last executing test programs:

2.072331709s ago: executing program 0 (id=1569):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000200000000000000a8c000000060a0b0400000000000000000200003d0900020073797a32000000000900010073797a30000000006000048018000180080001006f7366000c000280080001400000000424000180090001006d65746100000000140002800800024000"], 0xb4}}, 0x0)

2.034768207s ago: executing program 2 (id=1570):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a8c000000060a0b0400000000000000000200003d0900020073797a32000000000900010073797a30000000006000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c080003400000001720000180070001007274"], 0xb4}}, 0x0)

1.837890712s ago: executing program 0 (id=1574):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x13, '\x00', 0x0, 0x0, r0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='f2fs_truncate_data_blocks_range\x00', r1, 0x0, 0x6}, 0x18)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x170, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_DEST={0x64, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7fff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x2a}}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1ff}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xb}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x4}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x52}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@empty}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xff}]}, 0x170}, 0x1, 0x0, 0x0, 0x40004000}, 0x804)

1.808916853s ago: executing program 4 (id=1575):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x2c, r2, 0x701, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8}]}, 0x2c}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000feffffff8500190011000000b7089982000000007baaf8ff00000000b5080000000000007b8a0dd7b78fa788b43c00000000000007010000f8ffffffbffe48fba400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a70000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r6=>0x0})
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x8}, {0x4}}]}, 0x34}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r9, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="300000000000000019a0dc4b00000000000000000c00"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x38, 0x2c, 0x601, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xc, 0xffe0}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x0, 0x1, {0xf, 0xfff1}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4884}, 0x24000840)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r12)
ioctl$IOCTL_GET_NCIDEV_IDX(r11, 0x0, &(0x7f00000000c0)=<r14=>0x0)
sendmsg$NFC_CMD_DEV_UP(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r13, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r14], 0x1c}}, 0x840)
r15 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r15, 0x29, 0x1a, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r15, 0x84, 0x85, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}}, 0x0, 0x8}, 0x90)
sendmmsg(r10, &(0x7f0000000bc0)=[{{&(0x7f0000000580)=@nfc_llcp={0x27, r14, 0x0, 0x2, 0xc, 0x3, "1e3aa4af09cf6d73218e70e539f74f6828ea62e723bcc3178e8e4b7ee9cfea07f4abb29723f9f5d9eebdfcb763134c9145fb05c6772337e3ec1efeb44870d6", 0x35}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000600)="4c6ac3bbddce81718eabcf1e8d1170c07f1285d3703ac8315c6ee44590ee9f135f759a760ff337bab3f091ba532e5945da88ed12d38100d363bc905ae31c42362f32a20c053dae52eb95ef0b24eaa158f762dafbde6a8f6d1b8a76523d03ad6232e0c8fa4e612a4e298b4cee36b1ed1f62d2321170aeeca80d502cf35308ab61b92c45ae78e309dff4650964e4a8bafa3ce9ddba9f2844f93f17e7a6fab92c49cfd7574d35427a8d092796d41cc46932df26887c8daca8b31439a0043e79810f607f95045948ce4192", 0xc9}, {&(0x7f0000000380)="6499f46752d1c3d517ad38e4493e", 0xe}, {&(0x7f0000000400)="6518e29e33af72304a8c46a5a1d2fc2fe5fbe110c9d214f472b9a66d", 0x1c}, {&(0x7f0000000c00)="be6c3019dcbe0083113dbfd07c73de5e17c8d11097a9b4250cc9af48f3f4a96a62fbb3c20d6074d2c0ab0b968a7c9950bf2d2b99d481e4336895d3f63d498e29b2eb9096c1c32147a2774612e3f0c62d96b9cf6ba4e8c340894977ec5ad525fc50874bb85c524551bf4f7122530ea2f54e649630c3c7da1063d91593947b1e788ab8180af2c8a22d2a9cd917a38d1a9a2fe0af7e560d403701be7421616de6c55f5620d8731b54de064358f498b056375315ab7a13383ea6bb6618c290b1b169bdcc5741fcdc830a7c6e625d8272ea8e17234973bd", 0xd5}, {&(0x7f0000000800)="2f6811b0a3fc70519aa4b537f555368ca4b686df975ea9da2aeadd2f04e9437d97396f73cb2a1b0990cf11d9e937b88bfcfb3a76029fe11088c4c9ed975dac88072f5861b63c2256557f5b4fa7330aaf6e2f78647f85434bd1395641f5d1a0038d35b3123017b06d82f189fe40f7305ed9b557bd2eae768e2aaeea2850389530c4ad91d8bdb56cc50c9e098f4b0a34f7d72288f89ec0de7f6fde821cd568a3a10e0abb069729f4b20ec047cacae225b68b8880ce90375332e4ed78f6a65e3dea049a94c88425476ec989268a07431f14", 0xd0}, {&(0x7f0000000900)="d8def1c8c9e1a18c500a1527591cb496438987bc7b22f56ea3dcee331c104ad3344c0603ee6c6b2f8a21c4d6d26ca6bc8be9ce60213f0542ac46f0e3457f1c111f00cfefc45a46056e643a03ae6fae957a45a1c38e83e4e51919e2a4e2a5db33af8bb3d116c3bc19e0b14184edcd7688449d9974fed4f1f6a91420da3a35afe36d9a564161cfd78fbcce3c3764f83d700b", 0x91}, {&(0x7f00000009c0)="a8e5c6a1a912b9a6b8b0c619fd5012fccdd29ad42832f06960a866fbfd5f01aba674268ffbf1224c8aa27e53fe5cac7a2b323cb8e64d4b8d453597f3046b7c1ef64740ee1ac58a8eb06abe52affb419357adc283552b3fb4e662971f0b4b2a88125f0f864d778a91a580d791d212124ffa595920e74d298ac18b001475c9a51f5e82b10d3139cd56b0a394a1f019af840c026ead", 0x94}, {&(0x7f0000000a80)="40f26c826d2642effc5153039cf252fcd539ab813a511903699002ef8499b98627e5", 0x22}, {&(0x7f0000000ac0)}], 0x9}}], 0x1, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@deltfilter={0x4c, 0x2d, 0x400, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x1, 0x7}, {0xc, 0xa}, {0xffe0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x3}, @TCA_RATE={0x6, 0x5, {0x5, 0x8}}, @TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_RATE={0x6, 0x5, {0x4, 0xf3}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x50}, 0x0)

1.697639243s ago: executing program 2 (id=1577):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x1843}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x18, r4, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xffffffa1}, 0x0)

1.631490995s ago: executing program 0 (id=1578):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x4000000, 0xe, 0x0, &(0x7f0000000040)="976d9023d56482cd284a63da5397", 0x0, 0x11, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c5645", 0x11000000, 0x8000}, 0x50)

1.551292897s ago: executing program 0 (id=1580):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2000}}, &(0x7f0000000240)='GPL\x00', 0xc, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)

1.518870701s ago: executing program 0 (id=1582):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x5, 0xc, 0x80000000, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x40)
r5 = getpid()
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x10, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000001000000000000000000000071102e00000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94)
socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, 0x0, 0x0}, 0x20)

1.475818523s ago: executing program 4 (id=1583):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)='O', 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000100)=0x5, 0x4)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1, 0x2, 0x3, 0xfffffff9, 0x9, 0x101, 0x2, 0xffff}}}}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000026c0)=@newtfilter={0x87c, 0x2c, 0xd27, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r2, {0xe, 0x6}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x5, 0x8, 0x401, 0x7, 0xffffffff, 0x6, 0x8, 0x7f, 0x101, 0x3, 0x9, 0x5, 0x4dc6, 0x7fff, 0x6, 0x8, 0x3, 0xd, 0x4, 0x3ae0, 0x5, 0x99, 0x1, 0xff, 0x1, 0x6, 0x80, 0x7f1b, 0x5, 0x5, 0x80000000, 0xfffffffa, 0xffffffff, 0x800, 0xf20d, 0x800, 0x0, 0x1, 0x4, 0x80000000, 0x6, 0x9, 0x3, 0xff, 0x0, 0x9f0, 0x1ff, 0xdf7a, 0x7fffffff, 0x0, 0x0, 0xc, 0x14, 0xffffffff, 0xc, 0x401, 0xffff, 0x9bf, 0x6f3c, 0x8, 0x9, 0x7ff, 0x3, 0x9, 0x8000, 0x8, 0xffffffc0, 0x4, 0x1, 0x2, 0x8, 0x4, 0x9, 0x200, 0x3ff, 0x8000, 0x81, 0x3, 0x4, 0x7ff, 0x1, 0x5, 0x80000000, 0x2, 0x5, 0x5, 0x1, 0x0, 0x10001, 0x81, 0xc, 0x6, 0x80000001, 0x401, 0x6, 0x0, 0x3, 0x800, 0xf79, 0x6, 0x1, 0x4, 0xfff, 0x2, 0x1, 0x37800000, 0x0, 0x3, 0xae5, 0x4, 0x4, 0xae, 0xfffffffe, 0x1, 0x6, 0x8, 0x400, 0x1, 0x8000, 0xc, 0x1, 0x8, 0x3, 0x95, 0x1, 0x6, 0x3, 0xca, 0x0, 0x0, 0x3, 0x7, 0xffffb09a, 0x1, 0xe, 0x9, 0x5, 0x6, 0x4b, 0x9, 0x4, 0xfffffffe, 0xfffffffe, 0x4, 0x69, 0x2, 0x2, 0x6c, 0x0, 0x5, 0xffff, 0x4, 0x5, 0x2, 0x6, 0xffffffd1, 0x6, 0x1, 0xb3, 0x5, 0x5, 0x1, 0x9, 0x4, 0x3, 0x9, 0xffffffff, 0x5, 0x2c9, 0x8bf, 0x0, 0xde39067, 0x9, 0x8, 0x6, 0x1534fe8b, 0x7, 0x0, 0x6, 0x2, 0x4, 0x81, 0xd16d, 0x0, 0xf9, 0x8, 0x401, 0xffffffff, 0xe19b, 0x80000000, 0x6, 0x81, 0x800, 0x9, 0x651, 0x10001, 0x6, 0x0, 0x5, 0x1d58, 0x401, 0x3, 0x8002, 0x80000008, 0x36, 0x15a, 0x2, 0x6, 0x5, 0x7, 0x6, 0x79, 0x8, 0x1da, 0x1, 0x9, 0xe, 0x0, 0xfffffff9, 0x9c06, 0x7, 0x0, 0x27b, 0x5, 0x1001, 0x3, 0x400001, 0x6, 0x5, 0x64c, 0x4, 0xfffffff7, 0x9, 0x4, 0x80000000, 0x80, 0x7, 0x7, 0x7, 0x3, 0xa, 0x8, 0xffff, 0x22, 0x9, 0x4, 0x3, 0x3, 0x9, 0xfffffffa, 0x1, 0x6, 0x3321, 0x9, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x80000001, 0x7, 0x3ff, 0x7, 0x4, 0x2, 0xffffffc0, 0x7ff, 0x86, 0x9, 0x9, 0x2, 0x8c, 0x1000200, 0x5, 0x5, 0x40000000, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0xc, 0xd, 0x3, 0x9, 0x49, 0x80000000, 0xd35, 0x25431060, 0xd2, 0x5, 0x9, 0xb5f0, 0x401, 0x7, 0x2, 0x6, 0x80000001, 0xa, 0x8, 0x9, 0x1, 0xccf1793, 0x2c800000, 0x5d, 0x1, 0x239, 0x5, 0x5a5057fd, 0x5, 0x4, 0x6, 0x8, 0x5, 0x200, 0x3d, 0x10000, 0xf9, 0x6, 0x408, 0x7, 0x3, 0xfffffeff, 0x9, 0x1, 0x401, 0x1ff, 0x2, 0x0, 0x20000, 0x800, 0x3, 0x0, 0x8, 0x10000, 0x6, 0x7c, 0x1, 0x9, 0xffffff01, 0x9, 0x8, 0x8052, 0x9, 0x5, 0x8, 0x142, 0x2d, 0x7, 0x8, 0xb, 0x81, 0x9, 0x3ff, 0x1, 0x10000, 0x9, 0x1c0, 0x7, 0xffffffff, 0x5, 0xe8, 0x6, 0x8, 0xf, 0x3, 0x0, 0xff, 0xfffffffa, 0xfffffff7, 0x8001, 0x5, 0x9, 0x8, 0x5, 0x9, 0x1ff, 0x2, 0x10001, 0x8, 0x0, 0x6, 0x4, 0x866, 0x7fff, 0xe0, 0x8, 0x80000d3a, 0x6000000, 0xfffffffc, 0x9, 0x7fff, 0x7, 0x10000, 0x3, 0x7fff, 0x40000000, 0x1, 0x7, 0xfffffffb, 0x3, 0x1, 0x9, 0x0, 0x7, 0x6, 0x4, 0x700, 0x4, 0x1, 0x2, 0x0, 0x5, 0x7, 0x6, 0x7, 0x8, 0x8, 0xc, 0x9, 0x6, 0x5, 0x0, 0x5, 0x2, 0x2, 0x8, 0x9, 0x9, 0x9, 0x5847cb5c, 0x9, 0x2, 0xffffffd8, 0x10001, 0xfffffffc, 0x5, 0x401, 0x8, 0x1, 0x2, 0x0, 0x0, 0x1200, 0x2, 0x0, 0xef2c, 0x80000001, 0xac5ae1dd, 0x0, 0x800, 0xffffffff, 0x2, 0x3, 0x1, 0x8, 0x7785, 0x8001, 0x4, 0x5, 0x4, 0x7, 0x0, 0x6, 0xffffff2f, 0x8001, 0x3, 0x5, 0x3, 0x4, 0x7, 0x5, 0x7, 0xabd, 0x0, 0x10001, 0x9, 0x4, 0x30000000, 0x5, 0x13c1, 0x3, 0x7, 0x1, 0x8, 0x2, 0x6, 0x1, 0x2, 0x2, 0xb, 0x8, 0xa, 0x9, 0xfffffff9, 0x7, 0x7, 0x3, 0x8, 0x9, 0xfffffffc, 0x81, 0xe7a9, 0x10001, 0x6, 0x0, 0xb9, 0x8cca, 0xdda5, 0x1, 0xa, 0x7fffffff, 0x10, 0x31f]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x2, 0x4, 0x7f, 0x0, {0x6, 0x0, 0x6, 0x7ff, 0x6e6, 0xd74}, {0x8, 0x0, 0xffff, 0x8, 0x7f, 0x7fff}, 0x0, 0x8000, 0xbab2}}]}]}}]}, 0x87c}}, 0x4000) (async)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0xcc, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0x81}, {0x8, 0x15, 0xffffffff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xfffd}, {0x8, 0x15, 0x4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x10001}, {0x6}, {0x8, 0x15, 0x1}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000000}, 0x14) (async)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)

