last executing test programs:

3.836276779s ago: executing program 3 (id=12700):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_newvlan={0x18, 0x76, 0x709, 0x2, 0x0, {0x7, 0x2}}, 0x18}, 0x1, 0x5502000000000000}, 0x4000)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r3, 0x0, 0x23, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x88}}, 0x20000000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x80000000}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xa0}}, 0x0)

3.721077911s ago: executing program 3 (id=12704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x20008084}, 0x4040000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x4048010)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000100)={0x3a}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="bb", 0x1, 0x4004881, &(0x7f0000000080)={0xa, 0x0, 0x9, @private0, 0x152a}, 0x1c)
listen(r6, 0x100101)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r5, &(0x7f00000000c0)='K', 0x1, 0x44008011, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
sendmsg$IPSET_CMD_DESTROY(r4, 0x0, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
unshare(0x22020400)
unshare(0x40000000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f00000003c0))
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000a00)=[{0x2, 0x3, {0x2, 0x0, 0x1}, {0x2, 0x0, 0xf7a59104b40dfa67}, 0xfd}, {0x0, 0x0, {0x2, 0xf0}, {0x2, 0x0, 0x2}, 0xff, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xfe}, {0x1, 0x0, {0xe8a0a7dd6c3ddf1, 0x1, 0x7}, {0x2, 0xff}, 0x2, 0xfe}, {0x2, 0x1, {0x1, 0xf, 0x4}, {0x1, 0x1}, 0xff, 0xff}], 0xa0)

3.63748828s ago: executing program 4 (id=12706):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0xa000}], 0x3, 0x0, 0x1200}, 0x0)
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0)

3.449623601s ago: executing program 1 (id=12708):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f0000000100)="23830014", 0x4)

3.391532802s ago: executing program 4 (id=12709):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000040)={0x0, 0x8001, 0x1, [0x8, 0x8, 0x1, 0x3cc7, 0x76b7], [0x100000000, 0x79, 0x9, 0xfffffffffffffff7, 0xab, 0x563, 0x7, 0x7, 0x100, 0x5092, 0x0, 0x1, 0x5, 0x1, 0x8, 0x8000, 0x4, 0x1, 0x3, 0x3, 0x2, 0x10001, 0x4, 0x6, 0x2, 0x9, 0x8, 0xffff, 0x1, 0x40, 0x50, 0x1, 0xfff, 0xbc7, 0x1, 0x1, 0x96, 0xf, 0x7, 0x4, 0x5, 0x6, 0x81, 0x7, 0x3, 0x9, 0x10, 0x9ce9, 0x80000001, 0x6, 0x101, 0x3a38, 0x38000000, 0x1, 0x8, 0x9, 0x101, 0x5, 0x4, 0x10000, 0x6, 0x2, 0x8c8, 0x8, 0x100000000, 0x8, 0x40, 0x7fff, 0x9, 0x7, 0x8, 0x0, 0x7ff, 0x9, 0x1, 0x2, 0x3, 0xd, 0xff, 0x8, 0xffffffffffff08b1, 0x70c, 0x8, 0xff, 0x1, 0xf, 0x9, 0x6, 0x1, 0x6, 0x5, 0x8, 0x9, 0xc55, 0xe1a, 0x5102, 0x101, 0xfffffffffffffffe, 0xfff, 0x0, 0x100, 0x8, 0x9, 0xffffffff, 0x2800, 0xe, 0x49, 0x248, 0x3, 0xffffffff, 0x4, 0xbe, 0x5, 0x0, 0x100, 0x7b9, 0x7, 0xa7, 0x7, 0x7d25, 0x5]})
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r1)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB="40010000", @ANYRES16=0x0, @ANYBLOB="00012abd7000fedbdf256500000008000300", @ANYRES32=0x0, @ANYBLOB="24010380cc000080c500010029fcbc4582f816acae57c6133a22024417909aa2e97e887a13d9e1f266c314ee6662477fae9f5e6fab4d1316b9cc24c3da833c143adf43a9c36fdb9461ae3c0866feaa4b49e52dfe22da7ab45989cf3363c81052c6de85445c8c3bd94c3f88d8d47e1d36d0945c43be000000003e985c2f1861b672d612fedc9b9aa7070690acef0cccafe14f11e57489c1f4939c334a8e50f609f8462b8f9b983e0e685e9866b076b2c3bbd1a1092420d27d7787746e1e22433ba630d4b269468736000000540000804e00010017b5b46dc5dd6d251baacd2d4c88196750185b5c2b225a818595d4f24a57f3ffda5734d40179d0efcbf154ab3c999fb26b4aeedc42164d5bd9955e0ee3ccf43f398f4197e806f0edc2c085216204025560f6dc000000000000000000"], 0x140}, 0x1, 0x0, 0x0, 0xd0}, 0x4048010)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000080)={0x4}, 0x1)
epoll_create(0xff)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a004e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d400", @ANYRES16=r2], 0x21c}}, 0x0)
r5 = getpid()
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x80)
write$cgroup_pid(r2, &(0x7f00000006c0)=r5, 0x12)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000680)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000c40, 0x0, 0x0, 0x200000000c70, 0x200000000ca0], 0x11, 0x0, &(0x7f0000000c40)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x20702, 0x0)
r10 = socket$inet6_sctp(0xa, 0x801, 0x84)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000640)={0x0, 0x2, 0xf080}, &(0x7f0000000a00))
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r11, 0x84, 0x5, 0x0, 0x0)
sendmmsg$inet6(r10, &(0x7f00000012c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x5}, 0x1c, &(0x7f0000000480)=[{&(0x7f00000005c0)="8c7f924c55205cbf860621af9cffa024f339da7627d94ad102646641643a0295beead32ec1c0f6549e114ed345f8abb0c7096bf936fbe530e377ef9e15ddf1af09eb058230e647585f856a22a1b6c6c8273c8d617589b13a5073", 0x5a}], 0x1}}, {{&(0x7f00000004c0)={0xa, 0x4e22, 0x200006, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}, 0x1c, &(0x7f0000000a40)=[{&(0x7f0000000500)='\x00', 0x1}], 0x1}}, {{&(0x7f0000000880)={0xa, 0x4e21, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, 0x1c, &(0x7f0000001240)=[{&(0x7f00000008c0)="7c74ed83b2d91b8da3c841431d2822764e0c86ef657c84fa14bb4434b38606f3f92d172db4f06640f56d3e5753aa2f315ff91cd9e75d68fb42924af8c436ffa415dc92f3c8b5908a058c5881319926bdb92941d104d709b2ec2392", 0x5b}, {&(0x7f0000000940)="1f81030e517f9375d4fcc1a5e170ab7564edf375a945277563a48de036ba6269e17fae2ee2fc98cf84786e0943194ed972137eb26f22da0a01397ef9ff8a20de5672bd4a518ce4a1d9c5a5e82bcbf20fd666f26c549a5c8939938143217d8b0fbc3bffea1f4ef374ba2e30550ffbeff035e92b00b9ea950801e9", 0x7a}, {&(0x7f0000000a80)="2f302d43705304202b01d3c4d8cdec9fc3da6ff230e221fa4c7c86323e5e039dfec2a26d05dc8317f0573bb164b1f5fd45de41e36444b1dcddb80948c3daa4b66790ccd3900b98983c889f22b95dbc5b0e50772ecccc33a9f5e01923da5a276470999ea141b8baab22917059eaed6da924ba30e91d0d9c1c29d14c5012315ba78b705758402802726e448a3c36af6a5ec3db9fb5ab180535df0fe23a8ad63072ba09102afa5424fb0f2667bfe453935b2cdae794d1", 0xb5}, {&(0x7f0000000b40)="469a7b3acfe3b0a94bb85bc287b045a40a4ee1f6633eeb798f3dc8f4fe2f38d03ae0ee92da30b2f1fdc266bd94105d35f0e3d3a93b9ae0a33bb334cd8834a43a287dd9221989c166bb", 0x49}, {&(0x7f00000009c0)="d69fe1113f6cf3a053d81c21d78f63c3835ac1249316b7c6e2e8a80d1779c75932f9ca5cfd9b7378f645c57da3", 0x2d}, {&(0x7f0000001380)="a1208ad379b1b9a57e244d0ba4ef2a004877f423f27064b6d681c84db1edf9551d7142dbac5d58e8cd6bc3aee428bcea697836cbe4b1086d8a4639dd1aafb0d88f675548243d7633b6d424176cf8338c7e23605a331e8f434de493b842c008626592fb1fce03edd9f3db729fc4b392cda64daef2d8ebc88450f2f49f1149e292afd82f33e9cf75222ff81587c565394189f471fde26d8e6201769d8b2063d98ba9ad908b11fb2a06405b3c31dae4de197bb0f116a8e15893e386d0dca20a5c49f80d81b763afb4ea548012239d732653b10ab9a25c664778361bd19a06a495b37cb616a0d245ea3fc184f2cd2cad9d21a7d505c9c8c4252bcbc976fd74ed3866b114005d3a4e32d13642cd1893105746e3f12d1952cd40d16a0ac667e30aabe505b95de52df6c7c9ad1ebd113665e4e43da8d53f488d3010a1dadca2f63c80387a79c56857a00f8571983aee9619c2fbb20d5a704bac9bc4268cc00f87e2a1b4c46a462584954504185dc6220150ac4de697e7701dbbe3d98c900b872caa91bed53fe6", 0x183}, {&(0x7f0000000bc0)="9123cddbb594bf32ab890f03ec496e2c1e4cd7a641b6e6d680cdab4d0834ef7c6bcb1373ff26502d4b9f4e64b987d406f939674308b2b046d58b3fd9c6ed6be7d6d33349fb9524132c4830deb8fb714e6f9f", 0x52}, {&(0x7f00000011c0)="de3169a921926edd7f2130b5b90b8789531beccc8a7382486be346cb8de3379fbc1db5b5127f45a060eedbe5acd169f6aedc97d1176fd8d7d74bb0b39891da2f918723d93fe6eb7a780e81e10d4d02ef8977af5fe382241302f2507c575c852164067afa43a0938f53c6794f6f1fc146514cf79945caba5c5d4b3d379b03", 0x7e}], 0x8}}], 0x3, 0x400c010)
socket$nl_generic(0x10, 0x3, 0x10)

3.390352407s ago: executing program 2 (id=12710):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x20008084}, 0x4040000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x4048010)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000100)={0x3a}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="bb", 0x1, 0x4004881, &(0x7f0000000080)={0xa, 0x0, 0x9, @private0, 0x152a}, 0x1c)
listen(r6, 0x100101)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r5, &(0x7f00000000c0)='K', 0x1, 0x44008011, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x30, 0x3, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
unshare(0x22020400)
unshare(0x40000000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f00000003c0))
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000a00)=[{0x2, 0x3, {0x2, 0x0, 0x1}, {0x2, 0x0, 0xf7a59104b40dfa67}, 0xfd}, {0x0, 0x0, {0x2, 0xf0}, {0x2, 0x0, 0x2}, 0xff, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xfe}, {0x1, 0x0, {0xe8a0a7dd6c3ddf1, 0x1, 0x7}, {0x2, 0xff}, 0x2, 0xfe}, {0x2, 0x1, {0x1, 0xf, 0x4}, {0x1, 0x1}, 0xff, 0xff}], 0xa0)

3.265202295s ago: executing program 1 (id=12711):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0xa, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="7b0a000009000000611187410000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)

3.219737259s ago: executing program 1 (id=12712):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @local}, &(0x7f0000000180)=0x10, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x100000000)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3fd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_create1(0x80000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000070000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701000003ffffffb702000008000000b70300000e0000008500000006000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001010000850000002d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r4}, 0x10)

2.714421436s ago: executing program 3 (id=12713):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback, 0xffff}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, 0x0, 0x0)
ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}], 0x1, 0x48800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bic\x00', 0x4)
write$tun(r0, &(0x7f0000000b40)=ANY=[@ANYBLOB="03040500020005003400480e010000640000002f907800000000ffffffff94024404f253010703a400000421880b0095000300082a0fdbc6a1a27417b2e0e6287d92247bbcfbc50f7d674a05610c9403cc4ae5f10a67af2c756e800ed3c0edb6e04edb37339d92fbf0b62ff1f5180cac30cf1203cb884b52c5f54b4f9d76835abca0cbdc8691cbe5ad63a593b8eebcedb391a9f6dc33eeb6f2cca09d06e0f398d7a945daf177444e1bd9eaf3ed066bb8085efe2e97c52442b0949913b7e9e6ac7a6cac5bf111042a7ed84ef23fd810d4058c361d9709000800080086dd0040080088be000000011303"], 0x10a)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(r3, 0x0, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x50)
sendmsg$NL80211_CMD_SET_COALESCE(r1, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.277059442s ago: executing program 1 (id=12714):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb010018000000000000007c0000167c00000002000000000000000000000e0021000000000000000000000600000d000000000000000000000000000010000000000000000000000000000000000000000000000f0000000000014b0002050000000000000000000009000000000e0000b7eb1fd309ffffffff00000002000000090200000000004000000000000000000000000000001fd8e0fc135cdb2125202ca862fe289d1e89b75aa415a6cfe187b4b0cb4283bb7d4b5892aa8571d9e346dadd944fe459690c17dfdc1ec6a4d4aaccc03f9ebb8f6865519306446484967e480a2209216a4f6233f632d90955d12c8b40d518f1aaac"], 0x0, 0x96, 0x0, 0x0, 0xfffffffe, 0x10000, @value=r0}, 0x28)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000000000000000040000000000001ab269a548b1b122040c4e41b46bfeee41beae3bfa3e4d8bf051c31d8b08837936d465fc753a269833210229"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000010000004000000020"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000002c0), 0x1003, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x6, r2}, 0x38)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f0000000200)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, &(0x7f00000018c0)=[{0x0}, {&(0x7f0000000700)="cb4e64b0af329873eef129", 0xb}], 0x2}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000400)=""/229, 0xe5}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000500)=""/245, 0xf5}, {&(0x7f0000000600)=""/90, 0x5a}, {&(0x7f0000000680)=""/74, 0x4a}, {0x0}, {&(0x7f00000001c0)=""/16, 0x10}], 0x7, &(0x7f0000000900)=""/130, 0x82}, 0x2)
syz_emit_ethernet(0x84, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x2, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket(0x29, 0x2, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x0, '\x00', [{0x834, 0x3, 0x7, 0x6ea9, 0x3, 0x321}, {0x101, 0xc35202a, 0xfffffffffffffffe, 0x1, 0x6, 0x4}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000e40)={0x0, @bcast, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})

1.829422976s ago: executing program 4 (id=12715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000800)=@o_path={&(0x7f0000000640)='./file0\x00', 0x0, 0x4018}, 0x18)

1.747286226s ago: executing program 0 (id=12716):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@const={0x5, 0x0, 0x0, 0xa, 0x4}, @func={0x2, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x61, 0x30, 0x30]}}, &(0x7f0000000640)=""/195, 0x36, 0xc3, 0x0, 0x6, 0x10000}, 0x28)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}], {0x14}}, 0x88}}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x10, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x1, 0x0, 0x4, 0x0, 0xa, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x6, 0xfa, &(0x7f0000000440)=""/250, 0x40f00, 0x48}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900000001000000000000000000000000ffff"], 0x4c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b0000"], 0x50)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x800448d2, &(0x7f0000000500))

1.746893068s ago: executing program 4 (id=12717):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x20008084}, 0x4040000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x4048010)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000100)={0x3a}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="bb", 0x1, 0x4004881, &(0x7f0000000080)={0xa, 0x0, 0x9, @private0, 0x152a}, 0x1c)
listen(r6, 0x100101)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r5, &(0x7f00000000c0)='K', 0x1, 0x44008011, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x30, 0x3, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
unshare(0x22020400)
unshare(0x40000000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f00000003c0))
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000a00)=[{0x2, 0x3, {0x2, 0x0, 0x1}, {0x2, 0x0, 0xf7a59104b40dfa67}, 0xfd}, {0x0, 0x0, {0x2, 0xf0}, {0x2, 0x0, 0x2}, 0xff, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xfe}, {0x1, 0x0, {0xe8a0a7dd6c3ddf1, 0x1, 0x7}, {0x2, 0xff}, 0x2, 0xfe}, {0x2, 0x1, {0x1, 0xf, 0x4}, {0x1, 0x1}, 0xff, 0xff}], 0xa0)

1.630653967s ago: executing program 3 (id=12718):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x100000000)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3fd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000070000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701000003ffffffb702000008000000b70300000e0000008500000006000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001010000850000002d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r4}, 0x10)

1.54030319s ago: executing program 0 (id=12719):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}, 0x50)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f00000008c0), 0x0, 0x408c0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf5, 0x0, 0x0, 0x0, 0xb7c3}}, &(0x7f00000001c0)='GPL\x00', 0x38000000, 0x1000, &(0x7f0000001300)=""/4096, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xf, 0x4, 0x1b}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="3183000000000000000019000000180001801400020073797a5f74756e00"], 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x4886)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000006080)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'bridge0\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)

1.426734139s ago: executing program 3 (id=12720):
r0 = socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r1, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r3, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r6, 0x0, 0x5}, 0x18)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0xfffffffffffffffe, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

