last executing test programs:

1m6.399992664s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

55.306169641s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

42.384801217s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

28.986934498s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

15.427120208s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

8.47805317s ago: executing program 2 (id=5474):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x64}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x64}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async)

8.194586864s ago: executing program 2 (id=5477):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(camellia)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) (async)
getsockopt$bt_hci(r2, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007)
r3 = socket(0x2a, 0x2, 0xfffffffc)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x9, 0x0, 0x4e, @empty, @mcast1, 0x40, 0x0, 0xffffffff, 0x9}})
socket(0x22, 0x2, 0x22) (async)
r4 = socket(0x22, 0x2, 0x22)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x3}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67c59d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58d567754734be31d750351dc002eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a37cae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82"]}]}, 0x114}], 0x1}, 0x0)
write(r4, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083, 0x715cb}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, @IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x4000040)

7.39846336s ago: executing program 2 (id=5485):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x20, 0x70bd25, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80c0}, 0x4000000)
r2 = socket$kcm(0x29, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0)
sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x74, r3, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, '802.15.4 MAC\x00'}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1a}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x404c840}, 0x40)
recvfrom(r2, &(0x7f00000002c0)=""/243, 0xf3, 0x40000000, &(0x7f00000003c0)=@pppoe={0x18, 0x0, {0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, 'wg2\x00'}}, 0x80)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f0000000440)={'filter\x00', 0x0, 0x0, 0x0, [0x8, 0x7fffffffffffffff, 0x401, 0x3f40, 0x5, 0x6]}, &(0x7f00000004c0)=0x78)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000500)={@any, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='svc_xprt_create_err\x00', 0xffffffffffffffff, 0x0, 0x400}, 0x18)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000006c0)={'tunl0\x00', &(0x7f0000000600)={'syztnl2\x00', <r7=>0x0, 0x0, 0x7800, 0xff, 0xfffffffe, {{0x1a, 0x4, 0x0, 0x8, 0x68, 0x68, 0x0, 0x3, 0x4, 0x0, @rand_addr=0x64010100, @multicast1, {[@cipso={0x86, 0x3d, 0x3, [{0x0, 0x3, "95"}, {0x3, 0x4, "cff6"}, {0x7, 0xd, "07cd161fdf694faf02b349"}, {0x6, 0xc, "e984554a026cf1bdaa85"}, {0x7, 0xb, "29c6e410498b442d5c"}, {0x5, 0xc, "db3c3140842fa3f9729d"}]}, @timestamp_prespec={0x44, 0x14, 0x99, 0x3, 0x3, [{@private=0xa010101}, {@local, 0xffffffff}]}]}}}}})
sendmsg$nl_route_sched(r6, &(0x7f0000000780)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20800000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=@getqdisc={0x2c, 0x26, 0x800, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {0xfff3}, {0x8, 0x6}}, [{0x4}, {0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket(0x25, 0x0, 0x7ff)
r10 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$ARPT_SO_SET_REPLACE(r10, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x7, 0x4, 0x3f0, 0x0, 0xe8, 0xe8, 0x308, 0x308, 0x308, 0x4, &(0x7f00000007c0), {[{{@arp={@remote, @multicast2, 0xffffffff, 0xffffff00, 0xf, 0x5, {@mac=@broadcast, {[0x0, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0xff, 0xff]}}, 0x9, 0x3, 0x80, 0xf15f, 0x21, 0x5, 'geneve1\x00', 'veth1\x00', {0xff}, {}, 0x0, 0xba}, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x4}}}, {{@arp={@rand_addr=0x64010100, @multicast1, 0x0, 0xffffffff, 0xb, 0xb, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, 0x3, 0x400, 0x401, 0x200, 0xe, 0x7fff, 'veth1_to_team\x00', 'ipvlan1\x00', {}, {0xff}, 0x0, 0x260}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @dev={0xac, 0x14, 0x14, 0xc}, 0xf}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @dev={0xac, 0x14, 0x14, 0x18}, @private=0xa010100, 0x2}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000c80), r8)
sendmsg$L2TP_CMD_SESSION_CREATE(r9, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x34, r11, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x4}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_UDP_CSUM={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x240000c1}, 0x1000)
socket$inet6(0xa, 0x1, 0x10000)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000d80), r8)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000e40)={'wpan0\x00', <r13=>0x0})
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x28, r12, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4041)
bpf$ENABLE_STATS(0x20, &(0x7f0000000f40), 0x4)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000fc0)=<r14=>0x0)
sendmsg$nl_xfrm(r9, &(0x7f0000001280)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001240)={&(0x7f0000001000)=@polexpire={0x228, 0x1b, 0x1, 0x70bd2d, 0x25dfdbfc, {{{@in6=@private0, @in6=@remote, 0x4e23, 0x0, 0x4e22, 0x2, 0x2, 0x180, 0x120, 0x87, r7, r14}, {0x7, 0x4b141d2b, 0x200, 0xfffffffffffffff8, 0x7ff, 0x6, 0x5}, {0x4, 0x4, 0x6, 0x9}, 0x3, 0x6e6bbf, 0x2, 0x1, 0x1}, 0x8}, [@migrate={0x134, 0x11, [{@in=@rand_addr=0x64010101, @in=@local, @in=@local, @in=@private=0xa010101, 0xff, 0x4, 0x0, 0x3506, 0xa, 0xa}, {@in=@loopback, @in6=@loopback, @in=@local, @in=@multicast1, 0x3c, 0x2, 0x0, 0x3507, 0x0, 0xa}, {@in=@loopback, @in6=@private2, @in=@multicast2, @in=@broadcast, 0x2b, 0x2, 0x0, 0x3506, 0xa, 0xa}, {@in6=@empty, @in6=@empty, @in=@local, @in=@loopback, 0xff, 0x0, 0x0, 0x3501, 0xa, 0xa}]}, @replay_val={0x10, 0xa, {0x70bd26, 0x70bd2a, 0x2004}}, @tfcpad={0x8, 0x16, 0x5}, @encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e21, 0x4e23, @in6=@private1={0xfc, 0x1, '\x00', 0x1}}}]}, 0x228}, 0x1, 0x0, 0x0, 0x40884}, 0x40001)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000001380)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)={0x38, r12, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000004)

6.950892439s ago: executing program 2 (id=5489):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x12, 0x31, 0x4, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000910446000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x41)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a18010000090a0104"], 0x140}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000980)=ANY=[@ANYBLOB="8400f0da82805f", @ANYRES16, @ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c010)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}}, 0x4000084)

6.527530675s ago: executing program 4 (id=5494):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f0000000040)={'wlan0\x00'}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000280)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)

5.95092861s ago: executing program 4 (id=5497):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

5.716180031s ago: executing program 4 (id=5499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r0}, 0x38)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000f0f000000000700000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000003c000000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000040004800b0007"], 0xc4}}, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

3.344766554s ago: executing program 1 (id=5515):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='scalable\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x2)
ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x48, 0x0, 0x38, 0xa8e}, {0x6, 0xfc}]})
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f00000000c0)=0xfff)
write$ppp(r1, &(0x7f0000000180)="1e08", 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000af8000000060a09040000000000000000020000010900020073797a32000000000900010073797a30000000002400048020000180080001006c6f670014000280070002405c270000060001400000000040000480100001800c0001006e6f747261636b002c0001800b0001006e756d67656e00001c00028008000240000000060800034000000001080001"], 0x120}, 0x1, 0x0, 0x0, 0x4048000}, 0x8800)

3.00901012s ago: executing program 1 (id=5516):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c02000019000100000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000000000000000020000003c000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000001000000a80c0000000000000a00000000000000000000000000003c00000000000000000300000000000000000000000000000000000000000000000000000000000000ff00000000000000010000000000000084010500fe8000000000000000000000000000bb000004d53c00000000000000ff0200000000000000000000000000010000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d43c00000000000000fe8000000000000000000000000000000000000000000000000800000000000001000000ff010000000000000000000000000001000000006c"], 0x23c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)

2.866900138s ago: executing program 1 (id=5518):
r0 = socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000dd0a000000000000730143000000000095000000000000009411b9e958dd9f5539de132dfd"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000002741401c067414a0e020b246c70c646a7d3cda5e6e29937ea8afa43b28cb", @ANYRES16=r2, @ANYBLOB="470d00000000000000000a00000004000280180001801400020062726964676530000000000000000000"], 0x30}}, 0x0) (async)
sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000002741401c067414a0e020b246c70c646a7d3cda5e6e29937ea8afa43b28cb", @ANYRES16=r2, @ANYBLOB="470d00000000000000000a00000004000280180001801400020062726964676530000000000000000000"], 0x30}}, 0x0)
bind$alg(r1, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-twofish-3way\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {0xb}, {0xfff3, 0xffff}, {0xffe0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {0xb}, {0xfff3, 0xffff}, {0xffe0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000003c000b0000000000fcffffff04000000040000800c0001"], 0x24}}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r5, &(0x7f0000000cc0)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$inet(r5, &(0x7f0000000cc0)={0x0, 0x0, 0x0}, 0x0)
close(r5)
sendmsg$inet(r6, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x8000)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a80)=ANY=[@ANYBLOB="14010000440001ed00000000000000000000140001000151d44c092be38f907f109f7e5ae03a425b992c0889c59084033ba95e8219b9f06363b49f194a5fcf7c8d830a5c65916004ea066e7b9ae2fa699a53585448923a76e123defac95fb33ada6a63e623d51254cab8402965f1d089000000fc39574ddacf7f854a752cc4094f71ab08eb369ee360c94ef10e13827527dad75dac8b3417537e64b428c0066c91ad6830930569723a465b9f14f4f6f961596a79ae8f803050d6ca64f6a9329966f95e89a05583df72ae27975ca72542ee8134cbf388e74cb5a12120f57d64ba325476355ee3fc9660266490add8ec9d5907ccbe53087b394a2e67a93b00"/267], 0x114}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)
socketpair(0x2, 0x1, 0x9, &(0x7f0000000080)) (async)
socketpair(0x2, 0x1, 0x9, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f0000000140)=0x2, 0x4) (async)
setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f0000000140)=0x2, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1b, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000fbffffff18110000000000000000f0", @ANYRES32=0x0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000852000000100000085100000fbffffff85000000890000009500000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r9 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r9, &(0x7f0000000a00)=[{{&(0x7f0000000140)={0xa, 0xfffc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000001900)=[{&(0x7f0000000280)="ad", 0x1}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x79, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000880)=[{&(0x7f0000000200)="ec", 0x1}], 0x1}}], 0x2, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x12)
writev(r10, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001400190d09004beafd0d36020a8447000b4e230f00034e20a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
accept4(r0, 0x0, 0x0, 0x800) (async)
r11 = accept4(r0, 0x0, 0x0, 0x800)
accept4(r11, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010e00000000009500000000800000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x80) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010e00000000009500000000800000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x80)
sendmmsg$inet6(r11, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000300}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000180)='&', 0x1}], 0x1}, 0xff03}], 0x2, 0x8080) (async)
sendmmsg$inet6(r11, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000300}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000180)='&', 0x1}], 0x1}, 0xff03}], 0x2, 0x8080)

2.648733655s ago: executing program 1 (id=5520):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x97}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @loopback}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x40}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
unshare(0x68040200)
write(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, 0x0, 0x0)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
getsockopt$inet_mreqn(r2, 0x0, 0x23, 0x0, &(0x7f00000001c0))
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
socket(0x10, 0x3, 0x9)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f00000003c0)=@raw=[@ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f0000000280)='syzkaller\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222, 0x680f0936988f8ccd, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90)

2.534656572s ago: executing program 0 (id=5521):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x1, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {0x1000000, 0x800, 0x0, 0x3, 0x0, 0x0, 0x3, 0x7}, {0x0, 0x0, 0x3}}, [@tmpl={0x84, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffc, 0x6c}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4}]}]}, 0x13c}}, 0x0)

2.443997634s ago: executing program 0 (id=5522):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{&(0x7f0000000340)={0xa, 0x4e22, 0x14a4, @remote, 0xe}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000480)=']', 0x1}], 0x1}}], 0x1, 0x20000004)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$unix(0x1, 0x1, 0x0)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000640)="3d0d08467ad6f3148f5a55c3653073cb85a7bedf4723b31798520c8a0d9536416ad9dcadddbf4156335b74f670140c2e96701a9c197585014a996e63a7229d462058dd9964f19653e852f09f600bafa2ce880f8b11079f31b04e9553dfc9cc4cd3c32fb8b0274ed11566434b86d4e388e00cb9e6374c2e70cbecc315208a5dd6f877f58b03434a4a19d38455b02ddc4842f0ed410a12b13e9f3bdb466673c13e8b3f611f93856452b91b090f5652e30c6f4345efea71287e93fdd970aa53df26663adde360e4584378ffa1640e92f37c581e7bad8cb9b60f86438abe126fac63f8c6d2506c8c9925ac9156e62c04c4cebfb62f12b0dda005", 0xf8}, {&(0x7f0000000780)="1ea0912849400dd91905cfa68fcb4e2e16d9ee3289887c18094570bf06e87cae7e9be52b5d66ec6cfdd19b3659fd2f718615d005e3ee8979277bc3219d0961785f2b6280dd1d2f51197e055bee9c43422136f7eb51248fb541a45737e96b59b3b9fc572a67a54720d258444fcbca646884c9e00b7fe9b4ddf3fe7b4d0d52037ad7909d0897c4d5c65bff60485a", 0x8d}, {&(0x7f0000000840)="5fce070845c56f58d893f55941855dcad9b4d04b47554cb1592511cfed507de6f819fed202fdc33d94ce65b9c6ac7a87e8a27ac3ed23245f0d890975c1794a78e7e647485b12109058abbbd7726c76e2230a1434d18c3354ae938c743b25d76cfb142ae8d7cb03dc9b832e1c0fda7f00e68818962eaa8b17c29559926c93df8b8538c2027e9a884dd6758f478015160f619c5ee641f9bf3ecb1a4164c97f961a441c033287826acff0ea4a5d45370eab7f9789cfa80dd13c5a767127e90a1df8d5cdd1aed450cd858cb82a", 0xcb}, {&(0x7f00000003c0)="fb7c4150e4ef295e2c", 0x9}], 0x4)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
socket$packet(0x11, 0x2, 0x300)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000200)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000440)={0x101, 0x0, 0xe, 0x8a8, 0x4fc949ad, 0x7, 0x1, 0x2}, &(0x7f00000004c0)=0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000940)={0x83, <r5=>0x0}, 0x8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f000000a780), 0xffffffffffffffff)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}, 0x1, 0x0, 0x0, 0x4000091}, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r6, &(0x7f000000a8c0)={0x0, 0x0, &(0x7f000000a880)={&(0x7f000000a7c0)={0x20, r7, 0x201, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24048091}, 0x80)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000980)=ANY=[@ANYRES16=r1], &(0x7f0000000280)='GPL\x00', 0x995, 0x0, 0x0, 0x0, 0x6c, '\x00', r9, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r11}, 0x18)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000004000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000208500000004000000850000000e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r12}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000a5040b00000000000000000000000000000000000000027898c3cd33472b98b319c346ca26be81ed1394441633b43cf4baa11929fb2bc037df9bb8e77ee8ef76e0e208f215f73b43f6555e1f1d6a0c0ac06ce306bc3c11ddaa1cd2985f41be38fd33aeaf346259c16cde9324710916b41bc79a1f0498fab77b0d769cf57becaa567ac85bf31929fee282a506a1de0fda3533e6ffba85155129715618782a680b15c832619383a9b5cc8e2431f81922705551473ffd5b8a77da864ac1328685f80e6f36c1b310fbf40a79ad9e959d684c5b2403e284ed79c20fde107c0e1074ffa22ae3b2e14ff5"], 0x48)

2.140011628s ago: executing program 3 (id=5064):
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
poll(&(0x7f0000000000)=[{r1, 0xa404}, {r2, 0x21}], 0x2, 0xfffffffe)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x1d, 0xc, &(0x7f0000000280)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @cb_func={0x18, 0xc}, @alu={0x4, 0x0, 0x1, 0x6, 0x5, 0x30, 0x8}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3ff}, @call={0x85, 0x0, 0x0, 0x3a}, @generic={0x2, 0x3, 0x7, 0xb1, 0xce}], &(0x7f0000000340)='GPL\x00', 0x2, 0x1d, &(0x7f0000000380)=""/29, 0x41100, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000003c0)={0x3, 0x8, 0xd, 0x9}, 0x10, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=[0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x7ff}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@fallback=r0, 0x9, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0]}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x29, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, 0x1}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, @exit, @alu={0x7, 0x1, 0x1, 0xa, 0xf, 0x4, 0x4}, @ldst={0x3, 0x3, 0x1, 0xa, 0x3, 0x40, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x22, &(0x7f00000006c0)=""/34, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0xb, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x8}, 0x94)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)="b50a07", 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc4800082}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x574}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4000c00)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x5f, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

