last executing test programs:

3.693606142s ago: executing program 1 (id=6363):
socket(0xf, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r1=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000280)={0x58, 0x0, 0x405, 0x70bd27, 0x25dfdbfa, {}, [{{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10008001}, 0x44080)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xa, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x700000002000000)

3.523540983s ago: executing program 1 (id=6368):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000340)='westwood\x00', 0x9)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ppoll(0x0, 0x0, &(0x7f0000000700)={0x0, 0x989680}, &(0x7f0000000740)={[0x7fff]}, 0x8)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c00be87d5eab09b340b5a265014d86abb6ae50065e67b7cdc5362589f9b4127fe218ba5f79aa58f7446a6ab30cf9b1be46718b1193d8900973a5ea1f22bcf947456685261ebd7416ad7c9a3949ffd1d2fda2dd6f5dae464175b09d0700f1e13ce12b18fb627f33", 0x95, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
shutdown(r1, 0x1)
mmap(&(0x7f0000462000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, r0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0x3, 0xf, 0x0, 0xffff}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x20010, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x12, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000a90d0000000000b9ef00ac080000181149342c4bb0a5", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001841000e0000000000000000000000008520000003000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000", @ANYRES64=r0], &(0x7f00000003c0)='GPL\x00', 0x4, 0x6, &(0x7f0000000140)=""/6, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x7, 0x10000, 0x10}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000240), &(0x7f0000000500)=[{0x0, 0x2, 0x6, 0x5}, {0x2, 0x5, 0xd, 0x4}, {0x2, 0x3, 0x10000001, 0xc}, {0x5, 0x3, 0x1, 0x9}, {0x4, 0x1, 0xb, 0x8}], 0x10, 0x556}, 0x94)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
ioctl$sock_TIOCOUTQ(r4, 0x5411, &(0x7f00000000c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1}, &(0x7f00000002c0), &(0x7f0000000640)=r3}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$inet(r5, 0x0, 0x0)

3.45585866s ago: executing program 1 (id=6369):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000080)={0xbf, 0x9, 0x15, 0x5, 0xff, 0x5, 0xfb, 0x8, 0xec, 0x2, 0x81, 0x84, 0x3, 0x5}, 0xe)
sendto$inet6(r2, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000000)=0x4, 0x4)
shutdown(r2, 0x1)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
r3 = socket(0x2b, 0x80000, 0x5)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a0900000000000000000002000000020073797a31000000000894564e3766fda723b8044002000000090041009680067cab47f95a73797a300000000008"], 0x64}}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x4c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x2}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000640)={'ip6tnl0\x00', 0x0, 0x4, 0x2, 0x1, 0xcf57, 0xff00, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @mcast1, 0x8000, 0x0, 0x0, 0x300}})
socket$inet_sctp(0x2, 0x1, 0x84)

3.08839263s ago: executing program 1 (id=6376):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02})
close(r2)
socket$netlink(0x10, 0x3, 0x0)
preadv(r3, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$inet(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0a8187bae53dca2b007ea23e163ec40028e82fccdc09da15fef6a608649e7531765f0ef82e3c0076a705259a3651f60a84c9f4d4938037e70e4509c5bb0c9246444351db86078475483687054c", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc020000000000000000000000000000140004"], 0x84}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="14008d00000000000000000000000a00"/27], 0x28}}, 0x4000040)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r7, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x18, 0x12, 0x0, 0x1, [{0x14, 0x20, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa4}}, 0x20050800)

2.198553022s ago: executing program 1 (id=6387):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket(0x2, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x3, 0x51, 0xfffff034}, {0x6, 0x4, 0x6, 0x6}]}, 0x10)
write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="0000080000001300ddf79d4a44cadee164396ddb40930000"], 0x2a)

1.853297734s ago: executing program 2 (id=6388):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000000000000000850000007b00000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1, 0x10000000}, 0x10)

1.810945182s ago: executing program 1 (id=6389):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2642, 0x0)
writev(r0, &(0x7f0000000640)=[{&(0x7f0000000540)="93d9fa00000000", 0x7}], 0x1)

1.80097222s ago: executing program 2 (id=6390):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in=@private}}, &(0x7f0000000300)=0xe8)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="700000000301010200000000000000000a00000958000d8014000500fe80000000000000000000000000004108000200e000000208000200ac14142214000400fe8000000000000000000000000300aa1400040000000000000000000000ffffe000000208000200ac14141604001980"], 0x70}, 0x1, 0x0, 0x0, 0xc0}, 0x4000)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xdc, 0x2, 0x2, 0x801, 0x0, 0x0, {0x3, 0x0, 0x8}, [@CTA_EXPECT_FLAGS={0x8}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}, @CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}, @CTA_EXPECT_NAT={0x90, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_TUPLE={0x78, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASK={0x10, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x1}, 0x2041)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'macvlan0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000540012800c0001006d6163766c616e0044000280060002000100000008000100010000000800030003000000080007000500000008000100100000000600020001000000100005800a000400aaaaaaaaaa2e000008000500", @ANYRES32=r4, @ANYBLOB="08000a00fb"], 0x84}}, 0x20008040)
sendmsg$nl_route_sched(r5, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xa0080204}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)=@delchain={0x2c, 0x65, 0x8, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x8}, {0x3, 0x5}, {0x3}}, [@TCA_CHAIN={0x8, 0xb, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44040}, 0x50)

1.62624297s ago: executing program 0 (id=6392):
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000001080021850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
socket(0x10, 0x80002, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1, 0x0, 0x8100}}], 0x1, 0x0)

1.618212693s ago: executing program 3 (id=6394):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x12)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={<r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f000000c940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20002801}}, {{&(0x7f0000000b80)=@abs={0x1, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x28004044}}], 0x2, 0x4000000)

1.599694131s ago: executing program 4 (id=6395):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe0000000002004008", 0x1d)

1.578605598s ago: executing program 0 (id=6396):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x5, &(0x7f0000000500)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000002060101000000000000000000000000010000000a000000090002008d001f106f194eb305000100"], 0x30}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001d0001000000000004086aa42d"], 0x30}}, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18)
close(0x3)
sendto$inet6(r3, &(0x7f0000000240)='x', 0xfc1c, 0x4000050, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08060001080006040001aaaaaaaaaaaaac1414bb0180c2000000ffffffff6507a4"], 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000540)={<r6=>0x0, 0xfa, "3d5bcc174f124792e4f65dda7ad7f0aa8dc19bf54f67d349abca05261084f66877dd3491ce105008d52c9e8d4f52d13b266eed9290258465a67ff7e1d8a9b9fe9d69366fb274c447c46f651047d2b5d25c202551626940e01d3aafaa7e9a6dc874e94fe3e3288321f5a6faa0fa395f180c99ae413681b85a04ba66579bad599f26f40cac211d2a09d13f30747e37090e6ec2e5ab838fa54613c9b58fb55c3b79994c5ee98adbdeb0f24e245be2afa5c39e8772855e0eecb96e58347a961f5a9663ebd4cf0a288b3c9753dbc709d53db82d989e0f5ca482cb197153f8e1b1bd48a11b2e57b5113a175c9adc538026bf2fa6e475dc49fc57303654"}, &(0x7f0000000280)=0x102)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={<r7=>r6, 0x2, 0x1, 0x200, 0xffff8004, 0xfffff9b2}, &(0x7f00000002c0)=0x14)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000080)={r7, 0x10001}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffcda, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmmsg$inet6(r3, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000500)="d0f2ffff", 0x4}], 0x1}}], 0x1, 0x51)
r8 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
recvmsg(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="aa71ec14", @ANYRES16=r9, @ANYBLOB="08002cbd7000fedbdf25810000000c00990001000000650000000600660007600000"], 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x24004084)

1.539540779s ago: executing program 3 (id=6397):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000040)=0x14)
r1 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'wg0\x00', <r2=>0x0})
r3 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r3, 0x0, 0xce, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)=@gettaction={0x110, 0x32, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@action_gd=@TCA_ACT_TAB={0x30, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x54, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xaab}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3ff}}, {0x10, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5d1b864c}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0x110}, 0x1, 0x0, 0x0, 0x8000}, 0x4000)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$can_raw(r5, &(0x7f0000000440)={&(0x7f0000000380)={0x1d, r2}, 0x10, &(0x7f0000000400)={&(0x7f00000003c0)=@can={{0x2, 0x1, 0x0, 0x1}, 0x3, 0x2, 0x0, 0x0, "cf3703e0cff9af9b"}, 0x10}, 0x1, 0x0, 0x0, 0x4010}, 0x20040001)
ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000480)={'ip6_vti0\x00', {0x2, 0x4e22, @multicast1}})
r6 = socket$netlink(0x10, 0x3, 0x7)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x24, r7, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x20000000)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000600)=[@mss={0x2, 0x38c0000}], 0x1)
gettid()
ioctl$int_in(r3, 0x5452, &(0x7f0000000640)=0xa3)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @call={0x85, 0x0, 0x0, 0x36}, @ldst={0x6ccf5db8f45218c9, 0x3, 0x6, 0x0, 0x1, 0x6, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffa}, @generic={0x7f, 0x4, 0xa, 0x1, 0x7}, @alu={0x4, 0x0, 0x4, 0x1, 0xa, 0xffffffffffffffc0, 0xfffffffffffffffc}, @exit]}, &(0x7f0000000740)='syzkaller\x00', 0xf12, 0xbb, &(0x7f0000000780)=""/187, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000840)={0x2, 0x10, 0xff, 0x6}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000880)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000008c0)=[{0x0, 0x3, 0x0, 0x7}], 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000009c0)={&(0x7f0000000680)='jbd2_run_stats\x00', r8, 0x0, 0x101}, 0x18)
r9 = accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000a00))
connect$unix(r9, &(0x7f0000000a40)=@file={0x0, './file0\x00'}, 0x6e)
r10 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r10, 0x84, 0xc, &(0x7f0000000ac0)=0x80000000, 0x4)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000b00), r6)
r11 = socket(0x1a, 0xa, 0x5)
ioctl$HCIINQUIRY(r11, 0x800448f0, &(0x7f0000000b40)={0x3, 0xe, "9dfec9", 0x1, 0x4})
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000b80)={'veth1\x00', {0x2, 0x4e23, @multicast2}})
r12 = getuid()
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c00)={0x11c, 0x21, 0x10, 0x70bd2d, 0x25dfdbfc, {0x1a}, [@generic="f241ab3d649a9896af58b92173decbc05e531dfdb492e1eae7e5ca51d3ffd0fc347c7927065696d8e563f6b14f4adb6f7b587c7be5cc8c752a9cc6e2d01359f72775", @generic="b3d8926164", @nested={0xc, 0xb4, 0x0, 0x1, [@nested={0x4, 0x5c}, @nested={0x4, 0x9f}]}, @typed={0x8, 0xba, 0x0, 0x0, @uid=r12}, @generic="1efcf47f235c538fc7118bee1f5272f848f96f5d680f4e31990bcca02c9b4f7bb29c3b40250f8b700fd03d343c3f97481649c677360a4f063ae5b8656fe0c8e29006ce52691ef81dffd475f57aa6fea9fbfe66bb8dc58d92e9979b3d39d361d8be329904d8fd726e9ddc94c46ebc7dd4b14fae5f3b8d82a47f1fb9376d7f9f58c1a789eecc2ece661282103911fa5e86ec2d9427055c225c9502", @typed={0x8, 0x14f, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x8, 0x14a, 0x0, 0x0, @u32=0xa}]}, 0x11c}, 0x1, 0x0, 0x0, 0x40080}, 0x1)
ioctl$sock_SIOCOUTQ(r4, 0x5411, &(0x7f0000000dc0))

1.433264879s ago: executing program 4 (id=6398):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_USERDATA={0x9, 0x7, 0x1, 0x0, "14c52dc22f"}]}], {0x14}}, 0x84}}, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r1, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}]}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)

1.424613884s ago: executing program 2 (id=6399):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000080)={0xbf, 0x9, 0x15, 0x5, 0xff, 0x5, 0xfb, 0x8, 0xec, 0x2, 0x81, 0x84, 0x3, 0x5}, 0xe)
sendto$inet6(r2, &(0x7f0000000040)='T', 0x1, 0x8910, &(0x7f0000000280)={0xa, 0xfffc, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000000)=0x4, 0x4)
shutdown(r2, 0x1)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) (fail_nth: 20)
r3 = socket(0x2b, 0x80000, 0x5)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a0900000000000000000002000000020073797a31000000000894564e3766fda723b8044002000000090041009680067cab47f95a73797a300000000008"], 0x64}}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x4c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x2}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet_sctp(0x2, 0x1, 0x84)

1.343439296s ago: executing program 3 (id=6400):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x7e, &(0x7f00000006c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x48, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x4, 0x8, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@hopopts={0x2f, 0x1, '\x00', [@calipso={0x7, 0x8, {0x22ebffff, 0x0, 0xfc, 0x57}}]}]}}}}}}}, 0x0)
unshare(0x2040400) (async)
unshare(0x8000000) (async)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r3=>0x0}) (async)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r1)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x38, r4, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0xc}]}]}, 0x38}, 0x1, 0x0, 0x0, 0xc041}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRES16=r3, @ANYBLOB="0ad322062988b4975478de033247e52f12b3e13fe59c073daa787024280f9a912c1d26df0b074d3ec3c22b00faf1bb190b0a0da08bafc324ebc6c9864ea0650ca241883687d3a3560a049889fc58fa2d0663644f585e"], &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x0, 0x0, {0x54}, [@DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x1c}}, 0x0) (async)
close(r6) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94) (async)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r8}, 0x10) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000040)=0x9b6, 0x12)
write$cgroup_subtree(r9, &(0x7f0000000100)=ANY=[], 0x32600) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r9, 0x0) (async)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)=@generic={&(0x7f0000000080)='./file0\x00', r9}, 0x1f)

1.324554701s ago: executing program 4 (id=6401):
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000180))
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000000)={@private1, <r1=>0x0}, &(0x7f0000000040)=0x14)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_sys\x00', 0x0, 0x0)
unshare(0x22020600)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0)
pwrite64(r3, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000980), &(0x7f0000000c00)=0x4)
bind$xdp(r0, &(0x7f0000000080)={0x2c, 0x0, r1, 0xb}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d8000000100081046881f782db44b904021d080b16000000e8fe55a11800150006001400030000120800040043000000a80016000a0001400d000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)
r5 = getpid()
syz_open_procfs$namespace(r5, &(0x7f0000000c40)='ns/mnt\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000002, 0x12, r6, 0xfffff000)
recvmmsg$unix(r6, &(0x7f0000000b40)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000140)=""/37, 0x25}, {&(0x7f0000000300)=""/13, 0xd}], 0x2, &(0x7f0000000380)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f00000003c0), 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000440)=""/162, 0xa2}, {&(0x7f0000000500)=""/251, 0xfb}, {&(0x7f0000000600)=""/211, 0xd3}, {&(0x7f0000000700)}, {&(0x7f0000000740)=""/8, 0x8}, {&(0x7f0000000780)=""/158, 0x9e}, {&(0x7f0000000840)=""/228, 0xe4}, {&(0x7f0000000980)}, {&(0x7f00000009c0)=""/75, 0x4b}], 0x12a7, &(0x7f0000000b00)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}], 0x2, 0x0, &(0x7f0000000bc0)={0x0, 0x989680})

1.27297655s ago: executing program 0 (id=6402):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000340)='westwood\x00', 0x9)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ppoll(&(0x7f00000006c0), 0x0, &(0x7f0000000700)={0x0, 0x989680}, &(0x7f0000000740)={[0x7fff]}, 0x8)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c00be87d5eab09b340b5a265014d86abb6ae50065e67b7cdc5362589f9b4127fe218ba5f79aa58f7446a6ab30cf9b1be46718b1193d8900973a5ea1f22bcf947456685261ebd7416ad7c9a3949ffd1d2fda2dd6f5dae464175b09d0700f1e13ce12b18fb627f33", 0x95, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
shutdown(r1, 0x1)
mmap(&(0x7f0000462000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, r0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0x3, 0xf, 0x0, 0xffff}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x20010, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x12, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000a90d0000000000b9ef00ac080000181149342c4bb0a5", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001841000e0000000000000000000000008520000003000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000", @ANYRES64=r0], &(0x7f00000003c0)='GPL\x00', 0x4, 0x6, &(0x7f0000000140)=""/6, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000480)={0x5, 0x7, 0x10000, 0x10}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000240), &(0x7f0000000500)=[{0x0, 0x2, 0x6, 0x5}, {0x2, 0x5, 0xd, 0x4}, {0x2, 0x3, 0x10000001, 0xc}, {0x5, 0x3, 0x1, 0x9}, {0x4, 0x1, 0xb, 0x8}], 0x10, 0x556}, 0x94)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
ioctl$sock_TIOCOUTQ(r4, 0x5411, &(0x7f00000000c0))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1}, &(0x7f00000002c0), &(0x7f0000000640)=r3}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$inet(r5, 0x0, 0x0)

1.011607049s ago: executing program 2 (id=6403):
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) (async)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000018000904c7510500feffffff1c140000"], 0x1c}}, 0x4800)
r3 = accept4(r0, 0x0, 0x0, 0x800)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0xfffffffe}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1, 0x1000000000000, 0x5}}], 0x48}, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x54}, 0x94) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r5, 0x8b2a, &(0x7f0000000040)) (async)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000340)) (async)
setsockopt$inet6_opts(r3, 0x29, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="3c1b000000000000c910fc0200000000000000000000000000010917c71681cc51daa11913b8354650e9c17366d893b9aa48f706ad3fbffb23fa76b17fe53d4257cf0196784c428053721346c02214fc633ada1ab40f607efd829b3bd188fc0d2acbf26618bf633e63e7fabceb9305940ccd1931eeb713ee44f13537ac2f2a37b45101daa68c89dfbc9edccd94879671688934d8b18f40fb2ab78634f78d0d51cffe5a9bb099a348cbed2d1cb4103dba4df6c15f525ab4bbd6a71a34c1efff85f76813cb6f3799c38c5daaf76f3a0917b4e2d208aa51000000000000"], 0xe8) (async)
r6 = socket$netlink(0x10, 0x3, 0x0) (async)
socket$isdn_base(0x22, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0xf517, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x2c, 0x2c, 0x0, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0xffff, 0x1}, {0xf}, {0xa, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20008011) (async)
sendmsg$NL80211_CMD_JOIN_OCB(r6, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='n\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fcdbdf256c00000008002201260100000800a1000000100005001801390000000500180137000000050019010800000008002700020000000800260080090000"], 0x4c}, 0x1, 0x0, 0x0, 0x10040845}, 0x40) (async)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000880)=ANY=[@ANYBLOB="9feb010018000000000000009500000095000000050000000e0000000000000a050000000900000000000012040000000c0000000000001104000000ffffffff010000000800000f0100000004000000050000000500000002000000020000000200000005000000060000000600000001000000170d0000090000000500000001800000e6000000050000000400000009000000020000000800000070fd000005001900040000007d0b0000f3000000002e30300027735452edab7f481d7b83e97d99f1a177d681f09515ed166ddd6cb3e402a30497d7a11c730040a74e72419602d19be18d2c1587c3e279760f2e0372a1df1bd582a7fcf857344432619764469659c0b13787363cb5997c7986f251acfc30107331d7146e0b414b7392b8d9a4f1fe74fc307aeac3320ca382c76ebc6e97eed4ee3ceca25465270cc419f8aaa4ba7f99e61b5e6b4b752e87bff221d01e3d68b0820d430b5b8f348cdf8f3bb8b22ddec3b7e5d1830c7551e8c30d359eacfb9724f8bd675d30aee3e8cd10612b0bfdbde553fe0a21c3ed07f293e0e82b950af9a298dfa9"], &(0x7f0000001640)=""/4096, 0xb5, 0x1000, 0x1, 0x8000, 0x10000}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="f4ff0000070000000100"/28], 0x50) (async)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={0x0, 0xc0}, 0x1, 0x0, 0x0, 0x1}, 0x40004) (async)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000885203002c0112800b000100697036746e6c00001c00028014000000000000010400130008000a0000000000000000000000000092bd68bb690fd349df4574c6cd00db3dc92289799535d1f024270ae7cc8fe517f07b3959a27af43bdf051d446b474f45ed1db1d93311e9b7046a0af83b95e876589f9d857b0a1ea4b8d900be362e1435cdd7e160bf0ca8ccde7d30848ccdd31d210925ec12", @ANYRES32=r10, @ANYBLOB], 0x54}}, 0x4000080)