1.389677247s ago: executing program 2 (id=12721):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@const={0x5, 0x0, 0x0, 0xa, 0x4}, @func={0x2, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x30, 0x61, 0x30, 0x30]}}, &(0x7f0000000640)=""/195, 0x36, 0xc3, 0x0, 0x6, 0x10000}, 0x28)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}], {0x14}}, 0x88}}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x10, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x1, 0x0, 0x4, 0x0, 0xa, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x6, 0xfa, &(0x7f0000000440)=""/250, 0x40f00, 0x48}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900000001000000000000000000000000ffff"], 0x4c}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000140)={0x9, 0xe, 0x1, 0x7f, 0x80000000, 0x7, 0x9, 0x9}, 0x20)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0xd4}, [@ldst={0x6}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x19)
r6 = socket$netlink(0x10, 0x3, 0x5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b0000"], 0x50)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r7, 0x800448d2, &(0x7f0000000500))
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x0, 0x5, 0x800}, 0x5, 0x0, 0xffffff3d, 0x6, 0xb, 0x1, 0x10, 0x12, 0x2, 0x4, {0x0, 0xcecc, 0x7, 0x5d, 0xe9, 0x7}}}}]}, 0x78}}, 0x0)
r8 = socket(0x2, 0x3, 0xff)
sendmmsg$inet(r8, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000500)="8fc8bf70342c6d1600bae5de9614410848dd95e7b8523bfbf4a6cbcc911b443e673a8fa77ce58a13432ac99e4be38c9c2661a892682d81d9b9022ea90797fb45a74a588fdabe42", 0x47}], 0x1}}, {{&(0x7f00000003c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000580)="c7bace4ebe91b42a7bf8f86453e0ec420e051dc8", 0x14}, {0x0}, {&(0x7f0000000780)="3ce6c498bfc50136f2c47c20cf1a66c10fd74dd25b683183546aeadab27363e9811872eca5570c55b4ec97197dd48b3d35142a2c28aae0f19fef2b33cf00e949f96f5c28da936bdcd3b340fca079ce748c6a885a3215ac5f2986d52a4b43424aad79c75dceb42e20b00c69d6b7b2f9b883e52e876d68c646df1b0a2b0f4f193e146a728d8f43f603e3a78208c00586c54ed3a7c425", 0x95}, {&(0x7f0000000640)="a50f6202000000000000005bf0", 0xd}, {&(0x7f0000001080)="3c077982452f1e1497d128b4a4dcff3bc1fc253498237a078ed7328b2e629de0e7f73cafe0f99f9228b71a18a0e7f778e6f12663bff64f428a5687d2fb4b40744f7d77ca26cf1015484ec237c4f8ef7316bdfc1e348cf8fab1eeffa008941bad6860044a95b5c85738c5362234cd3d9fc729479c04f46240a61f272cbecfd482e95d0b7ea4ca3bef58f6708c29325c27dfed9ab6b0d0eba695efdc505190e991df78b19b1115acdcf8e8a42af7", 0xfffffe49}], 0x5}}], 0x2, 0x488c4)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)

1.328579461s ago: executing program 0 (id=12722):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x5}, {0x0, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x5}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4, 0xc}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0})
r3 = socket(0x26, 0x8000a, 0x5)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="44000000131d299466eb704d590a0000", @ANYRES32=r2, @ANYRES16=r2], 0x44}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
r4 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="f6", 0xfffffe42}], 0x1, 0x0, 0x0, 0x4000800}], 0x1, 0x24004041)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="280000000306050000000000000000000a00000305000100070000000900020073797a30000000004999dfa8ae9e1f51e854e464220e08eac413977629c3805a2665866babc7efb00b87208be2eca98f1d51791f7e4430fe4febf9e3d606372397a3048f995fa1f693a27242ff502f8d3041140ab712c8d8f869ebdf87"], 0x28}, 0x1, 0x0, 0x0, 0xc4}, 0x4)
sendto$inet(r3, &(0x7f00000003c0)="cc4c52493726a6260e2c7f7b41b2adcc87040000000000000026a8d8ea02ed6642a1be1ee8e542e8f54e17", 0x4d, 0x811, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000580)={0xe, 0x0, 0xd, 0xffffffff}, 0x10)
ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000180))
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000004580)={'ip6_vti0\x00', &(0x7f0000004500)={'syztnl0\x00', 0x0, 0x2f, 0x2, 0xd, 0x8, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @empty, 0x8, 0x40, 0x5, 0x8}})
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x4001, 0x200}, 0x8)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000016c0)="5aaa5b4d486c11585ab6e35bf8691046cd19c4fbff1b9f7e9c1a825f3b70e0f25fd6856a686db1336a330860e6729e58a85c8d4205622cd6983dd0dff6"}], 0x2, &(0x7f0000000380), 0x3f}], 0x1, 0x40840)
recvmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000440)=""/97, 0x61}, {&(0x7f0000000200)=""/94, 0x5e}], 0x2}, 0x0)

1.277485164s ago: executing program 1 (id=12723):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x20008084}, 0x4040000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x4048010)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000100)={0x3a}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="bb", 0x1, 0x4004881, &(0x7f0000000080)={0xa, 0x0, 0x9, @private0, 0x152a}, 0x1c)
listen(r6, 0x100101)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r5, &(0x7f00000000c0)='K', 0x1, 0x44008011, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
sendmsg$IPSET_CMD_DESTROY(r4, 0x0, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
unshare(0x22020400)
unshare(0x40000000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f00000003c0))
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000a00)=[{0x2, 0x3, {0x2, 0x0, 0x1}, {0x2, 0x0, 0xf7a59104b40dfa67}, 0xfd}, {0x0, 0x0, {0x2, 0xf0}, {0x2, 0x0, 0x2}, 0xff, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xfe}, {0x1, 0x0, {0xe8a0a7dd6c3ddf1, 0x1, 0x7}, {0x2, 0xff}, 0x2, 0xfe}, {0x2, 0x1, {0x1, 0xf, 0x4}, {0x1, 0x1}, 0xff, 0xff}], 0xa0)

1.18825672s ago: executing program 0 (id=12724):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x9, 0x3, 0x238, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x1a0, 0xffffffff, 0xffffffff, 0x1a0, 0xffffffff, 0x3, &(0x7f0000000200), {[{{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x3, 0x3, 0x4, 0x4, 0x4, 0x4], 0x1, 0xc35e26e2184081db}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @random="07b467a3267e", 0x8, 0x5, [0x34, 0x18, 0x3c, 0x31, 0x28, 0x31, 0x6, 0x3e, 0x1a, 0x37, 0x4, 0x3, 0x20, 0x15, 0x15, 0x36], 0x2, 0x1400000, 0x10}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x1f}, @local, 0x0, 0xff, 'geneve1\x00', 'batadv_slave_0\x00', {0xff}, {}, 0xff, 0x1, 0xa}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x100000000)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x4}, 0x0, &(0x7f0000000240)={0x3fd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x6}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_create1(0x80000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000070000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701000003ffffffb702000008000000b70300000e0000008500000006000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001010000850000002d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r4}, 0x10)

1.036268087s ago: executing program 2 (id=12725):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000005000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008300b66366fe0000000000005509010000e6fadd491336105a3800000095000000000000001725fcff01000000bf91000000000000b7020000010000008500000095000000b7000000000000"], &(0x7f0000000140)='syzkaller\x00', 0xa, 0x20, &(0x7f0000000200)=""/32, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x8, 0x200, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x800}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000780)=r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @remote}, {0x2, 0x4, @multicast1}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x200})
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0xf, 0x1ff, 0x600000, 0x4, 0xdf, 0x2}, &(0x7f00000002c0)={0x3, 0x8000, 0x3, 0xfffffffffffffffb, 0x4d, 0x1, 0x8000, 0x3}, &(0x7f0000000300)={0x7, 0x6, 0x1, 0xd, 0x6, 0x7ff, 0x9, 0x6}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f0000000440)={&(0x7f0000000400)={[0x7]}, 0x8})
getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0], 0x28}}, 0x802)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_KEY(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000180)={0x3c, r6, 0x1, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "727afffa97"}, @NL80211_KEY_DEFAULT={0x4}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x818}, 0x4000)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000140)='devices.list\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
readv(r9, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="9d5ab229d99f6a8e10bb5fd52316e117eee892d86a067b4ae693515c2f15508e4d2d7c3d8a0ca7d2f3469320bce3097147e2e1816fe001f04afec25f5b9aaa55646b232a465b2c0deb426a084a2220ab94ff8be945f2a80ac0b0d740961893e41b80741213be111e59de4d56b3f64fb98fbf7b1153833e89545ca0f5b265", 0x7e)

731.190511ms ago: executing program 2 (id=12726):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x8, 0x1019, &(0x7f0000001200)=""/4121, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32], 0x4c}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000240), 0x0, 0x1000, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000400000014000500fc0100000000000000000000ad000001080002000500000014000600ff020000000000a30885621a982b3c0106000b0002"], 0x4c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f0000000440)=0x4, 0x4)
setsockopt$packet_rx_ring(r6, 0x107, 0x5, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000440), 0x0, &(0x7f0000000480)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x48}}], 0x1, 0x2000, &(0x7f0000000540))
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200"/16], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

641.177972ms ago: executing program 4 (id=12727):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000005000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008300b66366fe0000000000005509010000e6fadd491336105a3800000095000000000000001725fcff01000000bf91000000000000b7020000010000008500000095000000b7000000000000"], &(0x7f0000000140)='syzkaller\x00', 0xa, 0x20, &(0x7f0000000200)=""/32, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x8, 0x200, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x800}, 0x94)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000780)=r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @remote}, {0x2, 0x4, @multicast1}, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x200})
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00'})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0xf, 0x1ff, 0x600000, 0x4, 0xdf, 0x2}, &(0x7f00000002c0)={0x3, 0x8000, 0x3, 0xfffffffffffffffb, 0x4d, 0x1, 0x8000, 0x3}, &(0x7f0000000300)={0x7, 0x6, 0x1, 0xd, 0x6, 0x7ff, 0x9, 0x6}, &(0x7f0000000340)={0x0, 0x3938700}, &(0x7f0000000440)={&(0x7f0000000400)={[0x7]}, 0x8})
getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0], 0x28}}, 0x802)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_KEY(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000180)={0x3c, r6, 0x1, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "727afffa97"}, @NL80211_KEY_DEFAULT={0x4}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x818}, 0x4000)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000000140)='devices.list\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
readv(r9, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000001c0)="9d5ab229d99f6a8e10bb5fd52316e117eee892d86a067b4ae693515c2f15508e4d2d7c3d8a0ca7d2f3469320bce3097147e2e1816fe001f04afec25f5b9aaa55646b232a465b2c0deb426a084a2220ab94ff8be945f2a80ac0b0d740961893e41b80741213be111e59de4d56b3f64fb98fbf7b1153833e89545ca0f5b265", 0x7e)

392.27391ms ago: executing program 3 (id=12728):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb010018000000000000007c0000167c00000002000000000000000000000e0021000000000000000000000600000d000000000000000000000000000010000000000000000000000000000000000000000000000f0000000000014b0002050000000000000000000009000000000e0000b7eb1fd309ffffffff00000002000000090200000000004000000000000000000000000000001fd8e0fc135cdb2125202ca862fe289d1e89b75aa415a6cfe187b4b0cb4283bb7d4b5892aa8571d9e346dadd944fe459690c17dfdc1ec6a4d4aaccc03f9ebb8f6865519306446484967e480a2209216a4f6233f632d90955d12c8b40d518f1aaac"], 0x0, 0x96, 0x0, 0x0, 0xfffffffe, 0x10000, @value=r0}, 0x28)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000200000000000000000000040000000000001ab269a548b1b122040c4e41b46bfeee41beae3bfa3e4d8bf051c31d8b08837936d465fc753a269833210229"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000010000004000000020"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000002c0), 0x1003, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x6, r2}, 0x38)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f0000000200)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0x4}, 0x80, &(0x7f00000018c0)=[{0x0}, {&(0x7f0000000700)="cb4e64b0af329873eef129", 0xb}], 0x2}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000400)=""/229, 0xe5}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000500)=""/245, 0xf5}, {&(0x7f0000000600)=""/90, 0x5a}, {&(0x7f0000000680)=""/74, 0x4a}, {0x0}, {&(0x7f00000001c0)=""/16, 0x10}], 0x7, &(0x7f0000000900)=""/130, 0x82}, 0x2)
syz_emit_ethernet(0x84, &(0x7f0000000240)=ANY=[], 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x2, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = socket(0x29, 0x2, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x0, '\x00', [{0x834, 0x3, 0x7, 0x6ea9, 0x3, 0x321}, {0x101, 0xc35202a, 0xfffffffffffffffe, 0x1, 0x6, 0x4}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000e40)={0x0, @bcast, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x6, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})

309.976893ms ago: executing program 4 (id=12729):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000040000e41300050003030000000a0000005dc000000000010800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x20008084}, 0x4040000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf8200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x4048010)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000100)={0x3a}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="bb", 0x1, 0x4004881, &(0x7f0000000080)={0xa, 0x0, 0x9, @private0, 0x152a}, 0x1c)
listen(r6, 0x100101)
r7 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r5, &(0x7f00000000c0)='K', 0x1, 0x44008011, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x30, 0x3, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
unshare(0x22020400)
unshare(0x40000000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f00000003c0))
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, &(0x7f0000000a00)=[{0x2, 0x3, {0x2, 0x0, 0x1}, {0x2, 0x0, 0xf7a59104b40dfa67}, 0xfd}, {0x0, 0x0, {0x2, 0xf0}, {0x2, 0x0, 0x2}, 0xff, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x4}, {0x0, 0x1, 0x4}, 0x1, 0xfe}, {0x1, 0x0, {0xe8a0a7dd6c3ddf1, 0x1, 0x7}, {0x2, 0xff}, 0x2, 0xfe}, {0x2, 0x1, {0x1, 0xf, 0x4}, {0x1, 0x1}, 0xff, 0xff}], 0xa0)

271.439414ms ago: executing program 1 (id=12730):
unshare(0xc040400)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c00be87d5eab09b340b5a265014d86abb6ae50065e67b7cdc5362589f9b4127fe218ba5f79aa58f7446a6ab30cf9b1be46718b1193d8900973a5ea1f22bcf947456685261ebd7416ad7c9a3949ffd1d2fda2dd6f5dae464175b09d0700f1e13ce1", 0x8f, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0xff, 0xf, 0x0, 0xffff}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x20010, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x64, 0x32, 0x51b, 0x0, 0x0, {}, [{0x50, 0x1, [@m_skbmod={0x4c, 0x1, 0x0, 0x0, {{0xb}, {0x20, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x101}, @TCA_SKBMOD_SMAC={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5e0}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x64}}, 0x0)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xfffd, 'syz0\x00', @default, 0xfffffdb8, 0x2, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @default, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

191.123937ms ago: executing program 0 (id=12731):
bind$alg(0xffffffffffffffff, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x7, &(0x7f0000000100)="23830014", 0x4)

167.276708ms ago: executing program 2 (id=12732):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x2}, 0x50)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f00000008c0), 0x0, 0x408c0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf5, 0x0, 0x0, 0x0, 0xb7c3}}, &(0x7f00000001c0)='GPL\x00', 0x38000000, 0x1000, &(0x7f0000001300)=""/4096, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0xa, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0xf, 0x4, 0x1b}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="3183000000000000000019000000180001801400020073797a5f74756e00"], 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x4886)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000006080)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x1}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'bridge0\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)

642.443µs ago: executing program 0 (id=12733):
unshare(0xc040400)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c00be87d5eab09b340b5a265014d86abb6ae50065e67b7cdc5362589f9b4127fe218ba5f79aa58f7446a6ab30cf9b1be46718b1193d8900973a5ea1f22bcf947456685261ebd7416ad7c9a3949ffd1d2fda2dd6f5dae464175b09d0700f1e13ce1", 0x8f, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x20010, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x64, 0x32, 0x51b, 0x0, 0x0, {}, [{0x50, 0x1, [@m_skbmod={0x4c, 0x1, 0x0, 0x0, {{0xb}, {0x20, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x101}, @TCA_SKBMOD_SMAC={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5e0}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x64}}, 0x0)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="8f", 0x1}], 0x1)
ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xfffd, 'syz0\x00', @default, 0xfffffdb8, 0x2, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @default, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

0s ago: executing program 2 (id=12734):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000001500)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x11, 0x4, 0x4, 0x9}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x2, 0x4, 0x1, 0x0, r1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet6(0xa, 0x80002, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

kernel console output (not intermixed with test programs):