1.008027406s ago: executing program 0 (id=5523):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="b40000000000f3ff7910900000000000630000000000000095000000000000008d92133deb6af19a615221a5e9c1c30b6e95cc8fea035580b99721396dc8eb6d5df6dc9e699a633176330ff919676a6af14926d2972f96f1b3b7e18b030df52a4f7a1c2f51146019dbb20ca845aa71fa9b92bea75cad145375cd89be1d82fabf57ee85c5e4129f42d848ed23f5b44542fe5be65239e37e6b198ca137e4432993b4576fa1ecf61a856a521d26758e4ddf6730903b5d22548be0ddaae1e6c1233841b2f6c7e7daef09f949ba0db2a1e1c43aba69adbed02c5d6cf115129ee07e25ca8518500d95e5e3ff3e7503dcf5347bee255eeba0f102d4c4c415eb56239c523a4dde580ed459f309797655222077a0442fb4"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="61df712bc884fed5722780b6c2a7", 0x0, 0x0, 0x0, 0x200003b2, 0x0, &(0x7f0000000380)="fd97a6633528276901d509de9400a14fb5913c6c253c5551be05130e9eee4bce3f4ed4c3db6b2ebdb7da4818a778bb7c2e4f", 0x0}, 0x50) (fail_nth: 1)

1.00570182s ago: executing program 1 (id=5524):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fc", 0x39}], 0x1}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendto$inet(r5, &(0x7f00000000c0)="f72bacc3ca1aaadf08e239411cbcf4b2ef918084f500db36e2ef38b56d756f041132ccc67bec238c21e52da753", 0x2d, 0x0, &(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10)
readv(r4, &(0x7f0000000500)=[{&(0x7f0000002100)=""/4076, 0x2d}], 0x57)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0xc800}, 0x0)
getpeername$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @broadcast}}, &(0x7f0000000100)=0xfffffffffffffead)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x9, 0xffff, 0x0, 0x6, 0x55, 0xb66e, 0x7c}, 0x9c)
setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000000)={0xf1, [0x9f1, 0x40], 0x4d0}, 0x10)

998.493091ms ago: executing program 2 (id=5525):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = gettid()
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={<r4=>0x0}, &(0x7f0000000180)=0xc)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0xcc, 0x2b, 0xb, 0x70bd2a, 0x0, {0x5}, [@typed={0x8, 0x3, 0x0, 0x0, @ipv4=@empty}, @nested={0xb0, 0x1, 0x0, 0x1, [@nested={0xaa, 0x5b, 0x0, 0x1, [@nested={0x20, 0x125, 0x0, 0x1, [@typed={0x8, 0x23, 0x0, 0x0, @pid=r3}, @typed={0x8, 0x8e, 0x0, 0x0, @pid=r4}, @typed={0x8, 0xd9, 0x0, 0x0, @u32=0x3}, @nested={0x4, 0xc1}]}, @typed={0x8, 0xa1, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x36}}, @typed={0x8, 0xbe, 0x0, 0x0, @fd=r1}, @generic="f8d782c9e6b4cd31afeffc12e9e930958a1d269dc298bb5de3a1469bfa6743de8f1cf4ad1b76", @typed={0x8, 0x83, 0x0, 0x0, @u32=0x7f}, @generic="0357cfd72fd8fe8fbb54853394c57caa4f1492da8cea51dfc91c31b364dd2fe85cd1dfdd5d1ceac710532a903bc9d6f3bcd656bd2a2c535eb97914da4faa56b40f6888ac0ad6de50"]}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000000}, 0x20080c40)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="47000e001c00000008021100000008021100000150"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0)
connect$inet6(r2, &(0x7f0000000240)={0xa, 0x4e21, 0x7f, @private2, 0x1}, 0x1c)
r7 = openat$cgroup_devices(r5, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r7, &(0x7f0000000280)=ANY=[@ANYBLOB='b *:4\trm\nD'], 0xa)
readv(r7, &(0x7f0000000200)=[{0x0}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/16, 0x10}], 0x3)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001800090400000000000000000a110000"], 0x2c}}, 0x0)
r9 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg$unix(r9, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
r10 = accept(r1, &(0x7f0000000300)=@rc, &(0x7f00000015c0)=0x80)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000001640)={'wlan1\x00', <r11=>0x0})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r12)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r14=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r13, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r14}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r10, &(0x7f0000001700)={&(0x7f0000001600), 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x3c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xa628, 0x51}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x6c}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r11}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000810}, 0x0)
ioctl$sock_proto_private(r9, 0x89ed, &(0x7f0000000040)="2f45e5112de5a4d6989b8f4fe37a2f9fba273910a3c27ac1ac5c4b7324249adef53e8975a6a725c42fe570388f815bdfbe2cb32c90ec0dbec6520dfcf10dfdfc02f86b4ee013123a64b6f6")
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, &(0x7f0000000100))

997.916356ms ago: executing program 4 (id=5526):
r0 = socket$inet(0x2, 0x2, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000200001000000000000fdffff80000000000000000000000008000d"], 0x38}}, 0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000004c0)="1ed8b7f9d446", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)

822.996148ms ago: executing program 0 (id=5527):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x3e, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6012100800083a00fe8000000000000000000000000000bb0000000000aa8000907800000000"], 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
bpf$BPF_LINK_UPDATE(0xb, &(0x7f0000000080), 0x10)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f00000000c0)=[{{0x1, 0x0, 0x1, 0x1}, {0x2, 0x0, 0x0, 0x1}}, {{0x3, 0x1}, {0x2, 0x0, 0x0, 0x1}}], 0x10)
clock_gettime(0x0, &(0x7f00000001c0)={<r5=>0x0, <r6=>0x0})
select(0x40, &(0x7f0000000100)={0x6, 0x0, 0x7378, 0x9, 0xffffffffffff0000, 0x100, 0x9, 0xffffffffffff4667}, &(0x7f0000000140)={0x84, 0x9, 0x80000000, 0x4820, 0x4, 0x9, 0x4, 0x800}, &(0x7f0000000180)={0x4, 0x4, 0x1, 0x0, 0x7, 0x4e, 0x5, 0xb8}, &(0x7f0000000200)={r5, r6/1000+60000})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000790048000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e23, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, @in6={0xa, 0x4e24, 0x800, @empty, 0xc}, @in6={0xa, 0x4e21, 0xd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x52f}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e20, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, @in6={0xa, 0x4e24, 0x7, @mcast1}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0xbc)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vxcan1\x00', <r8=>0x0})
clock_gettime(0x0, &(0x7f0000000340)={<r9=>0x0, <r10=>0x0})
clock_gettime(0x0, &(0x7f0000000380)={<r11=>0x0, <r12=>0x0})
sendmsg$can_bcm(r7, &(0x7f0000000480)={&(0x7f0000000300)={0x1d, r8}, 0x10, &(0x7f0000000440)={&(0x7f00000003c0)={0x1, 0x8a0, 0x400, {r9, r10/1000+60000}, {r11, r12/1000+60000}, {0x1, 0x1, 0x0, 0x1}, 0x1, @can={{0x1, 0x1, 0x0, 0x1}, 0x1, 0x0, 0x0, 0x0, "085ae98a86ced023"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

488.462449ms ago: executing program 2 (id=5528):
unshare(0x64000600)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @broadcast}, {0x0, 0x17c1, 0x8}}}}}, 0x0) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @broadcast}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
close(r1)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18) (async)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18)
accept4(r2, 0x0, 0x0, 0x80000) (async)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r3) (async)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), r3)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x36)

480.536219ms ago: executing program 0 (id=5529):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r1 = socket$inet6(0xa, 0x3, 0xff) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
shutdown(r2, 0x0) (async)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) (async)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) (async)
write(r1, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b36598b8cb08591ffc2467faa14eba6144e8129396", 0x28)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0xc4, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x98, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x70, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x60, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x45, 0x3, "cd4b6abe42031763d02899c77f963d140d7a9d3ac869f3a860917523679abf4579f9cd6564e64066681fb945bfe585ab6933a6f6514a0eebad4e3537b11b37357f"}, @NFTA_TARGET_NAME={0xa, 0x1, 'HMARK\x00'}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xec}, 0x1, 0x0, 0x0, 0x10}, 0x0)

426.830825ms ago: executing program 4 (id=5530):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000329bd7000fddbdf250a0000000500370000000000080039000100000008000600", @ANYRES32=r2, @ANYBLOB="05002e000100270905002a0001000000667e7eb989a722b2d0c29db53df24dc4442f0a99572582f12f276f631ffe735100"/58], 0x3c}, 0x1, 0x0, 0x0, 0x4000010}, 0x20c1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, @multicast2}}, 0x24)
listen(r4, 0x80000000)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB="00c663000000000000000211a8ae59", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='pids.current\x00', 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000001240)=@nat={'nat\x00', 0x1b, 0x5, 0x448, 0x0, 0x2a8, 0xffffffff, 0x2a8, 0x0, 0x3b0, 0x3b0, 0xffffffff, 0x3b0, 0x3b0, 0x5, &(0x7f0000000640), {[{{@ip={@multicast2, @local, 0xff000000, 0xff, 'ip6gretap0\x00', 'macvlan1\x00', {0xff}, {0xff}, 0x1d, 0x3, 0x14}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x10, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @port=0x4e21, @gre_key=0x9}}}}, {{@ip={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff, 0xff000000, 'macvlan1\x00', 'veth1\x00', {0xff}, {}, 0x2, 0x0, 0x5}, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv4=@private=0xa010100, @ipv4=@private=0xa010101, @icmp_id=0x65, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x4e838eefe6ae50b7, 0x1}}, @common=@ttl={{0x28}, {0x0, 0x3}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @local, 0x7, 0xa, [0x2c, 0xa, 0xc, 0x1, 0x26, 0x1d, 0x26, 0xe, 0x3c, 0x33, 0x20, 0x15, 0xe, 0x36, 0x9, 0x8], 0x1, 0x3, 0x1000100000000000}}}, {{@uncond, 0x0, 0xd0, 0x108, 0x0, {}, [@common=@set={{0x40}, {{0x4, [0x3, 0x2, 0x2, 0x0, 0x2, 0x4], 0x6}}}, @common=@socket0={{0x20}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0xd, @remote, @private=0xa010101, @gre_key=0x7f, @gre_key=0xfff9}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a8)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad44b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000740)=ANY=[@ANYRESDEC=r9], 0x60}], 0x1, 0x8001)
setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_DEFAULT_RATE={0x0, 0x6, 0x4}, @TCA_FQ_TIMER_SLACK={0x0, 0xd, 0x2b3}]}}]}, 0x48}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454ce, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r5, @ANYBLOB="0300000000000000000000000000e3cd347e9d08", @ANYRES32=0x0, @ANYBLOB="030000000500"/24], 0x50)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
socket$kcm(0x10, 0x2, 0x0)

332.726985ms ago: executing program 0 (id=5531):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="b40000000000f3ff7910900000000000630000000000000095000000000000008d92133deb6af19a615221a5e9c1c30b6e95cc8fea035580b99721396dc8eb6d5df6dc9e699a633176330ff919676a6af14926d2972f96f1b3b7e18b030df52a4f7a1c2f51146019dbb20ca845aa71fa9b92bea75cad145375cd89be1d82fabf57ee85c5e4129f42d848ed23f5b44542fe5be65239e37e6b198ca137e4432993b4576fa1ecf61a856a521d26758e4ddf6730903b5d22548be0ddaae1e6c1233841b2f6c7e7daef09f949ba0db2a1e1c43aba69adbed02c5d6cf115129ee07e25ca8518500d95e5e3ff3e7503dcf5347bee255eeba0f102d4c4c415eb56239c523a4dde580ed459f309797655222077a0442fb4"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11}, 0x94)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
accept$nfc_llcp(r1, &(0x7f0000000000), &(0x7f0000000080)=0x60)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, 0x0)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x20004040)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x1290, 0xffffffff, 0x98, 0x11a8, 0x98, 0xffffffff, 0xffffffff, 0x1240, 0x1240, 0x1240, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'netpci0\x00', 'team_slave_1\x00'}, 0x287, 0x10a0, 0x10c8, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x1, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}]}, @REJECT={0x28}}, {{@ip={@dev, @broadcast, 0x0, 0x0, 'veth1_to_team\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x12f0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
unshare(0x8000400)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, 0x0, 0x4010)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x44, r7, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x44}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="61df712bc884fed5722780b6c2a7", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

95.431028ms ago: executing program 4 (id=5532):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
nanosleep(0x0, &(0x7f0000000c00))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0x27, 0xe, 0x0, &(0x7f0000000dc0)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmmsg$inet_sctp(r0, &(0x7f0000003f40)=[{&(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)="1c", 0x1}], 0x1, &(0x7f0000000200)=[@init={0x18, 0x84, 0x0, {0xc71f, 0xfff, 0x8, 0xc4}}], 0x18, 0x48060}], 0x1, 0x200000d0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r5}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r6}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000500)='signal_generate\x00', r6, 0x0, 0x81}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r10, 0x0, 0x0}, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x2c, r11, 0x1, 0x0, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r7, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)={0x5c, r11, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r4, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)

0s ago: executing program 1 (id=5533):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000002, 0x42073, 0xffffffffffffffff, 0xaba00000)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000300)=0x1, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x20, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
getsockopt$netlink(r2, 0x10e, 0xb, 0x0, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