1.156401961s ago: executing program 1 (id=1587):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000020000006d05000002"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000000000000000008500000016000054bf090000000000005509010000000000950000d900000000181200000fc263ca394d3a281d2c24d117cd3fa04a9cd4f16419176bc286a24f4fa80ef05ade1a30a13ae07e24b256ec9aeaf4d8dda730368fb0", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$xdp(0x2c, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002180)={'syzkaller0\x00', <r8=>0x0})
bind$packet(r7, &(0x7f0000000180)={0x11, 0xe6, r8, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000020000c4000007008209", @ANYRES32=r9, @ANYBLOB="20000100", @ANYRES32=r9, @ANYBLOB="00000002e000030000000000000000000ffe000008"], 0x38}}, 0x2000000)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000640)={'batadv_slave_1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}})
r10 = socket$unix(0x1, 0x1, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x101, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x1)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r4)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r13, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7f, 0x28}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x68054}, 0x4000810)
ioctl$sock_qrtr_SIOCGIFADDR(r7, 0x8915, &(0x7f00000004c0)={'pimreg1\x00'})
sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x7ffff, {0x0, 0x0, 0x0, r12, {0x0, 0x3}, {0xffe6, 0xb}, {0xfff2, 0x3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x6, 0x3, 0x7, 0x200, 0x9, 0x4, 0xfffffff7, 0x5, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4048080)
bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$netlink(r4, &(0x7f00000025c0)={&(0x7f0000000500)=@kern={0x10, 0x0, 0x0, 0x3002}, 0xc, &(0x7f0000002100)=[{&(0x7f0000002600)={0x494, 0x3f, 0x100, 0x70bd29, 0x25dfdbfd, "", [@generic="addb0da30332d0ca5b576787bca15b75dfd5fb64802dc2b76e70f3d6216dad01e0f747a90aec63943394276b2b9da82b4f4ef09fa0b84f600c990b17e1480f46379c5698e5ab47a7b8176d98aee9091cc7999d5fed862d6203cf1b008e3ce505f098e23eb14305af56dd353c9219d6d53e01355d767976507f5e990ffdaf5bd6ea8a7cdc529181352a9e2166fe7af93022ad4cce276c9b6931de04c6f65b8cc615fd5aa286a54979174cc67dbac11f2c8fcb678c263d785cddd74d56719be12feccf", @typed={0x14, 0x6e, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @nested={0x211, 0x12d, 0x0, 0x1, [@typed={0x8, 0xf0, 0x0, 0x0, @uid=0xffffffffffffffff}, @nested={0x4, 0x129}, @typed={0x8, 0x146, 0x0, 0x0, @ipv4=@multicast1}, @generic="27819a89209e2a808a039c8b8d346a5dbfc106f42b7ec96bb4862649f3fd4ed116497a76083f8c79353667b19da1370d7b99b3b01ded16f7ecdde054aa3bc9303272e099bbe40948e1f5c7d92f21ec97fabccf04716fcf97abf72ad88ea5f12a0112b2adfbd6eaf20d4ec83b71c3351fe8511a02c97e7d1b9e983933f76092", @generic="73f1b75fdded35052266bef1fed8c879686b4e2adf37a7dcaec3769ee96494bc5b0bbb00803081a49100ffff2c26f56561f6c04a1c70d277d5f50fd53bd8d495c33934c20b3b66e8d70bcd4c2014b884cc", @generic="ce84f420497216c499a7095a153bb480827d99772db95739af0a0fce7e6358bf4cb7b25a94cabcc6ad351e2fe29c46558bbd8f59faca281c1c190ed3de0d3f1b32c9abfdb938af68672ce46605a96c54e28a93afafd997a831583c05543be5258a2a9f3870022673dbf655bc5e755df9fab9fb1fadabaf01a250edd3cd557890df6dc90eb87f48a014c3b9676ad1e569b679a1975bbf0c22cc5d559ebbddfc49c78992c59e29470acf4c003161613a65d515004ae0e0ec0fce2beb0b5b8fb951fc3ddbbc3384698e0cff", @generic="6e5be60c1ee8ebe25e1953d325f6ae933049bc35dea6fb1be2805d983c24a5c038e04ac7f9c363f90b20aef6a2d64f8ef35ce10eda63d384413cac51e60a14109336eb25710b9a69c289628a1661ca7941cb80e80fa3d7f08a962f87057cab"]}, @nested={0x7c, 0xd7, 0x0, 0x1, [@generic="71f20cb1057ab753ca7e1f6fb73ffbd3bf4874c4f50165390a80ad4f90f13f7ee95f874fbd7372355c1c12ceba7de0a59788d06879fb12479ae27bc3aee93c4d9f05c0ab4b5705294c5681cad2875ceef3a3116a71659a45b3b3fdd384c05c954fafd56b00c8e14ebc5af4e2a7cf14c31d88c3fd", @nested={0x4, 0x38}]}, @typed={0xc, 0x75, 0x0, 0x0, @u64=0x3}, @nested={0xc, 0x141, 0x0, 0x1, [@nested={0x4, 0xfe}, @nested={0x4, 0x11d}]}, @nested={0xe2, 0x6a, 0x0, 0x1, [@nested={0x4, 0x71}, @typed={0x8, 0x91, 0x0, 0x0, @ipv4=@multicast2}, @generic="737f5ebd1522cc4eba5ddf6073c61fd3bcd634424cb06ab435d7ef89c3557c6adda170f86d982a5ce379c7e855d385e3e2b5ef367c2e7399dd8584a0ea93d7f38460e99d8dcd69e53f747bfda427b6a9a62df3fe6cdc21c6ea2cca6f0b27219c", @generic="65e44082c20ec6ce0d48179af2908682a32ac3500545212e45696f8f9db1959b09266dbd672a9e4aae1be0e2398a69c8ea3139681aafa179f7", @nested={0x4, 0x93}, @generic="fd9dafa5766d0745293f78480a58e1a08d4e8cbe062dd46a211ea8543163eceb22de04ba19df6e2608ef3994a4204e70d2", @nested={0x4, 0xfc}]}, @nested={0x18, 0xbb, 0x0, 0x1, [@typed={0xc, 0x11a, 0x0, 0x0, @u64}, @typed={0x8, 0x73, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x32}}]}, @typed={0x8, 0x14f, 0x0, 0x0, @fd}]}, 0x494}, {&(0x7f0000000c40)={0x10, 0x11, 0x100, 0x70bd2c, 0x25dfdbfc}, 0x10}, {&(0x7f0000000c80)={0x19c, 0x10, 0x20, 0x70bd26, 0x25dfdbfd, "", [@nested={0x78, 0x4d, 0x0, 0x1, [@generic="647f4483015f10ab9db698d9b6f618e5bb6cd78369b4cdab056f759e046d8d052baa2da01ddd5906d0aa4162dae88b696f85cf66b3c10bfe3792046753e2835d9701d599579f44d40f450bc09c778c26c810eca07e806ab064b27bcc4119c37f93676ae63708ace5390e145731351077998507c2"]}, @generic, @typed={0x14, 0x81, 0x0, 0x0, @ipv6=@mcast2}, @nested={0xd8, 0x9, 0x0, 0x1, [@generic, @generic="dcff9a45fd77ddf3684ad35b9179dcbbaa2d33fac2eb7e473c2045039e94f00580387974b1798f36b1a77a5153d2f3dac5ccc7168554418b88b6a2004b7374f65250f78fc6f06ad2a2f6bc02ef0c1b265e408f881bedbb7b9b0ea8351923e4638df03c1923e8017f2820d618dd230fac84889066e2d5a0298826c2b699cf1bb723eea8ac29e8993ff5b555b18fef211fedc97048c6a4c81d6cf202da66d48644a1daee698951fa87d0389ee7584640eec45ff0666c8bfa9bc06fddf1e1ce8cc47fab84dc38d04b84474a4b7b", @nested={0x4, 0x126}, @nested={0x4, 0xf8}]}, @generic="b7175e6cd1ff66c161cf9f76affff5f59b4dbe33375aa544afa64bb1ceb669", @typed={0x8, 0xd8, 0x0, 0x0, @fd=r5}]}, 0x19c}, {&(0x7f0000000e40)=ANY=[@ANYBLOB="2c1200002a00010028bd7000ffdbdf2504005b80ccc1661497aac20614fea0d0b26c9311a80b1dfad77ff89af00c3bfa6aada02445b461a67d8baae6a1503fabcda7219b546f37436f377b5757dd5cff0304d96a9a289d0856404b085f4389dc5f0764fcfb0932ba5608cfc7d963e14609304211fa2ae7745e20b26d1211efa1acf5ef522f2b0f7eb4a93d14c826d9efb124e9053564d0ecd42b493b741187419d2d05b7533c613824a48002e3d985bdfd4a9742a08841fe4561912a58060cee08ae72f6ef1dcb2078cf36f9c5c82281fa0c97f6ca35a45e770c69ea4f6f43c33df47e7900380bb752482041a09716f6eefc107d809b1beadc9dcb5f6fc0504ab8b0270ea2705484cc497067e1ce52db72a14ec37fd7f3155596207e8b6487c2a05afc17ada5d5dde5049c97d7932a25ceebcf2779b2e9c1694952f596830ce35f1501b83b0458c916a5c309374afc481f6d62b1418f8d8f0d9b74107c4c939cffef0a7a4731a95ab8fdf93ed67c660f57627ece0184cb50b92f430b59c1aea2aa2c34d8a32b1d0f284708328e612dc5a52e08af8fdaac0fc7eb6d2d511cf4db7cd873240d517cf7f2df94a7745b4f0294ec47a7abf7f1b00025fe1627cce3d833ca1b7b528ddc26a695ca3d2f0b907f6836a384bf63e3f1d8fd78c557f9240afce8a2bb9bf48b0e89703772848f0432e5b65bc2f0075b6186d82ff11e40e858478a0fca04d8e01e5bfc54e3bddb9150b17912f7ad181f547ac1e4be251405ac80b651f50f30a6aa7f682eacb572fc4351c526d1f4d88c88437772f326f1225bafb8ef3a0e5317ed06c0f590b5f044d1db1a6a3105d708a28caafec1ce9ba6cb3d6adf47ae5a10595174af0cbb3f52a79b9fbfbce6da435266d6f7d1bece16571c925de97ba2a811051ad6c19704a74ff2e9d8017fc5c7717f5f8b78690ab984a3012e0cb36944473865f3c46e9d24531e06b4d22b714e7701249aeaaf43222865753250d7ee08ebdae79a5c37d93af5ea236bc77042df0c52b5147fe66c2058a5422555a8a96818c53633dd9543ce4f53375db342dd91b91340c373d3bdb4a9b2e8993448ad04a5f8c879b8321c854aea71e316d6f2e08f9151eb71aede536187aa3fdb1a2f132beb718c1a62848c12166b06c138d26e9a28f96867b86dc544639365bde8eac7f1cf1074c780beb897c648b74ad6293ef48ad21f6551063bfc8203280ca15a5cd4ebfc12df8f2176196d8b2d5e1fa17065ef71f23a704201f30297b76d62bcb82857026dce65e8f4e542ecb9d69b6563115a58106d44a3e70765f4a21306d78edd174369c3c26652d8f206b36f9c40f952e2ac767010013924422980fb04d5cc0775fa63716615537a8be44434d4a33fc11b1ef2f31ee67be4211efb0ef38e5208545be7a2e11332c587aef1b52f55b93004336384f9891f4a27c75b6a05bfd48499a8e837cf23bf4995fa8f452c395e04cbf6dfa08415f5b91405ed35a4b31987255c8e1b7d3e5dbc972a2efe3efd21eb296436e413878e88fbb826a1b5c4e0f70a5f6bedf7bd9fabfbbe5655c5434b4dcaff01920769170022d612bb23b64899f0deb5dd40e256ec7694fad625c1aed696d0bb38f495cdf7cfbe813d8ec54bf0ce1e1da7ad6c8553b92869ab45ee44fba0c9f593c08744a49d3126c72ab35269d250e9c65e8974c221cf25a8eb0e7a1a881505385e69319042d14e61caad994ac691b932af63a9d4c402e567d6472832dd6ccc21407d6d700ce8cdc0d67db445dcf1df89f8c6366ecef9207ad3ba00d167dfd351ad9a98d5c7b6bba51e749cf196f8f7d1211edd3d51dc9a87dc5337d5a93393977bf24c25bfc84a6734342538ec6553177abe0bdfdc80cd5e7884bf6b3c39db74889d9703ffbc7fd7a7a716e6215c41cc28e1d7e2c0586c697f477df438cdd33fabab66529394f39e03c9e9431644b733af8db4017105ece8ae0345d9eadc5063bb9444dd96b56f140538ed9a4822ea1ebc80a8e462d67fba10fd6074e93785d61472b1e9e61ee651950de0140b14907652791f0bec547cfcf169a7dc3bf2b53acc9986f7c64adcc70247e265179af59559d5829e1c702f6d033b1389bbb8cc2974b156ab6c7b6f48238e707f354a3b310a3463af5cc5be6925398e0f9dec5f232ddfcd9b62710d265262981715d1a395b700728adc7a2558e617c67e9e0d6807d35b421f67d1d89e5ca95aacd00ca5faadcf6cd70903fc1f0a74f64056df5871fdf6a32dfed78fc0ecca8c13c724dcbd88ba621fb2f071af2c61d81a1a85e13b56472cfea91cc3722953cb179c2005a3626bf4fc4c23da1fd761ceb43af5e43c49a546c9075f3b919bc88b6a3579f7cda21950db08c5b4ae12262416fe7e07fea54a08a39d8978357ef1f46ad454257c93b41dada73d74ab95e15aaa140ca798e0697941e1fe109fb3390298bbf1d0f61d2385fc8bc0200188b11e7835d2d2e92a27cd525d9dadbe334f2be1a7d95f7996fa040fd3d527b537688a10482adefcb94fd800e1828de81d78a3616086b3bdaca2a2ef6b8719f934cc7d202d1a0902ffe890b55c2adcf00680618d10583f176a7c2f07224c39aee685dc38199c2ee5781a3f79bfd7c3d29cbfb9d23235695137346471261f52637bed9bf4f39a768957209029d56e969024c8536e121157024433857ddb43a3a0c66029754a30b78196ae90b4c4978a0e54fd9abb198e0c5ffb55852349d4bdb3155a34c8a411ed7f6b3a1c4f98889c5c56280d46733f4b2fdf7c2dc8fc0af3f77cfce52c38a793d028f907b0419bdb77757e2570eecb405725946beb46cee6bea3f813ed740b548b8a61011bb2fbd5263a754b669b20f08f69d30b3028dc57bdbb93c314192daf74eb47e4eb2eb926bdc2177d9625d9a13175d85ac4555d7f7e52c455df5315c07f5633996839484f1b40173194bb23af63d78187ac258c97df2b19091c45dc81b4c8c1279c8291955c3d5604118355ce3919dbca9c3e7d41e90c2bcf57bf9159973004cfc6e23445a4c51405b1c596302d89caab6ca4fbc67ca7eb47f27c7a192a5d9c53ec4fb3e20049210df982ef2a655002869ab7c0b695824a3ef19a72ff0a559e8284fbd995aa7da16efbec80ce7639cd59cf400a38c8bd2e4227cb547aa1760c7bd6e5bf7c1c4a4813824d3e4bf63b1df554d41cbab3d943335f66d3078afd6b5d734a825f82872e6349676bd9f7a5db3d0ae066a9e84d5e8c49e4a31e95d97277a8b9a011d5afb0fe97683eaa432808f48b28a264bb9e1dc291a2cd71819bef193cc265fd32b8545d10d0230bdda3db2f25295a49d7cc5e9067678e0cda8aa5d3e449d34acb2e56fbb1f5a55517afcdd1fa71aa47ccc5c8674d3c61518789f1dbab1fcc665e61af8c2fdd724f0639d3f33b4efb2d7a70433533cccf982f16197f079680ebccfc0878584abb9184a68da375398962c88525592796b0d5a280907c45727b9353553c1d702704c3373eb90fa9a34d3c11971996619563092696caf72f3dd79a5c91109d55392256d4d4fc8a561a8860427c73bd5eb205bfe1a5ccd1baeb5f2b0fb073ff4dee733302df838fa748083575ddbbf6085b54eb4431c22bd6927dc2ff105ba4ff8930d2fe12063b73b2ac978ed294dd363ffc0ed33d30b93627041ada3ac38eb15ce324961607db600aa924a12bcc42d11c25af963fa4f7e120ff81844d18c42c87571d76ae95d5fcc1a091065ef26b14dfa51a415f93b8ffb4976709e4425e8c26dd92c75fe3b631089e4bb823b68fe0459ef2a539d33b2d839e176e92a2d7f0567c3270b19dc6a5932e5f17e60625be34cb6f5a46cd292607cee6a01f8937dc7c64eaee7e4a2cbac3b4649f7e2493dc02809bf43b0e80f1dde9f202269dca5cf8c59093f042369c2a04534247d90219cf534cb47128e8da0afc89a9648a6d404edd6a0fe42b66897aa2f5ae59ee6499bfed7d88a061078a80deb2b3174bb6e3882acb25128b916be0ca467f2e5383705303d1490b8ddd20332fc8e2d6e5172a758af24af032848e53e1b7f31d6d23f585646d2202747a26e26a2cabcf8f16a93df51c54717caed848cae7cfe3d961a9cfa6edf7e8253e8e9cd37640b75d89d35389e8434a541fe1a219530527a7d30159975f2eb67920799606d0040d81c65f04507c958169f86588cd75e4cd220a3f7e6257bc1584820f79def98e6de1b71b648ae31f2717c89bd04e9bab6986d7733eceec73e059f54c872a13c54f0b54714f5187d5c72f49cfed0b6362455bd0972b90f5a7ac7049cc1c16d14f4bc0314cd461d8f342149d21636dc40ecfbdb104f02380eaa06070d9040ef54aea765e8b9e8324bb42b00aaad8bdef4accadad4c46925061ef0abacf427b26d890cba8bc92aad8a64595e4f7a9937245569443c92f346c9816c2ed70ed7ef067671cba1168b9664da5921cc22e18e00a66c69771fe283a4e179c5241550acaf72a87d9eadaa1a400fd2498f13b346148d59494c9d0615d2573048b46e5bcf38dc9b65930e57e2e763591da2b23bba7fcd05052e384b3e7bc3a784b18640952c3fc924e92979cd80552eb8044b00ae55880d8f696c07ecb43b2e0177d33385780edc713fd51d1954c57968bfeead2e3377cdeeb991041f7c0a8035dcd6e0479f5051d4b26135e01a6457315ddfb7c2db755707f661844bb1ec16c3ba5f0490de398069a2e69db12fe34cd1b348d68ae736f7d53610c397860cac3a2e893cabf15e89709a512d72541a325a6e4d396be6eb193e57710df5f49ce2d70eff3323dd6d0c3d491a79a4451c37c4b6812e22c4a55ccb67affe54107aeac1c9da0e1ccf7561daa1f9cc94d4dd9a808330b9b8af84baef82deeabebaf8edb44cc210416382decbf0954c3ab4e58f792de289db011fbedabdf9452a131eaafb7bd954f66778be7f990d8a1085838e95193e34bd9359d5d3b1d388593c12a91791d17264b9db50aac4920a8c11697d1c2b996863e7f27c1c96c95b0ff4cc578102204bbd6f0b8433ef0ea8cd6782aa068e59be4e947180f5cca896a1a172bc7828ebcf40a9b990d8be3f0fb63e33589070bf38bf5766a707ad8fc554ff2582a19a35ea02efd7ec3efa2b3940e3f9013938ff4f72d0571b82f3536077ed2b1edf2c2faa5e6092fe3e0bad9e8d2a25e6c4fd35cb8410d9481c7c5b52785e4b134565076072d17c0b45855fe24a184b8b957f55a902b99a40369f0b2ed2b3d5793784bae32731bc4f36b8ad8c651304573d2ee5f934a6ccc71b6ef3dc05bc21045677f5d1904172eb6ff1398fba046c30772e6d5755acd3d2258f8b813ef20f58b2aa69ead4304bd764815bfdc8591e5c283b552786f203149d37dab7ece341a2318a8758a14073581f1aeebc32734de9fa333ddacb7a7400a26c2a4d14811f175b9ccefeda7e5d966a1f366626f6d02ac0b3399a24d8b748fa44c62bc3f16c44c073a434b0ce23e7d6dcbaa91a1a789e328037541d7abdb6a5dffe3aa54b742ede101946eed3222bdde429338aec345c7cbee3f275c3c79ae49f8fe9506930e99113f1d6a9cda142eaf30a1c726bab1cd68e3b9247b9c951316658f76846b485aa1eac01aa61331aea97bc8d72fcf63fd774be26da125aeaa6b7b6a370f205eb562c6209d6a1a30a1035d8981111f3f5cae7a6289635ae3e531fef9da024ff2dfa413c7a26db0ebe741f5c20660c8c9febe354228a68eb2b5a436c1aa8c146c2a8ea4b969b09c0cf153274057cc272cad024045269b10f4e06086018cf412e4965c39834423428e3a9bff63ad2a81fa42089d18c92244431584d979f92399fe7cc9225ae43f029520d8c5f524d2d6e886069ec181ca34a408ea037caadd671f99052dbe4c3290ee195b478cba227e58abd37ce57db505417f8868acae4fd98bc85688e249c2f54905923af462783c1d15a505cb12e1074a8e07ab86f0b97ee4ca70c784e722fa6084b5c9f99eb6147fdbea96e2ed1f17cc60e3e08346a9e0bd56c072f0c876d1098e6444633dd96d8dad89be7f62aafe9bf866b8850e66c35395ac24818fa1240f3c3a2f229a5eba084ad5fea3f33b12b454d8f4e2ed44b75b414a6d68b6446b821d407cfc13dbd1873f18ee3803d67d0e0400e000f4f981a1d3b719577c32afdd126164e733541253cd200c24e9a64a5ccddfbb8b2b43b6fe8a095c82311c9bc905714c699e8343c359edfa002e7b28d589ffb596b7d6c6a3debc07c2cde3d976f3739b15dcff18d5cb13f41178c3698d638e6be373eeca1c1b518597fbef2a30d53785ee51f5f733783c892450e950d7f52084b85ab23d279743620dcee6085c93fd65bd8499734d55f90260dd7e04cf2041d5aba27618310aefa88844ff9a4d04ef80538662d96ad0e8069feda6281c3cbe2d4b29087fabc91791bc786549fc2b363825a1c9a6a606a615aa3495184a076cc05dd0a0cb11bca7b5d38d2cda09dcf215ed99aab40c8ca21e061e11216a13fabb58391a0e8fe9bda421aff8f2edd384f0c597bd6a44d41c8dfd48a6dcf55a731b961ecb5a2ccff1ea7f9560c1ecee040077800000"], 0x122c}, {&(0x7f0000002080)={0x50, 0x15, 0x100, 0x70bd25, 0x25dfdbfc, "", [@generic="ac4256c556fcae908c8cd1a6a3efbcece8eeb51ace4fba55d46a326b575db34619ca0a60c38fc2116b1a0c99286ebbd75c1b8fb6dd673a8c323aec8117c00410"]}, 0x50}], 0x5, &(0x7f0000002500), 0x0, 0x80}, 0x8000)
r14 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r14, 0x84, 0x4, &(0x7f0000000600)=0x5, 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x4, r12, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x0)

988.635477ms ago: executing program 1 (id=1589):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[@ANYBLOB="3c0100001000130428bd700000000000ac14d947af3a486cdd75886ad7487e1014aa0000000000000000000000e10000000000000000000000ffffe00000010020f5064e2400000a0020201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe88000000000000000000000000030100000000320000000a0101000000000000000000000000000400000000000000070000000000000000000000000000000400000000004000ffffffffffffffff06000000000000007f0000000000000000000000000000000000000000000000ffffffffffffffff04000000000000000000000000000000f6000000040000000800000000000000ff340000020001fe00000000000000004c001200726663343330392863636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000"], 0x13c}, 0x1, 0x0, 0x0, 0xc000}, 0x804)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xf, 0x4, 0x4, 0x8, 0xe302, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r2=>0x0}) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[@ANYBLOB="380000000b06010300005c89249261b65124000805000100070000000900020073797a310000000010000780"], 0x38}, 0x1, 0x0, 0x0, 0x10000000}, 0x4880) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="ac000000000000000000000000000000850000006d000000850000007d0000009500000000000000b3c18ae03f75d805164dde77efd76d91de4d0279a74489d2409d3a5be9ee5a6599426ecfa53c0be1d135573c1ac06d4291ed1c080d4f"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173}, 0x94)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) (async)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, 0x0, 0x310) (async)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001"], 0x110) (async)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) (async, rerun: 64)
pipe(&(0x7f0000000780)={<r8=>0xffffffffffffffff}) (rerun: 64)
sendmsg$SMC_PNETID_GET(r8, 0x0, 0x4001)
syz_80211_inject_frame(0x0, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @void, @void}, 0x2e) (async, rerun: 32)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) (rerun: 32)
syz_80211_inject_frame(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110400001000000002000000"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) (async)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r10, &(0x7f0000000200), 0xffffffc1) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r10, 0x0) (async, rerun: 64)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r10, 0x0) (async)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000304fdffffff0000d165fb7a9899", @ANYRES32=0x0, @ANYBLOB="00a30000ffff00001c0012800b0001006d616373656300000c00028006000240000900000800050054e9083e0c716a56a607df91b812255f0233550d7351cd06f7f19473721b9dcbe6eb663282c160457dbfdfceebb2473de27ded7bf454968c88f235574f3aba631bab2a077e09b6c36e46f9b2f6b4c3647df8a505ee0165aa04f3e7a0549c1da677d93b0ff3b304010072694b97e5546849aba892380b7ebd60cce00b2fee3d2af90c346a84390029c2ff1710259d0c3a3b4b7fb9537ab25e1877a17e9c08dcc25d35efac9816089a73a3dd1e7c19fa9c1b52", @ANYRES32=r2, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x24008000}, 0x10)

931.230495ms ago: executing program 3 (id=1590):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) (fail_nth: 74)
connect$tipc(r0, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10)

930.673694ms ago: executing program 0 (id=1591):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
socket(0x21, 0x3, 0xff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r2 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000}, 0x1c)
sendmsg$tipc(r2, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x3}, 0x28, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x13, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711872000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x22, &(0x7f00000001c0)=ANY=[@ANYBLOB="03ff9000000000"], 0x0)
socket$netlink(0x10, 0x3, 0x12)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000100)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={r3, 0x20, &(0x7f0000000480)={&(0x7f0000000340)=""/253, 0xfd, <r7=>0x0, &(0x7f0000000440)=""/48, 0x30}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20)
r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@generic={&(0x7f00000006c0)='./file0\x00'}, 0x18)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x1}, 0x50)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0xba, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1d, 0x6, &(0x7f0000000100)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ldst={0x3, 0x3, 0x0, 0xb, 0x2, 0x0, 0xa32efd6470cec5af}], &(0x7f0000000140)='GPL\x00', 0x0, 0xd9, &(0x7f0000000240)=""/217, 0x41100, 0x1, '\x00', r6, @fallback=0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x4, 0xa, 0x8, 0x8}, 0x10, r7, 0xffffffffffffffff, 0x0, &(0x7f0000000800)=[0x1, r8, 0xffffffffffffffff, r9, 0xffffffffffffffff, r10, r11, r12, r10, 0x1], 0x0, 0x10, 0x9}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1e, 0x4, &(0x7f0000000340)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000f00)={r13, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

890.266095ms ago: executing program 1 (id=1592):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
pipe(&(0x7f0000000dc0)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r4, 0xb0b}, 0x14}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r4, @ANYBLOB="10002cbd7000fbdbdf250800000008000600050000001800028014000100b545ce59db508733f335d47a93a7fe8000000000000000000000000000bb08001201002c000180080009004a00000006000100020000000800090028000000060004004e240000000006006e6f6e650000000040000380060004b4aa45ff000800030002000000060004008100000008000500ac1414bb1400060000000000000000000000ffffffffffff050008000100000008000400b480000008000400fe7f00005000038008000300000000000500080001000000140002006e69637666300000000a063b96fc5e5ca1fb000000000000001400020076657468315f746f5f626f6e6400000014000600fc0200000000000000000000000000010c"], 0x11c}, 0x1, 0x0, 0x0, 0x4008010}, 0x10) (async)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r4, @ANYBLOB="10002cbd7000fbdbdf250800000008000600050000001800028014000100b545ce59db508733f335d47a93a7fe8000000000000000000000000000bb08001201002c000180080009004a00000006000100020000000800090028000000060004004e240000000006006e6f6e650000000040000380060004b4aa45ff000800030002000000060004008100000008000500ac1414bb1400060000000000000000000000ffffffffffff050008000100000008000400b480000008000400fe7f00005000038008000300000000000500080001000000140002006e69637666300000000a063b96fc5e5ca1fb000000000000001400020076657468315f746f5f626f6e6400000014000600fc0200000000000000000000000000010c"], 0x11c}, 0x1, 0x0, 0x0, 0x4008010}, 0x10)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r4, 0x1, 0x0, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7ff}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}]}, 0x64}}, 0x1) (async)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r4, 0x1, 0x0, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7ff}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fff}]}, 0x64}}, 0x1)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)={0x28, r1, 0x301, 0x70bd28, 0x0, {{}, {@val={0x8, 0x1, 0x63}, @void, @val={0xc, 0x99, {0x2, 0x4}}}}}, 0x28}}, 0x44)

650.471775ms ago: executing program 3 (id=1593):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x6}]}, 0x10)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000000))
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000580)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x4}, 0x50)
r1 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
close(0x4)
r3 = socket(0x2, 0x3, 0x6)
bind$inet(r3, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4)
sendto$inet(r3, 0x0, 0x20, 0x48890, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x8, 0x0, 0x0}}, 0x10)
r4 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000440)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"])
r6 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="9c0300001000100029bd7000fddbdf2506000000e5000d00669047be4d9614d156a6c21e15c41dfcd2ca0a3b625fb2a8b9add26ff4ad18b5e54ef7e0d2454787eff652f38b832227958ab91710122a1082a87eb3f5d36b56c8e512eff940aeb8a258f820154d6e6b8d0b6e8171955bff51b9453f0bbe775ad6abe5d220492a4e15889d8b1e53befeb7b85466930c9e6e9368f0051bf3fe63c310842aeada300c633b57920730fc058c434a17e8adccd14de4bd75ea666d9b800c108af8f3c559ea8a6f1d0598f4e0aec63fdeb7f26c96da2b70074791d0c96494631a79413572d296f06739f76c5d22939a79206d2083d20e9e3b7d05fc5b73000000ad013f800f5a6eb3b24de1c15ebe203faf04c9ad7bf856ee8548cb6a82b82be80f382d58129f68fa23d08fe3d8492bfecedea40c743161bbc3f4459f41c2a2b7803ef0f0324b45d72c922cfc515a5355dbe575eb9475b90d109ec27a748c90391c040d25bdf887c5ecc8c1bcfcb75056ffbaaea7052f7223378d2ec88ff6b0a71bff9e7be62a3ad8833a5040321cd0ad62483138e9dd6b2c4c27a570a6214838b4ccda28f5fe0ba91160d21ba40cf7d3e6147b65db575718c9d7c940e89cf1280791ad9d8ad4da143db959f92055b6af7e6a73afa5962ff63ba18455b7d8b602eae99e6826ecaf8c308be83d15a5b4bf2c9b9a83513d2c08003d00", @ANYRES32, @ANYBLOB="0400b98014003500ff02000000000000000000000000000108001700", @ANYRES32=0x0, @ANYBLOB="a1c022c6d04a7f93589f572c2eb6557950f9d8c19a040000008f17c8c9bc19396eb7111a12eec29641a735d856c84b1a8294e30a8f9b97426f84da127c6e53d184b9e3678e25cbf13b015a2f3883a3c95c004d015bb86f825f7331a334bea0f3d5f7d3ea50f9f0963dd024249cf4b48e7cb2ed17ef3fb961b4b9cb3bba59663e7420e9e64ced080013", @ANYRES32=0x0, @ANYBLOB="00000008009b00ac14142c3aebf9f1dca20ab35518b65d00b1bd9946f108a43e1a8f275a4b6d665b9a01c77e945da80f282197dde1e4c2ef0c4863ca826628aeb80da81ca17ba13b714007b044ca173012be8e418b0df8fa2a50270ee6098a4e46ce89b28e57c5a0430832304d37d2eba4eed6e8086b1e021c330a7001730b62ab29ee043ed88448dba7f44c05b26b262548cd06114b4cf7ddf9ea4423521a11907dc4da3bf180e1a1909c158c6f82fd87137bd84be3675f09070035ff4845b0b4d611b89ca26fe69eb42b822370b5828c115820ec1b2518596f254046e22005319b7568215924beab83a13fb4937513550000"], 0x39c}, 0x1, 0x0, 0x0, 0x40}, 0x20000084)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x20, r8, 0x3, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40000)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff)