989.77404ms ago: executing program 4 (id=6404):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001300010000feff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400140076657468305f746f5f62726964676500140003006772653000000000000000000000000014001680100001800c000700274d97e6"], 0x5c}}, 0x0)

913.251695ms ago: executing program 3 (id=6405):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a0000000000000000070200002004681efa361595f6937420563b4b2a881877da027f90f0c42a621756c5656408d9979a40b7230c1fc399cc8aef53e454b2a0334c41f13bfc57f543fcc539d3bd6f558515db"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000100)={0x4}, 0x1)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000080)={{r4}, 0xc, 0x3, 0x21d7})
setsockopt$inet_int(r2, 0x0, 0xf, &(0x7f0000000000)=0x8, 0x4)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e24, @multicast1}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000300)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4004}], 0x1, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r8 = socket$isdn_base(0x22, 0x3, 0x0)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), r1)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f0000000b80)={0x560, r9, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xd4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffff800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7a7b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xebd5}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}]}, @TIPC_NLA_NET={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4c}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x33d}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_NODE={0x1ec, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ID={0xe8, 0x3, "df7583a215d08c8f857e4bb028211cc347e71e2b05d0c8d54b377eaf4ee636fc6b6d8e8019e9487b498dcc080bf0eac2e6524e67beea6bbd1d827653ef91a68cf4c93da30baa3bd3c2aa2ecc188455defb941c6a6e4780c445800f76513ed02ad34eb57d23bfb99119fd4cd61358205ea9c98b720601b31f71efc92cf33d375be7e4ee1feef9edf0dad8397beec07d70e76f576accc5a4375a72766da0651da277bcbe9d7573cd4535e98b08da64ffa39e9d61b104ff36c2fde628732a40ff236f584a37af3df7e284e876f1a714059d60c61f59f0a61edd005f4728cd1ea95efd36937d"}, @TIPC_NLA_NODE_ID={0xa6, 0x3, "956cfb37b759c90a5bc32caf2c07df1c15000e29952a993bc69833f91ac459c0197a5ce105c504f66b961406719d34da239159512c50fb8d72b0cab82f395237e025aeefb98be4cf5e1e841ff7a8d47f36e35d59d9a4e56e28b442588080cbe460614ac21d0d3e88bb272e783dfe43aac32363768926b2a70b8862d8968d29a5c32420db7d84c1bebfe781b838009ab06ad7ff5ef68c994e883daccfcf66b04166ae"}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "325455af5808ec07c7d910ea7e98f555989e778d7c7e9acce0d1"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_SOCK={0x5c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x81}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5c14}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3da}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0xa8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x52c}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x82}]}]}, @TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x560}, 0x1, 0x0, 0x0, 0x4008000}, 0x50c0)
ioctl$IMGETDEVINFO(r8, 0x80044944, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015000100000000000000df25fe88000000000000000000000000010100000000000000000000000000000001000000004e2300000a00100000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\b'], 0xb8}}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000480)={r6})

909.556044ms ago: executing program 0 (id=6406):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x12, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0)

841.098147ms ago: executing program 2 (id=6407):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x20008840)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYRES32=r0, @ANYRESDEC, @ANYBLOB="76004345f1c2c51019db2d2bfd138227c2ee7f970be885ae7ef4c10b3a61cef95aea9366d1dd26e4820323399b363913483f65bf5cf3f679573731b845fbc1a397531b3aa768d16297bc555c077832ba40851980783fbabbb32dd5c3ce2f59ff8c5a9a8e647b5c88ffb5c3f245fc0586c551c326fdec6b027b487a636fc19d2260510883ea7d3d2911860f8018a97b50027b7cda908fb8579ca928afe9c9c01b7b5a9c57088f30f180165d3e98c1d4c0d9c2ee351750b7a99368171edc376a4123cf3b00"/208, @ANYRES64=r0, @ANYRESHEX=0x0], 0x44}, 0x1, 0x0, 0x0, 0x40080c1}, 0x4004005)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x0, {}, [{0x68, 0x1, [@m_vlan={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PARMS={0x1c, 0x2, {{}, 0x2}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000200)={0x0, 0xa, 0x6492, 0xa, 0x4, 0x3ff, 0xf26, 0x4, {0x0, @in={{0x2, 0x4e03, @local}}, 0x1000, 0x1ff, 0x5, 0xf1f, 0x2}}, &(0x7f00000000c0)=0xb0)
socket(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f00000000c0)={'sit0\x00', 0x0})
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0xc4)
r5 = socket(0x15, 0x4, 0x1)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e23, 0x3ff, @empty, 0xfffffffe}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000840))
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0)
accept(r3, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, <r7=>0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x10, r3, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0xdb, &(0x7f0000000100)=[{&(0x7f0000000400)=""/247, 0x200105d0}], 0xc}, 0x1f00)
sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x4b201dd90fa4b675)
ioctl$SIOCPNDELRESOURCE(r7, 0x89ef, &(0x7f0000000140)=0x80000001)

828.894927ms ago: executing program 4 (id=6408):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000ff7f0000000000000d0000009500"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0) (fail_nth: 67)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

820.855848ms ago: executing program 3 (id=6409):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @loopback}, {0x2, 0x4e24, @remote}, {0x2, 0x4e20, @private=0xa010101}, 0x227, 0x0, 0x0, 0x0, 0x3300, &(0x7f00000000c0)='batadv_slave_0\x00', 0x79, 0x5, 0x2})
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c0100001000010000000000fcdbdf2500000000000000000000000000000000fe80000000000000000000000000001600000000081e00040000208021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e000000100000000000000000000000000000000330000007f0000010000000000000000000000000104000000000000000000000000000008000000000000000000000000000000ffffffff00000000030000000000000000000000000000000000000800000000fdffffffffffffff0000000000000000fdffffffffffffff01000080000000000000000001000000fcffffff00000000000000000a0004014000951befc6000089000100726d643136300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008020000d5deb33e8d02d5b4c6cdd277a6d0adde7a89a2677f61d0a96eb8706a52b9fbdc312b5aeab8894c491a358ef76ec179b21865e1b6f29b2da7d564f2bcd96ec67ffc000000686cf200986a2ca7fa60bc32d5c14184"], 0x17c}, 0x1, 0x0, 0x0, 0x24040021}, 0x0)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x2c, 0x19, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x8004)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000080)={0x9, 0x7, 0x100, 0x80, 0x3})
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604dd3180014060000000000000000000001fe8000000000000000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000090780000"], 0x0)

673.063745ms ago: executing program 0 (id=6410):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="40050201070903"], 0x7)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x773568b9b38b679a}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r6 = socket(0x2, 0x80805, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f00000004c0))
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xaa}}, 0x8)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r2)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f00000010c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, &(0x7f0000000180)={r8, @in={{0x2, 0x4e22, @empty}}, 0x7, 0x4002}, 0x90)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001e00431b2abd03000000000035f5b39d293107000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x240488c8)

318.811193ms ago: executing program 4 (id=6411):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x40, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x3}, [@FIB_RULE_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x62}, @FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x2}, @FRA_SRC={0x14, 0x2, @private0}]}, 0x40}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r7, 0x0)
mmap(&(0x7f0000c61000/0x4000)=nil, 0x4000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r8, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0xdfdddf82bb4cc70c, 0x28011, r9, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r9, 0x1000)
r10 = socket(0x10, 0x803, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001380)=@newtfilter={0x48, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r12, {0xfff3}, {}, {0xd, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FD={0x8, 0x6, r10}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x7}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x400c021}, 0x0)
write$nci(r0, &(0x7f0000000a40)=ANY=[@ANYBLOB="61050405230480030405040b2b0301dc"], 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff00000000000008004500003000000000fe019078ac1e0001ac1414aa0301907803246b80e413ad102efd0000450000000001000000010007ac1414aa64010102"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x4}, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x14, 0x8, 0x1, 0x0, [{@remote}, {@multicast2}]}]}}, @timestamp={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}}}}}, 0x0)

217.832084ms ago: executing program 3 (id=6412):
socket$igmp(0x2, 0x3, 0x2)
getpeername$packet(0xffffffffffffffff, &(0x7f0000002240)={0x11, 0x0, <r0=>0x0}, &(0x7f0000002280)=0x14)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r2)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, 0x0, 0x4040)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000007d552f01a4982b07c6c0ca00000a000000", @ANYRES32=r0, @ANYBLOB="00005e00140001ffffffff00"/24], 0x30}}, 0x4000040)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001900)={&(0x7f00000000c0)=ANY=[], 0x0, 0x28, 0x0, 0x401, 0x8}, 0x28)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x13)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r3)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fddbdf250800000006000e000900000006000e0081000000080017000ae0482015c66278f547616162dbba46eab69d0e0681d4f49fe129ed68646b947882a2c8a420cf12c6de6c560112c3651b6a8bd9606ca5dc6f313dde905256595ce41dd80a0134b81ad473aff9abd4377c1c6f1f892bbeece928491fdb11dc4bc7d6a02cc8c6d1bf635d84ac23bd0f850f9b0b8ea117594d4fc40261e4a9686528cd8a52617c290cd93a532d839ae98f517a2d7537badbfd9461c757", @ANYRES32=r7, @ANYBLOB="0600010000000000"], 0x34}, 0x1, 0x0, 0x0, 0x240400d5}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)={0x34, r6, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x5, 0x5e}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000881}, 0x80)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fbdbdf25240000000e0001006e657464657673696d0000000f0002006e657464657673696d3000"], 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x0)

113.203367ms ago: executing program 0 (id=6413):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @mcast1, 0x99f}, 0x1c)
connect$inet6(r4, &(0x7f0000000280)={0xa, 0x4e24, 0x3, @mcast1, 0x7}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
socket(0x23, 0x4, 0x401)
sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fbdbdf25020000000a000900ffffffffffff000008003c00ff000000080031005e47000005003300010000000a6f40c78c517525bfac22355907a0f43a183ed01264a92785dfd6f6789bdae7566c4d4edb56c49d1e341fbc093cdeb52fe0ada3ff0bc4591d2b87f044030d31d7a1c1827469f923abfdf20ba15c46cf7d5701bab8a873cdf771b9b07dad5fc8091d67ecda9d78173c0b468ce5b1f02d5df133eda8cb0efef103dd96279a427ae78efd4e"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8004)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000000)={'syztnl2\x00', r5, 0x20, 0x80, 0x1, 0x9, {{0x8, 0x4, 0x3, 0x1, 0x20, 0x68, 0x0, 0x75, 0x2f, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0xb, 0x3b, [@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001040)=@base={0xa, 0x4, 0x4, 0xc}, 0x50)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
r9 = accept4(r8, 0x0, 0x0, 0x0)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r9, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, r10, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x20}}, 0x44000014)
read$alg(r9, &(0x7f0000000000)=""/35, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@dellink={0x34, 0x11, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x80000, 0x2008}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'ipvlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x80)

0s ago: executing program 2 (id=6414):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb0, r0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4041}, 0x80)
r1 = socket$netlink(0x10, 0x3, 0x12)
writev(r1, &(0x7f0000000480)=[{&(0x7f00000001c0)="cad3e423472c84d159aea362cd7d646973344a9953b002f78f700fadedc285ff630eec5d355e10ab685b993ea80816c0655eebbf6c2df64afab4d57bfb3f098fd6a9a5df476585fac8791489bfdbde1516067b3c39f6bcf1ed53ff9ee579a312fbb485", 0x63}, {&(0x7f0000000240)="1714dc42402c65f339af2bcf4b7ffd62b98dfbfce0f57ff0953fc753f0c415f82e3540e21e818afce1d777bd3c4282e70b09d7e0efa60b36dee1b52eeaca262eddc9d04df4afcc08b7cb03dfdf6b457fc80e603578c176387aa4805aaf27c85962b592b818a0841da082927cf50a1ab5192814ccd6cab1d3a33ff931a279104074a3349c517dd865eddc307aaf05f73a43aea2", 0x93}, {&(0x7f0000000300)="83960095f91fbc2d9ce0b128441ea1d84fdca4cb10e8fb3c5f3dae39ed156f57763fc0b675855d1ce7eaa1ba0eeb8630d76fd7ea7e5664e6c54a085ac97e3d01c7ab8c2505a02f8ff39336c5ade9994fee30ceb59dfbec0138f4c56476df03925b7abd64ef01d19529c5a39456ee78dd6193094f3f251944633840b12fb6bae63a9d4967d3d11c17c16625ecfaa41d45e65e892c8858dec698a4a3fbc50b4c28f4cf471f81eede6e7865427bfe8f1150922ccfc7ef4970d798c52cd90481431e4d3af3ddfd35363eec00273c69b3ef96a1c157d966", 0xd5}, {&(0x7f0000000400)="293c814ba22b7ad08b08b74c280df9e3af4e634ccf43094ec80b5f2ed1d682b9a963e495515d731abd6f4780de8963dfe47683f9a00da60a957c4f87e0907e6bccf5f1d7", 0x44}], 0x4)
r2 = socket$kcm(0x29, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000500), &(0x7f0000000540)=0x4)
unshare(0x400)
setsockopt$sock_int(r1, 0x1, 0x1, &(0x7f0000000580)=0x9, 0x4)
bind$bt_rfcomm(0xffffffffffffffff, &(0x7f00000005c0)={0x1f, @any, 0x40}, 0xa)
r4 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r4, &(0x7f0000001d80)={&(0x7f0000000600)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f00000017c0)=[{&(0x7f0000000640)=""/146, 0x92}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/162, 0xa2}], 0x3, &(0x7f0000001b80)=[@cswp={0x58, 0x114, 0x7, {{0x4, 0x7}, &(0x7f0000001800)=0x7, &(0x7f0000001840)=0x9, 0xf3, 0x0, 0x5, 0x3, 0x48, 0xfd}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x7}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001880)=""/218, 0xda}, &(0x7f0000001980), 0x62}}, @rdma_dest={0x18, 0x114, 0x2, {0x2, 0x7}}, @zcopy_cookie={0x18, 0x114, 0xc, 0xfffffeff}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}, @cswp={0x58, 0x114, 0x7, {{0x80000001, 0x8}, &(0x7f00000019c0)=0x4, &(0x7f0000001a00)=0xe, 0x0, 0x7, 0x400, 0x5, 0x0, 0x25}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000001a40)=""/71, 0x47}, &(0x7f0000001ac0), 0x8}}, @cswp={0x58, 0x114, 0x7, {{0x1, 0x9}, &(0x7f0000001b00)=0x1059fa8e, &(0x7f0000001b40)=0x7, 0x2, 0x0, 0x0, 0xfffffffffffffff7, 0x21, 0x8000}}], 0x1c8, 0x40010}, 0x2000c010)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r1, &(0x7f0000001e80)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001e40)={&(0x7f0000001e00)={0x18, 0x140a, 0x100, 0x70bd2b, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40084}, 0x20004000)
ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611)
r5 = accept(r4, 0x0, &(0x7f0000001ec0))
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000001f00)={0x3, 0x37, 0x4, 0x7, 0x1, 0x66, 0x0, 0x2, 0xf3, 0xd, 0x8, 0xb8, 0x82, 0x2}, 0xe)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
recvmmsg(r6, &(0x7f00000020c0)=[{{&(0x7f0000001f40)=@l2, 0x80, &(0x7f0000002040)=[{&(0x7f0000001fc0)=""/80, 0x50}], 0x1, &(0x7f0000002080)}, 0x80000000}], 0x1, 0x4000, &(0x7f0000002100))
getsockname$inet6(r5, &(0x7f0000002140)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000002180)=0x1c)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f00000023c0)={&(0x7f00000021c0)={0x10, 0x0, 0x0, 0x4002000}, 0xc, &(0x7f0000002380)={&(0x7f0000002200)={0x174, r0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x174}, 0x1, 0x0, 0x0, 0x2000884}, 0x40000)
r7 = socket$kcm(0x29, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000002400)={<r8=>r5})
ioctl$sock_inet_SIOCGIFDSTADDR(r8, 0x8917, &(0x7f0000002440)={'veth0_to_team\x00', {0x2, 0x0, @empty}})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_GET(r5, &(0x7f0000002580)={&(0x7f0000002480)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000002540)={&(0x7f00000024c0)={0x74, r0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000002600), r5)
sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000002840)={&(0x7f00000025c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002800)={&(0x7f0000002640)={0x19c, r10, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x64, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x306}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x34f1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc00}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa42}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfff}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffff247}]}, @TIPC_NLA_SOCK={0xb4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x61b}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x400}]}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x40a2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb173}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6dff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}]}, @TIPC_NLA_NODE={0x18, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4800}, 0x4)
sendmsg$RDMA_NLDEV_CMD_GET(r8, &(0x7f0000002980)={&(0x7f0000002880)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002940)={&(0x7f00000028c0)={0x50, 0x1401, 0x200, 0x70bd26, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x4040004)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r8, 0x10e, 0x8, &(0x7f00000029c0)=0x5, 0x4)
sendmsg$IPVS_CMD_SET_SERVICE(r9, &(0x7f0000002b80)={&(0x7f0000002a00)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002b40)={&(0x7f0000002a80)={0xa0, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9b}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xdc}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xdecc}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x400}]}]}, 0xa0}}, 0x40814)

kernel console output (not intermixed with test programs):