ommand 0x0406 tx timeout
[  611.161483][T17202] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  611.189456][T17202] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  611.216561][T17216] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4561'.
[  611.300550][T17202] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  611.323806][T17202] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  611.460307][T17223] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4565'.
[  611.564178][ T2939] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  611.590106][ T2939] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  611.613837][ T2968] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  611.622500][ T2968] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  611.642570][ T2968] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  611.652712][ T2968] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  611.713261][ T7085] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  611.721681][ T7085] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  612.054064][T17245] netlink: 'syz.2.4574': attribute type 39 has an invalid length.
[  613.004979][T17299] netlink: 'syz.4.4601': attribute type 39 has an invalid length.
[  613.302494][T17314] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4609'.
[  613.465006][T17327] netlink: 'syz.1.4616': attribute type 39 has an invalid length.
[  613.504140][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  613.533529][T17331] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4617'.
[  613.573640][T17331] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.581803][T17331] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.601233][T17331] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  613.621651][T17331] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.682241][T17341] netlink: 'syz.4.4617': attribute type 7 has an invalid length.
[  613.964186][T17355] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4626'.
[  613.981731][T17354] netlink: 'syz.1.4627': attribute type 39 has an invalid length.
[  614.020347][T17355] netlink: 'syz.4.4626': attribute type 7 has an invalid length.
[  614.055467][T17358] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4628'.
[  614.499537][T17379] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.536086][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  614.774053][T17379] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.893002][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4645'.
[  614.904727][T17379] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  614.934953][T17393] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  614.965473][T17393] batman_adv: batadv0: Removing interface: batadv_slave_0
[  614.997531][T17393] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  615.009268][T17393] batman_adv: batadv0: Removing interface: batadv_slave_1
[  615.040464][T17379] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  615.070506][T17398] netlink: 'syz.0.4645': attribute type 6 has an invalid length.
[  615.151918][ T2137] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.203000][ T2968] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.229106][ T2968] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.274107][ T7085] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.576563][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  616.161999][T17441] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4667'.
[  616.338266][T17447] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.496127][T17447] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.594353][T17447] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.694422][T17447] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.729373][T17469] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4680'.
[  616.893686][T17476] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4682'.
[  616.915691][ T7085] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  616.977895][ T2968] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  617.049878][ T7085] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  617.109032][ T2968] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  617.245200][T17486] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4689'.
[  617.417733][T17498] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4695'.
[  617.737681][T17514] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4703'.
[  617.887708][T17515] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  617.905469][T17515] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.034935][T17515] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  618.058203][T17515] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.128919][T17530] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4709'.
[  618.148981][T17532] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4710'.
[  618.178451][T17515] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  618.188613][T17515] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.318941][T17515] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  618.365552][T17515] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.393988][T17537] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4711'.
[  618.419982][T17540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4713'.
[  618.439212][T17540] bridge_slave_1: left allmulticast mode
[  618.460670][T17540] bridge_slave_1: left promiscuous mode
[  618.486124][T17540] bridge0: port 2(bridge_slave_1) entered disabled state
[  618.510866][T17540] bridge_slave_0: left allmulticast mode
[  618.526179][T17540] bridge_slave_0: left promiscuous mode
[  618.534441][T17540] bridge0: port 1(bridge_slave_0) entered disabled state
[  618.946321][T17560] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4721'.
[  619.261014][ T2968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  620.299757][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  620.623558][   T59] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  620.642372][   T59] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  620.783891][T17515] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  620.805987][T17515] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.335990][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  621.829953][T17608] __nla_validate_parse: 3 callbacks suppressed
[  621.829971][T17608] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4738'.
[  622.283886][T17635] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4750'.
[  622.477741][T17645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4753'.
[  622.543000][T17645] netlink: 'syz.4.4753': attribute type 6 has an invalid length.
[  622.648418][T17650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4755'.
[  622.670281][T17650] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  622.681641][T17650] batman_adv: batadv0: Removing interface: batadv_slave_0
[  622.709097][T17650] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  622.740999][T17650] batman_adv: batadv0: Removing interface: batadv_slave_1
[  622.786822][T17655] netlink: 'syz.3.4755': attribute type 7 has an invalid length.
[  622.984462][T17660] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.088530][T17660] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.110232][T17669] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4762'.
[  623.179245][T17660] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.246573][T17673] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4766'.
[  623.290141][T17660] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.485266][T17681] FAULT_INJECTION: forcing a failure.
[  623.485266][T17681] name failslab, interval 1, probability 0, space 0, times 0
[  623.515956][T17681] CPU: 0 UID: 0 PID: 17681 Comm: syz.2.4768 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  623.515993][T17681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  623.516011][T17681] Call Trace:
[  623.516019][T17681]  <TASK>
[  623.516028][T17681]  dump_stack_lvl+0x189/0x250
[  623.516059][T17681]  ? __pfx____ratelimit+0x10/0x10
[  623.516080][T17681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  623.516105][T17681]  ? __pfx__printk+0x10/0x10
[  623.516127][T17681]  ? __pfx___might_resched+0x10/0x10
[  623.516152][T17681]  ? fs_reclaim_acquire+0x7d/0x100
[  623.516177][T17681]  should_fail_ex+0x414/0x560
[  623.516207][T17681]  should_failslab+0xa8/0x100
[  623.516227][T17681]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  623.516253][T17681]  ? tomoyo_socket_sendmsg_permission+0x1da/0x300
[  623.516276][T17681]  ? __alloc_skb+0x112/0x2d0
[  623.516295][T17681]  ? __sock_sendmsg+0x49/0x270
[  623.516315][T17681]  __alloc_skb+0x112/0x2d0
[  623.516340][T17681]  alloc_skb_with_frags+0xca/0x890
[  623.516375][T17681]  sock_alloc_send_pskb+0x857/0x990
[  623.516420][T17681]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  623.516456][T17681]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  623.516483][T17681]  unix_dgram_sendmsg+0x4f6/0x1870
[  623.516508][T17681]  ? __pfx_tomoyo_check_unix_address+0x10/0x10
[  623.516545][T17681]  ? aa_sk_perm+0x81e/0x950
[  623.516570][T17681]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  623.516599][T17681]  ? aa_sock_msg_perm+0x94/0x160
[  623.516622][T17681]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  623.516661][T17681]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  623.516685][T17681]  __sock_sendmsg+0x219/0x270
[  623.516707][T17681]  __sys_sendto+0x3bd/0x520
[  623.516754][T17681]  ? __pfx___sys_sendto+0x10/0x10
[  623.516773][T17681]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  623.516807][T17681]  ? __fget_files+0x3a0/0x420
[  623.516837][T17681]  ? ksys_write+0x22a/0x250
[  623.516864][T17681]  ? __pfx_ksys_write+0x10/0x10
[  623.516895][T17681]  ? rcu_is_watching+0x15/0xb0
[  623.516925][T17681]  __x64_sys_sendto+0xde/0x100
[  623.516951][T17681]  do_syscall_64+0xfa/0x3b0
[  623.516976][T17681]  ? lockdep_hardirqs_on+0x9c/0x150
[  623.516995][T17681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.517012][T17681]  ? clear_bhb_loop+0x60/0xb0
[  623.517034][T17681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.517056][T17681] RIP: 0033:0x7f4ebeb8e929
[  623.517077][T17681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.517092][T17681] RSP: 002b:00007f4ebf93d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  623.517111][T17681] RAX: ffffffffffffffda RBX: 00007f4ebedb5fa0 RCX: 00007f4ebeb8e929
[  623.517125][T17681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  623.517136][T17681] RBP: 00007f4ebf93d090 R08: 0000200000000040 R09: 000000000000006e
[  623.517147][T17681] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001
[  623.517158][T17681] R13: 0000000000000000 R14: 00007f4ebedb5fa0 R15: 00007ffdafc61fa8
[  623.517187][T17681]  </TASK>
[  623.667890][ T2939] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  623.875975][T17687] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4770'.
[  624.024903][T17693] netlink: 'syz.3.4774': attribute type 39 has an invalid length.
[  624.074384][ T2939] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  624.089794][T17701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4773'.
[  624.099143][ T2939] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  624.116167][ T2939] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  624.245671][T17704] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4777'.
[  624.296583][ T2968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  624.384652][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  624.607979][T17723] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4783'.
[  624.942575][T17737] netlink: 'syz.2.4788': attribute type 39 has an invalid length.
[  625.336021][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  625.415899][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  625.741558][T17772] netlink: 'syz.0.4802': attribute type 39 has an invalid length.
[  626.376045][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.429382][T17801] netlink: 'syz.0.4814': attribute type 39 has an invalid length.
[  626.434148][T17798] bridge1: entered allmulticast mode
[  626.455875][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  626.464221][ T5880] Bluetooth: hci1: command 0x0406 tx timeout
[  627.043960][T17826] __nla_validate_parse: 3 callbacks suppressed
[  627.043979][T17826] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4823'.
[  627.225085][T17833] netlink: 'syz.1.4826': attribute type 39 has an invalid length.
[  627.274181][T17837] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4828'.
[  627.534010][T17852] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4836'.
[  627.578283][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  627.642204][T17860] netlink: 'syz.1.4839': attribute type 39 has an invalid length.
[  627.705384][T17863] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4840'.
[  627.753138][T17868] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.4841'.
[  627.754421][T17865] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.4841'.
[  627.788151][T17867] netlink: 116 bytes leftover after parsing attributes in process `syz.1.4842'.
[  627.891824][T17877] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4843'.
[  628.066007][T17887] netlink: 388 bytes leftover after parsing attributes in process `syz.0.4850'.
[  628.073162][T17889] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4849'.
[  628.209305][T17893] netlink: 'syz.3.4852': attribute type 39 has an invalid length.
[  628.615992][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  628.670106][T17928] netlink: 'syz.0.4867': attribute type 39 has an invalid length.
[  629.259418][T17964] netlink: 'syz.4.4881': attribute type 39 has an invalid length.
[  629.655951][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  629.797922][T18005] netlink: 'syz.3.4894': attribute type 39 has an invalid length.
[  629.849502][T18002] syz.2.4893 (18002) used greatest stack depth: 16776 bytes left
[  630.360026][T18032] netlink: 'syz.4.4906': attribute type 39 has an invalid length.
[  630.776851][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  631.815975][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  632.859576][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  633.649758][T18115] __nla_validate_parse: 10 callbacks suppressed
[  633.649778][T18115] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4932'.
[  633.836941][T18119] netlink: 'syz.1.4934': attribute type 4 has an invalid length.
[  634.618174][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  635.075206][T18143] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4944'.
[  635.293339][T18147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4946'.
[  635.898188][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  636.935981][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  637.067361][T18172] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  637.215845][T18179] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4955'.
[  637.453623][T18185] netlink: 'syz.1.4957': attribute type 303 has an invalid length.
[  637.482434][T18185] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4957'.
[  637.986001][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  638.167055][T18200] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4963'.
[  638.192071][T18204] netlink: 'syz.1.4965': attribute type 84 has an invalid length.
[  638.222321][T18205] netlink: 316 bytes leftover after parsing attributes in process `syz.4.4963'.
[  638.249908][T18207] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4966'.
[  639.890222][T18245] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4977'.
[  640.388461][ T2137] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  641.416694][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  641.820530][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  642.310537][T18294] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4990'.
[  642.456075][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  642.469308][T18302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4991'.
[  642.501560][T18302] netem: change failed
[  642.553939][T18302] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4991'.
[  644.718282][T18333] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5003'.
[  644.960214][T18342] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5007'.
[  645.312336][T18360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5014'.
[  645.322017][T18360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5014'.
[  645.331741][T18360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5014'.
[  645.378047][T18364] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5015'.
[  645.862332][T18380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5021'.
[  645.895722][T18380] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5021'.
[  645.945909][T18380] netlink: 'syz.1.5021': attribute type 18 has an invalid length.
[  645.954071][T18380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5021'.
[  646.138307][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  646.393775][T18396] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5026'.
[  646.858457][T18409] netlink: 'syz.3.5031': attribute type 1 has an invalid length.
[  646.966889][T18409] 8021q: adding VLAN 0 to HW filter on device bond2
[  646.985140][T18410] bond2: (slave ip6gretap1): making interface the new active one
[  646.994243][T18410] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  647.176146][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.222536][T18431] vlan1: entered allmulticast mode
[  648.228136][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.265865][T18431] veth0_vlan: entered allmulticast mode
[  648.315257][T18433] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5035'.
[  648.714136][ T7085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.742947][ T7085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.837642][T18454] geneve1: entered promiscuous mode
[  648.869189][T18454] geneve1: left promiscuous mode
[  650.059122][T18485] __nla_validate_parse: 4 callbacks suppressed
[  650.059141][T18485] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5054'.
[  650.360539][T18500] netlink: 164 bytes leftover after parsing attributes in process `syz.3.5058'.
[  650.387903][T18500] netlink: 'syz.3.5058': attribute type 1 has an invalid length.
[  650.455609][T18500] 8021q: adding VLAN 0 to HW filter on device bond3
[  650.547445][T18505] bond3: (slave veth3): Enslaving as an active interface with a down link
[  650.583242][T18502] bridge1: entered promiscuous mode
[  650.640563][T18497] bond3: (slave veth0_to_bond): making interface the new active one
[  650.689854][T18497] veth0_to_bond: entered promiscuous mode
[  650.696439][T18497] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  651.189802][ T7085] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.431695][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  651.440802][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  651.449111][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  651.469974][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  651.477701][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  651.545432][T18524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5065'.
[  651.734490][T18529] tipc: Started in network mode
[  651.748816][T18529] tipc: Node identity 9a7f5efff1cd, cluster identity 4711
[  651.767800][T18529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  651.795357][T18533] syzkaller0: entered promiscuous mode
[  651.805364][T18533] syzkaller0: entered allmulticast mode
[  651.859855][T18529] tipc: Resetting bearer <eth:syzkaller0>
[  651.873614][T18527] tipc: Resetting bearer <eth:syzkaller0>
[  651.897691][T18527] tipc: Disabling bearer <eth:syzkaller0>
[  651.986997][T18544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5072'.
[  652.215954][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  652.522230][T18521] chnl_net:caif_netlink_parms(): no params data found
[  652.533704][T18561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5077'.
[  652.818327][T18521] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.834879][T18521] bridge0: port 1(bridge_slave_0) entered disabled state
[  652.861341][T18521] bridge_slave_0: entered allmulticast mode
[  652.882906][T18521] bridge_slave_0: entered promiscuous mode
[  652.920530][T18521] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.929010][T18521] bridge0: port 2(bridge_slave_1) entered disabled state
[  652.943034][T18521] bridge_slave_1: entered allmulticast mode
[  652.958334][T18521] bridge_slave_1: entered promiscuous mode
