getsockopt+0x26b/0x290
[  413.692257][T16570]        ip_getsockopt+0x1c4/0x220
[  413.697378][T16570]        do_sock_getsockopt+0x36f/0x450
[  413.702938][T16570]        __x64_sys_getsockopt+0x1a5/0x250
[  413.708671][T16570]        do_syscall_64+0xfa/0x3b0
[  413.713709][T16570]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.720137][T16570] 
[  413.720137][T16570] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  413.727891][T16570]        validate_chain+0xb9b/0x2140
[  413.733206][T16570]        __lock_acquire+0xab9/0xd20
[  413.738426][T16570]        lock_acquire+0x120/0x360
[  413.743462][T16570]        __mutex_lock+0x182/0xe80
[  413.748513][T16570]        pcpu_alloc_noprof+0x286/0x16b0
[  413.754079][T16570]        sbitmap_init_node+0x1e1/0x630
[  413.759561][T16570]        sbitmap_queue_init_node+0x41/0x660
[  413.765469][T16570]        blk_mq_init_tags+0x110/0x280
[  413.770868][T16570]        blk_mq_alloc_map_and_rqs+0xbd/0x9f0
[  413.776881][T16570]        blk_mq_update_nr_hw_queues+0x76a/0x14c0
[  413.783231][T16570]        nbd_start_device+0x16c/0xac0
[  413.788615][T16570]        nbd_genl_connect+0x1250/0x1930
[  413.794169][T16570]        genl_family_rcv_msg_doit+0x212/0x300
[  413.800241][T16570]        genl_rcv_msg+0x60e/0x790
[  413.805276][T16570]        netlink_rcv_skb+0x208/0x470
[  413.810576][T16570]        genl_rcv+0x28/0x40
[  413.815097][T16570]        netlink_unicast+0x759/0x8e0
[  413.820388][T16570]        netlink_sendmsg+0x805/0xb30
[  413.825680][T16570]        __sock_sendmsg+0x21c/0x270
[  413.830886][T16570]        ____sys_sendmsg+0x505/0x830
[  413.836203][T16570]        ___sys_sendmsg+0x21f/0x2a0
[  413.841417][T16570]        __x64_sys_sendmsg+0x19b/0x260
[  413.846903][T16570]        do_syscall_64+0xfa/0x3b0
[  413.851936][T16570]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.858363][T16570] 
[  413.858363][T16570] other info that might help us debug this:
[  413.858363][T16570] 
[  413.868596][T16570] Chain exists of:
[  413.868596][T16570]   pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#49
[  413.868596][T16570] 
[  413.882359][T16570]  Possible unsafe locking scenario:
[  413.882359][T16570] 
[  413.889814][T16570]        CPU0                    CPU1
[  413.895194][T16570]        ----                    ----
[  413.900559][T16570]   lock(&q->q_usage_counter(io)#49);
[  413.905956][T16570]                                lock(fs_reclaim);
[  413.912476][T16570]                                lock(&q->q_usage_counter(io)#49);
[  413.920391][T16570]   lock(pcpu_alloc_mutex);
[  413.924912][T16570] 
[  413.924912][T16570]  *** DEADLOCK ***
[  413.924912][T16570] 
[  413.933062][T16570] 7 locks held by syz.4.4142/16570:
[  413.938261][T16570]  #0: ffffffff8f581e30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  413.946475][T16570]  #1: ffffffff8f581c48 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  413.955462][T16570]  #2: ffff8881433d0a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[  413.965503][T16570]  #3: ffff8881433d0988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  413.976942][T16570]  #4: ffff8881433d08d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x49/0x14c0
[  413.987929][T16570]  #5: ffff8880250b58b0 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: nbd_start_device+0x16c/0xac0
[  413.998677][T16570]  #6: ffff8880250b58e8 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: nbd_start_device+0x16c/0xac0
[  414.009410][T16570] 
[  414.009410][T16570] stack backtrace:
[  414.015309][T16570] CPU: 0 UID: 0 PID: 16570 Comm: syz.4.4142 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77 #0 PREEMPT(full) 
[  414.015329][T16570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.015339][T16570] Call Trace:
[  414.015349][T16570]  <TASK>
[  414.015357][T16570]  dump_stack_lvl+0x189/0x250
[  414.015381][T16570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.015401][T16570]  ? __pfx__printk+0x10/0x10
[  414.015424][T16570]  ? print_lock_name+0xde/0x100
[  414.015446][T16570]  print_circular_bug+0x2ee/0x310
[  414.015469][T16570]  check_noncircular+0x134/0x160
[  414.015493][T16570]  validate_chain+0xb9b/0x2140
[  414.015522][T16570]  __lock_acquire+0xab9/0xd20
[  414.015540][T16570]  ? pcpu_alloc_noprof+0x286/0x16b0
[  414.015564][T16570]  lock_acquire+0x120/0x360
[  414.015579][T16570]  ? pcpu_alloc_noprof+0x286/0x16b0
[  414.015607][T16570]  __mutex_lock+0x182/0xe80
[  414.015624][T16570]  ? pcpu_alloc_noprof+0x286/0x16b0