403]  ? __pfx_gup_fast_fallback+0x10/0x10
[  400.072561][T23403]  ? rcu_is_watching+0x15/0xb0
[  400.072579][T23403]  ? is_valid_gup_args+0x11f/0x200
[  400.072600][T23403]  ? pin_user_pages_fast+0x4d/0xb0
[  400.072621][T23403]  rds_cmsg_rdma_args+0x8f4/0x1240
[  400.072654][T23403]  ? rcu_is_watching+0x15/0xb0
[  400.072671][T23403]  rds_cmsg_send+0x33d/0x5c0
[  400.072701][T23403]  rds_sendmsg+0x1129/0x1f00
[  400.072732][T23403]  ? __pfx_rds_sendmsg+0x10/0x10
[  400.072754][T23403]  ? aa_sk_perm+0x81e/0x950
[  400.072779][T23403]  ? __might_fault+0xb0/0x130
[  400.072800][T23403]  ? __pfx_aa_sk_perm+0x10/0x10
[  400.072822][T23403]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  400.072843][T23403]  ? aa_sock_msg_perm+0xf1/0x1d0
[  400.072860][T23403]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  400.072879][T23403]  ? __pfx_rds_sendmsg+0x10/0x10
[  400.072902][T23403]  __sock_sendmsg+0x21c/0x270
[  400.072926][T23403]  ____sys_sendmsg+0x505/0x830
[  400.072946][T23403]  ? __pfx_____sys_sendmsg+0x10/0x10
[  400.072968][T23403]  ? import_iovec+0x74/0xa0
[  400.072989][T23403]  ___sys_sendmsg+0x21f/0x2a0
[  400.073007][T23403]  ? __pfx____sys_sendmsg+0x10/0x10
[  400.073041][T23403]  ? __fget_files+0x2a/0x420
[  400.073057][T23403]  ? __fget_files+0x3a0/0x420
[  400.073077][T23403]  __x64_sys_sendmsg+0x19b/0x260
[  400.073097][T23403]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  400.073119][T23403]  ? __pfx_ksys_write+0x10/0x10
[  400.073141][T23403]  ? rcu_is_watching+0x15/0xb0
[  400.073160][T23403]  ? rcu_is_watching+0x15/0xb0
[  400.073178][T23403]  do_syscall_64+0xfa/0x3b0
[  400.073194][T23403]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.073211][T23403]  ? clear_bhb_loop+0x60/0xb0
[  400.073231][T23403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.073248][T23403] RIP: 0033:0x7f97bdf8ebe9
[  400.073263][T23403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.073279][T23403] RSP: 002b:00007f97bee19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  400.073299][T23403] RAX: ffffffffffffffda RBX: 00007f97be1b5fa0 RCX: 00007f97bdf8ebe9
[  400.073313][T23403] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000004
[  400.073325][T23403] RBP: 00007f97bee19090 R08: 0000000000000000 R09: 0000000000000000
[  400.073337][T23403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  400.073348][T23403] R13: 00007f97be1b6038 R14: 00007f97be1b5fa0 R15: 00007ffdb5745a98
[  400.073369][T23403]  </TASK>
[  400.095582][T23240] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  400.522708][T23395] bond0: (slave wlan1): Opening slave failed
[  400.587014][T23240] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  400.685656][T23432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5726'.
[  400.702448][T23240] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  400.777349][ T5856] Bluetooth: hci3: command tx timeout
[  400.898090][T23240] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  400.981011][T23442] syzkaller0: create flow: hash 4252956971 index 1
[  401.090987][T23457] siw: device registration error -23
[  401.109943][T23442] syzkaller0: delete flow: hash 4252956971 index 1
[  401.241612][T23464] netlink: 'syz.4.5737': attribute type 11 has an invalid length.
[  401.264377][T23240] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.308822][T23467] hsr0 speed is unknown, defaulting to 1000
[  401.322171][T23240] 8021q: adding VLAN 0 to HW filter on device team0
[  401.368995][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.376303][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  401.467544][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.474656][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state
[  401.525088][T23240] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  401.630166][T23490] netlink: 116 bytes leftover after parsing attributes in process `syz.1.5744'.
[  401.650053][T23492] netlink: 16386 bytes leftover after parsing attributes in process `syz.4.5743'.
[  401.750220][T23499] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5747'.
[  401.765457][T23499] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5747'.
[  401.799783][T23503] macsec1: entered promiscuous mode
[  401.805101][T23503] dummy0: entered promiscuous mode
[  401.814601][T23503] macsec1: entered allmulticast mode
[  401.822816][T23503] dummy0: entered allmulticast mode
[  401.834157][T23503] dummy0: left allmulticast mode
[  401.841832][T23503] dummy0: left promiscuous mode
[  401.882269][T23240] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.932023][T23240] veth0_vlan: entered promiscuous mode
[  401.955868][T23511] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  401.961164][T23240] veth1_vlan: entered promiscuous mode
[  402.042568][T23517] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5754'.
[  402.043784][T23240] veth0_macvtap: entered promiscuous mode
[  402.072282][T23519] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5755'.
[  402.088300][T23517] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5754'.
[  402.090397][T23240] veth1_macvtap: entered promiscuous mode
[  402.124510][T23517] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5754'.
[  402.176845][T23240] batman_adv: batadv0: Interface activated: batadv_slave_0
[  402.219882][T23240] batman_adv: batadv0: Interface activated: batadv_slave_1
[  402.280913][   T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  402.313073][   T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  402.339593][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  402.351667][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  402.430432][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.444092][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.515825][  T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.529551][  T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.603656][T23566] netlink: 'syz.1.5765': attribute type 10 has an invalid length.
[  402.645510][T23560] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING
[  402.741948][T23579] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  402.824597][T23587] hsr0 speed is unknown, defaulting to 1000
[  402.857265][ T5856] Bluetooth: hci3: command tx timeout
[  402.863497][T23598] FAULT_INJECTION: forcing a failure.
[  402.863497][T23598] name failslab, interval 1, probability 0, space 0, times 0
[  402.958386][T23598] CPU: 1 UID: 0 PID: 23598 Comm: syz.4.5773 Not tainted syzkaller #0 PREEMPT(full) 
[  402.958414][T23598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  402.958426][T23598] Call Trace:
[  402.958434][T23598]  <TASK>
[  402.958442][T23598]  dump_stack_lvl+0x189/0x250
[  402.958468][T23598]  ? __pfx____ratelimit+0x10/0x10
[  402.958492][T23598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.958513][T23598]  ? __pfx__printk+0x10/0x10
[  402.958536][T23598]  ? __pfx___might_resched+0x10/0x10
[  402.958553][T23598]  ? lock_acquire+0x5f/0x360
[  402.958579][T23598]  should_fail_ex+0x414/0x560
[  402.958603][T23598]  should_failslab+0xa8/0x100
[  402.958628][T23598]  __kmalloc_noprof+0xcb/0x4f0
[  402.958648][T23598]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  402.958674][T23598]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  402.958699][T23598]  genl_family_rcv_msg_doit+0xb8/0x300
[  402.958724][T23598]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  402.958748][T23598]  ? apparmor_capable+0x137/0x1b0
[  402.958770][T23598]  ? bpf_lsm_capable+0x9/0x20
[  402.958792][T23598]  ? security_capable+0x7e/0x2e0
[  402.958819][T23598]  genl_rcv_msg+0x60e/0x790
[  402.958842][T23598]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.958861][T23598]  ? __kasan_slab_alloc+0x6c/0x80
[  402.958882][T23598]  ? __pfx_netlbl_mgmt_adddef+0x10/0x10
[  402.958900][T23598]  ? __netlink_lookup+0xbd/0x810
[  402.958915][T23598]  ? rcu_is_watching+0x15/0xb0
[  402.958934][T23598]  netlink_rcv_skb+0x205/0x470
[  402.958956][T23598]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.958975][T23598]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  402.959004][T23598]  ? lock_release+0x4b/0x3e0
[  402.959027][T23598]  ? down_read+0x1ad/0x2e0
[  402.959043][T23598]  genl_rcv+0x28/0x40
[  402.959061][T23598]  netlink_unicast+0x82c/0x9e0
[  402.959085][T23598]  ? __pfx_netlink_unicast+0x10/0x10
[  402.959107][T23598]  ? netlink_sendmsg+0x642/0xb30
[  402.959122][T23598]  ? skb_put+0x11b/0x210
[  402.959141][T23598]  netlink_sendmsg+0x805/0xb30
[  402.959161][T23598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.959178][T23598]  ? aa_sock_msg_perm+0xf1/0x1d0
[  402.959194][T23598]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  402.959212][T23598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.959228][T23598]  __sock_sendmsg+0x21c/0x270
[  402.959252][T23598]  ____sys_sendmsg+0x505/0x830
[  402.959270][T23598]  ? __pfx_____sys_sendmsg+0x10/0x10
[  402.959291][T23598]  ? import_iovec+0x74/0xa0
[  402.959310][T23598]  ___sys_sendmsg+0x21f/0x2a0
[  402.959335][T23598]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.959367][T23598]  ? __fget_files+0x2a/0x420
[  402.959381][T23598]  ? __fget_files+0x3a0/0x420
[  402.959398][T23598]  __x64_sys_sendmsg+0x19b/0x260
[  402.959417][T23598]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  402.959438][T23598]  ? __pfx_ksys_write+0x10/0x10
[  402.959459][T23598]  ? rcu_is_watching+0x15/0xb0
[  402.959477][T23598]  ? rcu_is_watching+0x15/0xb0
[  402.959495][T23598]  do_syscall_64+0xfa/0x3b0
[  402.959511][T23598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.959528][T23598]  ? clear_bhb_loop+0x60/0xb0
[  402.959547][T23598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.959563][T23598] RIP: 0033:0x7f267b18ebe9
[  402.959578][T23598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.959594][T23598] RSP: 002b:00007f26793f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.959613][T23598] RAX: ffffffffffffffda RBX: 00007f267b3b5fa0 RCX: 00007f267b18ebe9
[  402.959627][T23598] RDX: 0000000000004080 RSI: 0000200000002380 RDI: 0000000000000004
[  402.959638][T23598] RBP: 00007f26793f6090 R08: 0000000000000000 R09: 0000000000000000
[  402.959650][T23598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.959660][T23598] R13: 00007f267b3b6038 R14: 00007f267b3b5fa0 R15: 00007fffc8c19c48
[  402.959682][T23598]  </TASK>
[  403.364666][T23610] syz_tun: entered allmulticast mode
[  403.393430][T23610] dvmrp8: entered allmulticast mode
[  403.401806][T23610] syz_tun: left allmulticast mode
[  403.410412][T23610] dvmrp8: left allmulticast mode
[  403.512197][T23610] netlink: 'syz.3.5776': attribute type 23 has an invalid length.
[  403.618741][T23623] tipc: Failed to remove unknown binding: 66,1,1/0:2891516732/2891516734
[  403.674760][T23623] tipc: Failed to remove unknown binding: 66,1,1/0:2891516732/2891516734
[  403.683764][T23623] tipc: Failed to remove unknown binding: 66,1,1/0:2891516732/2891516734
[  403.755824][T23637] FAULT_INJECTION: forcing a failure.
[  403.755824][T23637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.778691][T23637] CPU: 1 UID: 0 PID: 23637 Comm: syz.0.5784 Not tainted syzkaller #0 PREEMPT(full) 
[  403.778717][T23637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  403.778728][T23637] Call Trace:
[  403.778735][T23637]  <TASK>
[  403.778743][T23637]  dump_stack_lvl+0x189/0x250
[  403.778767][T23637]  ? __pfx____ratelimit+0x10/0x10
[  403.778791][T23637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.778811][T23637]  ? __pfx__printk+0x10/0x10
[  403.778831][T23637]  ? __might_fault+0xb0/0x130
[  403.778854][T23637]  ? kasan_save_track+0x3e/0x80
[  403.778872][T23637]  ? __kasan_kmalloc+0x93/0xb0
[  403.778894][T23637]  ? rcu_is_watching+0x15/0xb0
[  403.778913][T23637]  should_fail_ex+0x414/0x560
[  403.778937][T23637]  _copy_from_user+0x2d/0xb0
[  403.778965][T23637]  csum_and_copy_from_iter_full+0x1e1/0x1eb0
[  403.778995][T23637]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  403.779020][T23637]  ? trace_kmalloc+0x1f/0xd0
[  403.779042][T23637]  ip_generic_getfrag+0x12f/0x2b0
[  403.779065][T23637]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  403.779087][T23637]  ? skb_put+0x11b/0x210
[  403.779105][T23637]  __ip6_append_data+0x3971/0x3f30
[  403.779138][T23637]  ? __pfx_raw6_getfrag+0x10/0x10
[  403.779158][T23637]  ? lock_release+0x4b/0x3e0
[  403.779184][T23637]  ? __pfx___ip6_append_data+0x10/0x10
[  403.779205][T23637]  ? __pfx_ip6_mtu+0x10/0x10
[  403.779229][T23637]  ip6_append_data+0x1c4/0x380
[  403.779253][T23637]  ? __pfx_raw6_getfrag+0x10/0x10
[  403.779270][T23637]  rawv6_sendmsg+0x127a/0x1820
[  403.779302][T23637]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  403.779329][T23637]  ? unwind_next_frame+0xa5/0x2390
[  403.779355][T23637]  ? __pfx_aa_sk_perm+0x10/0x10
[  403.779380][T23637]  ? rcu_is_watching+0x15/0xb0
[  403.779395][T23637]  ? sock_rps_record_flow+0x19/0x410
[  403.779418][T23637]  ? inet_sendmsg+0x2f4/0x370
[  403.779437][T23637]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  403.779457][T23637]  __sock_sendmsg+0x19c/0x270
[  403.779480][T23637]  sock_write_iter+0x258/0x330
[  403.779502][T23637]  ? __pfx_sock_write_iter+0x10/0x10
[  403.779527][T23637]  ? kstrtoull+0x12f/0x1d0
[  403.779553][T23637]  do_iter_readv_writev+0x619/0x8b0
[  403.779580][T23637]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  403.779602][T23637]  ? common_file_perm+0x1b5/0x230
[  403.779628][T23637]  ? bpf_lsm_file_permission+0x9/0x20
[  403.779648][T23637]  ? security_file_permission+0x75/0x290
[  403.779670][T23637]  ? rw_verify_area+0x255/0x4d0
[  403.779692][T23637]  vfs_writev+0x31a/0x960
[  403.779708][T23637]  ? security_file_permission+0x75/0x290
[  403.779732][T23637]  ? __pfx_vfs_writev+0x10/0x10
[  403.779747][T23637]  ? vfs_write+0x956/0xb30
[  403.779772][T23637]  ? lock_release+0x4b/0x3e0
[  403.779797][T23637]  ? __fget_files+0x3a0/0x420
[  403.779812][T23637]  ? __fget_files+0x2a/0x420
[  403.779831][T23637]  do_writev+0x14d/0x2d0
[  403.779849][T23637]  ? __pfx_do_writev+0x10/0x10
[  403.779864][T23637]  ? rcu_is_watching+0x15/0xb0
[  403.779883][T23637]  ? rcu_is_watching+0x15/0xb0
[  403.779921][T23637]  do_syscall_64+0xfa/0x3b0
[  403.779938][T23637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.779961][T23637]  ? clear_bhb_loop+0x60/0xb0
[  403.779980][T23637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.779997][T23637] RIP: 0033:0x7f97bdf8ebe9
[  403.780014][T23637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.780029][T23637] RSP: 002b:00007f97bedf8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  403.780049][T23637] RAX: ffffffffffffffda RBX: 00007f97be1b6090 RCX: 00007f97bdf8ebe9
[  403.780063][T23637] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000004
[  403.780075][T23637] RBP: 00007f97bedf8090 R08: 0000000000000000 R09: 0000000000000000
[  403.780087][T23637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.780098][T23637] R13: 00007f97be1b6128 R14: 00007f97be1b6090 R15: 00007ffdb5745a98
[  403.780119][T23637]  </TASK>
[  404.198743][T23644] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  404.374860][T23660] __nla_validate_parse: 10 callbacks suppressed
[  404.374879][T23660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5789'.
[  404.519304][T23664] syzkaller0: create flow: hash 4252956971 index 1
[  404.543670][T23664] syzkaller0: delete flow: hash 4252956971 index 1
[  404.717758][T23676] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  404.849380][T23687] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5805'.
[  404.859119][T23687] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5805'.
[  404.870937][T23687] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5805'.
[  404.941183][ T5856] Bluetooth: hci3: command tx timeout
[  404.953904][T23696] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5806'.
[  404.985403][T23696] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5806'.
[  404.998985][T23700] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  405.019048][T23696] netlink: 104 bytes leftover after parsing attributes in process `syz.4.5806'.
[  405.062891][T23702] netlink: 128 bytes leftover after parsing attributes in process `syz.4.5810'.
[  405.076009][T23702] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  405.088887][T23705] Bluetooth: MGMT ver 1.23
[  405.151533][T23708] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  405.209644][T23712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5814'.
[  405.236231][T23712] macvtap1: entered promiscuous mode
[  405.243416][T23712] dummy0: entered promiscuous mode
[  405.248926][T23712] macvtap1: entered allmulticast mode
[  405.255036][T23712] dummy0: entered allmulticast mode
[  405.349771][T23727] veth3: entered promiscuous mode
[  405.359222][T23726] hsr0 speed is unknown, defaulting to 1000
[  405.414330][T23729] netlink: 'syz.4.5820': attribute type 280 has an invalid length.
[  405.433245][T23729] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5820'.
[  405.612931][T23750] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  405.638614][T23744] tap0: tun_chr_ioctl cmd 1074025677
[  405.654878][T23744] tap0: linktype set to 0
[  405.727630][T23755] geneve2: left promiscuous mode
[  405.744394][T23758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  405.750889][T23758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  405.760025][T23755] bond0: (slave gretap1): Releasing active interface
[  405.782541][ T3539] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.801480][ T3539] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.863634][   T13] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.872909][   T13] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  405.907229][T23771] FAULT_INJECTION: forcing a failure.
[  405.907229][T23771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.938588][T23771] CPU: 1 UID: 0 PID: 23771 Comm: syz.3.5834 Not tainted syzkaller #0 PREEMPT(full) 
[  405.938631][T23771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  405.938650][T23771] Call Trace:
[  405.938662][T23771]  <TASK>
[  405.938678][T23771]  dump_stack_lvl+0x189/0x250
[  405.938720][T23771]  ? __pfx____ratelimit+0x10/0x10
[  405.938754][T23771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.938773][T23771]  ? __pfx__printk+0x10/0x10
[  405.938798][T23771]  ? rcu_is_watching+0x15/0xb0
[  405.938817][T23771]  should_fail_ex+0x414/0x560
[  405.938840][T23771]  _copy_to_user+0x31/0xb0
[  405.938858][T23771]  simple_read_from_buffer+0xe1/0x170
[  405.938883][T23771]  proc_fail_nth_read+0x1b3/0x220
[  405.938904][T23771]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  405.938923][T23771]  ? rw_verify_area+0x2a6/0x4d0
[  405.938944][T23771]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  405.938962][T23771]  vfs_read+0x1fd/0xa30
[  405.938993][T23771]  ? __pfx_vfs_read+0x10/0x10
[  405.939013][T23771]  ? __sys_bpf+0x64c/0x870
[  405.939035][T23771]  ? __pfx___sys_bpf+0x10/0x10
[  405.939061][T23771]  ksys_read+0x145/0x250
[  405.939083][T23771]  ? __pfx_ksys_read+0x10/0x10
[  405.939102][T23771]  ? rcu_is_watching+0x15/0xb0
[  405.939121][T23771]  ? rcu_is_watching+0x15/0xb0
[  405.939139][T23771]  do_syscall_64+0xfa/0x3b0
[  405.939156][T23771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.939173][T23771]  ? clear_bhb_loop+0x60/0xb0
[  405.939192][T23771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.939209][T23771] RIP: 0033:0x7f933ed8d5fc
[  405.939226][T23771] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  405.939242][T23771] RSP: 002b:00007f933fb73030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  405.939262][T23771] RAX: ffffffffffffffda RBX: 00007f933efb5fa0 RCX: 00007f933ed8d5fc
[  405.939278][T23771] RDX: 000000000000000f RSI: 00007f933fb730a0 RDI: 0000000000000006
[  405.939287][T23771] RBP: 00007f933fb73090 R08: 0000000000000000 R09: 0000000000000000
[  405.939296][T23771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.939305][T23771] R13: 00007f933efb6038 R14: 00007f933efb5fa0 R15: 00007ffd4ad955c8
[  405.939324][T23771]  </TASK>
[  405.956493][T23773] bridge0: port 1(bond1) entered blocking state
[  406.173603][T23788] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  406.182379][T23773] bridge0: port 1(bond1) entered disabled state
[  406.194399][T23773] bond1: entered allmulticast mode
[  406.201437][T23773] bond1: entered promiscuous mode
[  406.291848][T23793] ÿÿÿÿ: tun_chr_ioctl cmd 2147767520
[  406.299875][T23796] netlink: 'syz.3.5843': attribute type 2 has an invalid length.
[  406.310794][T23795] netlink: 'syz.0.5842': attribute type 2 has an invalid length.