[  653.065301][T18521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  653.093585][T18521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  653.191180][T18521] team0: Port device team_slave_0 added
[  653.237732][T18521] team0: Port device team_slave_1 added
[  653.255959][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.403096][T18521] batman_adv: batadv0: Adding interface: batadv_slave_0
[  653.425962][T18587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5083'.
[  653.430560][T18521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  653.506235][ T5880] Bluetooth: hci4: command tx timeout
[  653.515938][T18521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  653.548347][T18521] batman_adv: batadv0: Adding interface: batadv_slave_1
[  653.565257][T18521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  653.572847][T18583] netlink: 'syz.4.5083': attribute type 7 has an invalid length.
[  653.599368][T18521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  653.744971][T18521] hsr_slave_0: entered promiscuous mode
[  653.752387][T18521] hsr_slave_1: entered promiscuous mode
[  653.762493][T18521] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  653.770651][T18521] Cannot create hsr debugfs directory
[  653.803749][T18598] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5088'.
[  654.064985][T18521] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.172710][T18521] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.285664][T18521] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.348983][T18623] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5096'.
[  654.382946][T18623] netlink: 'syz.4.5096': attribute type 7 has an invalid length.
[  654.513891][T18521] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.649118][T18632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5099'.
[  654.764387][T18521] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  654.781642][T18521] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  654.804093][T18521] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  654.830953][T18521] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  655.079937][T18521] 8021q: adding VLAN 0 to HW filter on device bond0
[  655.085055][T18658] netlink: 'syz.1.5106': attribute type 13 has an invalid length.
[  655.105680][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.116358][T18658] netlink: 'syz.1.5106': attribute type 17 has an invalid length.
[  655.125327][T18659] bridge_slave_0: left allmulticast mode
[  655.161992][T18659] bridge_slave_0: left promiscuous mode
[  655.173421][T18659] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.219341][T18659] bridge_slave_1: left allmulticast mode
[  655.239011][T18659] bridge_slave_1: left promiscuous mode
[  655.245130][T18659] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.266167][T18659] bond0: (slave bond_slave_0): Releasing backup interface
[  655.289690][T18659] bond0: (slave bond_slave_1): Releasing backup interface
[  655.330565][T18659] team0: Port device team_slave_0 removed
[  655.354273][T18659] team0: Port device team_slave_1 removed
[  655.380656][T18664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  655.404092][T18521] 8021q: adding VLAN 0 to HW filter on device team0
[  655.473682][T18664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  655.576524][ T5880] Bluetooth: hci4: command tx timeout
[  655.594279][T18669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5108'.
[  655.608342][T18664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  655.633015][T18658] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  655.731272][T18672] netlink: 'syz.4.5108': attribute type 7 has an invalid length.
[  655.839501][ T7085] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.846746][ T7085] bridge0: port 1(bridge_slave_0) entered forwarding state
[  655.869516][    T9] syz!: Port: 1 Link DOWN
[  655.929691][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.936932][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  656.136323][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.388113][T18692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5112'.
[  656.579941][T18521] 8021q: adding VLAN 0 to HW filter on device batadv0
[  656.649570][T18521] veth0_vlan: entered promiscuous mode
[  656.682328][T18521] veth1_vlan: entered promiscuous mode
[  656.724899][T18521] veth0_macvtap: entered promiscuous mode
[  656.743172][T18521] veth1_macvtap: entered promiscuous mode
[  656.782170][T18521] batman_adv: batadv0: Interface activated: batadv_slave_0
[  656.797733][T18521] batman_adv: batadv0: Interface activated: batadv_slave_1
[  656.993290][T18706] openvswitch: netlink: Missing key (keys=40, expected=80)
[  657.045159][ T7085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  657.062776][T18709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5116'.
[  657.071936][ T7085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  657.072007][ T7085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  657.072042][ T7085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  657.176361][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  657.178329][ T5880] Bluetooth: hci3: command 0x0406 tx timeout
[  657.313224][ T7085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.322028][ T7085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.389427][ T2989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  657.407057][ T2989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  657.718606][T18718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5121'.
[  657.730683][T18718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  657.742097][T18718] batman_adv: batadv0: Removing interface: batadv_slave_0
[  657.752226][T18718] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  657.759929][T18718] batman_adv: batadv0: Removing interface: batadv_slave_1
[  657.798176][T18723] netlink: 'syz.2.5121': attribute type 7 has an invalid length.
[  657.977132][T18727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5123'.
[  658.153523][ T7085] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.296554][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.478128][ T7085] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.629117][T18748] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5130'.
[  658.650844][T18748] vlan2: entered promiscuous mode
[  658.659000][T18748] dummy0: entered promiscuous mode
[  658.759615][ T5875] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  658.768952][ T5875] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  658.778235][ T5875] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  658.795243][ T5875] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  658.804276][ T5875] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  658.964342][ T7085] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.031613][T18753] netlink: 3 bytes leftover after parsing attributes in process `syz.0.5131'.
[  659.241710][ T7085] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.336092][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.523937][T18763] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5134'.
[  659.719530][ T7085] bridge_slave_1: left allmulticast mode
[  659.725472][ T7085] bridge_slave_1: left promiscuous mode
[  659.731811][ T7085] bridge0: port 2(bridge_slave_1) entered disabled state
[  659.748338][ T7085] bridge_slave_0: left allmulticast mode
[  659.754121][ T7085] bridge_slave_0: left promiscuous mode
[  659.761160][ T7085] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.105590][ T7085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  660.117510][ T7085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  660.129459][ T7085] bond0 (unregistering): Released all slaves
[  660.376023][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.455955][ T5880] Bluetooth: hci3: command 0x0406 tx timeout
[  660.857463][   T51] Bluetooth: hci4: command tx timeout
[  660.901291][T18798] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5143'.
[  660.926712][ T7085] hsr_slave_0: left promiscuous mode
[  660.946589][ T7085] hsr_slave_1: left promiscuous mode
[  660.954224][ T7085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  660.962781][ T7085] batman_adv: batadv0: Removing interface: batadv_slave_0
[  660.972153][ T7085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  660.979985][ T7085] batman_adv: batadv0: Removing interface: batadv_slave_1
[  661.007975][ T7085] veth1_macvtap: left promiscuous mode
[  661.013680][ T7085] veth0_macvtap: left promiscuous mode
[  661.020060][ T7085] veth1_vlan: left promiscuous mode
[  661.025553][ T7085] veth0_vlan: left promiscuous mode
[  661.357633][T18814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5148'.
[  661.502597][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.952865][ T7085] team0 (unregistering): Port device team_slave_1 removed
[  662.019667][ T7085] team0 (unregistering): Port device team_slave_0 removed
[  662.466548][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.490575][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.510379][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.520559][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.530219][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.539449][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.556466][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.571526][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.587808][T18822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5150'.
[  662.631249][T18750] chnl_net:caif_netlink_parms(): no params data found
[  662.936492][   T51] Bluetooth: hci4: command tx timeout
[  662.953737][T18750] bridge0: port 1(bridge_slave_0) entered blocking state
[  662.980275][T18750] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.992615][T18750] bridge_slave_0: entered allmulticast mode
[  663.000687][T18750] bridge_slave_0: entered promiscuous mode
[  663.036464][T18750] bridge0: port 2(bridge_slave_1) entered blocking state
[  663.044237][T18750] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.053112][T18750] bridge_slave_1: entered allmulticast mode
[  663.069968][T18750] bridge_slave_1: entered promiscuous mode
[  663.170264][T18750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  663.194218][T18750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  663.271583][T18750] team0: Port device team_slave_0 added
[  663.301400][T18750] team0: Port device team_slave_1 added
[  663.371938][T18750] batman_adv: batadv0: Adding interface: batadv_slave_0
[  663.383751][T18750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.424097][T18750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  663.441099][T18750] batman_adv: batadv0: Adding interface: batadv_slave_1
[  663.448645][T18750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  663.474777][T18750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  663.564698][T18750] hsr_slave_0: entered promiscuous mode
[  663.572016][T18750] hsr_slave_1: entered promiscuous mode
[  663.577820][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.587492][T18750] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  663.595045][T18750] Cannot create hsr debugfs directory
[  663.910863][ T2989] veth0_to_bond: left promiscuous mode
[  664.054575][T18869] geneve2: entered allmulticast mode
[  664.323097][T18878] C: renamed from lo
[  664.384284][T18878] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  664.668015][T18750] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  664.695092][T18750] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  664.723914][T18750] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  664.746475][T18750] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  664.882357][T18750] 8021q: adding VLAN 0 to HW filter on device bond0
[  664.993573][T18750] 8021q: adding VLAN 0 to HW filter on device team0
[  665.014339][T18909] vlan2: entered allmulticast mode
[  665.023243][   T51] Bluetooth: hci4: command tx timeout
[  665.033357][T18909] veth1: entered allmulticast mode
[  665.062583][ T2968] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.069823][ T2968] bridge0: port 1(bridge_slave_0) entered forwarding state
[  665.097575][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.104771][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.618190][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.102840][   T51] Bluetooth: hci4: command tx timeout
[  667.222410][T18941] __nla_validate_parse: 68 callbacks suppressed
[  667.222428][T18941] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5182'.
[  667.249331][T18750] 8021q: adding VLAN 0 to HW filter on device batadv0
[  667.250817][T18944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5184'.
[  667.459107][T18750] veth0_vlan: entered promiscuous mode
[  667.518226][T18946] netlink: 'syz.1.5183': attribute type 1 has an invalid length.
[  667.527936][T18946] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5183'.
[  667.544628][T18750] veth1_vlan: entered promiscuous mode
[  667.586300][T18957] netlink: 'syz.4.5187': attribute type 1 has an invalid length.
[  667.619570][T18957] netlink: 784 bytes leftover after parsing attributes in process `syz.4.5187'.
[  667.661074][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.731001][T18750] veth0_macvtap: entered promiscuous mode
[  667.772395][T18750] veth1_macvtap: entered promiscuous mode
[  667.852594][T18750] batman_adv: batadv0: Interface activated: batadv_slave_0
[  667.874845][T18750] batman_adv: batadv0: Interface activated: batadv_slave_1
[  667.947776][ T7085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  667.958973][ T7085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  667.981076][ T7085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  667.994762][ T7085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  668.214312][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.232673][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.401125][ T7085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.419098][ T7085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.696103][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  669.720965][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  669.751651][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  669.766157][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  669.774249][ T5880] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  669.782027][ T5880] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  669.820184][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.543987][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.707743][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.856287][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.865177][T19005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5200'.
[  670.908802][T19002] DRBG: could not allocate digest TFM handle: hmac(sha384)
[  670.959654][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.146683][T19016] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5202'.
[  671.357409][T19021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5205'.
[  671.408292][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.430358][T19020] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5205'.
[  671.670148][T19025] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  671.685125][T18989] chnl_net:caif_netlink_parms(): no params data found
[  671.698833][T19024] tipc: Resetting bearer <eth:syzkaller0>
[  671.818310][ T5880] Bluetooth: hci4: command tx timeout
[  671.896655][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.975473][T19029] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5207'.
[  673.018680][ T2137] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.092020][T19024] tipc: Disabling bearer <eth:syzkaller0>
[  673.238083][   T12] bridge_slave_1: left allmulticast mode
[  673.243854][   T12] bridge_slave_1: left promiscuous mode
[  673.256533][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  673.316903][   T12] bridge_slave_0: left allmulticast mode
[  673.322663][   T12] bridge_slave_0: left promiscuous mode
[  673.342409][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  673.715465][T19054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5215'.
[  673.770944][T19057] netlink: 'syz.1.5215': attribute type 1 has an invalid length.
[  673.897048][ T5880] Bluetooth: hci4: command tx timeout
[  673.931885][T19064] netlink: 212296 bytes leftover after parsing attributes in process `syz.1.5215'.
[  674.056038][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  674.065065][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  674.078655][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  674.089152][   T12] bond0 (unregistering): Released all slaves
[  674.111428][T19045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5213'.
[  674.175389][T19057] 8021q: adding VLAN 0 to HW filter on device bond1
[  674.205290][T19064] bond1: (slave gretap1): making interface the new active one
[  674.237891][T19064] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  674.358449][T18989] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.366339][T18989] bridge0: port 1(bridge_slave_0) entered disabled state
[  674.373902][T18989] bridge_slave_0: entered allmulticast mode
[  674.399678][T19075] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5221'.
[  674.404629][T19076] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5221'.
[  674.409818][T18989] bridge_slave_0: entered promiscuous mode
[  674.447338][T18989] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.454716][T18989] bridge0: port 2(bridge_slave_1) entered disabled state
[  674.464612][T18989] bridge_slave_1: entered allmulticast mode
[  674.472759][T18989] bridge_slave_1: entered promiscuous mode
[  674.563699][T18989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  674.577579][T18989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  674.599387][T19079] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5222'.
[  674.653402][T18989] team0: Port device team_slave_0 added
[  674.678879][T18989] team0: Port device team_slave_1 added
[  674.829767][T19086] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5224'.
[  674.994822][T18989] batman_adv: batadv0: Adding interface: batadv_slave_0
[  675.042819][T18989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.096002][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.115883][T18989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  675.139281][T18989] batman_adv: batadv0: Adding interface: batadv_slave_1
[  675.155884][T18989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.226332][T18989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  675.345437][   T12] hsr_slave_0: left promiscuous mode
[  675.358208][   T12] hsr_slave_1: left promiscuous mode
[  675.364329][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  675.382066][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  675.410527][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  675.422711][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  675.486215][   T12] veth1_macvtap: left promiscuous mode
[  675.499553][   T12] veth0_macvtap: left promiscuous mode
[  675.508071][T19108] netlink: 'syz.2.5229': attribute type 1 has an invalid length.
[  675.517701][   T12] veth1_vlan: left promiscuous mode
[  675.534024][   T12] veth0_vlan: left promiscuous mode
[  675.980919][ T5880] Bluetooth: hci4: command tx timeout
[  676.090363][   T12] team0 (unregistering): Port device team_slave_1 removed
[  676.130635][   T12] team0 (unregistering): Port device team_slave_0 removed
[  676.752111][T18989] hsr_slave_0: entered promiscuous mode
[  676.783048][T18989] hsr_slave_1: entered promiscuous mode
[  676.809241][T18989] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  676.846039][T18989] Cannot create hsr debugfs directory
[  677.203383][T19140] tipc: New replicast peer: 255.255.255.31
[  677.209710][T19140] tipc: Enabled bearer <udp:syz2>, priority 10
[  677.288109][T19142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5237'.
[  677.498382][ T2137] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.579358][T19152] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5241'.
[  677.962830][T18989] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  677.979792][T18989] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  677.999204][T18989] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  678.021631][T18989] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  678.055880][ T5880] Bluetooth: hci4: command tx timeout
[  678.197641][T18989] 8021q: adding VLAN 0 to HW filter on device bond0
[  678.205480][T19181] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  678.252578][T18989] 8021q: adding VLAN 0 to HW filter on device team0