 ? __kmalloc_cache_node_noprof+0x234/0x3d0
[ 1764.291175][T12613]  ? __sys_bpf+0x60f/0x870
[ 1764.291202][T12613]  ? __get_vm_area_node+0x13f/0x300
[ 1764.291233][T12613]  ? sock_hash_alloc+0x266/0x4e0
[ 1764.291266][T12613]  __get_vm_area_node+0x1f8/0x300
[ 1764.291313][T12613]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1764.291348][T12613]  ? sock_hash_alloc+0x266/0x4e0
[ 1764.291415][T12613]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1764.291450][T12613]  ? rcu_is_watching+0x15/0xb0
[ 1764.291474][T12613]  ? trace_kmalloc+0x1f/0xd0
[ 1764.291500][T12613]  ? __kmalloc_node_noprof+0x293/0x4e0
[ 1764.291530][T12613]  ? bpf_map_area_alloc+0x64/0x180
[ 1764.291571][T12613]  bpf_map_area_alloc+0x12d/0x180
[ 1764.291605][T12613]  ? sock_hash_alloc+0x266/0x4e0
[ 1764.291641][T12613]  sock_hash_alloc+0x266/0x4e0
[ 1764.291681][T12613]  map_create+0xaa0/0x14d0
[ 1764.291717][T12613]  ? security_bpf+0x7e/0x300
[ 1764.291748][T12613]  __sys_bpf+0x60f/0x870
[ 1764.291781][T12613]  ? __pfx___sys_bpf+0x10/0x10
[ 1764.291827][T12613]  ? ksys_write+0x22a/0x250
[ 1764.291861][T12613]  ? __pfx_ksys_write+0x10/0x10
[ 1764.291901][T12613]  __x64_sys_bpf+0x7c/0x90
[ 1764.291930][T12613]  do_syscall_64+0xfa/0x3b0
[ 1764.291959][T12613]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1764.291986][T12613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1764.292010][T12613]  ? clear_bhb_loop+0x60/0xb0
[ 1764.292039][T12613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1764.292062][T12613] RIP: 0033:0x7f677598ebe9
[ 1764.292084][T12613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1764.292104][T12613] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1764.292128][T12613] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1764.292145][T12613] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1764.292159][T12613] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1764.292173][T12613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1764.292187][T12613] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1764.292224][T12613]  </TASK>
[ 1764.364372][T12615] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1764.724971][T12601] lo speed is unknown, defaulting to 1000
[ 1765.011443][T12637] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1765.134445][T12644] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1766.299227][T12695] __nla_validate_parse: 42 callbacks suppressed
[ 1766.299248][T12695] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11358'.
[ 1766.411216][T12699] netlink: 'syz.0.11359': attribute type 31 has an invalid length.
[ 1766.838446][T12712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11364'.
[ 1766.851655][T12713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11365'.
[ 1766.877768][T12712] gtp1: entered promiscuous mode
[ 1766.883847][T12712] gtp1: entered allmulticast mode
[ 1766.964614][T12715] lo speed is unknown, defaulting to 1000
[ 1767.428507][T12715] lo speed is unknown, defaulting to 1000
[ 1767.927139][T12740] FAULT_INJECTION: forcing a failure.
[ 1767.927139][T12740] name failslab, interval 1, probability 0, space 0, times 0
[ 1767.941640][T12740] CPU: 1 UID: 0 PID: 12740 Comm: syz.0.11373 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1767.941673][T12740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1767.941688][T12740] Call Trace:
[ 1767.941699][T12740]  <TASK>
[ 1767.941709][T12740]  dump_stack_lvl+0x189/0x250
[ 1767.941742][T12740]  ? __pfx____ratelimit+0x10/0x10
[ 1767.941777][T12740]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1767.941805][T12740]  ? __pfx__printk+0x10/0x10
[ 1767.941844][T12740]  ? __pfx___might_resched+0x10/0x10
[ 1767.941872][T12740]  should_fail_ex+0x414/0x560
[ 1767.941905][T12740]  should_failslab+0xa8/0x100
[ 1767.941940][T12740]  __kmalloc_cache_node_noprof+0x73/0x3d0
[ 1767.941981][T12740]  ? __get_vm_area_node+0x13f/0x300
[ 1767.942019][T12740]  __get_vm_area_node+0x13f/0x300
[ 1767.942057][T12740]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1767.942092][T12740]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1767.942124][T12740]  ? __lock_acquire+0xab9/0xd20
[ 1767.942190][T12740]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1767.942222][T12740]  ? __might_fault+0xb0/0x130
[ 1767.942255][T12740]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1767.942291][T12740]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1767.942322][T12740]  __vmalloc_noprof+0xb1/0xf0
[ 1767.942354][T12740]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1767.942389][T12740]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1767.942428][T12740]  bpf_prog_alloc+0x3c/0x1a0
[ 1767.942463][T12740]  bpf_prog_load+0x735/0x1930
[ 1767.942509][T12740]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1767.942568][T12740]  ? bpf_lsm_bpf+0x9/0x20
[ 1767.942596][T12740]  ? security_bpf+0x7e/0x300
[ 1767.942627][T12740]  __sys_bpf+0x528/0x870
[ 1767.942660][T12740]  ? __pfx___sys_bpf+0x10/0x10
[ 1767.942706][T12740]  ? ksys_write+0x22a/0x250
[ 1767.942740][T12740]  ? __pfx_ksys_write+0x10/0x10
[ 1767.942767][T12740]  ? rcu_is_watching+0x15/0xb0
[ 1767.942800][T12740]  __x64_sys_bpf+0x7c/0x90
[ 1767.942828][T12740]  do_syscall_64+0xfa/0x3b0
[ 1767.942856][T12740]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1767.942883][T12740]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.942907][T12740]  ? clear_bhb_loop+0x60/0xb0
[ 1767.942935][T12740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.942968][T12740] RIP: 0033:0x7f323438ebe9
[ 1767.942990][T12740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1767.943010][T12740] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1767.943034][T12740] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1767.943050][T12740] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[ 1767.943064][T12740] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1767.943078][T12740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1767.943091][T12740] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1767.943128][T12740]  </TASK>
[ 1767.943253][T12740] warn_alloc: 1 callbacks suppressed
[ 1767.943266][T12740] syz.0.11373: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null)
[ 1767.951034][T12741] netlink: 844 bytes leftover after parsing attributes in process `syz.1.11374'.
[ 1767.964500][T12740] ,cpuset=
[ 1768.063331][T12741] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11374'.
[ 1768.263320][T12740] /,mems_allowed=0-1
[ 1768.277465][T12744] netlink: 'syz.4.11375': attribute type 3 has an invalid length.
[ 1768.278436][T12740] CPU: 1 UID: 0 PID: 12740 Comm: syz.0.11373 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1768.278471][T12740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1768.278488][T12740] Call Trace:
[ 1768.278498][T12740]  <TASK>
[ 1768.278510][T12740]  dump_stack_lvl+0x189/0x250
[ 1768.278549][T12740]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1768.278588][T12740]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1768.278620][T12740]  ? __pfx__printk+0x10/0x10
[ 1768.278658][T12740]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1768.278687][T12740]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1768.278729][T12740]  warn_alloc+0x214/0x310
[ 1768.278778][T12740]  ? __pfx_warn_alloc+0x10/0x10
[ 1768.278819][T12740]  ? __get_vm_area_node+0x13f/0x300
[ 1768.278861][T12740]  ? __get_vm_area_node+0x2b5/0x300
[ 1768.278906][T12740]  __vmalloc_node_range_noprof+0x326/0x12f0
[ 1768.278953][T12740]  ? __lock_acquire+0xab9/0xd20
[ 1768.279026][T12740]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1768.279062][T12740]  ? __might_fault+0xb0/0x130
[ 1768.279100][T12740]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1768.279143][T12740]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1768.279178][T12740]  __vmalloc_noprof+0xb1/0xf0
[ 1768.279214][T12740]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1768.279254][T12740]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[ 1768.279298][T12740]  bpf_prog_alloc+0x3c/0x1a0
[ 1768.279338][T12740]  bpf_prog_load+0x735/0x1930
[ 1768.279395][T12740]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1768.279461][T12740]  ? bpf_lsm_bpf+0x9/0x20
[ 1768.279492][T12740]  ? security_bpf+0x7e/0x300
[ 1768.279542][T12740]  __sys_bpf+0x528/0x870
[ 1768.279580][T12740]  ? __pfx___sys_bpf+0x10/0x10
[ 1768.279631][T12740]  ? ksys_write+0x22a/0x250
[ 1768.279670][T12740]  ? __pfx_ksys_write+0x10/0x10
[ 1768.279700][T12740]  ? rcu_is_watching+0x15/0xb0
[ 1768.279738][T12740]  __x64_sys_bpf+0x7c/0x90
[ 1768.279771][T12740]  do_syscall_64+0xfa/0x3b0
[ 1768.279805][T12740]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1768.279836][T12740]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1768.279863][T12740]  ? clear_bhb_loop+0x60/0xb0
[ 1768.279896][T12740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1768.279922][T12740] RIP: 0033:0x7f323438ebe9
[ 1768.279951][T12740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1768.279975][T12740] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1768.280003][T12740] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1768.280022][T12740] RDX: 0000000000000094 RSI: 0000200000000200 RDI: 0000000000000005
[ 1768.280039][T12740] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1768.280054][T12740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1768.280070][T12740] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1768.280110][T12740]  </TASK>
[ 1768.280227][T12740] Mem-Info:
[ 1768.581424][T12740] active_anon:7497 inactive_anon:0 isolated_anon:0
[ 1768.581424][T12740]  active_file:2162 inactive_file:40519 isolated_file:0
[ 1768.581424][T12740]  unevictable:768 dirty:301 writeback:0
[ 1768.581424][T12740]  slab_reclaimable:13779 slab_unreclaimable:196725
[ 1768.581424][T12740]  mapped:29631 shmem:5303 pagetables:1264
[ 1768.581424][T12740]  sec_pagetables:0 bounce:0
[ 1768.581424][T12740]  kernel_misc_reclaimable:0
[ 1768.581424][T12740]  free:1227211 free_pcp:13749 free_cma:0
[ 1768.666292][T12740] Node 0 active_anon:30088kB inactive_anon:0kB active_file:8648kB inactive_file:161872kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118524kB dirty:1204kB writeback:0kB shmem:19676kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13440kB pagetables:4816kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1768.707944][T12740] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1768.744680][T12740] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1768.778405][T12748] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11377'.
[ 1768.789593][T12740] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 1768.796427][T12740] Node 0 DMA32 free:990800kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28244kB inactive_anon:0kB active_file:8648kB inactive_file:160300kB unevictable:1536kB writepending:1204kB present:3129332kB managed:2557520kB mlocked:0kB bounce:0kB free_pcp:49556kB local_pcp:33688kB free_cma:0kB
[ 1768.837471][T12748] unsupported nlmsg_type 40
[ 1768.842937][T12740] lowmem_reserve[]: 0 0 1 1 1
[ 1768.869342][T12740] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1572kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1768.940584][T12740] lowmem_reserve[]: 0 0 0 0 0
[ 1768.945375][T12740] Node 1 Normal free:3902416kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:7552kB local_pcp:7304kB free_cma:0kB
[ 1769.015556][T12740] lowmem_reserve[]: 0 0 0 0 0
[ 1769.020348][T12740] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1769.094713][T12740] Node 0 DMA32: 1481*4kB (UME) 1141*8kB (UME) 545*16kB (UME) 367*32kB (UM) 723*64kB (UM) 543*128kB (UME) 420*256kB (UME) 240*512kB (UME) 145*1024kB (UME) 10*2048kB (UME) 110*4096kB (M) = 1001212kB
[ 1769.126985][T12740] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1769.154870][T12740] Node 1 Normal: 105*4kB (UM) 70*8kB (UME) 47*16kB (UME) 252*32kB (UME) 93*64kB (UME) 27*128kB (UME) 9*256kB (UME) 4*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3902468kB
[ 1769.215812][T12740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1769.235998][T12740] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1769.270463][T12740] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1769.280074][T12740] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1769.333853][T12740] 44161 total pagecache pages
[ 1769.338592][T12740] 0 pages in swap cache
[ 1769.361587][T12740] Free swap  = 124996kB
[ 1769.370214][T12740] Total swap = 124996kB
[ 1769.382800][T12740] 2097051 pages RAM
[ 1769.391372][T12740] 0 pages HighMem/MovableOnly
[ 1769.401710][T12740] 425645 pages reserved
[ 1769.412040][T12740] 0 pages cma reserved
[ 1769.499845][T12771] netlink: 72 bytes leftover after parsing attributes in process `syz.2.11383'.
[ 1769.605771][T12775] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11385'.
[ 1769.617181][T12774] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1769.803559][T12788] netlink: 'syz.3.11392': attribute type 1 has an invalid length.
[ 1770.037291][T12805] netlink: 844 bytes leftover after parsing attributes in process `syz.3.11397'.
[ 1770.057124][T12806] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1770.086032][T12805] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11397'.
[ 1770.910316][T12820] netlink: 'syz.2.11401': attribute type 1 has an invalid length.
[ 1771.170244][T12837] netlink: 'syz.4.11407': attribute type 1 has an invalid length.
[ 1771.303054][T12842] __nla_validate_parse: 1 callbacks suppressed
[ 1771.303080][T12842] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11408'.
[ 1771.314183][T12843] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1771.482035][T12857] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1771.684075][T12864] syzkaller0: entered promiscuous mode
[ 1771.692041][T12864] syzkaller0: entered allmulticast mode
[ 1772.353708][T12882] netlink: 844 bytes leftover after parsing attributes in process `syz.1.11425'.
[ 1772.437135][T12883] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11425'.
[ 1772.649295][T12885] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11426'.
[ 1773.747896][T12898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11431'.
[ 1773.851243][T12906] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1773.940300][T12913] netlink: 844 bytes leftover after parsing attributes in process `syz.1.11438'.
[ 1773.971724][T12910] netlink: 'syz.2.11435': attribute type 11 has an invalid length.
[ 1774.053480][T12922] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11438'.
[ 1774.065183][T12909] netlink: 'syz.2.11435': attribute type 11 has an invalid length.
[ 1774.775627][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11448'.
[ 1775.105810][T12966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11454'.
[ 1775.220946][T12969] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[ 1775.228335][T12969] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[ 1775.409192][T12979] netlink: 104 bytes leftover after parsing attributes in process `syz.4.11458'.
[ 1775.432703][T12980] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1775.544520][T12989] netlink: 'syz.4.11463': attribute type 8 has an invalid length.
[ 1776.014892][T13013] FAULT_INJECTION: forcing a failure.
[ 1776.014892][T13013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1776.053789][T13013] CPU: 1 UID: 0 PID: 13013 Comm: syz.2.11474 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1776.053825][T13013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1776.053840][T13013] Call Trace:
[ 1776.053850][T13013]  <TASK>
[ 1776.053861][T13013]  dump_stack_lvl+0x189/0x250
[ 1776.053896][T13013]  ? __pfx____ratelimit+0x10/0x10
[ 1776.053929][T13013]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1776.053957][T13013]  ? __pfx__printk+0x10/0x10
[ 1776.053988][T13013]  ? __might_fault+0xb0/0x130
[ 1776.054034][T13013]  should_fail_ex+0x414/0x560
[ 1776.054066][T13013]  _copy_from_iter+0x1db/0x16f0
[ 1776.054104][T13013]  ? rcu_is_watching+0x15/0xb0
[ 1776.054129][T13013]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1776.054163][T13013]  ? __pfx__copy_from_iter+0x10/0x10
[ 1776.054197][T13013]  ? __build_skb_around+0x257/0x3e0
[ 1776.054233][T13013]  ? netlink_sendmsg+0x642/0xb30
[ 1776.054270][T13013]  ? skb_put+0x11b/0x210
[ 1776.054305][T13013]  netlink_sendmsg+0x6b2/0xb30
[ 1776.054347][T13013]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.054381][T13013]  ? __lock_acquire+0xab9/0xd20
[ 1776.054411][T13013]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1776.054445][T13013]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1776.054470][T13013]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.054502][T13013]  __sock_sendmsg+0x21c/0x270
[ 1776.054532][T13013]  ____sys_sendmsg+0x505/0x830
[ 1776.054573][T13013]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1776.054617][T13013]  ? import_iovec+0x74/0xa0
[ 1776.054643][T13013]  ___sys_sendmsg+0x21f/0x2a0
[ 1776.054680][T13013]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1776.054758][T13013]  ? __fget_files+0x2a/0x420
[ 1776.054791][T13013]  ? __fget_files+0x3a0/0x420
[ 1776.054839][T13013]  __x64_sys_sendmsg+0x19b/0x260
[ 1776.054876][T13013]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1776.054922][T13013]  ? __pfx_ksys_write+0x10/0x10
[ 1776.054949][T13013]  ? rcu_is_watching+0x15/0xb0
[ 1776.054978][T13013]  ? do_syscall_64+0xbe/0x3b0
[ 1776.055013][T13013]  do_syscall_64+0xfa/0x3b0
[ 1776.055041][T13013]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.055068][T13013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.055090][T13013]  ? clear_bhb_loop+0x60/0xb0
[ 1776.055118][T13013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.055141][T13013] RIP: 0033:0x7f677598ebe9
[ 1776.055162][T13013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1776.055182][T13013] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1776.055206][T13013] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1776.055222][T13013] RDX: 0000000000008004 RSI: 0000200000000600 RDI: 0000000000000006