[  406.332202][T23796] þ
: entered promiscuous mode
[  406.621624][T23821] FAULT_INJECTION: forcing a failure.
[  406.621624][T23821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.623661][T23819] macsec1: entered promiscuous mode
[  406.642529][T23819] dummy0: entered promiscuous mode
[  406.648298][T23819] macsec1: entered allmulticast mode
[  406.654305][T23819] dummy0: entered allmulticast mode
[  406.664072][T23819] dummy0: left allmulticast mode
[  406.665896][T23821] CPU: 0 UID: 0 PID: 23821 Comm: syz.4.5846 Not tainted syzkaller #0 PREEMPT(full) 
[  406.665920][T23821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  406.665931][T23821] Call Trace:
[  406.665938][T23821]  <TASK>
[  406.665945][T23821]  dump_stack_lvl+0x189/0x250
[  406.665971][T23821]  ? __pfx____ratelimit+0x10/0x10
[  406.665996][T23821]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.666016][T23821]  ? __pfx__printk+0x10/0x10
[  406.666039][T23821]  ? __pfx_migrate_enable+0x10/0x10
[  406.666059][T23821]  ? rcu_is_watching+0x15/0xb0
[  406.666077][T23821]  should_fail_ex+0x414/0x560
[  406.666101][T23821]  _copy_to_user+0x31/0xb0
[  406.666121][T23821]  generic_map_lookup_batch+0x896/0xcc0
[  406.666139][T23821]  ? rcu_is_watching+0x15/0xb0
[  406.666165][T23821]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  406.666183][T23821]  ? __fget_files+0x2a/0x420
[  406.666200][T23821]  ? __pfx_generic_map_lookup_batch+0x10/0x10
[  406.666219][T23821]  bpf_map_do_batch+0x25b/0x5f0
[  406.666241][T23821]  ? security_bpf+0x7e/0x300
[  406.666264][T23821]  __sys_bpf+0x557/0x870
[  406.666286][T23821]  ? __pfx___sys_bpf+0x10/0x10
[  406.666312][T23821]  ? ksys_write+0x22a/0x250
[  406.666333][T23821]  ? __pfx_ksys_write+0x10/0x10
[  406.666353][T23821]  ? rcu_is_watching+0x15/0xb0
[  406.666372][T23821]  __x64_sys_bpf+0x7c/0x90
[  406.666391][T23821]  do_syscall_64+0xfa/0x3b0
[  406.666408][T23821]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.666425][T23821]  ? clear_bhb_loop+0x60/0xb0
[  406.666443][T23821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.666460][T23821] RIP: 0033:0x7f267b18ebe9
[  406.666476][T23821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.666491][T23821] RSP: 002b:00007f26793f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  406.666510][T23821] RAX: ffffffffffffffda RBX: 00007f267b3b5fa0 RCX: 00007f267b18ebe9
[  406.666523][T23821] RDX: 0000000000000038 RSI: 00002000000001c0 RDI: 0000000000000018
[  406.666535][T23821] RBP: 00007f26793f6090 R08: 0000000000000000 R09: 0000000000000000
[  406.666547][T23821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  406.666557][T23821] R13: 00007f267b3b6038 R14: 00007f267b3b5fa0 R15: 00007fffc8c19c48
[  406.666577][T23821]  </TASK>
[  406.907374][T23819] dummy0: left promiscuous mode
[  407.019902][ T5856] Bluetooth: hci3: command tx timeout
[  407.031534][T23828] hsr0 speed is unknown, defaulting to 1000
[  407.039264][T23830] hsr0 speed is unknown, defaulting to 1000
[  407.056677][T23834] netlink: 'syz.2.5850': attribute type 13 has an invalid length.
[  407.066160][T23834] netlink: 'syz.2.5850': attribute type 17 has an invalid length.
[  407.329728][T23834] 8021q: adding VLAN 0 to HW filter on device Ã
[  407.340908][T23850] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  407.351427][T23834] 8021q: adding VLAN 0 to HW filter on device team0
[  407.363479][T23834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.423837][T23855] veth1_to_batadv: entered promiscuous mode
[  407.430659][T23855] veth1_to_batadv: entered allmulticast mode
[  407.452106][T23857] netlink: 'syz.0.5858': attribute type 13 has an invalid length.
[  407.460672][T23857] netlink: 'syz.0.5858': attribute type 17 has an invalid length.
[  407.483471][T23857] tipc: Resetting bearer <eth:team0>
[  407.489153][T23857] tipc: Resetting bearer <eth:team0>
[  407.495996][T23857] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.542783][T23859] hsr0 speed is unknown, defaulting to 1000
[  407.745257][T23870] netlink: 'syz.3.5859': attribute type 1 has an invalid length.
[  407.961980][T23883] dummy0: left allmulticast mode
[  407.967103][T23883] dummy0: left promiscuous mode
[  407.972490][T23883] macvtap1: left promiscuous mode
[  407.980192][T23883] macvtap1: left allmulticast mode
[  408.138845][T23898] hsr0 speed is unknown, defaulting to 1000
[  408.148876][T23900] dummy0: entered promiscuous mode
[  408.154142][T23900] macsec1: entered promiscuous mode
[  408.159709][T23900] macsec1: entered allmulticast mode
[  408.165009][T23900] dummy0: entered allmulticast mode
[  408.172404][T23900] dummy0: left allmulticast mode
[  408.177777][T23900] dummy0: left promiscuous mode
[  408.271255][T23907] netlink: 'syz.1.5875': attribute type 1 has an invalid length.
[  408.281893][T23907] netlink: 'syz.1.5875': attribute type 1 has an invalid length.
[  408.489579][T23925] netlink: 'syz.3.5881': attribute type 3 has an invalid length.
[  408.703823][T23934] hsr0 speed is unknown, defaulting to 1000
[  408.829013][T23946] bond0: entered promiscuous mode
[  408.842204][T23946] batadv0: entered promiscuous mode
[  408.857989][T23946] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  408.872786][T23946] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  408.888435][T23946] hsr1: entered allmulticast mode
[  408.893575][T23946] bond0: entered allmulticast mode
[  408.900447][T23946] batadv0: entered allmulticast mode
[  408.906166][T23946] 8021q: adding VLAN 0 to HW filter on device hsr1
[  408.915062][T23946] bond0: left promiscuous mode
[  408.920533][T23946] batadv0: left promiscuous mode
[  408.971513][T23950] pimreg: entered allmulticast mode
[  409.470609][T23996] syzkaller0: create flow: hash 4252956971 index 1
[  409.482443][ T3544] syzkaller0: tun_net_xmit 76
[  409.490512][ T3544] syzkaller0: tun_net_xmit 48
[  409.508377][ T5914] syzkaller0: tun_net_xmit 76
[  409.591707][T23990] syzkaller0: delete flow: hash 4252956971 index 1
[  409.756166][T24002] FAULT_INJECTION: forcing a failure.
[  409.756166][T24002] name failslab, interval 1, probability 0, space 0, times 0
[  409.777197][T24002] CPU: 0 UID: 0 PID: 24002 Comm: syz.3.5910 Not tainted syzkaller #0 PREEMPT(full) 
[  409.777224][T24002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  409.777236][T24002] Call Trace:
[  409.777243][T24002]  <TASK>
[  409.777251][T24002]  dump_stack_lvl+0x189/0x250
[  409.777277][T24002]  ? __pfx____ratelimit+0x10/0x10
[  409.777301][T24002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.777330][T24002]  ? __pfx__printk+0x10/0x10
[  409.777353][T24002]  ? fs_reclaim_acquire+0x7d/0x100
[  409.777378][T24002]  ? __pfx___might_resched+0x10/0x10
[  409.777394][T24002]  ? lock_acquire+0x5f/0x360
[  409.777418][T24002]  should_fail_ex+0x414/0x560
[  409.777442][T24002]  should_failslab+0xa8/0x100
[  409.777473][T24002]  kmem_cache_alloc_noprof+0x73/0x3c0
[  409.777494][T24002]  ? alloc_empty_file+0x55/0x1d0
[  409.777515][T24002]  alloc_empty_file+0x55/0x1d0
[  409.777533][T24002]  alloc_file_pseudo+0x13d/0x210
[  409.777552][T24002]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  409.777568][T24002]  ? rcu_is_watching+0x15/0xb0
[  409.777588][T24002]  ? rcu_is_watching+0x15/0xb0
[  409.777605][T24002]  ? lock_release+0x4b/0x3e0
[  409.777630][T24002]  anon_inode_getfile+0xc5/0x1a0
[  409.777650][T24002]  bpf_link_prime+0xfc/0x220
[  409.777670][T24002]  bpf_raw_tp_link_attach+0x49a/0x6c0
[  409.777691][T24002]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  409.777715][T24002]  ? __fget_files+0x2a/0x420
[  409.777738][T24002]  bpf_raw_tracepoint_open+0x1b2/0x220
[  409.777763][T24002]  __sys_bpf+0x75a/0x870
[  409.777785][T24002]  ? __pfx___sys_bpf+0x10/0x10
[  409.777811][T24002]  ? ksys_write+0x22a/0x250
[  409.777834][T24002]  ? __pfx_ksys_write+0x10/0x10
[  409.777854][T24002]  ? rcu_is_watching+0x15/0xb0
[  409.777874][T24002]  __x64_sys_bpf+0x7c/0x90
[  409.777894][T24002]  do_syscall_64+0xfa/0x3b0
[  409.777910][T24002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.777928][T24002]  ? clear_bhb_loop+0x60/0xb0
[  409.777947][T24002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.777964][T24002] RIP: 0033:0x7f933ed8ebe9
[  409.777980][T24002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.777996][T24002] RSP: 002b:00007f933fb73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  409.778016][T24002] RAX: ffffffffffffffda RBX: 00007f933efb5fa0 RCX: 00007f933ed8ebe9
[  409.778030][T24002] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000011
[  409.778041][T24002] RBP: 00007f933fb73090 R08: 0000000000000000 R09: 0000000000000000
[  409.778053][T24002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.778064][T24002] R13: 00007f933efb6038 R14: 00007f933efb5fa0 R15: 00007ffd4ad955c8
[  409.778085][T24002]  </TASK>
[  410.064393][ T5869] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  410.073578][ T5869] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  410.090761][ T5869] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  410.110443][ T5869] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  410.119939][ T5869] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  410.144188][T24013] tipc: Started in network mode
[  410.151164][T24013] tipc: Node identity e29c096c8e13, cluster identity 4711
[  410.158733][T24013] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.168306][T24013] syzkaller0: entered promiscuous mode
[  410.173959][T24013] syzkaller0: entered allmulticast mode
[  410.212288][T24013] tipc: Resetting bearer <eth:syzkaller0>
[  410.226990][T24017] dummy0: entered promiscuous mode
[  410.232186][T24017] macsec1: entered promiscuous mode
[  410.237943][T24017] macsec1: entered allmulticast mode
[  410.243244][T24017] dummy0: entered allmulticast mode
[  410.249879][T24017] dummy0: left allmulticast mode
[  410.254937][T24017] dummy0: left promiscuous mode
[  410.272993][T24009] tipc: Resetting bearer <eth:syzkaller0>
[  410.280234][T24009] tipc: Disabling bearer <eth:syzkaller0>
[  410.291762][T24003] hsr0 speed is unknown, defaulting to 1000
[  410.531522][T24003] chnl_net:caif_netlink_parms(): no params data found
[  410.550548][T24041] FAULT_INJECTION: forcing a failure.
[  410.550548][T24041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.581070][T24045] FAULT_INJECTION: forcing a failure.
[  410.581070][T24045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.594998][T24041] CPU: 1 UID: 0 PID: 24041 Comm: syz.2.5922 Not tainted syzkaller #0 PREEMPT(full) 
[  410.595021][T24041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  410.595030][T24041] Call Trace:
[  410.595038][T24041]  <TASK>
[  410.595045][T24041]  dump_stack_lvl+0x189/0x250
[  410.595068][T24041]  ? __pfx____ratelimit+0x10/0x10
[  410.595092][T24041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.595111][T24041]  ? __pfx__printk+0x10/0x10
[  410.595135][T24041]  ? rcu_is_watching+0x15/0xb0
[  410.595154][T24041]  should_fail_ex+0x414/0x560
[  410.595178][T24041]  _copy_to_user+0x31/0xb0
[  410.595197][T24041]  simple_read_from_buffer+0xe1/0x170
[  410.595222][T24041]  proc_fail_nth_read+0x1b3/0x220
[  410.595242][T24041]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.595262][T24041]  ? rw_verify_area+0x2a6/0x4d0
[  410.595283][T24041]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.595302][T24041]  vfs_read+0x1fd/0xa30
[  410.595330][T24041]  ? fdget_pos+0x247/0x320
[  410.595348][T24041]  ? __pfx___mutex_lock+0x10/0x10
[  410.595373][T24041]  ? __pfx_vfs_read+0x10/0x10
[  410.595396][T24041]  ? __fget_files+0x3a0/0x420
[  410.595410][T24041]  ? __fget_files+0x2a/0x420
[  410.595428][T24041]  ksys_read+0x145/0x250
[  410.595450][T24041]  ? __pfx_ksys_read+0x10/0x10
[  410.595469][T24041]  ? rcu_is_watching+0x15/0xb0
[  410.595488][T24041]  ? rcu_is_watching+0x15/0xb0
[  410.595506][T24041]  do_syscall_64+0xfa/0x3b0
[  410.595523][T24041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.595541][T24041]  ? clear_bhb_loop+0x60/0xb0
[  410.595559][T24041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.595576][T24041] RIP: 0033:0x7ff09e38d5fc
[  410.595593][T24041] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  410.595609][T24041] RSP: 002b:00007ff09f12b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  410.595629][T24041] RAX: ffffffffffffffda RBX: 00007ff09e5b6090 RCX: 00007ff09e38d5fc
[  410.595643][T24041] RDX: 000000000000000f RSI: 00007ff09f12b0a0 RDI: 0000000000000003
[  410.595655][T24041] RBP: 00007ff09f12b090 R08: 0000000000000000 R09: 0000000000000000
[  410.595667][T24041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.595678][T24041] R13: 00007ff09e5b6128 R14: 00007ff09e5b6090 R15: 00007ffc17139328
[  410.595698][T24041]  </TASK>
[  410.837120][T24045] CPU: 1 UID: 0 PID: 24045 Comm: syz.1.5925 Not tainted syzkaller #0 PREEMPT(full) 
[  410.837144][T24045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  410.837155][T24045] Call Trace:
[  410.837163][T24045]  <TASK>
[  410.837171][T24045]  dump_stack_lvl+0x189/0x250
[  410.837197][T24045]  ? __pfx____ratelimit+0x10/0x10
[  410.837219][T24045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.837237][T24045]  ? __pfx__printk+0x10/0x10
[  410.837255][T24045]  ? __might_fault+0xb0/0x130
[  410.837278][T24045]  ? rcu_is_watching+0x15/0xb0
[  410.837304][T24045]  should_fail_ex+0x414/0x560
[  410.837327][T24045]  _copy_from_user+0x2d/0xb0
[  410.837347][T24045]  ___sys_recvmsg+0x12e/0x510
[  410.837370][T24045]  ? __pfx____sys_recvmsg+0x10/0x10
[  410.837390][T24045]  ? __fget_files+0x2a/0x420
[  410.837412][T24045]  ? rcu_is_watching+0x15/0xb0
[  410.837429][T24045]  ? lock_release+0x4b/0x3e0
[  410.837453][T24045]  ? __might_fault+0xcc/0x130
[  410.837475][T24045]  do_recvmmsg+0x307/0x770
[  410.837497][T24045]  ? __pfx_do_recvmmsg+0x10/0x10
[  410.837519][T24045]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  410.837551][T24045]  __x64_sys_recvmmsg+0x190/0x240
[  410.837570][T24045]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  410.837586][T24045]  ? rcu_is_watching+0x15/0xb0
[  410.837605][T24045]  ? rcu_is_watching+0x15/0xb0
[  410.837622][T24045]  do_syscall_64+0xfa/0x3b0
[  410.837637][T24045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.837652][T24045]  ? clear_bhb_loop+0x60/0xb0
[  410.837669][T24045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.837684][T24045] RIP: 0033:0x7f3581b8ebe9
[  410.837698][T24045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.837714][T24045] RSP: 002b:00007f3582ad7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  410.837733][T24045] RAX: ffffffffffffffda RBX: 00007f3581db5fa0 RCX: 00007f3581b8ebe9
[  410.837747][T24045] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000005
[  410.837759][T24045] RBP: 00007f3582ad7090 R08: 0000000000000000 R09: 0000000000000000
[  410.837771][T24045] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  410.837783][T24045] R13: 00007f3581db6038 R14: 00007f3581db5fa0 R15: 00007ffe5caf7b58
[  410.837803][T24045]  </TASK>
[  411.171982][T24059] __nla_validate_parse: 24 callbacks suppressed
[  411.172001][T24059] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5928'.
[  411.178900][T24003] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.188785][T24003] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.203350][T24003] bridge_slave_0: entered allmulticast mode
[  411.210771][T24003] bridge_slave_0: entered promiscuous mode
[  411.219610][T24003] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.227091][T24003] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.234380][T24003] bridge_slave_1: entered allmulticast mode
[  411.241657][T24003] bridge_slave_1: entered promiscuous mode
[  411.281420][T24059] netlink: 648 bytes leftover after parsing attributes in process `syz.2.5928'.
[  411.349142][T24003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.381798][T24070] FAULT_INJECTION: forcing a failure.
[  411.381798][T24070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.388730][T24003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.395081][T24070] CPU: 1 UID: 0 PID: 24070 Comm: syz.3.5932 Not tainted syzkaller #0 PREEMPT(full) 
[  411.395105][T24070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  411.395116][T24070] Call Trace:
[  411.395124][T24070]  <TASK>
[  411.395132][T24070]  dump_stack_lvl+0x189/0x250
[  411.395158][T24070]  ? __pfx____ratelimit+0x10/0x10
[  411.395182][T24070]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.395209][T24070]  ? __pfx__printk+0x10/0x10
[  411.395229][T24070]  ? __might_fault+0xb0/0x130
[  411.395255][T24070]  ? rcu_is_watching+0x15/0xb0
[  411.395274][T24070]  should_fail_ex+0x414/0x560
[  411.395299][T24070]  _copy_from_user+0x2d/0xb0
[  411.395319][T24070]  kstrtouint_from_user+0xc4/0x170
[  411.395342][T24070]  ? __might_fault+0xb0/0x130
[  411.395364][T24070]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  411.395392][T24070]  ? vfs_write+0x211/0xb30
[  411.395412][T24070]  ? rcu_is_watching+0x15/0xb0
[  411.395430][T24070]  proc_fail_nth_write+0x88/0x200
[  411.395449][T24070]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  411.395468][T24070]  ? security_file_permission+0x75/0x290
[  411.395490][T24070]  ? preempt_count_add+0x91/0x1a0
[  411.395513][T24070]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  411.395532][T24070]  vfs_write+0x27e/0xb30
[  411.395557][T24070]  ? __pfx_vfs_write+0x10/0x10
[  411.395581][T24070]  ? __fget_files+0x3a0/0x420
[  411.395596][T24070]  ? __fget_files+0x2a/0x420
[  411.395614][T24070]  ksys_write+0x145/0x250
[  411.395635][T24070]  ? __pfx_ksys_write+0x10/0x10
[  411.395656][T24070]  ? rcu_is_watching+0x15/0xb0
[  411.395674][T24070]  ? rcu_is_watching+0x15/0xb0
[  411.395692][T24070]  do_syscall_64+0xfa/0x3b0
[  411.395708][T24070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.395725][T24070]  ? clear_bhb_loop+0x60/0xb0
[  411.395745][T24070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.395763][T24070] RIP: 0033:0x7f933ed8d69f
[  411.395779][T24070] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  411.395794][T24070] RSP: 002b:00007f933fb73030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  411.395814][T24070] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f933ed8d69f
[  411.395827][T24070] RDX: 0000000000000001 RSI: 00007f933fb730a0 RDI: 0000000000000005
[  411.395839][T24070] RBP: 00007f933fb73090 R08: 0000000000000000 R09: 0000000000000000
[  411.395851][T24070] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  411.395862][T24070] R13: 00007f933efb6038 R14: 00007f933efb5fa0 R15: 00007ffd4ad955c8
[  411.395883][T24070]  </TASK>
[  411.559710][T24074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5934'.
[  411.635489][T24077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5933'.
[  411.641790][T24076] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5934'.
[  411.691801][T24077] bond1: left allmulticast mode
[  411.698708][T24077] bond1: left promiscuous mode
[  411.703965][T24077] bridge0: port 1(bond1) entered disabled state
[  411.776411][T24076] bridge1: entered promiscuous mode
[  411.782590][T24076] macsec1: entered promiscuous mode
[  411.788190][T24076] macsec1: entered allmulticast mode
[  411.793632][T24076] bridge1: entered allmulticast mode
[  411.802132][T24076] bridge1: port 1(macsec1) entered blocking state
[  411.809856][T24076] bridge1: port 1(macsec1) entered disabled state
[  411.825697][T24076] bridge1: left allmulticast mode
[  411.842850][T24076] bridge1: left promiscuous mode
[  411.885968][T24003] team0: Port device team_slave_0 added
[  411.896239][T24003] team0: Port device team_slave_1 added
[  411.973531][T24003] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.993793][T24003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.056850][T24003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  412.080826][T24003] batman_adv: batadv0: Adding interface: batadv_slave_1
[  412.105443][T24003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.139627][ T5869] Bluetooth: hci5: command tx timeout
[  412.171188][T24003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  412.183522][T24087] hsr0 speed is unknown, defaulting to 1000
[  412.233260][T24102] netlink: 84 bytes leftover after parsing attributes in process `syz.0.5942'.
[  412.243941][T24104] net_ratelimit: 2 callbacks suppressed
[  412.243960][T24104] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  412.244477][T24102] netlink: 84 bytes leftover after parsing attributes in process `syz.0.5942'.
[  412.303649][T24003] hsr_slave_0: entered promiscuous mode
[  412.313037][T24003] hsr_slave_1: entered promiscuous mode