[  678.299839][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.307044][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  678.308160][T19183] FAULT_INJECTION: forcing a failure.
[  678.308160][T19183] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  678.335467][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.335466][T19183] CPU: 0 UID: 0 PID: 19183 Comm: syz.0.5249 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  678.335488][T19183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  678.335499][T19183] Call Trace:
[  678.335505][T19183]  <TASK>
[  678.335512][T19183]  dump_stack_lvl+0x189/0x250
[  678.335540][T19183]  ? __pfx____ratelimit+0x10/0x10
[  678.335560][T19183]  ? __pfx_dump_stack_lvl+0x10/0x10
[  678.335585][T19183]  ? __pfx__printk+0x10/0x10
[  678.335604][T19183]  ? __might_fault+0xb0/0x130
[  678.335639][T19183]  should_fail_ex+0x414/0x560
[  678.335665][T19183]  _copy_from_user+0x2d/0xb0
[  678.335683][T19183]  ___sys_sendmsg+0x158/0x2a0
[  678.335710][T19183]  ? __pfx____sys_sendmsg+0x10/0x10
[  678.335773][T19183]  ? __fget_files+0x2a/0x420
[  678.335790][T19183]  ? __fget_files+0x3a0/0x420
[  678.335818][T19183]  __x64_sys_sendmsg+0x19b/0x260
[  678.335844][T19183]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  678.335877][T19183]  ? __pfx_ksys_write+0x10/0x10
[  678.335899][T19183]  ? rcu_is_watching+0x15/0xb0
[  678.335929][T19183]  ? do_syscall_64+0xbe/0x3b0
[  678.335953][T19183]  do_syscall_64+0xfa/0x3b0
[  678.335970][T19183]  ? lockdep_hardirqs_on+0x9c/0x150
[  678.335988][T19183]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.336005][T19183]  ? clear_bhb_loop+0x60/0xb0
[  678.336026][T19183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.336042][T19183] RIP: 0033:0x7f1860f8e929
[  678.336058][T19183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  678.336073][T19183] RSP: 002b:00007f1861ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  678.336092][T19183] RAX: ffffffffffffffda RBX: 00007f18611b5fa0 RCX: 00007f1860f8e929
[  678.336104][T19183] RDX: 0000000020000000 RSI: 0000200000000600 RDI: 0000000000000003
[  678.336115][T19183] RBP: 00007f1861ed7090 R08: 0000000000000000 R09: 0000000000000000
[  678.336126][T19183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  678.336136][T19183] R13: 0000000000000000 R14: 00007f18611b5fa0 R15: 00007ffd13a6d108
[  678.336165][T19183]  </TASK>
[  678.536011][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  678.538731][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state
[  678.579058][T19186] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5250'.
[  678.760505][T19190] rdma_op ffff888077b041f0 conn xmit_rdma 0000000000000000
[  679.165681][T18989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  679.363636][T18989] veth0_vlan: entered promiscuous mode
[  679.487314][T19222] bridge0: port 2(bridge_slave_1) entered disabled state
[  679.496081][T19222] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.576370][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.892462][    T9] IPVS: starting estimator thread 0...
[  679.972486][T19242] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5262'.
[  679.995860][T19239] IPVS: using max 29 ests per chain, 69600 per kthread
[  680.028605][T19242] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5262'.
[  680.438288][T19229] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  680.495477][T18989] veth1_vlan: entered promiscuous mode
[  680.628419][T18989] veth0_macvtap: entered promiscuous mode
[  680.660079][T18989] veth1_macvtap: entered promiscuous mode
[  680.723622][T18989] batman_adv: batadv0: Interface activated: batadv_slave_0
[  680.767503][T18989] batman_adv: batadv0: Interface activated: batadv_slave_1
[  680.801740][ T2939] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  680.828609][ T2939] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  680.854040][ T2939] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  680.873769][ T2939] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  681.068482][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  681.091190][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.203011][ T2939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  681.219891][ T2939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  681.337216][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.120913][ T2939] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.306675][ T2939] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.371573][ T2939] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.385905][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.450369][ T2939] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.578295][ T2939] bridge_slave_1: left allmulticast mode
[  682.583944][ T2939] bridge_slave_1: left promiscuous mode
[  682.590006][ T2939] bridge0: port 2(bridge_slave_1) entered disabled state
[  682.600073][ T2939] bridge_slave_0: left allmulticast mode
[  682.605699][ T2939] bridge_slave_0: left promiscuous mode
[  682.611653][ T2939] bridge0: port 1(bridge_slave_0) entered disabled state
[  683.075144][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  683.099999][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  683.107857][ T2939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  683.108166][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  683.124831][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  683.132540][ T2939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  683.132646][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  683.151752][ T2939] bond0 (unregistering): Released all slaves
[  683.415977][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.427402][T19314] netlink: 'syz.2.5283': attribute type 39 has an invalid length.
[  683.449912][T19312] xt_CT: No such helper "syz0"
[  683.504160][T19314] veth0_macvtap: left promiscuous mode
[  683.762977][T19322] netlink: 'syz.4.5286': attribute type 39 has an invalid length.
[  683.961412][T19307] chnl_net:caif_netlink_parms(): no params data found
[  684.025345][T19327] tipc: New replicast peer: 255.255.255.255
[  684.033402][T19327] tipc: Enabled bearer <udp:syz2>, priority 10
[  684.062593][T19327] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5288'.
[  684.085722][T19327] tipc: Disabling bearer <udp:syz2>
[  684.344591][ T2939] hsr_slave_0: left promiscuous mode
[  684.355363][ T2939] hsr_slave_1: left promiscuous mode
[  684.381491][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  684.393907][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_0
[  684.421639][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  684.438955][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_1
[  684.504191][ T2939] veth1_macvtap: left promiscuous mode
[  684.532417][ T2939] veth0_macvtap: left promiscuous mode
[  684.544008][ T2939] veth1_vlan: left promiscuous mode
[  684.554040][ T2939] veth0_vlan: left promiscuous mode
[  685.181358][   T51] Bluetooth: hci4: command tx timeout
[  685.204773][ T2939] team0 (unregistering): Port device team_slave_1 removed
[  685.243701][ T2939] team0 (unregistering): Port device team_slave_0 removed
[  685.615249][T19342] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5293'.
[  685.639036][T19350] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.738662][T19307] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.748482][T19307] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.756050][T19307] bridge_slave_0: entered allmulticast mode
[  685.764041][T19307] bridge_slave_0: entered promiscuous mode
[  685.775423][T19307] bridge0: port 2(bridge_slave_1) entered blocking state
[  685.782891][T19307] bridge0: port 2(bridge_slave_1) entered disabled state
[  685.792780][T19307] bridge_slave_1: entered allmulticast mode
[  685.799893][T19307] bridge_slave_1: entered promiscuous mode
[  685.809645][T19350] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.887980][T19307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  685.909834][T19307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  685.941436][T19350] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.025060][T19307] team0: Port device team_slave_0 added
[  686.035437][T19307] team0: Port device team_slave_1 added
[  686.091439][T19350] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.112320][T19307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  686.123974][T19307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.154196][T19307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  686.169349][T19307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  686.176416][T19307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.202732][T19307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  686.213470][T19366] netlink: 'syz.1.5298': attribute type 39 has an invalid length.
[  686.287193][T19307] hsr_slave_0: entered promiscuous mode
[  686.303936][T19307] hsr_slave_1: entered promiscuous mode
[  686.317986][T19307] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  686.325604][T19307] Cannot create hsr debugfs directory
[  686.386306][ T2939] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  686.434531][ T2939] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  686.464172][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.504538][T19371] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  686.534207][   T59] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  686.565169][T19368] tipc: Resetting bearer <eth:syzkaller0>
[  687.174004][T19381] xt_CT: No such helper "snmp"
[  687.257517][   T51] Bluetooth: hci4: command tx timeout
[  687.496279][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.549694][   T24] tipc: Node number set to 1806851839
[  688.012349][T19368] tipc: Disabling bearer <eth:syzkaller0>
[  688.120959][ T2137] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  688.183803][T19391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5305'.
[  688.344440][T19399] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5307'.
[  688.536237][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.903342][T19307] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  688.927659][T19307] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  688.956460][T19307] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  688.986456][T19307] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  689.232475][T19307] 8021q: adding VLAN 0 to HW filter on device bond0
[  689.336227][   T51] Bluetooth: hci4: command tx timeout
[  689.381180][T19307] 8021q: adding VLAN 0 to HW filter on device team0
[  689.431758][ T2137] bridge0: port 1(bridge_slave_0) entered blocking state
[  689.438981][ T2137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  689.490471][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state
[  689.497611][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  689.658922][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.957556][T19437] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  690.007071][T19442] FAULT_INJECTION: forcing a failure.
[  690.007071][T19442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  690.035333][T19442] CPU: 0 UID: 0 PID: 19442 Comm: syz.4.5315 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  690.035367][T19442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.035379][T19442] Call Trace:
[  690.035386][T19442]  <TASK>
[  690.035395][T19442]  dump_stack_lvl+0x189/0x250
[  690.035426][T19442]  ? __pfx____ratelimit+0x10/0x10
[  690.035447][T19442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  690.035472][T19442]  ? __pfx__printk+0x10/0x10
[  690.035491][T19442]  ? __might_fault+0xb0/0x130
[  690.035528][T19442]  should_fail_ex+0x414/0x560
[  690.035555][T19442]  _copy_from_iter+0x575/0x16f0
[  690.035591][T19442]  ? __pfx__copy_from_iter+0x10/0x10
[  690.035631][T19442]  ping_v4_sendmsg+0x222/0x1750
[  690.035650][T19442]  ? __lock_acquire+0xab9/0xd20
[  690.035687][T19442]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[  690.035729][T19442]  ? __local_bh_enable_ip+0x12d/0x1c0
[  690.035756][T19442]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.035775][T19442]  ? __local_bh_enable_ip+0x12d/0x1c0
[  690.035803][T19442]  ? inet_sendmsg+0x14f/0x370
[  690.035821][T19442]  ? inet_sendmsg+0x2f4/0x370
[  690.035841][T19442]  __sock_sendmsg+0x19c/0x270
[  690.035863][T19442]  ____sys_sendmsg+0x505/0x830
[  690.035892][T19442]  ? __pfx_____sys_sendmsg+0x10/0x10
[  690.035925][T19442]  ? import_iovec+0x74/0xa0
[  690.035945][T19442]  ___sys_sendmsg+0x21f/0x2a0
[  690.035971][T19442]  ? __pfx____sys_sendmsg+0x10/0x10
[  690.036031][T19442]  ? __fget_files+0x2a/0x420
[  690.036049][T19442]  ? __fget_files+0x3a0/0x420
[  690.036078][T19442]  __x64_sys_sendmsg+0x19b/0x260
[  690.036104][T19442]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  690.036136][T19442]  ? __pfx_ksys_write+0x10/0x10
[  690.036159][T19442]  ? rcu_is_watching+0x15/0xb0
[  690.036189][T19442]  ? do_syscall_64+0xbe/0x3b0
[  690.036212][T19442]  do_syscall_64+0xfa/0x3b0
[  690.036230][T19442]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.036247][T19442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.036264][T19442]  ? clear_bhb_loop+0x60/0xb0
[  690.036285][T19442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.036301][T19442] RIP: 0033:0x7fc2b738e929
[  690.036317][T19442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.036333][T19442] RSP: 002b:00007fc2b821d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  690.036352][T19442] RAX: ffffffffffffffda RBX: 00007fc2b75b5fa0 RCX: 00007fc2b738e929
[  690.036371][T19442] RDX: 0000000020000000 RSI: 0000200000000600 RDI: 0000000000000003
[  690.036383][T19442] RBP: 00007fc2b821d090 R08: 0000000000000000 R09: 0000000000000000
[  690.036394][T19442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.036405][T19442] R13: 0000000000000000 R14: 00007fc2b75b5fa0 R15: 00007ffd8061a7f8
[  690.036434][T19442]  </TASK>
[  690.362816][T19436] tipc: Resetting bearer <eth:syzkaller0>
[  690.447870][T19444] netlink: 'syz.4.5316': attribute type 21 has an invalid length.
[  690.463165][T19444] netlink: 128 bytes leftover after parsing attributes in process `syz.4.5316'.
[  690.706011][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.416010][   T51] Bluetooth: hci4: command tx timeout
[  691.737811][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.777026][T19436] tipc: Disabling bearer <eth:syzkaller0>
[  691.802095][T19444] netlink: 'syz.4.5316': attribute type 5 has an invalid length.
[  691.810290][T19444] netlink: 3 bytes leftover after parsing attributes in process `syz.4.5316'.
[  692.006808][T19307] 8021q: adding VLAN 0 to HW filter on device batadv0
[  692.150677][T19456] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  692.378042][T19307] veth0_vlan: entered promiscuous mode
[  692.412205][T19307] veth1_vlan: entered promiscuous mode
[  692.534699][T19468] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5322'.
[  692.560518][T19307] veth0_macvtap: entered promiscuous mode
[  692.598123][T19307] veth1_macvtap: entered promiscuous mode
[  692.598756][T19468] netlink: 'syz.0.5322': attribute type 7 has an invalid length.
[  692.650221][T19307] batman_adv: batadv0: Interface activated: batadv_slave_0
[  692.680917][T19307] batman_adv: batadv0: Interface activated: batadv_slave_1
[  692.702863][   T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  692.724404][   T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  692.762454][T19474] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5324'.
[  692.780501][   T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  692.801888][   T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  692.975988][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  692.991315][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.166944][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  693.174944][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.179934][T19493] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  693.219261][T19484] tipc: Resetting bearer <eth:syzkaller0>
[  693.278025][T19495] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  693.352913][T19498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5331'.
[  693.414983][T19500] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5333'.
[  694.141656][ T2989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  694.940641][T19484] tipc: Disabling bearer <eth:syzkaller0>
[  694.952345][T19495] hsr0: entered promiscuous mode
[  694.958758][T19498] hsr_slave_0: left promiscuous mode
[  694.966248][T19498] hsr_slave_1: left promiscuous mode
[  695.005255][T19502] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5334'.
[  695.027907][T19506] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5335'.
[  695.063216][T19513] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5336'.
[  695.176005][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.221572][T19520] netlink: 'syz.1.5338': attribute type 39 has an invalid length.
[  695.545417][T19533] netlink: 'syz.0.5341': attribute type 1 has an invalid length.
[  695.555450][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.595559][T19537] unsupported nlmsg_type 40
[  695.848295][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.902813][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.952620][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.191787][   T12] bridge_slave_1: left allmulticast mode
[  696.202346][   T12] bridge_slave_1: left promiscuous mode
[  696.216025][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  696.236914][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  696.259212][   T12] bridge_slave_0: left allmulticast mode
[  696.264894][   T12] bridge_slave_0: left promiscuous mode
[  696.286047][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.818701][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  696.829631][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  696.849736][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  696.887722][ T5880] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  696.915633][ T5880] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  696.944754][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  696.957079][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  696.968098][   T12] bond0 (unregistering): Released all slaves
[  696.991720][T19546] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.006849][T19548] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5348'.
[  697.200859][T19546] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.234312][T19564] netlink: 96 bytes leftover after parsing attributes in process `syz.4.5349'.
[  697.536690][T19581] netlink: 'syz.0.5355': attribute type 10 has an invalid length.
[  697.986719][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.794422][T19546] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.823197][T19581] bridge_slave_1: left allmulticast mode
[  698.830548][T19581] bridge_slave_1: left promiscuous mode
[  698.836412][T19581] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.853124][T19581] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  698.937870][   T51] Bluetooth: hci4: command tx timeout
[  699.018369][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  699.452762][T19546] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.797494][T19598] FAULT_INJECTION: forcing a failure.
[  699.797494][T19598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  699.829856][   T36] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.838423][T19598] CPU: 1 UID: 0 PID: 19598 Comm: syz.0.5360 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  699.838448][T19598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  699.838459][T19598] Call Trace:
[  699.838466][T19598]  <TASK>
[  699.838474][T19598]  dump_stack_lvl+0x189/0x250
[  699.838504][T19598]  ? __pfx____ratelimit+0x10/0x10
[  699.838524][T19598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  699.838549][T19598]  ? __pfx__printk+0x10/0x10
[  699.838569][T19598]  ? __might_fault+0xb0/0x130
[  699.838605][T19598]  should_fail_ex+0x414/0x560
[  699.838632][T19598]  _copy_from_iter+0x1db/0x16f0
[  699.838660][T19598]  ? rcu_is_watching+0x15/0xb0
[  699.838687][T19598]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  699.838715][T19598]  ? __pfx__copy_from_iter+0x10/0x10
[  699.838739][T19598]  ? __build_skb_around+0x257/0x3e0
[  699.838765][T19598]  ? netlink_sendmsg+0x642/0xb30
[  699.838784][T19598]  ? skb_put+0x11b/0x210
[  699.838809][T19598]  netlink_sendmsg+0x6b2/0xb30
[  699.838839][T19598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  699.838864][T19598]  ? aa_sock_msg_perm+0x94/0x160
[  699.838887][T19598]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  699.838908][T19598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  699.838930][T19598]  __sock_sendmsg+0x219/0x270