[  414.015647][T16570]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  414.015674][T16570]  ? kasan_save_track+0x4f/0x80
[  414.015695][T16570]  ? kasan_save_track+0x3e/0x80
[  414.015714][T16570]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[  414.015751][T16570]  ? pcpu_alloc_noprof+0x286/0x16b0
[  414.015773][T16570]  ? blk_mq_alloc_map_and_rqs+0xbd/0x9f0
[  414.015793][T16570]  ? blk_mq_update_nr_hw_queues+0x76a/0x14c0
[  414.015815][T16570]  ? __pfx___mutex_lock+0x10/0x10
[  414.015832][T16570]  ? genl_rcv+0x28/0x40
[  414.015847][T16570]  ? __sock_sendmsg+0x21c/0x270
[  414.015863][T16570]  ? ____sys_sendmsg+0x505/0x830
[  414.015893][T16570]  pcpu_alloc_noprof+0x286/0x16b0
[  414.015922][T16570]  sbitmap_init_node+0x1e1/0x630
[  414.015944][T16570]  ? __kasan_kmalloc+0x93/0xb0
[  414.015967][T16570]  sbitmap_queue_init_node+0x41/0x660
[  414.015987][T16570]  ? __raw_spin_lock_init+0x45/0x100
[  414.016012][T16570]  blk_mq_init_tags+0x110/0x280
[  414.016039][T16570]  blk_mq_alloc_map_and_rqs+0xbd/0x9f0
[  414.016062][T16570]  ? blk_mq_update_nr_hw_queues+0x678/0x14c0
[  414.016083][T16570]  ? kfree+0x18e/0x440
[  414.016105][T16570]  blk_mq_update_nr_hw_queues+0x76a/0x14c0
[  414.016134][T16570]  nbd_start_device+0x16c/0xac0
[  414.016155][T16570]  ? __nla_parse+0x40/0x60
[  414.016176][T16570]  nbd_genl_connect+0x1250/0x1930
[  414.016198][T16570]  ? __pfx_nbd_genl_connect+0x10/0x10
[  414.016222][T16570]  ? __nla_parse+0x40/0x60
[  414.016242][T16570]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  414.016262][T16570]  genl_family_rcv_msg_doit+0x212/0x300
[  414.016282][T16570]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  414.016308][T16570]  genl_rcv_msg+0x60e/0x790
[  414.016325][T16570]  ? __pfx_genl_rcv_msg+0x10/0x10
[  414.016340][T16570]  ? __pfx_nbd_genl_connect+0x10/0x10
[  414.016364][T16570]  netlink_rcv_skb+0x208/0x470
[  414.016388][T16570]  ? __pfx_genl_rcv_msg+0x10/0x10
[  414.016404][T16570]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  414.016432][T16570]  ? down_read+0x1ad/0x2e0
[  414.016450][T16570]  genl_rcv+0x28/0x40
[  414.016464][T16570]  netlink_unicast+0x759/0x8e0
[  414.016488][T16570]  netlink_sendmsg+0x805/0xb30
[  414.016514][T16570]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.016538][T16570]  ? aa_sock_msg_perm+0x94/0x160
[  414.016555][T16570]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  414.016572][T16570]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.016604][T16570]  __sock_sendmsg+0x21c/0x270
[  414.016623][T16570]  ____sys_sendmsg+0x505/0x830
[  414.016649][T16570]  ? __pfx_____sys_sendmsg+0x10/0x10
[  414.016677][T16570]  ? import_iovec+0x74/0xa0
[  414.016700][T16570]  ___sys_sendmsg+0x21f/0x2a0
[  414.016725][T16570]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.016767][T16570]  ? __fget_files+0x2a/0x420
[  414.016781][T16570]  ? __fget_files+0x3a0/0x420
[  414.016798][T16570]  __x64_sys_sendmsg+0x19b/0x260
[  414.016823][T16570]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  414.016853][T16570]  ? rcu_is_watching+0x15/0xb0
[  414.016873][T16570]  ? do_syscall_64+0xbe/0x3b0
[  414.016899][T16570]  do_syscall_64+0xfa/0x3b0
[  414.016916][T16570]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.016930][T16570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.016946][T16570]  ? clear_bhb_loop+0x60/0xb0
[  414.016964][T16570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.016992][T16570] RIP: 0033:0x7fa72758e929
[  414.017007][T16570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.017021][T16570] RSP: 002b:00007fa72843c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.017037][T16570] RAX: ffffffffffffffda RBX: 00007fa7277b5fa0 RCX: 00007fa72758e929
[  414.017049][T16570] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[  414.017059][T16570] RBP: 00007fa727610ca1 R08: 0000000000000000 R09: 0000000000000000
[  414.017068][T16570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  414.017077][T16570] R13: 0000000000000000 R14: 00007fa7277b5fa0 R15: 00007ffdc820b4d8
[  414.017093][T16570]  </TASK>
[  414.524625][   T51] block nbd0: Wrong magic (0xa674676f)
[  414.530196][   T51] block nbd0: Wrong magic (0xaa92b84d)
[  414.544974][T16570] nbd0: detected capacity change from 0 to 127
[  414.556063][T16574] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5
[  414.591049][T16574] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4144'.
[  414.602419][T16584] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0