last executing test programs:

2.66818422s ago: executing program 0 (id=6754):
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a010200000000000000000a0000060900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000c080003400000000008000140000000010800014000000009080001400000000b0800014000000015080001400000001508000240000080"], 0x78}, 0x1, 0x0, 0x0, 0x48055}, 0x1000c080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000008611034000000000063012c00000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r3, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x10008890}, 0x20000000)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'ip6gre0\x00', <r6=>0x0, 0x29, 0x5, 0xd, 0xcaa, 0xa, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x7800, 0x1, 0x9}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={<r7=>0x0, @initdev, @initdev}, &(0x7f00000001c0)=0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r8=>0x0})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@private0, <r9=>0x0}, &(0x7f0000000280)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'syztnl1\x00', &(0x7f00000002c0)={'syztnl1\x00', <r10=>0x0, 0x4, 0x2, 0x18, 0x4, 0x8, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x700, 0x8000, 0x8}})
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'geneve1\x00', <r13=>0x0})
sendto$packet(r12, 0x0, 0x0, 0x20008801, &(0x7f0000000200)={0x11, 0x8100, r13, 0x1, 0x0, 0x6, @remote}, 0x14)
r14 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r14, 0x8933, &(0x7f0000000500)={'team0\x00', <r15=>0x0})
r16 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r16, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001a80)=@newqdisc={0x48, 0x24, 0xf0b, 0x3fff, 0x25dfdbfc, {0x0, 0x0, 0x12, r15, {0x0, 0xf}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x8000}]}}]}, 0x48}}, 0x4c094)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f00000003c0)={'tunl0\x00', <r17=>0x0, 0x10, 0x10, 0x13, 0x3, {{0x10, 0x4, 0x1, 0x0, 0x40, 0x65, 0x0, 0x3, 0x29, 0x0, @remote, @broadcast, {[@lsrr={0x83, 0xb, 0x4b, [@local, @loopback]}, @ra={0x94, 0x4, 0x1}, @noop, @cipso={0x86, 0x15, 0x0, [{0x0, 0xf, "f2101c90b576ae6d00ddc2cad8"}]}, @ra={0x94, 0x4}]}}}}})
r18 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r18, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r19=>0x0})
bind$can_j1939(r18, &(0x7f0000000180)={0x1d, r19, 0x2, {0x2, 0xfd}, 0xfd}, 0x18)
sendmsg$can_j1939(r18, &(0x7f0000001dc0)={&(0x7f0000000d40)={0x1d, r19, 0x2, {}, 0x2}, 0x18, &(0x7f0000001d80)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4000080)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r20=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000680)={0x210, r1, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r19}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r20}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x10}, 0x40)

2.572647414s ago: executing program 0 (id=6757):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f00000011c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr=0x64010102, @multicast1=0xe0000300}, @redirect={0x5, 0x0, 0x0, @loopback, {0x5, 0x4, 0x1, 0x0, 0x1, 0x66, 0x6, 0x3, 0x6c, 0x0, @broadcast, @local}}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000200)={@empty=0xff00, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c)

2.324196644s ago: executing program 0 (id=6760):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois', 0x8)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000003c0)="a10016", 0x3}], 0x1}}], 0x1, 0x30008001)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9, 0x6}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_SRC_MASK={0xa, 0x7, [0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}, @TCA_FLOWER_KEY_ETH_SRC={0xa, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}}]}}]}, 0x4c}}, 0x24044094)

1.900791039s ago: executing program 4 (id=6770):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
recvmmsg(r3, &(0x7f0000004380), 0x0, 0xc0000000, &(0x7f0000004580)={0x77359400})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x38}, [@initr0]}, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x1, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

1.59524132s ago: executing program 2 (id=6775):
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000002b40), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x2000000, 0x0, 0x20000000}, 0x4000080)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (fail_nth: 24)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
sendmsg$NFC_CMD_DEV_UP(r2, 0x0, 0x4008054)
sendmmsg(r0, 0x0, 0x0, 0x8000)
write$nci(r1, 0x0, 0x3b)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="190000000400000008000000"], 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)

1.145283652s ago: executing program 1 (id=6777):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e5159a58257c6e1aed068f52", 0x50}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d34d9f1234d8", 0x25}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c363112c81f005fb311", 0x31}, {0x0}], 0x5}, 0x800)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.104363962s ago: executing program 2 (id=6778):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r0, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0c}]}]}, 0x3c}}, 0x0)

1.012963382s ago: executing program 3 (id=6779):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@random="e90c610faca2", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x18, 0x0, @wg=@data={0x4, 0x485cb6fc, 0x7fff}}}}}}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x1, 0x5}}}}}}}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r2, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x7}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0xe8}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c0c1}, 0x40044)
r3 = socket$tipc(0x1e, 0x5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x0, 0x1}}}, 0xb8}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x17, 0x56, 0xd23}, 0x18}}, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b705000000000000850000000400000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0xffffffffffffffff, <r8=>0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x20)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
pipe(&(0x7f000000cc80)={<r10=>0xffffffffffffffff})
splice(r10, &(0x7f000000ccc0)=0xffffffff, r9, 0x0, 0x5, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="85000000b800000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1, <r11=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9a, 0x0, 0x0, 0x0, 0x8001}, [@map_fd={0x18, 0x1, 0x1, 0x0, r7}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0xa, 0x2, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000006c0)=[r8, r10, r11], &(0x7f0000000700)=[{0x4, 0x3, 0x1, 0x5}], 0x10, 0x1}, 0x94)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001080)=ANY=[@ANYBLOB="3000000040000701feffffff00000000047c0000040042801400018006000600800a000008001c00", @ANYRES16=r4, @ANYRES8=r3], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
getsockopt$inet6_buf(r5, 0x29, 0x30, &(0x7f0000000080)=""/96, &(0x7f0000000100)=0x60)

970.204426ms ago: executing program 2 (id=6780):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, 0x0, 0x0)
shutdown(r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="28000000120065f2000000005c8602fb93ba9c00", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00.'], 0x28}, 0x1, 0x0, 0x2000000}, 0x0)

926.902859ms ago: executing program 1 (id=6781):
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r2, &(0x7f0000001000)={&(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000140)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1ab5", 0x5c9}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d7729d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7187e45a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f00000000", 0xe5}, {&(0x7f0000000cc0)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435ae156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd58c572f714f6852063afc8358fb33ccb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c", 0xdc}, {&(0x7f00000003c0)="f2a0f0f863621a483b19e7ecfce0d34e53fbf295927214684f4d69e973ac2fa5fd0ddf47c314ac0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93227bbe5a4a93e14eb44aacf27f9060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a0552c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a2", 0x14f}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a125971357630b6f3eb4fb4064c42c2b2519a1c77824df6f0653fb116149fcb5c7e46fce32b1de7f511951d4b1ae47781250afdb11680684c1d2854810a90dbe10016823346663fdf1df6200a0dc3cafe8ec225fda", 0xfe}, {&(0x7f0000000800)="3a0846cacd7448e2015cc9a09c5f5608265e1e0fe02aa9077d7ddd960ba112fe1c64f57cba71e7ad8bbdc06a3299398e39498fc459bc1745e3d21a7ca987a4f4b774fe331d20dab2e846a721ff43b0491dc4cb32e16330e0d7d520f4887da0d6f356f8ef230b9b237409", 0x6a}, {&(0x7f0000000300)="77729a", 0x3}], 0x7, &(0x7f0000000580)=[@ip_pktinfo={{0x20, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

925.68294ms ago: executing program 4 (id=6782):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4000)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_LOOPBACK(r3, 0x65, 0x3, &(0x7f0000000080), 0x4)
listen(r1, 0x2)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

814.825088ms ago: executing program 0 (id=6783):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmsg$sock(r0, &(0x7f0000000940)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e5159a58257c6e", 0x4b}, {0x0}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c363112", 0x2b}, {0x0}], 0x6}, 0x800)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x8c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x4, 0x2, {{}, [@TCA_NETEM_SLOT={0x2c}, @TCA_NETEM_RATE={0x14}]}}}]}, 0x8c}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={r0, 0xe0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[0x0, 0x0, 0x0], <r6=>0x0, 0x3d, &(0x7f0000000a40)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000a80), &(0x7f0000000ac0), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000b00)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x20, 0x4, &(0x7f0000000700)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}], &(0x7f0000000740)='GPL\x00', 0xa2, 0xb5, &(0x7f0000000780)=""/181, 0x41000, 0x82, '\x00', r5, @fallback=0x29, 0xffffffffffffffff, 0x8, &(0x7f0000000840)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0x6, 0x8, 0x7}, 0x10, r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffff}, 0x94)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

733.4621ms ago: executing program 4 (id=6784):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmsg$sock(r0, &(0x7f0000000940)={&(0x7f0000000300)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {0x0}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e5159a58257c6e", 0x4b}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d3", 0x20}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c36", 0x29}, {0x0}], 0x6}, 0x800)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

732.749311ms ago: executing program 2 (id=6785):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0xc3, &(0x7f0000000080)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb5, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, @remote, @empty, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e256b28c04000000fb52"}, {0x0, 0x9, "789607675ca638"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "c600"/14}, {0x0, 0xa, "65807fe97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x6, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x2, [{0x1, 0x6, "7f36c525"}]}]}}, "9ee54763f3"}}}}}, 0x0)

731.969909ms ago: executing program 3 (id=6786):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a001700000000040037000900030001632564b758b9a64411f6bb744dc48f57", 0x39}], 0x1) (async)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x23, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000580)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xfffffffffffffdd2) (async)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) (async)
r3 = accept$alg(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000005500)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000400)="06167ead34cd1eaf2108c04df96e99fa4435f9041305000000c12b8431d17955ae1ec78709eee9acf825fdb672651f7eafb44b576930afb4b6a86cedf38debd6dc69f3a50d5742daa7081df08bd8118dcd6d9d18830c7d79d8cfc400c32f036a5f9c4c57ee413c63896d23fd6f716fc18a5084e2acaad504a30fd2e05eaf276edb5bab4d25a582d495fe37ddadd45325c2fcac2337ec9e931bea41d272bcf5deda77fb3f39365450f9aa8ec74a24eb1ffcff061aff127308351e0368290b5aadd3a2de3d03d642a56a2c5ee970d9fd27461f1c0df6c2dc31e8a1f8ce8b162681dc76de433649e24532cfb09b2269812115b7a7cbbc255927459cef78eca783baf8eb0b55198891ce6043c0cad151c2bc77d3b95c94f81bf5526dc8ec79577f9ad2415a2f32d4ed6e07b9b29d699eb66d885ddf2a3088a03f7a18e7e90fee79ec33d1", 0x142}, {&(0x7f0000000180)="23ade41881a1e7ca07379924e2cb53138ec1e2ac415947eb6c7f56319ff90032d5b900000000c49134d1d57bf4cf20e6ba85156f3c5aa55a181146316537eceea0fff85f05333feea12645495ffa00000000000000", 0x55}, {&(0x7f0000000140)="66348451d22f5e2e4385e0bf75c5c3d30327039c072cd147f3b25df80100010000000004706aa85896228ef23136cbc160147a23", 0x34}, {&(0x7f0000000840)="000000000100000058473cabd427d746ca7d9bbf4f24ec7659b1c254940281f0a248dfc8c103fad1369a53e340d110b77170735064ceae5fcf381d21cc8960440e0a459705262c4c53065f369fe8e63b46a53009cec75dd608e2e86ff9b9c7650112b91fdcca8616f6013241ceff93fd8cdab5a479b9614318eedd5a609b633b114f0030c80bc3b7fe6320e9f2e5a824c14aa3cccac383bacd0a126a9675ad5c41c171807570ac0501332c2794950f4633a074325e58cd43cf8340513dbc10eaaf4ff3c4b8d98621267d8b1abdbf01d7de9a86c2d4373dd907da5ae1d44537fb96b50a65e0dd0ab100020000000000004c8f4e350b487c88a5fababc1cd73038625a27280000005c5610ba38f13d9f3b2605404c5137fc4a61d3fc2b061cd0820e0ce9489901d6854860a57b2f0cf41d58b8182bb215f5a5909782e2c0c18d78f7f0b8824f57a970d361d041f859641cb7e287c1c31307b48ff5f69f", 0x15c}, {&(0x7f0000000280)="1b1eb47967b8c59413baaf1384ad9c758abf845c5714a919ca02735c5514fa78f9f084d72227c10900000000000000169535d0b2bb594ecb92b8df361bca805ac5595a389d39a58a35c0ff662c2c83431c0c2e2ece5ca6a104d1d45c1c15ca4d75cab6b1bb923cac1c51270bf5230d77cf4c79ba54a6c45a345cc13208fa430c1e54548e5a9c5cf45337451511abc0a7d3539ac22191025d5655a5d05c4024b8cb0fb4aabeb6fd575b631eedf691f55e7f6d2c2a8b3e08520a96eb0aa5db49afc24b7a78cf11373b0000", 0xca}], 0x5, 0x0, 0x0, 0x4}], 0x1, 0x4014)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r4, @ANYBLOB="40005200060010"], 0x24}}, 0x0) (async)
recvmmsg(r2, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x3, 0x0) (async)
r6 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r6, 0x7) (async)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r7, 0x100)
r8 = socket$inet(0xa, 0x800, 0x9)
listen(r8, 0x1) (async)
r9 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r9, 0x7) (async)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r10, 0x100) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x37) (async)
r11 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) (async)
r12 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000020000000800000002"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r12, @ANYRES32=r11, @ANYBLOB='\a'], 0x10) (async)
close(r11) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))

730.859618ms ago: executing program 1 (id=6787):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b80)=@mangle={'mangle\x00', 0x2, 0x6, 0x578, 0x0, 0x3d8, 0xd0, 0x3d8, 0x3d8, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@ipv6={@mcast2, @ipv4={'\x00', '\xff\xff', @remote}, [0x0, 0xff, 0xff000000, 0xff000000], [0x0, 0xffffff00, 0xffffff00, 0xffffffff], 'gretap0\x00', 'batadv0\x00', {}, {0xff}, 0x11, 0x5, 0x1, 0x18}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe0, 0x0, {0x0, 0xd803000000000000}}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0xfc, 0x6}}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0xb4}, @initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, [0xffffff00], [0xffffff00], 'ip6gre0\x00', 'bond_slave_0\x00', {}, {0xff}}, 0x0, 0xf0, 0x138, 0x48000000, {}, [@common=@dst={{0x48}, {0xff, 0x4, 0x0, [0x1, 0x7a, 0xfffd, 0x3f4, 0x0, 0x3, 0x5, 0x0, 0x8, 0x30, 0xe5, 0x4, 0x1, 0x6, 0x0, 0x7], 0x6}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 'ip6gre0\x00', {0x4}}}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0xd}, [0x0, 0xffff00, 0xffffffff], [0xffffff00, 0xffffff00, 0xffffff00, 0xff000000], 'nr0\x00', 'vxcan1\x00', {}, {}, 0x62, 0x5, 0x3, 0x20}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@remote, @ipv6=@mcast1, 0x6, 0x27, 0xd}}}, {{@ipv6={@loopback, @private0, [0xff000000, 0xffffff, 0x0, 0xffffff00], [0xffffff00, 0xffffff00, 0xff, 0xff000000], 'pim6reg1\x00', 'ip6erspan0\x00', {}, {}, 0x6c, 0x80, 0x5, 0x61}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d8)

557.228211ms ago: executing program 1 (id=6788):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x12, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xebaa0691184db4d}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000340)="f48af2f68e1dbaf598783279afa415b85492b42f773f560d9e30767076acfd49c23a156f4188442337c124dc7a10153e34d6783bed938baaef96e0e51153a6d68398e3262c344ea576ce7312924faa922cfb045b3816dc713792c4e459fed67bf54fd18ea486b9", 0x67, 0x3)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0xffe0}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}}, 0x4010804)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

556.765815ms ago: executing program 2 (id=6789):
pipe(&(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
pipe(&(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0xe4ff, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00'], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

545.920888ms ago: executing program 0 (id=6790):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r0, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0c}]}]}, 0x3c}}, 0x0)

539.208064ms ago: executing program 3 (id=6791):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmsg$sock(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e5159a58257c6e1aed068f52", 0x50}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d34d9f1234d8", 0x25}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c363112c81f005fb311", 0x31}, {0x0}], 0x5}, 0x800)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

427.657495ms ago: executing program 4 (id=6792):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x24}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x535)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r1, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0x7ffffffd}}, 0x0, 0xf401, 0xe457, 0x300, 0x54, 0x6}, 0x9c)

425.886392ms ago: executing program 3 (id=6793):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois', 0x8)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000003c0)="a10016", 0x3}], 0x1}}], 0x1, 0x30008001)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9, 0x6}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_SRC_MASK={0xa, 0x7, [0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}, @TCA_FLOWER_KEY_ETH_SRC={0xa, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}}]}}]}, 0x4c}}, 0x24044094)

384.845199ms ago: executing program 0 (id=6794):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r3 = accept4$rose(0xffffffffffffffff, &(0x7f00000059c0)=@short={0xb, @remote, @default, 0x1, @rose}, &(0x7f0000005c40)=0x1c, 0x800)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000005c80)={'vxcan0\x00'})
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000005bc0)={<r4=>0x0, <r5=>0x0})
recvmmsg(r2, &(0x7f0000005a80)=[{{&(0x7f00000017c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001840)=""/219, 0xdb}, {&(0x7f0000001940)=""/47, 0x2f}, {&(0x7f0000001980)=""/8, 0x8}, {&(0x7f00000019c0)=""/193, 0xc1}, {&(0x7f0000001ac0)=""/223, 0xdf}], 0x5}}, {{&(0x7f0000001c40)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000003fc0)=[{&(0x7f0000001cc0)=""/73, 0x49}, {&(0x7f0000001d40)=""/72, 0x48}, {&(0x7f0000001dc0)=""/42, 0x2a}, {&(0x7f0000001e00)=""/164, 0xa4}, {&(0x7f0000001ec0)=""/154, 0x9a}, {&(0x7f0000001f80)=""/60, 0x3c}, {&(0x7f0000001fc0)=""/4096, 0x1000}, {&(0x7f0000002fc0)=""/4096, 0x1000}], 0x8, &(0x7f0000004040)=""/185, 0xb9}, 0xfffffffe}, {{&(0x7f0000004100)=@nfc_llcp, 0x80, &(0x7f0000005540)=[{&(0x7f0000004180)=""/153, 0x99}, {&(0x7f0000004240)=""/253, 0xfd}, {&(0x7f0000004340)=""/60, 0x3c}, {&(0x7f0000004380)=""/218, 0xda}, {&(0x7f0000004480)=""/4096, 0x1000}, {&(0x7f0000005480)=""/48, 0x30}, {&(0x7f00000054c0)=""/71, 0x47}], 0x7, &(0x7f00000055c0)=""/75, 0x4b}, 0x4}, {{&(0x7f0000005640)=@generic, 0x80, &(0x7f0000005880)=[{&(0x7f00000056c0)=""/133, 0x85}, {&(0x7f0000005780)=""/203, 0xcb}], 0x2, &(0x7f00000058c0)=""/93, 0x5d}, 0xffffffff}, {{&(0x7f0000005940)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000059c0), 0x0, &(0x7f0000005a00)=""/93, 0x5d}, 0xd}], 0x5, 0x40002002, &(0x7f0000005c00)={r4, r5+10000000})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x2}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)="820e02c941839f9f55ce562b1a051f515b577f0000000000fdbd4fad94fa6db50fc886d2e11bf6df934b4367abb7e94dc784db609688f069aa62e2592b4439ae0a9ca3ae1bb59fc2a36469a100f0558ee1c4cf7cff60ef7c0d3c293fa2fd2663e6e3fda49810b3435f5993318468cb086f7b847827f3909ed5d5", &(0x7f0000000080)="757775c7ff9e7773a9e63c5ad618a776d981af31b583c5b2c5fcfb12a372044645fed9df3f8562d9dfc355d58c29d3145aa10b61df7d61b9e11454a81c34ab518fe041cc5d9a7a35b44a9e9549cf773a689295519b6a4fe6950fde6ac4044f47bed0746062c4a8d7f64448c8bd76054dbef43a746d8f2a5e4865b75c635fc57d44512b936278288957305633028c91a8a7f902eba797ead2d40befc00a1fd628b1eee1b05b2b75f53ef9fb", 0xfffffffb, r6}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r6}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000340)={&(0x7f0000000200)="9452b1bfa7f5a683e67a348658c0df328693834f5f6e8b2e4c7d8ecd069186bfa593bef9d1ff4c1eb3b304ccd1bd72238f14780494f37371244aa117af408e361d1f2fe669734bf803cba1771ef27720dd0c9a19c3aa06e2761fb6c375d331a24bbb11a205ab38e391726b373f7f460467fb161c6da7e43b436d36cc6a48646663aab395a3b252c2d33e6dc105739c3bcba431f637b8f59436e5932c9364bb0cb523cd2da3", &(0x7f0000000700)=""/4096, &(0x7f0000000140)="2596e2b2b9ea6c12a4e47cc8727117c8878e66bda3dff1a3b2934b21d5e588e93a5af79531631aa97479edf52bbda6b865b1913a52ce13c085d4", &(0x7f00000002c0)="52f4bd809767b7f58e39506bbc45c107feb8ddc1705aba9b609917fc780898482484dafa3ccbe4495228895f609d1b72ebd1b1e87d6d2714fcd26621aa502cdadbe078fc83", 0xdb, r6}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001700)={0x18, 0x11, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc4000000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@map_idx_val={0x18, 0x6, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000440)='syzkaller\x00', 0x7, 0xca, &(0x7f0000000540)=""/202, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x2, 0xb, 0x3, 0x100}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000004c0)=[r6, r6], &(0x7f0000000640)=[{0x1, 0x5, 0x1, 0x9}, {0x4, 0x1, 0xc, 0xc}, {0x2, 0x4}, {0x1, 0x5, 0x3, 0xa}], 0x10, 0x7f}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000680))