[ 1776.055237][T13013] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1776.055257][T13013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1776.055270][T13013] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1776.055306][T13013]  </TASK>
[ 1776.646358][T13042] __nla_validate_parse: 4 callbacks suppressed
[ 1776.646383][T13042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11487'.
[ 1776.663028][T13043] FAULT_INJECTION: forcing a failure.
[ 1776.663028][T13043] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1776.681717][T13043] CPU: 0 UID: 0 PID: 13043 Comm: syz.0.11486 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1776.681749][T13043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1776.681764][T13043] Call Trace:
[ 1776.681772][T13043]  <TASK>
[ 1776.681783][T13043]  dump_stack_lvl+0x189/0x250
[ 1776.681816][T13043]  ? __pfx____ratelimit+0x10/0x10
[ 1776.681845][T13043]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1776.681873][T13043]  ? __pfx__printk+0x10/0x10
[ 1776.681905][T13043]  ? __might_fault+0xb0/0x130
[ 1776.681950][T13043]  should_fail_ex+0x414/0x560
[ 1776.681982][T13043]  _copy_from_user+0x2d/0xb0
[ 1776.682005][T13043]  ___sys_sendmsg+0x158/0x2a0
[ 1776.682043][T13043]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1776.682138][T13043]  ? __fget_files+0x2a/0x420
[ 1776.682179][T13043]  ? __fget_files+0x3a0/0x420
[ 1776.682226][T13043]  __x64_sys_sendmsg+0x19b/0x260
[ 1776.682263][T13043]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1776.682310][T13043]  ? __pfx_ksys_write+0x10/0x10
[ 1776.682337][T13043]  ? rcu_is_watching+0x15/0xb0
[ 1776.682366][T13043]  ? do_syscall_64+0xbe/0x3b0
[ 1776.682400][T13043]  do_syscall_64+0xfa/0x3b0
[ 1776.682428][T13043]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.682455][T13043]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.682479][T13043]  ? clear_bhb_loop+0x60/0xb0
[ 1776.682508][T13043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.682530][T13043] RIP: 0033:0x7f323438ebe9
[ 1776.682551][T13043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1776.682572][T13043] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1776.682596][T13043] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1776.682613][T13043] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 0000000000000003
[ 1776.682627][T13043] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1776.682642][T13043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1776.682655][T13043] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1776.682692][T13043]  </TASK>
[ 1777.111641][T13059] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1777.338166][T13068] FAULT_INJECTION: forcing a failure.
[ 1777.338166][T13068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1777.354264][T13068] CPU: 1 UID: 0 PID: 13068 Comm: syz.2.11496 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1777.354296][T13068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1777.354310][T13068] Call Trace:
[ 1777.354319][T13068]  <TASK>
[ 1777.354328][T13068]  dump_stack_lvl+0x189/0x250
[ 1777.354362][T13068]  ? __pfx____ratelimit+0x10/0x10
[ 1777.354391][T13068]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1777.354419][T13068]  ? __pfx__printk+0x10/0x10
[ 1777.354451][T13068]  ? __might_fault+0xb0/0x130
[ 1777.354496][T13068]  should_fail_ex+0x414/0x560
[ 1777.354528][T13068]  _copy_from_iter+0x1db/0x16f0
[ 1777.354566][T13068]  ? __lock_acquire+0xab9/0xd20
[ 1777.354606][T13068]  ? __pfx__copy_from_iter+0x10/0x10
[ 1777.354660][T13068]  tun_get_user+0x219/0x3e20
[ 1777.354717][T13068]  ? aa_file_perm+0x44d/0x1550
[ 1777.354751][T13068]  ? __pfx_tun_get_user+0x10/0x10
[ 1777.354782][T13068]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1777.354823][T13068]  ? __lock_acquire+0xab9/0xd20
[ 1777.354870][T13068]  ? ref_tracker_alloc+0x318/0x460
[ 1777.354896][T13068]  ? __lock_acquire+0xab9/0xd20
[ 1777.354931][T13068]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1777.354966][T13068]  ? tun_get+0x1c/0x2f0
[ 1777.355005][T13068]  ? tun_get+0x1c/0x2f0
[ 1777.355035][T13068]  ? tun_get+0x1c/0x2f0
[ 1777.355071][T13068]  tun_chr_write_iter+0x113/0x200
[ 1777.355107][T13068]  vfs_write+0x548/0xa90
[ 1777.355143][T13068]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1777.355176][T13068]  ? __pfx_vfs_write+0x10/0x10
[ 1777.355222][T13068]  ? __fget_files+0x2a/0x420
[ 1777.355267][T13068]  ksys_write+0x145/0x250
[ 1777.355301][T13068]  ? __pfx_ksys_write+0x10/0x10
[ 1777.355328][T13068]  ? rcu_is_watching+0x15/0xb0
[ 1777.355356][T13068]  ? do_syscall_64+0xbe/0x3b0
[ 1777.355390][T13068]  do_syscall_64+0xfa/0x3b0
[ 1777.355417][T13068]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1777.355445][T13068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1777.355469][T13068]  ? clear_bhb_loop+0x60/0xb0
[ 1777.355497][T13068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1777.355520][T13068] RIP: 0033:0x7f677598ebe9
[ 1777.355541][T13068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1777.355563][T13068] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1777.355587][T13068] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1777.355604][T13068] RDX: 000000000000003c RSI: 0000200000000100 RDI: 0000000000000003
[ 1777.355619][T13068] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1777.355633][T13068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.355646][T13068] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1777.355683][T13068]  </TASK>
[ 1777.648428][T13072] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11498'.
[ 1778.561763][T13125] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1778.692206][T13129] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11516'.
[ 1778.706753][T13129] netem: unknown loss type 13
[ 1778.718949][T13129] netem: change failed
[ 1779.396204][T13168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11527'.
[ 1779.494794][T13173] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1779.713692][T13168] bridge0 (unregistering): left allmulticast mode
[ 1779.782041][T13177] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1779.915465][T13183] atomic_op ffff888079d9a198 conn xmit_atomic 0000000000000000
[ 1779.955537][T13181] mac80211_hwsim hwsim25 syzkaller0: entered promiscuous mode
[ 1779.967412][T13181] mac80211_hwsim hwsim25 syzkaller0: entered allmulticast mode
[ 1780.254688][T13199] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1780.345435][T13207] netlink: 844 bytes leftover after parsing attributes in process `syz.2.11544'.
[ 1780.405990][T13207] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11544'.
[ 1780.657756][T13219] tipc: Enabling of bearer <eth:syzkaller0> rejected, max 3 bearers permitted
[ 1781.162927][T13250] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1781.183796][ T1002] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1781.855592][T13281] netlink: 64 bytes leftover after parsing attributes in process `syz.0.11563'.
[ 1781.895893][T13283] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1783.542941][T13354] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1784.656800][T13393] atomic_op ffff88801a5a9198 conn xmit_atomic 0000000000000000
[ 1784.788623][T13398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11601'.
[ 1785.111178][T13398] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11601'.
[ 1785.352043][T13423] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1785.584899][T13431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11611'.
[ 1785.677471][T13432] lo speed is unknown, defaulting to 1000
[ 1785.693604][T13436] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11610'.
[ 1786.120237][T13432] lo speed is unknown, defaulting to 1000
[ 1786.744353][T13468] netlink: 'syz.4.11622': attribute type 1 has an invalid length.
[ 1786.778696][T13468] netlink: 'syz.4.11622': attribute type 2 has an invalid length.
[ 1786.795690][T13466] netlink: 'syz.4.11622': attribute type 1 has an invalid length.
[ 1786.807125][T13466] netlink: 'syz.4.11622': attribute type 2 has an invalid length.
[ 1787.241663][T13482] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1787.932552][T13506] dvmrp1: tun_chr_ioctl cmd 1074025677
[ 1787.953155][T13506] dvmrp1: linktype set to 805
[ 1788.790205][T13550] openvswitch: netlink: IP tunnel dst address not specified
[ 1788.936933][T13554] netlink: 844 bytes leftover after parsing attributes in process `syz.1.11651'.
[ 1788.994783][T13554] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11651'.
[ 1789.093043][T13559] FAULT_INJECTION: forcing a failure.
[ 1789.093043][T13559] name failslab, interval 1, probability 0, space 0, times 0
[ 1789.119592][T13559] CPU: 0 UID: 0 PID: 13559 Comm: syz.3.11653 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1789.119625][T13559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1789.119640][T13559] Call Trace:
[ 1789.119649][T13559]  <TASK>
[ 1789.119659][T13559]  dump_stack_lvl+0x189/0x250
[ 1789.119693][T13559]  ? __pfx____ratelimit+0x10/0x10
[ 1789.119722][T13559]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1789.119751][T13559]  ? __pfx__printk+0x10/0x10
[ 1789.119789][T13559]  ? __pfx___might_resched+0x10/0x10
[ 1789.119816][T13559]  should_fail_ex+0x414/0x560
[ 1789.119857][T13559]  should_failslab+0xa8/0x100
[ 1789.119892][T13559]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1789.119924][T13559]  ? __alloc_skb+0x112/0x2d0
[ 1789.119959][T13559]  __alloc_skb+0x112/0x2d0
[ 1789.119994][T13559]  netlink_sendmsg+0x5c6/0xb30
[ 1789.120037][T13559]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1789.120071][T13559]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1789.120105][T13559]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1789.120130][T13559]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1789.120161][T13559]  __sock_sendmsg+0x21c/0x270
[ 1789.120191][T13559]  ____sys_sendmsg+0x505/0x830
[ 1789.120231][T13559]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1789.120273][T13559]  ? import_iovec+0x74/0xa0
[ 1789.120300][T13559]  ___sys_sendmsg+0x21f/0x2a0
[ 1789.120337][T13559]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1789.120415][T13559]  ? __fget_files+0x2a/0x420
[ 1789.120448][T13559]  ? __fget_files+0x3a0/0x420
[ 1789.120495][T13559]  __x64_sys_sendmsg+0x19b/0x260
[ 1789.120533][T13559]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1789.120577][T13559]  ? __pfx_ksys_write+0x10/0x10
[ 1789.120605][T13559]  ? rcu_is_watching+0x15/0xb0
[ 1789.120634][T13559]  ? do_syscall_64+0xbe/0x3b0
[ 1789.120668][T13559]  do_syscall_64+0xfa/0x3b0
[ 1789.120695][T13559]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1789.120721][T13559]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1789.120744][T13559]  ? clear_bhb_loop+0x60/0xb0
[ 1789.120771][T13559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1789.120794][T13559] RIP: 0033:0x7f0f9b58ebe9
[ 1789.120814][T13559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1789.120842][T13559] RSP: 002b:00007f0f997f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1789.120866][T13559] RAX: ffffffffffffffda RBX: 00007f0f9b7b5fa0 RCX: 00007f0f9b58ebe9
[ 1789.120883][T13559] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1789.120897][T13559] RBP: 00007f0f997f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1789.120911][T13559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1789.120924][T13559] R13: 00007f0f9b7b6038 R14: 00007f0f9b7b5fa0 R15: 00007ffe0adea808
[ 1789.120960][T13559]  </TASK>
[ 1789.546947][T13565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11656'.
[ 1789.557341][T13565] nbd: must specify a device to reconfigure
[ 1789.648154][T13573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11658'.
[ 1789.915507][T13587] netlink: 844 bytes leftover after parsing attributes in process `syz.4.11664'.
[ 1789.956711][T13589] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1790.007222][T13587] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11664'.
[ 1790.133778][T13599] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11668'.
[ 1790.239509][T13603] lo speed is unknown, defaulting to 1000
[ 1790.541747][T13603] lo speed is unknown, defaulting to 1000
[ 1791.239081][T13623] mac80211_hwsim hwsim25 syzkaller0: left promiscuous mode
[ 1791.267296][T13623] mac80211_hwsim hwsim25 syzkaller0: left allmulticast mode
[ 1791.292385][T13638] tap1: tun_chr_ioctl cmd 1074025676
[ 1791.297744][T13638] tap1: owner set to 0
[ 1791.370966][T13640] netlink: 844 bytes leftover after parsing attributes in process `syz.3.11678'.
[ 1791.489337][T13640] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11678'.
[ 1791.725644][T13655] netlink: 'syz.0.11684': attribute type 1 has an invalid length.
[ 1791.878563][T13667] FAULT_INJECTION: forcing a failure.
[ 1791.878563][T13667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1791.892081][T13667] CPU: 0 UID: 0 PID: 13667 Comm: syz.2.11688 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1791.892113][T13667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1791.892128][T13667] Call Trace:
[ 1791.892137][T13667]  <TASK>
[ 1791.892147][T13667]  dump_stack_lvl+0x189/0x250
[ 1791.892181][T13667]  ? __pfx____ratelimit+0x10/0x10
[ 1791.892208][T13667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1791.892236][T13667]  ? __pfx__printk+0x10/0x10
[ 1791.892269][T13667]  ? __might_fault+0xb0/0x130
[ 1791.892315][T13667]  should_fail_ex+0x414/0x560
[ 1791.892347][T13667]  _copy_from_user+0x2d/0xb0
[ 1791.892371][T13667]  ax25_ioctl+0x8b2/0xca0
[ 1791.892400][T13667]  ? __pfx_ax25_ioctl+0x10/0x10
[ 1791.892425][T13667]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1791.892454][T13667]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1791.892487][T13667]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1791.892519][T13667]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1791.892556][T13667]  sock_do_ioctl+0xd9/0x300
[ 1791.892585][T13667]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1791.892607][T13667]  ? __lock_acquire+0xab9/0xd20
[ 1791.892661][T13667]  sock_ioctl+0x576/0x790
[ 1791.892687][T13667]  ? __pfx_sock_ioctl+0x10/0x10
[ 1791.892711][T13667]  ? __fget_files+0x2a/0x420
[ 1791.892744][T13667]  ? __fget_files+0x3a0/0x420
[ 1791.892777][T13667]  ? __fget_files+0x2a/0x420
[ 1791.892816][T13667]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1791.892851][T13667]  ? __pfx_sock_ioctl+0x10/0x10
[ 1791.892872][T13667]  __se_sys_ioctl+0xfc/0x170
[ 1791.892900][T13667]  do_syscall_64+0xfa/0x3b0
[ 1791.892925][T13667]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1791.892950][T13667]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1791.892970][T13667]  ? clear_bhb_loop+0x60/0xb0
[ 1791.892995][T13667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1791.893015][T13667] RIP: 0033:0x7f677598ebe9
[ 1791.893034][T13667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1791.893052][T13667] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1791.893073][T13667] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1791.893089][T13667] RDX: 0000200000000040 RSI: 00000000000089e0 RDI: 0000000000000004
[ 1791.893102][T13667] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1791.893115][T13667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1791.893127][T13667] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1791.893159][T13667]  </TASK>
[ 1791.897084][T13660] 8021q: adding VLAN 0 to HW filter on device bond20
[ 1792.190080][T13660] bond19: (slave bond20): making interface the new active one
[ 1792.201937][T13660] bond19: (slave bond20): Enslaving as an active interface with an up link
[ 1792.573320][T13685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11692'.
[ 1792.619158][T10523] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1793.237711][T13717] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1793.977611][T13752] __nla_validate_parse: 2 callbacks suppressed
[ 1793.977633][T13752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11714'.
[ 1794.366037][T13766] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11720'.
[ 1794.583231][T13779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11723'.
[ 1794.584216][T13778] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1794.604767][T13780] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1794.788766][T13784] netlink: 'syz.1.11726': attribute type 6 has an invalid length.
[ 1795.205161][T13805] netlink: 104 bytes leftover after parsing attributes in process `syz.3.11731'.
[ 1795.537691][T13821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11738'.
[ 1796.220866][T13844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11743'.
[ 1796.317165][T13844] vlan3: entered allmulticast mode
[ 1796.335916][T13844] veth1: entered allmulticast mode
[ 1796.387986][T13850] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1796.717172][T13859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11749'.
[ 1796.736613][T13859] rdma_rxe: rxe_newlink: failed to add wg0
[ 1796.749230][T13859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11749'.
[ 1797.088656][T13868] lo speed is unknown, defaulting to 1000
[ 1797.172938][T13873] netlink: 60 bytes leftover after parsing attributes in process `syz.0.11754'.
[ 1797.376116][T13868] lo speed is unknown, defaulting to 1000
[ 1797.668730][T13892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11762'.
[ 1798.238056][T13914] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1798.368384][T13918] syz0: rxe_newlink: already configured on lo
[ 1798.404625][T13918] tipc: Resetting bearer <eth:team0>
[ 1798.437080][T13918] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1798.793378][T13936] lo speed is unknown, defaulting to 1000
[ 1798.989998][T13941] __nla_validate_parse: 4 callbacks suppressed
[ 1798.990024][T13941] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11776'.
[ 1799.142602][T13945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11778'.
[ 1799.153472][T13936] lo speed is unknown, defaulting to 1000
[ 1799.369968][T13950] netlink: 56 bytes leftover after parsing attributes in process `syz.3.11779'.
[ 1799.495343][T13960] delete_channel: no stack