567.352565ms ago: executing program 2 (id=1594):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@mpls_getroute={0x24, 0x1a, 0x9e8a232eead7a86d, 0x4, 0x25dfdbfe, {0x1c, 0x14, 0x0, 0x7f, 0x0, 0x1}, [@RTA_DST={0x8}]}, 0x24}, 0x1, 0x0, 0x4000000, 0x4040000}, 0x0)

561.387839ms ago: executing program 4 (id=1595):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073f0b693e800000038000000030a01040000000000000000010000010900010073797a30000000000c00024000000000000000010900030073797a3000000000140000001100010000000000"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000000b340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\b\x00\x00'], 0x40, 0x4040800}}], 0x1, 0x4000)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB], 0x7c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=ANY=[@ANYBLOB="1c00000014000500000080000000000004000080ecc032c4cd30ca4135c191b4390ea5b0af1fbcb3ef023c71b2a998f85434dce4c6611aa5f12ea9ef63556ca6c05bfc74749d2012416c8b04be8f84c21f992c501101efe32e0eee55c4b9fa2ae1904a242b63bb38a8a5f8385ccf8798a7293fcd25ff4a7918edafb4fa3de0dcb1c53f58f45636d0e9edd1b622a98b8fe393dfcf0c09994dccc20164beec2d5cc1309b79ae7a009910ac53d9e281679515d176dc97b92e3a40c28329ee4a63249aeaca86ad44741cdc8685f2b59e08d708f9cfd9b25ac2f04f6dbf52f0f763993303c5e74346e8f4e076beff04061714cb04fa4a9dec05deacd45fc5cfb23f01e75e7407fd91f2e7962db7942711a8452b9acf37b3eefd45a4a7da8512130ee8f7f6bcb44b3578dc64e2a8e85559100a5ce3ba4c1fe2f8e2eb57fe4d204ce9dfb5991c88852cc9edce6ec721a22ea6416e72e8b4f58a48db1de1fd4c4c16cf3216b260b558aaa2e6"], 0x1c}], 0x1}, 0x0)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0400000004000000040000000100000000000000", @ANYRES32, @ANYRESDEC, @ANYRES8], 0x48)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r7, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0xffffffffffffff80, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2f, 0x1, 0x0, 0x25dddbfb, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x13, 0x0, 0x0, @u64=0x7ff}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x41}, 0x4008080)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_hsr\x00', <r9=>0x0})
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r9}, 0x90)
r11 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r11, 0x0, 0x0)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5, '\x00', r9, 0xffffffffffffffff, 0x4, 0x4}, 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001500)={<r13=>r0})
sendmsg$key(r13, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000001540)={0x2, 0x11, 0x9, 0x3, 0x6, 0x0, 0x70bd27, 0x25dfdbfb, [@sadb_spirange={0x2, 0x10, 0x4d4, 0x4d5}, @sadb_x_nat_t_type={0x1, 0x14, 0x4d}, @sadb_x_nat_t_type={0x1, 0x14, 0x1}]}, 0x30}}, 0x810)
r14 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0xb, [@decl_tag={0x9, 0x0, 0x0, 0x11, 0x5, 0x3}, @volatile={0xf, 0x0, 0x0, 0x9, 0x3}]}, {0x0, [0x2e, 0x5f, 0x5f, 0x61, 0x5f, 0x5f, 0x0, 0x0, 0x0]}}, &(0x7f0000000440)=""/4096, 0x3f, 0x1000, 0x1, 0x3ff, 0x10000, @value=r11}, 0x28)
r15 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r15, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001440)=@bpf_tracing={0x1a, 0xb, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xcb, 0x0, 0x0, 0x0, 0x8}, [@jmp={0x5, 0x0, 0x1, 0xf, 0x6, 0x10, 0xffffffffffffffff}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xf}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}]}, &(0x7f0000000000)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x40f00, 0x9, '\x00', r9, 0x1a, r14, 0x8, &(0x7f0000000280)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x1ef7b, r10, 0x0, &(0x7f00000002c0)=[r12, r15, r12, r12, r12, r11, r12, r12, r12], 0x0, 0x10, 0x200}, 0x94)

552.992357ms ago: executing program 2 (id=1596):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000080), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xb8, 0x13, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x4e21, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x2}, {0x0, 0x80}, 0x100}}, 0xb8}}, 0x0)

433.820768ms ago: executing program 2 (id=1597):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x4000000, {0x2, 0x1}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e22, @multicast1}, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x5093})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r2, 0x10c, 0x2, &(0x7f0000000140)=0x80000005, 0xffffffffffffff9e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
shutdown(r3, 0x0)
write(r3, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_LOOPBACK(r4, 0x65, 0x3, &(0x7f0000000180), 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x1ff)

400.479014ms ago: executing program 1 (id=1598):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000000c0)={0x1, {{0xa, 0x4e20, 0x5, @mcast2, 0x6}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000000a004e287ffffffffc0000000000000000000000000000000100000000000000120000000000000000000000000000000000000000000000000000000000000000000000006ff00000000000000000000000000000006d00000000000000000000000000000000000100000000000000000000000000000000000000000000000100000000000000"], 0x90)
r1 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x18)
r2 = socket(0xf, 0x80f, 0x1fffffd)
r3 = accept$inet(r2, 0x0, &(0x7f0000000000))
bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x6}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac"], 0xb8}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000000c0)=@bpf_lsm={0xe, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000009900000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00400000000000"], 0xb8}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0xd, 0xd, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000000000000000ffffffff851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bda100000000000007010000f8ffffffb702000008b19200b703000000000000850000004600000095"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x4e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f0000000440)=0x4)
syz_emit_ethernet(0xc5, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @empty, @val={@val={0x88a8, 0x2, 0x1, 0x3}, {0x8100, 0x6, 0x1, 0x4}}, {@llc_tr={0x11, {@snap={0xaa, 0xaa, "03bd", '*Bs', 0xf5, "5ea51cf6d57062afea6651692f414e3db02b5def8c8eba09b559b84ce53e627c7db921061c9e8980ff554468f6b074dfa6b88faccc7114daa805f6574ae441108e07136b4b5204b2871cb2333c5a303040abf957135b471515d6cd2bf3955d0f7fa2d7e0fcb25472ecc42b9460fdee0c36864781b8a0b0bcbb1d07d49b34de7b6876cd6f8f17d6d51b2abc30d245c94d7ee24d2739849d081b7b6e34c82711c79e0ae274e7c3"}}}}}, &(0x7f0000000180)={0x1, 0x2, [0x38c, 0x44b, 0xb94, 0xccd]})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_attach_bpf(r8, 0x1, 0x4c, &(0x7f0000000400), 0x4)
sendmsg(r2, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x10}, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f00000001c0), &(0x7f0000000380)=0x4)

392.972282ms ago: executing program 4 (id=1599):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x2000300, 0xe, 0x30, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x23000000}, 0x50)

271.441395ms ago: executing program 1 (id=1600):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x1, 0x9, 0xc, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

271.193238ms ago: executing program 4 (id=1601):
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lli, {}, {0x7, 0x1, 0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0x99}}]}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(r1, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x1000000, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0)
write(r0, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1500000010"], 0x48)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0x401, 0x70bd2d, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x3}}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0)
pipe(0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x9, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x8, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close(0x4)

270.895635ms ago: executing program 3 (id=1602):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
socket$inet(0xa, 0x801, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$kcm(0x21, 0x2, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000121000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

202.250879ms ago: executing program 2 (id=1603):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000001080)=0x8)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r3)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000200)={'wg0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', <r7=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x1d8, r5, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8}, {0xfc, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x134}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r7}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}]}}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000140)={r4}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={r4, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x40, @remote, 0x40}]}, &(0x7f0000000080)=0x10)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r8, 0x84, 0x7f, &(0x7f0000000040)="020c0000098011e8", 0x8)

146.323627ms ago: executing program 1 (id=1604):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = socket(0x1, 0x803, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x4000000, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

135.123446ms ago: executing program 3 (id=1605):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x15001}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}, 0x1, 0x0, 0x600}, 0x0)

72.912551ms ago: executing program 4 (id=1606):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x1d, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000540)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r6, 0x107, 0x18, &(0x7f00000004c0)={0x0, 0x3, 0x6}, 0x10)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/185, 0xb9}], 0x1}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x24, r8, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffffc}]}, 0x24}}, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r7, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x4)
syz_emit_ethernet(0x32, &(0x7f0000000740)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045000024000040020011"], 0x0)
syz_emit_ethernet(0x2e, &(0x7f00000004c0)=ANY=[@ANYBLOB="000000000000bbbbbbbbbbbb0800450000200000010000119078"], 0x0)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710429000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010027bd700005000000020000000900010073797a30000000000900030073797a3100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0)

7.310381ms ago: executing program 3 (id=1607):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {@in=@dev={0xac, 0x14, 0x14, 0x28}, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0xff80}, {0x3, 0x0, 0x6}, {}, 0x0, 0x3502, 0xa}, [@tfcpad={0x8, 0x16, 0x10000}, @algo_auth_trunc={0x4c, 0x14, {{'crct10dif-arm64-neon\x00'}}}]}, 0x144}}, 0x0)

0s ago: executing program 3 (id=1608):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="c40000001900674c000000000000000000000000000000000000000000000000ac1e0001000000000000000000000000000000726c0000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="01000000000000000000000000000000000000000000000000000000000000000000000000000000ffff7f00000000000000000000000000fcffffffffffffff0000000000000000b0ac0000000000000000000004000000000000000000000000040000c06b6e0000000300000000000a00100001"], 0xc4}}, 0x4c050) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003082f00fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000006800090200000000000000000a0000000000000004000c"], 0x1c}}, 0x0)

kernel console output (not intermixed with test programs):