379.303032ms ago: executing program 2 (id=6795):
r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000280)={[{0x2b, 'net'}, {0x6, 'rdma'}]}, 0xb)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000080)=0x8)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000006800010000000000000000000a0000000400000004000b"], 0x1c}}, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x30]}}, 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r8, 0x107, 0x18, &(0x7f0000000800)={0x0, 0x1, 0x6, @local}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r5, @ANYRESOCT=r7, @ANYRES64=0x0, @ANYRESDEC=r3, @ANYRESHEX=r6, @ANYRESHEX], 0x20000600}}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xfffffffd, 0x10}, 0xc)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x800000, @loopback}, 0x1c)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c0000001e00438b00000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000003ebfa7f3215512fa97d691d69b546359b3d93d5786c77300fc2c360f72ff6dcd64aabd03fb3cda430820d4f1e6d0a8c76745d4faafe7f0d90f483f986bebaa3054ea3ba24b5554c6c7dd96b183"], 0x5c}}, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r10, 0x0)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={r2, 0x64}, 0x8)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0xd1383000)
ioctl$FS_IOC_RESVSP(r10, 0x40305829, &(0x7f0000000040)={0x1100, 0x2, 0x8, 0x10003})
r11 = socket$kcm(0x29, 0x2, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r13=>0x0})
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000005c0)={r2, @in6={{0xa, 0x4e24, 0xce14, @loopback, 0x33}}, 0xffffffff, 0xff, 0x800100, 0x2b03, 0x326}, &(0x7f0000000300)=0x98)
sendmsg$NL80211_CMD_DISCONNECT(r12, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r13}, @val={0xc, 0x99, {0x8, 0x7c}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x10}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x91}, 0x0)
sendto$inet6(r1, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)

265.466923ms ago: executing program 4 (id=6796):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c00010040000000060000000c000100ff04000000000000d8fd010006000000090000000600050088a800000800feff", @ANYRES32, @ANYBLOB="08000500", @ANYRES16=r3], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)
sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10, 0x0}}], 0x1, 0x20008000)
recvmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)=""/112, 0x70}], 0x1}, 0x123)
shutdown(r0, 0x1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmsg$TEAM_CMD_OPTIONS_GET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)={0x60, 0x0, 0x1, 0xfff, 0x25dfdbff, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffff}}, {0x8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8080}, 0x12)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/80, 0x50}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x11, r7, 0x5f2bc000)
sendmsg$nl_route(r4, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_getnetconf={0x24, 0x52, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40041}, 0x48854)

173.009408ms ago: executing program 1 (id=6797):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000080c0)=@newtaction={0x58, 0x31, 0x901, 0x0, 0x0, {}, [{0x44, 0x1, [@m_nat={0x40, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x15, 0x6, "02122a1364ca4168600ce2c275478c859e"}, {0xc}, {0xc}}}]}]}, 0x58}}, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="ad56b6c5911f0600002300000000000000", 0x11)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @match={{0xa}, @val={0x4}}}]}], {0x14, 0x10}}, 0x98}}, 0x0)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x44, r6, 0x1, 0x0, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x80000002}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}]}, 0x44}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r4)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x3c, r8, 0xa00, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0xfffffffc, 0x25dfdbfc, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0)
pipe(&(0x7f00000001c0)={<r10=>0xffffffffffffffff})
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
ioctl$FS_IOC_GETFLAGS(r11, 0x80086601, &(0x7f0000000200))
mmap$xdp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x13, r10, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_dellink={0x80, 0x11, 0x100, 0x70bd27, 0x25dfdbfc, {0x7, 0x0, 0x0, r7, 0x2000, 0x40000}, [@IFLA_GROUP={0x8, 0x1b, 0x5}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x53e2}, @IFLA_MAP={0x24, 0xe, {0x9, 0x5, 0x2, 0xfffc, 0x0, 0x4}}, @IFLA_ADDRESS={0xa, 0x1, @random="f3b16642e165"}, @IFLA_ALT_IFNAME={0x14, 0x35, 'veth0_vlan\x00'}, @IFLA_EVENT={0x8, 0x2c, 0x1}, @IFLA_AF_SPEC={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x40}, 0x40800)

144.131253ms ago: executing program 3 (id=6798):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0x41}, 0x4e21}, {@in=@empty, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x8}, {0x0, 0xa0}, {}, 0x0, 0x3502, 0xa}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x70bd29, 0x70bd25, 0x70bd25, 0x70bd27, 0xcc}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x158}}, 0x1000)

44.066766ms ago: executing program 3 (id=6799):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000600)=0x1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x37, 0xa01, 0x0, 0x0, {0x80}}, 0x14}}, 0x8054)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310007000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a38000000140a01010000000000000000050000090c00064000000000000000010900020073797a32000000000900010073797a31001100010000000000000000000100000a6c3ff6526df9f97eb90503e5644c66bc300b119c5e642050ccc819a1733c954771c96ce2f0b326d3d2ce121e382edca40b6c9c170f4bf23c6c13f580109f6632715904d5d03fd6163960e5925fd40cc41b36161403ed61b3413868500b16ff752b336ea47dfba923e995b5293ae7bf8bb731c7a85b67880f6284dc060b2fbe973a4e4e5b4df54eeb21459040"], 0x60}, 0x1, 0x0, 0x0, 0x44050}, 0x4000000)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000680)={0x0, {0x2, 0x4e23, @local}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, {0x2, 0x4e24, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, 0x0, 0xf34, &(0x7f0000000640)='ipvlan1\x00', 0xbdbd, 0x1, 0x2})
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x4100, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c)

30.386984ms ago: executing program 1 (id=6800):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x4}}]}, 0x38}}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r3)
sendmsg$sock(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)}, {&(0x7f0000001400)="12b5ca8883a72c61be64d1809e4e551c8fcc795bacbc79d1a786c09a1861dfb427e430bee5b00ac73434620f11a914ef7cf7658efc365a26b43990993f60d4ffeb9cc31d7d5fc06ba7c3a4d828f40fca355cff79686f12971618904dc7d09e85e7a5f9194c4cae7983ee20f6c522b89ecc73c43438aad7dd15ff4738f5e4e1b7713142e7ff6cfc1b6cf7baba9ebf3b471cd0a72011fef02b46e280ad7a8c42d24bfb2ffe1518bc0fea207ec37a9e388c9dea8124df3f50a75f03df8d30d7b3b73e274042a52c058e1d85ef3b420b4dfce815cff6265e625a61b6fca9699edaadd192a3ae60c765260d1cbfb21f0cc30d8128b3783867b85873de07b02635d5573f9e578094a3ce6efbf44818daef38e14005a360909d226d7e13a86f6c83b6aaf615b6a2642d17bc2c56b8b0f8209e20ec1e0f58b0486493e511ab0a45b44a87340a9052ef5fba93c83753f1b101a744407f54d052188087c1cf43de80fd7bd5f3ce8585b5499959e6c3f5e17ae837d7c5627abb604947ad9906d641658f01464f48244182de8d5a8d037403ad4a964e2124177771a84806cda0682d58743928d2d16d83fd8b706a9669ac7605e8d857ac586dc2eda90715951c21bd116ade52f03cd61f3874aaefa77da678450228eb476d84bf175564a215e1683ced4bb9adba5daed835c6b38b61b213834aca56b86259784addb8601d26a42ad637ee296cd4382aaa7c1eaa5cbfa3a7177390bc646916aeb885d2dd43fc5b2dbbd2d184ba6cc6a439b95b5d814a8582405635b5c6bdb41c24af7a10bbd264eb2308a800a09705ac7856a7ac993cb4d88fea4cd1d5cf9e82e10c4badb996f4c0d5fd5866baf90a07d8777f793feb9250e22dd5190aa26c2a31412f1b41e0a65d0e435a9c5ebbf5205f6c6a117ce1fb16e8eb797e7d3eb5d62178dc0441941e9cb464814982ebe54195d73113efc971799121683f6e85d24ad6f21023868327b67446a36ebffda572b90f9b228a03b612e7e0ca09aac6b5710fc90f51c0efefb69b5d26ba9a1d8954832b1370d099d09c07fb2893d57d617ec0d626f1f96ee1608e0f8d9ca1b491578d639ac74b3ea568a474707ac756555d0ae9cdc609609e30d7ef2648fb8baa5854e58b60fac9ec9670c620ce6dcf3bbcca971cb5bf37462febde30e3865960627ceb15a11dd891160a2fcbb682c94a7de4e00fff20774364ffc4bfa31173261f1684dbbaa9addf0d9bc43539a7c09c6b98769aecf8529402bc66e37f0f20580e8e5f59ec48979957552fe17b897dcb4ed1a8d0fdf68d8c065c9d3501b387cf08c681326fcd79e7104eb50bc58a0140b594ad57b8d4be0c50f98e9c3e323d0a57001f8c6a094a7908315c7d7b33227861d2035649bb91daf77776e11159f3ebf7f3ed576adfc364f363e6f474dbbe3500c62c74193e7102fdf57b345066a6ebe47b4b469187631b586676e8e449fa215444366baf5d675f637a0f52c36a042d74957e94bd6d87061675da18128f69106970a9492d76dc312884bb7fcd88ca7e13f2914ba817724bc97ab634e845dfd1ab40344c33c7c202674ef959378abaf3f4fa038a6bbec31f5bd88f81240d2722dfa5e8621eb604db9ae06d49f0a56d64d525f3d41b367ed4d459f21baa3dc43c7cbe096f15bead83bc5ffe2f82128f2943a479556a39ab661bf0a86e0ad0520ab015112eeb06c13abc0da61cc6bf9508182d142696a4670fef7dcfa7a7e09f673c992f3acd4bafa7874c8bf9dc362943d7cd3c14d32bb7a8c3e3f1f55f500eca0c6fd0f199fefe601857e5307660c000cbd8f83f64e2afeb931f5dbba2d538f1c1d78c6ecd14af198f9e0ae4a8e2ef6cda63e059f5b3137946434418fd8920753c3ea5d054ad5d3da2749c94b23018be9495831a1ac647783823ac4f554bea483ee919824516f8d3d9d90753d69dd6375f0edafc98716d2aa7dbbf73208ee017fddec8c994cb5df3f74bfed87db0b88076c430495ce8a39b4b61003bb6c0e12a2f6d41a994537dadc0b389d5a1049e26b968d4aa8ded4fc38dec2ab5b14b5d0d0e24b37875e17d1066e0b04c807ef6712034f0cbd899e5cfd68143e0c3865c00a18fc7001fe9386acb55614fb7c739aef69bf21b8364e407fdb62e068359017714809d3a0b61b8bd046119f2a8e71f17908da23fbe13e50eafce63abba77a07695782fb01423efffe421bc9bede0df8ff1e163f677178eb84aec1c8517ca5a503fddba2a15878d0bf1bd255671f17417692a950fb0181150a08868107071661984c0099d588cc9456eb457fcb5fc37cec48a30aa0aa83251394fc1ec9cd0be2b7b95798a59ffd1d0a4b62e82de24bc54ad7c7385371bd27469d2631167e6c021f01f0e5ebf3819cb1f07e1cec4813ef51cc0b8e9c1069e472876e8721b81d64967edb507724fefb6128745623f6c3e520812ae1f373901d9e8f662d45aa7a1d51709960f82dc7580af43ca338631eb32259564e3379dbe0dc3bd700c8c7b04b66cff0b07d930e7a166fce6b0191283451c8dd50774b6c8d3adadd024c3faf1cf2ca2bc8d45804da21b56eb296a4f80b9a3a99fc6557b32de7db3c9637c8d481b29211c304127bf1504d6e5f9bc410d321d7cf28d55cc2f51eee3b284a67fbb8186391b2e0eae792aa886b8de71317131f17cff6d7f07775c64cb6ffad2eeedf8a650f8fdbfb9c1c2f0433369ce8c3d998e5cef6f3d6d791714e8ce2c0bfe99f893524dc832945874e80567164280a454b67339282406b152efcc57361aaec97ddf3643fd00bad9772130cabe0ff2b9355842e94d78df7a9792d1fa65f11f843c30d0db43eb952cf925e7cee0841227179a4752f3f72577c0e2b07e80f4675c1b9f673ff836b54b7ec04c9312102ba2bd1f41aa99f529f4758d91b298fc76209269cf064be9f2c72eb45efa50a2ba6c12041c6e94272b4f23235f36afafc64f22486aaabeb08ee5fd33de02812bb63b3eb71b3d9f95262fbdcc32dd6853beb822b2bab7fdef0d8a34b207d65b6cc6974c0f2979da42f4bc28f80b31735611a707a9212d13906f075c7d20675ddbb27edfd90a4770154d720cae0cc84b3429dc7d77498604f7cb786bd53a3f401d801602222962fde144e5f9fd5016d787a8992915c01091b5ee4c1f0747c80d32517d8e070fe04da5320b13c7e21c678fce1d34cbd2cd434d49b01e4dc154d88aad7431b8a456125ebd0995cb88f935c645341737a8a5122c11f197c8c37f4301325d79dc575000fed5fc73f5a9bfae94e6750aabd4481ce8e5df07fcd3f3f1043ac829a418ef3e84eaccaf24173254f74490831b9b2bf1719cacff67ed93bce09bf975b7ac4de15c6e9ca9baa4ea8ffd2f6ca83ec22316cf7cc795b9b2e3f67bd604d4b088c12cb4b7e137e1822b99555d95c3efcbb7bf5b9096d87ee3359cc2d6ca4ab049e8838fc24d84104683e3ea23cea700f53b8998d46276e29406858c425bf9fa69d7dbd1261c664e88bee5c0d9029c3c3e5870ac5a6e8d7fb62f8708f9da8aa5142e90992d4ab0eb76419bfb204a24df000d9f0767f4fb56fa4cebf3cc67ac91ba410ab0c761c4071ced60d723a50884056d89a7b631f29b329e3bb56b99eb8b71d1ca19de64e0631ffa99f2cbaf3caf1f5550bad84d1da4bf67cea04d1cce4d9522c1fb627c72d8f639e4118977f9f97f5bdad3b1e4f197f2f7b7671f5b2acb6d8f2317e85d8eafe56e87243cb698dcf6a58496a7ec5df54eb6fabb9fec8ce9e85b1840c4f255266b4bdf6c9c686ea4b7d3ab1e7be69695dbd2ce", 0xa7e}, {&(0x7f0000000600)="bbc6351d5b17d69316ec14fbebe6d4f456979602ad91ae24f9a1da6834e77a49a31a836afb32294cf8453b100f60525874c6dd34f59950a10b18499cd72145cf42ccb624e5159a58257c6e1aed068f52", 0x50}, {&(0x7f0000000680)="cc18101d6bec7dadde1d231d7be01e1a3ebed24c1f1b0cacbb731e37f14830d34d9f1234d81e", 0x26}, {&(0x7f00000006c0)="2219a8d1a15d2cc1d9f7e487ed6138173c17bebef35e5c731961e6d1d07d4bc0a9699ac13447f29c363112c81f00", 0x2e}], 0x5}, 0x800)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r3, 0x4040942c, &(0x7f0000000300)={0x0, 0x8, [0x9, 0x3800000000000000, 0x81, 0x1, 0x5]})
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180400000000000000000000000000007110a0000000000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0xf}, 0x90)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x134, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x108, 0x2, [@TCA_RED_STAB={0x104, 0x2, "55f4b32d215d09ad34a54ecd392b645312028acf803a4be046ac0250a6ab00acdbbcc0a681ef62574eb95c3668168a2237f2cc488cf760d067868e8021f61308c6db4e4ac2ec40342736d4b782ed114b6e548109d0d25d975663c05ceaa64032471a805702a7a92bca01e7f16cfd7858b64cf7168d9220b64044c8dab5221c7a97fe9b875c33dfe30b850d7b07be151a84a139feeb514347d3e58683a3a7a624b0c79700622bbb5c8f573b27d294ff211faa3ef5d05472c85cd1ed4d7bdfbbe8aea77753e983bf2350c11b80e2e0c058bc01ebfe9e4faec45b78bb3d2551f3fec86fca5bea0668c9c98e75db02191cc525ec2d3f9a4db0895a3ff2b1931fa0da"}]}}]}, 0x134}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa108000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000180)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x0, 0xe, 0x0, &(0x7f0000000600)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$FS_IOC_GETFSLABEL(r7, 0x89a3, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 4 (id=6801):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000340)=0x6, 0x4)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x14)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'batadv_slave_1\x00', &(0x7f0000000000)=@ethtool_rxfh={0x1, 0x0, 0x40000, 0x0, 0xfa}})
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000001c00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000280)="5338a384", 0x4}], 0x1, 0x0, 0x600}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB, @ANYRES32], 0x1f8}}, {{&(0x7f0000001200)={0x2, 0x4e22, @empty}, 0x10, &(0x7f00000019c0), 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="ac1414bbac14141e000000001100000000000000000000000100000001000000000000001c00000000000000000000000800", @ANYRES32=0x0, @ANYBLOB="7f00ffffffffffffff7f0000"], 0x188}}], 0x3, 0x20008000)

kernel console output (not intermixed with test programs):