[  699.838952][T19598]  ____sys_sendmsg+0x505/0x830
[  699.838981][T19598]  ? __pfx_____sys_sendmsg+0x10/0x10
[  699.839014][T19598]  ? import_iovec+0x74/0xa0
[  699.839035][T19598]  ___sys_sendmsg+0x21f/0x2a0
[  699.839061][T19598]  ? __pfx____sys_sendmsg+0x10/0x10
[  699.839122][T19598]  ? __fget_files+0x2a/0x420
[  699.839140][T19598]  ? __fget_files+0x3a0/0x420
[  699.839169][T19598]  __x64_sys_sendmsg+0x19b/0x260
[  699.839196][T19598]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  699.839229][T19598]  ? __pfx_ksys_write+0x10/0x10
[  699.839251][T19598]  ? rcu_is_watching+0x15/0xb0
[  699.839280][T19598]  ? do_syscall_64+0xbe/0x3b0
[  699.839304][T19598]  do_syscall_64+0xfa/0x3b0
[  699.839331][T19598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.839347][T19598]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  699.839364][T19598]  ? clear_bhb_loop+0x60/0xb0
[  699.839386][T19598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.839402][T19598] RIP: 0033:0x7f1860f8e929
[  699.839419][T19598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  699.839434][T19598] RSP: 002b:00007f1861ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  699.839453][T19598] RAX: ffffffffffffffda RBX: 00007f18611b5fa0 RCX: 00007f1860f8e929
[  699.839465][T19598] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  699.839477][T19598] RBP: 00007f1861ed7090 R08: 0000000000000000 R09: 0000000000000000
[  699.839487][T19598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.839498][T19598] R13: 0000000000000000 R14: 00007f18611b5fa0 R15: 00007ffd13a6d108
[  699.839527][T19598]  </TASK>
[  700.129019][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.146926][T19600] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5360'.
[  700.166467][T19601] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5361'.
[  700.239339][T19603] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5362'.
[  700.276942][   T36] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  700.336591][T19605] FAULT_INJECTION: forcing a failure.
[  700.336591][T19605] name failslab, interval 1, probability 0, space 0, times 0
[  700.423600][ T2939] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  700.432588][T19605] CPU: 0 UID: 0 PID: 19605 Comm: syz.1.5363 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  700.432605][T19605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.432611][T19605] Call Trace:
[  700.432615][T19605]  <TASK>
[  700.432621][T19605]  dump_stack_lvl+0x189/0x250
[  700.432641][T19605]  ? __pfx____ratelimit+0x10/0x10
[  700.432653][T19605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.432667][T19605]  ? __pfx__printk+0x10/0x10
[  700.432679][T19605]  ? __pfx___might_resched+0x10/0x10
[  700.432694][T19605]  ? fs_reclaim_acquire+0x7d/0x100
[  700.432709][T19605]  should_fail_ex+0x414/0x560
[  700.432724][T19605]  should_failslab+0xa8/0x100
[  700.432736][T19605]  __kmalloc_noprof+0xcb/0x4f0
[  700.432744][T19605]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  700.432758][T19605]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  700.432776][T19605]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  700.432795][T19605]  genl_family_rcv_msg_doit+0xb8/0x300
[  700.432825][T19605]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  700.432841][T19605]  ? rcu_is_watching+0x15/0xb0
[  700.432857][T19605]  ? apparmor_capable+0x137/0x1b0
[  700.432872][T19605]  ? bpf_lsm_capable+0x9/0x20
[  700.432881][T19605]  ? security_capable+0x7e/0x2e0
[  700.432896][T19605]  genl_rcv_msg+0x60e/0x790
[  700.432914][T19605]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.432926][T19605]  ? ref_tracker_free+0x63a/0x7d0
[  700.432938][T19605]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  700.432952][T19605]  ? __pfx_ref_tracker_free+0x10/0x10
[  700.432974][T19605]  netlink_rcv_skb+0x208/0x470
[  700.432987][T19605]  ? __pfx_genl_rcv_msg+0x10/0x10
[  700.433001][T19605]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  700.433023][T19605]  ? down_read+0x1ad/0x2e0
[  700.433037][T19605]  genl_rcv+0x28/0x40
[  700.433049][T19605]  netlink_unicast+0x75b/0x8d0
[  700.433066][T19605]  netlink_sendmsg+0x805/0xb30
[  700.433084][T19605]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.433097][T19605]  ? aa_sock_msg_perm+0x94/0x160
[  700.433111][T19605]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  700.433122][T19605]  ? __pfx_netlink_sendmsg+0x10/0x10
[  700.433134][T19605]  __sock_sendmsg+0x219/0x270
[  700.433147][T19605]  ____sys_sendmsg+0x505/0x830
[  700.433163][T19605]  ? __pfx_____sys_sendmsg+0x10/0x10
[  700.433182][T19605]  ? import_iovec+0x74/0xa0
[  700.433193][T19605]  ___sys_sendmsg+0x21f/0x2a0
[  700.433208][T19605]  ? __pfx____sys_sendmsg+0x10/0x10
[  700.433244][T19605]  ? __fget_files+0x2a/0x420
[  700.433255][T19605]  ? __fget_files+0x3a0/0x420
[  700.433271][T19605]  __x64_sys_sendmsg+0x19b/0x260
[  700.433286][T19605]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  700.433305][T19605]  ? __pfx_ksys_write+0x10/0x10
[  700.433318][T19605]  ? rcu_is_watching+0x15/0xb0
[  700.433334][T19605]  ? do_syscall_64+0xbe/0x3b0
[  700.433348][T19605]  do_syscall_64+0xfa/0x3b0
[  700.433359][T19605]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.433369][T19605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.433378][T19605]  ? clear_bhb_loop+0x60/0xb0
[  700.433390][T19605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.433400][T19605] RIP: 0033:0x7f4f96d8e929
[  700.433410][T19605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.433419][T19605] RSP: 002b:00007f4f97b50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  700.433430][T19605] RAX: ffffffffffffffda RBX: 00007f4f96fb5fa0 RCX: 00007f4f96d8e929
[  700.433437][T19605] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  700.433443][T19605] RBP: 00007f4f97b50090 R08: 0000000000000000 R09: 0000000000000000
[  700.433449][T19605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.433455][T19605] R13: 0000000000000000 R14: 00007f4f96fb5fa0 R15: 00007ffc15b64c88
[  700.433471][T19605]  </TASK>
[  700.589422][   T59] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  700.841468][T19611] delete_channel: no stack
[  700.880536][   T12] hsr_slave_0: left promiscuous mode
[  700.906201][T19615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  700.926011][   T12] hsr_slave_1: left promiscuous mode
[  700.932191][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  700.949273][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  700.959843][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  700.970925][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  700.996013][   T12] veth1_macvtap: left promiscuous mode
[  701.001584][   T12] veth0_macvtap: left promiscuous mode
[  701.007407][   T12] veth1_vlan: left promiscuous mode
[  701.013279][   T12] veth0_vlan: left promiscuous mode
[  701.018703][   T51] Bluetooth: hci4: command tx timeout
[  701.177839][ T2137] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  701.560323][   T12] team0 (unregistering): Port device team_slave_1 removed
[  701.601753][   T12] team0 (unregistering): Port device team_slave_0 removed
[  701.990686][T19632] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  702.216027][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.243896][T19639] netlink: 'syz.2.5369': attribute type 13 has an invalid length.
[  702.272475][T19639] netlink: 'syz.2.5369': attribute type 17 has an invalid length.
[  702.469220][T19654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5369'.
[  702.507234][T19639] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  702.558841][T19656] netlink: 96 bytes leftover after parsing attributes in process `syz.4.5374'.
[  702.602653][T19639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.662073][T19559] chnl_net:caif_netlink_parms(): no params data found
[  702.692738][T19639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  702.724983][T19660] FAULT_INJECTION: forcing a failure.
[  702.724983][T19660] name failslab, interval 1, probability 0, space 0, times 0
[  702.756143][T19660] CPU: 0 UID: 0 PID: 19660 Comm: syz.4.5375 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  702.756171][T19660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  702.756182][T19660] Call Trace:
[  702.756189][T19660]  <TASK>
[  702.756198][T19660]  dump_stack_lvl+0x189/0x250
[  702.756229][T19660]  ? __pfx____ratelimit+0x10/0x10
[  702.756250][T19660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  702.756275][T19660]  ? __pfx__printk+0x10/0x10
[  702.756301][T19660]  ? ref_tracker_alloc+0x318/0x460
[  702.756327][T19660]  should_fail_ex+0x414/0x560
[  702.756353][T19660]  should_failslab+0xa8/0x100
[  702.756374][T19660]  kmem_cache_alloc_noprof+0x73/0x3c0
[  702.756399][T19660]  ? skb_clone+0x212/0x3a0
[  702.756428][T19660]  skb_clone+0x212/0x3a0
[  702.756455][T19660]  __netlink_deliver_tap+0x404/0x850
[  702.756490][T19660]  ? netlink_deliver_tap+0x2e/0x1b0
[  702.756512][T19660]  netlink_deliver_tap+0x19c/0x1b0
[  702.756534][T19660]  netlink_unicast+0x72f/0x8d0
[  702.756565][T19660]  netlink_sendmsg+0x805/0xb30
[  702.756595][T19660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  702.756619][T19660]  ? aa_sock_msg_perm+0x94/0x160
[  702.756642][T19660]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  702.756663][T19660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  702.756684][T19660]  __sock_sendmsg+0x219/0x270
[  702.756714][T19660]  ____sys_sendmsg+0x505/0x830
[  702.756743][T19660]  ? __pfx_____sys_sendmsg+0x10/0x10
[  702.756777][T19660]  ? import_iovec+0x74/0xa0
[  702.756798][T19660]  ___sys_sendmsg+0x21f/0x2a0
[  702.756824][T19660]  ? __pfx____sys_sendmsg+0x10/0x10
[  702.756883][T19660]  ? __fget_files+0x2a/0x420
[  702.756900][T19660]  ? __fget_files+0x3a0/0x420
[  702.756928][T19660]  __x64_sys_sendmsg+0x19b/0x260
[  702.756952][T19660]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  702.756980][T19660]  ? __pfx_ksys_write+0x10/0x10
[  702.756998][T19660]  ? rcu_is_watching+0x15/0xb0
[  702.757024][T19660]  ? do_syscall_64+0xbe/0x3b0
[  702.757043][T19660]  do_syscall_64+0xfa/0x3b0
[  702.757058][T19660]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.757072][T19660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.757086][T19660]  ? clear_bhb_loop+0x60/0xb0
[  702.757104][T19660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.757117][T19660] RIP: 0033:0x7fc2b738e929
[  702.757132][T19660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.757144][T19660] RSP: 002b:00007fc2b821d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  702.757160][T19660] RAX: ffffffffffffffda RBX: 00007fc2b75b5fa0 RCX: 00007fc2b738e929
[  702.757170][T19660] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  702.757180][T19660] RBP: 00007fc2b821d090 R08: 0000000000000000 R09: 0000000000000000
[  702.757188][T19660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  702.757197][T19660] R13: 0000000000000000 R14: 00007fc2b75b5fa0 R15: 00007ffd8061a7f8
[  702.757220][T19660]  </TASK>
[  703.056345][T19639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.215915][   T51] Bluetooth: hci4: command tx timeout
[  703.256011][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.311968][T19669] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5378'.
[  703.335488][T19662] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5375'.
[  703.582080][T19559] bridge0: port 1(bridge_slave_0) entered blocking state
[  703.606040][T19559] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.621444][T19559] bridge_slave_0: entered allmulticast mode
[  703.632588][T19559] bridge_slave_0: entered promiscuous mode
[  703.644680][T19559] bridge0: port 2(bridge_slave_1) entered blocking state
[  703.657066][T19559] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.664709][T19559] bridge_slave_1: entered allmulticast mode
[  703.682899][T19559] bridge_slave_1: entered promiscuous mode
[  704.020656][T19559] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  704.087882][T19559] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  704.182072][T19559] team0: Port device team_slave_0 added
[  704.214802][T19559] team0: Port device team_slave_1 added
[  704.259099][T19559] batman_adv: batadv0: Adding interface: batadv_slave_0
[  704.266605][T19559] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.292874][T19559] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  704.314674][T19559] batman_adv: batadv0: Adding interface: batadv_slave_1
[  704.322568][T19559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  704.348885][T19559] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  704.615606][T19559] hsr_slave_0: entered promiscuous mode
[  704.623817][T19559] hsr_slave_1: entered promiscuous mode
[  704.631852][T19559] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  704.641269][T19559] Cannot create hsr debugfs directory
[  704.647799][T19696] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5385'.
[  704.723000][T19698] netlink: 'syz.1.5386': attribute type 15 has an invalid length.
[  704.826699][T19701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5387'.
[  704.835711][T19701] openvswitch: netlink: Missing key (keys=40, expected=100)
[  705.071681][T19706] FAULT_INJECTION: forcing a failure.
[  705.071681][T19706] name failslab, interval 1, probability 0, space 0, times 0
[  705.087229][T19706] CPU: 1 UID: 0 PID: 19706 Comm: syz.4.5389 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  705.087257][T19706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  705.087268][T19706] Call Trace:
[  705.087275][T19706]  <TASK>
[  705.087284][T19706]  dump_stack_lvl+0x189/0x250
[  705.087314][T19706]  ? __pfx____ratelimit+0x10/0x10
[  705.087334][T19706]  ? __pfx_dump_stack_lvl+0x10/0x10
[  705.087359][T19706]  ? __pfx__printk+0x10/0x10
[  705.087385][T19706]  ? ref_tracker_alloc+0x318/0x460
[  705.087410][T19706]  should_fail_ex+0x414/0x560
[  705.087437][T19706]  should_failslab+0xa8/0x100
[  705.087457][T19706]  kmem_cache_alloc_noprof+0x73/0x3c0
[  705.087482][T19706]  ? skb_clone+0x212/0x3a0
[  705.087512][T19706]  skb_clone+0x212/0x3a0
[  705.087539][T19706]  __netlink_deliver_tap+0x404/0x850
[  705.087574][T19706]  ? netlink_deliver_tap+0x2e/0x1b0
[  705.087596][T19706]  netlink_deliver_tap+0x19c/0x1b0
[  705.087618][T19706]  netlink_unicast+0x72f/0x8d0
[  705.087649][T19706]  netlink_sendmsg+0x805/0xb30
[  705.087681][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  705.087704][T19706]  ? aa_sock_msg_perm+0x94/0x160
[  705.087750][T19706]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  705.087772][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  705.087794][T19706]  __sock_sendmsg+0x219/0x270
[  705.087817][T19706]  ____sys_sendmsg+0x505/0x830
[  705.087847][T19706]  ? __pfx_____sys_sendmsg+0x10/0x10
[  705.087881][T19706]  ? import_iovec+0x74/0xa0
[  705.087903][T19706]  ___sys_sendmsg+0x21f/0x2a0
[  705.087929][T19706]  ? __pfx____sys_sendmsg+0x10/0x10
[  705.087994][T19706]  ? __fget_files+0x2a/0x420
[  705.088012][T19706]  ? __fget_files+0x3a0/0x420
[  705.088042][T19706]  __x64_sys_sendmsg+0x19b/0x260
[  705.088069][T19706]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  705.088103][T19706]  ? __pfx_ksys_write+0x10/0x10
[  705.088126][T19706]  ? rcu_is_watching+0x15/0xb0
[  705.088156][T19706]  ? do_syscall_64+0xbe/0x3b0
[  705.088181][T19706]  do_syscall_64+0xfa/0x3b0
[  705.088203][T19706]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.088222][T19706]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.088239][T19706]  ? clear_bhb_loop+0x60/0xb0
[  705.088262][T19706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.088279][T19706] RIP: 0033:0x7fc2b738e929
[  705.088296][T19706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.088311][T19706] RSP: 002b:00007fc2b821d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  705.088331][T19706] RAX: ffffffffffffffda RBX: 00007fc2b75b5fa0 RCX: 00007fc2b738e929
[  705.088344][T19706] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  705.088356][T19706] RBP: 00007fc2b821d090 R08: 0000000000000000 R09: 0000000000000000
[  705.088368][T19706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  705.088379][T19706] R13: 0000000000000000 R14: 00007fc2b75b5fa0 R15: 00007ffd8061a7f8
[  705.088410][T19706]  </TASK>
[  705.121520][T19559] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  705.269229][   T51] Bluetooth: hci4: command tx timeout
[  705.405329][T19710] veth0_to_bond: entered allmulticast mode
[  705.432714][T19559] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  705.454802][T19559] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  705.488045][T19559] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  705.649339][T19559] 8021q: adding VLAN 0 to HW filter on device bond0
[  705.657414][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  705.729694][T19559] 8021q: adding VLAN 0 to HW filter on device team0
[  705.775458][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.782656][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  705.820145][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.827358][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  706.544016][T19771] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5405'.
[  706.561171][T19559] 8021q: adding VLAN 0 to HW filter on device batadv0
[  706.693004][T19559] veth0_vlan: entered promiscuous mode
[  706.698841][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  706.754875][T19559] veth1_vlan: entered promiscuous mode
[  706.858684][T19780] netlink: 256 bytes leftover after parsing attributes in process `syz.4.5407'.
[  707.139821][T19777] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.183279][T19794] FAULT_INJECTION: forcing a failure.
[  707.183279][T19794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.196985][T19794] CPU: 0 UID: 0 PID: 19794 Comm: syz.2.5410 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  707.197012][T19794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  707.197021][T19794] Call Trace:
[  707.197026][T19794]  <TASK>
[  707.197031][T19794]  dump_stack_lvl+0x189/0x250
[  707.197051][T19794]  ? __pfx____ratelimit+0x10/0x10
[  707.197063][T19794]  ? __pfx_dump_stack_lvl+0x10/0x10
[  707.197077][T19794]  ? __pfx__printk+0x10/0x10
[  707.197088][T19794]  ? __might_fault+0xb0/0x130
[  707.197108][T19794]  should_fail_ex+0x414/0x560
[  707.197124][T19794]  _copy_from_user+0x2d/0xb0
[  707.197134][T19794]  __sys_bpf+0x1ed/0x860
[  707.197148][T19794]  ? __pfx___sys_bpf+0x10/0x10
[  707.197167][T19794]  ? ksys_write+0x22a/0x250
[  707.197183][T19794]  ? __pfx_ksys_write+0x10/0x10
[  707.197197][T19794]  ? rcu_is_watching+0x15/0xb0
[  707.197227][T19794]  __x64_sys_bpf+0x7c/0x90
[  707.197259][T19794]  do_syscall_64+0xfa/0x3b0
[  707.197276][T19794]  ? lockdep_hardirqs_on+0x9c/0x150
[  707.197294][T19794]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.197312][T19794]  ? clear_bhb_loop+0x60/0xb0
[  707.197330][T19794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.197340][T19794] RIP: 0033:0x7f4ebeb8e929
[  707.197350][T19794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  707.197359][T19794] RSP: 002b:00007f4ebf93d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  707.197370][T19794] RAX: ffffffffffffffda RBX: 00007f4ebedb5fa0 RCX: 00007f4ebeb8e929
[  707.197377][T19794] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 000000000000000a
[  707.197383][T19794] RBP: 00007f4ebf93d090 R08: 0000000000000000 R09: 0000000000000000
[  707.197389][T19794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.197395][T19794] R13: 0000000000000000 R14: 00007f4ebedb5fa0 R15: 00007ffdafc61fa8
[  707.197410][T19794]  </TASK>
[  707.421306][T19559] veth0_macvtap: entered promiscuous mode
[  707.523982][T19559] veth1_macvtap: entered promiscuous mode
[  707.710788][T19777] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.739664][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.765140][T19559] batman_adv: batadv0: Interface activated: batadv_slave_0
[  707.815259][T19777] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.840654][T19559] batman_adv: batadv0: Interface activated: batadv_slave_1
[  707.861239][ T2939] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  707.877132][ T2939] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  707.901781][T19777] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.915195][T19811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5415'.
[  707.924406][T19811] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5415'.
[  707.935164][ T2939] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  707.959406][T19811] gretap1: entered promiscuous mode
[  707.971168][T19812] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5415'.