6c9
[  138.701390][ T8010] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  138.701401][ T8010] RBP: 00007f4a3d709090 R08: 00000000000004f0 R09: 0000000000000000
[  138.701412][ T8010] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.701423][ T8010] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  138.701453][ T8010]  </TASK>
[  139.085875][ T8017] sctp: [Deprecated]: syz.3.658 (pid 8017) Use of struct sctp_assoc_value in delayed_ack socket option.
[  139.085875][ T8017] Use struct sctp_sack_info instead
[  139.194525][ T8023] netlink: 24 bytes leftover after parsing attributes in process `syz.0.662'.
[  139.276638][ T8022] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  139.913415][ T8056] netlink: 'syz.1.676': attribute type 4 has an invalid length.
[  139.956620][ T8059] netlink: 'syz.2.677': attribute type 5 has an invalid length.
[  140.019291][ T8062] tipc: New replicast peer: 255.255.255.255
[  140.034838][ T8062] tipc: Enabled bearer <udp:syz2>, priority 6
[  140.545473][ T8096] __nla_validate_parse: 9 callbacks suppressed
[  140.545490][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz.1.686'.
[  140.565172][ T8096] tipc: New replicast peer: 255.255.255.255
[  140.572165][ T8096] tipc: Enabled bearer <udp:syz2>, priority 6
[  140.596724][ T8098] netlink: 24 bytes leftover after parsing attributes in process `syz.3.688'.
[  140.717620][ T8104] trusted_key: syz.3.691 sent an empty control message without MSG_MORE.
[  140.732186][ T8104] FAULT_INJECTION: forcing a failure.
[  140.732186][ T8104] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.767925][ T8104] CPU: 1 UID: 0 PID: 8104 Comm: syz.3.691 Not tainted syzkaller #0 PREEMPT(full) 
[  140.767953][ T8104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  140.767963][ T8104] Call Trace:
[  140.767971][ T8104]  <TASK>
[  140.767979][ T8104]  dump_stack_lvl+0x189/0x250
[  140.768007][ T8104]  ? __pfx____ratelimit+0x10/0x10
[  140.768032][ T8104]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.768054][ T8104]  ? __pfx__printk+0x10/0x10
[  140.768072][ T8104]  ? __might_fault+0xb0/0x130
[  140.768107][ T8104]  should_fail_ex+0x414/0x560
[  140.768137][ T8104]  _copy_from_user+0x2d/0xb0
[  140.768159][ T8104]  ___sys_sendmsg+0x158/0x2a0
[  140.768182][ T8104]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.768246][ T8104]  ? __might_fault+0xb0/0x130
[  140.768272][ T8104]  __sys_sendmmsg+0x227/0x430
[  140.768297][ T8104]  ? __pfx___sys_sendmmsg+0x10/0x10
[  140.768326][ T8104]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  140.768363][ T8104]  ? ksys_write+0x22a/0x250
[  140.768389][ T8104]  ? __pfx_ksys_write+0x10/0x10
[  140.768417][ T8104]  __x64_sys_sendmmsg+0xa0/0xc0
[  140.768442][ T8104]  do_syscall_64+0xfa/0xfa0
[  140.768458][ T8104]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.768475][ T8104]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.768493][ T8104]  ? clear_bhb_loop+0x60/0xb0
[  140.768514][ T8104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.768531][ T8104] RIP: 0033:0x7faa8bb8f6c9
[  140.768547][ T8104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.768562][ T8104] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  140.768581][ T8104] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  140.768594][ T8104] RDX: 0000000000000299 RSI: 0000200000003dc0 RDI: 0000000000000005
[  140.768606][ T8104] RBP: 00007faa8ca1f090 R08: 0000000000000000 R09: 0000000000000000
[  140.768616][ T8104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  140.768627][ T8104] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  140.768658][ T8104]  </TASK>
[  141.214066][ T5874] tipc: Node number set to 738924513
[  141.235414][ T8114] netlink: 40 bytes leftover after parsing attributes in process `syz.0.695'.
[  141.328164][ T5147] Bluetooth: hci0: command 0x0c1a tx timeout
[  141.821689][ T8127] netlink: 24 bytes leftover after parsing attributes in process `syz.2.701'.
[  141.833129][ T8131] FAULT_INJECTION: forcing a failure.
[  141.833129][ T8131] name failslab, interval 1, probability 0, space 0, times 0
[  141.845813][ T8131] CPU: 0 UID: 0 PID: 8131 Comm: syz.4.702 Not tainted syzkaller #0 PREEMPT(full) 
[  141.845837][ T8131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  141.845847][ T8131] Call Trace:
[  141.845854][ T8131]  <TASK>
[  141.845862][ T8131]  dump_stack_lvl+0x189/0x250
[  141.845890][ T8131]  ? __pfx____ratelimit+0x10/0x10
[  141.845915][ T8131]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.845937][ T8131]  ? __pfx__printk+0x10/0x10
[  141.845957][ T8131]  ? __lock_acquire+0xab9/0xd20
[  141.845984][ T8131]  should_fail_ex+0x414/0x560
[  141.846013][ T8131]  should_failslab+0xa8/0x100
[  141.846034][ T8131]  kmem_cache_alloc_bulk_noprof+0x72/0x620
[  141.846054][ T8131]  ? pfn_valid+0x125/0x4d0
[  141.846072][ T8131]  ? pfn_valid+0x440/0x4d0
[  141.846092][ T8131]  bpf_test_run_xdp_live+0x15f6/0x1b10
[  141.846119][ T8131]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  141.846140][ T8131]  ? bpf_test_run_xdp_live+0x393/0x1b10
[  141.846171][ T8131]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  141.846191][ T8131]  ? 0xffffffffa02057c0
[  141.846223][ T8131]  ? 0xffffffffa02016d4
[  141.846263][ T8131]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  141.846292][ T8131]  ? _copy_from_user+0x94/0xb0
[  141.846314][ T8131]  ? bpf_test_init+0x113/0x150
[  141.846329][ T8131]  ? xdp_convert_md_to_buff+0x5b/0x330
[  141.846350][ T8131]  bpf_prog_test_run_xdp+0x7c0/0x10e0
[  141.846384][ T8131]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  141.846408][ T8131]  ? __fget_files+0x2a/0x420
[  141.846430][ T8131]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  141.846450][ T8131]  bpf_prog_test_run+0x2c7/0x340
[  141.846473][ T8131]  __sys_bpf+0x562/0x860
[  141.846493][ T8131]  ? __pfx___sys_bpf+0x10/0x10
[  141.846526][ T8131]  ? ksys_write+0x22a/0x250
[  141.846550][ T8131]  ? __pfx_ksys_write+0x10/0x10
[  141.846585][ T8131]  __x64_sys_bpf+0x7c/0x90
[  141.846610][ T8131]  do_syscall_64+0xfa/0xfa0
[  141.846625][ T8131]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.846642][ T8131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.846659][ T8131]  ? clear_bhb_loop+0x60/0xb0
[  141.846680][ T8131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.846696][ T8131] RIP: 0033:0x7f150358f6c9
[  141.846712][ T8131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.846726][ T8131] RSP: 002b:00007f1504416038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  141.846746][ T8131] RAX: ffffffffffffffda RBX: 00007f15037e5fa0 RCX: 00007f150358f6c9
[  141.846758][ T8131] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  141.846769][ T8131] RBP: 00007f1504416090 R08: 0000000000000000 R09: 0000000000000000
[  141.846780][ T8131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  141.846791][ T8131] R13: 00007f15037e6038 R14: 00007f15037e5fa0 R15: 00007fffcaf21ce8
[  141.846822][ T8131]  </TASK>
[  142.326059][ T8144] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  142.333945][ T8144] syzkaller0: entered promiscuous mode
[  142.339439][ T8144] syzkaller0: entered allmulticast mode
[  142.370629][ T8144] tipc: Resetting bearer <eth:syzkaller0>
[  142.382306][ T8141] tipc: Resetting bearer <eth:syzkaller0>
[  142.396632][ T8141] tipc: Disabling bearer <eth:syzkaller0>
[  142.540363][ T8154] netlink: 28 bytes leftover after parsing attributes in process `syz.2.711'.
[  142.549478][ T8154] netlink: 28 bytes leftover after parsing attributes in process `syz.2.711'.
[  142.649212][ T8160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.713'.
[  142.816972][ T8164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.714'.
[  142.832665][ T8164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.714'.
[  142.855635][ T8164] netlink: 216 bytes leftover after parsing attributes in process `syz.1.714'.
[  143.213027][ T8181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.502370][ T8189] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  143.510806][ T8189] syzkaller0: entered promiscuous mode
[  143.524200][ T8189] syzkaller0: entered allmulticast mode
[  143.560527][ T8189] tipc: Resetting bearer <eth:syzkaller0>
[  143.600326][ T8188] tipc: Resetting bearer <eth:syzkaller0>
[  143.616091][ T8188] tipc: Disabling bearer <eth:syzkaller0>
[  143.787450][ T8201] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  144.418373][ T8230] netlink: del zone limit has 4 unknown bytes
[  144.702839][ T8241] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  144.794142][ T8246] sock: sock_timestamping_bind_phc: sock not bind to device
[  144.813884][ T8247] bridge0: entered promiscuous mode
[  144.820644][ T8247] ip6gretap0: entered promiscuous mode
[  144.837302][ T8247] debugfs: 'hsr1' already exists in 'hsr'
[  144.877766][ T8247] Cannot create hsr debugfs directory
[  145.180844][ T8271] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.191768][ T8267] syzkaller0: entered promiscuous mode
[  145.203805][ T8267] syzkaller0: entered allmulticast mode
[  145.230143][ T8267] tipc: Resetting bearer <eth:syzkaller0>
[  145.241120][ T8266] tipc: Resetting bearer <eth:syzkaller0>
[  145.294980][ T8266] tipc: Disabling bearer <eth:syzkaller0>
[  145.304303][ T8278] FAULT_INJECTION: forcing a failure.
[  145.304303][ T8278] name failslab, interval 1, probability 0, space 0, times 0
[  145.317127][ T8278] CPU: 0 UID: 0 PID: 8278 Comm: syz.3.752 Not tainted syzkaller #0 PREEMPT(full) 
[  145.317151][ T8278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  145.317161][ T8278] Call Trace:
[  145.317168][ T8278]  <TASK>
[  145.317176][ T8278]  dump_stack_lvl+0x189/0x250
[  145.317204][ T8278]  ? __pfx____ratelimit+0x10/0x10
[  145.317229][ T8278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.317250][ T8278]  ? __pfx__printk+0x10/0x10
[  145.317281][ T8278]  should_fail_ex+0x414/0x560
[  145.317311][ T8278]  should_failslab+0xa8/0x100
[  145.317331][ T8278]  __kmalloc_cache_noprof+0x6f/0x6f0
[  145.317353][ T8278]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  145.317384][ T8278]  ? sctp_add_bind_addr+0x8c/0x370
[  145.317413][ T8278]  sctp_add_bind_addr+0x8c/0x370
[  145.317441][ T8278]  sctp_copy_local_addr_list+0x30b/0x4e0
[  145.317469][ T8278]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  145.317492][ T8278]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  145.317517][ T8278]  ? sctp_v6_is_any+0x64/0x80
[  145.317534][ T8278]  ? sctp_copy_one_addr+0x93/0x360
[  145.317560][ T8278]  sctp_bind_addr_copy+0xb3/0x3c0
[  145.317585][ T8278]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  145.317611][ T8278]  sctp_connect_new_asoc+0x2e0/0x690
[  145.317635][ T8278]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  145.317661][ T8278]  ? sctp_inet6_send_verify+0x23a/0x300
[  145.317683][ T8278]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[  145.317704][ T8278]  __sctp_connect+0x5ba/0xd50
[  145.317735][ T8278]  ? __pfx___sctp_connect+0x10/0x10
[  145.317755][ T8278]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  145.317774][ T8278]  ? security_sctp_bind_connect+0x7e/0x2e0
[  145.317798][ T8278]  sctp_getsockopt_connectx3+0x2c4/0x440
[  145.317824][ T8278]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[  145.317849][ T8278]  ? __local_bh_enable_ip+0x12d/0x1c0
[  145.317868][ T8278]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  145.317898][ T8278]  sctp_getsockopt+0x98a/0xb60
[  145.317915][ T8278]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  145.317942][ T8278]  do_sock_getsockopt+0x372/0x450
[  145.317964][ T8278]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  145.317982][ T8278]  ? do_syscall_64+0xa0/0xfa0
[  145.317998][ T8278]  ? __fget_files+0x2a/0x420
[  145.318014][ T8278]  ? __fget_files+0x3a0/0x420
[  145.318029][ T8278]  ? __fget_files+0x2a/0x420
[  145.318054][ T8278]  __x64_sys_getsockopt+0x1a5/0x250
[  145.318072][ T8278]  ? do_syscall_64+0xa0/0xfa0
[  145.318090][ T8278]  ? do_syscall_64+0xa0/0xfa0
[  145.318109][ T8278]  do_syscall_64+0xfa/0xfa0
[  145.318125][ T8278]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.318142][ T8278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.318160][ T8278]  ? clear_bhb_loop+0x60/0xb0
[  145.318181][ T8278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.318197][ T8278] RIP: 0033:0x7faa8bb8f6c9
[  145.318218][ T8278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.318232][ T8278] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  145.318252][ T8278] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  145.318264][ T8278] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003
[  145.318275][ T8278] RBP: 00007faa8ca1f090 R08: 0000200000000080 R09: 0000000000000000
[  145.318286][ T8278] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000002
[  145.318298][ T8278] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  145.318329][ T8278]  </TASK>
[  145.755100][ T8283] __nla_validate_parse: 7 callbacks suppressed
[  145.755117][ T8283] netlink: 48 bytes leftover after parsing attributes in process `syz.3.754'.
[  145.776300][ T8286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  145.824635][ T8289] netlink: 'syz.2.757': attribute type 6 has an invalid length.
[  145.846362][ T8290] netlink: 'syz.1.756': attribute type 10 has an invalid length.
[  145.868715][ T8290] netlink: 40 bytes leftover after parsing attributes in process `syz.1.756'.
[  145.915913][ T8290] x_tables: duplicate underflow at hook 2
[  146.001650][ T8299] netlink: 'syz.2.760': attribute type 1 has an invalid length.
[  146.002881][ T8302] netlink: 'syz.1.756': attribute type 21 has an invalid length.
[  146.021612][ T8302] netlink: 132 bytes leftover after parsing attributes in process `syz.1.756'.
[  146.058412][ T8299] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  146.383574][ T8323] gtp0: entered promiscuous mode
[  146.388639][ T8323] gtp0: entered allmulticast mode
[  146.413752][ T8324] gretap0: entered promiscuous mode
[  146.419265][ T8324] vlan2: entered promiscuous mode
[  146.688322][ T8339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.772'.
[  146.737246][ T8343] netlink: 16 bytes leftover after parsing attributes in process `syz.1.775'.
[  146.820134][ T8345] netlink: 8 bytes leftover after parsing attributes in process `syz.1.776'.
[  146.845738][ T8345] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  146.895810][ T8350] xt_CT: You must specify a L4 protocol and not use inversions on it
[  146.951029][ T8350] netlink: 20 bytes leftover after parsing attributes in process `syz.2.778'.
[  147.089671][ T8361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.779'.
[  147.105035][ T8361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.779'.
[  147.120091][ T8361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.779'.
[  147.378108][ T8377] tipc: Enabled bearer <udp:syz1>, priority 6
[  147.386138][ T8379] FAULT_INJECTION: forcing a failure.
[  147.386138][ T8379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.399782][ T8379] CPU: 0 UID: 0 PID: 8379 Comm: syz.4.786 Not tainted syzkaller #0 PREEMPT(full) 
[  147.399806][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  147.399817][ T8379] Call Trace:
[  147.399824][ T8379]  <TASK>
[  147.399832][ T8379]  dump_stack_lvl+0x189/0x250
[  147.399859][ T8379]  ? __pfx____ratelimit+0x10/0x10
[  147.399884][ T8379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.399905][ T8379]  ? __pfx__printk+0x10/0x10
[  147.399924][ T8379]  ? __might_fault+0xb0/0x130
[  147.399959][ T8379]  should_fail_ex+0x414/0x560
[  147.399988][ T8379]  _copy_from_user+0x2d/0xb0
[  147.400010][ T8379]  ___sys_sendmsg+0x158/0x2a0
[  147.400033][ T8379]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.400097][ T8379]  ? __might_fault+0xb0/0x130
[  147.400123][ T8379]  __sys_sendmmsg+0x227/0x430
[  147.400156][ T8379]  ? __pfx___sys_sendmmsg+0x10/0x10
[  147.400184][ T8379]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  147.400221][ T8379]  ? ksys_write+0x22a/0x250
[  147.400246][ T8379]  ? __pfx_ksys_write+0x10/0x10
[  147.400274][ T8379]  __x64_sys_sendmmsg+0xa0/0xc0
[  147.400296][ T8379]  do_syscall_64+0xfa/0xfa0
[  147.400312][ T8379]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.400328][ T8379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.400344][ T8379]  ? clear_bhb_loop+0x60/0xb0
[  147.400364][ T8379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.400379][ T8379] RIP: 0033:0x7f150358f6c9
[  147.400395][ T8379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.400408][ T8379] RSP: 002b:00007f1504416038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  147.400426][ T8379] RAX: ffffffffffffffda RBX: 00007f15037e5fa0 RCX: 00007f150358f6c9
[  147.400438][ T8379] RDX: 0400000000000203 RSI: 0000200000004400 RDI: 0000000000000003
[  147.400449][ T8379] RBP: 00007f1504416090 R08: 0000000000000000 R09: 0000000000000000
[  147.400459][ T8379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  147.400467][ T8379] R13: 00007f15037e6038 R14: 00007f15037e5fa0 R15: 00007fffcaf21ce8
[  147.400497][ T8379]  </TASK>
[  147.774031][ T8387] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  147.893392][ T8385] tipc: New replicast peer: 255.255.255.255
[  147.901504][ T8385] tipc: Enabled bearer <udp:syz2>, priority 6
[  148.169954][ T8419] FAULT_INJECTION: forcing a failure.
[  148.169954][ T8419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  148.223821][ T8419] CPU: 0 UID: 0 PID: 8419 Comm: syz.3.799 Not tainted syzkaller #0 PREEMPT(full) 
[  148.223847][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  148.223858][ T8419] Call Trace:
[  148.223865][ T8419]  <TASK>
[  148.223872][ T8419]  dump_stack_lvl+0x189/0x250
[  148.223905][ T8419]  ? __pfx____ratelimit+0x10/0x10
[  148.223930][ T8419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.223951][ T8419]  ? __pfx__printk+0x10/0x10
[  148.223969][ T8419]  ? __might_fault+0xb0/0x130
[  148.224002][ T8419]  should_fail_ex+0x414/0x560
[  148.224032][ T8419]  _copy_from_user+0x2d/0xb0
[  148.224052][ T8419]  ___sys_sendmsg+0x158/0x2a0
[  148.224075][ T8419]  ? __pfx____sys_sendmsg+0x10/0x10
[  148.224137][ T8419]  ? __might_fault+0xb0/0x130
[  148.224162][ T8419]  __sys_sendmmsg+0x227/0x430
[  148.224188][ T8419]  ? __pfx___sys_sendmmsg+0x10/0x10
[  148.224215][ T8419]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  148.224254][ T8419]  ? ksys_write+0x22a/0x250
[  148.224279][ T8419]  ? __pfx_ksys_write+0x10/0x10
[  148.224306][ T8419]  __x64_sys_sendmmsg+0xa0/0xc0
[  148.224328][ T8419]  do_syscall_64+0xfa/0xfa0
[  148.224344][ T8419]  ? lockdep_hardirqs_on+0x9c/0x150
[  148.224360][ T8419]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.224377][ T8419]  ? clear_bhb_loop+0x60/0xb0
[  148.224397][ T8419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.224414][ T8419] RIP: 0033:0x7faa8bb8f6c9
[  148.224430][ T8419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.224444][ T8419] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  148.224463][ T8419] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  148.224476][ T8419] RDX: 00000000040001b6 RSI: 0000200000001540 RDI: 0000000000000003
[  148.224487][ T8419] RBP: 00007faa8ca1f090 R08: 0000000000000000 R09: 0000000000000000
[  148.224497][ T8419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  148.224508][ T8419] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  148.224537][ T8419]  </TASK>
[  148.532642][ T8428] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  148.902716][ T8442] netlink: 'syz.0.805': attribute type 39 has an invalid length.
[  148.980348][ T8444] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  149.130918][   T24] tipc: Node number set to 4236157112
[  149.163249][ T8451] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.205921][ T8455] syzkaller0: entered promiscuous mode
[  149.211430][ T8455] syzkaller0: entered allmulticast mode
[  149.242514][ T8454] pim6reg: entered allmulticast mode
[  149.251554][ T8457] tipc: Resetting bearer <eth:syzkaller0>
[  149.279199][ T8457] tipc: Disabling bearer <eth:syzkaller0>
[  149.336839][ T8461] FAULT_INJECTION: forcing a failure.
[  149.336839][ T8461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.351384][ T8461] CPU: 0 UID: 0 PID: 8461 Comm: syz.2.811 Not tainted syzkaller #0 PREEMPT(full) 
[  149.351408][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  149.351419][ T8461] Call Trace:
[  149.351426][ T8461]  <TASK>
[  149.351434][ T8461]  dump_stack_lvl+0x189/0x250
[  149.351461][ T8461]  ? __pfx____ratelimit+0x10/0x10
[  149.351486][ T8461]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.351508][ T8461]  ? __pfx__printk+0x10/0x10
[  149.351527][ T8461]  ? __might_fault+0xb0/0x130
[  149.351561][ T8461]  should_fail_ex+0x414/0x560
[  149.351590][ T8461]  _copy_from_user+0x2d/0xb0
[  149.351613][ T8461]  ___sys_recvmsg+0x12e/0x510
[  149.351638][ T8461]  ? __pfx____sys_recvmsg+0x10/0x10
[  149.351689][ T8461]  ? __might_fault+0xb0/0x130
[  149.351720][ T8461]  do_recvmmsg+0x307/0x770
[  149.351748][ T8461]  ? __pfx_do_recvmmsg+0x10/0x10
[  149.351779][ T8461]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  149.351815][ T8461]  __x64_sys_recvmmsg+0x190/0x240
[  149.351838][ T8461]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  149.351863][ T8461]  ? do_syscall_64+0xbe/0xfa0
[  149.351884][ T8461]  do_syscall_64+0xfa/0xfa0
[  149.351899][ T8461]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.351915][ T8461]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.351932][ T8461]  ? clear_bhb_loop+0x60/0xb0
[  149.351951][ T8461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.351968][ T8461] RIP: 0033:0x7f4a3c78f6c9
[  149.351983][ T8461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.351998][ T8461] RSP: 002b:00007f4a3d709038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  149.352017][ T8461] RAX: ffffffffffffffda RBX: 00007f4a3c9e5fa0 RCX: 00007f4a3c78f6c9
[  149.352030][ T8461] RDX: 0000000000000f00 RSI: 0000200000000400 RDI: 0000000000000003
[  149.352041][ T8461] RBP: 00007f4a3d709090 R08: 0000000000000000 R09: 0000000000000000
[  149.352052][ T8461] R10: 0000004c42bb4f92 R11: 0000000000000246 R12: 0000000000000002
[  149.352062][ T8461] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  149.352093][ T8461]  </TASK>
[  149.603824][ T8469] lo: entered allmulticast mode
[  149.802647][ T8468] lo: left allmulticast mode
[  149.977591][ T8453] pim6reg: left allmulticast mode
[  150.076394][ T8496] netlink: 'syz.2.822': attribute type 1 has an invalid length.
[  150.232117][ T8503] 
: renamed from bond_slave_0 (while UP)
[  150.338840][ T8506] netlink: 'syz.0.825': attribute type 10 has an invalid length.
[  150.426558][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.434506][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.442403][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.450353][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.458301][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.466241][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.474172][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.482051][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.489991][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  150.497917][ T8514] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  151.097723][ T8538] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.114310][ T8538] syzkaller0: entered promiscuous mode
[  151.119809][ T8538] syzkaller0: entered allmulticast mode
[  151.141725][ T8538] tipc: Resetting bearer <eth:syzkaller0>
[  151.151761][ T8537] tipc: Resetting bearer <eth:syzkaller0>
[  151.168273][ T8537] tipc: Disabling bearer <eth:syzkaller0>
[  151.178297][ T8532] infiniband syz1: set down
[  151.183245][ T8532] infiniband syz1: added bond0
[  151.222055][ T8532] RDS/IB: syz1: added
[  151.227010][ T8532] smc: adding ib device syz1 with port count 1
[  151.248955][ T8532] smc:    ib device syz1 port 1 has no pnetid
[  152.004761][ T8560] __nla_validate_parse: 15 callbacks suppressed
[  152.004778][ T8560] netlink: 76 bytes leftover after parsing attributes in process `syz.0.845'.
[  152.469858][ T8568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  152.478279][ T8568] syzkaller0: entered promiscuous mode
[  152.484662][ T8568] syzkaller0: entered allmulticast mode
[  152.505052][ T8568] tipc: Resetting bearer <eth:syzkaller0>
[  152.514327][ T8567] tipc: Resetting bearer <eth:syzkaller0>
[  152.529604][ T8567] tipc: Disabling bearer <eth:syzkaller0>
[  152.910564][ T8580] netlink: 8 bytes leftover after parsing attributes in process `syz.0.851'.
[  153.003287][ T8583] netlink: 28 bytes leftover after parsing attributes in process `syz.3.852'.
[  153.026889][ T8583] netlink: 32 bytes leftover after parsing attributes in process `syz.3.852'.
[  153.043254][ T8583] netlink: 28 bytes leftover after parsing attributes in process `syz.3.852'.
[  153.250013][ T8592] netlink: 'syz.0.856': attribute type 1 has an invalid length.
[  153.264297][ T8592] netlink: 'syz.0.856': attribute type 2 has an invalid length.
[  153.281212][ T8592] FAULT_INJECTION: forcing a failure.
[  153.281212][ T8592] name failslab, interval 1, probability 0, space 0, times 0
[  153.299596][ T8592] CPU: 1 UID: 0 PID: 8592 Comm: syz.0.856 Not tainted syzkaller #0 PREEMPT(full) 
[  153.299620][ T8592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  153.299631][ T8592] Call Trace:
[  153.299638][ T8592]  <TASK>
[  153.299647][ T8592]  dump_stack_lvl+0x189/0x250
[  153.299674][ T8592]  ? __pfx____ratelimit+0x10/0x10
[  153.299697][ T8592]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.299719][ T8592]  ? __pfx__printk+0x10/0x10
[  153.299733][ T8592]  ? __sock_sendmsg+0x21c/0x270
[  153.299757][ T8592]  ? do_syscall_64+0xfa/0xfa0
[  153.299784][ T8592]  should_fail_ex+0x414/0x560
[  153.299814][ T8592]  should_failslab+0xa8/0x100
[  153.299834][ T8592]  kmem_cache_alloc_noprof+0x74/0x6e0
[  153.299858][ T8592]  ? skb_clone+0x212/0x3a0
[  153.299883][ T8592]  skb_clone+0x212/0x3a0