er after parsing attributes in process `syz.1.6010'.
[  492.468015][T22048] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6010'.
[  494.121878][T22017] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  494.258965][T22066] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6018'.
[  494.281235][T22069] delete_channel: no stack
[  494.286751][T22069] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  494.294024][T22069] IPv6: NLM_F_CREATE should be set when creating new route
[  494.301409][T22069] IPv6: NLM_F_CREATE should be set when creating new route
[  494.415529][T22075] bond2: (slave veth5): Enslaving as an active interface with a down link
[  494.430718][T22077] team0: Cannot enslave team device to itself
[  494.510687][T22088] ip6t_rpfilter: unknown options
[  494.516008][T22090] ip6t_rpfilter: unknown options
[  494.530422][T22075] bond2: (slave veth7): Enslaving as an active interface with a down link
[  494.775690][T22105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6025'.
[  494.812817][T22105] bridge_slave_0: left allmulticast mode
[  494.818958][T22105] bridge_slave_0: left promiscuous mode
[  494.824896][T22105] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.854038][T22105] bridge_slave_1: left allmulticast mode
[  494.861129][T22105] bridge_slave_1: left promiscuous mode
[  494.866936][T22105] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.884397][T22105] bond0: (slave bond_slave_0): Releasing backup interface
[  494.899210][T22105] bond0: (slave bond_slave_1): Releasing backup interface
[  494.916893][T22105] team0: Port device team_slave_0 removed
[  494.926809][T22115] netlink: 'syz.0.6030': attribute type 1 has an invalid length.
[  494.929291][T22105] team0: Port device team_slave_1 removed
[  494.942401][T22105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  494.951904][T22105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  494.964662][T22105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  494.973013][T22105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  494.983354][T22105] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  495.103410][T22122] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6034'.
[  495.187087][T22128] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  495.301243][T22133] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6037'.
[  495.413979][T22142] vlan1: Caught tx_queue_len zero misconfig
[  495.450877][T22142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6041'.
[  495.592596][T22155] xt_ecn: cannot match TCP bits for non-tcp packets
[  495.981651][T22182] IPv6: NLM_F_CREATE should be specified when creating new route
[  496.093493][T22187] tipc: Started in network mode
[  496.108965][T22187] tipc: Node identity aaaaaaaaaa35, cluster identity 4711
[  496.121371][T22187] tipc: Enabled bearer <eth:macvlan1>, priority 2
[  496.163830][T22187] ip6gre1: entered promiscuous mode
[  496.515486][T22213] xt_hashlimit: size too large, truncated to 1048576
[  496.600276][T22217] xt_hashlimit: size too large, truncated to 1048576
[  496.702475][T22228] IPv4: Oversized IP packet from 172.20.20.24
[  496.710760][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  496.717441][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  496.958944][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  496.967020][    C1] lec:lec_tx_timeout: lec0
[  496.972194][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  497.118541][   T10] tipc: Node number set to 10463914
[  497.226426][T22270] netlink: 'syz.4.6076': attribute type 1 has an invalid length.
[  497.303188][T22273] __nla_validate_parse: 5 callbacks suppressed
[  497.303206][T22273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6077'.
[  497.324218][T22273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6077'.
[  497.375149][T22279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6078'.
[  497.380416][T22280] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6080'.
[  497.384330][T22279] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6078'.
[  499.905900][T22234] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  500.052635][T22296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6085'.
[  500.080156][T22300] FAULT_INJECTION: forcing a failure.
[  500.080156][T22300] name failslab, interval 1, probability 0, space 0, times 0
[  500.083339][T22294] wireguard0: entered promiscuous mode
[  500.098701][T22300] CPU: 0 UID: 0 PID: 22300 Comm: syz.4.6087 Not tainted syzkaller #0 PREEMPT(full) 
[  500.098732][T22300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  500.098741][T22300] Call Trace:
[  500.098747][T22300]  <TASK>
[  500.098754][T22300]  dump_stack_lvl+0xe8/0x150
[  500.098778][T22300]  should_fail_ex+0x412/0x560
[  500.098806][T22300]  should_failslab+0xa8/0x100
[  500.098828][T22300]  __kmalloc_cache_noprof+0x88/0x660
[  500.098845][T22300]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  500.098862][T22300]  ? sctp_add_bind_addr+0x8c/0x370
[  500.098883][T22300]  sctp_add_bind_addr+0x8c/0x370
[  500.098905][T22300]  sctp_copy_local_addr_list+0x314/0x4f0
[  500.098925][T22300]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  500.098942][T22300]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  500.098961][T22300]  ? sctp_v6_is_any+0x64/0x80
[  500.098979][T22300]  ? sctp_copy_one_addr+0x93/0x360
[  500.098999][T22300]  sctp_bind_addr_copy+0xb3/0x3c0
[  500.099014][T22300]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  500.099040][T22300]  sctp_connect_new_asoc+0x2ff/0x6b0
[  500.099064][T22300]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  500.099089][T22300]  ? __local_bh_enable_ip+0xd0/0x130
[  500.099107][T22300]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  500.099127][T22300]  ? security_sctp_bind_connect+0x7e/0x2c0
[  500.099149][T22300]  sctp_sendmsg+0x1528/0x2c10
[  500.099183][T22300]  ? __pfx_sctp_sendmsg+0x10/0x10
[  500.099200][T22300]  ? aa_sk_perm+0x15a/0x960
[  500.099220][T22300]  ? aa_sk_perm+0x82d/0x960
[  500.099239][T22300]  ? __might_fault+0xaf/0x130
[  500.099265][T22300]  ? __pfx_aa_sk_perm+0x10/0x10
[  500.099294][T22300]  ? sock_rps_record_flow+0x19/0x400
[  500.099317][T22300]  ? inet_sendmsg+0x2f4/0x370
[  500.099340][T22300]  __sys_sendto+0x627/0x7a0
[  500.099360][T22300]  ? __pfx___sys_sendto+0x10/0x10
[  500.099375][T22300]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  500.099407][T22300]  ? __fget_files+0x3a0/0x420
[  500.099433][T22300]  ? ksys_write+0x242/0x270
[  500.099452][T22300]  ? __pfx_ksys_write+0x10/0x10
[  500.099475][T22300]  __x64_sys_sendto+0xde/0x100
[  500.099494][T22300]  do_syscall_64+0x14d/0xf80
[  500.099512][T22300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.099525][T22300]  ? trace_irq_disable+0x37/0x100
[  500.099542][T22300]  ? clear_bhb_loop+0x40/0x90
[  500.099560][T22300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.099575][T22300] RIP: 0033:0x7fd3a5f9c629
[  500.099589][T22300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  500.099603][T22300] RSP: 002b:00007fd3a41f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  500.099621][T22300] RAX: ffffffffffffffda RBX: 00007fd3a6215fa0 RCX: 00007fd3a5f9c629
[  500.099634][T22300] RDX: 0000000000000001 RSI: 00002000000004c0 RDI: 0000000000000003
[  500.099646][T22300] RBP: 00007fd3a41f6090 R08: 0000200000000480 R09: 000000000000001c
[  500.099657][T22300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  500.099668][T22300] R13: 00007fd3a6216038 R14: 00007fd3a6215fa0 R15: 00007ffc7bad13a8
[  500.099699][T22300]  </TASK>
[  500.103981][T22294] wireguard0: entered allmulticast mode
[  500.226783][T22308] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.6091'.
[  500.430641][T22294] team0: Port device wireguard0 added
[  500.450015][T22309] sch_fq: defrate 0 ignored.
[  501.007212][T22359] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6106'.
[  501.085593][T22367] FAULT_INJECTION: forcing a failure.
[  501.085593][T22367] name failslab, interval 1, probability 0, space 0, times 0
[  501.130065][T22374] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  501.139510][T22367] CPU: 1 UID: 0 PID: 22367 Comm: syz.0.6111 Not tainted syzkaller #0 PREEMPT(full) 
[  501.139535][T22367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  501.139546][T22367] Call Trace:
[  501.139555][T22367]  <TASK>
[  501.139563][T22367]  dump_stack_lvl+0xe8/0x150
[  501.139590][T22367]  should_fail_ex+0x412/0x560
[  501.139618][T22367]  should_failslab+0xa8/0x100
[  501.139642][T22367]  __kmalloc_cache_noprof+0x88/0x660
[  501.139662][T22367]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  501.139681][T22367]  ? sctp_add_bind_addr+0x8c/0x370
[  501.139704][T22367]  sctp_add_bind_addr+0x8c/0x370
[  501.139726][T22367]  sctp_copy_local_addr_list+0x314/0x4f0
[  501.139748][T22367]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  501.139767][T22367]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  501.139787][T22367]  ? sctp_v6_is_any+0x64/0x80
[  501.139807][T22367]  ? sctp_copy_one_addr+0x93/0x360
[  501.139828][T22367]  sctp_bind_addr_copy+0xb3/0x3c0
[  501.139855][T22367]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  501.139882][T22367]  sctp_connect_new_asoc+0x2ff/0x6b0
[  501.139906][T22367]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  501.139933][T22367]  ? __local_bh_enable_ip+0xd0/0x130
[  501.139950][T22367]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  501.139972][T22367]  ? security_sctp_bind_connect+0x7e/0x2c0
[  501.139995][T22367]  sctp_sendmsg+0x1528/0x2c10
[  501.140031][T22367]  ? __pfx_sctp_sendmsg+0x10/0x10
[  501.140049][T22367]  ? aa_sk_perm+0x15a/0x960
[  501.140071][T22367]  ? aa_sk_perm+0x82d/0x960
[  501.140099][T22367]  ? __pfx_aa_sk_perm+0x10/0x10
[  501.140123][T22367]  ? sock_rps_record_flow+0x19/0x400
[  501.140148][T22367]  ? inet_sendmsg+0x2f4/0x370
[  501.140172][T22367]  ____sys_sendmsg+0x894/0xad0
[  501.140202][T22367]  ? __pfx_____sys_sendmsg+0x10/0x10
[  501.140230][T22367]  ? import_iovec+0x73/0xa0
[  501.140251][T22367]  ___sys_sendmsg+0x2a5/0x360
[  501.140270][T22367]  ? __lock_acquire+0x6b5/0x2cf0
[  501.140292][T22367]  ? __pfx____sys_sendmsg+0x10/0x10
[  501.140316][T22367]  ? kstrtouint+0x6e/0xe0
[  501.140360][T22367]  ? __fget_files+0x2a/0x420
[  501.140376][T22367]  ? __fget_files+0x3a0/0x420
[  501.140401][T22367]  __sys_sendmmsg+0x27c/0x4e0
[  501.140427][T22367]  ? __pfx___sys_sendmmsg+0x10/0x10
[  501.140445][T22367]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  501.140491][T22367]  ? ksys_write+0x242/0x270
[  501.140513][T22367]  ? __pfx_ksys_write+0x10/0x10
[  501.140539][T22367]  __x64_sys_sendmmsg+0xa0/0xc0
[  501.140561][T22367]  do_syscall_64+0x14d/0xf80
[  501.140581][T22367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.140596][T22367]  ? trace_irq_disable+0x37/0x100
[  501.140614][T22367]  ? clear_bhb_loop+0x40/0x90
[  501.140636][T22367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.140652][T22367] RIP: 0033:0x7f115d99c629
[  501.140668][T22367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  501.140683][T22367] RSP: 002b:00007f115e81d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  501.140701][T22367] RAX: ffffffffffffffda RBX: 00007f115dc15fa0 RCX: 00007f115d99c629
[  501.140714][T22367] RDX: 0000000000000001 RSI: 0000200000001d80 RDI: 0000000000000003
[  501.140726][T22367] RBP: 00007f115e81d090 R08: 0000000000000000 R09: 0000000000000000
[  501.140737][T22367] R10: 00000000000005dc R11: 0000000000000246 R12: 0000000000000002
[  501.140747][T22367] R13: 00007f115dc16038 R14: 00007f115dc15fa0 R15: 00007ffcd93b8098
[  501.140777][T22367]  </TASK>
[  501.507320][T22374] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  501.516889][T22374] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  501.643588][T22386] IPVS: set_ctl: invalid protocol: 98 10.1.1.0:20002
[  501.684824][T22384] 
s5ÿÿø: renamed from vlan1
[  501.952677][T22399] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.6118'.
[  501.967589][T22402] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6117'.
[  501.988090][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  501.996189][    C1] lec:lec_tx_timeout: lec0
[  502.001386][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  502.150538][T22378] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.255870][T22378] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.294645][T22420] xt_hashlimit: size too large, truncated to 1048576
[  502.343651][T22423] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6127'.
[  502.357248][T22378] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.397869][T22426] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6127'.
[  502.467298][T22378] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.493126][T22429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6128'.
[  502.536695][T22431] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6129'.
[  502.665461][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  502.713718][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  502.790839][   T35] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  502.868816][   T49] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.929023][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  502.939096][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  502.949774][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  502.957789][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  502.969344][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  503.207533][ T6008] syz1: Port: 1 Link DOWN
[  503.270824][T22462] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.6140'.
[  503.454072][T22478] netlink: 'syz.0.6145': attribute type 2 has an invalid length.
[  503.472811][T22478] netlink: 119 bytes leftover after parsing attributes in process `syz.0.6145'.
[  503.505469][T22446] chnl_net:caif_netlink_parms(): no params data found
[  503.638565][T22446] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.645925][T22446] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.665932][T22446] bridge_slave_0: entered allmulticast mode
[  503.674976][T22446] bridge_slave_0: entered promiscuous mode
[  503.694557][T22446] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.702937][T22446] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.711370][T22446] bridge_slave_1: entered allmulticast mode
[  503.720920][T22446] bridge_slave_1: entered promiscuous mode
[  503.764429][T22446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  503.777311][T22446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  503.827080][T22446] team0: Port device team_slave_0 added
[  503.836290][T22446] team0: Port device team_slave_1 added
[  503.887824][T22446] batman_adv: batadv0: Adding interface: batadv_slave_0
[  503.896712][T22446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  503.922910][T22446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  503.936402][T22446] batman_adv: batadv0: Adding interface: batadv_slave_1
[  503.943570][T22446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  503.970389][T22446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  504.033178][T22446] hsr_slave_0: entered promiscuous mode
[  504.044103][T22446] hsr_slave_1: entered promiscuous mode
[  504.050753][T22446] debugfs: 'hsr0' already exists in 'hsr'
[  504.060832][T22446] Cannot create hsr debugfs directory
[  504.094545][T22511] geneve3: entered promiscuous mode
[  504.112809][   T58] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 34333 - 0
[  504.121474][   T58] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 34333 - 0
[  504.175791][   T58] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 34333 - 0
[  504.229644][   T58] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 34333 - 0
[  504.253180][T22511] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.263255][T22511] netdevsim netdevsim1 eth3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  504.283884][T22511] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.295330][T22511] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 34333 - 0
[  504.325326][T22524] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6160'.
[  504.340989][T22524] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6160'.
[  504.361788][T22511] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.371796][T22511] netdevsim netdevsim1 eth2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  504.382209][T22511] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.394663][T22511] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 34333 - 0
[  504.487504][T22511] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.500313][T22529] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.6162'.
[  504.510576][T22511] netdevsim netdevsim1 eth1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  504.521840][T22511] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.532222][T22511] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 34333 - 0
[  504.542785][T22531] FAULT_INJECTION: forcing a failure.
[  504.542785][T22531] name failslab, interval 1, probability 0, space 0, times 0
[  504.555783][T22531] CPU: 0 UID: 0 PID: 22531 Comm: syz.0.6163 Not tainted syzkaller #0 PREEMPT(full) 
[  504.555805][T22531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  504.555815][T22531] Call Trace:
[  504.555821][T22531]  <TASK>
[  504.555829][T22531]  dump_stack_lvl+0xe8/0x150
[  504.555854][T22531]  should_fail_ex+0x412/0x560
[  504.555880][T22531]  should_failslab+0xa8/0x100
[  504.555904][T22531]  __kmalloc_cache_noprof+0x88/0x660
[  504.555923][T22531]  ? dev_ethtool+0x132/0x1ae0
[  504.555945][T22531]  dev_ethtool+0x132/0x1ae0
[  504.555969][T22531]  ? kasan_quarantine_put+0xbb/0x1f0
[  504.555990][T22531]  ? __pfx_dev_ethtool+0x10/0x10
[  504.556005][T22531]  ? dev_load+0x21/0x1f0
[  504.556029][T22531]  ? dev_load+0x21/0x1f0
[  504.556046][T22531]  ? dev_load+0x21/0x1f0
[  504.556061][T22531]  dev_ioctl+0x392/0x1150
[  504.556080][T22531]  sock_do_ioctl+0x23e/0x320
[  504.556103][T22531]  ? __pfx_sock_do_ioctl+0x10/0x10
[  504.556121][T22531]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  504.556155][T22531]  sock_ioctl+0x5c6/0x7f0
[  504.556173][T22531]  ? __pfx_sock_ioctl+0x10/0x10
[  504.556190][T22531]  ? __fget_files+0x2a/0x420
[  504.556201][T22531]  ? __fget_files+0x3a0/0x420
[  504.556212][T22531]  ? __fget_files+0x2a/0x420
[  504.556227][T22531]  ? bpf_lsm_file_ioctl+0x9/0x20
[  504.556239][T22531]  ? __pfx_sock_ioctl+0x10/0x10
[  504.556255][T22531]  __se_sys_ioctl+0xfc/0x170
[  504.556272][T22531]  do_syscall_64+0x14d/0xf80
[  504.556288][T22531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.556300][T22531]  ? trace_irq_disable+0x37/0x100
[  504.556314][T22531]  ? clear_bhb_loop+0x40/0x90
[  504.556330][T22531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.556343][T22531] RIP: 0033:0x7f115d99c629
[  504.556358][T22531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  504.556381][T22531] RSP: 002b:00007f115e81d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  504.556397][T22531] RAX: ffffffffffffffda RBX: 00007f115dc15fa0 RCX: 00007f115d99c629
[  504.556408][T22531] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000003
[  504.556417][T22531] RBP: 00007f115e81d090 R08: 0000000000000000 R09: 0000000000000000
[  504.556426][T22531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.556434][T22531] R13: 00007f115dc16038 R14: 00007f115dc15fa0 R15: 00007ffcd93b8098
[  504.556458][T22531]  </TASK>
[  504.856112][T22446] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.873231][T22446] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.880519][T22535] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6164'.
[  504.905946][T22511] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.916907][T22511] netdevsim netdevsim1 eth0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  504.927800][T22511] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.938295][T22511] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 34333 - 0
[  504.982498][T22446] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  504.993113][T22446] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.041862][ T5825] Bluetooth: hci5: command tx timeout
[  505.046504][   T35] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  505.057369][   T35] netdevsim netdevsim1 eth0: set [0, 1] type 1 family 0 port 256 - 0
[  505.077870][   T35] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 34333 - 0
[  505.086766][   T35] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  505.146205][T22446] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  505.158757][T22446] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.200268][   T35] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  505.218467][   T35] netdevsim netdevsim1 eth1: set [0, 1] type 1 family 0 port 256 - 0
[  505.236934][   T35] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 34333 - 0
[  505.257236][   T35] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  505.360721][T22446] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  505.390363][T22446] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.435629][   T35] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  505.446781][   T35] netdevsim netdevsim1 eth2: set [0, 1] type 1 family 0 port 256 - 0
[  505.455750][   T35] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 34333 - 0
[  505.464366][   T35] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  505.473511][T22564] FAULT_INJECTION: forcing a failure.