[ 1799.509742][T13964] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1799.551670][T13960] delete_channel: no stack
[ 1799.914899][T13979] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1799.969751][T13976] lo speed is unknown, defaulting to 1000
[ 1800.225847][T13976] lo speed is unknown, defaulting to 1000
[ 1800.503465][T13998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11794'.
[ 1800.532608][T13995] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11793'.
[ 1800.543648][T13995] nbd: must specify a size in bytes for the device
[ 1800.635001][T14003] lo speed is unknown, defaulting to 1000
[ 1800.804394][T14017] netlink: 844 bytes leftover after parsing attributes in process `syz.3.11799'.
[ 1800.944465][T14017] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11799'.
[ 1801.118863][T14015] syzkaller1: entered promiscuous mode
[ 1801.140501][T14015] syzkaller1: entered allmulticast mode
[ 1801.178670][T14026] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11802'.
[ 1801.326995][T14030] netlink: 'syz.3.11804': attribute type 4 has an invalid length.
[ 1801.361393][T14030] netlink: 'syz.3.11804': attribute type 4 has an invalid length.
[ 1801.388014][T14003] lo speed is unknown, defaulting to 1000
[ 1801.506504][T14040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11807'.
[ 1801.626520][T14045] FAULT_INJECTION: forcing a failure.
[ 1801.626520][T14045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1801.639622][T14042] lo speed is unknown, defaulting to 1000
[ 1801.664973][T14045] CPU: 1 UID: 0 PID: 14045 Comm: syz.4.11809 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1801.665007][T14045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1801.665022][T14045] Call Trace:
[ 1801.665031][T14045]  <TASK>
[ 1801.665041][T14045]  dump_stack_lvl+0x189/0x250
[ 1801.665075][T14045]  ? __pfx____ratelimit+0x10/0x10
[ 1801.665104][T14045]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1801.665132][T14045]  ? __pfx__printk+0x10/0x10
[ 1801.665164][T14045]  ? __might_fault+0xb0/0x130
[ 1801.665209][T14045]  should_fail_ex+0x414/0x560
[ 1801.665247][T14045]  _copy_from_user+0x2d/0xb0
[ 1801.665271][T14045]  hci_sock_reject_list_add+0x8e/0x120
[ 1801.665305][T14045]  ? __pfx_hci_sock_reject_list_add+0x10/0x10
[ 1801.665342][T14045]  ? security_capable+0x7e/0x2e0
[ 1801.665380][T14045]  hci_sock_ioctl+0x87f/0x910
[ 1801.665418][T14045]  sock_do_ioctl+0xd9/0x300
[ 1801.665446][T14045]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1801.665469][T14045]  ? __lock_acquire+0xab9/0xd20
[ 1801.665523][T14045]  sock_ioctl+0x576/0x790
[ 1801.665550][T14045]  ? __pfx_sock_ioctl+0x10/0x10
[ 1801.665575][T14045]  ? __fget_files+0x2a/0x420
[ 1801.665607][T14045]  ? __fget_files+0x3a0/0x420
[ 1801.665690][T14045]  ? __fget_files+0x2a/0x420
[ 1801.665728][T14045]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1801.665757][T14045]  ? __pfx_sock_ioctl+0x10/0x10
[ 1801.665780][T14045]  __se_sys_ioctl+0xfc/0x170
[ 1801.665812][T14045]  do_syscall_64+0xfa/0x3b0
[ 1801.665840][T14045]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1801.665868][T14045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1801.665891][T14045]  ? clear_bhb_loop+0x60/0xb0
[ 1801.665920][T14045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1801.665942][T14045] RIP: 0033:0x7f5632b8ebe9
[ 1801.665962][T14045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1801.665982][T14045] RSP: 002b:00007f5633a26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1801.666004][T14045] RAX: ffffffffffffffda RBX: 00007f5632db5fa0 RCX: 00007f5632b8ebe9
[ 1801.666021][T14045] RDX: 0000200000000500 RSI: 00000000400448e6 RDI: 0000000000000004
[ 1801.666035][T14045] RBP: 00007f5633a26090 R08: 0000000000000000 R09: 0000000000000000
[ 1801.666048][T14045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1801.666060][T14045] R13: 00007f5632db6038 R14: 00007f5632db5fa0 R15: 00007ffd6a3d3128
[ 1801.666097][T14045]  </TASK>
[ 1802.010312][T14050] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1802.182772][T14057] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1802.316168][T14064] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1802.393123][T14060] ip_vti0: Master is either lo or non-ether device
[ 1802.401205][T14070] netlink: 64 bytes leftover after parsing attributes in process `syz.0.11816'.
[ 1802.605278][T14042] lo speed is unknown, defaulting to 1000
[ 1803.145078][T23218] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1803.814842][T14111] lo speed is unknown, defaulting to 1000
[ 1804.302629][T14133] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1804.372175][T14135] FAULT_INJECTION: forcing a failure.
[ 1804.372175][T14135] name failslab, interval 1, probability 0, space 0, times 0
[ 1804.387095][T14135] CPU: 0 UID: 0 PID: 14135 Comm: syz.0.11833 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1804.387127][T14135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1804.387142][T14135] Call Trace:
[ 1804.387151][T14135]  <TASK>
[ 1804.387161][T14135]  dump_stack_lvl+0x189/0x250
[ 1804.387195][T14135]  ? __pfx____ratelimit+0x10/0x10
[ 1804.387224][T14135]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1804.387251][T14135]  ? __pfx__printk+0x10/0x10
[ 1804.387290][T14135]  ? __pfx___might_resched+0x10/0x10
[ 1804.387312][T14135]  ? fs_reclaim_acquire+0x7d/0x100
[ 1804.387353][T14135]  should_fail_ex+0x414/0x560
[ 1804.387386][T14135]  should_failslab+0xa8/0x100
[ 1804.387421][T14135]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1804.387454][T14135]  ? __alloc_skb+0x112/0x2d0
[ 1804.387489][T14135]  __alloc_skb+0x112/0x2d0
[ 1804.387525][T14135]  netlink_ack+0x146/0xa50
[ 1804.387551][T14135]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1804.387602][T14135]  netlink_rcv_skb+0x28c/0x470
[ 1804.387629][T14135]  ? __lock_acquire+0xab9/0xd20
[ 1804.387662][T14135]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1804.387694][T14135]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1804.387738][T14135]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1804.387789][T14135]  netlink_unicast+0x82c/0x9e0
[ 1804.387827][T14135]  ? __pfx_netlink_unicast+0x10/0x10
[ 1804.387856][T14135]  ? netlink_sendmsg+0x642/0xb30
[ 1804.387883][T14135]  ? skb_put+0x11b/0x210
[ 1804.387918][T14135]  netlink_sendmsg+0x805/0xb30
[ 1804.387960][T14135]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1804.387995][T14135]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1804.388029][T14135]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1804.388054][T14135]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1804.388086][T14135]  __sock_sendmsg+0x21c/0x270
[ 1804.388116][T14135]  ____sys_sendmsg+0x505/0x830
[ 1804.388157][T14135]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1804.388202][T14135]  ? import_iovec+0x74/0xa0
[ 1804.388229][T14135]  ___sys_sendmsg+0x21f/0x2a0
[ 1804.388265][T14135]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1804.388344][T14135]  ? __fget_files+0x2a/0x420
[ 1804.388378][T14135]  ? __fget_files+0x3a0/0x420
[ 1804.388425][T14135]  __x64_sys_sendmsg+0x19b/0x260
[ 1804.388463][T14135]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1804.388509][T14135]  ? __pfx_ksys_write+0x10/0x10
[ 1804.388536][T14135]  ? rcu_is_watching+0x15/0xb0
[ 1804.388566][T14135]  ? do_syscall_64+0xbe/0x3b0
[ 1804.388600][T14135]  do_syscall_64+0xfa/0x3b0
[ 1804.388628][T14135]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1804.388655][T14135]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1804.388679][T14135]  ? clear_bhb_loop+0x60/0xb0
[ 1804.388707][T14135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1804.388730][T14135] RIP: 0033:0x7f323438ebe9
[ 1804.388759][T14135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1804.388780][T14135] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1804.388804][T14135] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1804.388820][T14135] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1804.388835][T14135] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1804.388849][T14135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1804.388862][T14135] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1804.388898][T14135]  </TASK>
[ 1804.426017][T14125] lo speed is unknown, defaulting to 1000
[ 1804.602826][T14111] lo speed is unknown, defaulting to 1000
[ 1804.776167][T14139] __nla_validate_parse: 3 callbacks suppressed
[ 1804.776189][T14139] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11835'.
[ 1805.233114][T14142] lo speed is unknown, defaulting to 1000
[ 1805.289070][T14151] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11838'.
[ 1805.485986][T14125] lo speed is unknown, defaulting to 1000
[ 1805.513179][T14142] lo speed is unknown, defaulting to 1000
[ 1805.531588][T14153] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1806.297288][T14162] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1806.304651][T14162] IPv6: NLM_F_CREATE should be set when creating new route
[ 1806.311999][T14162] IPv6: NLM_F_CREATE should be set when creating new route
[ 1806.323509][T14162] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1806.889084][T14185] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11849'.
[ 1806.923043][T14186] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1807.217991][T14199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11852'.
[ 1807.492119][T14206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11855'.
[ 1808.147675][T14223] netlink: 844 bytes leftover after parsing attributes in process `syz.4.11862'.
[ 1808.262138][T14223] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11862'.
[ 1808.691143][T14240] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1808.982289][T14246] netlink: 844 bytes leftover after parsing attributes in process `syz.1.11870'.
[ 1809.109934][T14246] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11870'.
[ 1809.183509][T14250] FAULT_INJECTION: forcing a failure.
[ 1809.183509][T14250] name failslab, interval 1, probability 0, space 0, times 0
[ 1809.206000][T14250] CPU: 1 UID: 0 PID: 14250 Comm: syz.2.11871 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1809.206035][T14250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1809.206050][T14250] Call Trace:
[ 1809.206059][T14250]  <TASK>
[ 1809.206070][T14250]  dump_stack_lvl+0x189/0x250
[ 1809.206105][T14250]  ? __pfx____ratelimit+0x10/0x10
[ 1809.206135][T14250]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1809.206163][T14250]  ? __pfx__printk+0x10/0x10
[ 1809.206203][T14250]  ? __pfx___might_resched+0x10/0x10
[ 1809.206225][T14250]  ? fs_reclaim_acquire+0x7d/0x100
[ 1809.206267][T14250]  should_fail_ex+0x414/0x560
[ 1809.206300][T14250]  should_failslab+0xa8/0x100
[ 1809.206343][T14250]  __kmalloc_noprof+0xcb/0x4f0
[ 1809.206372][T14250]  ? kfree+0x4d/0x440
[ 1809.206397][T14250]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1809.206436][T14250]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1809.206472][T14250]  ? tomoyo_domain+0xd9/0x130
[ 1809.206513][T14250]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1809.206541][T14250]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1809.206571][T14250]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1809.206618][T14250]  ? __lock_acquire+0xab9/0xd20
[ 1809.206673][T14250]  ? __fget_files+0x2a/0x420
[ 1809.206709][T14250]  ? __fget_files+0x2a/0x420
[ 1809.206739][T14250]  ? __fget_files+0x3a0/0x420
[ 1809.206770][T14250]  ? __fget_files+0x2a/0x420
[ 1809.206812][T14250]  security_file_ioctl+0xcb/0x2d0
[ 1809.206842][T14250]  __se_sys_ioctl+0x47/0x170
[ 1809.206873][T14250]  do_syscall_64+0xfa/0x3b0
[ 1809.206903][T14250]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1809.206928][T14250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1809.206951][T14250]  ? clear_bhb_loop+0x60/0xb0
[ 1809.206979][T14250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1809.207000][T14250] RIP: 0033:0x7f677598ebe9
[ 1809.207021][T14250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1809.207041][T14250] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1809.207065][T14250] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1809.207082][T14250] RDX: 0000000000000000 RSI: 00000000000089e2 RDI: 0000000000000004
[ 1809.207096][T14250] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1809.207110][T14250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1809.207122][T14250] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1809.207159][T14250]  </TASK>
[ 1809.207286][T14250] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1809.544259][T14257] netlink: 37304 bytes leftover after parsing attributes in process `syz.3.11875'.
[ 1809.647354][T14270] FAULT_INJECTION: forcing a failure.
[ 1809.647354][T14270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1809.671700][T14270] CPU: 1 UID: 0 PID: 14270 Comm: syz.2.11878 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1809.671734][T14270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1809.671749][T14270] Call Trace:
[ 1809.671758][T14270]  <TASK>
[ 1809.671769][T14270]  dump_stack_lvl+0x189/0x250
[ 1809.671802][T14270]  ? __pfx____ratelimit+0x10/0x10
[ 1809.671830][T14270]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1809.671859][T14270]  ? __pfx__printk+0x10/0x10
[ 1809.671891][T14270]  ? __might_fault+0xb0/0x130
[ 1809.671936][T14270]  should_fail_ex+0x414/0x560
[ 1809.671969][T14270]  _copy_from_user+0x2d/0xb0
[ 1809.671993][T14270]  ___sys_sendmsg+0x158/0x2a0
[ 1809.672036][T14270]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1809.672115][T14270]  ? __fget_files+0x2a/0x420
[ 1809.672149][T14270]  ? __fget_files+0x3a0/0x420
[ 1809.672195][T14270]  __x64_sys_sendmsg+0x19b/0x260
[ 1809.672233][T14270]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1809.672279][T14270]  ? __pfx_ksys_write+0x10/0x10
[ 1809.672313][T14270]  ? rcu_is_watching+0x15/0xb0
[ 1809.672343][T14270]  ? do_syscall_64+0xbe/0x3b0
[ 1809.672378][T14270]  do_syscall_64+0xfa/0x3b0
[ 1809.672404][T14270]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1809.672432][T14270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1809.672456][T14270]  ? clear_bhb_loop+0x60/0xb0
[ 1809.672484][T14270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1809.672507][T14270] RIP: 0033:0x7f677598ebe9
[ 1809.672528][T14270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1809.672548][T14270] RSP: 002b:00007f6776836038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1809.672572][T14270] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598ebe9
[ 1809.672589][T14270] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 0000000000000003
[ 1809.672604][T14270] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1809.672618][T14270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1809.672631][T14270] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1809.672669][T14270]  </TASK>
[ 1810.219446][T14286] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1810.240255][T14286] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[ 1810.266621][T14286] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[ 1810.608690][T14300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11886'.
[ 1810.663623][T14303] netlink: 52 bytes leftover after parsing attributes in process `syz.0.11888'.
[ 1810.829791][T14309] lo speed is unknown, defaulting to 1000
[ 1811.156997][T14309] lo speed is unknown, defaulting to 1000
[ 1811.157409][T14317] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11893'.
[ 1811.538559][T14336] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11898'.
[ 1811.550587][T14334] netlink: 52 bytes leftover after parsing attributes in process `syz.1.11900'.
[ 1811.686440][T14339] netlink: 5 bytes leftover after parsing attributes in process `syz.2.11901'.
[ 1811.703193][T14344] netlink: 48 bytes leftover after parsing attributes in process `syz.0.11902'.
[ 1811.717834][T14339] netlink: 5 bytes leftover after parsing attributes in process `syz.2.11901'.
[ 1811.743742][T14339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11901'.
[ 1811.763857][T14339] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11901'.
[ 1812.945072][T14400] lo speed is unknown, defaulting to 1000
[ 1813.328790][T14400] lo speed is unknown, defaulting to 1000
[ 1813.465676][T14419] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1814.130860][T14448] lo speed is unknown, defaulting to 1000
[ 1814.295683][T14453] FAULT_INJECTION: forcing a failure.
[ 1814.295683][T14453] name failslab, interval 1, probability 0, space 0, times 0
[ 1814.324236][T14453] CPU: 0 UID: 0 PID: 14453 Comm: syz.3.11944 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1814.324275][T14453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1814.324290][T14453] Call Trace:
[ 1814.324300][T14453]  <TASK>
[ 1814.324310][T14453]  dump_stack_lvl+0x189/0x250
[ 1814.324345][T14453]  ? __pfx____ratelimit+0x10/0x10
[ 1814.324373][T14453]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1814.324402][T14453]  ? __pfx__printk+0x10/0x10
[ 1814.324442][T14453]  ? __pfx___might_resched+0x10/0x10
[ 1814.324463][T14453]  ? fs_reclaim_acquire+0x7d/0x100
[ 1814.324505][T14453]  should_fail_ex+0x414/0x560
[ 1814.324538][T14453]  should_failslab+0xa8/0x100
[ 1814.324573][T14453]  __kmalloc_noprof+0xcb/0x4f0
[ 1814.324602][T14453]  ? kfree+0x4d/0x440
[ 1814.324627][T14453]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1814.324667][T14453]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1814.324704][T14453]  ? tomoyo_domain+0xd9/0x130
[ 1814.324745][T14453]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1814.324773][T14453]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1814.324805][T14453]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1814.324862][T14453]  ? __lock_acquire+0xab9/0xd20
[ 1814.324922][T14453]  ? __fget_files+0x2a/0x420
[ 1814.324959][T14453]  ? __fget_files+0x2a/0x420
[ 1814.324991][T14453]  ? __fget_files+0x3a0/0x420
[ 1814.325023][T14453]  ? __fget_files+0x2a/0x420
[ 1814.325063][T14453]  security_file_ioctl+0xcb/0x2d0
[ 1814.325092][T14453]  __se_sys_ioctl+0x47/0x170