[  412.320250][T24003] debugfs: 'hsr0' already exists in 'hsr'
[  412.326181][T24003] Cannot create hsr debugfs directory
[  412.344548][T24106] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.395566][T24111] dummy0: entered promiscuous mode
[  412.401424][T24111] macsec1: entered promiscuous mode
[  412.406941][T24111] macsec1: entered allmulticast mode
[  412.412243][T24111] dummy0: entered allmulticast mode
[  412.418657][T24111] dummy0: left allmulticast mode
[  412.423732][T24111] dummy0: left promiscuous mode
[  412.468066][T24106] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.559799][T24106] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.608408][T24106] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.682129][ T3544] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  412.696349][T24123] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5948'.
[  412.715770][ T3544] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  412.737379][ T3539] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  412.761141][ T3539] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  413.192937][T24003] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  413.222026][T24135] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  413.358314][T24003] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  413.380553][T24003] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  413.419652][T24003] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  413.564799][T24148] syzkaller0: create flow: hash 4252956971 index 1
[  413.598544][ T3539] syzkaller0: tun_net_xmit 76
[  413.607499][ T3539] syzkaller0: tun_net_xmit 48
[  413.627050][ T9203] syzkaller0: tun_net_xmit 76
[  413.695113][T24148] syzkaller0: delete flow: hash 4252956971 index 1
[  413.760704][T24003] 8021q: adding VLAN 0 to HW filter on device bond0
[  413.790356][T24003] 8021q: adding VLAN 0 to HW filter on device team0
[  413.810135][ T3544] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.817271][ T3544] bridge0: port 1(bridge_slave_0) entered forwarding state
[  413.833498][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.840653][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.869763][T24157] hsr0 speed is unknown, defaulting to 1000
[  413.883810][T24160] dummy0: entered promiscuous mode
[  413.893461][T24160] macsec1: entered promiscuous mode
[  413.900075][T24160] macsec1: entered allmulticast mode
[  413.914492][T24160] dummy0: entered allmulticast mode
[  413.931665][T24160] dummy0: left allmulticast mode
[  413.937172][T24160] dummy0: left promiscuous mode
[  414.124786][T24181] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  414.135151][T24182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5963'.
[  414.221823][ T5869] Bluetooth: hci5: command tx timeout
[  414.272925][T24003] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.532594][T24200] syzkaller0: create flow: hash 4252956971 index 1
[  414.614659][T24200] syzkaller0: delete flow: hash 4252956971 index 1
[  414.672490][T24213] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  414.708990][T24003] veth0_vlan: entered promiscuous mode
[  414.723670][T24003] veth1_vlan: entered promiscuous mode
[  414.778031][T24003] veth0_macvtap: entered promiscuous mode
[  414.789325][T24003] veth1_macvtap: entered promiscuous mode
[  414.811854][T24221] tipc: Resetting bearer <eth:team0>
[  414.844124][T24224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5971'.
[  414.858533][T24003] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.907998][T24003] batman_adv: batadv0: Interface activated: batadv_slave_1
[  414.947603][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  414.959138][T24221] hsr0 speed is unknown, defaulting to 1000
[  414.979094][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  415.001544][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  415.029318][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  415.115768][T24233] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  415.333984][T10917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.350992][T10917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.414300][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.435086][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.478945][T24258] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  415.531088][T24261] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  415.631764][T24275] batadv_slave_1: entered promiscuous mode
[  416.047795][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  416.055159][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  416.064475][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  416.072658][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  416.080361][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  416.106810][T24295] hsr0 speed is unknown, defaulting to 1000
[  416.214851][T24305] FAULT_INJECTION: forcing a failure.
[  416.214851][T24305] name failslab, interval 1, probability 0, space 0, times 0
[  416.232378][T24305] CPU: 0 UID: 0 PID: 24305 Comm: syz.3.5994 Not tainted syzkaller #0 PREEMPT(full) 
[  416.232403][T24305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  416.232413][T24305] Call Trace:
[  416.232420][T24305]  <TASK>
[  416.232427][T24305]  dump_stack_lvl+0x189/0x250
[  416.232450][T24305]  ? __pfx____ratelimit+0x10/0x10
[  416.232472][T24305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.232489][T24305]  ? __pfx__printk+0x10/0x10
[  416.232511][T24305]  ? __pfx___might_resched+0x10/0x10
[  416.232526][T24305]  ? lock_acquire+0x5f/0x360
[  416.232548][T24305]  should_fail_ex+0x414/0x560
[  416.232570][T24305]  should_failslab+0xa8/0x100
[  416.232591][T24305]  __kmalloc_noprof+0xcb/0x4f0
[  416.232610][T24305]  ? kfree+0x4d/0x440
[  416.232627][T24305]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  416.232645][T24305]  tomoyo_realpath_from_path+0xe3/0x5d0
[  416.232661][T24305]  ? tomoyo_domain+0xd9/0x130
[  416.232678][T24305]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  416.232697][T24305]  tomoyo_path_number_perm+0x1e8/0x5a0
[  416.232725][T24305]  ? lock_release+0x4b/0x3e0
[  416.232745][T24305]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  416.232765][T24305]  ? rcu_is_watching+0x15/0xb0
[  416.232780][T24305]  ? lock_release+0x4b/0x3e0
[  416.232798][T24305]  ? vfs_write+0x956/0xb30
[  416.232819][T24305]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  416.232849][T24305]  ? lock_release+0x4b/0x3e0
[  416.232871][T24305]  ? __fget_files+0x2a/0x420
[  416.232885][T24305]  ? __fget_files+0x3a0/0x420
[  416.232897][T24305]  ? __fget_files+0x2a/0x420
[  416.232912][T24305]  security_file_ioctl+0xcb/0x2d0
[  416.232932][T24305]  __se_sys_ioctl+0x47/0x170
[  416.232951][T24305]  do_syscall_64+0xfa/0x3b0
[  416.232966][T24305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.232982][T24305]  ? clear_bhb_loop+0x60/0xb0
[  416.232999][T24305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.233014][T24305] RIP: 0033:0x7f933ed8ebe9
[  416.233028][T24305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.233041][T24305] RSP: 002b:00007f933fb73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.233056][T24305] RAX: ffffffffffffffda RBX: 00007f933efb5fa0 RCX: 00007f933ed8ebe9
[  416.233067][T24305] RDX: 0000200000000200 RSI: 0000000000008946 RDI: 0000000000000005
[  416.233076][T24305] RBP: 00007f933fb73090 R08: 0000000000000000 R09: 0000000000000000
[  416.233085][T24305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.233099][T24305] R13: 00007f933efb6038 R14: 00007f933efb5fa0 R15: 00007ffd4ad955c8
[  416.233120][T24305]  </TASK>
[  416.233204][T24305] ERROR: Out of memory at tomoyo_realpath_from_path.
[  416.300013][ T5856] Bluetooth: hci5: command tx timeout
[  416.570583][T24315] hsr0 speed is unknown, defaulting to 1000
[  416.632731][T24322] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  416.632747][T24324] validate_nla: 3 callbacks suppressed
[  416.632758][T24324] netlink: 'syz.1.5997': attribute type 13 has an invalid length.
[  416.675726][T24324] netlink: 'syz.1.5997': attribute type 17 has an invalid length.
[  416.774480][T24324] 8021q: adding VLAN 0 to HW filter on device bond0
[  416.786032][T24324] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  416.814774][T24295] chnl_net:caif_netlink_parms(): no params data found
[  416.859879][T24324] __nla_validate_parse: 5 callbacks suppressed
[  416.859898][T24324] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5997'.
[  416.905095][T24320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.984274][T24328] hsr0 speed is unknown, defaulting to 1000
[  417.013417][T24295] bridge0: port 1(bridge_slave_0) entered blocking state
[  417.031038][T24295] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.041813][T24324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  417.042465][T24295] bridge_slave_0: entered allmulticast mode
[  417.060935][T24295] bridge_slave_0: entered promiscuous mode
[  417.111650][T24345] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  417.142456][T24295] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.154907][T24295] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.162510][T24295] bridge_slave_1: entered allmulticast mode
[  417.170668][T24295] bridge_slave_1: entered promiscuous mode
[  417.225513][T24295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  417.238367][T24338] hsr0 speed is unknown, defaulting to 1000
[  417.251211][T24295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  417.276260][T24358] hsr0 speed is unknown, defaulting to 1000
[  417.363502][T24295] team0: Port device team_slave_0 added
[  417.395196][T24295] team0: Port device team_slave_1 added
[  417.600636][   T49] bond0 (unregistering): Released all slaves
[  417.618025][   T49] bond1 (unregistering): Released all slaves
[  417.627388][   T49] bond2 (unregistering): Released all slaves
[  417.691186][   T49] þ
: left promiscuous mode
[  417.698680][T24295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.705629][T24295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.732313][T24295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.762726][T24295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.770253][T24295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.796574][T24295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  417.815084][   T49] tipc: Disabling bearer <eth:team0>
[  417.820822][   T49] tipc: Left network mode
[  417.851094][T24295] hsr_slave_0: entered promiscuous mode
[  417.862623][T24295] hsr_slave_1: entered promiscuous mode
[  417.873221][T24295] debugfs: 'hsr0' already exists in 'hsr'
[  417.880341][T24295] Cannot create hsr debugfs directory
[  418.067314][T24379] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6010'.
[  418.086359][   T49] hsr_slave_0: left promiscuous mode
[  418.095660][   T49] hsr_slave_1: left promiscuous mode
[  418.111767][   T49] pimreg (unregistering): left allmulticast mode
[  418.137013][ T5856] Bluetooth: hci4: command tx timeout
[  418.200890][T24385] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6013'.
[  418.215131][T24385] netlink: 'syz.4.6013': attribute type 7 has an invalid length.
[  418.224782][T24385] netlink: 'syz.4.6013': attribute type 8 has an invalid length.
[  418.232876][T24385] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6013'.
[  418.284090][T24388] netlink: 'syz.4.6013': attribute type 10 has an invalid length.
[  418.344796][T24392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6013'.
[  418.376824][ T5856] Bluetooth: hci5: command tx timeout
[  418.422309][T24379] Ã (unregistering): Released all slaves
[  418.443302][T24385] gretap0: entered promiscuous mode
[  418.450742][T24385] batadv_slave_1: entered promiscuous mode
[  418.459120][T24385] erspan0: entered promiscuous mode
[  418.482922][T24388] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.490498][T24388] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.503797][T24388] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.511002][T24388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.518542][T24388] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.525844][T24388] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.539982][T24388] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  418.550749][T24392] bridge_slave_1: left allmulticast mode
[  418.560016][T24392] bridge_slave_1: left promiscuous mode
[  418.565767][T24392] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.578538][T24392] bridge_slave_0: left allmulticast mode
[  418.584219][T24392] bridge_slave_0: left promiscuous mode
[  418.591837][T24392] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.605265][T24392] bond0: (slave bridge0): Releasing backup interface
[  418.970687][T24423] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  418.977971][T24423] IPv6: NLM_F_CREATE should be set when creating new route
[  419.056370][T24432] gtp0: entered promiscuous mode
[  419.061825][T24432] gtp0: entered allmulticast mode
[  419.070230][T24432] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  419.355121][T24295] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  419.383418][T24295] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  419.408121][T24295] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  419.432585][T24295] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  419.553124][T24295] 8021q: adding VLAN 0 to HW filter on device bond0
[  419.576404][T24295] 8021q: adding VLAN 0 to HW filter on device team0
[  419.592547][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.599743][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  419.617950][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.625085][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  419.735077][T24295] 8021q: adding VLAN 0 to HW filter on device batadv0
[  419.766526][T24295] veth0_vlan: entered promiscuous mode
[  419.776411][T24295] veth1_vlan: entered promiscuous mode
[  419.798457][T24295] veth0_macvtap: entered promiscuous mode
[  419.806351][T24295] veth1_macvtap: entered promiscuous mode
[  419.821529][T24295] batman_adv: batadv0: Interface activated: batadv_slave_0
[  419.833475][T24295] batman_adv: batadv0: Interface activated: batadv_slave_1
[  419.845225][   T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  419.854266][   T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  419.864612][   T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  419.874730][   T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  419.964717][T24468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6035'.
[  419.990123][T24468] hsr_slave_1 (unregistering): left promiscuous mode
[  420.015047][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  420.033171][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  420.075805][T10917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  420.098077][T10917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  420.217183][ T5856] Bluetooth: hci4: command tx timeout
[  420.226031][T24482] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5990'.
[  420.267008][T24482] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5990'.
[  420.278563][T24482] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  420.323428][T24491] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6040'.
[  420.370495][T24495] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  420.548379][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805ff84000: rx timeout, send abort
[  420.557579][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ff84000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  420.698224][T24501] dummy0: entered promiscuous mode
[  420.722833][T24501] macsec1: entered promiscuous mode
[  420.746154][T24501] macsec1: entered allmulticast mode
[  420.786355][T24501] dummy0: entered allmulticast mode
[  420.794199][T24501] dummy0: left allmulticast mode
[  420.800041][T24501] dummy0: left promiscuous mode
[  420.817299][T24508] netlink: 116 bytes leftover after parsing attributes in process `syz.2.6047'.
[  421.369674][T24531] syzkaller0: entered promiscuous mode
[  421.372906][T24533] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  421.375385][T24531] syzkaller0: entered allmulticast mode
[  421.394296][T24535] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  421.403284][T24535] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  421.412460][T24535] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  421.421121][T24531] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  421.437255][T24531] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  421.517287][T24541] tipc: Resetting bearer <eth:syzkaller0>
[  421.555442][T24530] tipc: Resetting bearer <eth:syzkaller0>
[  421.570871][T24530] tipc: Disabling bearer <eth:syzkaller0>
[  421.654563][T24549] FAULT_INJECTION: forcing a failure.
[  421.654563][T24549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.674024][T24549] CPU: 1 UID: 0 PID: 24549 Comm: syz.2.6059 Not tainted syzkaller #0 PREEMPT(full) 
[  421.674050][T24549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  421.674061][T24549] Call Trace:
[  421.674068][T24549]  <TASK>
[  421.674075][T24549]  dump_stack_lvl+0x189/0x250
[  421.674101][T24549]  ? __pfx____ratelimit+0x10/0x10
[  421.674123][T24549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.674138][T24549]  ? __pfx__printk+0x10/0x10
[  421.674155][T24549]  ? __might_fault+0xb0/0x130
[  421.674176][T24549]  ? rcu_is_watching+0x15/0xb0
[  421.674195][T24549]  should_fail_ex+0x414/0x560
[  421.674219][T24549]  _copy_from_user+0x2d/0xb0
[  421.674238][T24549]  ___sys_recvmsg+0x12e/0x510
[  421.674260][T24549]  ? __pfx____sys_recvmsg+0x10/0x10
[  421.674280][T24549]  ? __fget_files+0x2a/0x420
[  421.674303][T24549]  ? rcu_is_watching+0x15/0xb0
[  421.674319][T24549]  ? lock_release+0x4b/0x3e0
[  421.674343][T24549]  ? __might_fault+0xcc/0x130
[  421.674372][T24549]  do_recvmmsg+0x307/0x770
[  421.674395][T24549]  ? __pfx_do_recvmmsg+0x10/0x10
[  421.674419][T24549]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  421.674451][T24549]  __x64_sys_recvmmsg+0x190/0x240
[  421.674472][T24549]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  421.674490][T24549]  ? rcu_is_watching+0x15/0xb0
[  421.674508][T24549]  ? rcu_is_watching+0x15/0xb0
[  421.674526][T24549]  do_syscall_64+0xfa/0x3b0
[  421.674543][T24549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.674560][T24549]  ? clear_bhb_loop+0x60/0xb0
[  421.674579][T24549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.674596][T24549] RIP: 0033:0x7ff09e38ebe9
[  421.674612][T24549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.674627][T24549] RSP: 002b:00007ff09f14c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  421.674647][T24549] RAX: ffffffffffffffda RBX: 00007ff09e5b5fa0 RCX: 00007ff09e38ebe9
[  421.674661][T24549] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000005
[  421.674674][T24549] RBP: 00007ff09f14c090 R08: 0000000000000000 R09: 0000000000000000
[  421.674686][T24549] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  421.674697][T24549] R13: 00007ff09e5b6038 R14: 00007ff09e5b5fa0 R15: 00007ffc17139328
[  421.674718][T24549]  </TASK>
[  422.095092][T24567] __nla_validate_parse: 7 callbacks suppressed
[  422.095111][T24567] netlink: 144 bytes leftover after parsing attributes in process `syz.2.6064'.
[  422.274932][T24576] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6067'.
[  422.284698][T24576] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6067'.
[  422.302054][ T5856] Bluetooth: hci4: command tx timeout
[  422.322377][T24576] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6067'.
[  422.425078][T24581] syzkaller1: entered promiscuous mode
[  422.431200][T24581] syzkaller1: entered allmulticast mode
[  422.474388][T24585] syzkaller0: create flow: hash 1821539234 index 1
[  422.492228][T10913] syzkaller0: tun_net_xmit 76
[  422.506830][T10913] syzkaller0: tun_net_xmit 48
[  422.517402][ T5907] syzkaller0: tun_net_xmit 76
[  422.535472][T24585] syzkaller0: delete flow: hash 1821539234 index 1
[  422.596194][T24587] netlink: 'syz.0.6072': attribute type 11 has an invalid length.
[  422.650225][T24589] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[  422.739843][T24594] dummy0: entered promiscuous mode
[  422.746048][T24594] macsec1: entered promiscuous mode
[  422.752720][T24594] macsec1: entered allmulticast mode
[  422.759526][T24594] dummy0: entered allmulticast mode
[  422.779991][T24594] dummy0: left allmulticast mode
[  422.785141][T24594] dummy0: left promiscuous mode