[  505.473511][T22564] name failslab, interval 1, probability 0, space 0, times 0
[  505.496606][T22564] CPU: 1 UID: 0 PID: 22564 Comm: syz.0.6175 Not tainted syzkaller #0 PREEMPT(full) 
[  505.496630][T22564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  505.496640][T22564] Call Trace:
[  505.496647][T22564]  <TASK>
[  505.496655][T22564]  dump_stack_lvl+0xe8/0x150
[  505.496681][T22564]  should_fail_ex+0x412/0x560
[  505.496704][T22564]  should_failslab+0xa8/0x100
[  505.496726][T22564]  __kmalloc_cache_noprof+0x88/0x660
[  505.496747][T22564]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  505.496764][T22564]  ? sctp_add_bind_addr+0x8c/0x370
[  505.496780][T22564]  sctp_add_bind_addr+0x8c/0x370
[  505.496793][T22564]  sctp_copy_local_addr_list+0x314/0x4f0
[  505.496805][T22564]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  505.496816][T22564]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  505.496827][T22564]  ? sctp_v6_is_any+0x64/0x80
[  505.496839][T22564]  ? sctp_copy_one_addr+0x93/0x360
[  505.496851][T22564]  sctp_bind_addr_copy+0xb3/0x3c0
[  505.496862][T22564]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  505.496878][T22564]  sctp_connect_new_asoc+0x2ff/0x6b0
[  505.496893][T22564]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  505.496909][T22564]  ? __local_bh_enable_ip+0xd0/0x130
[  505.496919][T22564]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  505.496934][T22564]  ? security_sctp_bind_connect+0x7e/0x2c0
[  505.496947][T22564]  sctp_sendmsg+0x1528/0x2c10
[  505.496967][T22564]  ? __pfx_sctp_sendmsg+0x10/0x10
[  505.496978][T22564]  ? aa_sk_perm+0x15a/0x960
[  505.496992][T22564]  ? aa_sk_perm+0x82d/0x960
[  505.497008][T22564]  ? __pfx_aa_sk_perm+0x10/0x10
[  505.497022][T22564]  ? sock_rps_record_flow+0x19/0x400
[  505.497037][T22564]  ? inet_sendmsg+0x2f4/0x370
[  505.497051][T22564]  ____sys_sendmsg+0x894/0xad0
[  505.497069][T22564]  ? __pfx_____sys_sendmsg+0x10/0x10
[  505.497086][T22564]  ? import_iovec+0x73/0xa0
[  505.497098][T22564]  ___sys_sendmsg+0x2a5/0x360
[  505.497110][T22564]  ? __lock_acquire+0x6b5/0x2cf0
[  505.497123][T22564]  ? __pfx____sys_sendmsg+0x10/0x10
[  505.497137][T22564]  ? kstrtouint+0x6e/0xe0
[  505.497164][T22564]  ? __fget_files+0x2a/0x420
[  505.497173][T22564]  ? __fget_files+0x3a0/0x420
[  505.497187][T22564]  __sys_sendmmsg+0x27c/0x4e0
[  505.497202][T22564]  ? __pfx___sys_sendmmsg+0x10/0x10
[  505.497213][T22564]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  505.497243][T22564]  ? ksys_write+0x242/0x270
[  505.497256][T22564]  ? __pfx_ksys_write+0x10/0x10
[  505.497271][T22564]  __x64_sys_sendmmsg+0xa0/0xc0
[  505.497284][T22564]  do_syscall_64+0x14d/0xf80
[  505.497297][T22564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.497306][T22564]  ? trace_irq_disable+0x37/0x100
[  505.497318][T22564]  ? clear_bhb_loop+0x40/0x90
[  505.497330][T22564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.497339][T22564] RIP: 0033:0x7f115d99c629
[  505.497349][T22564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  505.497357][T22564] RSP: 002b:00007f115e81d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  505.497369][T22564] RAX: ffffffffffffffda RBX: 00007f115dc15fa0 RCX: 00007f115d99c629
[  505.497376][T22564] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000004
[  505.497382][T22564] RBP: 00007f115e81d090 R08: 0000000000000000 R09: 0000000000000000
[  505.497388][T22564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  505.497393][T22564] R13: 00007f115dc16038 R14: 00007f115dc15fa0 R15: 00007ffcd93b8098
[  505.497408][T22564]  </TASK>
[  505.839831][   T35] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  505.868257][   T35] netdevsim netdevsim1 eth3: set [0, 1] type 1 family 0 port 256 - 0
[  505.878155][   T35] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 34333 - 0
[  505.886440][   T35] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  505.935456][T22570] IPVS: set_ctl: invalid protocol: 255 172.20.20.187:20003
[  506.085642][T22446] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  506.112759][T22446] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  506.124446][T22446] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  506.140907][T22446] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  506.287549][T22446] 8021q: adding VLAN 0 to HW filter on device bond0
[  506.351318][T22446] 8021q: adding VLAN 0 to HW filter on device team0
[  506.384697][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.391908][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  506.437562][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.444751][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  506.713390][T22620] netlink: 'syz.1.6194': attribute type 2 has an invalid length.
[  506.725748][T22620] netlink: 'syz.1.6194': attribute type 8 has an invalid length.
[  506.926802][T22446] 8021q: adding VLAN 0 to HW filter on device batadv0
[  507.008227][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  507.016302][    C1] lec:lec_tx_timeout: lec0
[  507.022043][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  507.053923][T22641] FAULT_INJECTION: forcing a failure.
[  507.053923][T22641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.073096][T22641] CPU: 1 UID: 0 PID: 22641 Comm: syz.0.6200 Not tainted syzkaller #0 PREEMPT(full) 
[  507.073122][T22641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  507.073134][T22641] Call Trace:
[  507.073141][T22641]  <TASK>
[  507.073150][T22641]  dump_stack_lvl+0xe8/0x150
[  507.073177][T22641]  should_fail_ex+0x412/0x560
[  507.073204][T22641]  _copy_from_user+0x2d/0xb0
[  507.073222][T22641]  ___sys_sendmsg+0x1c6/0x360
[  507.073243][T22641]  ? __lock_acquire+0x6b5/0x2cf0
[  507.073265][T22641]  ? __pfx____sys_sendmsg+0x10/0x10
[  507.073315][T22641]  ? __fget_files+0x2a/0x420
[  507.073331][T22641]  ? __fget_files+0x3a0/0x420
[  507.073355][T22641]  __x64_sys_sendmsg+0x1bd/0x2a0
[  507.073377][T22641]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  507.073406][T22641]  ? __pfx_ksys_write+0x10/0x10
[  507.073435][T22641]  do_syscall_64+0x14d/0xf80
[  507.073455][T22641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.073471][T22641]  ? trace_irq_disable+0x37/0x100
[  507.073489][T22641]  ? clear_bhb_loop+0x40/0x90
[  507.073508][T22641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.073525][T22641] RIP: 0033:0x7f115d99c629
[  507.073541][T22641] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  507.073555][T22641] RSP: 002b:00007f115e81d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  507.073573][T22641] RAX: ffffffffffffffda RBX: 00007f115dc15fa0 RCX: 00007f115d99c629
[  507.073585][T22641] RDX: 000000000000c004 RSI: 0000200000000000 RDI: 0000000000000003
[  507.073596][T22641] RBP: 00007f115e81d090 R08: 0000000000000000 R09: 0000000000000000
[  507.073607][T22641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  507.073618][T22641] R13: 00007f115dc16038 R14: 00007f115dc15fa0 R15: 00007ffcd93b8098
[  507.073646][T22641]  </TASK>
[  507.268433][ T5825] Bluetooth: hci5: command tx timeout
[  507.285310][T22645] macvtap1: entered promiscuous mode
[  507.302199][T22645] vlan0: entered promiscuous mode
[  507.307563][T22645] macvtap1: entered allmulticast mode
[  507.318808][T22645] vlan0: entered allmulticast mode
[  507.324132][T22645] veth0_vlan: entered allmulticast mode
[  507.588270][T22665] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  507.636227][T22446] veth0_vlan: entered promiscuous mode
[  507.668551][T22446] veth1_vlan: entered promiscuous mode
[  507.769994][T22446] veth0_macvtap: entered promiscuous mode
[  507.811024][T22446] veth1_macvtap: entered promiscuous mode
[  507.861423][T22446] batman_adv: batadv0: Interface activated: batadv_slave_0
[  507.883901][T22446] batman_adv: batadv0: Interface activated: batadv_slave_1
[  507.907441][   T58] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.941058][   T58] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  508.086007][   T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  508.205522][   T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  508.473756][T22694] syzkaller0: entered promiscuous mode
[  508.481427][T22694] syzkaller0: entered allmulticast mode
[  508.493858][T22694] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  509.278393][ T5825] Bluetooth: hci5: command tx timeout
[  510.474438][T22668] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  510.618185][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  510.648249][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.701580][T22700] __nla_validate_parse: 8 callbacks suppressed
[  510.701598][T22700] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6219'.
[  510.718367][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  510.726206][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.989508][T22724] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  510.990978][T22725] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  511.065408][T22730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6226'.
[  511.260089][T22742] IPVS: set_ctl: invalid protocol: 2 172.30.0.5:20001
[  511.358480][ T5825] Bluetooth: hci5: command tx timeout
[  511.457061][T22756] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  511.483852][T22756] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  511.574200][T22737] netlink: 'syz.2.6228': attribute type 2 has an invalid length.
[  511.589292][T22761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6238'.
[  511.829320][T22769] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  511.882238][T22771] tipc: Started in network mode
[  511.897926][T22771] tipc: Node identity 12375f2140fa, cluster identity 4711
[  511.907404][T22771] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  511.921955][T22771] tipc: Resetting bearer <eth:syzkaller0>
[  512.027038][T22773] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6244'.
[  512.133218][T22770] tipc: Disabling bearer <eth:syzkaller0>
[  512.271158][T22792] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6249'.
[  512.507679][T22812] openvswitch: netlink: Multiple metadata blocks provided
[  512.798071][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5780 ms
[  512.806174][    C1] lec:lec_tx_timeout: lec0
[  512.811081][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  512.837424][T22842] netlink: 'syz.4.6265': attribute type 13 has an invalid length.
[  512.846207][T22842] netlink: 'syz.4.6265': attribute type 17 has an invalid length.
[  512.895110][T22842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  513.504141][T22858] FAULT_INJECTION: forcing a failure.
[  513.504141][T22858] name failslab, interval 1, probability 0, space 0, times 0
[  513.517433][T22858] CPU: 0 UID: 0 PID: 22858 Comm: syz.1.6270 Not tainted syzkaller #0 PREEMPT(full) 
[  513.517450][T22858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  513.517457][T22858] Call Trace:
[  513.517462][T22858]  <TASK>
[  513.517466][T22858]  dump_stack_lvl+0xe8/0x150
[  513.517493][T22858]  should_fail_ex+0x412/0x560
[  513.517510][T22858]  should_failslab+0xa8/0x100
[  513.517526][T22858]  __kmalloc_noprof+0xe8/0x760
[  513.517539][T22858]  ? tomoyo_encode+0x28b/0x550
[  513.517556][T22858]  tomoyo_encode+0x28b/0x550
[  513.517573][T22858]  tomoyo_realpath_from_path+0x58d/0x5d0
[  513.517588][T22858]  ? tomoyo_domain+0xd7/0x130
[  513.517599][T22858]  ? tomoyo_path_number_perm+0x219/0x630
[  513.517611][T22858]  tomoyo_path_number_perm+0x246/0x630
[  513.517624][T22858]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  513.517635][T22858]  ? __lock_acquire+0x6b5/0x2cf0
[  513.517653][T22858]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  513.517676][T22858]  ? __fget_files+0x2a/0x420
[  513.517687][T22858]  ? __fget_files+0x2a/0x420
[  513.517696][T22858]  ? __fget_files+0x3a0/0x420
[  513.517704][T22858]  ? __fget_files+0x2a/0x420
[  513.517715][T22858]  security_file_ioctl+0xc3/0x2a0
[  513.517728][T22858]  __se_sys_ioctl+0x47/0x170
[  513.517745][T22858]  do_syscall_64+0x14d/0xf80
[  513.517757][T22858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.517766][T22858]  ? trace_irq_disable+0x37/0x100
[  513.517778][T22858]  ? clear_bhb_loop+0x40/0x90
[  513.517789][T22858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.517799][T22858] RIP: 0033:0x7f050d59c629
[  513.517809][T22858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  513.517817][T22858] RSP: 002b:00007f050e403028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  513.517829][T22858] RAX: ffffffffffffffda RBX: 00007f050d815fa0 RCX: 00007f050d59c629
[  513.517837][T22858] RDX: 0000200000000080 RSI: 000000000000890c RDI: 0000000000000004
[  513.517843][T22858] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  513.517849][T22858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.517857][T22858] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  513.517882][T22858]  </TASK>
[  513.517901][T22858] ERROR: Out of memory at tomoyo_realpath_from_path.
[  513.838704][T22861] syzkaller0: entered promiscuous mode
[  513.844296][T22861] syzkaller0: entered allmulticast mode
[  513.852975][T22861] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  513.869810][T22861] syzkaller0: mtu greater than device maximum
[  515.452732][T22814] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  515.982984][T22901] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6287'.
[  516.006793][T22901] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6287'.
[  516.310183][ T5890] hid-generic 0005:0B57:0005.0007: item fetching failed at offset 0/2
[  516.324367][ T5890] hid-generic 0005:0B57:0005.0007: probe with driver hid-generic failed with error -22
[  517.015366][T22941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.055648][T22941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  517.091265][T22947] netlink: 'syz.2.6305': attribute type 29 has an invalid length.
[  517.101064][T22947] netlink: 'syz.2.6305': attribute type 29 has an invalid length.
[  517.223542][T22956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6310'.
[  517.283538][T22959] FAULT_INJECTION: forcing a failure.
[  517.283538][T22959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.296950][T22959] CPU: 0 UID: 0 PID: 22959 Comm: syz.2.6313 Not tainted syzkaller #0 PREEMPT(full) 
[  517.296972][T22959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  517.296981][T22959] Call Trace:
[  517.296987][T22959]  <TASK>
[  517.296993][T22959]  dump_stack_lvl+0xe8/0x150
[  517.297019][T22959]  should_fail_ex+0x412/0x560
[  517.297044][T22959]  _copy_from_user+0x2d/0xb0
[  517.297063][T22959]  ethtool_get_stats+0x190/0x3b0
[  517.297086][T22959]  ? __pfx_ethtool_get_stats+0x10/0x10
[  517.297106][T22959]  ? lockdep_hardirqs_on+0x7a/0x110
[  517.297127][T22959]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  517.297150][T22959]  dev_ethtool+0xb92/0x1ae0
[  517.297179][T22959]  ? __pfx_dev_ethtool+0x10/0x10
[  517.297197][T22959]  ? dev_load+0x21/0x1f0
[  517.297224][T22959]  ? dev_load+0x21/0x1f0
[  517.297241][T22959]  dev_ioctl+0x392/0x1150
[  517.297260][T22959]  sock_do_ioctl+0x23e/0x320
[  517.297283][T22959]  ? __pfx_sock_do_ioctl+0x10/0x10
[  517.297300][T22959]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  517.297321][T22959]  sock_ioctl+0x5c6/0x7f0
[  517.297342][T22959]  ? __pfx_sock_ioctl+0x10/0x10
[  517.297357][T22959]  ? __fget_files+0x2a/0x420
[  517.297366][T22959]  ? __fget_files+0x3a0/0x420
[  517.297375][T22959]  ? __fget_files+0x2a/0x420
[  517.297385][T22959]  ? bpf_lsm_file_ioctl+0x9/0x20
[  517.297395][T22959]  ? __pfx_sock_ioctl+0x10/0x10
[  517.297408][T22959]  __se_sys_ioctl+0xfc/0x170
[  517.297422][T22959]  do_syscall_64+0x14d/0xf80
[  517.297435][T22959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.297445][T22959]  ? trace_irq_disable+0x37/0x100
[  517.297457][T22959]  ? clear_bhb_loop+0x40/0x90
[  517.297469][T22959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.297478][T22959] RIP: 0033:0x7fc82519c629
[  517.297488][T22959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  517.297497][T22959] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  517.297508][T22959] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  517.297516][T22959] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000003
[  517.297522][T22959] RBP: 00007fc82613f090 R08: 0000000000000000 R09: 0000000000000000
[  517.297528][T22959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.297534][T22959] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  517.297549][T22959]  </TASK>
[  517.838120][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms
[  517.846239][    C1] lec:lec_tx_timeout: lec0
[  517.850976][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  517.968556][T22990] FAULT_INJECTION: forcing a failure.
[  517.968556][T22990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.982364][T22990] CPU: 0 UID: 0 PID: 22990 Comm: syz.2.6322 Not tainted syzkaller #0 PREEMPT(full) 
[  517.982388][T22990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  517.982398][T22990] Call Trace:
[  517.982406][T22990]  <TASK>
[  517.982413][T22990]  dump_stack_lvl+0xe8/0x150
[  517.982440][T22990]  should_fail_ex+0x412/0x560
[  517.982467][T22990]  _copy_from_user+0x2d/0xb0
[  517.982486][T22990]  ethtool_get_stats+0x190/0x3b0
[  517.982509][T22990]  ? __pfx_ethtool_get_stats+0x10/0x10
[  517.982529][T22990]  ? lockdep_hardirqs_on+0x7a/0x110
[  517.982549][T22990]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  517.982570][T22990]  dev_ethtool+0xb92/0x1ae0
[  517.982601][T22990]  ? __pfx_dev_ethtool+0x10/0x10
[  517.982616][T22990]  ? dev_load+0x21/0x1f0
[  517.982640][T22990]  ? dev_load+0x21/0x1f0
[  517.982660][T22990]  dev_ioctl+0x392/0x1150
[  517.982675][T22990]  sock_do_ioctl+0x23e/0x320
[  517.982696][T22990]  ? __pfx_sock_do_ioctl+0x10/0x10
[  517.982711][T22990]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  517.982739][T22990]  sock_ioctl+0x5c6/0x7f0
[  517.982757][T22990]  ? __pfx_sock_ioctl+0x10/0x10
[  517.982774][T22990]  ? __fget_files+0x2a/0x420
[  517.982786][T22990]  ? __fget_files+0x3a0/0x420
[  517.982798][T22990]  ? __fget_files+0x2a/0x420
[  517.982812][T22990]  ? bpf_lsm_file_ioctl+0x9/0x20
[  517.982825][T22990]  ? __pfx_sock_ioctl+0x10/0x10
[  517.982841][T22990]  __se_sys_ioctl+0xfc/0x170
[  517.982859][T22990]  do_syscall_64+0x14d/0xf80
[  517.982875][T22990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.982887][T22990]  ? trace_irq_disable+0x37/0x100
[  517.982901][T22990]  ? clear_bhb_loop+0x40/0x90
[  517.982916][T22990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.982929][T22990] RIP: 0033:0x7fc82519c629
[  517.982942][T22990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  517.982953][T22990] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  517.982969][T22990] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  517.982978][T22990] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000003
[  517.982987][T22990] RBP: 00007fc82613f090 R08: 0000000000000000 R09: 0000000000000000
[  517.982995][T22990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.983003][T22990] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  517.983025][T22990]  </TASK>
[  518.272749][T22993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6323'.
[  518.689269][T23029] netlink: 56 bytes leftover after parsing attributes in process `syz.1.6335'.
[  518.711927][T23029] bond3 (unregistering): Released all slaves
[  521.502155][T23011] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  521.714786][T23046] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6340'.
[  521.728765][T23051] x_tables: duplicate underflow at hook 1
[  521.860356][T23058] netlink: 'syz.3.6345': attribute type 21 has an invalid length.
[  521.958233][T23063] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6349'.
[  522.290614][T23091] netlink: 'syz.3.6357': attribute type 1 has an invalid length.
[  522.290634][T23090] netlink: 'syz.3.6357': attribute type 1 has an invalid length.
[  522.340804][T23090] 8021q: adding VLAN 0 to HW filter on device bond1
[  522.353801][T23094] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6358'.
[  522.361219][T23090] bond1: (slave gretap1): making interface the new active one
[  522.372808][T23090] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  522.404166][T23094] vlan3: entered promiscuous mode
[  522.409520][T23094] bridge0: entered promiscuous mode
[  522.442656][T23099] netlink: 'syz.4.6359': attribute type 30 has an invalid length.
[  522.454593][T23099] bridge0: port 1(bridge_slave_0) entered forwarding state
[  522.547833][T23106] syzkaller0: entered promiscuous mode
[  522.553429][T23106] syzkaller0: entered allmulticast mode
[  522.858636][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  522.867036][    C1] lec:lec_tx_timeout: lec0
[  522.871977][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  525.013646][T23070] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  525.286201][T23134] netlink: zone id is out of range
[  525.292314][T23134] netlink: zone id is out of range
[  525.298984][T23134] netlink: zone id is out of range
[  525.304113][T23134] netlink: zone id is out of range
[  525.311591][T23134] netlink: zone id is out of range
[  525.316723][T23134] netlink: zone id is out of range
[  525.320268][T23126] bond1: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  525.322110][T23134] netlink: zone id is out of range
[  525.337857][T23134] netlink: zone id is out of range