[ 1814.325124][T14453]  do_syscall_64+0xfa/0x3b0
[ 1814.325156][T14453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1814.325178][T14453]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1814.325201][T14453]  ? clear_bhb_loop+0x60/0xb0
[ 1814.325230][T14453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1814.325253][T14453] RIP: 0033:0x7f0f9b58ebe9
[ 1814.325273][T14453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1814.325294][T14453] RSP: 002b:00007f0f997f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1814.325317][T14453] RAX: ffffffffffffffda RBX: 00007f0f9b7b5fa0 RCX: 00007f0f9b58ebe9
[ 1814.325351][T14453] RDX: 0000200000000240 RSI: 000000000000890b RDI: 0000000000000008
[ 1814.325366][T14453] RBP: 00007f0f997f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1814.325380][T14453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1814.325393][T14453] R13: 00007f0f9b7b6038 R14: 00007f0f9b7b5fa0 R15: 00007ffe0adea808
[ 1814.325432][T14453]  </TASK>
[ 1814.326647][T14453] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1814.793034][T14446] lo speed is unknown, defaulting to 1000
[ 1814.811392][T14448] lo speed is unknown, defaulting to 1000
[ 1815.171805][T14470] netlink: 'syz.4.11950': attribute type 1 has an invalid length.
[ 1815.257563][T14446] lo speed is unknown, defaulting to 1000
[ 1815.631120][T14483] __nla_validate_parse: 15 callbacks suppressed
[ 1815.631142][T14483] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11954'.
[ 1815.749754][T14486] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11955'.
[ 1815.875975][T14493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11957'.
[ 1816.033680][T14498] FAULT_INJECTION: forcing a failure.
[ 1816.033680][T14498] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1816.083149][T14498] CPU: 1 UID: 0 PID: 14498 Comm: syz.1.11960 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1816.083185][T14498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1816.083200][T14498] Call Trace:
[ 1816.083209][T14498]  <TASK>
[ 1816.083220][T14498]  dump_stack_lvl+0x189/0x250
[ 1816.083253][T14498]  ? __pfx____ratelimit+0x10/0x10
[ 1816.083282][T14498]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1816.083310][T14498]  ? __pfx__printk+0x10/0x10
[ 1816.083345][T14498]  ? fs_reclaim_acquire+0x7d/0x100
[ 1816.083391][T14498]  should_fail_ex+0x414/0x560
[ 1816.083424][T14498]  prepare_alloc_pages+0x213/0x610
[ 1816.083457][T14498]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1816.083487][T14498]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1816.083523][T14498]  ? policy_nodemask+0x27c/0x720
[ 1816.083562][T14498]  alloc_pages_mpol+0x232/0x4a0
[ 1816.083602][T14498]  alloc_pages_noprof+0xa9/0x190
[ 1816.083637][T14498]  __pud_alloc+0x3a/0x260
[ 1816.083685][T14498]  __handle_mm_fault+0x33a0/0x5440
[ 1816.083723][T14498]  ? mt_find+0x46f/0x5f0
[ 1816.083760][T14498]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1816.083817][T14498]  ? find_vma+0xe7/0x160
[ 1816.083846][T14498]  ? __pfx_find_vma+0x10/0x10
[ 1816.083879][T14498]  handle_mm_fault+0x40a/0x8e0
[ 1816.083923][T14498]  do_user_addr_fault+0x764/0x1390
[ 1816.083980][T14498]  exc_page_fault+0x76/0xf0
[ 1816.084011][T14498]  asm_exc_page_fault+0x26/0x30
[ 1816.084032][T14498] RIP: 0010:rep_movs_alternative+0x30/0x90
[ 1816.084055][T14498] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[ 1816.084076][T14498] RSP: 0018:ffffc9001b05fb38 EFLAGS: 00050212
[ 1816.084095][T14498] RAX: 00007ffffffff001 RBX: 0000000000000010 RCX: 0000000000000010
[ 1816.084110][T14498] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffc9001b05fba0
[ 1816.084125][T14498] RBP: ffffc9001b05fcb0 R08: ffffc9001b05fbaf R09: 1ffff9200360bf75
[ 1816.084142][T14498] R10: dffffc0000000000 R11: fffff5200360bf76 R12: ffffc9001b05fba0
[ 1816.084159][T14498] R13: 1ffff9200360bf70 R14: ffffc9001b05fba0 R15: 0000200000000040
[ 1816.084200][T14498]  _copy_from_user+0x7a/0xb0
[ 1816.084225][T14498]  ax25_ioctl+0x8b2/0xca0
[ 1816.084255][T14498]  ? __pfx_ax25_ioctl+0x10/0x10
[ 1816.084281][T14498]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1816.084311][T14498]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1816.084344][T14498]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1816.084376][T14498]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1816.084413][T14498]  sock_do_ioctl+0xd9/0x300
[ 1816.084444][T14498]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1816.084466][T14498]  ? __lock_acquire+0xab9/0xd20
[ 1816.084521][T14498]  sock_ioctl+0x576/0x790
[ 1816.084548][T14498]  ? __pfx_sock_ioctl+0x10/0x10
[ 1816.084573][T14498]  ? __fget_files+0x2a/0x420
[ 1816.084605][T14498]  ? __fget_files+0x3a0/0x420
[ 1816.084638][T14498]  ? __fget_files+0x2a/0x420
[ 1816.084683][T14498]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1816.084712][T14498]  ? __pfx_sock_ioctl+0x10/0x10
[ 1816.084736][T14498]  __se_sys_ioctl+0xfc/0x170
[ 1816.084767][T14498]  do_syscall_64+0xfa/0x3b0
[ 1816.084795][T14498]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1816.084823][T14498]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.084846][T14498]  ? clear_bhb_loop+0x60/0xb0
[ 1816.084875][T14498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.084897][T14498] RIP: 0033:0x7ff14938ebe9
[ 1816.084918][T14498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1816.084938][T14498] RSP: 002b:00007ff14a213038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1816.084960][T14498] RAX: ffffffffffffffda RBX: 00007ff1495b5fa0 RCX: 00007ff14938ebe9
[ 1816.084977][T14498] RDX: 0000200000000040 RSI: 00000000000089e0 RDI: 0000000000000004
[ 1816.084991][T14498] RBP: 00007ff14a213090 R08: 0000000000000000 R09: 0000000000000000
[ 1816.085006][T14498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1816.085019][T14498] R13: 00007ff1495b6038 R14: 00007ff1495b5fa0 R15: 00007ffe64ca7b18
[ 1816.085057][T14498]  </TASK>
[ 1816.697974][T14512] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11966'.
[ 1816.756457][T14515] netlink: 'syz.0.11965': attribute type 1 has an invalid length.
[ 1816.829001][T14515] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11965'.
[ 1816.936086][T14529] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11969'.
[ 1817.079447][T14535] 8021q: VLANs not supported on gre0
[ 1817.096925][T14539] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11973'.
[ 1817.320277][T14556] netlink: 48 bytes leftover after parsing attributes in process `syz.4.11979'.
[ 1817.450283][T14564] netlink: 'syz.2.11981': attribute type 1 has an invalid length.
[ 1817.529001][T14569] FAULT_INJECTION: forcing a failure.
[ 1817.529001][T14569] name failslab, interval 1, probability 0, space 0, times 0
[ 1817.548857][T14570] netlink: 104 bytes leftover after parsing attributes in process `syz.0.11982'.
[ 1817.564782][T14569] CPU: 1 UID: 0 PID: 14569 Comm: syz.2.11981 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1817.564814][T14569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1817.564829][T14569] Call Trace:
[ 1817.564838][T14569]  <TASK>
[ 1817.564848][T14569]  dump_stack_lvl+0x189/0x250
[ 1817.564883][T14569]  ? __pfx____ratelimit+0x10/0x10
[ 1817.564911][T14569]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1817.564939][T14569]  ? __pfx__printk+0x10/0x10
[ 1817.564978][T14569]  ? __pfx___might_resched+0x10/0x10
[ 1817.565007][T14569]  should_fail_ex+0x414/0x560
[ 1817.565043][T14569]  should_failslab+0xa8/0x100
[ 1817.565081][T14569]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1817.565115][T14569]  ? __alloc_skb+0x112/0x2d0
[ 1817.565151][T14569]  __alloc_skb+0x112/0x2d0
[ 1817.565186][T14569]  netlink_sendmsg+0x5c6/0xb30
[ 1817.565230][T14569]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1817.565265][T14569]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1817.565319][T14569]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1817.565344][T14569]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1817.565373][T14569]  __sock_sendmsg+0x21c/0x270
[ 1817.565402][T14569]  ____sys_sendmsg+0x505/0x830
[ 1817.565443][T14569]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1817.565487][T14569]  ? import_iovec+0x74/0xa0
[ 1817.565513][T14569]  ___sys_sendmsg+0x21f/0x2a0
[ 1817.565549][T14569]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1817.565625][T14569]  ? __fget_files+0x2a/0x420
[ 1817.565658][T14569]  ? __fget_files+0x3a0/0x420
[ 1817.565702][T14569]  __x64_sys_sendmsg+0x19b/0x260
[ 1817.565739][T14569]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1817.565784][T14569]  ? __pfx_ksys_write+0x10/0x10
[ 1817.565822][T14569]  ? do_syscall_64+0xbe/0x3b0
[ 1817.565856][T14569]  do_syscall_64+0xfa/0x3b0
[ 1817.565884][T14569]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1817.565911][T14569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.565934][T14569]  ? clear_bhb_loop+0x60/0xb0
[ 1817.565963][T14569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.565985][T14569] RIP: 0033:0x7f677598ebe9
[ 1817.566006][T14569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1817.566027][T14569] RSP: 002b:00007f6776815038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1817.566050][T14569] RAX: ffffffffffffffda RBX: 00007f6775bb6090 RCX: 00007f677598ebe9
[ 1817.566067][T14569] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1817.566083][T14569] RBP: 00007f6776815090 R08: 0000000000000000 R09: 0000000000000000
[ 1817.566097][T14569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1817.566110][T14569] R13: 00007f6775bb6128 R14: 00007f6775bb6090 R15: 00007ffe0bf4b3a8
[ 1817.566146][T14569]  </TASK>
[ 1817.926326][T14577] FAULT_INJECTION: forcing a failure.
[ 1817.926326][T14577] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1817.963731][T14577] CPU: 0 UID: 0 PID: 14577 Comm: syz.2.11985 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1817.963764][T14577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1817.963777][T14577] Call Trace:
[ 1817.963786][T14577]  <TASK>
[ 1817.963796][T14577]  dump_stack_lvl+0x189/0x250
[ 1817.963830][T14577]  ? __pfx____ratelimit+0x10/0x10
[ 1817.963857][T14577]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1817.963883][T14577]  ? __pfx__printk+0x10/0x10
[ 1817.963930][T14577]  should_fail_ex+0x414/0x560
[ 1817.963964][T14577]  _copy_to_user+0x31/0xb0
[ 1817.963990][T14577]  simple_read_from_buffer+0xe1/0x170
[ 1817.964029][T14577]  proc_fail_nth_read+0x1b3/0x220
[ 1817.964060][T14577]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1817.964091][T14577]  ? rw_verify_area+0x2a6/0x4d0
[ 1817.964118][T14577]  ? __lock_acquire+0xab9/0xd20
[ 1817.964150][T14577]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1817.964178][T14577]  vfs_read+0x200/0x980
[ 1817.964206][T14577]  ? fdget_pos+0x247/0x320
[ 1817.964241][T14577]  ? __pfx___mutex_lock+0x10/0x10
[ 1817.964272][T14577]  ? __pfx_vfs_read+0x10/0x10
[ 1817.964303][T14577]  ? __fget_files+0x2a/0x420
[ 1817.964341][T14577]  ? __fget_files+0x3a0/0x420
[ 1817.964372][T14577]  ? __fget_files+0x2a/0x420
[ 1817.964416][T14577]  ksys_read+0x145/0x250
[ 1817.964442][T14577]  ? __fget_files+0x3a0/0x420
[ 1817.964478][T14577]  ? __pfx_ksys_read+0x10/0x10
[ 1817.964515][T14577]  ? do_syscall_64+0xbe/0x3b0
[ 1817.964552][T14577]  do_syscall_64+0xfa/0x3b0
[ 1817.964579][T14577]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1817.964606][T14577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.964630][T14577]  ? clear_bhb_loop+0x60/0xb0
[ 1817.964659][T14577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.964681][T14577] RIP: 0033:0x7f677598d5fc
[ 1817.964702][T14577] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1817.964724][T14577] RSP: 002b:00007f6776836030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1817.964747][T14577] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598d5fc
[ 1817.964764][T14577] RDX: 000000000000000f RSI: 00007f67768360a0 RDI: 0000000000000006
[ 1817.964778][T14577] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1817.964793][T14577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1817.964806][T14577] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1817.964844][T14577]  </TASK>
[ 1818.282467][T14584] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1818.314512][T14586] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993
[ 1818.546438][T14595] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11993'.
[ 1818.862090][T14614] nbd: must specify a size in bytes for the device
[ 1819.604416][T14662] FAULT_INJECTION: forcing a failure.
[ 1819.604416][T14662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1819.660527][T14662] CPU: 0 UID: 0 PID: 14662 Comm: syz.4.12016 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1819.660561][T14662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1819.660575][T14662] Call Trace:
[ 1819.660584][T14662]  <TASK>
[ 1819.660594][T14662]  dump_stack_lvl+0x189/0x250
[ 1819.660626][T14662]  ? __pfx____ratelimit+0x10/0x10
[ 1819.660654][T14662]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1819.660682][T14662]  ? __pfx__printk+0x10/0x10
[ 1819.660714][T14662]  ? __might_fault+0xb0/0x130
[ 1819.660759][T14662]  should_fail_ex+0x414/0x560
[ 1819.660791][T14662]  _copy_from_user+0x2d/0xb0
[ 1819.660814][T14662]  __sys_bpf+0x1ed/0x870
[ 1819.660846][T14662]  ? __pfx___sys_bpf+0x10/0x10
[ 1819.660896][T14662]  ? ksys_write+0x22a/0x250
[ 1819.660929][T14662]  ? __pfx_ksys_write+0x10/0x10
[ 1819.660955][T14662]  ? rcu_is_watching+0x15/0xb0
[ 1819.660987][T14662]  __x64_sys_bpf+0x7c/0x90
[ 1819.661015][T14662]  do_syscall_64+0xfa/0x3b0
[ 1819.661042][T14662]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1819.661069][T14662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1819.661099][T14662]  ? clear_bhb_loop+0x60/0xb0
[ 1819.661127][T14662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1819.661149][T14662] RIP: 0033:0x7f5632b8ebe9
[ 1819.661168][T14662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1819.661188][T14662] RSP: 002b:00007f5633a26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1819.661211][T14662] RAX: ffffffffffffffda RBX: 00007f5632db5fa0 RCX: 00007f5632b8ebe9
[ 1819.661227][T14662] RDX: 0000000000000018 RSI: 0000200000000600 RDI: 0000000000000006
[ 1819.661242][T14662] RBP: 00007f5633a26090 R08: 0000000000000000 R09: 0000000000000000
[ 1819.661256][T14662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1819.661270][T14662] R13: 00007f5632db6038 R14: 00007f5632db5fa0 R15: 00007ffd6a3d3128
[ 1819.661306][T14662]  </TASK>
[ 1820.065788][T10523] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1820.710012][T14707] netlink: 'syz.2.12030': attribute type 2 has an invalid length.
[ 1820.851642][T14712] __nla_validate_parse: 12 callbacks suppressed
[ 1820.851664][T14712] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12031'.
[ 1821.442098][T14725] netlink: 844 bytes leftover after parsing attributes in process `syz.3.12033'.
[ 1821.545279][T14725] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12033'.
[ 1821.682698][T14733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12036'.
[ 1821.715235][T14735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12037'.
[ 1821.748559][T14737] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12038'.
[ 1821.781703][T14739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12039'.
[ 1821.818317][T14740] lo speed is unknown, defaulting to 1000
[ 1822.072111][T14740] lo speed is unknown, defaulting to 1000
[ 1822.130629][T14747] lo speed is unknown, defaulting to 1000
[ 1822.513255][T14766] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1822.522361][T14766] mac80211_hwsim hwsim46 syzkaller0: entered promiscuous mode
[ 1822.529914][T14766] mac80211_hwsim hwsim46 syzkaller0: entered allmulticast mode
[ 1822.705433][T14772] FAULT_INJECTION: forcing a failure.
[ 1822.705433][T14772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1822.719032][T14772] CPU: 0 UID: 0 PID: 14772 Comm: syz.2.12049 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1822.719064][T14772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1822.719078][T14772] Call Trace:
[ 1822.719087][T14772]  <TASK>
[ 1822.719097][T14772]  dump_stack_lvl+0x189/0x250
[ 1822.719131][T14772]  ? __pfx____ratelimit+0x10/0x10
[ 1822.719159][T14772]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1822.719187][T14772]  ? __pfx__printk+0x10/0x10
[ 1822.719235][T14772]  should_fail_ex+0x414/0x560
[ 1822.719268][T14772]  _copy_to_user+0x31/0xb0
[ 1822.719294][T14772]  simple_read_from_buffer+0xe1/0x170
[ 1822.719333][T14772]  proc_fail_nth_read+0x1b3/0x220
[ 1822.719364][T14772]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1822.719394][T14772]  ? rw_verify_area+0x2a6/0x4d0
[ 1822.719422][T14772]  ? __lock_acquire+0xab9/0xd20
[ 1822.719452][T14772]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1822.719480][T14772]  vfs_read+0x200/0x980
[ 1822.719508][T14772]  ? fdget_pos+0x247/0x320
[ 1822.719534][T14772]  ? __pfx___mutex_lock+0x10/0x10
[ 1822.719564][T14772]  ? __pfx_vfs_read+0x10/0x10
[ 1822.719597][T14772]  ? __fget_files+0x2a/0x420
[ 1822.719636][T14772]  ? __fget_files+0x3a0/0x420
[ 1822.719668][T14772]  ? __fget_files+0x2a/0x420
[ 1822.719713][T14772]  ksys_read+0x145/0x250
[ 1822.719741][T14772]  ? __fget_files+0x3a0/0x420
[ 1822.719776][T14772]  ? __pfx_ksys_read+0x10/0x10
[ 1822.719813][T14772]  ? do_syscall_64+0xbe/0x3b0
[ 1822.719848][T14772]  do_syscall_64+0xfa/0x3b0
[ 1822.719884][T14772]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1822.719910][T14772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.719934][T14772]  ? clear_bhb_loop+0x60/0xb0
[ 1822.719967][T14772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.719990][T14772] RIP: 0033:0x7f677598d5fc
[ 1822.720011][T14772] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1822.720031][T14772] RSP: 002b:00007f6776836030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1822.720054][T14772] RAX: ffffffffffffffda RBX: 00007f6775bb5fa0 RCX: 00007f677598d5fc
[ 1822.720071][T14772] RDX: 000000000000000f RSI: 00007f67768360a0 RDI: 0000000000000004