[  422.875806][T24609] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6080'.
[  422.886424][T24609] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6080'.
[  422.907915][T24609] netlink: 104 bytes leftover after parsing attributes in process `syz.2.6080'.
[  422.940945][T24589] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6073'.
[  422.950099][T24589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6073'.
[  422.962101][T24589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6073'.
[  422.980559][T24617] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  423.240241][   T12] syzkaller0: tun_net_xmit 76
[  423.245109][   T12] syzkaller0: tun_net_xmit 48
[  423.257032][T24637] syzkaller0: create flow: hash 1821539234 index 1
[  423.266880][ T5907] syzkaller0: tun_net_xmit 76
[  423.357885][T24637] syzkaller0: delete flow: hash 1821539234 index 1
[  423.394865][T24652] sctp: [Deprecated]: syz.1.6091 (pid 24652) Use of struct sctp_assoc_value in delayed_ack socket option.
[  423.394865][T24652] Use struct sctp_sack_info instead
[  423.519156][T24666] dummy0: entered promiscuous mode
[  423.524514][T24666] macsec1: entered promiscuous mode
[  423.532588][T24666] macsec1: entered allmulticast mode
[  423.538866][T24666] dummy0: entered allmulticast mode
[  423.551518][T24666] dummy0: left allmulticast mode
[  423.561661][T24666] dummy0: left promiscuous mode
[  423.582580][T24661] batadv_slave_0: entered promiscuous mode
[  423.590517][T24661] batadv_slave_0: entered allmulticast mode
[  423.607481][T24661] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.783046][T24681] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  423.790412][T24681] IPv6: NLM_F_CREATE should be set when creating new route
[  423.805933][T24683] bridge_slave_1: left allmulticast mode
[  423.812131][T24683] bridge_slave_1: left promiscuous mode
[  423.822374][T24683] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.904605][T24683] bridge_slave_0: left allmulticast mode
[  423.940080][T24683] bridge_slave_0: left promiscuous mode
[  423.961794][T24683] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.011823][T24693] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  424.376790][ T5856] Bluetooth: hci4: command tx timeout
[  424.494747][T24720] dummy0: entered promiscuous mode
[  424.506371][T24720] macsec1: entered promiscuous mode
[  424.511962][T24720] macsec1: entered allmulticast mode
[  424.517655][T24720] dummy0: entered allmulticast mode
[  424.553473][T24720] dummy0: left allmulticast mode
[  424.558721][T24720] dummy0: left promiscuous mode
[  424.649726][T24731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  424.740954][T24737] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  424.864034][T24749] syzkaller0: create flow: hash 1821539234 index 1
[  424.888590][T24750] syz_tun: entered allmulticast mode
[  424.899772][T24750] dvmrp8: entered allmulticast mode
[  424.929917][T24741] syzkaller0: delete flow: hash 1821539234 index 1
[  425.020397][T24754] syz_tun: left allmulticast mode
[  425.025702][T24754] dvmrp8: left allmulticast mode
[  425.042123][T24750] netlink: 'syz.0.6116': attribute type 23 has an invalid length.
[  425.081678][T24762] netlink: 'syz.3.6121': attribute type 2 has an invalid length.
[  425.127277][T24767] netlink: 'syz.1.6120': attribute type 4 has an invalid length.
[  425.165016][T24769] dummy0: entered promiscuous mode
[  425.170809][T24769] macsec1: entered promiscuous mode
[  425.176240][T24769] macsec1: entered allmulticast mode
[  425.185263][T24769] dummy0: entered allmulticast mode
[  425.214727][T24769] dummy0: left allmulticast mode
[  425.221317][T24769] dummy0: left promiscuous mode
[  425.354894][T24781] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  425.358678][T24783] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  425.704268][ T3539] syzkaller0: tun_net_xmit 76
[  425.705441][T24800] syzkaller0: create flow: hash 4252956971 index 1
[  425.712882][ T3539] syzkaller0: tun_net_xmit 48
[  425.723765][T24802] netlink: 'syz.0.6132': attribute type 1 has an invalid length.
[  425.734765][T24800] syzkaller0: delete flow: hash 4252956971 index 1
[  425.933001][T24808] FAULT_INJECTION: forcing a failure.
[  425.933001][T24808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.976352][T24808] CPU: 1 UID: 0 PID: 24808 Comm: syz.4.6135 Not tainted syzkaller #0 PREEMPT(full) 
[  425.976379][T24808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  425.976391][T24808] Call Trace:
[  425.976398][T24808]  <TASK>
[  425.976407][T24808]  dump_stack_lvl+0x189/0x250
[  425.976433][T24808]  ? __pfx____ratelimit+0x10/0x10
[  425.976457][T24808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.976476][T24808]  ? __pfx__printk+0x10/0x10
[  425.976497][T24808]  ? __might_fault+0xb0/0x130
[  425.976523][T24808]  ? rcu_is_watching+0x15/0xb0
[  425.976544][T24808]  should_fail_ex+0x414/0x560
[  425.976569][T24808]  _copy_from_user+0x2d/0xb0
[  425.976589][T24808]  ___sys_sendmsg+0x158/0x2a0
[  425.976613][T24808]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.976643][T24808]  ? __fget_files+0x2a/0x420
[  425.976657][T24808]  ? __fget_files+0x3a0/0x420
[  425.976677][T24808]  __x64_sys_sendmsg+0x19b/0x260
[  425.976696][T24808]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  425.976719][T24808]  ? __pfx_ksys_write+0x10/0x10
[  425.976746][T24808]  ? rcu_is_watching+0x15/0xb0
[  425.976765][T24808]  ? rcu_is_watching+0x15/0xb0
[  425.976783][T24808]  do_syscall_64+0xfa/0x3b0
[  425.976801][T24808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.976818][T24808]  ? clear_bhb_loop+0x60/0xb0
[  425.976837][T24808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.976854][T24808] RIP: 0033:0x7f8162f8ebe9
[  425.976871][T24808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.976887][T24808] RSP: 002b:00007f8163e03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.976907][T24808] RAX: ffffffffffffffda RBX: 00007f81631b5fa0 RCX: 00007f8162f8ebe9
[  425.976920][T24808] RDX: 0000000000008081 RSI: 0000200000000340 RDI: 0000000000000003
[  425.976931][T24808] RBP: 00007f8163e03090 R08: 0000000000000000 R09: 0000000000000000
[  425.976942][T24808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.976953][T24808] R13: 00007f81631b6038 R14: 00007f81631b5fa0 R15: 00007ffd47fa0688
[  425.976975][T24808]  </TASK>
[  425.990086][T24812] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551612)
[  426.201597][T24812] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[  426.217038][T24814] 0ªX¹¦À: renamed from caif0
[  426.228042][T24814] 0ªX¹¦À: entered allmulticast mode
[  426.257959][T24814] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  426.333296][T24820] dummy0: entered promiscuous mode
[  426.338689][T24820] macsec1: entered promiscuous mode
[  426.354341][T24820] macsec1: entered allmulticast mode
[  426.381480][T24820] dummy0: entered allmulticast mode
[  426.399059][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  426.406572][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  426.413975][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  426.422443][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  426.429699][T24820] dummy0: left allmulticast mode
[  426.430024][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  426.434861][T24820] dummy0: left promiscuous mode
[  426.856540][T24821] chnl_net:caif_netlink_parms(): no params data found
[  427.003566][T24859] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  427.041692][T24821] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.050384][T24821] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.060720][T24821] bridge_slave_0: entered allmulticast mode
[  427.069602][T24821] bridge_slave_0: entered promiscuous mode
[  427.084962][T24821] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.095516][T24821] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.131387][T24821] bridge_slave_1: entered allmulticast mode
[  427.143668][T24821] bridge_slave_1: entered promiscuous mode
[  427.188886][T24821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  427.211778][T24821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.253314][T24821] team0: Port device team_slave_0 added
[  427.265070][T24821] team0: Port device team_slave_1 added
[  427.335582][T10917] syzkaller0: tun_net_xmit 76
[  427.341229][T10917] syzkaller0: tun_net_xmit 48
[  427.391230][T24821] batman_adv: batadv0: Adding interface: batadv_slave_0
[  427.399698][T24821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.436064][T24821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  427.458017][T24821] batman_adv: batadv0: Adding interface: batadv_slave_1
[  427.500245][T24821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  427.544540][T24821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  427.602270][T24874] sctp: [Deprecated]: syz.4.6155 (pid 24874) Use of int in max_burst socket option.
[  427.602270][T24874] Use struct sctp_assoc_value instead
[  427.641867][T24877] netlink: 'syz.0.6156': attribute type 19 has an invalid length.
[  427.650308][T24877] __nla_validate_parse: 27 callbacks suppressed
[  427.650325][T24877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6156'.
[  427.684054][T24821] hsr_slave_0: entered promiscuous mode
[  427.691542][T24821] hsr_slave_1: entered promiscuous mode
[  427.703657][T24877] netlink: 'syz.0.6156': attribute type 19 has an invalid length.
[  427.703965][T10913] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  427.721930][T24877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6156'.
[  427.731504][T10913] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  427.750700][T10913] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  427.762152][T10913] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  427.783958][T24883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6157'.
[  427.794659][T24883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6157'.
[  428.055050][T24895] Bluetooth: MGMT ver 1.23
[  428.060979][T24895] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6161'.
[  428.072387][T24895] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6161'.
[  428.144867][T24899] netlink: 104 bytes leftover after parsing attributes in process `syz.4.6161'.
[  428.145589][   T49] bond0 (unregistering): Released all slaves
[  428.172277][   T49] bond1 (unregistering): Released all slaves
[  428.252994][   T49] þ
: left promiscuous mode
[  428.479488][ T5869] Bluetooth: hci0: command tx timeout
[  428.654717][T24821] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  428.672992][T24923] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6169'.
[  428.691206][T24821] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  428.722509][T24923] geneve2: entered promiscuous mode
[  428.732944][T24923] geneve2: entered allmulticast mode
[  428.761279][   T49] hsr_slave_0: left promiscuous mode
[  428.768676][   T49] hsr_slave_1: left promiscuous mode
[  428.805897][T24931] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  428.989812][T24931] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6170'.
[  429.043530][T24821] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  429.053678][T24821] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  429.173047][T24821] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.210079][T24821] 8021q: adding VLAN 0 to HW filter on device team0
[  429.223514][T24953] netlink: 'syz.0.6173': attribute type 2 has an invalid length.
[  429.237875][T10917] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.244975][T10917] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.279527][T24953] þ
: entered promiscuous mode
[  429.296171][T10917] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.303301][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.520331][T24965] netlink: 'syz.1.6174': attribute type 13 has an invalid length.
[  429.536270][T24965] netlink: 'syz.1.6174': attribute type 17 has an invalid length.
[  429.553496][T24965] 0ªX¹¦À: left allmulticast mode
[  429.560991][T24965] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  429.613870][T24971] netlink: 'syz.4.6177': attribute type 2 has an invalid length.
[  429.647337][T24971] þ
: entered promiscuous mode
[  429.695715][T24821] 8021q: adding VLAN 0 to HW filter on device batadv0
[  429.784840][T24821] veth0_vlan: entered promiscuous mode
[  429.819153][T24821] veth1_vlan: entered promiscuous mode
[  429.875087][T24821] veth0_macvtap: entered promiscuous mode
[  429.885709][T24821] veth1_macvtap: entered promiscuous mode
[  429.922304][T24821] batman_adv: batadv0: Interface activated: batadv_slave_0
[  429.942300][T24821] batman_adv: batadv0: Interface activated: batadv_slave_1
[  429.964533][ T3539] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.973605][ T3539] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.988872][ T3539] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  429.999112][ T3539] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.075468][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.095695][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.122790][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.133551][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.166068][T24986] FAULT_INJECTION: forcing a failure.
[  430.166068][T24986] name failslab, interval 1, probability 0, space 0, times 0
[  430.178800][T24986] CPU: 1 UID: 0 PID: 24986 Comm: syz.0.6180 Not tainted syzkaller #0 PREEMPT(full) 
[  430.178816][T24986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  430.178822][T24986] Call Trace:
[  430.178828][T24986]  <TASK>
[  430.178833][T24986]  dump_stack_lvl+0x189/0x250
[  430.178849][T24986]  ? __pfx____ratelimit+0x10/0x10
[  430.178864][T24986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.178875][T24986]  ? __pfx__printk+0x10/0x10
[  430.178888][T24986]  ? preempt_schedule_common+0x83/0xd0
[  430.178902][T24986]  ? preempt_schedule+0xae/0xc0
[  430.178914][T24986]  ? __pfx_preempt_schedule+0x10/0x10
[  430.178927][T24986]  should_fail_ex+0x414/0x560
[  430.178941][T24986]  should_failslab+0xa8/0x100
[  430.178956][T24986]  kmem_cache_alloc_bulk_noprof+0x77/0x790
[  430.178969][T24986]  ? lock_release+0x4b/0x3e0
[  430.178984][T24986]  ? pfn_valid+0x125/0x4d0
[  430.178993][T24986]  ? pfn_valid+0x125/0x4d0
[  430.179002][T24986]  bpf_test_run_xdp_live+0x15f1/0x1b10
[  430.179019][T24986]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  430.179036][T24986]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  430.179049][T24986]  ? 0xffffffffa0205540
[  430.179058][T24986]  ? 0xffffffffa0205540
[  430.179075][T24986]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  430.179087][T24986]  ? _copy_from_user+0x94/0xb0
[  430.179097][T24986]  ? bpf_test_init+0x133/0x170
[  430.179110][T24986]  ? xdp_convert_md_to_buff+0x5b/0x330
[  430.179124][T24986]  bpf_prog_test_run_xdp+0x713/0x1000
[  430.179140][T24986]  ? rcu_is_watching+0x15/0xb0
[  430.179151][T24986]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  430.179165][T24986]  ? __fget_files+0x2a/0x420
[  430.179176][T24986]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  430.179189][T24986]  bpf_prog_test_run+0x2c7/0x340
[  430.179203][T24986]  __sys_bpf+0x581/0x870
[  430.179216][T24986]  ? __pfx___sys_bpf+0x10/0x10
[  430.179230][T24986]  ? ksys_write+0x22a/0x250
[  430.179243][T24986]  ? __pfx_ksys_write+0x10/0x10
[  430.179254][T24986]  ? rcu_is_watching+0x15/0xb0
[  430.179339][T24986]  __x64_sys_bpf+0x7c/0x90
[  430.179350][T24986]  do_syscall_64+0xfa/0x3b0
[  430.179359][T24986]  ? rcu_is_watching+0x15/0xb0
[  430.179367][T24986]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.179377][T24986]  ? clear_bhb_loop+0x60/0xb0
[  430.179387][T24986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.179398][T24986] RIP: 0033:0x7f7b5d38ebe9
[  430.179407][T24986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.179416][T24986] RSP: 002b:00007f7b5e128038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  430.179427][T24986] RAX: ffffffffffffffda RBX: 00007f7b5d5b5fa0 RCX: 00007f7b5d38ebe9
[  430.179435][T24986] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  430.179442][T24986] RBP: 00007f7b5e128090 R08: 0000000000000000 R09: 0000000000000000
[  430.179448][T24986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  430.179454][T24986] R13: 00007f7b5d5b6038 R14: 00007f7b5d5b5fa0 R15: 00007fffa6f05e18
[  430.179464][T24986]  </TASK>
[  430.538289][ T5869] Bluetooth: hci0: command tx timeout
[  430.565560][T24992] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  430.588003][T24990] FAULT_INJECTION: forcing a failure.
[  430.588003][T24990] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  430.603234][T24988] vxcan1: entered allmulticast mode
[  430.608573][T24993] vxcan1: left allmulticast mode
[  430.608848][T24990] CPU: 1 UID: 0 PID: 24990 Comm: syz.0.6181 Not tainted syzkaller #0 PREEMPT(full) 
[  430.608871][T24990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  430.608883][T24990] Call Trace:
[  430.608889][T24990]  <TASK>
[  430.608897][T24990]  dump_stack_lvl+0x189/0x250
[  430.608921][T24990]  ? __pfx____ratelimit+0x10/0x10
[  430.608944][T24990]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.608965][T24990]  ? __pfx__printk+0x10/0x10
[  430.608985][T24990]  ? lock_acquire+0x5f/0x360
[  430.609010][T24990]  should_fail_ex+0x414/0x560
[  430.609035][T24990]  prepare_alloc_pages+0x213/0x610
[  430.609056][T24990]  __alloc_frozen_pages_noprof+0x123/0x370
[  430.609076][T24990]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  430.609101][T24990]  alloc_pages_mpol+0x232/0x4a0
[  430.609127][T24990]  alloc_pages_noprof+0xa9/0x190
[  430.609151][T24990]  pte_alloc_one+0x21/0x170
[  430.609171][T24990]  __pte_alloc+0x25/0x1a0
[  430.609190][T24990]  __handle_mm_fault+0x49b3/0x5440
[  430.609219][T24990]  ? __pfx___handle_mm_fault+0x10/0x10
[  430.609241][T24990]  ? rcu_is_watching+0x15/0xb0
[  430.609263][T24990]  ? follow_page_pte+0xd03/0x13e0
[  430.609285][T24990]  ? __pfx___might_resched+0x10/0x10
[  430.609318][T24990]  handle_mm_fault+0x40a/0x8e0
[  430.609344][T24990]  __get_user_pages+0x1699/0x2ce0
[  430.609377][T24990]  __gup_longterm_locked+0xde9/0x1660
[  430.609398][T24990]  ? rcu_is_watching+0x15/0xb0
[  430.609415][T24990]  ? lock_acquire+0x5f/0x360
[  430.609437][T24990]  ? gup_fast_fallback+0x21f/0x2010
[  430.609458][T24990]  ? rcu_is_watching+0x15/0xb0
[  430.609473][T24990]  ? sanity_check_pinned_pages+0x1241/0x1300
[  430.609492][T24990]  ? rcu_is_watching+0x15/0xb0
[  430.609510][T24990]  gup_fast_fallback+0x1e6a/0x2010
[  430.609544][T24990]  ? __pfx_gup_fast_fallback+0x10/0x10
[  430.609563][T24990]  ? poly1305_core_blocks+0x14c/0x440
[  430.609585][T24990]  ? preempt_schedule+0xae/0xc0
[  430.609603][T24990]  ? kernel_fpu_end+0xc8/0x120
[  430.609623][T24990]  ? poly1305_core_blocks+0x3b4/0x440
[  430.609648][T24990]  ? pin_user_pages_fast+0x4d/0xb0
[  430.609668][T24990]  iov_iter_extract_pages+0x35a/0x5e0
[  430.609692][T24990]  extract_iter_to_sg+0xe46/0x24e0
[  430.609721][T24990]  ? sanity_check_pinned_pages+0x123a/0x1300
[  430.609742][T24990]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  430.609767][T24990]  ? unpin_user_page+0xc9/0x1d0
[  430.609784][T24990]  ? __pfx_unpin_user_page+0x10/0x10
[  430.609808][T24990]  ? __asan_memset+0x22/0x50
[  430.609828][T24990]  hash_sendmsg+0x4f4/0x11d0
[  430.609855][T24990]  ? is_bpf_text_address+0x26/0x2b0
[  430.609881][T24990]  ? __pfx_hash_sendmsg+0x10/0x10
[  430.609902][T24990]  __sock_sendmsg+0x21c/0x270
[  430.609925][T24990]  ____sys_sendmsg+0x52d/0x830
[  430.609945][T24990]  ? __pfx_____sys_sendmsg+0x10/0x10
[  430.609967][T24990]  ? import_iovec+0x74/0xa0
[  430.609984][T24990]  ___sys_sendmsg+0x21f/0x2a0
[  430.610002][T24990]  ? __pfx____sys_sendmsg+0x10/0x10
[  430.610020][T24990]  ? kstrtouint+0x6e/0xe0
[  430.610053][T24990]  ? __fget_files+0x2a/0x420
[  430.610067][T24990]  ? __fget_files+0x3a0/0x420
[  430.610086][T24990]  __sys_sendmmsg+0x227/0x430
[  430.610106][T24990]  ? __pfx___sys_sendmmsg+0x10/0x10
[  430.610123][T24990]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  430.610158][T24990]  ? ksys_write+0x22a/0x250
[  430.610181][T24990]  ? __pfx_ksys_write+0x10/0x10
[  430.610200][T24990]  ? rcu_is_watching+0x15/0xb0
[  430.610220][T24990]  __x64_sys_sendmmsg+0xa0/0xc0
[  430.610240][T24990]  do_syscall_64+0xfa/0x3b0
[  430.610256][T24990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.610273][T24990]  ? clear_bhb_loop+0x60/0xb0
[  430.610300][T24990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.610318][T24990] RIP: 0033:0x7f7b5d38ebe9