[  525.343077][T23134] netlink: zone id is out of range
[  525.348296][T23134] netlink: zone id is out of range
[  525.382017][T23126] bond1 (unregistering): Released all slaves
[  525.627236][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  525.640419][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  525.649668][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  525.657724][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  525.693778][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  525.793240][T23155] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6371'.
[  525.824390][T23145] netlink: 'syz.4.6371': attribute type 3 has an invalid length.
[  526.104987][ T6008] hid-generic 0005:0B57:0005.0008: item fetching failed at offset 0/2
[  526.110573][T23146] chnl_net:caif_netlink_parms(): no params data found
[  526.148778][ T6008] hid-generic 0005:0B57:0005.0008: probe with driver hid-generic failed with error -22
[  526.231946][T23170] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6376'.
[  526.265282][T23175] x_tables: duplicate underflow at hook 1
[  526.315650][T23146] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.326322][T23146] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.333849][T23146] bridge_slave_0: entered allmulticast mode
[  526.343014][T23146] bridge_slave_0: entered promiscuous mode
[  526.355538][T23146] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.363043][T23146] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.370558][T23146] bridge_slave_1: entered allmulticast mode
[  526.378904][T23146] bridge_slave_1: entered promiscuous mode
[  526.418913][T23182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6379'.
[  526.432959][T23182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6379'.
[  526.443070][T23182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6379'.
[  526.445213][T23146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  526.465092][T23146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  526.521650][T23184] sctp: [Deprecated]: syz.1.6380 (pid 23184) Use of struct sctp_assoc_value in delayed_ack socket option.
[  526.521650][T23184] Use struct sctp_sack_info instead
[  526.541094][T23146] team0: Port device team_slave_0 added
[  526.550176][T23146] team0: Port device team_slave_1 added
[  526.574273][T23146] batman_adv: batadv0: Adding interface: batadv_slave_0
[  526.582851][T23146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  526.609863][T23146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  526.622242][T23146] batman_adv: batadv0: Adding interface: batadv_slave_1
[  526.629303][T23146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  526.697052][T23146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  526.826876][T23146] hsr_slave_0: entered promiscuous mode
[  526.834507][T23146] hsr_slave_1: entered promiscuous mode
[  526.841404][T23146] debugfs: 'hsr0' already exists in 'hsr'
[  526.848343][T23146] Cannot create hsr debugfs directory
[  526.880746][T23195] FAULT_INJECTION: forcing a failure.
[  526.880746][T23195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  526.908316][T23195] CPU: 0 UID: 0 PID: 23195 Comm: syz.1.6384 Not tainted syzkaller #0 PREEMPT(full) 
[  526.908339][T23195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  526.908348][T23195] Call Trace:
[  526.908354][T23195]  <TASK>
[  526.908362][T23195]  dump_stack_lvl+0xe8/0x150
[  526.908389][T23195]  should_fail_ex+0x412/0x560
[  526.908416][T23195]  _copy_to_user+0x31/0xb0
[  526.908436][T23195]  simple_read_from_buffer+0xe1/0x170
[  526.908471][T23195]  proc_fail_nth_read+0x1bb/0x230
[  526.908495][T23195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  526.908519][T23195]  ? rw_verify_area+0x2a6/0x4d0
[  526.908537][T23195]  ? reacquire_held_locks+0x104/0x190
[  526.908554][T23195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  526.908576][T23195]  vfs_read+0x20c/0xa70
[  526.908592][T23195]  ? fdget_pos+0x246/0x320
[  526.908610][T23195]  ? __pfx___mutex_lock+0x10/0x10
[  526.908632][T23195]  ? __pfx_vfs_read+0x10/0x10
[  526.908652][T23195]  ? __fget_files+0x2a/0x420
[  526.908673][T23195]  ? __fget_files+0x3a0/0x420
[  526.908688][T23195]  ? __fget_files+0x2a/0x420
[  526.908712][T23195]  ksys_read+0x150/0x270
[  526.908732][T23195]  ? __pfx_ksys_read+0x10/0x10
[  526.908759][T23195]  do_syscall_64+0x14d/0xf80
[  526.908776][T23195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.908790][T23195]  ? trace_irq_disable+0x37/0x100
[  526.908808][T23195]  ? clear_bhb_loop+0x40/0x90
[  526.908827][T23195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.908843][T23195] RIP: 0033:0x7f050d55cece
[  526.908859][T23195] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  526.908874][T23195] RSP: 002b:00007f050e402fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  526.908892][T23195] RAX: ffffffffffffffda RBX: 00007f050e4036c0 RCX: 00007f050d55cece
[  526.908904][T23195] RDX: 000000000000000f RSI: 00007f050e4030a0 RDI: 0000000000000003
[  526.908914][T23195] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  526.908923][T23195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  526.908932][T23195] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  526.908960][T23195]  </TASK>
[  527.346959][T23206] sctp: [Deprecated]: syz.4.6390 (pid 23206) Use of struct sctp_assoc_value in delayed_ack socket option.
[  527.346959][T23206] Use struct sctp_sack_info instead
[  527.573576][T23224] IPVS: set_ctl: invalid protocol: 3682 255.255.255.255:20002
[  527.747281][ T1145] bond1 (unregistering): (slave gretap1): Releasing active interface
[  527.758703][ T5825] Bluetooth: hci4: command tx timeout
[  527.878089][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  527.886218][    C1] lec:lec_tx_timeout: lec0
[  527.890981][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  528.001701][ T1145] bond0 (unregistering): Released all slaves
[  528.014774][ T1145] bond1 (unregistering): Released all slaves
[  528.094380][T23244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6399'.
[  528.145002][ T1145] tipc: Left network mode
[  528.374788][T23254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6402'.
[  528.539916][T23254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6402'.
[  528.605992][T23270] sctp: [Deprecated]: syz.3.6406 (pid 23270) Use of struct sctp_assoc_value in delayed_ack socket option.
[  528.605992][T23270] Use struct sctp_sack_info instead
[  529.038197][ T1145] hsr_slave_0: left promiscuous mode
[  529.081148][ T1145] pimreg (unregistering): left allmulticast mode
[  529.609636][T23146] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  529.643429][T23146] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  529.670680][T23146] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  529.694865][T23146] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  529.836472][T23318] netem: change failed
[  529.852059][ T5825] Bluetooth: hci4: command tx timeout
[  529.946213][T23146] 8021q: adding VLAN 0 to HW filter on device bond0
[  529.971475][T23146] 8021q: adding VLAN 0 to HW filter on device team0
[  529.986473][ T1316] bridge0: port 1(bridge_slave_0) entered blocking state
[  529.993618][ T1316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  530.026059][T23336] netlink: 'syz.3.6419': attribute type 28 has an invalid length.
[  530.034876][T23336] netlink: 'syz.3.6419': attribute type 3 has an invalid length.
[  530.048252][T23336] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6419'.
[  530.050010][ T1316] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.064603][ T1316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  530.070868][T23338] af_packet: tpacket_rcv: packet too big, clamped from 20 to 4294967272. macoff=96
[  530.084930][T23338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6417'.
[  530.097303][T23338] netlink: 'syz.1.6417': attribute type 5 has an invalid length.
[  530.105240][T23338] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6417'.
[  530.129896][T23338] geneve4: entered promiscuous mode
[  530.135539][T23338] geneve4: entered allmulticast mode
[  530.465366][T23146] 8021q: adding VLAN 0 to HW filter on device batadv0
[  530.505584][T23360] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6421'.
[  530.557496][T23146] veth0_vlan: entered promiscuous mode
[  530.573320][T23146] veth1_vlan: entered promiscuous mode
[  530.610626][T23146] veth0_macvtap: entered promiscuous mode
[  530.624386][T23146] veth1_macvtap: entered promiscuous mode
[  530.655937][T23146] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.674285][T23146] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.693084][   T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  530.711237][   T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.727592][   T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.741578][   T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.842977][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.858222][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.922773][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.940978][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  531.029446][T23377] FAULT_INJECTION: forcing a failure.
[  531.029446][T23377] name failslab, interval 1, probability 0, space 0, times 0
[  531.044518][T23377] CPU: 1 UID: 0 PID: 23377 Comm: syz.1.6425 Not tainted syzkaller #0 PREEMPT(full) 
[  531.044542][T23377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  531.044554][T23377] Call Trace:
[  531.044561][T23377]  <TASK>
[  531.044568][T23377]  dump_stack_lvl+0xe8/0x150
[  531.044595][T23377]  should_fail_ex+0x412/0x560
[  531.044622][T23377]  should_failslab+0xa8/0x100
[  531.044645][T23377]  __kmalloc_cache_node_noprof+0x8a/0x6b0
[  531.044668][T23377]  ? __get_vm_area_node+0x13f/0x300
[  531.044684][T23377]  ? __lock_acquire+0x6b5/0x2cf0
[  531.044705][T23377]  __get_vm_area_node+0x13f/0x300
[  531.044728][T23377]  __vmalloc_node_range_noprof+0x372/0x1730
[  531.044749][T23377]  ? ethtool_get_stats+0x202/0x3b0
[  531.044773][T23377]  ? kasan_save_track+0x3e/0x80
[  531.044818][T23377]  ? __might_fault+0xaf/0x130
[  531.044840][T23377]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  531.044869][T23377]  ? ethtool_get_stats+0x202/0x3b0
[  531.044890][T23377]  vzalloc_noprof+0xb2/0xe0
[  531.044908][T23377]  ? ethtool_get_stats+0x202/0x3b0
[  531.044930][T23377]  ethtool_get_stats+0x202/0x3b0
[  531.044953][T23377]  ? __pfx_ethtool_get_stats+0x10/0x10
[  531.044974][T23377]  ? lockdep_hardirqs_on+0x7a/0x110
[  531.044996][T23377]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  531.045018][T23377]  dev_ethtool+0xb92/0x1ae0
[  531.045048][T23377]  ? __pfx_dev_ethtool+0x10/0x10
[  531.045064][T23377]  ? dev_load+0x21/0x1f0
[  531.045095][T23377]  ? dev_load+0x21/0x1f0
[  531.045113][T23377]  dev_ioctl+0x392/0x1150
[  531.045134][T23377]  sock_do_ioctl+0x23e/0x320
[  531.045159][T23377]  ? __pfx_sock_do_ioctl+0x10/0x10
[  531.045178][T23377]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  531.045219][T23377]  sock_ioctl+0x5c6/0x7f0
[  531.045242][T23377]  ? __pfx_sock_ioctl+0x10/0x10
[  531.045264][T23377]  ? __fget_files+0x2a/0x420
[  531.045280][T23377]  ? __fget_files+0x3a0/0x420
[  531.045295][T23377]  ? __fget_files+0x2a/0x420
[  531.045315][T23377]  ? bpf_lsm_file_ioctl+0x9/0x20
[  531.045331][T23377]  ? __pfx_sock_ioctl+0x10/0x10
[  531.045351][T23377]  __se_sys_ioctl+0xfc/0x170
[  531.045374][T23377]  do_syscall_64+0x14d/0xf80
[  531.045394][T23377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.045410][T23377]  ? trace_irq_disable+0x37/0x100
[  531.045428][T23377]  ? clear_bhb_loop+0x40/0x90
[  531.045449][T23377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.045464][T23377] RIP: 0033:0x7f050d59c629
[  531.045481][T23377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  531.045495][T23377] RSP: 002b:00007f050e403028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  531.045517][T23377] RAX: ffffffffffffffda RBX: 00007f050d815fa0 RCX: 00007f050d59c629
[  531.045530][T23377] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000003
[  531.045542][T23377] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  531.045553][T23377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.045563][T23377] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  531.045592][T23377]  </TASK>
[  531.046393][T23377] syz.1.6425: vmalloc error: size 240, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  531.375001][T23377] CPU: 1 UID: 0 PID: 23377 Comm: syz.1.6425 Not tainted syzkaller #0 PREEMPT(full) 
[  531.375031][T23377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  531.375041][T23377] Call Trace:
[  531.375050][T23377]  <TASK>
[  531.375058][T23377]  dump_stack_lvl+0xe8/0x150
[  531.375083][T23377]  warn_alloc+0x249/0x340
[  531.375108][T23377]  ? __pfx_warn_alloc+0x10/0x10
[  531.375129][T23377]  ? __get_vm_area_node+0x13f/0x300
[  531.375152][T23377]  ? __get_vm_area_node+0x2b5/0x300
[  531.375178][T23377]  __vmalloc_node_range_noprof+0x397/0x1730
[  531.375202][T23377]  ? kasan_save_track+0x3e/0x80
[  531.375239][T23377]  ? __might_fault+0xaf/0x130
[  531.375258][T23377]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  531.375281][T23377]  ? ethtool_get_stats+0x202/0x3b0
[  531.375302][T23377]  vzalloc_noprof+0xb2/0xe0
[  531.375319][T23377]  ? ethtool_get_stats+0x202/0x3b0
[  531.375339][T23377]  ethtool_get_stats+0x202/0x3b0
[  531.375363][T23377]  ? __pfx_ethtool_get_stats+0x10/0x10
[  531.375384][T23377]  ? lockdep_hardirqs_on+0x7a/0x110
[  531.375405][T23377]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  531.375428][T23377]  dev_ethtool+0xb92/0x1ae0
[  531.375458][T23377]  ? __pfx_dev_ethtool+0x10/0x10
[  531.375475][T23377]  ? dev_load+0x21/0x1f0
[  531.375505][T23377]  ? dev_load+0x21/0x1f0
[  531.375524][T23377]  dev_ioctl+0x392/0x1150
[  531.375545][T23377]  sock_do_ioctl+0x23e/0x320
[  531.375568][T23377]  ? __pfx_sock_do_ioctl+0x10/0x10
[  531.375584][T23377]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  531.375618][T23377]  sock_ioctl+0x5c6/0x7f0
[  531.375642][T23377]  ? __pfx_sock_ioctl+0x10/0x10
[  531.375664][T23377]  ? __fget_files+0x2a/0x420
[  531.375680][T23377]  ? __fget_files+0x3a0/0x420
[  531.375695][T23377]  ? __fget_files+0x2a/0x420
[  531.375712][T23377]  ? bpf_lsm_file_ioctl+0x9/0x20
[  531.375727][T23377]  ? __pfx_sock_ioctl+0x10/0x10
[  531.375746][T23377]  __se_sys_ioctl+0xfc/0x170
[  531.375766][T23377]  do_syscall_64+0x14d/0xf80
[  531.375783][T23377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.375799][T23377]  ? trace_irq_disable+0x37/0x100
[  531.375817][T23377]  ? clear_bhb_loop+0x40/0x90
[  531.375837][T23377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.375853][T23377] RIP: 0033:0x7f050d59c629
[  531.375870][T23377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  531.375884][T23377] RSP: 002b:00007f050e403028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  531.375902][T23377] RAX: ffffffffffffffda RBX: 00007f050d815fa0 RCX: 00007f050d59c629
[  531.375915][T23377] RDX: 0000200000000000 RSI: 0000000000008946 RDI: 0000000000000003
[  531.375926][T23377] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  531.375936][T23377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.375947][T23377] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  531.375975][T23377]  </TASK>
[  531.375994][T23377] Mem-Info:
[  531.409686][T23387] netlink: 'syz.4.6427': attribute type 1 has an invalid length.
[  531.412342][T23377] active_anon:10954 inactive_anon:0 isolated_anon:0
[  531.412342][T23377]  active_file:4081 inactive_file:40160 isolated_file:0
[  531.412342][T23377]  unevictable:768 dirty:109 writeback:0
[  531.412342][T23377]  slab_reclaimable:12668 slab_unreclaimable:168516
[  531.412342][T23377]  mapped:31040 shmem:2412 pagetables:1347
[  531.412342][T23377]  sec_pagetables:0 bounce:0
[  531.412342][T23377]  kernel_misc_reclaimable:0
[  531.412342][T23377]  free:1247342 free_pcp:7536 free_cma:0
[  531.441768][T23387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6427'.
[  531.444541][T23377] Node 0 active_anon:44216kB inactive_anon:0kB active_file:16324kB inactive_file:160444kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124560kB dirty:432kB writeback:0kB shmem:8612kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14176kB pagetables:5048kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  531.457897][T23387] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6427'.
[  531.458856][T23377] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  531.628276][T23384] x_tables: duplicate underflow at hook 1
[  531.631136][T23377] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  531.848506][T23377] lowmem_reserve[]: 0 2494 2495 2495 2495
[  531.854274][T23377] Node 0 DMA32 free:1025764kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39560kB inactive_anon:0kB active_file:16324kB inactive_file:160448kB unevictable:1536kB writepending:444kB zspages:0kB present:3129332kB managed:2554008kB mlocked:0kB bounce:0kB free_pcp:40492kB local_pcp:14520kB free_cma:0kB
[  531.888405][T23377] lowmem_reserve[]: 0 0 0 0 0
[  531.893254][T23377] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:920kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB
[  531.925971][ T5825] Bluetooth: hci4: command tx timeout
[  531.931755][T23377] lowmem_reserve[]: 0 0 0 0 0
[  531.936604][T23377] Node 1 Normal free:3942172kB boost:0kB min:55684kB low:69604kB high:83524kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  531.969619][T23377] lowmem_reserve[]: 0 0 0 0 0
[  531.974716][T23377] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  531.987836][T23377] Node 0 DMA32: 6961*4kB (UE) 4301*8kB (UE) 1482*16kB (UME) 155*32kB (UM) 106*64kB (UME) 72*128kB (UM) 46*256kB (UM) 28*512kB (UM) 50*1024kB (UM) 11*2048kB (UME) 200*4096kB (UM) = 1025964kB
[  532.007621][T23377] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  532.021190][T23377] Node 1 Normal: 1*4kB (M) 9*8kB (UM) 13*16kB (UME) 6*32kB (UME) 7*64kB (UME) 3*128kB (UM) 4*256kB (UM) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 960*4096kB (M) = 3942172kB
[  532.039016][T23377] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  532.048909][T23377] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  532.058590][T23377] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  532.068423][T23377] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  532.077790][T23377] 45599 total pagecache pages
[  532.082931][T23377] 0 pages in swap cache
[  532.087124][T23377] Free swap  = 124996kB
[  532.091332][T23377] Total swap = 124996kB
[  532.095505][T23377] 2097051 pages RAM
[  532.099517][T23377] 0 pages HighMem/MovableOnly
[  532.104191][T23377] 426704 pages reserved
[  532.108933][T23377] 0 pages cma reserved
[  532.391718][    C0] net_ratelimit: 18 callbacks suppressed
[  532.391737][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  532.505122][T23418] netlink: 'syz.4.6437': attribute type 19 has an invalid length.
[  532.540351][T23418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6437'.
[  532.593936][   T35] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  532.603572][T23418] netlink: 'syz.4.6437': attribute type 19 has an invalid length.
[  532.605993][   T35] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  532.754163][   T35] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  532.776184][   T35] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  532.886007][T23439] netlink: 'syz.2.6446': attribute type 4 has an invalid length.
[  532.903842][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  532.911944][    C1] lec:lec_tx_timeout: lec0
[  532.917286][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  533.127105][T23460] FAULT_INJECTION: forcing a failure.
[  533.127105][T23460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.149885][T23460] CPU: 1 UID: 0 PID: 23460 Comm: syz.0.6452 Not tainted syzkaller #0 PREEMPT(full) 
[  533.149911][T23460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  533.149922][T23460] Call Trace:
[  533.149929][T23460]  <TASK>
[  533.149937][T23460]  dump_stack_lvl+0xe8/0x150
[  533.149964][T23460]  should_fail_ex+0x412/0x560
[  533.149991][T23460]  _copy_from_iter+0x1d3/0x1670
[  533.150015][T23460]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  533.150042][T23460]  ? __pfx_policy_nodemask+0x10/0x10
[  533.150068][T23460]  ? __pfx__copy_from_iter+0x10/0x10
[  533.150097][T23460]  ? set_page_refcounted+0xa0/0x1e0
[  533.150120][T23460]  ? page_copy_sane+0x4e/0x270
[  533.150144][T23460]  copy_page_from_iter+0xdd/0x170
[  533.150171][T23460]  tun_get_user+0x1d4b/0x3dd0
[  533.150193][T23460]  ? tun_get_user+0x6ff/0x3dd0
[  533.150230][T23460]  ? aa_file_perm+0x440/0x1630
[  533.150252][T23460]  ? __pfx_tun_get_user+0x10/0x10
[  533.150276][T23460]  ? __lock_acquire+0x6b5/0x2cf0
[  533.150307][T23460]  ? ref_tracker_alloc+0x363/0x4d0
[  533.150332][T23460]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  533.150356][T23460]  ? tun_get+0x1c/0x2f0
[  533.150377][T23460]  ? tun_get+0x1c/0x2f0
[  533.150403][T23460]  ? tun_get+0x1c/0x2f0
[  533.150423][T23460]  ? tun_get+0x1c/0x2f0
[  533.150448][T23460]  tun_chr_write_iter+0x113/0x200
[  533.150473][T23460]  vfs_write+0x61d/0xb90
[  533.150501][T23460]  ? __pfx_vfs_write+0x10/0x10
[  533.150530][T23460]  ? __fget_files+0x2a/0x420
[  533.150555][T23460]  ksys_write+0x150/0x270
[  533.150577][T23460]  ? __pfx_ksys_write+0x10/0x10
[  533.150605][T23460]  do_syscall_64+0x14d/0xf80