[ 1822.720085][T14772] RBP: 00007f6776836090 R08: 0000000000000000 R09: 0000000000000000
[ 1822.720099][T14772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1822.720112][T14772] R13: 00007f6775bb6038 R14: 00007f6775bb5fa0 R15: 00007ffe0bf4b3a8
[ 1822.720151][T14772]  </TASK>
[ 1823.010746][T14747] lo speed is unknown, defaulting to 1000
[ 1823.026312][T14776] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12050'.
[ 1823.185781][T14781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12052'.
[ 1823.229604][T14783] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12051'.
[ 1823.867158][T14802] netlink: 'syz.0.12058': attribute type 1 has an invalid length.
[ 1823.946255][T14802] bond22: entered promiscuous mode
[ 1823.953509][T14802] 8021q: adding VLAN 0 to HW filter on device bond22
[ 1824.043603][T14812] siw: device registration error -23
[ 1824.134753][T14809] bond22: (slave bridge0): making interface the new active one
[ 1824.153603][T14809] bridge0: entered promiscuous mode
[ 1824.160744][T14809] bond22: (slave bridge0): Enslaving as an active interface with an up link
[ 1824.371926][T14817] block nbd2: server does not support multiple connections per device.
[ 1824.404820][T14817] block nbd2: shutting down sockets
[ 1824.644931][T14835] netlink: 'syz.0.12067': attribute type 13 has an invalid length.
[ 1824.665276][T14835] netlink: 'syz.0.12067': attribute type 17 has an invalid length.
[ 1824.750895][T14829] lo speed is unknown, defaulting to 1000
[ 1825.032087][T14829] lo speed is unknown, defaulting to 1000
[ 1825.032129][T14833] lo speed is unknown, defaulting to 1000
[ 1825.415715][T14861] FAULT_INJECTION: forcing a failure.
[ 1825.415715][T14861] name failslab, interval 1, probability 0, space 0, times 0
[ 1825.442344][T14861] CPU: 1 UID: 0 PID: 14861 Comm: syz.1.12076 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1825.442378][T14861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1825.442393][T14861] Call Trace:
[ 1825.442402][T14861]  <TASK>
[ 1825.442413][T14861]  dump_stack_lvl+0x189/0x250
[ 1825.442448][T14861]  ? __pfx____ratelimit+0x10/0x10
[ 1825.442476][T14861]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1825.442503][T14861]  ? __pfx__printk+0x10/0x10
[ 1825.442537][T14861]  ? __pfx___might_resched+0x10/0x10
[ 1825.442561][T14861]  ? fs_reclaim_acquire+0x7d/0x100
[ 1825.442611][T14861]  should_fail_ex+0x414/0x560
[ 1825.442644][T14861]  should_failslab+0xa8/0x100
[ 1825.442679][T14861]  __kmalloc_noprof+0xcb/0x4f0
[ 1825.442710][T14861]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1825.442741][T14861]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1825.442775][T14861]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1825.442806][T14861]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1825.442836][T14861]  ? __pfx_genl_get_cmd+0x10/0x10
[ 1825.442869][T14861]  ? __pfx_nbd_genl_connect+0x10/0x10
[ 1825.442905][T14861]  ? stack_trace_save+0x9c/0xe0
[ 1825.442940][T14861]  genl_rcv_msg+0x60e/0x790
[ 1825.442970][T14861]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1825.442991][T14861]  ? __pfx_nbd_genl_connect+0x10/0x10
[ 1825.443038][T14861]  netlink_rcv_skb+0x208/0x470
[ 1825.443065][T14861]  ? __lock_acquire+0xab9/0xd20
[ 1825.443099][T14861]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1825.443123][T14861]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1825.443177][T14861]  ? down_read+0x1ad/0x2e0
[ 1825.443212][T14861]  genl_rcv+0x28/0x40
[ 1825.443249][T14861]  netlink_unicast+0x82c/0x9e0
[ 1825.443286][T14861]  ? __pfx_netlink_unicast+0x10/0x10
[ 1825.443321][T14861]  ? netlink_sendmsg+0x642/0xb30
[ 1825.443347][T14861]  ? skb_put+0x11b/0x210
[ 1825.443383][T14861]  netlink_sendmsg+0x805/0xb30
[ 1825.443426][T14861]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1825.443461][T14861]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1825.443495][T14861]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1825.443520][T14861]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1825.443551][T14861]  __sock_sendmsg+0x21c/0x270
[ 1825.443586][T14861]  ____sys_sendmsg+0x505/0x830
[ 1825.443628][T14861]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1825.443674][T14861]  ? import_iovec+0x74/0xa0
[ 1825.443701][T14861]  ___sys_sendmsg+0x21f/0x2a0
[ 1825.443739][T14861]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1825.443820][T14861]  ? __fget_files+0x2a/0x420
[ 1825.443853][T14861]  ? __fget_files+0x3a0/0x420
[ 1825.443901][T14861]  __x64_sys_sendmsg+0x19b/0x260
[ 1825.443939][T14861]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1825.443986][T14861]  ? __pfx_ksys_write+0x10/0x10
[ 1825.444013][T14861]  ? rcu_is_watching+0x15/0xb0
[ 1825.444042][T14861]  ? do_syscall_64+0xbe/0x3b0
[ 1825.444077][T14861]  do_syscall_64+0xfa/0x3b0
[ 1825.444104][T14861]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1825.444132][T14861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1825.444155][T14861]  ? clear_bhb_loop+0x60/0xb0
[ 1825.444184][T14861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1825.444206][T14861] RIP: 0033:0x7ff14938ebe9
[ 1825.444226][T14861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1825.444246][T14861] RSP: 002b:00007ff14a213038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1825.444269][T14861] RAX: ffffffffffffffda RBX: 00007ff1495b5fa0 RCX: 00007ff14938ebe9
[ 1825.444286][T14861] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000005
[ 1825.444302][T14861] RBP: 00007ff14a213090 R08: 0000000000000000 R09: 0000000000000000
[ 1825.444316][T14861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1825.444329][T14861] R13: 00007ff1495b6038 R14: 00007ff1495b5fa0 R15: 00007ffe64ca7b18
[ 1825.444368][T14861]  </TASK>
[ 1825.866113][T14868] __nla_validate_parse: 5 callbacks suppressed
[ 1825.866136][T14868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12078'.
[ 1826.058183][T14835] lo speed is unknown, defaulting to 1000
[ 1826.100329][T14876] netlink: 'syz.3.12082': attribute type 142 has an invalid length.
[ 1826.447245][T14888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12086'.
[ 1826.525406][T14835] lo speed is unknown, defaulting to 1000
[ 1826.542579][T14833] lo speed is unknown, defaulting to 1000
[ 1826.677158][T14900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12090'.
[ 1826.707107][T14902] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12087'.
[ 1826.722052][T14893] lo speed is unknown, defaulting to 1000
[ 1827.048288][T14893] lo speed is unknown, defaulting to 1000
[ 1827.783770][T14913] netlink: 48 bytes leftover after parsing attributes in process `syz.0.12094'.
[ 1828.186039][T14932] netlink: 'syz.3.12100': attribute type 1 has an invalid length.
[ 1828.251762][T14935] netlink: 40 bytes leftover after parsing attributes in process `syz.2.12102'.
[ 1828.492555][T14950] netlink: 48 bytes leftover after parsing attributes in process `syz.2.12108'.
[ 1828.757116][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12110'.
[ 1828.816248][T14963] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1828.827128][T14963] netlink: 96 bytes leftover after parsing attributes in process `syz.0.12112'.
[ 1828.923147][T14966] lo speed is unknown, defaulting to 1000
[ 1829.174814][T14981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12118'.
[ 1829.615378][T14966] lo speed is unknown, defaulting to 1000
[ 1830.012112][T15010] lo speed is unknown, defaulting to 1000
[ 1830.332582][T15010] lo speed is unknown, defaulting to 1000
[ 1831.024865][T15048] FAULT_INJECTION: forcing a failure.
[ 1831.024865][T15048] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1831.060186][T15048] CPU: 0 UID: 0 PID: 15048 Comm: syz.0.12143 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1831.060236][T15048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1831.060260][T15048] Call Trace:
[ 1831.060274][T15048]  <TASK>
[ 1831.060290][T15048]  dump_stack_lvl+0x189/0x250
[ 1831.060339][T15048]  ? __pfx____ratelimit+0x10/0x10
[ 1831.060367][T15048]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1831.060395][T15048]  ? __pfx__printk+0x10/0x10
[ 1831.060428][T15048]  ? fs_reclaim_acquire+0x7d/0x100
[ 1831.060472][T15048]  should_fail_ex+0x414/0x560
[ 1831.060504][T15048]  prepare_alloc_pages+0x213/0x610
[ 1831.060535][T15048]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1831.060562][T15048]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1831.060608][T15048]  alloc_pages_bulk_noprof+0x560/0x710
[ 1831.060639][T15048]  ? alloc_pages_noprof+0xbe/0x190
[ 1831.060677][T15048]  kasan_populate_vmalloc+0xba/0x1a0
[ 1831.060712][T15048]  alloc_vmap_area+0xd51/0x1490
[ 1831.060761][T15048]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1831.060791][T15048]  ? __kasan_kmalloc+0x93/0xb0
[ 1831.060822][T15048]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[ 1831.060853][T15048]  ? __sys_bpf+0x60f/0x870
[ 1831.060880][T15048]  ? __get_vm_area_node+0x13f/0x300
[ 1831.060910][T15048]  ? sock_hash_alloc+0x266/0x4e0
[ 1831.060943][T15048]  __get_vm_area_node+0x1f8/0x300
[ 1831.060983][T15048]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1831.061017][T15048]  ? sock_hash_alloc+0x266/0x4e0
[ 1831.061084][T15048]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1831.061123][T15048]  ? rcu_is_watching+0x15/0xb0
[ 1831.061148][T15048]  ? trace_kmalloc+0x1f/0xd0
[ 1831.061174][T15048]  ? __kmalloc_node_noprof+0x293/0x4e0
[ 1831.061203][T15048]  ? bpf_map_area_alloc+0x64/0x180
[ 1831.061239][T15048]  bpf_map_area_alloc+0x12d/0x180
[ 1831.061272][T15048]  ? sock_hash_alloc+0x266/0x4e0
[ 1831.061307][T15048]  sock_hash_alloc+0x266/0x4e0
[ 1831.061346][T15048]  map_create+0xaa0/0x14d0
[ 1831.061382][T15048]  ? security_bpf+0x7e/0x300
[ 1831.061413][T15048]  __sys_bpf+0x60f/0x870
[ 1831.061445][T15048]  ? __pfx___sys_bpf+0x10/0x10
[ 1831.061491][T15048]  ? ksys_write+0x22a/0x250
[ 1831.061524][T15048]  ? __pfx_ksys_write+0x10/0x10
[ 1831.061564][T15048]  __x64_sys_bpf+0x7c/0x90
[ 1831.061592][T15048]  do_syscall_64+0xfa/0x3b0
[ 1831.061620][T15048]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1831.061647][T15048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.061671][T15048]  ? clear_bhb_loop+0x60/0xb0
[ 1831.061699][T15048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.061721][T15048] RIP: 0033:0x7f323438ebe9
[ 1831.061741][T15048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1831.061762][T15048] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1831.061786][T15048] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1831.061803][T15048] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1831.061817][T15048] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1831.061831][T15048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1831.061844][T15048] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1831.061881][T15048]  </TASK>
[ 1831.579137][T15055] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[ 1831.585102][T15063] __nla_validate_parse: 5 callbacks suppressed
[ 1831.585126][T15063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12149'.
[ 1831.589010][T15055] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[ 1831.869628][T15068] lo speed is unknown, defaulting to 1000
[ 1832.178271][T15068] lo speed is unknown, defaulting to 1000
[ 1832.345028][T15095] lo speed is unknown, defaulting to 1000
[ 1832.351900][T15100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12162'.
[ 1832.487262][T15105] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1832.748377][T15095] lo speed is unknown, defaulting to 1000
[ 1833.067292][T15121] mac80211_hwsim hwsim46 syzkaller0: left promiscuous mode
[ 1833.099364][T15121] mac80211_hwsim hwsim46 syzkaller0: left allmulticast mode
[ 1833.431619][T15130] netlink: 48 bytes leftover after parsing attributes in process `syz.1.12172'.
[ 1833.723035][T15146] openvswitch: netlink: Message has 4 unknown bytes.
[ 1833.905022][T15147] Bluetooth: hci4: Opcode 0x0401 failed: -4
[ 1834.077249][T15155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12179'.
[ 1834.150051][T15164] netlink: 536 bytes leftover after parsing attributes in process `syz.4.12181'.
[ 1834.315196][T15172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12185'.
[ 1834.379376][T15180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12182'.
[ 1834.575641][T15189] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12190'.
[ 1834.837331][T15199] FAULT_INJECTION: forcing a failure.
[ 1834.837331][T15199] name failslab, interval 1, probability 0, space 0, times 0
[ 1834.881819][T15199] CPU: 0 UID: 0 PID: 15199 Comm: syz.0.12194 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1834.881852][T15199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1834.881866][T15199] Call Trace:
[ 1834.881876][T15199]  <TASK>
[ 1834.881887][T15199]  dump_stack_lvl+0x189/0x250
[ 1834.881921][T15199]  ? __pfx____ratelimit+0x10/0x10
[ 1834.881950][T15199]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1834.881987][T15199]  ? __pfx__printk+0x10/0x10
[ 1834.882023][T15199]  ? __pfx___might_resched+0x10/0x10
[ 1834.882047][T15199]  ? fs_reclaim_acquire+0x7d/0x100
[ 1834.882088][T15199]  should_fail_ex+0x414/0x560
[ 1834.882122][T15199]  should_failslab+0xa8/0x100
[ 1834.882158][T15199]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1834.882190][T15199]  ? nci_allocate_device+0xe8/0x360
[ 1834.882210][T15199]  ? __kasan_kmalloc+0x93/0xb0
[ 1834.882240][T15199]  ? __pfx_virtual_nci_send+0x10/0x10
[ 1834.882265][T15199]  nci_allocate_device+0xe8/0x360
[ 1834.882294][T15199]  virtual_ncidev_open+0x75/0x1a0
[ 1834.882319][T15199]  ? __pfx_virtual_ncidev_open+0x10/0x10
[ 1834.882341][T15199]  misc_open+0x2bc/0x330
[ 1834.882371][T15199]  chrdev_open+0x4c9/0x5e0
[ 1834.882410][T15199]  ? __pfx_chrdev_open+0x10/0x10
[ 1834.882449][T15199]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1834.882492][T15199]  ? __pfx_chrdev_open+0x10/0x10
[ 1834.882524][T15199]  do_dentry_open+0x953/0x13f0
[ 1834.882567][T15199]  vfs_open+0x3b/0x340
[ 1834.882588][T15199]  ? path_openat+0x2ecd/0x3830
[ 1834.882619][T15199]  path_openat+0x2ee5/0x3830
[ 1834.882645][T15199]  ? arch_stack_walk+0xfc/0x150
[ 1834.882696][T15199]  ? stack_depot_save_flags+0x40/0x860
[ 1834.882741][T15199]  ? __pfx_path_openat+0x10/0x10
[ 1834.882766][T15199]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1834.882820][T15199]  do_filp_open+0x1fa/0x410
[ 1834.882846][T15199]  ? __lock_acquire+0xab9/0xd20
[ 1834.882882][T15199]  ? __pfx_do_filp_open+0x10/0x10
[ 1834.882938][T15199]  ? _raw_spin_unlock+0x28/0x50
[ 1834.882969][T15199]  ? alloc_fd+0x64c/0x6c0
[ 1834.883017][T15199]  do_sys_openat2+0x121/0x1c0
[ 1834.883046][T15199]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1834.883072][T15199]  ? ksys_write+0x22a/0x250
[ 1834.883106][T15199]  ? __pfx_ksys_write+0x10/0x10
[ 1834.883133][T15199]  ? rcu_is_watching+0x15/0xb0
[ 1834.883162][T15199]  __x64_sys_openat+0x138/0x170
[ 1834.883193][T15199]  do_syscall_64+0xfa/0x3b0
[ 1834.883222][T15199]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1834.883249][T15199]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1834.883272][T15199]  ? clear_bhb_loop+0x60/0xb0
[ 1834.883301][T15199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1834.883323][T15199] RIP: 0033:0x7f323438ebe9
[ 1834.883344][T15199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1834.883365][T15199] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1834.883388][T15199] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1834.883404][T15199] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1834.883420][T15199] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1834.883434][T15199] R10: 0000000000000041 R11: 0000000000000246 R12: 0000000000000001
[ 1834.883447][T15199] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1834.883483][T15199]  </TASK>
[ 1835.620806][T15216] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12200'.
[ 1835.804873][T15226] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12203'.
[ 1835.819272][T15219] lo speed is unknown, defaulting to 1000
[ 1835.841991][T31409] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1835.931284][T27076] Bluetooth: hci4: command 0x0406 tx timeout
[ 1836.099823][T15219] lo speed is unknown, defaulting to 1000
[ 1836.628132][T15259] __nla_validate_parse: 1 callbacks suppressed
[ 1836.628152][T15259] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12214'.
[ 1836.873090][T15270] netlink: 52 bytes leftover after parsing attributes in process `syz.1.12215'.
[ 1837.179521][T15286] FAULT_INJECTION: forcing a failure.
[ 1837.179521][T15286] name failslab, interval 1, probability 0, space 0, times 0
[ 1837.197822][T15286] CPU: 0 UID: 0 PID: 15286 Comm: syz.0.12225 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1837.197855][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1837.197869][T15286] Call Trace:
[ 1837.197879][T15286]  <TASK>
[ 1837.197889][T15286]  dump_stack_lvl+0x189/0x250
[ 1837.197923][T15286]  ? __pfx____ratelimit+0x10/0x10
[ 1837.197953][T15286]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1837.197981][T15286]  ? __pfx__printk+0x10/0x10
[ 1837.198022][T15286]  ? __pfx___might_resched+0x10/0x10
[ 1837.198043][T15286]  ? fs_reclaim_acquire+0x7d/0x100
[ 1837.198085][T15286]  should_fail_ex+0x414/0x560
[ 1837.198118][T15286]  should_failslab+0xa8/0x100
[ 1837.198153][T15286]  __kmalloc_noprof+0xcb/0x4f0
[ 1837.198183][T15286]  ? kfree+0x4d/0x440
[ 1837.198208][T15286]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1837.198249][T15286]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1837.198287][T15286]  ? tomoyo_domain+0xd9/0x130
[ 1837.198328][T15286]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1837.198358][T15286]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1837.198390][T15286]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1837.198442][T15286]  ? __lock_acquire+0xab9/0xd20
[ 1837.198502][T15286]  ? __fget_files+0x2a/0x420
[ 1837.198548][T15286]  ? __fget_files+0x2a/0x420
[ 1837.198581][T15286]  ? __fget_files+0x3a0/0x420
[ 1837.198614][T15286]  ? __fget_files+0x2a/0x420
[ 1837.198655][T15286]  security_file_ioctl+0xcb/0x2d0