[  707.981346][ T2939] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  707.990422][T19811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5415'.
[  708.018523][T19811] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  708.078667][T19811] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  708.092011][ T2137] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  708.117745][ T2939] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  708.152193][ T2939] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  708.161447][ T2939] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  708.201174][ T2137] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  708.243837][   T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  708.300785][ T2939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  708.327612][ T2939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  708.579739][T19829] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5423'.
[  708.644936][T19831] netlink: 120 bytes leftover after parsing attributes in process `syz.1.5424'.
[  708.691691][T19835] veth0_to_bond: left allmulticast mode
[  708.929890][T19846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5430'.
[  709.093378][T19853] netlink: 'syz.2.5432': attribute type 10 has an invalid length.
[  709.104008][ T7085] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  709.155934][T19854] netlink: 'syz.2.5432': attribute type 10 has an invalid length.
[  709.167903][T19853] bond0: (slave dummy0): Releasing backup interface
[  709.219541][T19853] team0: Failed to send options change via netlink (err -105)
[  709.256225][T19853] team0: Port device dummy0 added
[  709.270397][T19854] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  709.321101][T19854] team0: Failed to send options change via netlink (err -105)
[  709.341617][T19854] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  709.356418][T19854] team0: Port device dummy0 removed
[  709.372158][T19854] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  709.411074][ T7085] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  709.498093][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  709.504476][ T7085] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  709.649791][ T7085] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  709.895555][ T7085] bridge_slave_1: left allmulticast mode
[  709.902299][ T7085] bridge_slave_1: left promiscuous mode
[  709.908228][ T7085] bridge0: port 2(bridge_slave_1) entered disabled state
[  709.918715][ T7085] bridge_slave_0: left allmulticast mode
[  709.924364][ T7085] bridge_slave_0: left promiscuous mode
[  709.930238][ T7085] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.113495][T19874] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  710.155442][T19874] xt_policy: too many policy elements
[  710.536154][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.047889][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  711.057954][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  711.067355][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  711.076810][ T5880] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  711.084556][ T5880] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  711.191448][ T7085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  711.202226][ T7085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  711.212559][ T7085] bond0 (unregistering): Released all slaves
[  711.244695][T19866] netlink: 'syz.1.5434': attribute type 12 has an invalid length.
[  711.337410][T19886] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5438'.
[  711.356247][T19886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5438'.
[  711.368672][T19886] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5438'.
[  711.450552][T19890] FAULT_INJECTION: forcing a failure.
[  711.450552][T19890] name failslab, interval 1, probability 0, space 0, times 0
[  711.476979][T19890] CPU: 0 UID: 0 PID: 19890 Comm: syz.1.5440 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  711.477009][T19890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  711.477020][T19890] Call Trace:
[  711.477028][T19890]  <TASK>
[  711.477036][T19890]  dump_stack_lvl+0x189/0x250
[  711.477075][T19890]  ? __pfx____ratelimit+0x10/0x10
[  711.477096][T19890]  ? __pfx_dump_stack_lvl+0x10/0x10
[  711.477121][T19890]  ? __pfx__printk+0x10/0x10
[  711.477143][T19890]  ? __pfx___might_resched+0x10/0x10
[  711.477168][T19890]  ? fs_reclaim_acquire+0x7d/0x100
[  711.477194][T19890]  should_fail_ex+0x414/0x560
[  711.477221][T19890]  should_failslab+0xa8/0x100
[  711.477242][T19890]  kmem_cache_alloc_noprof+0x73/0x3c0
[  711.477267][T19890]  ? radix_tree_node_alloc+0x7e/0x3a0
[  711.477291][T19890]  radix_tree_node_alloc+0x7e/0x3a0
[  711.477317][T19890]  idr_get_free+0x2b3/0xa70
[  711.477348][T19890]  idr_alloc_u32+0x159/0x2d0
[  711.477373][T19890]  ? __pfx_idr_alloc_u32+0x10/0x10
[  711.477407][T19890]  tcf_idr_check_alloc+0x5de/0x7b0
[  711.477434][T19890]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[  711.477463][T19890]  ? __nla_parse+0x40/0x60
[  711.477482][T19890]  ? load_metalist+0x49a/0x4f0
[  711.477508][T19890]  tcf_ife_init+0x37c/0xd60
[  711.477540][T19890]  ? __pfx_tcf_ife_init+0x10/0x10
[  711.477581][T19890]  ? nla_memcpy+0x5b/0xc0
[  711.477614][T19890]  tcf_action_init_1+0x463/0x6d0
[  711.477639][T19890]  ? __pfx_tcf_action_init_1+0x10/0x10
[  711.477656][T19890]  ? _raw_read_unlock+0x28/0x50
[  711.477674][T19890]  ? tc_action_load_ops+0x214/0x4e0
[  711.477709][T19890]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  711.477733][T19890]  ? __nla_parse+0x40/0x60
[  711.477759][T19890]  tcf_action_init+0x2cf/0xab0
[  711.477789][T19890]  ? __pfx_tcf_action_init+0x10/0x10
[  711.477838][T19890]  ? __pfx___nla_validate_parse+0x10/0x10
[  711.477902][T19890]  tc_ctl_action+0x430/0xbd0
[  711.477931][T19890]  ? __pfx_tc_ctl_action+0x10/0x10
[  711.477958][T19890]  ? rcu_is_watching+0x15/0xb0
[  711.478030][T19890]  ? __pfx_tc_ctl_action+0x10/0x10
[  711.478047][T19890]  rtnetlink_rcv_msg+0x77c/0xb70
[  711.478082][T19890]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  711.478102][T19890]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  711.478120][T19890]  ? ref_tracker_free+0x63a/0x7d0
[  711.478139][T19890]  ? __copy_skb_header+0xa7/0x550
[  711.478165][T19890]  ? __pfx_ref_tracker_free+0x10/0x10
[  711.478186][T19890]  ? __skb_clone+0x63/0x7a0
[  711.478218][T19890]  netlink_rcv_skb+0x208/0x470
[  711.478241][T19890]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  711.478262][T19890]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  711.478298][T19890]  ? netlink_deliver_tap+0x2e/0x1b0
[  711.478317][T19890]  ? netlink_deliver_tap+0x2e/0x1b0
[  711.478344][T19890]  netlink_unicast+0x75b/0x8d0
[  711.478377][T19890]  netlink_sendmsg+0x805/0xb30
[  711.478409][T19890]  ? __pfx_netlink_sendmsg+0x10/0x10
[  711.478434][T19890]  ? aa_sock_msg_perm+0x94/0x160
[  711.478457][T19890]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  711.478478][T19890]  ? __pfx_netlink_sendmsg+0x10/0x10
[  711.478500][T19890]  __sock_sendmsg+0x219/0x270
[  711.478524][T19890]  ____sys_sendmsg+0x505/0x830
[  711.478553][T19890]  ? __pfx_____sys_sendmsg+0x10/0x10
[  711.478588][T19890]  ? import_iovec+0x74/0xa0
[  711.478609][T19890]  ___sys_sendmsg+0x21f/0x2a0
[  711.478635][T19890]  ? __pfx____sys_sendmsg+0x10/0x10
[  711.478699][T19890]  ? __fget_files+0x2a/0x420
[  711.478717][T19890]  ? __fget_files+0x3a0/0x420
[  711.478748][T19890]  __x64_sys_sendmsg+0x19b/0x260
[  711.478775][T19890]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  711.478809][T19890]  ? __pfx_ksys_write+0x10/0x10
[  711.478831][T19890]  ? rcu_is_watching+0x15/0xb0
[  711.478862][T19890]  ? do_syscall_64+0xbe/0x3b0
[  711.478887][T19890]  do_syscall_64+0xfa/0x3b0
[  711.478905][T19890]  ? lockdep_hardirqs_on+0x9c/0x150
[  711.478924][T19890]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.478941][T19890]  ? clear_bhb_loop+0x60/0xb0
[  711.478963][T19890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.478981][T19890] RIP: 0033:0x7f4f96d8e929
[  711.478997][T19890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  711.479013][T19890] RSP: 002b:00007f4f97b50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  711.479031][T19890] RAX: ffffffffffffffda RBX: 00007f4f96fb5fa0 RCX: 00007f4f96d8e929
[  711.479044][T19890] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  711.479053][T19890] RBP: 00007f4f97b50090 R08: 0000000000000000 R09: 0000000000000000
[  711.479067][T19890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  711.479077][T19890] R13: 0000000000000000 R14: 00007f4f96fb5fa0 R15: 00007ffc15b64c88
[  711.479106][T19890]  </TASK>
[  711.939450][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.992127][T19894] FAULT_INJECTION: forcing a failure.
[  711.992127][T19894] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  712.015304][T19894] CPU: 0 UID: 0 PID: 19894 Comm: syz.4.5441 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  712.015331][T19894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  712.015342][T19894] Call Trace:
[  712.015350][T19894]  <TASK>
[  712.015358][T19894]  dump_stack_lvl+0x189/0x250
[  712.015388][T19894]  ? __pfx____ratelimit+0x10/0x10
[  712.015409][T19894]  ? __pfx_dump_stack_lvl+0x10/0x10
[  712.015434][T19894]  ? __pfx__printk+0x10/0x10
[  712.015467][T19894]  should_fail_ex+0x414/0x560
[  712.015495][T19894]  _copy_from_user+0x2d/0xb0
[  712.015513][T19894]  bpf_test_init+0xf8/0x170
[  712.015539][T19894]  bpf_prog_test_run_flow_dissector+0x1e1/0x5c0
[  712.015575][T19894]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  712.015600][T19894]  ? __fget_files+0x2a/0x420
[  712.015622][T19894]  ? __fget_files+0x2a/0x420
[  712.015639][T19894]  ? __fget_files+0x3a0/0x420
[  712.015656][T19894]  ? __fget_files+0x2a/0x420
[  712.015680][T19894]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  712.015703][T19894]  bpf_prog_test_run+0x2c4/0x340
[  712.015730][T19894]  __sys_bpf+0x4a4/0x860
[  712.015757][T19894]  ? __pfx___sys_bpf+0x10/0x10
[  712.015788][T19894]  ? ksys_write+0x22a/0x250
[  712.015814][T19894]  ? __pfx_ksys_write+0x10/0x10
[  712.015835][T19894]  ? rcu_is_watching+0x15/0xb0
[  712.015866][T19894]  __x64_sys_bpf+0x7c/0x90
[  712.015887][T19894]  do_syscall_64+0xfa/0x3b0
[  712.015905][T19894]  ? lockdep_hardirqs_on+0x9c/0x150
[  712.015923][T19894]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.015947][T19894]  ? clear_bhb_loop+0x60/0xb0
[  712.015968][T19894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.015985][T19894] RIP: 0033:0x7fc2b738e929
[  712.016002][T19894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  712.016016][T19894] RSP: 002b:00007fc2b821d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  712.016035][T19894] RAX: ffffffffffffffda RBX: 00007fc2b75b5fa0 RCX: 00007fc2b738e929
[  712.016048][T19894] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 000000000000000a
[  712.016060][T19894] RBP: 00007fc2b821d090 R08: 0000000000000000 R09: 0000000000000000
[  712.016071][T19894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  712.016081][T19894] R13: 0000000000000000 R14: 00007fc2b75b5fa0 R15: 00007ffd8061a7f8
[  712.016110][T19894]  </TASK>
[  713.177886][   T51] Bluetooth: hci4: command tx timeout
[  713.410780][T19883] chnl_net:caif_netlink_parms(): no params data found
[  713.474838][T19925] netlink: 'syz.1.5452': attribute type 14 has an invalid length.
[  713.522848][ T7085] hsr_slave_0: left promiscuous mode
[  713.539124][ T7085] hsr_slave_1: left promiscuous mode
[  713.545254][ T7085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  713.552791][ T7085] batman_adv: batadv0: Removing interface: batadv_slave_0
[  713.567581][ T7085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  713.577315][ T7085] batman_adv: batadv0: Removing interface: batadv_slave_1
[  713.618998][ T7085] veth1_macvtap: left promiscuous mode
[  713.624572][ T7085] veth0_macvtap: left promiscuous mode
[  713.643781][ T7085] veth1_vlan: left promiscuous mode
[  713.649906][ T7085] veth0_vlan: left promiscuous mode
[  714.113437][ T7085] team0 (unregistering): Port device team_slave_1 removed
[  714.156519][ T7085] team0 (unregistering): Port device team_slave_0 removed
[  714.552607][T19941] netlink: 'syz.0.5457': attribute type 1 has an invalid length.
[  714.613114][T19941] __nla_validate_parse: 1 callbacks suppressed
[  714.613132][T19941] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5457'.
[  714.623269][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  714.636474][T19941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5457'.
[  714.845025][T19883] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.854663][T19883] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.864912][T19883] bridge_slave_0: entered allmulticast mode
[  714.881916][T19883] bridge_slave_0: entered promiscuous mode
[  714.893496][T19883] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.901183][T19883] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.913790][T19883] bridge_slave_1: entered allmulticast mode
[  714.921933][T19883] bridge_slave_1: entered promiscuous mode
[  715.029197][T19883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  715.079613][T19883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  715.121502][T19957] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5461'.
[  715.188731][T19961] FAULT_INJECTION: forcing a failure.
[  715.188731][T19961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  715.192006][T19957] team0: Device gtp0 is of different type
[  715.202472][T19961] CPU: 1 UID: 0 PID: 19961 Comm: syz.4.5463 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  715.202500][T19961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  715.202510][T19961] Call Trace:
[  715.202518][T19961]  <TASK>
[  715.202526][T19961]  dump_stack_lvl+0x189/0x250
[  715.202555][T19961]  ? __pfx____ratelimit+0x10/0x10
[  715.202571][T19961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  715.202594][T19961]  ? __pfx__printk+0x10/0x10
[  715.202625][T19961]  should_fail_ex+0x414/0x560
[  715.202650][T19961]  _copy_to_user+0x31/0xb0
[  715.202668][T19961]  simple_read_from_buffer+0xe1/0x170
[  715.202692][T19961]  proc_fail_nth_read+0x1df/0x250
[  715.202714][T19961]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  715.202737][T19961]  ? rw_verify_area+0x258/0x650
[  715.202761][T19961]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  715.202782][T19961]  vfs_read+0x1fd/0x980
[  715.202810][T19961]  ? __pfx___mutex_lock+0x10/0x10
[  715.202830][T19961]  ? __pfx_vfs_read+0x10/0x10
[  715.202855][T19961]  ? __fget_files+0x2a/0x420
[  715.202878][T19961]  ? __fget_files+0x3a0/0x420
[  715.202895][T19961]  ? __fget_files+0x2a/0x420
[  715.202921][T19961]  ksys_read+0x145/0x250
[  715.202947][T19961]  ? __pfx_ksys_read+0x10/0x10
[  715.202968][T19961]  ? rcu_is_watching+0x15/0xb0
[  715.202998][T19961]  ? do_syscall_64+0xbe/0x3b0
[  715.203022][T19961]  do_syscall_64+0xfa/0x3b0
[  715.203039][T19961]  ? lockdep_hardirqs_on+0x9c/0x150
[  715.203057][T19961]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.203074][T19961]  ? clear_bhb_loop+0x60/0xb0
[  715.203095][T19961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.203111][T19961] RIP: 0033:0x7fc2b738d33c
[  715.203127][T19961] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  715.203141][T19961] RSP: 002b:00007fc2b821d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  715.203159][T19961] RAX: ffffffffffffffda RBX: 00007fc2b75b5fa0 RCX: 00007fc2b738d33c
[  715.203172][T19961] RDX: 000000000000000f RSI: 00007fc2b821d0a0 RDI: 0000000000000004
[  715.203183][T19961] RBP: 00007fc2b821d090 R08: 0000000000000000 R09: 0000000000000000
[  715.203193][T19961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  715.203203][T19961] R13: 0000000000000000 R14: 00007fc2b75b5fa0 R15: 00007ffd8061a7f8
[  715.203232][T19961]  </TASK>
[  715.288512][   T51] Bluetooth: hci4: command tx timeout
[  715.462295][T19883] team0: Port device team_slave_0 added
[  715.473655][T19883] team0: Port device team_slave_1 added
[  715.484327][T19970] smc: net device bond0 applied user defined pnetid SYZ2
[  715.504704][T19971] ip6gre2: entered allmulticast mode
[  715.589701][T19883] batman_adv: batadv0: Adding interface: batadv_slave_0
[  715.596721][T19883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  715.624966][T19883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  715.655955][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  715.671262][T19883] batman_adv: batadv0: Adding interface: batadv_slave_1
[  715.673609][T19973] Bluetooth: MGMT ver 1.23
[  715.697757][T19883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  715.730623][T19977] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  715.793686][T19883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  715.896256][T19983] geneve3: entered promiscuous mode
[  716.012864][T19883] hsr_slave_0: entered promiscuous mode
[  716.021795][T19883] hsr_slave_1: entered promiscuous mode
[  716.037472][T19883] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  716.055865][T19883] Cannot create hsr debugfs directory
[  716.063905][T19988] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5473'.
[  716.570715][T20015] syzkaller1: entered promiscuous mode
[  716.615880][T20015] syzkaller1: entered allmulticast mode
[  716.695984][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.889358][T20030] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5481'.
[  717.111834][T20046] x_tables: duplicate underflow at hook 1
[  717.275099][T20056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5487'.
[  717.288346][T20054] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5488'.
[  717.359590][T20056] netlink: 'syz.4.5487': attribute type 7 has an invalid length.
[  717.500431][   T51] Bluetooth: hci4: command tx timeout
[  717.644564][T20062] netlink: 260 bytes leftover after parsing attributes in process `syz.2.5489'.
[  717.701267][T19883] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  717.779420][T19883] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  717.846050][T19883] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  717.865251][T19883] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  718.038858][T20091] FAULT_INJECTION: forcing a failure.
[  718.038858][T20091] name failslab, interval 1, probability 0, space 0, times 0
[  718.066186][T20091] CPU: 0 UID: 0 PID: 20091 Comm: syz.0.5495 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  718.066213][T20091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  718.066224][T20091] Call Trace:
[  718.066231][T20091]  <TASK>
[  718.066239][T20091]  dump_stack_lvl+0x189/0x250
[  718.066270][T20091]  ? __pfx____ratelimit+0x10/0x10
[  718.066290][T20091]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.066320][T20091]  ? __pfx__printk+0x10/0x10
[  718.066345][T20091]  ? __pfx___might_resched+0x10/0x10
[  718.066374][T20091]  should_fail_ex+0x414/0x560
[  718.066400][T20091]  should_failslab+0xa8/0x100
[  718.066420][T20091]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  718.066446][T20091]  ? __alloc_skb+0x112/0x2d0
[  718.066472][T20091]  __alloc_skb+0x112/0x2d0
[  718.066497][T20091]  netlink_sendmsg+0x5c6/0xb30
[  718.066528][T20091]  ? __pfx_netlink_sendmsg+0x10/0x10
[  718.066552][T20091]  ? aa_sock_msg_perm+0x94/0x160
[  718.066574][T20091]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  718.066598][T20091]  ? __pfx_netlink_sendmsg+0x10/0x10
[  718.066619][T20091]  __sock_sendmsg+0x219/0x270
[  718.066640][T20091]  ____sys_sendmsg+0x505/0x830
[  718.066662][T20091]  ? __pfx_____sys_sendmsg+0x10/0x10
[  718.066688][T20091]  ? import_iovec+0x74/0xa0
[  718.066707][T20091]  ___sys_sendmsg+0x21f/0x2a0
[  718.066732][T20091]  ? __pfx____sys_sendmsg+0x10/0x10
[  718.066793][T20091]  ? __fget_files+0x2a/0x420
[  718.066810][T20091]  ? __fget_files+0x3a0/0x420
[  718.066840][T20091]  __x64_sys_sendmsg+0x19b/0x260
[  718.066866][T20091]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  718.066900][T20091]  ? __pfx_ksys_write+0x10/0x10
[  718.066922][T20091]  ? rcu_is_watching+0x15/0xb0
[  718.066953][T20091]  ? do_syscall_64+0xbe/0x3b0
[  718.066977][T20091]  do_syscall_64+0xfa/0x3b0
[  718.066995][T20091]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.067012][T20091]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.067029][T20091]  ? clear_bhb_loop+0x60/0xb0
[  718.067050][T20091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.067067][T20091] RIP: 0033:0x7f1860f8e929
[  718.067083][T20091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.067098][T20091] RSP: 002b:00007f1861ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  718.067117][T20091] RAX: ffffffffffffffda RBX: 00007f18611b5fa0 RCX: 00007f1860f8e929