[  153.299906][ T8592]  __netlink_deliver_tap+0x404/0x850
[  153.299938][ T8592]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.299958][ T8592]  netlink_deliver_tap+0x19c/0x1b0
[  153.299978][ T8592]  netlink_sendskb+0x68/0x140
[  153.300004][ T8592]  netlink_unicast+0x397/0x9e0
[  153.300026][ T8592]  ? __asan_memcpy+0x40/0x70
[  153.300056][ T8592]  ? __pfx_netlink_unicast+0x10/0x10
[  153.300090][ T8592]  netlink_rcv_skb+0x28c/0x470
[  153.300110][ T8592]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  153.300129][ T8592]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  153.300160][ T8592]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.300187][ T8592]  netlink_unicast+0x82f/0x9e0
[  153.300220][ T8592]  ? __pfx_netlink_unicast+0x10/0x10
[  153.300246][ T8592]  ? netlink_sendmsg+0x642/0xb30
[  153.300271][ T8592]  ? skb_put+0x11b/0x210
[  153.300293][ T8592]  netlink_sendmsg+0x805/0xb30
[  153.300321][ T8592]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.300343][ T8592]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.300372][ T8592]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.300389][ T8592]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.300409][ T8592]  __sock_sendmsg+0x21c/0x270
[  153.300435][ T8592]  ____sys_sendmsg+0x505/0x830
[  153.300460][ T8592]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.300489][ T8592]  ? import_iovec+0x74/0xa0
[  153.300513][ T8592]  ___sys_sendmsg+0x21f/0x2a0
[  153.300535][ T8592]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.300593][ T8592]  ? __fget_files+0x2a/0x420
[  153.300608][ T8592]  ? __fget_files+0x3a0/0x420
[  153.300636][ T8592]  __x64_sys_sendmsg+0x19b/0x260
[  153.300658][ T8592]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  153.300688][ T8592]  ? __pfx_ksys_write+0x10/0x10
[  153.300716][ T8592]  ? do_syscall_64+0xbe/0xfa0
[  153.300741][ T8592]  do_syscall_64+0xfa/0xfa0
[  153.300757][ T8592]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.300774][ T8592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.300791][ T8592]  ? clear_bhb_loop+0x60/0xb0
[  153.300812][ T8592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.300829][ T8592] RIP: 0033:0x7f6dfc78f6c9
[  153.300845][ T8592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.300859][ T8592] RSP: 002b:00007f6dfd702038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.300878][ T8592] RAX: ffffffffffffffda RBX: 00007f6dfc9e5fa0 RCX: 00007f6dfc78f6c9
[  153.300891][ T8592] RDX: 0000000000000080 RSI: 0000200000000040 RDI: 0000000000000003
[  153.300903][ T8592] RBP: 00007f6dfd702090 R08: 0000000000000000 R09: 0000000000000000
[  153.300913][ T8592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.300923][ T8592] R13: 00007f6dfc9e6038 R14: 00007f6dfc9e5fa0 R15: 00007ffce449dd18
[  153.300955][ T8592]  </TASK>
[  153.881202][ T8601] FAULT_INJECTION: forcing a failure.
[  153.881202][ T8601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.897426][ T8601] CPU: 1 UID: 0 PID: 8601 Comm: syz.4.862 Not tainted syzkaller #0 PREEMPT(full) 
[  153.897450][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  153.897461][ T8601] Call Trace:
[  153.897468][ T8601]  <TASK>
[  153.897475][ T8601]  dump_stack_lvl+0x189/0x250
[  153.897502][ T8601]  ? __pfx____ratelimit+0x10/0x10
[  153.897526][ T8601]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.897548][ T8601]  ? __pfx__printk+0x10/0x10
[  153.897566][ T8601]  ? __might_fault+0xb0/0x130
[  153.897600][ T8601]  should_fail_ex+0x414/0x560
[  153.897629][ T8601]  _copy_from_user+0x2d/0xb0
[  153.897648][ T8601]  ___sys_sendmsg+0x158/0x2a0
[  153.897669][ T8601]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.897723][ T8601]  ? __fget_files+0x2a/0x420
[  153.897739][ T8601]  ? __fget_files+0x3a0/0x420
[  153.897765][ T8601]  __sys_sendmmsg+0x227/0x430
[  153.897790][ T8601]  ? __pfx___sys_sendmmsg+0x10/0x10
[  153.897819][ T8601]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  153.897855][ T8601]  ? ksys_write+0x22a/0x250
[  153.897880][ T8601]  ? __pfx_ksys_write+0x10/0x10
[  153.897907][ T8601]  __x64_sys_sendmmsg+0xa0/0xc0
[  153.897928][ T8601]  do_syscall_64+0xfa/0xfa0
[  153.897944][ T8601]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.897959][ T8601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.897975][ T8601]  ? clear_bhb_loop+0x60/0xb0
[  153.897996][ T8601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.898012][ T8601] RIP: 0033:0x7f150358f6c9
[  153.898028][ T8601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.898042][ T8601] RSP: 002b:00007f1504416038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  153.898062][ T8601] RAX: ffffffffffffffda RBX: 00007f15037e5fa0 RCX: 00007f150358f6c9
[  153.898075][ T8601] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[  153.898086][ T8601] RBP: 00007f1504416090 R08: 0000000000000000 R09: 0000000000000000
[  153.898095][ T8601] R10: 0000000000001500 R11: 0000000000000246 R12: 0000000000000001
[  153.898104][ T8601] R13: 00007f15037e6038 R14: 00007f15037e5fa0 R15: 00007fffcaf21ce8
[  153.898134][ T8601]  </TASK>
[  154.375354][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.863'.
[  154.857525][ T8626] sctp: [Deprecated]: syz.0.869 (pid 8626) Use of int in max_burst socket option.
[  154.857525][ T8626] Use struct sctp_assoc_value instead
[  154.977017][ T8638] netlink: 104 bytes leftover after parsing attributes in process `syz.0.872'.
[  154.991308][ T8639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  155.055509][ T8641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.873'.
[  155.068420][ T8641] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  155.171300][ T8648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.876'.
[  155.180537][ T8648] netlink: 32 bytes leftover after parsing attributes in process `syz.0.876'.
[  155.254243][ T8652] lo: entered allmulticast mode
[  155.376054][ T8651] lo: left allmulticast mode
[  155.656343][ T8669] syzkaller0: entered promiscuous mode
[  155.671397][ T8669] syzkaller0: entered allmulticast mode
[  155.678414][ T8673] netlink: 'syz.0.883': attribute type 4 has an invalid length.
[  155.801567][ T8677] FAULT_INJECTION: forcing a failure.
[  155.801567][ T8677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.815987][ T8677] CPU: 0 UID: 0 PID: 8677 Comm: syz.2.884 Not tainted syzkaller #0 PREEMPT(full) 
[  155.816012][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  155.816023][ T8677] Call Trace:
[  155.816029][ T8677]  <TASK>
[  155.816036][ T8677]  dump_stack_lvl+0x189/0x250
[  155.816063][ T8677]  ? __pfx____ratelimit+0x10/0x10
[  155.816085][ T8677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.816102][ T8677]  ? __pfx__printk+0x10/0x10
[  155.816116][ T8677]  ? __might_fault+0xb0/0x130
[  155.816149][ T8677]  should_fail_ex+0x414/0x560
[  155.816174][ T8677]  _copy_from_user+0x2d/0xb0
[  155.816192][ T8677]  ___sys_sendmsg+0x158/0x2a0
[  155.816211][ T8677]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.816266][ T8677]  ? __might_fault+0xb0/0x130
[  155.816291][ T8677]  __sys_sendmmsg+0x227/0x430
[  155.816314][ T8677]  ? __pfx___sys_sendmmsg+0x10/0x10
[  155.816340][ T8677]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  155.816375][ T8677]  ? ksys_write+0x22a/0x250
[  155.816399][ T8677]  ? __pfx_ksys_write+0x10/0x10
[  155.816427][ T8677]  __x64_sys_sendmmsg+0xa0/0xc0
[  155.816448][ T8677]  do_syscall_64+0xfa/0xfa0
[  155.816464][ T8677]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.816479][ T8677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.816496][ T8677]  ? clear_bhb_loop+0x60/0xb0
[  155.816516][ T8677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.816532][ T8677] RIP: 0033:0x7f4a3c78f6c9
[  155.816548][ T8677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.816563][ T8677] RSP: 002b:00007f4a3d709038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  155.816582][ T8677] RAX: ffffffffffffffda RBX: 00007f4a3c9e5fa0 RCX: 00007f4a3c78f6c9
[  155.816595][ T8677] RDX: 0000000000000299 RSI: 0000200000003dc0 RDI: 0000000000000005
[  155.816606][ T8677] RBP: 00007f4a3d709090 R08: 0000000000000000 R09: 0000000000000000
[  155.816616][ T8677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  155.816626][ T8677] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  155.816669][ T8677]  </TASK>
[  156.353974][    C0] af_packet: tpacket_rcv: packet too big, clamped from 40 to 4294967280. macoff=96
[  157.254767][ T8675] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  157.429330][ T8698] __nla_validate_parse: 5 callbacks suppressed
[  157.429348][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.891'.
[  157.457927][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.891'.
[  157.648204][ T8700] bond2: option lacp_active: mode dependency failed, not supported in mode balance-alb(6)
[  157.699738][ T8700] bond2 (unregistering): Released all slaves
[  157.891076][ T8725] netlink: 20 bytes leftover after parsing attributes in process `syz.0.900'.
[  157.908114][ T8725] ip6tnl4: entered allmulticast mode
[  157.932845][ T8727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.996137][ T8732] netlink: 'syz.4.903': attribute type 7 has an invalid length.
[  158.008477][ T8732] netlink: 'syz.4.903': attribute type 8 has an invalid length.
[  158.016805][ T8733] netlink: 68 bytes leftover after parsing attributes in process `syz.0.902'.
[  158.051853][ T8735] netlink: 'syz.1.904': attribute type 11 has an invalid length.
[  158.061447][ T8735] netlink: 140 bytes leftover after parsing attributes in process `syz.1.904'.
[  158.152330][ T8740] netlink: 12 bytes leftover after parsing attributes in process `syz.0.906'.
[  158.451955][ T8749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.907'.
[  158.469856][ T8749] netlink: 'syz.0.907': attribute type 5 has an invalid length.
[  158.480560][ T8749] netlink: 20 bytes leftover after parsing attributes in process `syz.0.907'.
[  158.620783][ T8749] geneve2: entered promiscuous mode
[  158.636040][ T8749] geneve2: entered allmulticast mode
[  158.643846][   T13] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  158.652753][   T13] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  158.665680][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  158.674648][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  159.030106][ T8758] netlink: 4 bytes leftover after parsing attributes in process `syz.1.910'.
[  159.696183][ T8788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  159.953792][ T8797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  160.569145][ T8814] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  160.596250][ T8814] tipc: Resetting bearer <eth:syzkaller0>
[  160.854825][ T8827] bridge2: entered allmulticast mode
[  161.162933][ T8851] nftables ruleset with unbound chain
[  161.268551][ T8855] FAULT_INJECTION: forcing a failure.
[  161.268551][ T8855] name failslab, interval 1, probability 0, space 0, times 0
[  161.282497][ T8855] CPU: 1 UID: 0 PID: 8855 Comm: syz.0.948 Not tainted syzkaller #0 PREEMPT(full) 
[  161.282522][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  161.282532][ T8855] Call Trace:
[  161.282539][ T8855]  <TASK>
[  161.282547][ T8855]  dump_stack_lvl+0x189/0x250
[  161.282574][ T8855]  ? __pfx____ratelimit+0x10/0x10
[  161.282598][ T8855]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.282620][ T8855]  ? __pfx__printk+0x10/0x10
[  161.282653][ T8855]  should_fail_ex+0x414/0x560
[  161.282691][ T8855]  should_failslab+0xa8/0x100
[  161.282711][ T8855]  __kmalloc_cache_noprof+0x6f/0x6f0
[  161.282734][ T8855]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  161.282757][ T8855]  ? sctp_add_bind_addr+0x8c/0x370
[  161.282787][ T8855]  sctp_add_bind_addr+0x8c/0x370
[  161.282815][ T8855]  sctp_copy_local_addr_list+0x30b/0x4e0
[  161.282842][ T8855]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  161.282866][ T8855]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  161.282887][ T8855]  ? sctp_association_new+0x18b3/0x25f0
[  161.282908][ T8855]  ? sctp_v6_is_any+0x64/0x80
[  161.282925][ T8855]  ? sctp_copy_one_addr+0x93/0x360
[  161.282952][ T8855]  sctp_bind_addr_copy+0xb3/0x3c0
[  161.282976][ T8855]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  161.283000][ T8855]  sctp_connect_new_asoc+0x2e0/0x690
[  161.283022][ T8855]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  161.283036][ T8855]  ? __local_bh_enable_ip+0x12d/0x1c0
[  161.283057][ T8855]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  161.283073][ T8855]  ? security_sctp_bind_connect+0x7e/0x2e0
[  161.283097][ T8855]  sctp_sendmsg+0x155c/0x2810
[  161.283127][ T8855]  ? __pfx_sctp_sendmsg+0x10/0x10
[  161.283144][ T8855]  ? aa_sk_perm+0x81e/0x950
[  161.283171][ T8855]  ? __pfx_aa_sk_perm+0x10/0x10
[  161.283196][ T8855]  ? sock_rps_record_flow+0x19/0x410
[  161.283217][ T8855]  ? inet_sendmsg+0x2f4/0x370
[  161.283237][ T8855]  __sock_sendmsg+0x19c/0x270
[  161.283262][ T8855]  __sys_sendto+0x3bd/0x520
[  161.283282][ T8855]  ? __pfx___sys_sendto+0x10/0x10
[  161.283295][ T8855]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  161.283326][ T8855]  ? __fget_files+0x3a0/0x420
[  161.283354][ T8855]  ? ksys_write+0x22a/0x250
[  161.283380][ T8855]  ? __pfx_ksys_write+0x10/0x10
[  161.283405][ T8855]  __x64_sys_sendto+0xde/0x100
[  161.283426][ T8855]  do_syscall_64+0xfa/0xfa0
[  161.283450][ T8855]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.283466][ T8855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.283486][ T8855]  ? clear_bhb_loop+0x60/0xb0
[  161.283506][ T8855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.283522][ T8855] RIP: 0033:0x7f6dfc78f6c9
[  161.283537][ T8855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.283550][ T8855] RSP: 002b:00007f6dfd702038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  161.283568][ T8855] RAX: ffffffffffffffda RBX: 00007f6dfc9e5fa0 RCX: 00007f6dfc78f6c9
[  161.283580][ T8855] RDX: 000000000000ff82 RSI: 0000200000000980 RDI: 0000000000000003
[  161.283591][ T8855] RBP: 00007f6dfd702090 R08: 0000200000000040 R09: 000000000000001c
[  161.283602][ T8855] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002
[  161.283612][ T8855] R13: 00007f6dfc9e6038 R14: 00007f6dfc9e5fa0 R15: 00007ffce449dd18
[  161.283644][ T8855]  </TASK>
[  161.733189][ T8867] xt_CT: You must specify a L4 protocol and not use inversions on it
[  161.815982][ T8867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.952'.
[  161.910817][ T8878] FAULT_INJECTION: forcing a failure.
[  161.910817][ T8878] name failslab, interval 1, probability 0, space 0, times 0
[  161.931662][ T8878] CPU: 0 UID: 0 PID: 8878 Comm: syz.1.955 Not tainted syzkaller #0 PREEMPT(full) 
[  161.931686][ T8878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  161.931697][ T8878] Call Trace:
[  161.931704][ T8878]  <TASK>
[  161.931712][ T8878]  dump_stack_lvl+0x189/0x250
[  161.931740][ T8878]  ? __pfx____ratelimit+0x10/0x10
[  161.931764][ T8878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.931787][ T8878]  ? __pfx__printk+0x10/0x10
[  161.931802][ T8878]  ? __sock_sendmsg+0x21c/0x270
[  161.931824][ T8878]  ? do_syscall_64+0xfa/0xfa0
[  161.931851][ T8878]  should_fail_ex+0x414/0x560
[  161.931880][ T8878]  should_failslab+0xa8/0x100
[  161.931900][ T8878]  kmem_cache_alloc_noprof+0x74/0x6e0
[  161.931924][ T8878]  ? skb_clone+0x212/0x3a0
[  161.931949][ T8878]  skb_clone+0x212/0x3a0
[  161.931973][ T8878]  __netlink_deliver_tap+0x404/0x850
[  161.932005][ T8878]  ? netlink_deliver_tap+0x2e/0x1b0
[  161.932025][ T8878]  netlink_deliver_tap+0x19c/0x1b0
[  161.932044][ T8878]  netlink_sendskb+0x68/0x140
[  161.932071][ T8878]  netlink_unicast+0x397/0x9e0
[  161.932093][ T8878]  ? __asan_memcpy+0x40/0x70
[  161.932123][ T8878]  ? __pfx_netlink_unicast+0x10/0x10
[  161.932158][ T8878]  nfnetlink_rcv+0x20f3/0x2590
[  161.932218][ T8878]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  161.932260][ T8878]  ? ref_tracker_free+0x63a/0x7d0
[  161.932307][ T8878]  ? __netlink_deliver_tap+0x807/0x850
[  161.932326][ T8878]  ? netlink_deliver_tap+0x2e/0x1b0
[  161.932369][ T8878]  netlink_unicast+0x82f/0x9e0
[  161.932403][ T8878]  ? __pfx_netlink_unicast+0x10/0x10
[  161.932430][ T8878]  ? netlink_sendmsg+0x642/0xb30
[  161.932446][ T8878]  ? skb_put+0x11b/0x210
[  161.932468][ T8878]  netlink_sendmsg+0x805/0xb30
[  161.932496][ T8878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.932518][ T8878]  ? aa_sock_msg_perm+0xf1/0x1d0
[  161.932544][ T8878]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  161.932562][ T8878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.932581][ T8878]  __sock_sendmsg+0x21c/0x270
[  161.932607][ T8878]  ____sys_sendmsg+0x505/0x830
[  161.932633][ T8878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  161.932666][ T8878]  ? import_iovec+0x74/0xa0
[  161.932691][ T8878]  ___sys_sendmsg+0x21f/0x2a0
[  161.932713][ T8878]  ? __pfx____sys_sendmsg+0x10/0x10
[  161.932771][ T8878]  ? __fget_files+0x2a/0x420
[  161.932787][ T8878]  ? __fget_files+0x3a0/0x420
[  161.932815][ T8878]  __x64_sys_sendmsg+0x19b/0x260
[  161.932837][ T8878]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  161.932866][ T8878]  ? __pfx_ksys_write+0x10/0x10
[  161.932892][ T8878]  ? do_syscall_64+0xbe/0xfa0
[  161.932913][ T8878]  do_syscall_64+0xfa/0xfa0
[  161.932929][ T8878]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.932946][ T8878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.932963][ T8878]  ? clear_bhb_loop+0x60/0xb0
[  161.932984][ T8878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.933001][ T8878] RIP: 0033:0x7fac05f8f6c9
[  161.933017][ T8878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.933032][ T8878] RSP: 002b:00007fac041ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  161.933051][ T8878] RAX: ffffffffffffffda RBX: 00007fac061e5fa0 RCX: 00007fac05f8f6c9
[  161.933064][ T8878] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  161.933075][ T8878] RBP: 00007fac041ee090 R08: 0000000000000000 R09: 0000000000000000
[  161.933086][ T8878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.933096][ T8878] R13: 00007fac061e6038 R14: 00007fac061e5fa0 R15: 00007fff90d25e38
[  161.933127][ T8878]  </TASK>
[  162.371278][ T8886] 0ªX¹¦À: renamed from caif0
[  162.391110][ T8886] 0ªX¹¦À: entered allmulticast mode
[  162.396946][ T8886] net_ratelimit: 39 callbacks suppressed
[  162.396960][ T8886] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  162.548952][ T8893] __nla_validate_parse: 1 callbacks suppressed
[  162.548972][ T8893] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.962'.
[  162.793222][ T8900] netlink: 24 bytes leftover after parsing attributes in process `syz.0.965'.
[  162.951022][ T8910] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  162.953377][ T8912] netlink: 28 bytes leftover after parsing attributes in process `syz.1.970'.
[  162.968423][ T8912] netlink: 28 bytes leftover after parsing attributes in process `syz.1.970'.
[  162.975880][ T8907] netlink: 'syz.0.968': attribute type 4 has an invalid length.
[  162.992433][ T8912] FAULT_INJECTION: forcing a failure.
[  162.992433][ T8912] name failslab, interval 1, probability 0, space 0, times 0
[  163.015577][ T8912] CPU: 1 UID: 0 PID: 8912 Comm: syz.1.970 Not tainted syzkaller #0 PREEMPT(full) 
[  163.015602][ T8912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  163.015612][ T8912] Call Trace:
[  163.015620][ T8912]  <TASK>
[  163.015627][ T8912]  dump_stack_lvl+0x189/0x250
[  163.015655][ T8912]  ? __pfx____ratelimit+0x10/0x10
[  163.015681][ T8912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.015702][ T8912]  ? __pfx__printk+0x10/0x10
[  163.015727][ T8912]  ? __pfx___might_resched+0x10/0x10
[  163.015745][ T8912]  ? fs_reclaim_acquire+0x7d/0x100
[  163.015768][ T8912]  should_fail_ex+0x414/0x560
[  163.015799][ T8912]  should_failslab+0xa8/0x100
[  163.015820][ T8912]  __kvmalloc_node_noprof+0x158/0x910
[  163.015845][ T8912]  ? alloc_netdev_mqs+0xa6/0x11b0
[  163.015874][ T8912]  alloc_netdev_mqs+0xa6/0x11b0
[  163.015893][ T8912]  ? __pfx_hsr_dev_setup+0x10/0x10
[  163.015919][ T8912]  rtnl_create_link+0x31f/0xd10
[  163.015944][ T8912]  rtnl_newlink_create+0x25c/0xb00
[  163.015968][ T8912]  ? __lock_acquire+0xab9/0xd20
[  163.015990][ T8912]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  163.016014][ T8912]  ? __pfx___mutex_lock+0x10/0x10
[  163.016043][ T8912]  ? ns_capable+0x8a/0xf0
[  163.016067][ T8912]  rtnl_newlink+0x16e4/0x1c80
[  163.016086][ T8912]  ? ____sys_sendmsg+0x505/0x830
[  163.016118][ T8912]  ? __pfx_rtnl_newlink+0x10/0x10
[  163.016159][ T8912]  ? kasan_quarantine_put+0xdd/0x220
[  163.016182][ T8912]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.016207][ T8912]  ? nlmon_xmit+0xb0/0x100
[  163.016225][ T8912]  ? kmem_cache_free+0x19b/0x690
[  163.016258][ T8912]  ? __local_bh_enable_ip+0x12d/0x1c0
[  163.016277][ T8912]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.016295][ T8912]  ? __local_bh_enable_ip+0x12d/0x1c0
[  163.016313][ T8912]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  163.016336][ T8912]  ? __dev_queue_xmit+0x284/0x3740
[  163.016361][ T8912]  ? __dev_queue_xmit+0x284/0x3740
[  163.016381][ T8912]  ? __dev_queue_xmit+0x1bfb/0x3740
[  163.016411][ T8912]  ? __lock_acquire+0xab9/0xd20
[  163.016455][ T8912]  ? __pfx_rtnl_newlink+0x10/0x10
[  163.016479][ T8912]  rtnetlink_rcv_msg+0x7cf/0xb70
[  163.016498][ T8912]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  163.016511][ T8912]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  163.016525][ T8912]  ? ref_tracker_free+0x63a/0x7d0
[  163.016542][ T8912]  ? __asan_memcpy+0x40/0x70
[  163.016562][ T8912]  ? __pfx_ref_tracker_free+0x10/0x10
[  163.016586][ T8912]  netlink_rcv_skb+0x208/0x470
[  163.016604][ T8912]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  163.016621][ T8912]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  163.016648][ T8912]  ? netlink_deliver_tap+0x2e/0x1b0
[  163.016672][ T8912]  netlink_unicast+0x82f/0x9e0
[  163.016703][ T8912]  ? __pfx_netlink_unicast+0x10/0x10
[  163.016728][ T8912]  ? netlink_sendmsg+0x642/0xb30
[  163.016743][ T8912]  ? skb_put+0x11b/0x210
[  163.016765][ T8912]  netlink_sendmsg+0x805/0xb30
[  163.016791][ T8912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.016812][ T8912]  ? aa_sock_msg_perm+0xf1/0x1d0
[  163.016836][ T8912]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  163.016851][ T8912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.016869][ T8912]  __sock_sendmsg+0x21c/0x270
[  163.016895][ T8912]  ____sys_sendmsg+0x505/0x830
[  163.016920][ T8912]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.016948][ T8912]  ? import_iovec+0x74/0xa0
[  163.016972][ T8912]  ___sys_sendmsg+0x21f/0x2a0
[  163.016993][ T8912]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.017047][ T8912]  ? __fget_files+0x2a/0x420
[  163.017063][ T8912]  ? __fget_files+0x3a0/0x420
[  163.017090][ T8912]  __x64_sys_sendmsg+0x19b/0x260
[  163.017117][ T8912]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  163.017145][ T8912]  ? __pfx_ksys_write+0x10/0x10
[  163.017170][ T8912]  ? do_syscall_64+0xbe/0xfa0
[  163.017191][ T8912]  do_syscall_64+0xfa/0xfa0
[  163.017205][ T8912]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.017221][ T8912]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.017238][ T8912]  ? clear_bhb_loop+0x60/0xb0
[  163.017261][ T8912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.017275][ T8912] RIP: 0033:0x7fac05f8f6c9
[  163.017289][ T8912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.017302][ T8912] RSP: 002b:00007fac041ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.017319][ T8912] RAX: ffffffffffffffda RBX: 00007fac061e5fa0 RCX: 00007fac05f8f6c9
[  163.017331][ T8912] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 000000000000000d
[  163.017340][ T8912] RBP: 00007fac041ee090 R08: 0000000000000000 R09: 0000000000000000
[  163.017349][ T8912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.017359][ T8912] R13: 00007fac061e6038 R14: 00007fac061e5fa0 R15: 00007fff90d25e38
[  163.017388][ T8912]  </TASK>
[  163.626005][ T8914] bridge2: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  163.679186][ T8926] netlink: 16 bytes leftover after parsing attributes in process `syz.0.973'.
[  163.881607][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.978'.
[  164.249295][ T8947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.985'.
[  164.259620][ T8947] team1 (uninitialized): Failed to send options change via netlink (err -105)
[  164.291017][ T8947] team1: entered promiscuous mode
[  164.296392][ T8947] team1: entered allmulticast mode
[  164.336186][ T8945] netlink: 68 bytes leftover after parsing attributes in process `syz.2.984'.
[  164.724637][ T8963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.991'.
[  164.833920][ T8970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.992'.
[  164.896325][ T8975] FAULT_INJECTION: forcing a failure.
[  164.896325][ T8975] name failslab, interval 1, probability 0, space 0, times 0
[  164.910100][ T8975] CPU: 0 UID: 0 PID: 8975 Comm: syz.2.995 Not tainted syzkaller #0 PREEMPT(full) 
[  164.910125][ T8975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  164.910136][ T8975] Call Trace:
[  164.910143][ T8975]  <TASK>
[  164.910151][ T8975]  dump_stack_lvl+0x189/0x250
[  164.910179][ T8975]  ? __pfx____ratelimit+0x10/0x10
[  164.910204][ T8975]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.910226][ T8975]  ? __pfx__printk+0x10/0x10
[  164.910259][ T8975]  should_fail_ex+0x414/0x560
[  164.910289][ T8975]  should_failslab+0xa8/0x100
[  164.910309][ T8975]  __kmalloc_cache_noprof+0x6f/0x6f0
[  164.910332][ T8975]  ? __sctp_v6_cmp_addr+0x1dc/0x510
[  164.910360][ T8975]  ? sctp_v6_cmp_addr+0x15/0xd0
[  164.910374][ T8975]  ? sctp_add_bind_addr+0x8c/0x370
[  164.910395][ T8975]  ? sctp_add_bind_addr+0xb0/0x370
[  164.910423][ T8975]  sctp_add_bind_addr+0x8c/0x370
[  164.910452][ T8975]  sctp_copy_local_addr_list+0x30b/0x4e0