[  533.150626][T23460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.150642][T23460]  ? trace_irq_disable+0x37/0x100
[  533.150659][T23460]  ? clear_bhb_loop+0x40/0x90
[  533.150678][T23460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.150693][T23460] RIP: 0033:0x7f06d535cece
[  533.150708][T23460] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  533.150722][T23460] RSP: 002b:00007f06d61c4fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  533.150740][T23460] RAX: ffffffffffffffda RBX: 00007f06d61c56c0 RCX: 00007f06d535cece
[  533.150751][T23460] RDX: 00000000000000ae RSI: 00002000000000c0 RDI: 00000000000000c8
[  533.150762][T23460] RBP: 00007f06d61c5090 R08: 0000000000000000 R09: 0000000000000000
[  533.150773][T23460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.150783][T23460] R13: 00007f06d5616038 R14: 00007f06d5615fa0 R15: 00007ffd604b6908
[  533.150811][T23460]  </TASK>
[  533.662953][T23471] syzkaller0: entered promiscuous mode
[  533.668600][T23471] syzkaller0: entered allmulticast mode
[  533.890474][T23490] smc: net device wlan0 applied user defined pnetid SYZ0
[  533.996528][T23496] __nla_validate_parse: 2 callbacks suppressed
[  533.996546][T23496] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6463'.
[  534.012665][ T5825] Bluetooth: hci4: command tx timeout
[  534.047638][T23492] netlink: 248 bytes leftover after parsing attributes in process `syz.4.6462'.
[  534.321049][T23508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6467'.
[  534.471984][T23514] netlink: 'syz.2.6470': attribute type 75 has an invalid length.
[  534.486843][T23516] netlink: 'syz.2.6470': attribute type 75 has an invalid length.
[  534.795911][T23532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  534.845833][T23532] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.016467][T23532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.041750][T23532] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.184437][T23532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.208146][T23532] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.248976][T23556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6485'.
[  535.301205][T23532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  535.311964][T23532] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.345847][T23556] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6485'.
[  535.346482][T23561] FAULT_INJECTION: forcing a failure.
[  535.346482][T23561] name failslab, interval 1, probability 0, space 0, times 0
[  535.369301][T23561] CPU: 0 UID: 0 PID: 23561 Comm: syz.0.6486 Not tainted syzkaller #0 PREEMPT(full) 
[  535.369326][T23561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  535.369338][T23561] Call Trace:
[  535.369345][T23561]  <TASK>
[  535.369353][T23561]  dump_stack_lvl+0xe8/0x150
[  535.369379][T23561]  should_fail_ex+0x412/0x560
[  535.369406][T23561]  should_failslab+0xa8/0x100
[  535.369436][T23561]  __kmalloc_cache_noprof+0x88/0x660
[  535.369458][T23561]  ? __kthread_create_on_node+0x115/0x3f0
[  535.369476][T23561]  ? __init_swait_queue_head+0xa9/0x150
[  535.369497][T23561]  ? __pfx_rescuer_thread+0x10/0x10
[  535.369525][T23561]  __kthread_create_on_node+0x115/0x3f0
[  535.369547][T23561]  ? __pfx___kthread_create_on_node+0x10/0x10
[  535.369565][T23561]  ? string+0x279/0x2b0
[  535.369593][T23561]  ? __pfx_rescuer_thread+0x10/0x10
[  535.369613][T23561]  ? __pfx_rescuer_thread+0x10/0x10
[  535.369633][T23561]  kthread_create_on_node+0xeb/0x140
[  535.369658][T23561]  ? __pfx_kthread_create_on_node+0x10/0x10
[  535.369680][T23561]  ? __kmalloc_cache_node_noprof+0x3ef/0x6b0
[  535.369709][T23561]  init_rescuer+0x30c/0x530
[  535.369726][T23561]  ? __pfx___mutex_lock+0x10/0x10
[  535.369747][T23561]  ? __pfx_init_rescuer+0x10/0x10
[  535.369772][T23561]  ? wq_adjust_max_active+0x195/0x4b0
[  535.369791][T23561]  ? apply_wqattrs_commit+0x3a7/0x4e0
[  535.369811][T23561]  __alloc_workqueue+0x1a84/0x1e90
[  535.369844][T23561]  alloc_workqueue_noprof+0xe3/0x210
[  535.369869][T23561]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  535.369894][T23561]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  535.369915][T23561]  nci_register_device+0x22c/0xa00
[  535.369941][T23561]  ? __pfx_nci_register_device+0x10/0x10
[  535.369963][T23561]  ? __raw_spin_lock_init+0x45/0x100
[  535.369983][T23561]  ? __init_waitqueue_head+0xa9/0x150
[  535.370007][T23561]  virtual_ncidev_open+0x129/0x1a0
[  535.370030][T23561]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  535.370046][T23561]  misc_open+0x2d5/0x350
[  535.370068][T23561]  chrdev_open+0x4cd/0x5e0
[  535.370090][T23561]  ? __pfx_chrdev_open+0x10/0x10
[  535.370109][T23561]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  535.370130][T23561]  ? __pfx_chrdev_open+0x10/0x10
[  535.370146][T23561]  do_dentry_open+0x785/0x14e0
[  535.370179][T23561]  vfs_open+0x3b/0x340
[  535.370191][T23561]  ? path_openat+0x2df0/0x3860
[  535.370209][T23561]  path_openat+0x2e08/0x3860
[  535.370237][T23561]  ? __pfx_stack_trace_save+0x10/0x10
[  535.370259][T23561]  ? stack_depot_save_flags+0x33/0x810
[  535.370290][T23561]  ? __pfx_path_openat+0x10/0x10
[  535.370305][T23561]  ? __x64_sys_openat+0x138/0x170
[  535.370326][T23561]  ? __lock_acquire+0x6b5/0x2cf0
[  535.370352][T23561]  do_file_open+0x23e/0x4a0
[  535.370376][T23561]  ? __pfx_do_file_open+0x10/0x10
[  535.370416][T23561]  ? _raw_spin_unlock+0x28/0x50
[  535.370433][T23561]  ? alloc_fd+0x64b/0x6c0
[  535.370458][T23561]  do_sys_openat2+0x113/0x200
[  535.370476][T23561]  ? __pfx_do_sys_openat2+0x10/0x10
[  535.370490][T23561]  ? ksys_write+0x242/0x270
[  535.370517][T23561]  ? __pfx_ksys_write+0x10/0x10
[  535.370537][T23561]  __x64_sys_openat+0x138/0x170
[  535.370556][T23561]  do_syscall_64+0x14d/0xf80
[  535.370576][T23561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.370592][T23561]  ? trace_irq_disable+0x37/0x100
[  535.370610][T23561]  ? clear_bhb_loop+0x40/0x90
[  535.370631][T23561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.370648][T23561] RIP: 0033:0x7f06d539c629
[  535.370665][T23561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  535.370679][T23561] RSP: 002b:00007f06d61c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  535.370697][T23561] RAX: ffffffffffffffda RBX: 00007f06d5615fa0 RCX: 00007f06d539c629
[  535.370710][T23561] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  535.370722][T23561] RBP: 00007f06d61c5090 R08: 0000000000000000 R09: 0000000000000000
[  535.370733][T23561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  535.370743][T23561] R13: 00007f06d5616038 R14: 00007f06d5615fa0 R15: 00007ffd604b6908
[  535.370773][T23561]  </TASK>
[  535.784329][T23561] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -ENOMEM
[  535.829370][T23563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6487'.
[  535.943008][   T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  535.956270][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.067617][ T3477] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  536.075923][ T3477] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.085239][ T3477] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  536.093513][ T3477] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.102703][ T3477] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  536.108317][T23577] SET target dimension over the limit!
[  536.110964][ T3477] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.120856][T23576] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6493'.
[  536.142654][T23579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6491'.
[  536.166398][T23576] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6493'.
[  536.186007][T23576] gretap0: entered promiscuous mode
[  536.214945][T23576] gretap0: left promiscuous mode
[  536.401264][T23598] sctp: [Deprecated]: syz.3.6499 (pid 23598) Use of int in max_burst socket option deprecated.
[  536.401264][T23598] Use struct sctp_assoc_value instead
[  536.483389][T23598] netlink: 80 bytes leftover after parsing attributes in process `syz.3.6499'.
[  537.131080][T23636] netlink: 'syz.4.6512': attribute type 1 has an invalid length.
[  537.928277][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  537.936355][    C1] lec:lec_tx_timeout: lec0
[  537.941267][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  538.270502][T23663] FAULT_INJECTION: forcing a failure.
[  538.270502][T23663] name failslab, interval 1, probability 0, space 0, times 0
[  538.284936][T23663] CPU: 0 UID: 0 PID: 23663 Comm: syz.2.6516 Not tainted syzkaller #0 PREEMPT(full) 
[  538.284958][T23663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  538.284967][T23663] Call Trace:
[  538.284973][T23663]  <TASK>
[  538.284979][T23663]  dump_stack_lvl+0xe8/0x150
[  538.285001][T23663]  should_fail_ex+0x412/0x560
[  538.285023][T23663]  should_failslab+0xa8/0x100
[  538.285043][T23663]  __kmalloc_cache_noprof+0x88/0x660
[  538.285058][T23663]  ? sctp_v6_cmp_addr+0x15/0xd0
[  538.285073][T23663]  ? sctp_add_bind_addr+0x8c/0x370
[  538.285090][T23663]  sctp_add_bind_addr+0x8c/0x370
[  538.285107][T23663]  sctp_copy_local_addr_list+0x314/0x4f0
[  538.285123][T23663]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  538.285137][T23663]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  538.285152][T23663]  ? sctp_v6_is_any+0x64/0x80
[  538.285167][T23663]  ? sctp_copy_one_addr+0x93/0x360
[  538.285182][T23663]  sctp_bind_addr_copy+0xb3/0x3c0
[  538.285196][T23663]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  538.285216][T23663]  sctp_connect_new_asoc+0x2ff/0x6b0
[  538.285236][T23663]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  538.285256][T23663]  ? __local_bh_enable_ip+0xd0/0x130
[  538.285270][T23663]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  538.285288][T23663]  ? security_sctp_bind_connect+0x7e/0x2c0
[  538.285306][T23663]  sctp_sendmsg+0x1528/0x2c10
[  538.285331][T23663]  ? __pfx_sctp_sendmsg+0x10/0x10
[  538.285346][T23663]  ? aa_sk_perm+0x15a/0x960
[  538.285363][T23663]  ? aa_sk_perm+0x82d/0x960
[  538.285378][T23663]  ? __might_fault+0xaf/0x130
[  538.285397][T23663]  ? __pfx_aa_sk_perm+0x10/0x10
[  538.285415][T23663]  ? sock_rps_record_flow+0x19/0x400
[  538.285434][T23663]  ? inet_sendmsg+0x2f4/0x370
[  538.285453][T23663]  __sys_sendto+0x627/0x7a0
[  538.285470][T23663]  ? __pfx___sys_sendto+0x10/0x10
[  538.285488][T23663]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  538.285515][T23663]  ? __fget_files+0x3a0/0x420
[  538.285535][T23663]  ? ksys_write+0x242/0x270
[  538.285552][T23663]  ? __pfx_ksys_write+0x10/0x10
[  538.285571][T23663]  __x64_sys_sendto+0xde/0x100
[  538.285587][T23663]  do_syscall_64+0x14d/0xf80
[  538.285603][T23663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.285615][T23663]  ? trace_irq_disable+0x37/0x100
[  538.285629][T23663]  ? clear_bhb_loop+0x40/0x90
[  538.285644][T23663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.285657][T23663] RIP: 0033:0x7fc82519c629
[  538.285669][T23663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  538.285681][T23663] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  538.285696][T23663] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  538.285707][T23663] RDX: 0000000000000001 RSI: 00002000000004c0 RDI: 0000000000000003
[  538.285715][T23663] RBP: 00007fc82613f090 R08: 0000200000000480 R09: 000000000000001c
[  538.285724][T23663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  538.285732][T23663] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  538.285754][T23663]  </TASK>
[  538.755465][T23645] syzkaller0: entered promiscuous mode
[  538.763516][T23645] syzkaller0: entered allmulticast mode
[  538.861013][T23674] netlink: 'syz.1.6520': attribute type 1 has an invalid length.
[  539.172073][ T6008] hid-generic 0005:0B57:0005.0009: item fetching failed at offset 0/2
[  539.203902][ T6008] hid-generic 0005:0B57:0005.0009: probe with driver hid-generic failed with error -22
[  539.341387][T23693] __nla_validate_parse: 4 callbacks suppressed
[  539.341405][T23693] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6527'.
[  539.366274][T23684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  539.377456][T23684] netlink: 'syz.1.6525': attribute type 1 has an invalid length.
[  539.502172][T23697] FAULT_INJECTION: forcing a failure.
[  539.502172][T23697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.516246][T23697] CPU: 0 UID: 0 PID: 23697 Comm: syz.2.6529 Not tainted syzkaller #0 PREEMPT(full) 
[  539.516270][T23697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  539.516281][T23697] Call Trace:
[  539.516288][T23697]  <TASK>
[  539.516295][T23697]  dump_stack_lvl+0xe8/0x150
[  539.516322][T23697]  should_fail_ex+0x412/0x560
[  539.516346][T23697]  _copy_from_iter+0x1d3/0x1670
[  539.516369][T23697]  ? rep_movs_alternative+0x4a/0x90
[  539.516392][T23697]  ? __pfx__copy_from_iter+0x10/0x10
[  539.516411][T23697]  ? sock_alloc_send_pskb+0x896/0x990
[  539.516437][T23697]  ? __pfx__copy_from_iter+0x10/0x10
[  539.516461][T23697]  ? page_copy_sane+0x4e/0x270
[  539.516485][T23697]  copy_page_from_iter+0xdd/0x170
[  539.516511][T23697]  skb_copy_datagram_from_iter+0x306/0x710
[  539.516543][T23697]  tun_get_user+0xc38/0x3dd0
[  539.516573][T23697]  ? aa_file_perm+0x12d/0x1630
[  539.516598][T23697]  ? aa_file_perm+0x440/0x1630
[  539.516618][T23697]  ? __pfx_tun_get_user+0x10/0x10
[  539.516638][T23697]  ? __lock_acquire+0x6b5/0x2cf0
[  539.516657][T23697]  ? kstrtoull+0x12f/0x1d0
[  539.516682][T23697]  ? ref_tracker_alloc+0x363/0x4d0
[  539.516706][T23697]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  539.516727][T23697]  ? tun_get+0x1c/0x2f0
[  539.516747][T23697]  ? tun_get+0x1c/0x2f0
[  539.516771][T23697]  ? tun_get+0x1c/0x2f0
[  539.516790][T23697]  ? tun_get+0x1c/0x2f0
[  539.516813][T23697]  tun_chr_write_iter+0x113/0x200
[  539.516837][T23697]  vfs_write+0x61d/0xb90
[  539.516862][T23697]  ? __pfx_vfs_write+0x10/0x10
[  539.516887][T23697]  ? __fget_files+0x2a/0x420
[  539.516910][T23697]  ksys_write+0x150/0x270
[  539.516928][T23697]  ? __pfx_ksys_write+0x10/0x10
[  539.516953][T23697]  do_syscall_64+0x14d/0xf80
[  539.516970][T23697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.516984][T23697]  ? trace_irq_disable+0x37/0x100
[  539.517000][T23697]  ? clear_bhb_loop+0x40/0x90
[  539.517020][T23697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.517036][T23697] RIP: 0033:0x7fc82519c629
[  539.517050][T23697] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  539.517063][T23697] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  539.517082][T23697] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  539.517095][T23697] RDX: 000000000000fdef RSI: 0000200000000340 RDI: 0000000000000003
[  539.517106][T23697] RBP: 00007fc82613f090 R08: 0000000000000000 R09: 0000000000000000
[  539.517126][T23697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  539.517136][T23697] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  539.517157][T23697]  </TASK>
[  540.689723][T23715] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6534'.
[  540.707576][T23718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6536'.
[  540.718008][T23715] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6534'.
[  540.825905][T23724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6537'.
[  540.835888][T23724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6537'.
[  540.848859][T23724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6537'.
[  540.919204][T23730] x_tables: duplicate underflow at hook 1
[  540.983099][T23733] syz_tun: entered allmulticast mode
[  541.030151][T23736] Cannot find add_set index 0 as target
[  541.070713][T23733] syz_tun: left allmulticast mode
[  541.578352][T23758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6550'.
[  541.782621][T23770] netlink: 256 bytes leftover after parsing attributes in process `syz.0.6554'.
[  542.228806][T23786] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.6559'.
[  542.787101][T23832] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048)
[  542.948130][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  542.956173][    C1] lec:lec_tx_timeout: lec0
[  542.960997][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  543.077337][T23839] 8021q: adding VLAN 0 to HW filter on device bond2
[  543.208016][T23851] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  543.597325][T23877] FAULT_INJECTION: forcing a failure.
[  543.597325][T23877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  543.611211][T23877] CPU: 0 UID: 0 PID: 23877 Comm: syz.1.6595 Not tainted syzkaller #0 PREEMPT(full) 
[  543.611236][T23877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  543.611247][T23877] Call Trace:
[  543.611254][T23877]  <TASK>
[  543.611262][T23877]  dump_stack_lvl+0xe8/0x150
[  543.611288][T23877]  should_fail_ex+0x412/0x560
[  543.611314][T23877]  _copy_from_iter+0x1d3/0x1670
[  543.611345][T23877]  ? rcu_is_watching+0x15/0xb0
[  543.611365][T23877]  ? __pfx__copy_from_iter+0x10/0x10
[  543.611395][T23877]  ? netlink_sendmsg+0x650/0xb40
[  543.611411][T23877]  ? skb_put+0x11b/0x210
[  543.611431][T23877]  netlink_sendmsg+0x6c0/0xb40
[  543.611454][T23877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.611474][T23877]  ? aa_sock_msg_perm+0xf1/0x1b0
[  543.611497][T23877]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  543.611519][T23877]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.611535][T23877]  ____sys_sendmsg+0xa68/0xad0
[  543.611555][T23877]  ? __might_fault+0xaf/0x130
[  543.611579][T23877]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.611605][T23877]  ? import_iovec+0x73/0xa0
[  543.611624][T23877]  ___sys_sendmsg+0x2a5/0x360
[  543.611652][T23877]  ? __lock_acquire+0x6b5/0x2cf0
[  543.611674][T23877]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.611726][T23877]  ? __fget_files+0x2a/0x420
[  543.611742][T23877]  ? __fget_files+0x3a0/0x420
[  543.611768][T23877]  __x64_sys_sendmsg+0x1bd/0x2a0
[  543.611790][T23877]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  543.611818][T23877]  ? __pfx_ksys_write+0x10/0x10
[  543.611848][T23877]  do_syscall_64+0x14d/0xf80
[  543.611868][T23877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.611884][T23877]  ? trace_irq_disable+0x37/0x100
[  543.611902][T23877]  ? clear_bhb_loop+0x40/0x90
[  543.611922][T23877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.611938][T23877] RIP: 0033:0x7f050d59c629
[  543.611954][T23877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  543.611968][T23877] RSP: 002b:00007f050e403028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.611988][T23877] RAX: ffffffffffffffda RBX: 00007f050d815fa0 RCX: 00007f050d59c629
[  543.612001][T23877] RDX: 000000000000c004 RSI: 0000200000000000 RDI: 0000000000000003
[  543.612013][T23877] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  543.612024][T23877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.612034][T23877] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  543.612062][T23877]  </TASK>
[  544.444154][T23928] __nla_validate_parse: 13 callbacks suppressed
[  544.444174][T23928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6614'.
[  544.565811][T23934] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6616'.
[  544.587837][T23932] tipc: MTU too low for tipc bearer
[  544.774139][T23944] syzkaller0: entered promiscuous mode
[  544.788336][T23944] syzkaller0: entered allmulticast mode
[  544.799451][T23945] sctp: [Deprecated]: syz.2.6619 (pid 23945) Use of struct sctp_assoc_value in delayed_ack socket option.
[  544.799451][T23945] Use struct sctp_sack_info instead
[  544.909059][T23950] netlink: 892 bytes leftover after parsing attributes in process `syz.4.6621'.
[  545.093093][T23954] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6623'.
[  545.321228][T23966] netlink: 212 bytes leftover after parsing attributes in process `syz.0.6627'.
[  545.398715][T23970] netlink: 'syz.0.6629': attribute type 1 has an invalid length.
[  545.596366][T23982] netlink: 64 bytes leftover after parsing attributes in process `syz.0.6635'.
[  545.629854][T23984] vxcan1 speed is unknown, defaulting to 1000
[  545.657444][T23984] vxcan1 speed is unknown, defaulting to 1000
[  545.687519][T23984] vxcan1 speed is unknown, defaulting to 1000
[  545.819487][T23996] FAULT_INJECTION: forcing a failure.
[  545.819487][T23996] name failslab, interval 1, probability 0, space 0, times 0
[  545.843788][T23996] CPU: 0 UID: 0 PID: 23996 Comm: syz.1.6640 Not tainted syzkaller #0 PREEMPT(full) 
[  545.843814][T23996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  545.843825][T23996] Call Trace:
[  545.843833][T23996]  <TASK>
[  545.843841][T23996]  dump_stack_lvl+0xe8/0x150
[  545.843868][T23996]  should_fail_ex+0x412/0x560
[  545.843896][T23996]  should_failslab+0xa8/0x100
[  545.843921][T23996]  __kmalloc_cache_noprof+0x88/0x660
[  545.843943][T23996]  ? __kthread_create_on_node+0x115/0x3f0
[  545.843962][T23996]  ? __init_swait_queue_head+0xa9/0x150
[  545.843983][T23996]  ? __pfx_rescuer_thread+0x10/0x10
[  545.844006][T23996]  __kthread_create_on_node+0x115/0x3f0
[  545.844030][T23996]  ? __pfx___kthread_create_on_node+0x10/0x10
[  545.844048][T23996]  ? string+0x279/0x2b0
[  545.844076][T23996]  ? __pfx_rescuer_thread+0x10/0x10
[  545.844096][T23996]  ? __pfx_rescuer_thread+0x10/0x10
[  545.844116][T23996]  kthread_create_on_node+0xeb/0x140
[  545.844142][T23996]  ? __pfx_kthread_create_on_node+0x10/0x10
[  545.844164][T23996]  ? __kmalloc_cache_node_noprof+0x3ef/0x6b0