[  718.067130][T20091] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  718.067143][T20091] RBP: 00007f1861ed7090 R08: 0000000000000000 R09: 0000000000000000
[  718.067154][T20091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.067164][T20091] R13: 0000000000000000 R14: 00007f18611b5fa0 R15: 00007ffd13a6d108
[  718.067194][T20091]  </TASK>
[  718.387940][T19883] 8021q: adding VLAN 0 to HW filter on device bond0
[  718.407543][T19883] 8021q: adding VLAN 0 to HW filter on device team0
[  718.421187][ T1323] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.428373][ T1323] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.466716][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  718.479600][T19883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  718.491031][T19883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  718.516766][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.523940][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.597086][T20099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5498'.
[  718.621569][T20095] netlink: 136 bytes leftover after parsing attributes in process `syz.1.5496'.
[  718.644644][T20095] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  718.664503][T20101] netlink: 'syz.0.5498': attribute type 4 has an invalid length.
[  718.937533][ T1323] wlan1: Trigger new scan to find an IBSS to join
[  719.257784][T19883] 8021q: adding VLAN 0 to HW filter on device batadv0
[  719.465699][T19883] veth0_vlan: entered promiscuous mode
[  719.488578][T19883] veth1_vlan: entered promiscuous mode
[  719.496123][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.571243][T19883] veth0_macvtap: entered promiscuous mode
[  719.586260][   T51] Bluetooth: hci4: command tx timeout
[  719.588521][T19883] veth1_macvtap: entered promiscuous mode
[  719.677033][T19883] batman_adv: batadv0: Interface activated: batadv_slave_0
[  719.701925][T19883] batman_adv: batadv0: Interface activated: batadv_slave_1
[  719.740941][T20107] smc: removing ib device syz!
[  719.758097][ T1323] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  719.843622][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  719.854292][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  720.052139][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  720.457904][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.466788][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.536546][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  720.615520][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  720.633635][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  720.804052][T20151] netlink: 'syz.1.5512': attribute type 1 has an invalid length.
[  721.716864][T20172] __nla_validate_parse: 1 callbacks suppressed
[  721.716885][T20172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5519'.
[  721.744910][ T5880] Bluetooth: hci4: command 0x0405 tx timeout
[  721.896079][ T2968] wlan1: Trigger new scan to find an IBSS to join
[  721.915333][T20181] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5520'.
[  722.135634][T20185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5522'.
[  722.151906][T20185] bridge_slave_0: left allmulticast mode
[  722.157840][T20185] bridge_slave_0: left promiscuous mode
[  722.163831][T20185] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.299562][ T2968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.760537][ T2137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.834512][ T2137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.913321][ T2137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.984238][ T2137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.083811][ T2137] bridge_slave_1: left allmulticast mode
[  723.089930][ T2137] bridge_slave_1: left promiscuous mode
[  723.097280][ T2137] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.106249][ T2137] bridge_slave_0: left allmulticast mode
[  723.111879][ T2137] bridge_slave_0: left promiscuous mode
[  723.117960][ T2137] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.335997][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.433239][T20191] FAULT_INJECTION: forcing a failure.
[  723.433239][T20191] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  723.474727][T20191] CPU: 1 UID: 0 PID: 20191 Comm: syz.0.5523 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  723.474754][T20191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  723.474764][T20191] Call Trace:
[  723.474771][T20191]  <TASK>
[  723.474779][T20191]  dump_stack_lvl+0x189/0x250
[  723.474809][T20191]  ? __pfx____ratelimit+0x10/0x10
[  723.474828][T20191]  ? __pfx_dump_stack_lvl+0x10/0x10
[  723.474850][T20191]  ? __pfx__printk+0x10/0x10
[  723.474869][T20191]  ? __might_fault+0xb0/0x130
[  723.474904][T20191]  should_fail_ex+0x414/0x560
[  723.474930][T20191]  _copy_from_user+0x2d/0xb0
[  723.474949][T20191]  __sys_bpf+0x1ed/0x860
[  723.474973][T20191]  ? __pfx___sys_bpf+0x10/0x10
[  723.475007][T20191]  ? ksys_write+0x22a/0x250
[  723.475035][T20191]  ? __pfx_ksys_write+0x10/0x10
[  723.475056][T20191]  ? rcu_is_watching+0x15/0xb0
[  723.475087][T20191]  __x64_sys_bpf+0x7c/0x90
[  723.475108][T20191]  do_syscall_64+0xfa/0x3b0
[  723.475126][T20191]  ? lockdep_hardirqs_on+0x9c/0x150
[  723.475143][T20191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.475161][T20191]  ? clear_bhb_loop+0x60/0xb0
[  723.475183][T20191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.475200][T20191] RIP: 0033:0x7f1860f8e929
[  723.475217][T20191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.475231][T20191] RSP: 002b:00007f1861ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  723.475250][T20191] RAX: ffffffffffffffda RBX: 00007f18611b5fa0 RCX: 00007f1860f8e929
[  723.475263][T20191] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 000000000000000a
[  723.475275][T20191] RBP: 00007f1861ed7090 R08: 0000000000000000 R09: 0000000000000000
[  723.475286][T20191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.475296][T20191] R13: 0000000000000000 R14: 00007f18611b5fa0 R15: 00007ffd13a6d108
[  723.475325][T20191]  </TASK>
[  723.479096][T20195] netlink: 'syz.2.5525': attribute type 1 has an invalid length.
[  723.533576][T20196] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5526'.
[  723.555828][T20195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5525'.
[  723.690787][T20204] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5525'.
[  723.774519][ T2137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  723.842147][ T2137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  723.853164][ T2137] bond0 (unregistering): Released all slaves
[  724.191816][ T5880] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  724.231530][ T5875] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  724.246055][ T5875] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  724.254293][ T5875] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  724.262961][ T5875] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  724.356659][T20230] nbd0: detected capacity change from 0 to 63
[  724.375992][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  724.483655][ T2137] hsr_slave_0: left promiscuous mode
[  724.499211][ T2137] hsr_slave_1: left promiscuous mode
[  724.505587][ T2137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  724.515747][ T2137] batman_adv: batadv0: Removing interface: batadv_slave_0
[  724.524271][ T2137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  724.534073][ T2137] batman_adv: batadv0: Removing interface: batadv_slave_1
[  724.564500][ T2137] veth1_macvtap: left promiscuous mode
[  724.571030][ T2137] veth0_macvtap: left promiscuous mode
[  724.577076][ T2137] veth1_vlan: left promiscuous mode
[  724.582738][ T2137] veth0_vlan: left promiscuous mode
[  724.604324][T20238] ==================================================================
[  724.612418][T20238] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160
[  724.620326][T20238] Read of size 8 at addr ffff88802fcab530 by task syz.4.5532/20238
[  724.628221][T20238] 
[  724.630551][T20238] CPU: 1 UID: 0 PID: 20238 Comm: syz.4.5532 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  724.630578][T20238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  724.630596][T20238] Call Trace:
[  724.630604][T20238]  <TASK>
[  724.630612][T20238]  dump_stack_lvl+0x189/0x250
[  724.630642][T20238]  ? __virt_addr_valid+0x1c8/0x5c0
[  724.630661][T20238]  ? rcu_is_watching+0x15/0xb0
[  724.630685][T20238]  ? __kasan_check_byte+0x12/0x40
[  724.630703][T20238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.630728][T20238]  ? rcu_is_watching+0x15/0xb0
[  724.630753][T20238]  ? lock_release+0x4b/0x3e0
[  724.630778][T20238]  ? __virt_addr_valid+0x1c8/0x5c0
[  724.630796][T20238]  ? __virt_addr_valid+0x4a5/0x5c0
[  724.630814][T20238]  print_report+0xd2/0x2b0
[  724.630837][T20238]  ? pause_parse_request+0x40/0x160
[  724.630856][T20238]  kasan_report+0x118/0x150
[  724.630875][T20238]  ? pause_parse_request+0x40/0x160
[  724.630899][T20238]  ? __pfx_pause_parse_request+0x10/0x10
[  724.630917][T20238]  pause_parse_request+0x40/0x160
[  724.630938][T20238]  ? __pfx_pause_parse_request+0x10/0x10
[  724.630956][T20238]  ethnl_default_set_doit+0x2be/0xa40
[  724.630980][T20238]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  724.631011][T20238]  genl_family_rcv_msg_doit+0x212/0x300
[  724.631040][T20238]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  724.631072][T20238]  ? bpf_lsm_capable+0x9/0x20
[  724.631089][T20238]  ? security_capable+0x7e/0x2e0
[  724.631113][T20238]  genl_rcv_msg+0x60e/0x790
[  724.631141][T20238]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.631164][T20238]  ? ref_tracker_free+0x63a/0x7d0
[  724.631187][T20238]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  724.631210][T20238]  ? __pfx_ref_tracker_free+0x10/0x10
[  724.631237][T20238]  netlink_rcv_skb+0x208/0x470
[  724.631259][T20238]  ? __pfx_genl_rcv_msg+0x10/0x10
[  724.631284][T20238]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  724.631312][T20238]  ? down_read+0x1ad/0x2e0
[  724.631335][T20238]  genl_rcv+0x28/0x40
[  724.631358][T20238]  netlink_unicast+0x75b/0x8d0
[  724.631382][T20238]  netlink_sendmsg+0x805/0xb30
[  724.631407][T20238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.631429][T20238]  ? __lock_acquire+0xab9/0xd20
[  724.631450][T20238]  ? aa_sock_msg_perm+0x94/0x160
[  724.631472][T20238]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  724.631491][T20238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  724.631510][T20238]  __sock_sendmsg+0x219/0x270
[  724.631530][T20238]  ____sys_sendmsg+0x505/0x830
[  724.631555][T20238]  ? __pfx_____sys_sendmsg+0x10/0x10
[  724.631581][T20238]  ? import_iovec+0x74/0xa0
[  724.631606][T20238]  ___sys_sendmsg+0x21f/0x2a0
[  724.631630][T20238]  ? __pfx____sys_sendmsg+0x10/0x10
[  724.631671][T20238]  ? __fget_files+0x2a/0x420
[  724.631690][T20238]  ? __fget_files+0x3a0/0x420
[  724.631714][T20238]  __x64_sys_sendmsg+0x19b/0x260
[  724.631740][T20238]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  724.631768][T20238]  ? do_user_addr_fault+0xc8a/0x1390
[  724.631792][T20238]  ? do_syscall_64+0xbe/0x3b0
[  724.631815][T20238]  do_syscall_64+0xfa/0x3b0
[  724.631834][T20238]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.631851][T20238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.631868][T20238]  ? clear_bhb_loop+0x60/0xb0
[  724.631888][T20238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.631906][T20238] RIP: 0033:0x7fc2b738e929
[  724.631923][T20238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.631938][T20238] RSP: 002b:00007fc2b81db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  724.631959][T20238] RAX: ffffffffffffffda RBX: 00007fc2b75b6160 RCX: 00007fc2b738e929
[  724.631974][T20238] RDX: 0000000000004000 RSI: 00002000000006c0 RDI: 000000000000000e
[  724.631988][T20238] RBP: 00007fc2b7410b39 R08: 0000000000000000 R09: 0000000000000000
[  724.631998][T20238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  724.632007][T20238] R13: 0000000000000001 R14: 00007fc2b75b6160 R15: 00007ffd8061a7f8
[  724.632026][T20238]  </TASK>
[  724.632033][T20238] 
[  725.018633][T20238] Allocated by task 20238:
[  725.023030][T20238]  kasan_save_track+0x3e/0x80
[  725.027700][T20238]  __kasan_kmalloc+0x93/0xb0
[  725.032272][T20238]  __kmalloc_noprof+0x27a/0x4f0
[  725.037102][T20238]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  725.043170][T20238]  genl_family_rcv_msg_doit+0xb8/0x300
[  725.048642][T20238]  genl_rcv_msg+0x60e/0x790
[  725.053148][T20238]  netlink_rcv_skb+0x208/0x470
[  725.057903][T20238]  genl_rcv+0x28/0x40
[  725.061884][T20238]  netlink_unicast+0x75b/0x8d0
[  725.066636][T20238]  netlink_sendmsg+0x805/0xb30
[  725.071395][T20238]  __sock_sendmsg+0x219/0x270
[  725.076071][T20238]  ____sys_sendmsg+0x505/0x830
[  725.080839][T20238]  ___sys_sendmsg+0x21f/0x2a0
[  725.085517][T20238]  __x64_sys_sendmsg+0x19b/0x260
[  725.090443][T20238]  do_syscall_64+0xfa/0x3b0
[  725.094936][T20238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.100818][T20238] 
[  725.103145][T20238] The buggy address belongs to the object at ffff88802fcab500
[  725.103145][T20238]  which belongs to the cache kmalloc-64 of size 64
[  725.117018][T20238] The buggy address is located 8 bytes to the right of
[  725.117018][T20238]  allocated 40-byte region [ffff88802fcab500, ffff88802fcab528)
[  725.131419][T20238] 
[  725.133736][T20238] The buggy address belongs to the physical page:
[  725.140145][T20238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fcab
[  725.148890][T20238] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  725.156011][T20238] page_type: f5(slab)
[  725.159978][T20238] raw: 00fff00000000000 ffff88801a4418c0 ffffea0000d0d640 dead000000000004
[  725.168546][T20238] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[  725.177194][T20238] page dumped because: kasan: bad access detected
[  725.183608][T20238] page_owner tracks the page as allocated
[  725.189303][T20238] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 19241661696, free_ts 19233806834
[  725.207780][T20238]  post_alloc_hook+0x240/0x2a0
[  725.212531][T20238]  get_page_from_freelist+0x21e4/0x22c0
[  725.218064][T20238]  __alloc_frozen_pages_noprof+0x181/0x370
[  725.223857][T20238]  alloc_pages_mpol+0x232/0x4a0
[  725.228691][T20238]  allocate_slab+0x8a/0x3b0
[  725.233181][T20238]  ___slab_alloc+0xbfc/0x1480
[  725.237845][T20238]  __kmalloc_cache_noprof+0x296/0x3d0
[  725.243203][T20238]  add_sysfs_param+0x610/0xa20
[  725.247962][T20238]  kernel_add_sysfs_param+0xb4/0x130
[  725.253234][T20238]  param_sysfs_builtin+0x1de/0x290
[  725.258337][T20238]  param_sysfs_builtin_init+0x32/0x40
[  725.263699][T20238]  do_one_initcall+0x233/0x820
[  725.268451][T20238]  do_initcall_level+0x137/0x1f0
[  725.273393][T20238]  do_initcalls+0x69/0xd0
[  725.277716][T20238]  kernel_init_freeable+0x3d9/0x570
[  725.282916][T20238]  kernel_init+0x1d/0x1d0
[  725.287242][T20238] page last free pid 10 tgid 10 stack trace:
[  725.293203][T20238]  __free_frozen_pages+0xc71/0xe70
[  725.298296][T20238]  vfree+0x25a/0x400
[  725.302173][T20238]  delayed_vfree_work+0x55/0x80
[  725.307005][T20238]  process_scheduled_works+0xae1/0x17b0
[  725.312539][T20238]  worker_thread+0x8a0/0xda0
[  725.317115][T20238]  kthread+0x70e/0x8a0
[  725.321165][T20238]  ret_from_fork+0x3fc/0x770
[  725.325738][T20238]  ret_from_fork_asm+0x1a/0x30
[  725.330492][T20238] 
[  725.332796][T20238] Memory state around the buggy address:
[  725.338405][T20238]  ffff88802fcab400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  725.346446][T20238]  ffff88802fcab480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  725.354488][T20238] >ffff88802fcab500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  725.362542][T20238]                                      ^
[  725.368162][T20238]  ffff88802fcab580: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[  725.376204][T20238]  ffff88802fcab600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  725.384242][T20238] ==================================================================
[  725.410618][ T2939] wlan1: Trigger new scan to find an IBSS to join
[  725.421704][   T51] block nbd0: Receive control failed (result -32)
[  725.436649][ T2939] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  725.587624][T20238] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  725.594856][T20238] CPU: 0 UID: 0 PID: 20238 Comm: syz.4.5532 Not tainted 6.16.0-rc3-syzkaller-00902-gbeead7eea896 #0 PREEMPT(full) 
[  725.606924][T20238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  725.616970][T20238] Call Trace:
[  725.620243][T20238]  <TASK>
[  725.623159][T20238]  dump_stack_lvl+0x99/0x250
[  725.627746][T20238]  ? __asan_memcpy+0x40/0x70
[  725.632328][T20238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.637519][T20238]  ? __pfx__printk+0x10/0x10
[  725.642102][T20238]  panic+0x2db/0x790
[  725.645991][T20238]  ? __pfx_panic+0x10/0x10
[  725.650401][T20238]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  725.656281][T20238]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  725.662604][T20238]  ? print_memory_metadata+0x314/0x400
[  725.668147][T20238]  ? pause_parse_request+0x40/0x160
[  725.673339][T20238]  check_panic_on_warn+0x89/0xb0
[  725.678271][T20238]  ? pause_parse_request+0x40/0x160
[  725.683464][T20238]  end_report+0x78/0x160
[  725.687695][T20238]  kasan_report+0x129/0x150
[  725.692191][T20238]  ? pause_parse_request+0x40/0x160
[  725.697386][T20238]  ? __pfx_pause_parse_request+0x10/0x10
[  725.703005][T20238]  pause_parse_request+0x40/0x160
[  725.708019][T20238]  ? __pfx_pause_parse_request+0x10/0x10
[  725.713636][T20238]  ethnl_default_set_doit+0x2be/0xa40
[  725.718997][T20238]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  725.725326][T20238]  genl_family_rcv_msg_doit+0x212/0x300
[  725.730865][T20238]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  725.736929][T20238]  ? bpf_lsm_capable+0x9/0x20
[  725.741592][T20238]  ? security_capable+0x7e/0x2e0
[  725.746519][T20238]  genl_rcv_msg+0x60e/0x790
[  725.751191][T20238]  ? __pfx_genl_rcv_msg+0x10/0x10
[  725.756229][T20238]  ? ref_tracker_free+0x63a/0x7d0
[  725.761242][T20238]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  725.767126][T20238]  ? __pfx_ref_tracker_free+0x10/0x10
[  725.772496][T20238]  netlink_rcv_skb+0x208/0x470
[  725.777254][T20238]  ? __pfx_genl_rcv_msg+0x10/0x10
[  725.782288][T20238]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  725.787587][T20238]  ? down_read+0x1ad/0x2e0
[  725.792014][T20238]  genl_rcv+0x28/0x40
[  725.796009][T20238]  netlink_unicast+0x75b/0x8d0
[  725.800779][T20238]  netlink_sendmsg+0x805/0xb30
[  725.805549][T20238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.810834][T20238]  ? __lock_acquire+0xab9/0xd20
[  725.815685][T20238]  ? aa_sock_msg_perm+0x94/0x160
[  725.820620][T20238]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  725.825900][T20238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.831176][T20238]  __sock_sendmsg+0x219/0x270
[  725.835869][T20238]  ____sys_sendmsg+0x505/0x830
[  725.840714][T20238]  ? __pfx_____sys_sendmsg+0x10/0x10
[  725.845994][T20238]  ? import_iovec+0x74/0xa0
[  725.850481][T20238]  ___sys_sendmsg+0x21f/0x2a0
[  725.855148][T20238]  ? __pfx____sys_sendmsg+0x10/0x10
[  725.860354][T20238]  ? __fget_files+0x2a/0x420
[  725.864940][T20238]  ? __fget_files+0x3a0/0x420
[  725.869610][T20238]  __x64_sys_sendmsg+0x19b/0x260
[  725.874548][T20238]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  725.880095][T20238]  ? do_user_addr_fault+0xc8a/0x1390
[  725.885387][T20238]  ? do_syscall_64+0xbe/0x3b0
[  725.890071][T20238]  do_syscall_64+0xfa/0x3b0
[  725.894565][T20238]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.899752][T20238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.905807][T20238]  ? clear_bhb_loop+0x60/0xb0
[  725.910480][T20238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.916362][T20238] RIP: 0033:0x7fc2b738e929
[  725.920766][T20238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.940450][T20238] RSP: 002b:00007fc2b81db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  725.948864][T20238] RAX: ffffffffffffffda RBX: 00007fc2b75b6160 RCX: 00007fc2b738e929
[  725.956830][T20238] RDX: 0000000000004000 RSI: 00002000000006c0 RDI: 000000000000000e
[  725.964792][T20238] RBP: 00007fc2b7410b39 R08: 0000000000000000 R09: 0000000000000000
[  725.972756][T20238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  725.980720][T20238] R13: 0000000000000001 R14: 00007fc2b75b6160 R15: 00007ffd8061a7f8
[  725.988692][T20238]  </TASK>
[  725.991959][T20238] Kernel Offset: disabled
[  725.996268][T20238] Rebooting in 86400 seconds..