[  430.610335][T24990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.610350][T24990] RSP: 002b:00007f7b5e128038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  430.610369][T24990] RAX: ffffffffffffffda RBX: 00007f7b5d5b5fa0 RCX: 00007f7b5d38ebe9
[  430.610383][T24990] RDX: 0000000000000001 RSI: 0000200000004140 RDI: 0000000000000004
[  430.610395][T24990] RBP: 00007f7b5e128090 R08: 0000000000000000 R09: 0000000000000000
[  430.610407][T24990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.610417][T24990] R13: 00007f7b5d5b6038 R14: 00007f7b5d5b5fa0 R15: 00007fffa6f05e18
[  430.610437][T24990]  </TASK>
[  430.875640][T24997] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6182'.
[  431.148904][T25013] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  431.389884][T25024] syz_tun: entered promiscuous mode
[  431.404950][T25024] team0: Device macvtap1 failed to register rx_handler
[  431.414224][T25024] syz_tun: left promiscuous mode
[  431.440737][T25029] Bluetooth: MGMT ver 1.23
[  431.571712][T25042] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  431.613317][T25045] dummy0: entered promiscuous mode
[  431.624957][T25045] macsec1: entered promiscuous mode
[  431.636210][T25045] macsec1: entered allmulticast mode
[  431.650762][T25045] dummy0: entered allmulticast mode
[  431.670835][T25050] netlink: 'syz.1.6198': attribute type 1 has an invalid length.
[  431.685022][T25045] dummy0: left allmulticast mode
[  431.699409][T25045] dummy0: left promiscuous mode
[  431.951286][T25065] RDS: rds_bind could not find a transport for 100:806:aaaa:aaaa:aaaa::, load rds_tcp or rds_rdma?
[  432.091545][ T3544] syzkaller0: tun_net_xmit 76
[  432.098976][T25076] syzkaller0: create flow: hash 4252956971 index 1
[  432.107632][   T43] syzkaller0: tun_net_xmit 76
[  432.114413][ T3544] syzkaller0: tun_net_xmit 48
[  432.142572][T25076] syzkaller0: delete flow: hash 4252956971 index 1
[  432.521455][T25103] team0: No ports can be present during mode change
[  432.534002][T25099] vlan0: entered promiscuous mode
[  432.546003][T25099] team0: Port device vlan0 added
[  432.560887][T25099] tipc: Started in network mode
[  432.565946][T25099] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  432.577883][T25099] tipc: Enabled bearer <eth:team0>, priority 0
[  432.617213][ T5869] Bluetooth: hci0: command tx timeout
[  432.651546][T25115] smc: net device bond0 applied user defined pnetid SYZ2
[  432.875388][T25132] netlink: 'syz.0.6227': attribute type 11 has an invalid length.
[  433.235033][T25144] netlink: 'syz.3.6230': attribute type 1 has an invalid length.
[  433.243244][T25144] __nla_validate_parse: 5 callbacks suppressed
[  433.243269][T25144] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6230'.
[  433.259517][T25144] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6230'.
[  433.285373][T25146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6228'.
[  433.345854][T25139] batadv_slave_0: left promiscuous mode
[  433.361137][T25139] batadv_slave_0: left allmulticast mode
[  433.376244][T25139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.461051][T25139] vlan0: left promiscuous mode
[  433.506361][T25149] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6231'.
[  433.520410][T25149] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6231'.
[  433.564764][T25139] geneve2: left promiscuous mode
[  433.570507][T25139] geneve2: left allmulticast mode
[  433.589014][T25146] hsr_slave_0: left promiscuous mode
[  433.628174][T25146] hsr_slave_1: left promiscuous mode
[  433.636041][T25155] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6231'.
[  433.665384][   T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  433.681407][T25160] netlink: 'syz.4.6234': attribute type 11 has an invalid length.
[  433.691844][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.701322][   T43] tipc: Node number set to 11578026
[  433.709202][   T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  433.727752][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.774973][   T13] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  433.805521][   T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.851006][   T13] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  433.859964][T25169] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  433.871133][T25169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6238'.
[  433.884729][   T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.936157][T25172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6237'.
[  434.034769][T25180] vxcan1: entered allmulticast mode
[  434.043084][T25180] vxcan1: left allmulticast mode
[  434.068568][T25178] netlink: 'syz.4.6241': attribute type 13 has an invalid length.
[  434.090044][T25178] netlink: 'syz.4.6241': attribute type 17 has an invalid length.
[  434.174908][T25178] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  434.203561][T25186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6241'.
[  434.328056][T25178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.616030][T25205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6246'.
[  434.626010][T25205] veth0_to_team: entered promiscuous mode
[  434.632674][T25205] veth0_to_team: entered allmulticast mode
[  434.671330][T25210] dvmrp8: entered allmulticast mode
[  434.679160][T25209] dvmrp8: left allmulticast mode
[  434.697667][ T5869] Bluetooth: hci0: command tx timeout
[  435.055617][T25226] dummy0: entered promiscuous mode
[  435.063802][T25226] macsec1: entered promiscuous mode
[  435.071461][T25226] macsec1: entered allmulticast mode
[  435.077672][T25226] dummy0: entered allmulticast mode
[  435.084694][T25226] dummy0: left allmulticast mode
[  435.092483][T25226] dummy0: left promiscuous mode
[  435.566325][T25261] netlink: 'syz.0.6265': attribute type 1 has an invalid length.
[  436.118794][T25284] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  436.416306][T25299] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  436.839168][T25321] syz_tun: entered allmulticast mode
[  436.850027][T25321] dvmrp8: entered allmulticast mode
[  436.861253][T25321] syz_tun: left allmulticast mode
[  436.866402][T25321] dvmrp8: left allmulticast mode
[  436.898610][T25326] netlink: 'syz.3.6289': attribute type 21 has an invalid length.
[  436.908193][T25326] netlink: 'syz.3.6289': attribute type 5 has an invalid length.
[  436.927287][T25321] netlink: 'syz.1.6286': attribute type 23 has an invalid length.
[  436.945830][T25328] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.464336][T25374] 8021q: VLANs not supported on nlmon0
[  437.629037][T25393] lo: entered promiscuous mode
[  437.633840][T25393] lo: entered allmulticast mode
[  437.650253][T25393] tunl0: entered promiscuous mode
[  437.662743][T25393] tunl0: entered allmulticast mode
[  437.672178][T25393] gre0: entered promiscuous mode
[  437.677763][T25393] gre0: entered allmulticast mode
[  437.687387][T25393] gretap0: entered promiscuous mode
[  437.692735][T25393] gretap0: entered allmulticast mode
[  437.701413][T25393] erspan0: entered promiscuous mode
[  437.706847][T25393] erspan0: entered allmulticast mode
[  437.715165][T25393] ip_vti0: entered promiscuous mode
[  437.720859][T25393] ip_vti0: entered allmulticast mode
[  437.727501][T25393] ip6_vti0: entered promiscuous mode
[  437.732982][T25393] ip6_vti0: entered allmulticast mode
[  437.740390][T25393] sit0: entered promiscuous mode
[  437.745567][T25393] sit0: entered allmulticast mode
[  437.754948][T25393] ip6tnl0: entered promiscuous mode
[  437.760421][T25393] ip6tnl0: entered allmulticast mode
[  437.769710][T25401] netlink: 'syz.2.6312': attribute type 4 has an invalid length.
[  437.779796][T25393] ip6gre0: entered promiscuous mode
[  437.785159][T25393] ip6gre0: entered allmulticast mode
[  437.792167][T25393] syz_tun: entered promiscuous mode
[  437.797773][T25393] syz_tun: entered allmulticast mode
[  437.804721][T25393] ip6gretap0: entered promiscuous mode
[  437.810900][T25393] ip6gretap0: entered allmulticast mode
[  437.818497][T25393] bond0: entered promiscuous mode
[  437.823651][T25393] bond_slave_0: entered promiscuous mode
[  437.829845][T25393] bond_slave_1: entered promiscuous mode
[  437.835742][T25393] bond0: entered allmulticast mode
[  437.841201][T25393] bond_slave_0: entered allmulticast mode
[  437.847184][T25393] bond_slave_1: entered allmulticast mode
[  437.854268][T25393] 8021q: adding VLAN 0 to HW filter on device bond0
[  437.861977][T25393] team0: entered promiscuous mode
[  437.867350][T25393] team_slave_0: entered promiscuous mode
[  437.873458][T25393] team_slave_1: entered promiscuous mode
[  437.879684][T25393] vlan0: entered promiscuous mode
[  437.885057][T25393] team0: entered allmulticast mode
[  437.890803][T25393] team_slave_0: entered allmulticast mode
[  437.897931][T25393] team_slave_1: entered allmulticast mode
[  437.903987][T25393] vlan0: entered allmulticast mode
[  437.909288][T25393] veth0_vlan: entered allmulticast mode
[  437.915614][T25393] 8021q: adding VLAN 0 to HW filter on device team0
[  437.922856][T25393] tipc: Resetting bearer <eth:team0>
[  437.928791][T25393] tipc: Resetting bearer <eth:team0>
[  437.930747][T25410] FAULT_INJECTION: forcing a failure.
[  437.930747][T25410] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.934399][T25393] dummy0: entered promiscuous mode
[  437.952730][T25393] dummy0: entered allmulticast mode
[  437.954643][T25410] CPU: 0 UID: 0 PID: 25410 Comm: syz.3.6316 Not tainted syzkaller #0 PREEMPT(full) 
[  437.954668][T25410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  437.954679][T25410] Call Trace:
[  437.954686][T25410]  <TASK>
[  437.954694][T25410]  dump_stack_lvl+0x189/0x250
[  437.954718][T25410]  ? __pfx____ratelimit+0x10/0x10
[  437.954743][T25410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.954762][T25410]  ? __pfx__printk+0x10/0x10
[  437.954783][T25410]  ? __might_fault+0xb0/0x130
[  437.954806][T25410]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  437.954830][T25410]  ? rcu_is_watching+0x15/0xb0
[  437.954849][T25410]  should_fail_ex+0x414/0x560
[  437.954873][T25410]  _copy_from_user+0x2d/0xb0
[  437.954892][T25410]  sock_do_ioctl+0x182/0x300
[  437.954915][T25410]  ? __pfx_sock_do_ioctl+0x10/0x10
[  437.954935][T25410]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  437.954968][T25410]  sock_ioctl+0x576/0x790
[  437.954986][T25410]  ? lock_release+0x4b/0x3e0
[  437.955010][T25410]  ? __pfx_sock_ioctl+0x10/0x10
[  437.955030][T25410]  ? __fget_files+0x2a/0x420
[  437.955045][T25410]  ? __fget_files+0x3a0/0x420
[  437.955059][T25410]  ? __fget_files+0x2a/0x420
[  437.955075][T25410]  ? bpf_lsm_file_ioctl+0x9/0x20
[  437.955096][T25410]  ? __pfx_sock_ioctl+0x10/0x10
[  437.955115][T25410]  __se_sys_ioctl+0xf9/0x170
[  437.955137][T25410]  do_syscall_64+0xfa/0x3b0
[  437.955152][T25410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.955169][T25410]  ? clear_bhb_loop+0x60/0xb0
[  437.955188][T25410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.955212][T25410] RIP: 0033:0x7f933ed8ebe9
[  437.955228][T25410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.955243][T25410] RSP: 002b:00007f933fb73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.955262][T25410] RAX: ffffffffffffffda RBX: 00007f933efb5fa0 RCX: 00007f933ed8ebe9
[  437.955275][T25410] RDX: 0000200000000200 RSI: 0000000000008946 RDI: 0000000000000005
[  437.955287][T25410] RBP: 00007f933fb73090 R08: 0000000000000000 R09: 0000000000000000
[  437.955299][T25410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.955310][T25410] R13: 00007f933efb6038 R14: 00007f933efb5fa0 R15: 00007ffd4ad955c8
[  437.955330][T25410]  </TASK>
[  438.183858][T25393] nlmon0: entered promiscuous mode
[  438.190142][T25393] nlmon0: entered allmulticast mode
[  438.196177][T25393] caif0: entered promiscuous mode
[  438.202083][T25393] caif0: entered allmulticast mode
[  438.207283][T25393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  438.279210][T25415] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  438.288272][T25417] netlink: 'syz.0.6319': attribute type 6 has an invalid length.
[  438.445759][T25415] __nla_validate_parse: 25 callbacks suppressed
[  438.445772][T25415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6318'.
[  438.634884][T25451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6329'.
[  438.686434][T25456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6331'.
[  439.229584][T25470] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  439.361984][T25470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6335'.
[  439.403616][T25480] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  439.412240][T25480] syzkaller0: entered promiscuous mode
[  439.418398][T25480] syzkaller0: entered allmulticast mode
[  439.453593][T25480] tipc: Resetting bearer <eth:syzkaller0>
[  439.461972][T25479] tipc: Resetting bearer <eth:syzkaller0>
[  439.469458][T25479] tipc: Disabling bearer <eth:syzkaller0>
[  439.635510][T25497] netlink: 'syz.3.6340': attribute type 2 has an invalid length.
[  439.674445][T25497] FAULT_INJECTION: forcing a failure.
[  439.674445][T25497] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  439.697939][T25497] CPU: 0 UID: 0 PID: 25497 Comm: syz.3.6340 Not tainted syzkaller #0 PREEMPT(full) 
[  439.697967][T25497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  439.697979][T25497] Call Trace:
[  439.697986][T25497]  <TASK>
[  439.697994][T25497]  dump_stack_lvl+0x189/0x250
[  439.698020][T25497]  ? __pfx____ratelimit+0x10/0x10
[  439.698044][T25497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.698064][T25497]  ? __pfx__printk+0x10/0x10
[  439.698088][T25497]  ? lock_acquire+0x5f/0x360
[  439.698115][T25497]  should_fail_ex+0x414/0x560
[  439.698140][T25497]  prepare_alloc_pages+0x213/0x610
[  439.698162][T25497]  __alloc_frozen_pages_noprof+0x123/0x370
[  439.698183][T25497]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  439.698206][T25497]  ? policy_nodemask+0x27c/0x720
[  439.698232][T25497]  alloc_pages_mpol+0x232/0x4a0
[  439.698257][T25497]  vma_alloc_folio_noprof+0xe4/0x200
[  439.698282][T25497]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  439.698307][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.698325][T25497]  ? lock_release+0x4b/0x3e0
[  439.698349][T25497]  folio_prealloc+0x30/0x180
[  439.698373][T25497]  do_wp_page+0x1231/0x5800
[  439.698393][T25497]  ? is_bpf_text_address+0x292/0x2b0
[  439.698430][T25497]  ? lock_acquire+0x5f/0x360
[  439.698455][T25497]  ? __pfx_do_wp_page+0x10/0x10
[  439.698474][T25497]  ? do_raw_spin_lock+0x121/0x290
[  439.698496][T25497]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  439.698515][T25497]  ? ___pte_offset_map+0x45/0x250
[  439.698542][T25497]  __handle_mm_fault+0x1033/0x5440
[  439.698572][T25497]  ? __pfx___handle_mm_fault+0x10/0x10
[  439.698594][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.698616][T25497]  ? follow_page_pte+0xd03/0x13e0
[  439.698643][T25497]  handle_mm_fault+0x40a/0x8e0
[  439.698670][T25497]  __get_user_pages+0x1699/0x2ce0
[  439.698690][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.698724][T25497]  __gup_longterm_locked+0xde9/0x1660
[  439.698752][T25497]  ? sanity_check_pinned_pages+0x123a/0x1300
[  439.698776][T25497]  gup_fast_fallback+0x1e6a/0x2010
[  439.698813][T25497]  ? __pfx_gup_fast_fallback+0x10/0x10
[  439.698832][T25497]  ? stack_trace_save+0x9c/0xe0
[  439.698852][T25497]  ? __pfx_stack_trace_save+0x10/0x10
[  439.698874][T25497]  ? down_write+0x71/0x1f0
[  439.698894][T25497]  ? pin_user_pages_fast+0x4d/0xb0
[  439.698916][T25497]  iov_iter_extract_pages+0x35a/0x5e0
[  439.698941][T25497]  extract_iter_to_sg+0xe46/0x24e0
[  439.698972][T25497]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  439.699005][T25497]  ? __asan_memset+0x22/0x50
[  439.699026][T25497]  af_alg_get_rsgl+0x436/0x810
[  439.699056][T25497]  skcipher_recvmsg+0x3c0/0x11c0
[  439.699079][T25497]  ? aa_sk_perm+0x81e/0x950
[  439.699109][T25497]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  439.699131][T25497]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  439.699151][T25497]  ? security_socket_recvmsg+0x7e/0x2e0
[  439.699171][T25497]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  439.699192][T25497]  sock_recvmsg+0x22c/0x270
[  439.699217][T25497]  ____sys_recvmsg+0x1c9/0x460
[  439.699240][T25497]  ? __pfx_____sys_recvmsg+0x10/0x10
[  439.699267][T25497]  ? import_iovec+0x74/0xa0
[  439.699287][T25497]  ___sys_recvmsg+0x1b5/0x510
[  439.699305][T25497]  ? get_pid_task+0x20/0x1f0
[  439.699328][T25497]  ? __pfx____sys_recvmsg+0x10/0x10
[  439.699350][T25497]  ? __fget_files+0x2a/0x420
[  439.699365][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.699390][T25497]  ? __fget_files+0x3a0/0x420
[  439.699417][T25497]  __x64_sys_recvmsg+0x198/0x260
[  439.699437][T25497]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  439.699461][T25497]  ? __pfx_ksys_write+0x10/0x10
[  439.699482][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.699502][T25497]  ? rcu_is_watching+0x15/0xb0
[  439.699521][T25497]  do_syscall_64+0xfa/0x3b0
[  439.699538][T25497]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.699556][T25497]  ? clear_bhb_loop+0x60/0xb0
[  439.699575][T25497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.699592][T25497] RIP: 0033:0x7f933ed8ebe9
[  439.699606][T25497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.699622][T25497] RSP: 002b:00007f933fb52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  439.699643][T25497] RAX: ffffffffffffffda RBX: 00007f933efb6090 RCX: 00007f933ed8ebe9
[  439.699656][T25497] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000005
[  439.699668][T25497] RBP: 00007f933fb52090 R08: 0000000000000000 R09: 0000000000000000
[  439.699680][T25497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  439.699691][T25497] R13: 00007f933efb6128 R14: 00007f933efb6090 R15: 00007ffd4ad955c8
[  439.699713][T25497]  </TASK>
[  440.264769][T25507] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  440.431694][T25511] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6347'.
[  440.488831][T25522] netlink: 'syz.0.6352': attribute type 2 has an invalid length.
[  440.542868][T25526] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6354'.
[  440.592212][T25532] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  440.955697][T25564] netlink: 'syz.1.6363': attribute type 10 has an invalid length.
[  441.058107][T25572] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  441.184132][T25581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6371'.
[  441.273017][T25587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6372'.
[  441.381519][T25593] FAULT_INJECTION: forcing a failure.
[  441.381519][T25593] name failslab, interval 1, probability 0, space 0, times 0
[  441.464756][T25593] CPU: 0 UID: 0 PID: 25593 Comm: syz.0.6373 Not tainted syzkaller #0 PREEMPT(full) 
[  441.464784][T25593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  441.464795][T25593] Call Trace:
[  441.464802][T25593]  <TASK>
[  441.464810][T25593]  dump_stack_lvl+0x189/0x250
[  441.464835][T25593]  ? __pfx____ratelimit+0x10/0x10
[  441.464860][T25593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.464880][T25593]  ? __pfx__printk+0x10/0x10
[  441.464904][T25593]  ? fs_reclaim_acquire+0x7d/0x100
[  441.464928][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.464946][T25593]  ? __pfx___might_resched+0x10/0x10
[  441.464962][T25593]  ? lock_acquire+0x5f/0x360
[  441.464987][T25593]  should_fail_ex+0x414/0x560
[  441.465011][T25593]  should_failslab+0xa8/0x100
[  441.465036][T25593]  kmem_cache_alloc_noprof+0x73/0x3c0
[  441.465058][T25593]  ? ptlock_alloc+0x20/0x70
[  441.465082][T25593]  ptlock_alloc+0x20/0x70
[  441.465104][T25593]  pte_alloc_one+0x7d/0x170
[  441.465124][T25593]  __pte_alloc+0x25/0x1a0
[  441.465141][T25593]  __handle_mm_fault+0x49b3/0x5440
[  441.465180][T25593]  ? __pfx___handle_mm_fault+0x10/0x10
[  441.465201][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.465223][T25593]  ? follow_page_pte+0xd03/0x13e0
[  441.465246][T25593]  ? __pfx___might_resched+0x10/0x10
[  441.465265][T25593]  handle_mm_fault+0x40a/0x8e0
[  441.465291][T25593]  __get_user_pages+0x1699/0x2ce0
[  441.465325][T25593]  __gup_longterm_locked+0xde9/0x1660
[  441.465346][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.465364][T25593]  ? lock_acquire+0x5f/0x360
[  441.465386][T25593]  ? gup_fast_fallback+0x21f/0x2010
[  441.465407][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.465424][T25593]  ? sanity_check_pinned_pages+0x1241/0x1300