[  164.910479][ T8975]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  164.910503][ T8975]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  164.910529][ T8975]  ? sctp_v6_is_any+0x64/0x80
[  164.910546][ T8975]  ? sctp_copy_one_addr+0x93/0x360
[  164.910572][ T8975]  sctp_bind_addr_copy+0xb3/0x3c0
[  164.910593][ T8975]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  164.910616][ T8975]  sctp_connect_new_asoc+0x2e0/0x690
[  164.910635][ T8975]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  164.910651][ T8975]  ? __local_bh_enable_ip+0x12d/0x1c0
[  164.910673][ T8975]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  164.910689][ T8975]  ? security_sctp_bind_connect+0x7e/0x2e0
[  164.910709][ T8975]  sctp_sendmsg+0x155c/0x2810
[  164.910736][ T8975]  ? __pfx_sctp_sendmsg+0x10/0x10
[  164.910757][ T8975]  ? aa_sk_perm+0x81e/0x950
[  164.910784][ T8975]  ? __pfx_aa_sk_perm+0x10/0x10
[  164.910808][ T8975]  ? sock_rps_record_flow+0x19/0x410
[  164.910827][ T8975]  ? inet_sendmsg+0x2f4/0x370
[  164.910847][ T8975]  __sock_sendmsg+0x19c/0x270
[  164.910874][ T8975]  __sys_sendto+0x3bd/0x520
[  164.910893][ T8975]  ? __pfx___sys_sendto+0x10/0x10
[  164.910907][ T8975]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  164.910937][ T8975]  ? __fget_files+0x3a0/0x420
[  164.910980][ T8975]  ? ksys_write+0x22a/0x250
[  164.911006][ T8975]  ? __pfx_ksys_write+0x10/0x10
[  164.911038][ T8975]  __x64_sys_sendto+0xde/0x100
[  164.911060][ T8975]  do_syscall_64+0xfa/0xfa0
[  164.911077][ T8975]  ? lockdep_hardirqs_on+0x9c/0x150
[  164.911098][ T8975]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.911116][ T8975]  ? clear_bhb_loop+0x60/0xb0
[  164.911137][ T8975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.911154][ T8975] RIP: 0033:0x7f4a3c78f6c9
[  164.911168][ T8975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.911181][ T8975] RSP: 002b:00007f4a3d709038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  164.911199][ T8975] RAX: ffffffffffffffda RBX: 00007f4a3c9e5fa0 RCX: 00007f4a3c78f6c9
[  164.911210][ T8975] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000006
[  164.911222][ T8975] RBP: 00007f4a3d709090 R08: 000020000005ffe4 R09: 000000000000001c
[  164.911233][ T8975] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  164.911243][ T8975] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  164.911271][ T8975]  </TASK>
[  165.335745][ T8983] netlink: 'syz.2.998': attribute type 1 has an invalid length.
[  165.394516][ T8983] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  165.445219][ T8989] sctp: [Deprecated]: syz.1.1001 (pid 8989) Use of int in max_burst socket option.
[  165.445219][ T8989] Use struct sctp_assoc_value instead
[  165.602498][ T8992] netlink: 'syz.0.1002': attribute type 13 has an invalid length.
[  165.633624][ T8992] netlink: 'syz.0.1002': attribute type 17 has an invalid length.
[  165.747953][ T8992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  165.766729][ T9011] netlink: 'syz.2.1004': attribute type 30 has an invalid length.
[  166.655256][ T9041] ip6tnl1: entered promiscuous mode
[  166.924677][ T9051] netlink: 'syz.0.1020': attribute type 4 has an invalid length.
[  167.475574][ T9079] netlink: 'syz.0.1027': attribute type 4 has an invalid length.
[  167.548483][ T9081] RDS: rds_bind could not find a transport for 4004:0:20:0:c002:0:20:0, load rds_tcp or rds_rdma?
[  168.270252][ T9084] __nla_validate_parse: 4 callbacks suppressed
[  168.270270][ T9084] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1029'.
[  168.714855][ T9077] bond3: entered allmulticast mode
[  168.726040][ T9077] 8021q: adding VLAN 0 to HW filter on device bond3
[  168.999510][ T9098] netlink: 'syz.0.1033': attribute type 4 has an invalid length.
[  169.357800][ T9114] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1040'.
[  169.369334][ T9114] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1040'.
[  169.380678][ T9114] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1040'.
[  169.538400][ T9132] FAULT_INJECTION: forcing a failure.
[  169.538400][ T9132] name failslab, interval 1, probability 0, space 0, times 0
[  169.580595][ T9132] CPU: 1 UID: 0 PID: 9132 Comm: syz.2.1045 Not tainted syzkaller #0 PREEMPT(full) 
[  169.580620][ T9132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  169.580630][ T9132] Call Trace:
[  169.580637][ T9132]  <TASK>
[  169.580649][ T9132]  dump_stack_lvl+0x189/0x250
[  169.580675][ T9132]  ? __pfx____ratelimit+0x10/0x10
[  169.580700][ T9132]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.580720][ T9132]  ? __pfx__printk+0x10/0x10
[  169.580743][ T9132]  ? __pfx___might_resched+0x10/0x10
[  169.580761][ T9132]  ? fs_reclaim_acquire+0x7d/0x100
[  169.580782][ T9132]  should_fail_ex+0x414/0x560
[  169.580810][ T9132]  should_failslab+0xa8/0x100
[  169.580830][ T9132]  kmem_cache_alloc_node_noprof+0x77/0x710
[  169.580854][ T9132]  ? __alloc_skb+0x112/0x2d0
[  169.580869][ T9132]  ? netlink_autobind+0xdb/0x300
[  169.580893][ T9132]  __alloc_skb+0x112/0x2d0
[  169.580913][ T9132]  netlink_sendmsg+0x5c6/0xb30
[  169.580940][ T9132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.580961][ T9132]  ? aa_sock_msg_perm+0xf1/0x1d0
[  169.580986][ T9132]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  169.581003][ T9132]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.581022][ T9132]  __sock_sendmsg+0x21c/0x270
[  169.581048][ T9132]  ____sys_sendmsg+0x52d/0x830
[  169.581070][ T9132]  ? __pfx_____sys_sendmsg+0x10/0x10
[  169.581094][ T9132]  ? import_iovec+0x74/0xa0
[  169.581116][ T9132]  ___sys_sendmsg+0x21f/0x2a0
[  169.581135][ T9132]  ? __pfx____sys_sendmsg+0x10/0x10
[  169.581182][ T9132]  ? __fget_files+0x2a/0x420
[  169.581195][ T9132]  ? __fget_files+0x3a0/0x420
[  169.581220][ T9132]  __sys_sendmmsg+0x227/0x430
[  169.581242][ T9132]  ? __pfx___sys_sendmmsg+0x10/0x10
[  169.581266][ T9132]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  169.581298][ T9132]  ? ksys_write+0x22a/0x250
[  169.581319][ T9132]  ? __pfx_ksys_write+0x10/0x10
[  169.581340][ T9132]  __x64_sys_sendmmsg+0xa0/0xc0
[  169.581356][ T9132]  do_syscall_64+0xfa/0xfa0
[  169.581368][ T9132]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.581379][ T9132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.581392][ T9132]  ? clear_bhb_loop+0x60/0xb0
[  169.581407][ T9132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.581419][ T9132] RIP: 0033:0x7f4a3c78f6c9
[  169.581432][ T9132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.581442][ T9132] RSP: 002b:00007f4a3d709038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  169.581457][ T9132] RAX: ffffffffffffffda RBX: 00007f4a3c9e5fa0 RCX: 00007f4a3c78f6c9
[  169.581466][ T9132] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[  169.581474][ T9132] RBP: 00007f4a3d709090 R08: 0000000000000000 R09: 0000000000000000
[  169.581481][ T9132] R10: 0000000000001500 R11: 0000000000000246 R12: 0000000000000001
[  169.581489][ T9132] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  169.581511][ T9132]  </TASK>
[  170.024573][ T9152] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  170.032154][ T9152] syzkaller0: entered promiscuous mode
[  170.043898][ T9152] syzkaller0: entered allmulticast mode
[  170.107632][ T9152] tipc: Resetting bearer <eth:syzkaller0>
[  170.234253][ T9152] tipc: Resetting bearer <eth:syzkaller0>
[  170.249649][ T9152] tipc: Disabling bearer <eth:syzkaller0>
[  170.269524][ T9160] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1055'.
[  170.278896][ T9160] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1055'.
[  170.288053][ T9160] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1055'.
[  170.383841][ T9170] syz_tun: entered allmulticast mode
[  170.403468][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1060'.
[  170.425878][ T9172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1058'.
[  170.443896][ T9172] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1058'.
[  170.559508][ T9170] syz_tun (unregistering): left allmulticast mode
[  170.637337][ T5833] Bluetooth: hci4: link tx timeout
[  170.642900][ T5833] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  170.655088][ T5147] Bluetooth: hci4: link tx timeout
[  170.660882][ T5147] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  170.680241][ T5147] Bluetooth: hci4: link tx timeout
[  170.685729][ T5147] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  170.693601][ T5147] Bluetooth: hci4: link tx timeout
[  170.698990][ T5147] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  171.082069][ T9209] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  171.144840][ T9209] netlink: 'syz.4.1072': attribute type 1 has an invalid length.
[  171.681831][ T9231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  171.696447][ T9213] bond4: option miimon: invalid value (18446744073709551607)
[  171.703955][ T9213] bond4: option miimon: allowed values 0 - 2147483647
[  171.713218][ T9213] bond4 (unregistering): Released all slaves
[  171.867599][ T9233] syzkaller0: entered promiscuous mode
[  171.873121][ T9233] syzkaller0: entered allmulticast mode
[  172.348324][ T9262] netlink: 'syz.2.1089': attribute type 298 has an invalid length.
[  172.422018][ T9260] syzkaller0: entered promiscuous mode
[  172.427626][ T9260] syzkaller0: entered allmulticast mode
[  172.436003][ T9264] syzkaller0: tun_net_xmit 76
[  172.441071][ T9264] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  172.448432][  T143] syzkaller0: tun_net_xmit 48
[  172.463152][ T9267] netlink: 'syz.1.1092': attribute type 1 has an invalid length.
[  172.474762][ T9270] netlink: 'syz.1.1092': attribute type 1 has an invalid length.
[  172.483156][ T9260] tipc: Resetting bearer <eth:syzkaller0>
[  172.747479][ T5833] Bluetooth: hci4: command 0x0405 tx timeout
[  173.501592][ T9285] delete_channel: no stack
[  173.882103][ T9260] tipc: Disabling bearer <eth:syzkaller0>
[  173.934509][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  173.944391][   T30] audit: type=1107 audit(1763445058.589:2): pid=9307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  173.959282][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.067518][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.080699][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.117343][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.125367][ T9308] __nla_validate_parse: 7 callbacks suppressed
[  174.125384][ T9308] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1102'.
[  174.153799][ T9316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1104'.
[  174.162697][ T9316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1104'.
[  174.172684][ T9310] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1102'.
[  174.193321][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.201881][ T9309] netlink: 'syz.2.1102': attribute type 11 has an invalid length.
[  174.257016][ T9318] netlink: 'syz.0.1106': attribute type 1 has an invalid length.
[  174.274074][ T9318] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1106'.
[  174.366843][ T9329] netlink: 'syz.0.1111': attribute type 10 has an invalid length.
[  174.521441][ T9336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1114'.
[  174.549203][ T9336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'.
[  174.564264][ T9336] netlink: 'syz.2.1114': attribute type 14 has an invalid length.
[  174.582372][ T9336] netlink: 'syz.2.1114': attribute type 13 has an invalid length.
[  174.729852][ T9340] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  174.741538][ T9340] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.760071][ T9350] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  174.787577][ T9348] netlink: 'syz.0.1117': attribute type 4 has an invalid length.
[  174.923148][ T9352] netlink: 'syz.0.1121': attribute type 1 has an invalid length.
[  174.930371][ T9340] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  174.941595][ T9340] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.957381][ T9354] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  174.958687][ T9352] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1121'.
[  175.067951][ T9357] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1122'.
[  175.128457][ T9340] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  175.173692][ T9340] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.285194][ T9340] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  175.313993][ T9340] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.490364][ T9377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1129'.
[  175.556326][   T60] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  175.573565][   T60] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.617008][ T9350] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  175.626562][ T9350] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  175.650086][ T9350] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  175.661256][ T9350] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  175.667999][   T60] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  175.678797][   T60] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.688805][ T9350] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  175.690065][   T60] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  175.703215][ T9350] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  175.707285][   T60] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.723425][ T9350] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  175.729791][ T9350] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  175.742017][ T9350] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  175.748125][ T9350] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  175.786224][   T60] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  175.794631][   T60] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.958201][ T9389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  176.434687][ T9406] netlink: 'syz.2.1139': attribute type 1 has an invalid length.
[  176.444248][ T9406] netlink: 'syz.2.1139': attribute type 4 has an invalid length.
[  176.634671][ T9425] netlink: 'syz.4.1146': attribute type 6 has an invalid length.
[  176.737362][ T9431] IPVS: ip_vs_add_dest(): server weight less than zero
[  177.191269][ T9456] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  177.311880][ T9466] netlink: 'syz.0.1163': attribute type 1 has an invalid length.
[  177.342936][ T9456] syzkaller0: entered promiscuous mode
[  177.381875][ T9456] syzkaller0: entered allmulticast mode
[  177.388923][ T9456] tipc: Resetting bearer <eth:syzkaller0>
[  177.401103][ T9466] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  177.459476][ T9468] tipc: Resetting bearer <eth:syzkaller0>
[  177.905015][ T9504] IPVS: ip_vs_add_dest(): server weight less than zero
[  178.124604][ T9498] netlink: 'syz.1.1172': attribute type 13 has an invalid length.
[  178.140606][ T9498] netlink: 'syz.1.1172': attribute type 17 has an invalid length.
[  179.231491][ T9468] tipc: Disabling bearer <eth:syzkaller0>
[  179.255921][ T9486] veth2: entered allmulticast mode
[  179.326978][ T9498] 0ªX¹¦À: left allmulticast mode
[  179.349539][ T9498] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  179.366405][ T9511] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  179.762999][ T9529] __nla_validate_parse: 4 callbacks suppressed
[  179.763017][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1183'.
[  179.786066][ T9529] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  179.854276][ T9535] netlink: 'syz.0.1185': attribute type 4 has an invalid length.
[  179.913288][ T9539] ip6t_srh: unknown srh invflags 4000
[  179.936732][ T9541] netlink: 'syz.1.1186': attribute type 4 has an invalid length.
[  179.974910][ T9546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1189'.
[  180.122652][ T9556] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1193'.
[  180.291769][ T9563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'.
[  180.321788][ T9563] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  180.860862][ T9593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1208'.
[  180.886080][ T9593] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  180.893371][ T9593] IPv6: NLM_F_CREATE should be set when creating new route
[  180.901786][ T9593] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  180.909089][ T9593] IPv6: NLM_F_CREATE should be set when creating new route
[  181.370653][ T9609] FAULT_INJECTION: forcing a failure.
[  181.370653][ T9609] name failslab, interval 1, probability 0, space 0, times 0
[  181.404882][ T9609] CPU: 1 UID: 0 PID: 9609 Comm: syz.3.1216 Not tainted syzkaller #0 PREEMPT(full) 
[  181.404909][ T9609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  181.404920][ T9609] Call Trace:
[  181.404928][ T9609]  <TASK>
[  181.404936][ T9609]  dump_stack_lvl+0x189/0x250
[  181.404974][ T9609]  ? __pfx____ratelimit+0x10/0x10
[  181.404999][ T9609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.405021][ T9609]  ? __pfx__printk+0x10/0x10
[  181.405040][ T9609]  ? copy_to_user_tmpl+0xe2/0x700
[  181.405070][ T9609]  should_fail_ex+0x414/0x560
[  181.405100][ T9609]  should_failslab+0xa8/0x100
[  181.405121][ T9609]  kmem_cache_alloc_node_noprof+0x77/0x710
[  181.405145][ T9609]  ? __alloc_skb+0x112/0x2d0
[  181.405169][ T9609]  __alloc_skb+0x112/0x2d0
[  181.405191][ T9609]  xfrm_alloc_compat+0x1a6/0x16f0
[  181.405226][ T9609]  ? xfrm_get_translator+0x1b/0x240
[  181.405249][ T9609]  ? __pfx_xfrm_alloc_compat+0x10/0x10
[  181.405273][ T9609]  xfrm_nlmsg_multicast+0xda/0x1f0
[  181.405296][ T9609]  xfrm_send_policy_notify+0xb35/0x1bb0
[  181.405327][ T9609]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  181.405351][ T9609]  ? km_policy_notify+0x28/0x200
[  181.405379][ T9609]  ? km_policy_notify+0x28/0x200
[  181.405399][ T9609]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  181.405419][ T9609]  km_policy_notify+0x121/0x200
[  181.405438][ T9609]  ? km_policy_notify+0x28/0x200
[  181.405460][ T9609]  xfrm_add_policy+0x4c7/0x800
[  181.405488][ T9609]  ? __pfx_xfrm_add_policy+0x10/0x10
[  181.405506][ T9609]  ? apparmor_capable+0x137/0x1b0
[  181.405530][ T9609]  ? __nla_parse+0x40/0x60
[  181.405554][ T9609]  xfrm_user_rcv_msg+0x7a3/0xab0
[  181.405581][ T9609]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  181.405640][ T9609]  ? __pfx___mutex_trylock_common+0x10/0x10
[  181.405666][ T9609]  ? rcu_is_watching+0x15/0xb0
[  181.405687][ T9609]  ? trace_contention_end+0x39/0x120
[  181.405707][ T9609]  ? __mutex_lock+0x335/0x1350
[  181.405732][ T9609]  netlink_rcv_skb+0x208/0x470
[  181.405753][ T9609]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  181.405775][ T9609]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  181.405809][ T9609]  ? netlink_deliver_tap+0x2e/0x1b0
[  181.405833][ T9609]  xfrm_netlink_rcv+0x79/0x90
[  181.405854][ T9609]  netlink_unicast+0x82f/0x9e0
[  181.405888][ T9609]  ? __pfx_netlink_unicast+0x10/0x10
[  181.405915][ T9609]  ? netlink_sendmsg+0x642/0xb30
[  181.405930][ T9609]  ? skb_put+0x11b/0x210
[  181.405952][ T9609]  netlink_sendmsg+0x805/0xb30
[  181.405981][ T9609]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.406003][ T9609]  ? aa_sock_msg_perm+0xf1/0x1d0
[  181.406028][ T9609]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  181.406044][ T9609]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.406063][ T9609]  __sock_sendmsg+0x21c/0x270
[  181.406090][ T9609]  ____sys_sendmsg+0x505/0x830
[  181.406115][ T9609]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.406144][ T9609]  ? import_iovec+0x74/0xa0
[  181.406169][ T9609]  ___sys_sendmsg+0x21f/0x2a0
[  181.406191][ T9609]  ? __pfx____sys_sendmsg+0x10/0x10
[  181.406257][ T9609]  ? __fget_files+0x2a/0x420
[  181.406273][ T9609]  ? __fget_files+0x3a0/0x420
[  181.406301][ T9609]  __x64_sys_sendmsg+0x19b/0x260
[  181.406324][ T9609]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  181.406354][ T9609]  ? __pfx_ksys_write+0x10/0x10
[  181.406382][ T9609]  ? do_syscall_64+0xbe/0xfa0
[  181.406403][ T9609]  do_syscall_64+0xfa/0xfa0
[  181.406418][ T9609]  ? lockdep_hardirqs_on+0x9c/0x150
[  181.406433][ T9609]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.406450][ T9609]  ? clear_bhb_loop+0x60/0xb0
[  181.406470][ T9609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.406487][ T9609] RIP: 0033:0x7faa8bb8f6c9
[  181.406511][ T9609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.406525][ T9609] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.406550][ T9609] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  181.406563][ T9609] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000007
[  181.406574][ T9609] RBP: 00007faa8ca1f090 R08: 0000000000000000 R09: 0000000000000000
[  181.406585][ T9609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  181.406595][ T9609] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  181.406627][ T9609]  </TASK>
[  182.093150][ T9625] pim6reg: entered allmulticast mode
[  182.145249][ T9626] pim6reg: left allmulticast mode
[  182.490351][ T9645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1228'.
[  182.524878][ T9644] netlink: 'syz.0.1227': attribute type 2 has an invalid length.
[  182.617423][ T9645] netlink: 'syz.1.1228': attribute type 1 has an invalid length.
[  182.628182][ T9645] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1228'.
[  182.885989][ T9668] vlan0: entered promiscuous mode
[  182.896908][ T9668] hsr_slave_1: entered promiscuous mode
[  182.905632][ T9668] vlan0: entered allmulticast mode
[  182.911887][ T9668] hsr_slave_1: entered allmulticast mode
[  182.928141][ T9668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1236'.
[  183.040548][ T9677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  183.050022][ T9676] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1239'.
[  183.060705][ T9676] netlink: 15 bytes leftover after parsing attributes in process `syz.0.1239'.
[  183.123299][ T9676] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  183.177735][ T9681] openvswitch: netlink: Duplicate key (type 21).
[  183.278556][ T9689] netlink: 'syz.3.1243': attribute type 1 has an invalid length.
[  183.355374][ T9696] netlink: 'syz.3.1245': attribute type 12 has an invalid length.
[  183.433166][ T9702] FAULT_INJECTION: forcing a failure.
[  183.433166][ T9702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.476851][ T9702] CPU: 0 UID: 0 PID: 9702 Comm: syz.3.1248 Not tainted syzkaller #0 PREEMPT(full) 
[  183.476878][ T9702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  183.476889][ T9702] Call Trace:
[  183.476897][ T9702]  <TASK>
[  183.476904][ T9702]  dump_stack_lvl+0x189/0x250
[  183.476931][ T9702]  ? __pfx____ratelimit+0x10/0x10
[  183.476957][ T9702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.476979][ T9702]  ? __pfx__printk+0x10/0x10
[  183.477010][ T9702]  should_fail_ex+0x414/0x560
[  183.477039][ T9702]  _copy_from_user+0x2d/0xb0
[  183.477061][ T9702]  copy_from_sockptr_offset+0x66/0xa0
[  183.477083][ T9702]  do_ip6t_set_ctl+0x8b7/0xce0
[  183.477105][ T9702]  ? rcu_is_watching+0x15/0xb0
[  183.477125][ T9702]  ? trace_contention_end+0x39/0x120
[  183.477146][ T9702]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  183.477185][ T9702]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  183.477215][ T9702]  ? __lock_acquire+0xab9/0xd20
[  183.477236][ T9702]  nf_setsockopt+0x26f/0x290
[  183.477265][ T9702]  rawv6_setsockopt+0x23b/0x5b0
[  183.477296][ T9702]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  183.477314][ T9702]  ? aa_sock_opt_perm+0xff/0x1b0
[  183.477340][ T9702]  ? sock_common_setsockopt+0x36/0xc0
[  183.477364][ T9702]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  183.477390][ T9702]  do_sock_setsockopt+0x17c/0x1b0
[  183.477414][ T9702]  __x64_sys_setsockopt+0x13f/0x1b0
[  183.477438][ T9702]  do_syscall_64+0xfa/0xfa0
[  183.477454][ T9702]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.477471][ T9702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.477488][ T9702]  ? clear_bhb_loop+0x60/0xb0
[  183.477508][ T9702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.477525][ T9702] RIP: 0033:0x7faa8bb8f6c9
[  183.477542][ T9702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.477557][ T9702] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  183.477576][ T9702] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  183.477589][ T9702] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  183.477599][ T9702] RBP: 00007faa8ca1f090 R08: 00000000000004f0 R09: 0000000000000000
[  183.477611][ T9702] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.477622][ T9702] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  183.477653][ T9702]  </TASK>
[  184.807887][ T9749] netlink: 'syz.3.1265': attribute type 13 has an invalid length.
[  184.825704][ T9749] netlink: 'syz.3.1265': attribute type 17 has an invalid length.
[  184.887420][ T9749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  184.919340][ T9753] __nla_validate_parse: 4 callbacks suppressed
[  184.919362][ T9753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1267'.
[  184.965010][ T9753] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1267'.
[  184.987967][ T9753] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1267'.
[  185.008204][ T9753] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1267'.
[  185.028708][ T9759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1269'.
[  185.201460][ T9773] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  185.364552][ T9784] netlink: 'syz.3.1277': attribute type 1 has an invalid length.
[  185.404315][ T9780] atm:sigd_send: bad message type 36
[  185.421666][ T9784] 8021q: adding VLAN 0 to HW filter on device bond1
[  185.449535][ T9784] 8021q: adding VLAN 0 to HW filter on device batadv1
[  185.497761][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1277'.
[  185.499972][ T9784] bond1: (slave batadv1): making interface the new active one