[  545.844194][T23996]  init_rescuer+0x30c/0x530
[  545.844210][T23996]  ? __pfx___mutex_lock+0x10/0x10
[  545.844233][T23996]  ? __pfx_init_rescuer+0x10/0x10
[  545.844258][T23996]  ? wq_adjust_max_active+0x195/0x4b0
[  545.844279][T23996]  ? apply_wqattrs_commit+0x3a7/0x4e0
[  545.844301][T23996]  __alloc_workqueue+0x1a84/0x1e90
[  545.844338][T23996]  alloc_workqueue_noprof+0xe3/0x210
[  545.844366][T23996]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  545.844394][T23996]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  545.844419][T23996]  nci_register_device+0x22c/0xa00
[  545.844448][T23996]  ? __pfx_nci_register_device+0x10/0x10
[  545.844473][T23996]  ? __raw_spin_lock_init+0x45/0x100
[  545.844500][T23996]  ? __init_waitqueue_head+0xa9/0x150
[  545.844526][T23996]  virtual_ncidev_open+0x129/0x1a0
[  545.844549][T23996]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  545.844568][T23996]  misc_open+0x2d5/0x350
[  545.844592][T23996]  chrdev_open+0x4cd/0x5e0
[  545.844616][T23996]  ? __pfx_chrdev_open+0x10/0x10
[  545.844637][T23996]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  545.844662][T23996]  ? __pfx_chrdev_open+0x10/0x10
[  545.844745][T23996]  do_dentry_open+0x785/0x14e0
[  545.844785][T23996]  vfs_open+0x3b/0x340
[  545.844801][T23996]  ? path_openat+0x2df0/0x3860
[  545.844823][T23996]  path_openat+0x2e08/0x3860
[  545.844858][T23996]  ? __pfx_stack_trace_save+0x10/0x10
[  545.844884][T23996]  ? stack_depot_save_flags+0x33/0x810
[  545.844914][T23996]  ? __pfx_path_openat+0x10/0x10
[  545.844931][T23996]  ? __x64_sys_openat+0x138/0x170
[  545.844953][T23996]  ? __lock_acquire+0x6b5/0x2cf0
[  545.844983][T23996]  do_file_open+0x23e/0x4a0
[  545.845008][T23996]  ? __pfx_do_file_open+0x10/0x10
[  545.845049][T23996]  ? _raw_spin_unlock+0x28/0x50
[  545.845067][T23996]  ? alloc_fd+0x64b/0x6c0
[  545.845095][T23996]  do_sys_openat2+0x113/0x200
[  545.845115][T23996]  ? __pfx_do_sys_openat2+0x10/0x10
[  545.845133][T23996]  ? ksys_write+0x242/0x270
[  545.845155][T23996]  ? __pfx_ksys_write+0x10/0x10
[  545.845177][T23996]  __x64_sys_openat+0x138/0x170
[  545.845201][T23996]  do_syscall_64+0x14d/0xf80
[  545.845222][T23996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.845238][T23996]  ? trace_irq_disable+0x37/0x100
[  545.845256][T23996]  ? clear_bhb_loop+0x40/0x90
[  545.845277][T23996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.845293][T23996] RIP: 0033:0x7f050d59c629
[  545.845311][T23996] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  545.845323][T23996] RSP: 002b:00007f050e403028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  545.845341][T23996] RAX: ffffffffffffffda RBX: 00007f050d815fa0 RCX: 00007f050d59c629
[  545.845354][T23996] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  545.845366][T23996] RBP: 00007f050e403090 R08: 0000000000000000 R09: 0000000000000000
[  545.845378][T23996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  545.845388][T23996] R13: 00007f050d816038 R14: 00007f050d815fa0 R15: 00007ffd531bc0f8
[  545.845415][T23996]  </TASK>
[  545.845510][T23996] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -ENOMEM
[  546.056799][T24002] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6639'.
[  546.526735][T24012] netlink: 868 bytes leftover after parsing attributes in process `syz.4.6643'.
[  546.695161][T24015] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6645'.
[  546.774604][   T10] vxcan1 speed is unknown, defaulting to 1000
[  546.784454][T23984] infiniband syz2: set active
[  546.795241][T23984] infiniband syz2: added vxcan1
[  546.872975][T24020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6647'.
[  546.885094][T23984] RDS/IB: syz2: added
[  546.896459][T23984] smc: adding ib device syz2 with port count 1
[  546.903740][T23984] smc:    ib device syz2 port 1 has no pnetid
[  546.913522][   T10] vxcan1 speed is unknown, defaulting to 1000
[  546.924264][T23984] vxcan1 speed is unknown, defaulting to 1000
[  547.090707][T23984] vxcan1 speed is unknown, defaulting to 1000
[  547.214099][T23984] vxcan1 speed is unknown, defaulting to 1000
[  547.341731][T23984] vxcan1 speed is unknown, defaulting to 1000
[  547.706215][T24031] 8021q: adding VLAN 0 to HW filter on device bond1
[  547.725440][T24035] bond_slave_0: entered promiscuous mode
[  547.731550][T24035] bond_slave_1: entered promiscuous mode
[  547.798770][T24035] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  547.820560][T24035] bond1: (slave macvlan2): making interface the new active one
[  547.831715][T24035] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[  547.866622][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  547.876055][T23984] vxcan1 speed is unknown, defaulting to 1000
[  547.882535][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  547.892397][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  547.926782][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  547.960632][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  547.968214][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  547.976340][    C1] lec:lec_tx_timeout: lec0
[  547.981050][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  548.234495][T23984] vxcan1 speed is unknown, defaulting to 1000
[  548.362417][T23984] vxcan1 speed is unknown, defaulting to 1000
[  548.484972][T23984] vxcan1 speed is unknown, defaulting to 1000
[  548.602960][T23984] vxcan1 speed is unknown, defaulting to 1000
[  548.722654][T23984] vxcan1 speed is unknown, defaulting to 1000
[  548.844543][T24031] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:2063:99ff:fe08:ba4c error=-28
[  549.166426][T24036] chnl_net:caif_netlink_parms(): no params data found
[  549.220611][T24068] IPv6: addrconf: prefix option has invalid lifetime
[  549.227361][T24068] IPv6: addrconf: prefix option has invalid lifetime
[  549.261099][T24031] infiniband syz0: set active
[  549.268219][T24031] infiniband syz0: added bond0
[  549.273360][T24070] tipc: Started in network mode
[  549.298913][T24070] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  549.330520][T24031] RDS/IB: syz0: added
[  549.331639][T24070] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  549.334593][T24031] smc: adding ib device syz0 with port count 1
[  549.349609][T24031] smc:    ib device syz0 port 1 has no pnetid
[  549.379560][T24070] tipc: Enabled bearer <udp:syz0>, priority 10
[  549.532516][T24036] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.552458][T24036] bridge0: port 1(bridge_slave_0) entered disabled state
[  549.566634][T24036] bridge_slave_0: entered allmulticast mode
[  549.574980][T24036] bridge_slave_0: entered promiscuous mode
[  549.583810][T24036] bridge0: port 2(bridge_slave_1) entered blocking state
[  549.591396][T24036] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.599232][T24036] bridge_slave_1: entered allmulticast mode
[  549.607116][T24036] bridge_slave_1: entered promiscuous mode
[  549.675452][T24036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  549.701030][T24036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  549.764735][T24036] team0: Port device team_slave_0 added
[  549.783507][T24036] team0: Port device team_slave_1 added
[  549.916702][T24036] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.944295][T24036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  549.981536][T24036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  550.015992][T24036] batman_adv: batadv0: Adding interface: batadv_slave_1
[  550.033627][T24036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  550.078801][ T5825] Bluetooth: hci3: command tx timeout
[  550.088125][T24036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  550.246131][T24036] hsr_slave_0: entered promiscuous mode
[  550.263674][T24036] hsr_slave_1: entered promiscuous mode
[  550.279055][T24036] debugfs: 'hsr0' already exists in 'hsr'
[  550.298136][T24036] Cannot create hsr debugfs directory
[  550.325166][T24106] __nla_validate_parse: 7 callbacks suppressed
[  550.325184][T24106] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6672'.
[  550.383031][T24106] openvswitch: netlink: Flow actions attr not present in new flow.
[  550.481322][T24084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  550.511652][   T10] tipc: Node number set to 1
[  550.607411][T24036] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.628489][T24036] netdevsim netdevsim1 eth3 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  550.638527][T24036] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 34333 - 0
[  550.649267][T24036] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  550.766060][T24036] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.789586][T24036] netdevsim netdevsim1 eth2 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  550.799861][T24036] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 34333 - 0
[  550.817209][T24117] FAULT_INJECTION: forcing a failure.
[  550.817209][T24117] name failslab, interval 1, probability 0, space 0, times 0
[  550.828148][T24036] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  550.830512][T24117] CPU: 1 UID: 0 PID: 24117 Comm: syz.2.6677 Not tainted syzkaller #0 PREEMPT(full) 
[  550.830532][T24117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  550.830544][T24117] Call Trace:
[  550.830551][T24117]  <TASK>
[  550.830559][T24117]  dump_stack_lvl+0xe8/0x150
[  550.830585][T24117]  should_fail_ex+0x412/0x560
[  550.830612][T24117]  should_failslab+0xa8/0x100
[  550.830635][T24117]  __kmalloc_cache_noprof+0x88/0x660
[  550.830654][T24117]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  550.830673][T24117]  ? sctp_add_bind_addr+0x8c/0x370
[  550.830695][T24117]  sctp_add_bind_addr+0x8c/0x370
[  550.830716][T24117]  sctp_copy_local_addr_list+0x314/0x4f0
[  550.830736][T24117]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  550.830754][T24117]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  550.830773][T24117]  ? sctp_v6_is_any+0x64/0x80
[  550.830792][T24117]  ? sctp_copy_one_addr+0x93/0x360
[  550.830812][T24117]  sctp_bind_addr_copy+0xb3/0x3c0
[  550.830830][T24117]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  550.830856][T24117]  sctp_connect_new_asoc+0x2ff/0x6b0
[  550.830879][T24117]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  550.830904][T24117]  ? __local_bh_enable_ip+0xd0/0x130
[  550.830920][T24117]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  550.830941][T24117]  ? security_sctp_bind_connect+0x7e/0x2c0
[  550.830963][T24117]  sctp_sendmsg+0x1528/0x2c10
[  550.830995][T24117]  ? __pfx_sctp_sendmsg+0x10/0x10
[  550.831013][T24117]  ? aa_sk_perm+0x15a/0x960
[  550.831034][T24117]  ? aa_sk_perm+0x82d/0x960
[  550.831060][T24117]  ? __pfx_aa_sk_perm+0x10/0x10
[  550.831083][T24117]  ? sock_rps_record_flow+0x19/0x400
[  550.831106][T24117]  ? inet_sendmsg+0x2f4/0x370
[  550.831129][T24117]  ____sys_sendmsg+0x894/0xad0
[  550.831157][T24117]  ? __pfx_____sys_sendmsg+0x10/0x10
[  550.831185][T24117]  ? import_iovec+0x73/0xa0
[  550.831205][T24117]  ___sys_sendmsg+0x2a5/0x360
[  550.831222][T24117]  ? __lock_acquire+0x6b5/0x2cf0
[  550.831243][T24117]  ? __pfx____sys_sendmsg+0x10/0x10
[  550.831267][T24117]  ? kstrtouint+0x6e/0xe0
[  550.831317][T24117]  ? __fget_files+0x2a/0x420
[  550.831333][T24117]  ? __fget_files+0x3a0/0x420
[  550.831358][T24117]  __sys_sendmmsg+0x27c/0x4e0
[  550.831382][T24117]  ? __pfx___sys_sendmmsg+0x10/0x10
[  550.831399][T24117]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  550.831447][T24117]  ? ksys_write+0x242/0x270
[  550.831468][T24117]  ? __pfx_ksys_write+0x10/0x10
[  550.831493][T24117]  __x64_sys_sendmmsg+0xa0/0xc0
[  550.831514][T24117]  do_syscall_64+0x14d/0xf80
[  550.831534][T24117]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.831549][T24117]  ? trace_irq_disable+0x37/0x100
[  550.831567][T24117]  ? clear_bhb_loop+0x40/0x90
[  550.831586][T24117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.831602][T24117] RIP: 0033:0x7fc82519c629
[  550.831617][T24117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  550.831631][T24117] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  550.831650][T24117] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  550.831662][T24117] RDX: 0000000000000001 RSI: 0000200000001d80 RDI: 0000000000000003
[  550.831672][T24117] RBP: 00007fc82613f090 R08: 0000000000000000 R09: 0000000000000000
[  550.831683][T24117] R10: 00000000000005dc R11: 0000000000000246 R12: 0000000000000002
[  550.831693][T24117] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  550.831721][T24117]  </TASK>
[  551.227700][T24121] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6679'.
[  551.243916][T24036] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  551.254524][T24036] netdevsim netdevsim1 eth1 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  551.264917][T24036] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 34333 - 0
[  551.276233][T24036] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  551.297224][T24121] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6679'.
[  551.347085][T24036] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  551.355263][T24123] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[  551.368226][T24036] netdevsim netdevsim1 eth0 (unregistering): unset [0, 1] type 1 family 0 port 256 - 0
[  551.368259][T24036] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 34333 - 0
[  551.368284][T24036] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  551.467071][T24124] netlink: 'syz.2.6680': attribute type 3 has an invalid length.
[  551.619040][T24128] veth0: entered promiscuous mode
[  552.131414][T24130] vxcan1 speed is unknown, defaulting to 1000
[  552.159002][ T5825] Bluetooth: hci3: command tx timeout
[  552.182382][T24122] veth0: left promiscuous mode
[  552.357200][T24131] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6681'.
[  552.642628][T24086] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  552.656578][T24111] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6673'.
[  552.798924][T24036] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  552.849948][T24036] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  552.925044][T24036] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  552.971937][T24036] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  552.988285][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  552.996367][    C1] lec:lec_tx_timeout: lec0
[  553.001265][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  553.193017][T24163] FAULT_INJECTION: forcing a failure.
[  553.193017][T24163] name failslab, interval 1, probability 0, space 0, times 0
[  553.218495][T24163] CPU: 0 UID: 0 PID: 24163 Comm: syz.4.6689 Not tainted syzkaller #0 PREEMPT(full) 
[  553.218520][T24163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  553.218530][T24163] Call Trace:
[  553.218536][T24163]  <TASK>
[  553.218544][T24163]  dump_stack_lvl+0xe8/0x150
[  553.218569][T24163]  should_fail_ex+0x412/0x560
[  553.218595][T24163]  should_failslab+0xa8/0x100
[  553.218614][T24163]  ? skb_clone+0x212/0x3a0
[  553.218633][T24163]  kmem_cache_alloc_noprof+0x87/0x650
[  553.218651][T24163]  ? __netlink_lookup+0xc6/0x8b0
[  553.218674][T24163]  skb_clone+0x212/0x3a0
[  553.218694][T24163]  __netlink_deliver_tap+0x404/0x850
[  553.218720][T24163]  ? netlink_deliver_tap+0x2e/0x1b0
[  553.218739][T24163]  netlink_deliver_tap+0x19c/0x1b0
[  553.218758][T24163]  netlink_unicast+0x7e3/0x9b0
[  553.218788][T24163]  ? __pfx_netlink_unicast+0x10/0x10
[  553.218812][T24163]  ? netlink_sendmsg+0x650/0xb40
[  553.218828][T24163]  ? skb_put+0x11b/0x210
[  553.218848][T24163]  netlink_sendmsg+0x813/0xb40
[  553.218873][T24163]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.218894][T24163]  ? aa_sock_msg_perm+0xf1/0x1b0
[  553.218916][T24163]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  553.218939][T24163]  ? __pfx_netlink_sendmsg+0x10/0x10
[  553.218955][T24163]  ____sys_sendmsg+0xa68/0xad0
[  553.218975][T24163]  ? __might_fault+0xaf/0x130
[  553.219001][T24163]  ? __pfx_____sys_sendmsg+0x10/0x10
[  553.219029][T24163]  ? import_iovec+0x73/0xa0
[  553.219050][T24163]  ___sys_sendmsg+0x2a5/0x360
[  553.219068][T24163]  ? __lock_acquire+0x6b5/0x2cf0
[  553.219098][T24163]  ? __pfx____sys_sendmsg+0x10/0x10
[  553.219150][T24163]  ? __fget_files+0x2a/0x420
[  553.219166][T24163]  ? __fget_files+0x3a0/0x420
[  553.219192][T24163]  __x64_sys_sendmsg+0x1bd/0x2a0
[  553.219215][T24163]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  553.219243][T24163]  ? __pfx_ksys_write+0x10/0x10
[  553.219274][T24163]  do_syscall_64+0x14d/0xf80
[  553.219295][T24163]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.219312][T24163]  ? trace_irq_disable+0x37/0x100
[  553.219328][T24163]  ? clear_bhb_loop+0x40/0x90
[  553.219348][T24163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.219365][T24163] RIP: 0033:0x7fdcf7d9c629
[  553.219381][T24163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  553.219402][T24163] RSP: 002b:00007fdcf5ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  553.219422][T24163] RAX: ffffffffffffffda RBX: 00007fdcf8015fa0 RCX: 00007fdcf7d9c629
[  553.219434][T24163] RDX: 0000000000048810 RSI: 0000200000000140 RDI: 0000000000000003
[  553.219445][T24163] RBP: 00007fdcf5ff6090 R08: 0000000000000000 R09: 0000000000000000
[  553.219456][T24163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  553.219466][T24163] R13: 00007fdcf8016038 R14: 00007fdcf8015fa0 R15: 00007ffefabf1528
[  553.219495][T24163]  </TASK>
[  553.336910][T24036] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.613699][T24176] syzkaller0: entered promiscuous mode
[  553.619509][T24176] syzkaller0: entered allmulticast mode
[  553.640318][T24036] 8021q: adding VLAN 0 to HW filter on device team0
[  553.724386][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.731595][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.756477][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.763712][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.922900][T24173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  554.155400][T24036] 8021q: adding VLAN 0 to HW filter on device batadv0
[  554.221269][T24036] veth0_vlan: entered promiscuous mode
[  554.236005][T24036] veth1_vlan: entered promiscuous mode
[  554.238765][ T5825] Bluetooth: hci3: command tx timeout
[  554.269324][T24201] FAULT_INJECTION: forcing a failure.
[  554.269324][T24201] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.282215][T24036] veth0_macvtap: entered promiscuous mode
[  554.290933][T24201] CPU: 0 UID: 0 PID: 24201 Comm: syz.0.6697 Not tainted syzkaller #0 PREEMPT(full) 
[  554.290957][T24201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  554.290968][T24201] Call Trace:
[  554.290975][T24201]  <TASK>
[  554.290983][T24201]  dump_stack_lvl+0xe8/0x150
[  554.291016][T24201]  should_fail_ex+0x412/0x560
[  554.291043][T24201]  _copy_from_user+0x2d/0xb0
[  554.291063][T24201]  kstrtouint_from_user+0xd6/0x180
[  554.291086][T24201]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  554.291127][T24201]  proc_fail_nth_write+0x8e/0x210
[  554.291146][T24201]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  554.291171][T24201]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  554.291193][T24201]  vfs_write+0x29a/0xb90
[  554.291220][T24201]  ? __pfx_vfs_write+0x10/0x10
[  554.291239][T24201]  ? __fget_files+0x2a/0x420
[  554.291259][T24201]  ? __fget_files+0x3a0/0x420
[  554.291274][T24201]  ? __fget_files+0x2a/0x420
[  554.291298][T24201]  ksys_write+0x150/0x270
[  554.291319][T24201]  ? __pfx_ksys_write+0x10/0x10
[  554.291348][T24201]  do_syscall_64+0x14d/0xf80
[  554.291367][T24201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.291383][T24201]  ? trace_irq_disable+0x37/0x100
[  554.291400][T24201]  ? clear_bhb_loop+0x40/0x90
[  554.291418][T24201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.291433][T24201] RIP: 0033:0x7f06d535cece
[  554.291448][T24201] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  554.291460][T24201] RSP: 002b:00007f06d61c4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  554.291477][T24201] RAX: ffffffffffffffda RBX: 00007f06d61c56c0 RCX: 00007f06d535cece
[  554.291487][T24201] RDX: 0000000000000001 RSI: 00007f06d61c50a0 RDI: 0000000000000004
[  554.291496][T24201] RBP: 00007f06d61c5090 R08: 0000000000000000 R09: 0000000000000000
[  554.291505][T24201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  554.291515][T24201] R13: 00007f06d5616038 R14: 00007f06d5615fa0 R15: 00007ffd604b6908
[  554.291540][T24201]  </TASK>
[  554.303353][T24036] veth1_macvtap: entered promiscuous mode
[  554.538332][T24036] batman_adv: batadv0: Interface activated: batadv_slave_0
[  554.557847][T24036] batman_adv: batadv0: Interface activated: batadv_slave_1
[  554.591165][   T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  554.609984][   T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  554.629548][   T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  554.648221][   T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.704651][T24184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.318339][ T5825] Bluetooth: hci3: command tx timeout
[  556.869528][T24185] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  556.972331][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  557.002859][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  557.054074][T24238] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6709'.
[  557.067793][T24237] netlink: 'syz.3.6711': attribute type 29 has an invalid length.