[  441.465445][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.465463][T25593]  gup_fast_fallback+0x1e6a/0x2010
[  441.465497][T25593]  ? __pfx_gup_fast_fallback+0x10/0x10
[  441.465519][T25593]  ? poly1305_core_blocks+0x3b4/0x440
[  441.465546][T25593]  ? pin_user_pages_fast+0x4d/0xb0
[  441.465568][T25593]  iov_iter_extract_pages+0x35a/0x5e0
[  441.465593][T25593]  extract_iter_to_sg+0xe46/0x24e0
[  441.465620][T25593]  ? sanity_check_pinned_pages+0x123a/0x1300
[  441.465641][T25593]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  441.465665][T25593]  ? unpin_user_page+0xc9/0x1d0
[  441.465682][T25593]  ? __pfx_unpin_user_page+0x10/0x10
[  441.465705][T25593]  ? __asan_memset+0x22/0x50
[  441.465723][T25593]  hash_sendmsg+0x4f4/0x11d0
[  441.465751][T25593]  ? is_bpf_text_address+0x26/0x2b0
[  441.465780][T25593]  ? __pfx_hash_sendmsg+0x10/0x10
[  441.465801][T25593]  __sock_sendmsg+0x21c/0x270
[  441.465826][T25593]  ____sys_sendmsg+0x52d/0x830
[  441.465846][T25593]  ? __pfx_____sys_sendmsg+0x10/0x10
[  441.465868][T25593]  ? import_iovec+0x74/0xa0
[  441.465888][T25593]  ___sys_sendmsg+0x21f/0x2a0
[  441.465907][T25593]  ? __pfx____sys_sendmsg+0x10/0x10
[  441.465927][T25593]  ? kstrtouint+0x6e/0xe0
[  441.465963][T25593]  ? __fget_files+0x2a/0x420
[  441.465978][T25593]  ? __fget_files+0x3a0/0x420
[  441.465998][T25593]  __sys_sendmmsg+0x227/0x430
[  441.466019][T25593]  ? __pfx___sys_sendmmsg+0x10/0x10
[  441.466037][T25593]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  441.466073][T25593]  ? ksys_write+0x22a/0x250
[  441.466097][T25593]  ? __pfx_ksys_write+0x10/0x10
[  441.466117][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.466137][T25593]  __x64_sys_sendmmsg+0xa0/0xc0
[  441.466164][T25593]  do_syscall_64+0xfa/0x3b0
[  441.466180][T25593]  ? rcu_is_watching+0x15/0xb0
[  441.466196][T25593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.466214][T25593]  ? clear_bhb_loop+0x60/0xb0
[  441.466233][T25593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.466251][T25593] RIP: 0033:0x7f7b5d38ebe9
[  441.466267][T25593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.466283][T25593] RSP: 002b:00007f7b5e128038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  441.466303][T25593] RAX: ffffffffffffffda RBX: 00007f7b5d5b5fa0 RCX: 00007f7b5d38ebe9
[  441.466316][T25593] RDX: 0000000000000001 RSI: 0000200000004140 RDI: 0000000000000004
[  441.466328][T25593] RBP: 00007f7b5e128090 R08: 0000000000000000 R09: 0000000000000000
[  441.466338][T25593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.466349][T25593] R13: 00007f7b5d5b6038 R14: 00007f7b5d5b5fa0 R15: 00007fffa6f05e18
[  441.466371][T25593]  </TASK>
[  442.045167][T25607] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  442.058054][T25605] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6376'.
[  442.086530][T25605] netlink: 92 bytes leftover after parsing attributes in process `syz.1.6376'.
[  442.186280][T25602] tipc: Resetting bearer <eth:syzkaller0>
[  442.214937][T25602] tipc: Disabling bearer <eth:syzkaller0>
[  442.245347][T25628] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  442.324300][T25631] FAULT_INJECTION: forcing a failure.
[  442.324300][T25631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  442.373369][T25631] CPU: 0 UID: 0 PID: 25631 Comm: syz.2.6386 Not tainted syzkaller #0 PREEMPT(full) 
[  442.373397][T25631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  442.373408][T25631] Call Trace:
[  442.373415][T25631]  <TASK>
[  442.373423][T25631]  dump_stack_lvl+0x189/0x250
[  442.373449][T25631]  ? __pfx____ratelimit+0x10/0x10
[  442.373474][T25631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.373494][T25631]  ? __pfx__printk+0x10/0x10
[  442.373515][T25631]  ? __might_fault+0xb0/0x130
[  442.373541][T25631]  ? rcu_is_watching+0x15/0xb0
[  442.373561][T25631]  should_fail_ex+0x414/0x560
[  442.373586][T25631]  _copy_from_user+0x2d/0xb0
[  442.373606][T25631]  ___sys_recvmsg+0x12e/0x510
[  442.373629][T25631]  ? __pfx____sys_recvmsg+0x10/0x10
[  442.373651][T25631]  ? __fget_files+0x2a/0x420
[  442.373675][T25631]  ? rcu_is_watching+0x15/0xb0
[  442.373692][T25631]  ? lock_release+0x4b/0x3e0
[  442.373716][T25631]  ? __might_fault+0xcc/0x130
[  442.373739][T25631]  do_recvmmsg+0x307/0x770
[  442.373762][T25631]  ? __pfx_do_recvmmsg+0x10/0x10
[  442.373787][T25631]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  442.373822][T25631]  __x64_sys_recvmmsg+0x190/0x240
[  442.373844][T25631]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  442.373862][T25631]  ? rcu_is_watching+0x15/0xb0
[  442.373882][T25631]  ? rcu_is_watching+0x15/0xb0
[  442.373901][T25631]  do_syscall_64+0xfa/0x3b0
[  442.373918][T25631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.373936][T25631]  ? clear_bhb_loop+0x60/0xb0
[  442.373956][T25631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.373973][T25631] RIP: 0033:0x7f070898ebe9
[  442.373991][T25631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  442.374006][T25631] RSP: 002b:00007f070981c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  442.374025][T25631] RAX: ffffffffffffffda RBX: 00007f0708bb5fa0 RCX: 00007f070898ebe9
[  442.374038][T25631] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000005
[  442.374050][T25631] RBP: 00007f070981c090 R08: 0000000000000000 R09: 0000000000000000
[  442.374060][T25631] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000001
[  442.374070][T25631] R13: 00007f0708bb6038 R14: 00007f0708bb5fa0 R15: 00007ffc6b4e4338
[  442.374089][T25631]  </TASK>
[  442.924913][T25654] macvlan2: entered allmulticast mode
[  442.937101][T25654] veth1_vlan: entered allmulticast mode
[  442.965083][T25654] veth1_vlan: left allmulticast mode
[  443.184522][T25672] FAULT_INJECTION: forcing a failure.
[  443.184522][T25672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.245849][T25672] CPU: 1 UID: 0 PID: 25672 Comm: syz.2.6399 Not tainted syzkaller #0 PREEMPT(full) 
[  443.245876][T25672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  443.245886][T25672] Call Trace:
[  443.245894][T25672]  <TASK>
[  443.245901][T25672]  dump_stack_lvl+0x189/0x250
[  443.245926][T25672]  ? __pfx____ratelimit+0x10/0x10
[  443.245949][T25672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  443.245966][T25672]  ? __pfx__printk+0x10/0x10
[  443.245987][T25672]  ? __might_fault+0xb0/0x130
[  443.246023][T25672]  ? rcu_is_watching+0x15/0xb0
[  443.246042][T25672]  should_fail_ex+0x414/0x560
[  443.246067][T25672]  _copy_from_user+0x2d/0xb0
[  443.246087][T25672]  ___sys_recvmsg+0x12e/0x510
[  443.246109][T25672]  ? __pfx____sys_recvmsg+0x10/0x10
[  443.246130][T25672]  ? __fget_files+0x2a/0x420
[  443.246154][T25672]  ? rcu_is_watching+0x15/0xb0
[  443.246172][T25672]  ? lock_release+0x4b/0x3e0
[  443.246195][T25672]  ? __might_fault+0xcc/0x130
[  443.246218][T25672]  do_recvmmsg+0x307/0x770
[  443.246240][T25672]  ? __pfx_do_recvmmsg+0x10/0x10
[  443.246263][T25672]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  443.246296][T25672]  __x64_sys_recvmmsg+0x190/0x240
[  443.246317][T25672]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  443.246335][T25672]  ? rcu_is_watching+0x15/0xb0
[  443.246354][T25672]  ? rcu_is_watching+0x15/0xb0
[  443.246372][T25672]  do_syscall_64+0xfa/0x3b0
[  443.246389][T25672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.246407][T25672]  ? clear_bhb_loop+0x60/0xb0
[  443.246427][T25672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.246444][T25672] RIP: 0033:0x7f070898ebe9
[  443.246460][T25672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.246474][T25672] RSP: 002b:00007f070981c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  443.246494][T25672] RAX: ffffffffffffffda RBX: 00007f0708bb5fa0 RCX: 00007f070898ebe9
[  443.246508][T25672] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000005
[  443.246520][T25672] RBP: 00007f070981c090 R08: 0000000000000000 R09: 0000000000000000
[  443.246531][T25672] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000002
[  443.246543][T25672] R13: 00007f0708bb6038 R14: 00007f0708bb5fa0 R15: 00007ffc6b4e4338
[  443.246569][T25672]  </TASK>
[  443.519678][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  443.528602][T25682] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  443.562165][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  443.571834][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  443.580832][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  443.592609][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  443.662587][T25691] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  443.758361][T25702] FAULT_INJECTION: forcing a failure.
[  443.758361][T25702] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  443.772068][T25702] CPU: 1 UID: 0 PID: 25702 Comm: syz.4.6408 Not tainted syzkaller #0 PREEMPT(full) 
[  443.772094][T25702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  443.772105][T25702] Call Trace:
[  443.772113][T25702]  <TASK>
[  443.772120][T25702]  dump_stack_lvl+0x189/0x250
[  443.772144][T25702]  ? __pfx____ratelimit+0x10/0x10
[  443.772168][T25702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  443.772223][T25702]  ? __pfx__printk+0x10/0x10
[  443.772246][T25702]  ? lock_acquire+0x5f/0x360
[  443.772273][T25702]  should_fail_ex+0x414/0x560
[  443.772297][T25702]  prepare_alloc_pages+0x213/0x610
[  443.772318][T25702]  __alloc_frozen_pages_noprof+0x123/0x370
[  443.772338][T25702]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  443.772355][T25702]  ? css_rstat_updated+0x23a/0x4f0
[  443.772375][T25702]  ? policy_nodemask+0x27c/0x720
[  443.772398][T25702]  ? __pfx_lru_add+0x10/0x10
[  443.772418][T25702]  alloc_pages_mpol+0x232/0x4a0
[  443.772443][T25702]  folio_alloc_mpol_noprof+0x39/0x70
[  443.772467][T25702]  shmem_alloc_and_add_folio+0x447/0xf60
[  443.772493][T25702]  ? filemap_get_entry+0xad/0x2f0
[  443.772509][T25702]  ? filemap_get_entry+0xad/0x2f0
[  443.772528][T25702]  ? shmem_huge_global_enabled+0x174/0x3a0
[  443.772548][T25702]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  443.772574][T25702]  ? shmem_allowable_huge_orders+0x414/0x420
[  443.772598][T25702]  shmem_get_folio_gfp+0x59d/0x1660
[  443.772626][T25702]  shmem_fault+0x179/0x390
[  443.772652][T25702]  __do_fault+0x138/0x390
[  443.772678][T25702]  __handle_mm_fault+0x1847/0x5440
[  443.772706][T25702]  ? __pfx___handle_mm_fault+0x10/0x10
[  443.772729][T25702]  ? rcu_is_watching+0x15/0xb0
[  443.772751][T25702]  ? follow_page_pte+0x7ef/0x13e0
[  443.772777][T25702]  handle_mm_fault+0x40a/0x8e0
[  443.772804][T25702]  __get_user_pages+0x1699/0x2ce0
[  443.772840][T25702]  __gup_longterm_locked+0x7fb/0x1660
[  443.772872][T25702]  gup_fast_fallback+0x1e6a/0x2010
[  443.772908][T25702]  ? __pfx_gup_fast_fallback+0x10/0x10
[  443.772929][T25702]  ? rcu_is_watching+0x15/0xb0
[  443.772943][T25702]  ? is_valid_gup_args+0x11f/0x200
[  443.772959][T25702]  ? pin_user_pages_fast+0x4d/0xb0
[  443.772975][T25702]  rds_cmsg_rdma_args+0x8f4/0x1240
[  443.773001][T25702]  ? rcu_is_watching+0x15/0xb0
[  443.773017][T25702]  rds_cmsg_send+0x33d/0x5c0
[  443.773047][T25702]  rds_sendmsg+0x1129/0x1f00
[  443.773077][T25702]  ? __pfx_rds_sendmsg+0x10/0x10
[  443.773099][T25702]  ? aa_sk_perm+0x81e/0x950
[  443.773123][T25702]  ? __might_fault+0xb0/0x130
[  443.773145][T25702]  ? __pfx_aa_sk_perm+0x10/0x10
[  443.773167][T25702]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  443.773199][T25702]  ? aa_sock_msg_perm+0xf1/0x1d0
[  443.773216][T25702]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  443.773234][T25702]  ? __pfx_rds_sendmsg+0x10/0x10
[  443.773258][T25702]  __sock_sendmsg+0x21c/0x270
[  443.773282][T25702]  ____sys_sendmsg+0x505/0x830
[  443.773303][T25702]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.773325][T25702]  ? import_iovec+0x74/0xa0
[  443.773346][T25702]  ___sys_sendmsg+0x21f/0x2a0
[  443.773365][T25702]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.773399][T25702]  ? __fget_files+0x2a/0x420
[  443.773414][T25702]  ? __fget_files+0x3a0/0x420
[  443.773434][T25702]  __x64_sys_sendmsg+0x19b/0x260
[  443.773453][T25702]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  443.773477][T25702]  ? __pfx_ksys_write+0x10/0x10
[  443.773498][T25702]  ? rcu_is_watching+0x15/0xb0
[  443.773517][T25702]  ? rcu_is_watching+0x15/0xb0
[  443.773535][T25702]  do_syscall_64+0xfa/0x3b0
[  443.773553][T25702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.773570][T25702]  ? clear_bhb_loop+0x60/0xb0
[  443.773590][T25702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.773607][T25702] RIP: 0033:0x7f8162f8ebe9
[  443.773625][T25702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.773641][T25702] RSP: 002b:00007f8163e03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.773661][T25702] RAX: ffffffffffffffda RBX: 00007f81631b5fa0 RCX: 00007f8162f8ebe9
[  443.773675][T25702] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000004
[  443.773687][T25702] RBP: 00007f8163e03090 R08: 0000000000000000 R09: 0000000000000000
[  443.773699][T25702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  443.773710][T25702] R13: 00007f81631b6038 R14: 00007f81631b5fa0 R15: 00007ffd47fa0688
[  443.773729][T25702]  </TASK>
[  444.301723][T25708] __nla_validate_parse: 1 callbacks suppressed
[  444.301741][T25708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6410'.
[  444.342916][T25713] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6411'.
[  444.345363][T25681] chnl_net:caif_netlink_parms(): no params data found
[  444.416226][T25681] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.423555][T25681] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.431779][T25681] bridge_slave_0: entered allmulticast mode
[  444.439126][T25681] bridge_slave_0: entered promiscuous mode
[  444.450223][T25681] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.459071][T25681] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.466348][T25681] bridge_slave_1: entered allmulticast mode
[  444.475079][T25681] bridge_slave_1: entered promiscuous mode
[  444.497916][ T3539] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x23
[  444.632560][   T12] bond0 (unregistering): Released all slaves
[  444.644949][   T12] bond1 (unregistering): Released all slaves
[  444.658018][T25681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  444.671505][T25681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  444.696179][T25681] team0: Port device team_slave_0 added
[  444.707039][T25681] team0: Port device team_slave_1 added
[  444.721157][   T12] þ
: left promiscuous mode
[  444.735304][T25681] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.742384][T25681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.768965][T25681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  444.780882][T25681] batman_adv: batadv0: Adding interface: batadv_slave_1
[  444.789229][T25681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.815451][T25681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.826765][   T12] tipc: Left network mode
[  444.852602][T25681] hsr_slave_0: entered promiscuous mode
[  444.859394][T25681] hsr_slave_1: entered promiscuous mode
[  444.865543][T25681] debugfs: 'hsr0' already exists in 'hsr'
[  444.871908][T25681] Cannot create hsr debugfs directory
[  445.121905][   T12] hsr_slave_0: left promiscuous mode
[  445.204858][   T12] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI
[  445.216799][   T12] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
[  445.226345][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  445.235628][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  445.245687][   T12] Workqueue: netns cleanup_net
[  445.250464][   T12] RIP: 0010:mld_clear_delrec+0x3a5/0x660
[  445.256123][   T12] Code: ff ff ff e8 8d 2a 41 01 89 c5 31 ff 89 c6 e8 02 0f 87 f7 85 ed 74 40 e8 b9 0a 87 f7 eb 05 e8 b2 0a 87 f7 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 6c 76 ea f7 4d 8b 27 49 8d 7f 30
[  445.275998][   T12] RSP: 0018:ffffc90000117390 EFLAGS: 00010206
[  445.282165][   T12] RAX: 000000001fffe000 RBX: ffff88805907e538 RCX: ffff88801ce9da00
[  445.290144][   T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  445.298217][   T12] RBP: 0000000000000000 R08: ffffffff8fa38337 R09: 1ffffffff1f47066
[  445.306265][   T12] R10: dffffc0000000000 R11: fffffbfff1f47067 R12: ffff8880278d9428
[  445.314238][   T12] R13: dffffc0000000000 R14: ffff8880278d9400 R15: 00000000ffff0000
[  445.322211][   T12] FS:  0000000000000000(0000) GS:ffff888125c1a000(0000) knlGS:0000000000000000
[  445.331141][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  445.337706][   T12] CR2: 0000001b30af9ff8 CR3: 000000004e9e6000 CR4: 00000000003526f0
[  445.345659][   T12] Call Trace:
[  445.348919][   T12]  <TASK>
[  445.351836][   T12]  ? ipv6_mc_down+0x2a3/0x360
[  445.356499][   T12]  ipv6_mc_destroy_dev+0x45/0x5a0
[  445.361505][   T12]  addrconf_ifdown+0x139e/0x1880
[  445.366530][   T12]  ? tls_dev_event+0x717/0xec0
[  445.371289][   T12]  ? __pfx_addrconf_ifdown+0x10/0x10
[  445.376551][   T12]  ? lock_release+0x4b/0x3e0
[  445.381121][   T12]  ? net_generic+0x1e/0x240
[  445.385628][   T12]  ? __pfx_tls_dev_event+0x10/0x10
[  445.390715][   T12]  addrconf_notify+0x1bc/0x1010
[  445.395547][   T12]  notifier_call_chain+0x1b3/0x3e0
[  445.400667][   T12]  unregister_netdevice_many_notify+0x14d7/0x1ff0
[  445.407072][   T12]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  445.413902][   T12]  ? unregister_netdevice_queue+0x1b3/0x380
[  445.419774][   T12]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  445.426028][   T12]  ? batadv_meshif_destroy_netlink+0x1b0/0x250
[  445.432180][   T12]  default_device_exit_batch+0x819/0x890
[  445.437807][   T12]  ? __pfx___might_resched+0x10/0x10
[  445.443079][   T12]  ? __pfx_default_device_exit_batch+0x10/0x10
[  445.449230][   T12]  ? __pfx_default_device_exit_batch+0x10/0x10
[  445.455381][   T12]  ops_undo_list+0x522/0x990
[  445.459983][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  445.465084][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  445.470292][   T12]  cleanup_net+0x4c5/0x800
[  445.474789][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  445.479704][   T12]  ? rcu_is_watching+0x15/0xb0
[  445.484445][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  445.490267][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  445.495965][   T12]  process_scheduled_works+0xae1/0x17b0
[  445.501499][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  445.507460][   T12]  worker_thread+0x8a0/0xda0
[  445.512031][   T12]  kthread+0x70e/0x8a0
[  445.516076][   T12]  ? __pfx_worker_thread+0x10/0x10
[  445.521162][   T12]  ? __pfx_kthread+0x10/0x10
[  445.525729][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  445.530909][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  445.536090][   T12]  ? __pfx_kthread+0x10/0x10
[  445.540657][   T12]  ret_from_fork+0x3f9/0x770
[  445.545256][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  445.550353][   T12]  ? __switch_to_asm+0x39/0x70
[  445.555094][   T12]  ? __switch_to_asm+0x33/0x70
[  445.559833][   T12]  ? __pfx_kthread+0x10/0x10
[  445.564576][   T12]  ret_from_fork_asm+0x1a/0x30
[  445.569331][   T12]  </TASK>
[  445.572359][   T12] Modules linked in:
[  445.578048][   T12] ---[ end trace 0000000000000000 ]---
[  445.585425][   T12] RIP: 0010:mld_clear_delrec+0x3a5/0x660
[  445.591932][   T12] Code: ff ff ff e8 8d 2a 41 01 89 c5 31 ff 89 c6 e8 02 0f 87 f7 85 ed 74 40 e8 b9 0a 87 f7 eb 05 e8 b2 0a 87 f7 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 6c 76 ea f7 4d 8b 27 49 8d 7f 30
[  445.612318][   T12] RSP: 0018:ffffc90000117390 EFLAGS: 00010206
[  445.619156][   T12] RAX: 000000001fffe000 RBX: ffff88805907e538 RCX: ffff88801ce9da00
[  445.627438][   T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  445.635463][   T12] RBP: 0000000000000000 R08: ffffffff8fa38337 R09: 1ffffffff1f47066
[  445.643845][   T12] R10: dffffc0000000000 R11: fffffbfff1f47067 R12: ffff8880278d9428
[  445.651852][   T12] R13: dffffc0000000000 R14: ffff8880278d9400 R15: 00000000ffff0000
[  445.659052][ T5856] Bluetooth: hci2: command tx timeout
[  445.659928][   T12] FS:  0000000000000000(0000) GS:ffff888125c1a000(0000) knlGS:0000000000000000
[  445.674624][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  445.681223][   T12] CR2: 0000001b30af9ff8 CR3: 00000000333aa000 CR4: 00000000003526f0
[  445.689292][   T12] Kernel panic - not syncing: Fatal exception
[  445.695635][   T12] Kernel Offset: disabled
[  445.699946][   T12] Rebooting in 86400 seconds..