[  185.562955][ T9784] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  185.586985][ T9791] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1279'.
[  185.604053][ T9791] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1279'.
[  185.628444][ T9791] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1279'.
[  185.810903][ T9792] bond1 (unregistering): (slave batadv1): Releasing active interface
[  185.834608][ T9792] bond1 (unregistering): Released all slaves
[  185.874964][ T9800] netlink: 'syz.2.1284': attribute type 4 has an invalid length.
[  185.882862][ T9802] netlink: 'syz.4.1283': attribute type 12 has an invalid length.
[  185.892651][ T9802] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1283'.
[  186.447876][ T9813] syz.3.1287 (9813) used greatest stack depth: 17832 bytes left
[  187.000623][ T9837] syzkaller0: entered promiscuous mode
[  187.007292][ T9837] syzkaller0: entered allmulticast mode
[  187.615529][ T9866] netlink: 'syz.4.1298': attribute type 1 has an invalid length.
[  188.618925][ T9864] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  189.091822][ T9898] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  189.115863][ T9898] tipc: Disabling bearer <udp:syz2>
[  189.234061][ T9901] tap0: tun_chr_ioctl cmd 1074812118
[  189.241599][ T9901] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.249465][ T9901] tap0: tun_chr_ioctl cmd 35092
[  189.259445][ T9901] tipc: Resetting bearer <eth:syzkaller0>
[  189.362213][ T9900] tipc: Disabling bearer <eth:syzkaller0>
[  190.034048][ T9944] can: request_module (can-proto-4) failed.
[  190.655272][ T9957] netlink: 'syz.3.1332': attribute type 30 has an invalid length.
[  190.839567][ T9963] netlink: 'syz.2.1334': attribute type 12 has an invalid length.
[  190.849315][ T9963] __nla_validate_parse: 13 callbacks suppressed
[  190.849333][ T9963] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1334'.
[  191.014825][ T9979] FAULT_INJECTION: forcing a failure.
[  191.014825][ T9979] name failslab, interval 1, probability 0, space 0, times 0
[  191.038270][ T9979] CPU: 1 UID: 0 PID: 9979 Comm: syz.0.1341 Not tainted syzkaller #0 PREEMPT(full) 
[  191.038296][ T9979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  191.038306][ T9979] Call Trace:
[  191.038313][ T9979]  <TASK>
[  191.038321][ T9979]  dump_stack_lvl+0x189/0x250
[  191.038349][ T9979]  ? __pfx____ratelimit+0x10/0x10
[  191.038374][ T9979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.038395][ T9979]  ? __pfx__printk+0x10/0x10
[  191.038428][ T9979]  should_fail_ex+0x414/0x560
[  191.038458][ T9979]  should_failslab+0xa8/0x100
[  191.038479][ T9979]  __kmalloc_cache_noprof+0x6f/0x6f0
[  191.038502][ T9979]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  191.038526][ T9979]  ? sctp_add_bind_addr+0x8c/0x370
[  191.038556][ T9979]  sctp_add_bind_addr+0x8c/0x370
[  191.038584][ T9979]  sctp_copy_local_addr_list+0x30b/0x4e0
[  191.038611][ T9979]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  191.038633][ T9979]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  191.038659][ T9979]  ? sctp_v6_is_any+0x64/0x80
[  191.038677][ T9979]  ? sctp_copy_one_addr+0x93/0x360
[  191.038703][ T9979]  sctp_bind_addr_copy+0xb3/0x3c0
[  191.038728][ T9979]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  191.038754][ T9979]  sctp_connect_new_asoc+0x2e0/0x690
[  191.038777][ T9979]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  191.038793][ T9979]  ? __local_bh_enable_ip+0x12d/0x1c0
[  191.038819][ T9979]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  191.038838][ T9979]  ? security_sctp_bind_connect+0x7e/0x2e0
[  191.038860][ T9979]  sctp_sendmsg+0x155c/0x2810
[  191.038891][ T9979]  ? __pfx_sctp_sendmsg+0x10/0x10
[  191.038913][ T9979]  ? aa_sk_perm+0x81e/0x950
[  191.038936][ T9979]  ? __lock_acquire+0xab9/0xd20
[  191.038956][ T9979]  ? __pfx_aa_sk_perm+0x10/0x10
[  191.038982][ T9979]  ? sock_rps_record_flow+0x19/0x410
[  191.039004][ T9979]  ? inet_sendmsg+0x2f4/0x370
[  191.039026][ T9979]  __sock_sendmsg+0x19c/0x270
[  191.039052][ T9979]  ____sys_sendmsg+0x52d/0x830
[  191.039077][ T9979]  ? __pfx_____sys_sendmsg+0x10/0x10
[  191.039104][ T9979]  ? import_iovec+0x74/0xa0
[  191.039129][ T9979]  ___sys_sendmsg+0x21f/0x2a0
[  191.039158][ T9979]  ? __pfx____sys_sendmsg+0x10/0x10
[  191.039213][ T9979]  ? __fget_files+0x2a/0x420
[  191.039229][ T9979]  ? __fget_files+0x3a0/0x420
[  191.039256][ T9979]  __sys_sendmmsg+0x227/0x430
[  191.039282][ T9979]  ? __pfx___sys_sendmmsg+0x10/0x10
[  191.039310][ T9979]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  191.039347][ T9979]  ? ksys_write+0x22a/0x250
[  191.039372][ T9979]  ? __pfx_ksys_write+0x10/0x10
[  191.039402][ T9979]  __x64_sys_sendmmsg+0xa0/0xc0
[  191.039424][ T9979]  do_syscall_64+0xfa/0xfa0
[  191.039439][ T9979]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.039455][ T9979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.039472][ T9979]  ? clear_bhb_loop+0x60/0xb0
[  191.039494][ T9979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.039510][ T9979] RIP: 0033:0x7f6dfc78f6c9
[  191.039526][ T9979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.039541][ T9979] RSP: 002b:00007f6dfd702038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  191.039559][ T9979] RAX: ffffffffffffffda RBX: 00007f6dfc9e5fa0 RCX: 00007f6dfc78f6c9
[  191.039572][ T9979] RDX: 0000000000000001 RSI: 0000200000000780 RDI: 0000000000000003
[  191.039582][ T9979] RBP: 00007f6dfd702090 R08: 0000000000000000 R09: 0000000000000000
[  191.039593][ T9979] R10: 0000000020048040 R11: 0000000000000246 R12: 0000000000000002
[  191.039604][ T9979] R13: 00007f6dfc9e6038 R14: 00007f6dfc9e5fa0 R15: 00007ffce449dd18
[  191.039635][ T9979]  </TASK>
[  191.701738][ T9996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1347'.
[  191.713135][ T9996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1347'.
[  191.871429][T10004] FAULT_INJECTION: forcing a failure.
[  191.871429][T10004] name failslab, interval 1, probability 0, space 0, times 0
[  191.879205][T10006] netlink: 'syz.1.1350': attribute type 6 has an invalid length.
[  191.884339][T10004] CPU: 1 UID: 0 PID: 10004 Comm: syz.2.1351 Not tainted syzkaller #0 PREEMPT(full) 
[  191.884360][T10004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  191.884371][T10004] Call Trace:
[  191.884378][T10004]  <TASK>
[  191.884386][T10004]  dump_stack_lvl+0x189/0x250
[  191.884414][T10004]  ? __pfx____ratelimit+0x10/0x10
[  191.884439][T10004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.884460][T10004]  ? __pfx__printk+0x10/0x10
[  191.884492][T10004]  should_fail_ex+0x414/0x560
[  191.884520][T10004]  should_failslab+0xa8/0x100
[  191.884540][T10004]  __kmalloc_cache_noprof+0x6f/0x6f0
[  191.884562][T10004]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  191.884585][T10004]  ? sctp_add_bind_addr+0x8c/0x370
[  191.884606][T10004]  ? sctp_add_bind_addr+0xb0/0x370
[  191.884633][T10004]  sctp_add_bind_addr+0x8c/0x370
[  191.884660][T10004]  sctp_copy_local_addr_list+0x30b/0x4e0
[  191.884687][T10004]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  191.884709][T10004]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  191.884734][T10004]  ? sctp_v6_is_any+0x64/0x80
[  191.884751][T10004]  ? sctp_copy_one_addr+0x93/0x360
[  191.884777][T10004]  sctp_bind_addr_copy+0xb3/0x3c0
[  191.884801][T10004]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  191.884825][T10004]  sctp_connect_new_asoc+0x2e0/0x690
[  191.884846][T10004]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  191.884863][T10004]  ? __local_bh_enable_ip+0x12d/0x1c0
[  191.884888][T10004]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  191.884906][T10004]  ? security_sctp_bind_connect+0x7e/0x2e0
[  191.884928][T10004]  sctp_sendmsg+0x155c/0x2810
[  191.884958][T10004]  ? __pfx_sctp_sendmsg+0x10/0x10
[  191.884979][T10004]  ? aa_sk_perm+0x81e/0x950
[  191.885006][T10004]  ? __pfx_aa_sk_perm+0x10/0x10
[  191.885030][T10004]  ? sock_rps_record_flow+0x19/0x410
[  191.885051][T10004]  ? inet_sendmsg+0x2f4/0x370
[  191.885072][T10004]  __sock_sendmsg+0x19c/0x270
[  191.885097][T10004]  __sys_sendto+0x3bd/0x520
[  191.885117][T10004]  ? __pfx___sys_sendto+0x10/0x10
[  191.885131][T10004]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  191.885162][T10004]  ? __fget_files+0x3a0/0x420
[  191.885189][T10004]  ? ksys_write+0x22a/0x250
[  191.885213][T10004]  ? __pfx_ksys_write+0x10/0x10
[  191.885238][T10004]  __x64_sys_sendto+0xde/0x100
[  191.885259][T10004]  do_syscall_64+0xfa/0xfa0
[  191.885274][T10004]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.885300][T10004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.885316][T10004]  ? clear_bhb_loop+0x60/0xb0
[  191.885336][T10004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.885353][T10004] RIP: 0033:0x7f4a3c78f6c9
[  191.885367][T10004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.885381][T10004] RSP: 002b:00007f4a3d709038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  191.885399][T10004] RAX: ffffffffffffffda RBX: 00007f4a3c9e5fa0 RCX: 00007f4a3c78f6c9
[  191.885411][T10004] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000003
[  191.885421][T10004] RBP: 00007f4a3d709090 R08: 000020000005ffe4 R09: 000000000000001c
[  191.885433][T10004] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  191.885443][T10004] R13: 00007f4a3c9e6038 R14: 00007f4a3c9e5fa0 R15: 00007ffdb2b93a08
[  191.885473][T10004]  </TASK>
[  192.082444][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1353'.
[  192.240395][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1353'.
[  192.537349][T10029] xt_TCPMSS: Only works on TCP SYN packets
[  192.604962][T10029] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1358'.
[  192.821435][T10044] vlan2: entered promiscuous mode
[  192.843128][T10044] bond0: entered promiscuous mode
[  192.857828][T10044] bond_slave_0: entered promiscuous mode
[  192.867211][T10044] bond_slave_1: entered promiscuous mode
[  192.877748][T10044] vlan2: entered allmulticast mode
[  192.886281][T10044] bond0: entered allmulticast mode
[  192.894832][T10044] bond_slave_0: entered allmulticast mode
[  192.903990][T10044] bond_slave_1: entered allmulticast mode
[  192.994026][T10050] FAULT_INJECTION: forcing a failure.
[  192.994026][T10050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.034176][T10050] CPU: 1 UID: 0 PID: 10050 Comm: syz.0.1365 Not tainted syzkaller #0 PREEMPT(full) 
[  193.034203][T10050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.034214][T10050] Call Trace:
[  193.034221][T10050]  <TASK>
[  193.034230][T10050]  dump_stack_lvl+0x189/0x250
[  193.034257][T10050]  ? __pfx____ratelimit+0x10/0x10
[  193.034282][T10050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.034304][T10050]  ? __pfx__printk+0x10/0x10
[  193.034322][T10050]  ? __might_fault+0xb0/0x130
[  193.034356][T10050]  should_fail_ex+0x414/0x560
[  193.034386][T10050]  _copy_from_user+0x2d/0xb0
[  193.034412][T10050]  ___sys_sendmsg+0x158/0x2a0
[  193.034435][T10050]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.034490][T10050]  ? __fget_files+0x2a/0x420
[  193.034506][T10050]  ? __fget_files+0x3a0/0x420
[  193.034533][T10050]  __x64_sys_sendmsg+0x19b/0x260
[  193.034556][T10050]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  193.034585][T10050]  ? __pfx_ksys_write+0x10/0x10
[  193.034612][T10050]  ? do_syscall_64+0xbe/0xfa0
[  193.034632][T10050]  do_syscall_64+0xfa/0xfa0
[  193.034648][T10050]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.034666][T10050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.034683][T10050]  ? clear_bhb_loop+0x60/0xb0
[  193.034704][T10050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.034721][T10050] RIP: 0033:0x7f6dfc78f6c9
[  193.034736][T10050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.034751][T10050] RSP: 002b:00007f6dfd702038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.034770][T10050] RAX: ffffffffffffffda RBX: 00007f6dfc9e5fa0 RCX: 00007f6dfc78f6c9
[  193.034783][T10050] RDX: 0000000004000080 RSI: 0000200000000100 RDI: 0000000000000003
[  193.034795][T10050] RBP: 00007f6dfd702090 R08: 0000000000000000 R09: 0000000000000000
[  193.034806][T10050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.034816][T10050] R13: 00007f6dfc9e6038 R14: 00007f6dfc9e5fa0 R15: 00007ffce449dd18
[  193.034846][T10050]  </TASK>
[  193.524306][T10068] FAULT_INJECTION: forcing a failure.
[  193.524306][T10068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.583316][T10068] CPU: 0 UID: 0 PID: 10068 Comm: syz.4.1370 Not tainted syzkaller #0 PREEMPT(full) 
[  193.583342][T10068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.583352][T10068] Call Trace:
[  193.583360][T10068]  <TASK>
[  193.583368][T10068]  dump_stack_lvl+0x189/0x250
[  193.583394][T10068]  ? __pfx____ratelimit+0x10/0x10
[  193.583428][T10068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.583449][T10068]  ? __pfx__printk+0x10/0x10
[  193.583469][T10068]  ? __might_fault+0xb0/0x130
[  193.583500][T10068]  should_fail_ex+0x414/0x560
[  193.583530][T10068]  _copy_from_user+0x2d/0xb0
[  193.583552][T10068]  ___sys_sendmsg+0x158/0x2a0
[  193.583576][T10068]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.583630][T10068]  ? __fget_files+0x2a/0x420
[  193.583646][T10068]  ? __fget_files+0x3a0/0x420
[  193.583673][T10068]  __x64_sys_sendmsg+0x19b/0x260
[  193.583695][T10068]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  193.583724][T10068]  ? __pfx_ksys_write+0x10/0x10
[  193.583750][T10068]  ? do_syscall_64+0xbe/0xfa0
[  193.583770][T10068]  do_syscall_64+0xfa/0xfa0
[  193.583786][T10068]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.583803][T10068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.583820][T10068]  ? clear_bhb_loop+0x60/0xb0
[  193.583841][T10068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.583857][T10068] RIP: 0033:0x7f150358f6c9
[  193.583872][T10068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.583886][T10068] RSP: 002b:00007f1504416038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  193.583905][T10068] RAX: ffffffffffffffda RBX: 00007f15037e5fa0 RCX: 00007f150358f6c9
[  193.583918][T10068] RDX: 0000000004000080 RSI: 0000200000000100 RDI: 0000000000000003
[  193.583930][T10068] RBP: 00007f1504416090 R08: 0000000000000000 R09: 0000000000000000
[  193.583940][T10068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.583951][T10068] R13: 00007f15037e6038 R14: 00007f15037e5fa0 R15: 00007fffcaf21ce8
[  193.583981][T10068]  </TASK>
[  193.592508][T10071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1371'.
[  194.229056][T10090] xt_CT: You must specify a L4 protocol and not use inversions on it
[  194.280784][T10095] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1380'.
[  194.285939][T10090] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1377'.
[  194.308795][T10095] 0ªX¹¦À: renamed from caif0
[  194.322327][T10095] 0ªX¹¦À: entered allmulticast mode
[  194.327676][T10095] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  194.511575][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.624421][T10100] netlink: 'syz.4.1378': attribute type 14 has an invalid length.
[  194.927444][T10126] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  195.099140][T10134] FAULT_INJECTION: forcing a failure.
[  195.099140][T10134] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.120877][T10134] CPU: 0 UID: 0 PID: 10134 Comm: syz.1.1390 Not tainted syzkaller #0 PREEMPT(full) 
[  195.120904][T10134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  195.120922][T10134] Call Trace:
[  195.120929][T10134]  <TASK>
[  195.120937][T10134]  dump_stack_lvl+0x189/0x250
[  195.120964][T10134]  ? __pfx____ratelimit+0x10/0x10
[  195.120988][T10134]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.121009][T10134]  ? __pfx__printk+0x10/0x10
[  195.121026][T10134]  ? __might_fault+0xb0/0x130
[  195.121058][T10134]  should_fail_ex+0x414/0x560
[  195.121084][T10134]  _copy_from_user+0x2d/0xb0
[  195.121105][T10134]  ___sys_sendmsg+0x158/0x2a0
[  195.121127][T10134]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.121188][T10134]  ? __might_fault+0xb0/0x130
[  195.121214][T10134]  __sys_sendmmsg+0x227/0x430
[  195.121239][T10134]  ? __pfx___sys_sendmmsg+0x10/0x10
[  195.121266][T10134]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  195.121301][T10134]  ? ksys_write+0x22a/0x250
[  195.121325][T10134]  ? __pfx_ksys_write+0x10/0x10
[  195.121350][T10134]  __x64_sys_sendmmsg+0xa0/0xc0
[  195.121371][T10134]  do_syscall_64+0xfa/0xfa0
[  195.121386][T10134]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.121403][T10134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.121419][T10134]  ? clear_bhb_loop+0x60/0xb0
[  195.121440][T10134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.121456][T10134] RIP: 0033:0x7fac05f8f6c9
[  195.121471][T10134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.121484][T10134] RSP: 002b:00007fac041ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  195.121503][T10134] RAX: ffffffffffffffda RBX: 00007fac061e5fa0 RCX: 00007fac05f8f6c9
[  195.121515][T10134] RDX: 00000000040001b6 RSI: 0000200000001540 RDI: 0000000000000003
[  195.121525][T10134] RBP: 00007fac041ee090 R08: 0000000000000000 R09: 0000000000000000
[  195.121536][T10134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  195.121546][T10134] R13: 00007fac061e6038 R14: 00007fac061e5fa0 R15: 00007fff90d25e38
[  195.121575][T10134]  </TASK>
[  195.419452][T10140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1392'.
[  195.637672][T10151] netlink: 'syz.0.1395': attribute type 42 has an invalid length.
[  196.331786][T10175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1400'.
[  196.647892][T10184] netlink: 'syz.1.1403': attribute type 1 has an invalid length.
[  196.782297][T10184] bond1: entered promiscuous mode
[  196.787498][T10184] bond1: entered allmulticast mode
[  196.793075][T10184] 8021q: adding VLAN 0 to HW filter on device bond1
[  196.864179][T10187] macvlan3: entered promiscuous mode
[  196.877009][T10187] macvlan3: entered allmulticast mode
[  196.914719][T10187] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  197.126634][T10207] netlink: 'syz.3.1410': attribute type 1 has an invalid length.
[  197.143020][T10207] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1410'.
[  197.192735][T10205] netlink: 'syz.4.1409': attribute type 1 has an invalid length.
[  197.221756][T10213] netlink: 'syz.1.1413': attribute type 1 has an invalid length.
[  197.222731][T10205] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1409'.
[  197.279703][T10213] 8021q: adding VLAN 0 to HW filter on device bond2
[  197.302583][T10213] bond2: (slave geneve2): making interface the new active one
[  197.341360][T10213] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  197.369969][T10218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1415'.
[  197.393876][T10218] netlink: 34 bytes leftover after parsing attributes in process `syz.3.1415'.
[  197.527929][T10228] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1418'.
[  197.637385][T10239] netlink: 'syz.2.1416': attribute type 1 has an invalid length.
[  197.657060][T10240] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1420'.
[  197.747393][T10240] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.755430][T10240] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.891554][T10245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1420'.
[  198.061914][T10251] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1425'.
[  198.295286][T10254] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1426'.
[  198.320789][T10240] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  198.419290][T10240] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  198.533259][T10232] syz.3.1421: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  198.578121][T10232] CPU: 0 UID: 0 PID: 10232 Comm: syz.3.1421 Not tainted syzkaller #0 PREEMPT(full) 
[  198.578149][T10232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  198.578160][T10232] Call Trace:
[  198.578167][T10232]  <TASK>
[  198.578176][T10232]  dump_stack_lvl+0x189/0x250
[  198.578207][T10232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.578232][T10232]  ? __pfx__printk+0x10/0x10
[  198.578250][T10232]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  198.578275][T10232]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  198.578301][T10232]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  198.578328][T10232]  warn_alloc+0x214/0x310
[  198.578369][T10232]  ? __pfx_warn_alloc+0x10/0x10
[  198.578405][T10232]  ? __get_vm_area_node+0x28f/0x300
[  198.578430][T10232]  ? translate_table+0x19b/0x2040
[  198.578452][T10232]  __vmalloc_node_range_noprof+0x690/0x12d0
[  198.578506][T10232]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  198.578531][T10232]  ? translate_table+0x19b/0x2040
[  198.578551][T10232]  ? rcu_is_watching+0x15/0xb0
[  198.578573][T10232]  ? translate_table+0x19b/0x2040
[  198.578591][T10232]  __kvmalloc_node_noprof+0x674/0x910
[  198.578616][T10232]  ? translate_table+0x19b/0x2040
[  198.578632][T10232]  ? do_ip6t_set_ctl+0x88a/0xce0
[  198.578648][T10232]  ? nf_setsockopt+0x26f/0x290
[  198.578670][T10232]  ? do_sock_setsockopt+0x17c/0x1b0
[  198.578688][T10232]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  198.578712][T10232]  translate_table+0x19b/0x2040
[  198.578742][T10232]  ? __lock_acquire+0xab9/0xd20
[  198.578766][T10232]  ? __pfx_translate_table+0x10/0x10
[  198.578786][T10232]  ? __might_fault+0xb0/0x130
[  198.578829][T10232]  ? _copy_from_user+0x94/0xb0
[  198.578856][T10232]  do_ip6t_set_ctl+0x970/0xce0
[  198.578878][T10232]  ? rcu_is_watching+0x15/0xb0
[  198.578900][T10232]  ? trace_contention_end+0x39/0x120
[  198.578922][T10232]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  198.578963][T10232]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  198.578990][T10232]  ? file_init_path+0x3b/0x590
[  198.579014][T10232]  ? __lock_acquire+0xab9/0xd20
[  198.579036][T10232]  nf_setsockopt+0x26f/0x290
[  198.579067][T10232]  rawv6_setsockopt+0x23b/0x5b0
[  198.579091][T10232]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  198.579112][T10232]  ? aa_sock_opt_perm+0xff/0x1b0
[  198.579140][T10232]  ? sock_common_setsockopt+0x36/0xc0
[  198.579165][T10232]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  198.579194][T10232]  do_sock_setsockopt+0x17c/0x1b0
[  198.579219][T10232]  __x64_sys_setsockopt+0x13f/0x1b0
[  198.579245][T10232]  do_syscall_64+0xfa/0xfa0
[  198.579263][T10232]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.579281][T10232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.579299][T10232]  ? clear_bhb_loop+0x60/0xb0
[  198.579322][T10232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.579339][T10232] RIP: 0033:0x7faa8bb8f6c9
[  198.579364][T10232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.579380][T10232] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  198.579400][T10232] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  198.579414][T10232] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  198.579426][T10232] RBP: 00007faa8bc11f91 R08: 00000000000004f0 R09: 0000000000000000
[  198.579438][T10232] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  198.579450][T10232] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  198.579481][T10232]  </TASK>
[  198.579488][T10232] Mem-Info:
[  198.941491][T10232] active_anon:3979 inactive_anon:0 isolated_anon:0
[  198.941491][T10232]  active_file:3541 inactive_file:39927 isolated_file:0
[  198.941491][T10232]  unevictable:768 dirty:535 writeback:0
[  198.941491][T10232]  slab_reclaimable:11319 slab_unreclaimable:139126
[  198.941491][T10232]  mapped:32433 shmem:1379 pagetables:996
[  198.941491][T10232]  sec_pagetables:0 bounce:0
[  198.941491][T10232]  kernel_misc_reclaimable:0
[  198.941491][T10232]  free:1271725 free_pcp:16027 free_cma:0
[  198.988149][T10232] Node 0 active_anon:15816kB inactive_anon:0kB active_file:14164kB inactive_file:159504kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:129732kB dirty:2136kB writeback:0kB shmem:3980kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11512kB pagetables:3828kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  199.021488][T10232] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  199.052033][T10232] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  199.087193][T10232] lowmem_reserve[]: 0 2504 2505 2505 2505
[  199.093687][T10232] Node 0 DMA32 free:1182932kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15852kB inactive_anon:0kB active_file:14164kB inactive_file:159504kB unevictable:1536kB writepending:2152kB zspages:0kB present:3129332kB managed:2565108kB mlocked:0kB bounce:0kB free_pcp:45728kB local_pcp:23692kB free_cma:0kB
[  199.127930][T10232] lowmem_reserve[]: 0 0 0 0 0
[  199.132696][T10232] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  199.162358][T10232] lowmem_reserve[]: 0 0 0 0 0
[  199.167239][T10232] Node 1 Normal free:3888556kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19520kB local_pcp:10624kB free_cma:0kB
[  199.199689][T10232] lowmem_reserve[]: 0 0 0 0 0
[  199.204586][T10232] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  199.217631][T10232] Node 0 DMA32: 1*4kB (U) 1*8kB (M) 2*16kB (UE) 35*32kB (UM) 67*64kB (M) 33*128kB (UME) 13*256kB (UME) 9*512kB (M) 6*1024kB (UME) 4*2048kB (UM) 281*4096kB (UM) = 1182924kB
[  199.235087][T10232] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  199.246618][T10232] Node 1 Normal: 235*4kB (UME) 62*8kB (UME) 43*16kB (UME) 113*32kB (UME) 31*64kB (UME) 7*128kB (UME) 4*256kB (UM) 2*512kB (M) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3888556kB
[  199.249752][T10240] ip6tnl1: left promiscuous mode
[  199.270015][T10232] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  199.272094][T10240] tipc: Resetting bearer <eth:syzkaller0>
[  199.285579][T10232] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  199.294983][T10232] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  199.296321][T10240] syzkaller0: left promiscuous mode