[  557.092922][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  557.101056][T24243] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6712'.
[  557.104105][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  557.463665][T24260] syzkaller0: entered promiscuous mode
[  557.472649][T24268] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  557.478476][T24260] syzkaller0: entered allmulticast mode
[  557.508283][T24265] vcan0: entered allmulticast mode
[  557.523173][T24264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6718'.
[  557.654996][T24278] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6720'.
[  557.809230][T24282] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.6723'.
[  558.008158][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  558.016189][    C1] lec:lec_tx_timeout: lec0
[  558.021254][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  558.281964][T24271] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  559.399158][T24304] tipc: Failed to remove unknown binding: 66,0,0/0:3223798656/3223798657
[  559.412316][T24304] tipc: Failed to remove unknown binding: 66,0,0/0:3223798656/3223798657
[  559.555503][T24316] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6736'.
[  559.690392][T24323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6739'.
[  559.768475][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout
[  559.946789][T24332] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  559.960911][T24332] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  560.051352][T24345] Unsupported ieee802154 address type: 0
[  560.177629][T24354] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  560.257259][T24355] vxcan1 speed is unknown, defaulting to 1000
[  560.288282][T24360] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6756'.
[  560.325486][T24360] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6756'.
[  560.356194][T24362] syz_tun: entered allmulticast mode
[  560.391440][T24361] syz_tun: left allmulticast mode
[  560.407755][T24364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6758'.
[  560.959731][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  561.203711][T24406] netlink: 'syz.3.6774': attribute type 10 has an invalid length.
[  561.223959][T24406] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  561.253381][T24406] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  561.337146][T24411] FAULT_INJECTION: forcing a failure.
[  561.337146][T24411] name failslab, interval 1, probability 0, space 0, times 0
[  561.355394][T24411] CPU: 1 UID: 0 PID: 24411 Comm: syz.2.6775 Not tainted syzkaller #0 PREEMPT(full) 
[  561.355415][T24411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  561.355424][T24411] Call Trace:
[  561.355431][T24411]  <TASK>
[  561.355437][T24411]  dump_stack_lvl+0xe8/0x150
[  561.355461][T24411]  should_fail_ex+0x412/0x560
[  561.355488][T24411]  should_failslab+0xa8/0x100
[  561.355511][T24411]  __kmalloc_noprof+0xe8/0x760
[  561.355527][T24411]  ? is_dynamic_key+0xd6/0x1c0
[  561.355544][T24411]  ? __alloc_workqueue+0xff/0x1e90
[  561.355568][T24411]  __alloc_workqueue+0xff/0x1e90
[  561.355588][T24411]  ? vsnprintf+0xdf1/0xee0
[  561.355613][T24411]  alloc_workqueue_noprof+0xe3/0x210
[  561.355641][T24411]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  561.355668][T24411]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  561.355693][T24411]  nci_register_device+0x3ff/0xa00
[  561.355722][T24411]  ? __pfx_nci_register_device+0x10/0x10
[  561.355747][T24411]  ? __raw_spin_lock_init+0x45/0x100
[  561.355771][T24411]  ? __init_waitqueue_head+0xa9/0x150
[  561.355797][T24411]  virtual_ncidev_open+0x129/0x1a0
[  561.355820][T24411]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  561.355838][T24411]  misc_open+0x2d5/0x350
[  561.355863][T24411]  chrdev_open+0x4cd/0x5e0
[  561.355887][T24411]  ? __pfx_chrdev_open+0x10/0x10
[  561.355907][T24411]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  561.355933][T24411]  ? __pfx_chrdev_open+0x10/0x10
[  561.355952][T24411]  do_dentry_open+0x785/0x14e0
[  561.355988][T24411]  vfs_open+0x3b/0x340
[  561.356001][T24411]  ? path_openat+0x2df0/0x3860
[  561.356023][T24411]  path_openat+0x2e08/0x3860
[  561.356056][T24411]  ? __pfx_stack_trace_save+0x10/0x10
[  561.356081][T24411]  ? stack_depot_save_flags+0x33/0x810
[  561.356111][T24411]  ? __pfx_path_openat+0x10/0x10
[  561.356127][T24411]  ? __x64_sys_openat+0x138/0x170
[  561.356148][T24411]  ? __lock_acquire+0x6b5/0x2cf0
[  561.356171][T24411]  do_file_open+0x23e/0x4a0
[  561.356193][T24411]  ? __pfx_do_file_open+0x10/0x10
[  561.356228][T24411]  ? _raw_spin_unlock+0x28/0x50
[  561.356246][T24411]  ? alloc_fd+0x64b/0x6c0
[  561.356272][T24411]  do_sys_openat2+0x113/0x200
[  561.356291][T24411]  ? __pfx_do_sys_openat2+0x10/0x10
[  561.356308][T24411]  ? ksys_write+0x242/0x270
[  561.356337][T24411]  ? __pfx_ksys_write+0x10/0x10
[  561.356360][T24411]  __x64_sys_openat+0x138/0x170
[  561.356382][T24411]  do_syscall_64+0x14d/0xf80
[  561.356402][T24411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.356418][T24411]  ? trace_irq_disable+0x37/0x100
[  561.356436][T24411]  ? clear_bhb_loop+0x40/0x90
[  561.356458][T24411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.356474][T24411] RIP: 0033:0x7fc82519c629
[  561.356491][T24411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  561.356502][T24411] RSP: 002b:00007fc82613f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  561.356520][T24411] RAX: ffffffffffffffda RBX: 00007fc825415fa0 RCX: 00007fc82519c629
[  561.356533][T24411] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  561.356544][T24411] RBP: 00007fc82613f090 R08: 0000000000000000 R09: 0000000000000000
[  561.356555][T24411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  561.356565][T24411] R13: 00007fc825416038 R14: 00007fc825415fa0 R15: 00007ffe4cf357c8
[  561.356593][T24411]  </TASK>
[  562.021733][T24420] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  562.123911][T24427] __nla_validate_parse: 3 callbacks suppressed
[  562.123930][T24427] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6783'.
[  562.140040][T24427] netem: invalid attributes len -24
[  562.145271][T24427] netem: change failed
[  562.150082][T24429] netlink: 9 bytes leftover after parsing attributes in process `syz.3.6786'.
[  562.182777][T24429] 0·: renamed from hsr_slave_1 (while UP)
[  562.186236][T24438] Cannot find add_set index 0 as target
[  562.195707][T24429] 0·: entered allmulticast mode
[  562.203730][T24429] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  562.235644][T24431] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.6784'.
[  562.296760][T24440] tipc: Started in network mode
[  562.301947][T24440] tipc: Node identity 06a96b0c27f8, cluster identity 6
[  562.322328][T24440] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  562.336407][T24440] syzkaller0: entered promiscuous mode
[  562.345435][T24443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6789'.
[  562.376223][T24440] syzkaller0: entered allmulticast mode
[  562.388252][T24440] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  562.458511][T24440] tipc: Resetting bearer <eth:syzkaller0>
[  562.494853][T24439] tipc: Resetting bearer <eth:syzkaller0>
[  562.536460][T24439] tipc: Disabling bearer <eth:syzkaller0>
[  562.555111][T24459] netlink: 'syz.4.6796': attribute type 1 has an invalid length.
[  562.585720][T24459] bond2: entered promiscuous mode
[  562.594607][T24459] 8021q: adding VLAN 0 to HW filter on device bond2
[  562.605364][T24459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6796'.
[  562.618369][T24459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6796'.
[  562.661610][T24459] bond2: (slave bridge2): making interface the new active one
[  562.669310][T24459] bridge2: entered promiscuous mode
[  562.676415][T24459] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  562.858331][T24471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6800'.
[  562.879405][    C1] ------------[ cut here ]------------
[  562.885353][    C1] ODEBUG: free active (active state 0) object: ffff888032815c90 object type: timer_list hint: rose_t0timer_expiry+0x0/0x560
[  562.898512][    C1] WARNING: lib/debugobjects.c:615 at debug_check_no_obj_freed+0x405/0x550, CPU#1: syz.3.6799/24467
[  562.909265][    C1] Modules linked in:
[  562.913616][    C1] CPU: 1 UID: 0 PID: 24467 Comm: syz.3.6799 Not tainted syzkaller #0 PREEMPT(full) 
[  562.923062][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  562.933160][    C1] RIP: 0010:debug_check_no_obj_freed+0x44a/0x550
[  562.939540][    C1] Code: 89 44 24 20 e8 b7 6b 7e fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 40 6b 27 8c 48 c7 c2 c0 70 27 8c 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
[  562.959191][    C1] RSP: 0018:ffffc90000a08b68 EFLAGS: 00010246
[  562.965300][    C1] RAX: ffffffff8a888e80 RBX: ffffffff9a4bf448 RCX: 0000000000000000
[  562.973395][    C1] RDX: ffffffff8c2770c0 RSI: ffffffff8c276b40 RDI: ffffffff901b4670
[  562.981442][    C1] RBP: ffffffff8bcf4a00 R08: ffff888032815c90 R09: ffffffff8bcf5d20
[  562.989475][    C1] R10: dffffc0000000000 R11: ffffffff81b099e0 R12: ffff888032815e00
[  562.997572][    C1] R13: ffffffff901b4670 R14: ffff888032815000 R15: ffff888032815c90
[  563.005606][    C1] FS:  0000000000000000(0000) GS:ffff8881255ae000(0000) knlGS:0000000000000000
[  563.014675][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  563.021325][    C1] CR2: 0000200000000340 CR3: 0000000066bea000 CR4: 00000000003526f0
[  563.029347][    C1] Call Trace:
[  563.032642][    C1]  <IRQ>
[  563.035496][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  563.041215][    C1]  kfree+0x13a/0x610
[  563.045146][    C1]  ? rose_timer_expiry+0x4cb/0x600
[  563.050343][    C1]  rose_timer_expiry+0x4cb/0x600
[  563.055304][    C1]  ? call_timer_fn+0x178/0x5a0
[  563.060225][    C1]  call_timer_fn+0x192/0x5a0
[  563.065011][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  563.070521][    C1]  ? call_timer_fn+0xd4/0x5a0
[  563.075243][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  563.080401][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  563.085618][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  563.091148][    C1]  __run_timer_base+0x652/0x8b0
[  563.096007][    C1]  ? ktime_get+0x45/0x200
[  563.100392][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  563.105801][    C1]  ? sched_clock_cpu+0x74/0x440
[  563.110703][    C1]  run_timer_softirq+0xb7/0x170
[  563.115562][    C1]  handle_softirqs+0x22a/0x7c0
[  563.120398][    C1]  ? __irq_exit_rcu+0x5f/0x150
[  563.125191][    C1]  __irq_exit_rcu+0x5f/0x150
[  563.129846][    C1]  irq_exit_rcu+0x9/0x30
[  563.134108][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  563.139812][    C1]  </IRQ>
[  563.142752][    C1]  <TASK>
[  563.145678][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  563.151722][    C1] RIP: 0010:lock_acquire+0x221/0x330
[  563.157017][    C1] Code: ff ff ff e8 a1 e5 fd 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 1b c3 76 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 00 ca 00 0a cc 48 8d 3d c8 80 73
[  563.176751][    C1] RSP: 0018:ffffc90002f27610 EFLAGS: 00000282
[  563.182934][    C1] RAX: fefdfcf2e8df6e00 RBX: 0000000000000000 RCX: 0000000080000001
[  563.190963][    C1] RDX: 00000000a4751b23 RSI: ffffffff8e151a72 RDI: ffffffff8c276500
[  563.199069][    C1] RBP: ffffffff82396334 R08: ffffffff82396334 R09: ffffffff8e75e0a0
[  563.207128][    C1] R10: dffffc0000000000 R11: fffff9400026f891 R12: 0000000000000002
[  563.215174][    C1] R13: ffffffff8e75e0a0 R14: 0000000000000000 R15: 0000000000000246
[  563.223223][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.228836][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.234417][    C1]  page_table_check_clear+0x164/0x5f0
[  563.239832][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.245405][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.250996][    C1]  ? vm_normal_page+0x10d/0x240
[  563.255960][    C1]  unmap_page_range+0x3294/0x4030
[  563.261098][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  563.266496][    C1]  ? mas_find+0xb0e/0xd30
[  563.270897][    C1]  ? unmap_vmas+0x157/0x5c0
[  563.275424][    C1]  unmap_vmas+0x3c0/0x5c0
[  563.279833][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  563.284713][    C1]  exit_mmap+0x251/0xb30
[  563.288989][    C1]  ? uprobe_clear_state+0x20f/0x290
[  563.294208][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  563.299003][    C1]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  563.304662][    C1]  ? __pfx_exit_aio+0x10/0x10
[  563.309487][    C1]  ? uprobe_clear_state+0x27c/0x290
[  563.314702][    C1]  __mmput+0x118/0x430
[  563.318819][    C1]  exit_mm+0x168/0x220
[  563.322921][    C1]  do_exit+0x62e/0x2310
[  563.327078][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  563.332934][    C1]  ? __pfx_do_exit+0x10/0x10
[  563.337538][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  563.342950][    C1]  ? preempt_schedule_common+0x82/0xd0
[  563.348535][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  563.353999][    C1]  do_group_exit+0x21b/0x2d0
[  563.358647][    C1]  __x64_sys_exit_group+0x3f/0x40
[  563.363685][    C1]  x64_sys_call+0x221a/0x2240
[  563.368398][    C1]  do_syscall_64+0x14d/0xf80
[  563.372998][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.379119][    C1]  ? clear_bhb_loop+0x40/0x90
[  563.383811][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.389770][    C1] RIP: 0033:0x7f367bd9c629
[  563.394544][    C1] Code: Unable to access opcode bytes at 0x7f367bd9c5ff.
[  563.401623][    C1] RSP: 002b:00007ffc98937bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  563.410099][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f367bd9c629
[  563.418331][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  563.426327][    C1] RBP: 00007ffc98937c1c R08: 0000000000000000 R09: 00000000000927c0
[  563.434367][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000000b6
[  563.442407][    C1] R13: 00000000000927c0 R14: 00000000000895fc R15: 00007ffc98937c70
[  563.450461][    C1]  </TASK>
[  563.453505][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  563.460800][    C1] CPU: 1 UID: 0 PID: 24467 Comm: syz.3.6799 Not tainted syzkaller #0 PREEMPT(full) 
[  563.470164][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  563.480210][    C1] Call Trace:
[  563.483504][    C1]  <IRQ>
[  563.486353][    C1]  vpanic+0x1e0/0x670
[  563.490333][    C1]  panic+0xc5/0xd0
[  563.494048][    C1]  ? __pfx_panic+0x10/0x10
[  563.498460][    C1]  __warn+0x315/0x4a0
[  563.502450][    C1]  ? debug_check_no_obj_freed+0x405/0x550
[  563.508190][    C1]  ? debug_check_no_obj_freed+0x405/0x550
[  563.513933][    C1]  __report_bug+0x29a/0x540
[  563.518450][    C1]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  563.524289][    C1]  ? debug_check_no_obj_freed+0x405/0x550
[  563.530021][    C1]  ? __pfx___report_bug+0x10/0x10
[  563.535078][    C1]  ? kfree+0x1c1/0x610
[  563.539137][    C1]  ? rose_timer_expiry+0x4c3/0x600
[  563.544246][    C1]  ? call_timer_fn+0x192/0x5a0
[  563.549004][    C1]  ? __run_timer_base+0x652/0x8b0
[  563.554039][    C1]  ? run_timer_softirq+0xb7/0x170
[  563.559057][    C1]  ? handle_softirqs+0x22a/0x7c0
[  563.564285][    C1]  ? __irq_exit_rcu+0x5f/0x150
[  563.569057][    C1]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  563.574860][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  563.581016][    C1]  ? lock_acquire+0x221/0x330
[  563.585681][    C1]  ? page_table_check_clear+0x164/0x5f0
[  563.591300][    C1]  ? unmap_page_range+0x3294/0x4030
[  563.596496][    C1]  report_bug_entry+0x19a/0x290
[  563.601355][    C1]  ? debug_check_no_obj_freed+0x44a/0x550
[  563.607089][    C1]  ? debug_check_no_obj_freed+0x44f/0x550
[  563.612819][    C1]  handle_bug+0xca/0x200
[  563.617069][    C1]  exc_invalid_op+0x1a/0x50
[  563.621569][    C1]  asm_exc_invalid_op+0x1a/0x20
[  563.626409][    C1] RIP: 0010:debug_check_no_obj_freed+0x44a/0x550
[  563.632728][    C1] Code: 89 44 24 20 e8 b7 6b 7e fd 48 8b 44 24 20 4c 8b 4d 00 4c 89 ef 48 c7 c6 40 6b 27 8c 48 c7 c2 c0 70 27 8c 8b 0c 24 4d 89 f8 50 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc
[  563.652589][    C1] RSP: 0018:ffffc90000a08b68 EFLAGS: 00010246
[  563.658703][    C1] RAX: ffffffff8a888e80 RBX: ffffffff9a4bf448 RCX: 0000000000000000
[  563.666696][    C1] RDX: ffffffff8c2770c0 RSI: ffffffff8c276b40 RDI: ffffffff901b4670
[  563.674672][    C1] RBP: ffffffff8bcf4a00 R08: ffff888032815c90 R09: ffffffff8bcf5d20
[  563.682648][    C1] R10: dffffc0000000000 R11: ffffffff81b099e0 R12: ffff888032815e00
[  563.690612][    C1] R13: ffffffff901b4670 R14: ffff888032815000 R15: ffff888032815c90
[  563.698841][    C1]  ? __pfx_timer_debug_hint+0x10/0x10
[  563.704223][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  563.709871][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  563.715516][    C1]  kfree+0x13a/0x610
[  563.719416][    C1]  ? rose_timer_expiry+0x4cb/0x600
[  563.724613][    C1]  rose_timer_expiry+0x4cb/0x600
[  563.729541][    C1]  ? call_timer_fn+0x178/0x5a0
[  563.734304][    C1]  call_timer_fn+0x192/0x5a0
[  563.738883][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  563.744508][    C1]  ? call_timer_fn+0xd4/0x5a0
[  563.749185][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  563.754466][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  563.759654][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  563.765125][    C1]  __run_timer_base+0x652/0x8b0
[  563.769970][    C1]  ? ktime_get+0x45/0x200
[  563.774308][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  563.779678][    C1]  ? sched_clock_cpu+0x74/0x440
[  563.784549][    C1]  run_timer_softirq+0xb7/0x170
[  563.789406][    C1]  handle_softirqs+0x22a/0x7c0
[  563.794166][    C1]  ? __irq_exit_rcu+0x5f/0x150
[  563.798923][    C1]  __irq_exit_rcu+0x5f/0x150
[  563.803518][    C1]  irq_exit_rcu+0x9/0x30
[  563.807751][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  563.813380][    C1]  </IRQ>
[  563.816305][    C1]  <TASK>
[  563.819226][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  563.825201][    C1] RIP: 0010:lock_acquire+0x221/0x330
[  563.830479][    C1] Code: ff ff ff e8 a1 e5 fd 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 1b c3 76 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 00 ca 00 0a cc 48 8d 3d c8 80 73
[  563.851031][    C1] RSP: 0018:ffffc90002f27610 EFLAGS: 00000282
[  563.857180][    C1] RAX: fefdfcf2e8df6e00 RBX: 0000000000000000 RCX: 0000000080000001
[  563.865141][    C1] RDX: 00000000a4751b23 RSI: ffffffff8e151a72 RDI: ffffffff8c276500
[  563.873126][    C1] RBP: ffffffff82396334 R08: ffffffff82396334 R09: ffffffff8e75e0a0
[  563.881529][    C1] R10: dffffc0000000000 R11: fffff9400026f891 R12: 0000000000000002
[  563.889493][    C1] R13: ffffffff8e75e0a0 R14: 0000000000000000 R15: 0000000000000246
[  563.897546][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.903091][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.908640][    C1]  page_table_check_clear+0x164/0x5f0
[  563.914000][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.919533][    C1]  ? page_table_check_clear+0x144/0x5f0
[  563.925167][    C1]  ? vm_normal_page+0x10d/0x240
[  563.930038][    C1]  unmap_page_range+0x3294/0x4030
[  563.935113][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  563.940490][    C1]  ? mas_find+0xb0e/0xd30
[  563.944814][    C1]  ? unmap_vmas+0x157/0x5c0
[  563.949399][    C1]  unmap_vmas+0x3c0/0x5c0
[  563.953732][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  563.958604][    C1]  exit_mmap+0x251/0xb30
[  563.962955][    C1]  ? uprobe_clear_state+0x20f/0x290
[  563.968155][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  563.973018][    C1]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  563.978761][    C1]  ? __pfx_exit_aio+0x10/0x10
[  563.983541][    C1]  ? uprobe_clear_state+0x27c/0x290
[  563.989093][    C1]  __mmput+0x118/0x430
[  563.993154][    C1]  exit_mm+0x168/0x220
[  563.997235][    C1]  do_exit+0x62e/0x2310
[  564.001394][    C1]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  564.007216][    C1]  ? __pfx_do_exit+0x10/0x10
[  564.011799][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  564.017186][    C1]  ? preempt_schedule_common+0x82/0xd0
[  564.022648][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  564.028008][    C1]  do_group_exit+0x21b/0x2d0
[  564.032610][    C1]  __x64_sys_exit_group+0x3f/0x40
[  564.037626][    C1]  x64_sys_call+0x221a/0x2240
[  564.042301][    C1]  do_syscall_64+0x14d/0xf80
[  564.047314][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.053408][    C1]  ? clear_bhb_loop+0x40/0x90
[  564.058096][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.063995][    C1] RIP: 0033:0x7f367bd9c629
[  564.068407][    C1] Code: Unable to access opcode bytes at 0x7f367bd9c5ff.
[  564.075506][    C1] RSP: 002b:00007ffc98937bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  564.083916][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f367bd9c629
[  564.091886][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  564.099848][    C1] RBP: 00007ffc98937c1c R08: 0000000000000000 R09: 00000000000927c0
[  564.107891][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000000b6
[  564.115944][    C1] R13: 00000000000927c0 R14: 00000000000895fc R15: 00007ffc98937c70
[  564.123944][    C1]  </TASK>
[  564.127326][    C1] Kernel Offset: disabled
[  564.131634][    C1] Rebooting in 86400 seconds..