[  199.304708][T10232] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  199.310276][T10240] syzkaller0: left allmulticast mode
[  199.319512][T10232] 44819 total pagecache pages
[  199.329638][T10232] 0 pages in swap cache
[  199.333848][T10232] Free swap  = 124996kB
[  199.338001][T10232] Total swap = 124996kB
[  199.342155][T10232] 2097051 pages RAM
[  199.346022][T10232] 0 pages HighMem/MovableOnly
[  199.350779][T10232] 424132 pages reserved
[  199.355103][T10232] 0 pages cma reserved
[  199.366306][T10240] team1: left promiscuous mode
[  199.371323][T10240] team1: left allmulticast mode
[  199.377429][T10240] bond1: left promiscuous mode
[  199.382422][T10240] bond1: left allmulticast mode
[  199.402819][T10245] hsr_slave_0: left promiscuous mode
[  199.409862][T10245] hsr_slave_1: left promiscuous mode
[  199.475118][   T13] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.484530][   T13] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.510213][   T13] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.548047][   T13] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.563827][   T13] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.589958][   T13] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.646978][   T13] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.683606][   T13] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  199.799553][T10283] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.814037][T10283] 8021q: adding VLAN 0 to HW filter on device team0
[  199.830091][T10283] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  199.901953][T10271] netlink: 'syz.2.1432': attribute type 2 has an invalid length.
[  200.049556][ T5962] IPVS: starting estimator thread 0...
[  200.063317][T10293] netlink: 'syz.1.1437': attribute type 5 has an invalid length.
[  200.153670][T10295] IPVS: using max 33 ests per chain, 79200 per kthread
[  200.224730][T10293] IPVS: length: 141 != 8
[  200.371062][T10305] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  200.467420][T10300] bond0: ARP target 170.170.170.170 is already present
[  200.495442][T10300] bond0: option arp_ip_target: invalid value (2863311530)
[  201.401147][T10334] __nla_validate_parse: 8 callbacks suppressed
[  201.401164][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1449'.
[  201.620947][T10350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1456'.
[  201.656012][T10350] tipc: New replicast peer: 255.255.255.255
[  201.662634][T10350] tipc: Enabled bearer <udp:syz2>, priority 6
[  201.670817][T10350] netlink: 'syz.2.1456': attribute type 1 has an invalid length.
[  201.679476][T10350] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1456'.
[  202.461509][T10389] netlink: 'syz.2.1469': attribute type 2 has an invalid length.
[  202.720153][T10396] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1471'.
[  202.731894][T10396] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  202.741008][T10396] netlink: 'syz.3.1471': attribute type 1 has an invalid length.
[  202.757646][T10396] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1471'.
[  203.056345][T10413] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  203.060772][T10411] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1476'.
[  203.063628][T10413] IPv6: NLM_F_CREATE should be set when creating new route
[  203.079848][T10413] IPv6: NLM_F_CREATE should be set when creating new route
[  203.110786][T10411] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1476'.
[  203.221183][T10420] netlink: 'syz.1.1482': attribute type 10 has an invalid length.
[  203.534890][T10433] netlink: 'syz.3.1491': attribute type 12 has an invalid length.
[  203.659876][T10442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1493'.
[  203.771814][T10448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1496'.
[  204.033083][T10462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1501'.
[  204.130747][T10472] netlink: 'syz.3.1505': attribute type 1 has an invalid length.
[  204.190057][T10472] 8021q: adding VLAN 0 to HW filter on device bond2
[  204.230673][T10478] bond2: (slave gretap1): making interface the new active one
[  204.241375][T10478] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  204.306137][T10459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.446445][T10542] netlink: 'syz.3.1528': attribute type 1 has an invalid length.
[  205.468417][T10539] erspan0: entered promiscuous mode
[  205.480595][T10545] syzkaller1: entered promiscuous mode
[  205.486356][T10545] syzkaller1: entered allmulticast mode
[  205.820767][T10558] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  206.109965][T10574] syzkaller0: entered promiscuous mode
[  206.116418][T10574] syzkaller0: entered allmulticast mode
[  206.376654][T10589] netlink: 'syz.0.1544': attribute type 6 has an invalid length.
[  206.526759][T10595] netlink: 'syz.2.1546': attribute type 1 has an invalid length.
[  206.561937][T10595] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  206.645424][T10597] batadv2: entered promiscuous mode
[  206.689088][T10600] __nla_validate_parse: 6 callbacks suppressed
[  206.689107][T10600] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1548'.
[  207.031243][T10618] FAULT_INJECTION: forcing a failure.
[  207.031243][T10618] name failslab, interval 1, probability 0, space 0, times 0
[  207.115513][T10618] CPU: 1 UID: 0 PID: 10618 Comm: syz.1.1555 Not tainted syzkaller #0 PREEMPT(full) 
[  207.115539][T10618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  207.115551][T10618] Call Trace:
[  207.115558][T10618]  <TASK>
[  207.115566][T10618]  dump_stack_lvl+0x189/0x250
[  207.115594][T10618]  ? __pfx____ratelimit+0x10/0x10
[  207.115618][T10618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.115640][T10618]  ? __pfx__printk+0x10/0x10
[  207.115664][T10618]  ? __pfx___might_resched+0x10/0x10
[  207.115682][T10618]  ? fs_reclaim_acquire+0x7d/0x100
[  207.115703][T10618]  should_fail_ex+0x414/0x560
[  207.115733][T10618]  should_failslab+0xa8/0x100
[  207.115754][T10618]  kmem_cache_alloc_node_noprof+0x77/0x710
[  207.115778][T10618]  ? __alloc_skb+0x112/0x2d0
[  207.115794][T10618]  ? netlink_autobind+0xdb/0x300
[  207.115818][T10618]  __alloc_skb+0x112/0x2d0
[  207.115840][T10618]  netlink_sendmsg+0x5c6/0xb30
[  207.115868][T10618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.115890][T10618]  ? aa_sock_msg_perm+0xf1/0x1d0
[  207.115917][T10618]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  207.115934][T10618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.115954][T10618]  __sock_sendmsg+0x21c/0x270
[  207.115980][T10618]  ____sys_sendmsg+0x505/0x830
[  207.116005][T10618]  ? __pfx_____sys_sendmsg+0x10/0x10
[  207.116034][T10618]  ? import_iovec+0x74/0xa0
[  207.116059][T10618]  ___sys_sendmsg+0x21f/0x2a0
[  207.116081][T10618]  ? __pfx____sys_sendmsg+0x10/0x10
[  207.116137][T10618]  ? __fget_files+0x2a/0x420
[  207.116153][T10618]  ? __fget_files+0x3a0/0x420
[  207.116179][T10618]  __x64_sys_sendmsg+0x19b/0x260
[  207.116202][T10618]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  207.116231][T10618]  ? __pfx_ksys_write+0x10/0x10
[  207.116257][T10618]  ? do_syscall_64+0xbe/0xfa0
[  207.116278][T10618]  do_syscall_64+0xfa/0xfa0
[  207.116294][T10618]  ? lockdep_hardirqs_on+0x9c/0x150
[  207.116310][T10618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.116327][T10618]  ? clear_bhb_loop+0x60/0xb0
[  207.116348][T10618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.116364][T10618] RIP: 0033:0x7fac05f8f6c9
[  207.116387][T10618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.116401][T10618] RSP: 002b:00007fac041ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  207.116421][T10618] RAX: ffffffffffffffda RBX: 00007fac061e5fa0 RCX: 00007fac05f8f6c9
[  207.116433][T10618] RDX: 0000000004000080 RSI: 0000200000000100 RDI: 0000000000000003
[  207.116445][T10618] RBP: 00007fac041ee090 R08: 0000000000000000 R09: 0000000000000000
[  207.116456][T10618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.116470][T10618] R13: 00007fac061e6038 R14: 00007fac061e5fa0 R15: 00007fff90d25e38
[  207.116501][T10618]  </TASK>
[  207.422428][T10621] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  207.430291][T10621] netlink: 'syz.2.1556': attribute type 4 has an invalid length.
[  207.438092][T10621] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1556'.
[  207.449780][T10621] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  207.459078][T10621] netlink: 'syz.2.1556': attribute type 4 has an invalid length.
[  207.466861][T10621] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1556'.
[  207.912650][T10642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1565'.
[  207.952823][    T9] IPVS: starting estimator thread 0...
[  207.959314][T10649] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  207.980428][T10642] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  207.991087][T10651] netlink: 'syz.3.1565': attribute type 1 has an invalid length.
[  208.024206][T10651] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1565'.
[  208.056129][T10650] IPVS: using max 33 ests per chain, 79200 per kthread
[  208.154989][T10657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1569'.
[  208.183312][T10663] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1570'.
[  208.224713][T10663] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1570'.
[  208.358800][T10672] netlink: 204732 bytes leftover after parsing attributes in process `syz.1.1573'.
[  208.619770][T10689] netlink: 'syz.1.1579': attribute type 1 has an invalid length.
[  208.636480][T10689] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1579'.
[  208.666160][T10693] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  208.699651][T10691] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  208.718078][T10691] netlink: 'syz.3.1581': attribute type 1 has an invalid length.
[  208.736342][T10693] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  208.762744][T10699] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[  208.802484][T10693] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  208.860213][T10702] batadv0: entered promiscuous mode
[  208.869522][T10702] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  208.878722][T10702] bridge1: port 1(macvlan2) entered blocking state
[  208.885645][T10702] bridge1: port 1(macvlan2) entered disabled state
[  208.892554][T10702] macvlan2: entered allmulticast mode
[  208.899179][T10702] batadv0: entered allmulticast mode
[  208.910552][T10702] macvlan2: entered promiscuous mode
[  208.928313][T10693] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  208.960146][T10709] syzkaller0: entered promiscuous mode
[  208.965830][T10709] syzkaller0: entered allmulticast mode
[  209.003745][   T36] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  209.047658][   T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  209.098654][   T60] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  209.121743][   T60] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  209.204477][T10720] FAULT_INJECTION: forcing a failure.
[  209.204477][T10720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.238523][T10720] CPU: 1 UID: 0 PID: 10720 Comm: syz.3.1590 Not tainted syzkaller #0 PREEMPT(full) 
[  209.238551][T10720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  209.238562][T10720] Call Trace:
[  209.238568][T10720]  <TASK>
[  209.238576][T10720]  dump_stack_lvl+0x189/0x250
[  209.238604][T10720]  ? __pfx____ratelimit+0x10/0x10
[  209.238629][T10720]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.238650][T10720]  ? __pfx__printk+0x10/0x10
[  209.238665][T10720]  ? __might_fault+0xb0/0x130
[  209.238697][T10720]  should_fail_ex+0x414/0x560
[  209.238725][T10720]  _copy_from_user+0x2d/0xb0
[  209.238746][T10720]  ___sys_sendmsg+0x158/0x2a0
[  209.238766][T10720]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.238825][T10720]  ? __might_fault+0xb0/0x130
[  209.238851][T10720]  __sys_sendmmsg+0x227/0x430
[  209.238876][T10720]  ? __pfx___sys_sendmmsg+0x10/0x10
[  209.238903][T10720]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  209.238948][T10720]  ? ksys_write+0x22a/0x250
[  209.238973][T10720]  ? __pfx_ksys_write+0x10/0x10
[  209.239000][T10720]  __x64_sys_sendmmsg+0xa0/0xc0
[  209.239020][T10720]  do_syscall_64+0xfa/0xfa0
[  209.239034][T10720]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.239050][T10720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.239066][T10720]  ? clear_bhb_loop+0x60/0xb0
[  209.239085][T10720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.239101][T10720] RIP: 0033:0x7faa8bb8f6c9
[  209.239117][T10720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.239131][T10720] RSP: 002b:00007faa8ca1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  209.239150][T10720] RAX: ffffffffffffffda RBX: 00007faa8bde5fa0 RCX: 00007faa8bb8f6c9
[  209.239163][T10720] RDX: 00000000040001b6 RSI: 0000200000001540 RDI: 0000000000000003
[  209.239182][T10720] RBP: 00007faa8ca1f090 R08: 0000000000000000 R09: 0000000000000000
[  209.239192][T10720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  209.239202][T10720] R13: 00007faa8bde6038 R14: 00007faa8bde5fa0 R15: 00007fff44e3fbf8
[  209.239230][T10720]  </TASK>
[  209.686152][T10735] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  209.748626][T10741] bridge0: port 3(hsr0) entered blocking state
[  209.758812][T10741] bridge0: port 3(hsr0) entered disabled state
[  209.766593][T10741] hsr0: entered allmulticast mode
[  209.776442][T10741] hsr_slave_0: entered allmulticast mode
[  209.789109][T10741] hsr_slave_1: entered allmulticast mode
[  209.814893][T10741] hsr0: entered promiscuous mode
[  209.825120][T10741] bridge0: port 3(hsr0) entered blocking state
[  209.831707][T10741] bridge0: port 3(hsr0) entered forwarding state
[  209.969985][T10756] vlan0: entered promiscuous mode
[  209.975796][T10756] hsr_slave_1: entered promiscuous mode
[  209.987775][T10756] vlan0: entered allmulticast mode
[  209.995921][T10756] hsr_slave_1: entered allmulticast mode
[  210.103822][    C0] 
[  210.106178][    C0] ============================================
[  210.112326][    C0] WARNING: possible recursive locking detected
[  210.118494][    C0] syzkaller #0 Not tainted
[  210.122906][    C0] --------------------------------------------
[  210.129068][    C0] syz.4.1606/10762 is trying to acquire lock:
[  210.135142][    C0] ffff88807deecf30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x237/0x360
[  210.144222][    C0] 
[  210.144222][    C0] but task is already holding lock:
[  210.151586][    C0] ffff888030f84f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x380/0xcb0
[  210.161973][    C0] 
[  210.161973][    C0] other info that might help us debug this:
[  210.170030][    C0]  Possible unsafe locking scenario:
[  210.170030][    C0] 
[  210.177467][    C0]        CPU0
[  210.180725][    C0]        ----
[  210.183984][    C0]   lock(&hsr->seqnr_lock);
[  210.188474][    C0]   lock(&hsr->seqnr_lock);
[  210.192956][    C0] 
[  210.192956][    C0]  *** DEADLOCK ***
[  210.192956][    C0] 
[  210.201077][    C0]  May be due to missing lock nesting notation
[  210.201077][    C0] 
[  210.209374][    C0] 9 locks held by syz.4.1606/10762:
[  210.214551][    C0]  #0: ffff88806dd27ac8 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  210.224810][    C0]  #1: ffffc90000007be0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x5f0
[  210.234795][    C0]  #2: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: hsr_announce+0x83/0x360
[  210.243912][    C0]  #3: ffff888030f84f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: send_hsr_supervision_frame+0x380/0xcb0
[  210.254604][    C0]  #4: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0x9e/0x2860
[  210.264106][    C0]  #5: ffffffff8df3d700 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x284/0x3740
[  210.274046][    C0]  #6: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: br_dev_xmit+0x185/0x1840
[  210.283284][    C0]  #7: ffffffff8df3d700 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x284/0x3740
[  210.293220][    C0]  #8: ffffffff8df3d6a0 (rcu_read_lock){....}-{1:3}, at: hsr_dev_xmit+0x2d/0x360
[  210.302379][    C0] 
[  210.302379][    C0] stack backtrace:
[  210.308277][    C0] CPU: 0 UID: 0 PID: 10762 Comm: syz.4.1606 Not tainted syzkaller #0 PREEMPT(full) 
[  210.308298][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  210.308308][    C0] Call Trace:
[  210.308314][    C0]  <IRQ>
[  210.308320][    C0]  dump_stack_lvl+0x189/0x250
[  210.308349][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.308367][    C0]  ? __pfx__printk+0x10/0x10
[  210.308380][    C0]  ? ip_finish_output2+0x452/0x1160
[  210.308399][    C0]  print_deadlock_bug+0x28b/0x2a0
[  210.308417][    C0]  validate_chain+0x1a3f/0x2140
[  210.308433][    C0]  ? ip_output+0x5b/0x450
[  210.308453][    C0]  ? __pfx_skb_network_protocol+0x10/0x10
[  210.308474][    C0]  __lock_acquire+0xab9/0xd20
[  210.308493][    C0]  ? hsr_dev_xmit+0x237/0x360
[  210.308510][    C0]  lock_acquire+0x120/0x360
[  210.308523][    C0]  ? hsr_dev_xmit+0x237/0x360
[  210.308544][    C0]  ? hsr_dev_xmit+0x237/0x360
[  210.308561][    C0]  _raw_spin_lock_bh+0x36/0x50
[  210.308581][    C0]  ? hsr_dev_xmit+0x237/0x360
[  210.308598][    C0]  hsr_dev_xmit+0x237/0x360
[  210.308617][    C0]  ? hsr_dev_xmit+0x2d/0x360
[  210.308635][    C0]  dev_hard_start_xmit+0x2d7/0x830
[  210.308657][    C0]  __dev_queue_xmit+0x172a/0x3740
[  210.308679][    C0]  ? __dev_queue_xmit+0x284/0x3740
[  210.308698][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[  210.308713][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  210.308727][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  210.308753][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[  210.308767][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  210.308785][    C0]  ? do_raw_read_unlock+0x3d/0x80
[  210.308804][    C0]  ? ebt_do_table+0x265b/0x2820
[  210.308818][    C0]  ? __lock_acquire+0xab9/0xd20
[  210.308844][    C0]  br_dev_queue_push_xmit+0x6c5/0x890
[  210.308869][    C0]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  210.308889][    C0]  ? NF_HOOK+0x9e/0x3c0
[  210.308906][    C0]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  210.308924][    C0]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  210.308942][    C0]  NF_HOOK+0x320/0x3c0
[  210.308960][    C0]  ? NF_HOOK+0x9e/0x3c0
[  210.308976][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  210.308994][    C0]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  210.309016][    C0]  br_forward_finish+0xd3/0x130
[  210.309034][    C0]  ? __pfx_br_dev_queue_push_xmit+0x10/0x10
[  210.309052][    C0]  ? __pfx_br_forward_finish+0x10/0x10
[  210.309069][    C0]  ? __pfx_br_forward_finish+0x10/0x10
[  210.309086][    C0]  NF_HOOK+0x320/0x3c0
[  210.309104][    C0]  ? NF_HOOK+0x9e/0x3c0
[  210.309120][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  210.309138][    C0]  ? __pfx_br_forward_finish+0x10/0x10
[  210.309159][    C0]  __br_forward+0x41e/0x600
[  210.309176][    C0]  ? __pfx_br_forward_finish+0x10/0x10
[  210.309195][    C0]  ? __pfx___br_forward+0x10/0x10
[  210.309214][    C0]  ? skb_clone+0x246/0x3a0
[  210.309232][    C0]  maybe_deliver+0xb5/0x160
[  210.309251][    C0]  br_flood+0x31a/0x6a0
[  210.309275][    C0]  ? br_dev_xmit+0x185/0x1840
[  210.309288][    C0]  br_dev_xmit+0x11b3/0x1840
[  210.309302][    C0]  ? br_dev_xmit+0x185/0x1840
[  210.309316][    C0]  ? __pfx_br_dev_xmit+0x10/0x10
[  210.309329][    C0]  ? __pfx_validate_xmit_xfrm+0x10/0x10
[  210.309343][    C0]  ? __pfx_netif_skb_features+0x10/0x10
[  210.309359][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  210.309374][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  210.309391][    C0]  ? validate_xmit_skb+0xd78/0x1500
[  210.309410][    C0]  dev_hard_start_xmit+0x2d7/0x830
[  210.309431][    C0]  __dev_queue_xmit+0x172a/0x3740
[  210.309450][    C0]  ? kasan_save_track+0x3e/0x80
[  210.309472][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  210.309487][    C0]  ? __dev_queue_xmit+0x284/0x3740
[  210.309503][    C0]  ? kasan_save_track+0x3e/0x80
[  210.309521][    C0]  ? __kasan_save_free_info+0x46/0x50
[  210.309541][    C0]  ? kmem_cache_free+0x19b/0x690
[  210.309561][    C0]  ? skb_queue_purge_reason+0x2c8/0x360
[  210.309580][    C0]  ? packet_release+0xb29/0xcb0
[  210.309592][    C0]  ? sock_close+0xc3/0x240
[  210.309609][    C0]  ? __fput+0x44c/0xa70
[  210.309624][    C0]  ? task_work_run+0x1d4/0x260
[  210.309643][    C0]  ? exit_to_user_mode_loop+0xe9/0x130
[  210.309655][    C0]  ? do_syscall_64+0x2bd/0xfa0
[  210.309669][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.309683][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  210.309705][    C0]  ? __copy_skb_header+0xa7/0x550
[  210.309721][    C0]  ? __asan_memcpy+0x40/0x70
[  210.309742][    C0]  ? hsr_addr_subst_dest+0x307/0xac0
[  210.309760][    C0]  ? skb_clone+0x246/0x3a0
[  210.309777][    C0]  hsr_forward_skb+0x158b/0x2860
[  210.309801][    C0]  ? hsr_forward_skb+0x9e/0x2860
[  210.309821][    C0]  ? __pfx_hsr_forward_skb+0x10/0x10
[  210.309840][    C0]  ? do_raw_spin_lock+0x121/0x290
[  210.309860][    C0]  ? __asan_memset+0x22/0x50
[  210.309877][    C0]  ? __skb_pad+0x405/0x610
[  210.309895][    C0]  send_hsr_supervision_frame+0x731/0xcb0
[  210.309918][    C0]  ? __pfx_send_hsr_supervision_frame+0x10/0x10
[  210.309938][    C0]  hsr_announce+0x1d5/0x360
[  210.309955][    C0]  ? hsr_announce+0x83/0x360
[  210.309972][    C0]  ? __pfx_hsr_announce+0x10/0x10
[  210.309992][    C0]  call_timer_fn+0x17e/0x5f0
[  210.310006][    C0]  ? __pfx_hsr_announce+0x10/0x10
[  210.310023][    C0]  ? call_timer_fn+0xbe/0x5f0
[  210.310036][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  210.310052][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  210.310071][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  210.310084][    C0]  ? __pfx_hsr_announce+0x10/0x10
[  210.310102][    C0]  __run_timer_base+0x61a/0x860
[  210.310126][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  210.310145][    C0]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[  210.310168][    C0]  run_timer_softirq+0xb7/0x180
[  210.310188][    C0]  handle_softirqs+0x286/0x870
[  210.310204][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  210.310220][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  210.310238][    C0]  __irq_exit_rcu+0xca/0x1f0
[  210.310252][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  210.310274][    C0]  irq_exit_rcu+0x9/0x30
[  210.310287][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  210.310309][    C0]  </IRQ>
[  210.310313][    C0]  <TASK>
[  210.310319][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  210.310333][    C0] RIP: 0010:arch_stack_walk+0xaf/0x150
[  210.310351][    C0] Code: 00 00 48 c7 45 b8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 a8 00 00 00 00 48 c7 45 a0 00 00 00 00 48 c7 45 98 00 00 00 00 <48> c7 45 90 00 00 00 00 48 c7 45 88 00 00 00 00 48 c7 45 80 00 00
[  210.310364][    C0] RSP: 0018:ffffc9000c04f6c8 EFLAGS: 00000246
[  210.310379][    C0] RAX: ffff888020339e40 RBX: ffffc9000c04f780 RCX: ffffc9000c04f750
[  210.310390][    C0] RDX: ffff888020339e40 RSI: ffffc9000c04f780 RDI: ffffffff81ac2ea0
[  210.310400][    C0] RBP: ffffc9000c04f750 R08: dffffc0000000000 R09: 0000000000000000
[  210.310410][    C0] R10: ffffc9000c04f810 R11: fffffbfff1ef9faf R12: ffff888020339e40
[  210.310421][    C0] R13: 0000000000000000 R14: ffffffff81ac2ea0 R15: 0000000000000000
[  210.310430][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  210.310452][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  210.310472][    C0]  ? arch_stack_walk+0xfc/0x150
[  210.310491][    C0]  stack_trace_save+0x9c/0xe0
[  210.310509][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  210.310527][    C0]  ? stack_depot_save_flags+0x40/0x860
[  210.310550][    C0]  ? __lock_acquire+0xab9/0xd20
[  210.310563][    C0]  kasan_save_track+0x3e/0x80
[  210.310599][    C0]  ? skb_queue_purge_reason+0x2c8/0x360
[  210.310619][    C0]  __kasan_save_free_info+0x46/0x50
[  210.310635][    C0]  __kasan_slab_free+0x5c/0x80
[  210.310668][    C0]  kmem_cache_free+0x19b/0x690
[  210.310690][    C0]  skb_queue_purge_reason+0x2c8/0x360
[  210.310712][    C0]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  210.310731][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[  210.310749][    C0]  ? packet_release+0xaf8/0xcb0
[  210.310764][    C0]  packet_release+0xb29/0xcb0
[  210.310780][    C0]  ? __pfx_packet_release+0x10/0x10
[  210.310792][    C0]  ? down_write+0x162/0x1f0
[  210.310812][    C0]  sock_close+0xc3/0x240
[  210.310839][    C0]  ? __pfx_sock_close+0x10/0x10
[  210.310856][    C0]  __fput+0x44c/0xa70
[  210.310874][    C0]  task_work_run+0x1d4/0x260
[  210.310895][    C0]  ? __pfx_task_work_run+0x10/0x10
[  210.310916][    C0]  ? exit_to_user_mode_loop+0x40/0x130
[  210.310930][    C0]  exit_to_user_mode_loop+0xe9/0x130
[  210.310943][    C0]  do_syscall_64+0x2bd/0xfa0
[  210.310957][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.310970][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  210.310984][    C0]  ? clear_bhb_loop+0x60/0xb0
[  210.310999][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.311012][    C0] RIP: 0033:0x7f150358f6c9
[  210.311025][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.311037][    C0] RSP: 002b:00007fffcaf21e48 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  210.311052][    C0] RAX: 0000000000000000 RBX: 000000000003345e RCX: 00007f150358f6c9
[  210.311061][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  210.311069][    C0] RBP: 00007f15037e7da0 R08: 0000000000000001 R09: 0000001acaf2213f
[  210.311078][    C0] R10: 0000001b2fe20000 R11: 0000000000000246 R12: 00007f15037e5fac
[  210.311096][    C0] R13: 00007f15037e5fa0 R14: ffffffffffffffff R15: 00007fffcaf21f60
[  210.311112][    C0]  </TASK>