[ 1837.198685][T15286]  __se_sys_ioctl+0x47/0x170
[ 1837.198717][T15286]  do_syscall_64+0xfa/0x3b0
[ 1837.198745][T15286]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1837.198773][T15286]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1837.198797][T15286]  ? clear_bhb_loop+0x60/0xb0
[ 1837.198826][T15286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1837.198849][T15286] RIP: 0033:0x7f323438ebe9
[ 1837.198870][T15286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1837.198892][T15286] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1837.198916][T15286] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1837.198933][T15286] RDX: 0000200000000280 RSI: 000000000000890b RDI: 0000000000000004
[ 1837.198948][T15286] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1837.198962][T15286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1837.198976][T15286] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1837.199014][T15286]  </TASK>
[ 1837.199023][T15286] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1837.950966][T15315] netlink: 52 bytes leftover after parsing attributes in process `syz.4.12233'.
[ 1838.216376][T15330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12240'.
[ 1838.485280][T15345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12245'.
[ 1838.643151][T15350] lo speed is unknown, defaulting to 1000
[ 1838.736181][T15359] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12248'.
[ 1839.192275][T15374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12255'.
[ 1839.219913][T15350] lo speed is unknown, defaulting to 1000
[ 1839.229303][T15377] FAULT_INJECTION: forcing a failure.
[ 1839.229303][T15377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1839.253943][T15377] CPU: 0 UID: 0 PID: 15377 Comm: syz.0.12256 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1839.253976][T15377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1839.253989][T15377] Call Trace:
[ 1839.253998][T15377]  <TASK>
[ 1839.254007][T15377]  dump_stack_lvl+0x189/0x250
[ 1839.254040][T15377]  ? __pfx____ratelimit+0x10/0x10
[ 1839.254069][T15377]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1839.254096][T15377]  ? __pfx__printk+0x10/0x10
[ 1839.254128][T15377]  ? __might_fault+0xb0/0x130
[ 1839.254172][T15377]  should_fail_ex+0x414/0x560
[ 1839.254202][T15377]  _copy_from_user+0x2d/0xb0
[ 1839.254224][T15377]  ___sys_sendmsg+0x158/0x2a0
[ 1839.254260][T15377]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1839.254335][T15377]  ? __fget_files+0x2a/0x420
[ 1839.254380][T15377]  ? __fget_files+0x3a0/0x420
[ 1839.254425][T15377]  __x64_sys_sendmsg+0x19b/0x260
[ 1839.254463][T15377]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1839.254508][T15377]  ? __pfx_ksys_write+0x10/0x10
[ 1839.254536][T15377]  ? rcu_is_watching+0x15/0xb0
[ 1839.254565][T15377]  ? do_syscall_64+0xbe/0x3b0
[ 1839.254599][T15377]  do_syscall_64+0xfa/0x3b0
[ 1839.254628][T15377]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1839.254656][T15377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1839.254679][T15377]  ? clear_bhb_loop+0x60/0xb0
[ 1839.254708][T15377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1839.254730][T15377] RIP: 0033:0x7f323438ebe9
[ 1839.254751][T15377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1839.254772][T15377] RSP: 002b:00007f323517d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1839.254794][T15377] RAX: ffffffffffffffda RBX: 00007f32345b5fa0 RCX: 00007f323438ebe9
[ 1839.254811][T15377] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1839.254825][T15377] RBP: 00007f323517d090 R08: 0000000000000000 R09: 0000000000000000
[ 1839.254839][T15377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1839.254852][T15377] R13: 00007f32345b6038 R14: 00007f32345b5fa0 R15: 00007ffe27cfd898
[ 1839.254889][T15377]  </TASK>
[ 1839.703495][T15388] netlink: 92 bytes leftover after parsing attributes in process `syz.0.12258'.
[ 1839.835881][T15392] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12260'.
[ 1839.887922][T15393] lo speed is unknown, defaulting to 1000
[ 1839.945361][T15383] netlink: 'syz.0.12258': attribute type 32 has an invalid length.
[ 1839.961334][T15383] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12258'.
[ 1840.025199][T15383] (unnamed net_device) (uninitialized): option coupled_control: invalid value (17)
[ 1840.067621][T15397] FAULT_INJECTION: forcing a failure.
[ 1840.067621][T15397] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1840.113462][T15397] CPU: 0 UID: 0 PID: 15397 Comm: syz.3.12262 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1840.113496][T15397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1840.113510][T15397] Call Trace:
[ 1840.113520][T15397]  <TASK>
[ 1840.113530][T15397]  dump_stack_lvl+0x189/0x250
[ 1840.113566][T15397]  ? __pfx____ratelimit+0x10/0x10
[ 1840.113595][T15397]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1840.113623][T15397]  ? __pfx__printk+0x10/0x10
[ 1840.113658][T15397]  ? fs_reclaim_acquire+0x7d/0x100
[ 1840.113706][T15397]  should_fail_ex+0x414/0x560
[ 1840.113736][T15397]  prepare_alloc_pages+0x213/0x610
[ 1840.113770][T15397]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1840.113800][T15397]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1840.113837][T15397]  ? policy_nodemask+0x27c/0x720
[ 1840.113866][T15397]  ? __lock_acquire+0xab9/0xd20
[ 1840.113907][T15397]  alloc_pages_mpol+0x232/0x4a0
[ 1840.113947][T15397]  vma_alloc_folio_noprof+0xe4/0x200
[ 1840.113980][T15397]  ? page_table_check_set+0x18d/0x730
[ 1840.114013][T15397]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1840.114062][T15397]  folio_prealloc+0x30/0x180
[ 1840.114098][T15397]  __handle_mm_fault+0x2ab9/0x5440
[ 1840.114150][T15397]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1840.114199][T15397]  ? follow_page_pte+0x7ef/0x13e0
[ 1840.114243][T15397]  handle_mm_fault+0x40a/0x8e0
[ 1840.114287][T15397]  __get_user_pages+0x1699/0x2ce0
[ 1840.114322][T15397]  ? __lock_acquire+0xab9/0xd20
[ 1840.114396][T15397]  __gup_longterm_locked+0xde9/0x1660
[ 1840.114447][T15397]  ? sanity_check_pinned_pages+0x123a/0x1300
[ 1840.114487][T15397]  gup_fast_fallback+0x1e6a/0x2010
[ 1840.114557][T15397]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1840.114597][T15397]  ? rcu_is_watching+0x15/0xb0
[ 1840.114619][T15397]  ? is_valid_gup_args+0x11f/0x200
[ 1840.114651][T15397]  ? pin_user_pages_fast+0x4d/0xb0
[ 1840.114683][T15397]  rds_info_getsockopt+0x1fb/0x470
[ 1840.114718][T15397]  ? __pfx_rds_info_getsockopt+0x10/0x10
[ 1840.114748][T15397]  ? __might_fault+0xb0/0x130
[ 1840.114784][T15397]  ? rds_getsockopt+0x31d/0x500
[ 1840.114815][T15397]  ? __pfx_rds_getsockopt+0x10/0x10
[ 1840.114851][T15397]  do_sock_getsockopt+0x36f/0x450
[ 1840.114890][T15397]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1840.114922][T15397]  ? write_ibpb+0x30/0x40
[ 1840.114950][T15397]  ? __fget_files+0x3a0/0x420
[ 1840.114984][T15397]  ? __fget_files+0x2a/0x420
[ 1840.115028][T15397]  __x64_sys_getsockopt+0x1a5/0x250
[ 1840.115060][T15397]  ? write_ibpb+0x30/0x40
[ 1840.115091][T15397]  ? write_ibpb+0x30/0x40
[ 1840.115123][T15397]  do_syscall_64+0xfa/0x3b0
[ 1840.115151][T15397]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1840.115180][T15397]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1840.115204][T15397]  ? clear_bhb_loop+0x60/0xb0
[ 1840.115233][T15397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1840.115256][T15397] RIP: 0033:0x7f0f9b58ebe9
[ 1840.115277][T15397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1840.115305][T15397] RSP: 002b:00007f0f997f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1840.115328][T15397] RAX: ffffffffffffffda RBX: 00007f0f9b7b5fa0 RCX: 00007f0f9b58ebe9
[ 1840.115345][T15397] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000003
[ 1840.115358][T15397] RBP: 00007f0f997f6090 R08: 0000200000000400 R09: 0000000000000000
[ 1840.115373][T15397] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000002
[ 1840.115386][T15397] R13: 00007f0f9b7b6038 R14: 00007f0f9b7b5fa0 R15: 00007ffe0adea808
[ 1840.115422][T15397]  </TASK>
[ 1840.819657][T15393] lo speed is unknown, defaulting to 1000
[ 1841.051866][T15422] netlink: 'syz.0.12271': attribute type 1 has an invalid length.
[ 1841.343967][T15429] 8021q: adding VLAN 0 to HW filter on device bond24
[ 1841.377463][T15429] bond23: (slave bond24): making interface the new active one
[ 1841.427698][T15429] bond23: (slave bond24): Enslaving as an active interface with an up link
[ 1841.790066][T15444] lo speed is unknown, defaulting to 1000
[ 1842.088783][T15466] __nla_validate_parse: 2 callbacks suppressed
[ 1842.088806][T15466] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12285'.
[ 1842.148000][T15469] netlink: 48 bytes leftover after parsing attributes in process `syz.4.12287'.
[ 1842.331421][T15476] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12289'.
[ 1842.347199][T15444] lo speed is unknown, defaulting to 1000
[ 1842.582908][T15484] netlink: 148 bytes leftover after parsing attributes in process `syz.0.12293'.
[ 1842.616750][T15484] netlink: 'syz.0.12293': attribute type 3 has an invalid length.
[ 1842.730697][T15495] netlink: 48 bytes leftover after parsing attributes in process `syz.4.12298'.
[ 1842.871124][T15501] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12299'.
[ 1843.069157][T15505] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12301'.
[ 1843.630650][T15526] netlink: 'syz.4.12309': attribute type 13 has an invalid length.
[ 1843.652933][T15525] netlink: 'syz.4.12309': attribute type 13 has an invalid length.
[ 1843.663484][T15526] netlink: 'syz.4.12309': attribute type 17 has an invalid length.
[ 1843.671834][T15525] netlink: 'syz.4.12309': attribute type 17 has an invalid length.
[ 1843.736594][T15525] tipc: Resetting bearer <eth:team0>
[ 1843.764328][T15525] tipc: Resetting bearer <eth:team0>
[ 1843.785804][T15525] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1843.815283][T15526] tipc: Resetting bearer <eth:team0>
[ 1843.821385][T15536] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1843.856807][T15526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1843.888168][T15528] mac80211_hwsim hwsim45 wlan1: entered allmulticast mode
[ 1844.029083][T15542] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12314'.
[ 1845.440849][T15600] netlink: 104 bytes leftover after parsing attributes in process `syz.3.12336'.
[ 1845.478210][T15604] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1846.042465][T15624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12343'.
[ 1846.167729][T15628] lo speed is unknown, defaulting to 1000
[ 1846.308111][T15637] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1846.485205][T15628] lo speed is unknown, defaulting to 1000
[ 1846.754192][T15651] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20002
[ 1847.151848][T15669] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1847.455065][T15678] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[ 1848.187137][T15696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12368'.
[ 1848.340913][T15703] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12366'.
[ 1848.476617][T15710] mac80211_hwsim hwsim45 wlan1: left allmulticast mode
[ 1848.546253][T15713] netlink: 'syz.4.12374': attribute type 10 has an invalid length.
[ 1848.576095][T15710] netlink: 'syz.4.12374': attribute type 10 has an invalid length.
[ 1848.634592][T15727] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1848.773283][T15732] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[ 1848.816652][T15732] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[ 1849.274278][T15753] netlink: 'syz.0.12390': attribute type 13 has an invalid length.
[ 1849.276895][T15754] netlink: 'syz.4.12391': attribute type 15 has an invalid length.
[ 1849.283082][T15753] netlink: 'syz.0.12390': attribute type 17 has an invalid length.
[ 1849.308903][T15754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12391'.
[ 1849.322597][T15754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12391'.
[ 1849.333621][T15754] netlink: 'syz.4.12391': attribute type 18 has an invalid length.
[ 1849.366742][T15753] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1849.619591][T15753] lo speed is unknown, defaulting to 1000
[ 1850.000760][T15753] lo speed is unknown, defaulting to 1000
[ 1850.565253][T15789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12401'.
[ 1850.592484][T15792] netlink: 32 bytes leftover after parsing attributes in process `syz.3.12402'.
[ 1850.712251][T15803] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1851.338229][T15808] lo speed is unknown, defaulting to 1000
[ 1851.487022][T15826] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12410'.
[ 1852.241232][T15852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12415'.
[ 1852.339802][T15851] netlink: 'syz.3.12414': attribute type 1 has an invalid length.
[ 1852.357573][T15832] lo speed is unknown, defaulting to 1000
[ 1852.368156][T15808] lo speed is unknown, defaulting to 1000
[ 1852.848055][T15869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12420'.
[ 1852.949476][T15875] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1852.996804][T15832] lo speed is unknown, defaulting to 1000
[ 1853.659938][T15888] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1853.673028][T15888] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[ 1853.702902][T15888] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[ 1853.803084][T15892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12427'.
[ 1854.158750][T15906] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1854.439038][T15918] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12435'.
[ 1854.501509][T15919] lo speed is unknown, defaulting to 1000
[ 1854.589361][T15928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12438'.
[ 1854.662159][T15932] netlink: 104 bytes leftover after parsing attributes in process `syz.0.12437'.
[ 1854.831499][T15938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12439'.
[ 1854.874006][T15940] netlink: 'syz.2.12440': attribute type 13 has an invalid length.
[ 1854.888538][T15940] netlink: 'syz.2.12440': attribute type 17 has an invalid length.
[ 1855.129342][T15940] 8021q: adding VLAN 0 to HW filter on device team0
[ 1855.177547][T15940] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1855.492664][T15947] lo speed is unknown, defaulting to 1000
[ 1855.500995][T15919] lo speed is unknown, defaulting to 1000
[ 1856.005109][T15947] lo speed is unknown, defaulting to 1000
[ 1857.412303][T16015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12458'.
[ 1857.546431][T16018] lo speed is unknown, defaulting to 1000
[ 1857.703786][T16024] netlink: 'syz.4.12460': attribute type 13 has an invalid length.
[ 1857.729146][T16024] netlink: 'syz.4.12460': attribute type 17 has an invalid length.
[ 1857.817376][T16024] tipc: Resetting bearer <eth:team0>
[ 1857.845666][T16024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1858.260886][T16024] lo speed is unknown, defaulting to 1000
[ 1858.273410][T16018] lo speed is unknown, defaulting to 1000
[ 1858.634578][T16052] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1858.835328][T16024] lo speed is unknown, defaulting to 1000
[ 1859.633529][ T1002] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[ 1860.495786][T16121] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1862.049988][T16181] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12512'.
[ 1862.191253][T16188] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12512'.
[ 1862.987030][T16218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12523'.
[ 1863.910268][T16259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12538'.
[ 1864.072207][T16265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12539'.
[ 1864.374129][T16281] FAULT_INJECTION: forcing a failure.
[ 1864.374129][T16281] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1864.388940][T16281] CPU: 0 UID: 0 PID: 16281 Comm: syz.3.12546 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1864.388973][T16281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1864.388987][T16281] Call Trace:
[ 1864.388997][T16281]  <TASK>
[ 1864.389007][T16281]  dump_stack_lvl+0x189/0x250
[ 1864.389041][T16281]  ? __pfx____ratelimit+0x10/0x10
[ 1864.389070][T16281]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1864.389098][T16281]  ? __pfx__printk+0x10/0x10
[ 1864.389142][T16281]  ? fs_reclaim_acquire+0x7d/0x100
[ 1864.389190][T16281]  should_fail_ex+0x414/0x560
[ 1864.389224][T16281]  prepare_alloc_pages+0x213/0x610
[ 1864.389257][T16281]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1864.389291][T16281]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1864.389330][T16281]  ? policy_nodemask+0x27c/0x720
[ 1864.389359][T16281]  ? do_raw_spin_lock+0x121/0x290
[ 1864.389395][T16281]  alloc_pages_mpol+0x232/0x4a0
[ 1864.389436][T16281]  alloc_pages_noprof+0xa9/0x190
[ 1864.389472][T16281]  __pmd_alloc+0x3a/0x3b0
[ 1864.389508][T16281]  __handle_mm_fault+0x9ad/0x5440
[ 1864.389559][T16281]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1864.389617][T16281]  ? find_vma+0xe7/0x160
[ 1864.389646][T16281]  ? __pfx_find_vma+0x10/0x10
[ 1864.389679][T16281]  handle_mm_fault+0x40a/0x8e0
[ 1864.389723][T16281]  do_user_addr_fault+0x764/0x1390
[ 1864.389779][T16281]  exc_page_fault+0x76/0xf0
[ 1864.389811][T16281]  asm_exc_page_fault+0x26/0x30
[ 1864.389833][T16281] RIP: 0010:rep_movs_alternative+0x30/0x90
[ 1864.389855][T16281] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[ 1864.389876][T16281] RSP: 0018:ffffc9001a397b38 EFLAGS: 00050212
[ 1864.389897][T16281] RAX: 00007ffffffff001 RBX: 0000000000000010 RCX: 0000000000000010
[ 1864.389912][T16281] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffc9001a397ba0
[ 1864.389927][T16281] RBP: ffffc9001a397cb0 R08: ffffc9001a397baf R09: 1ffff92003472f75
[ 1864.389944][T16281] R10: dffffc0000000000 R11: fffff52003472f76 R12: ffffc9001a397ba0
[ 1864.389961][T16281] R13: 1ffff92003472f70 R14: ffffc9001a397ba0 R15: 0000200000000040
[ 1864.390000][T16281]  _copy_from_user+0x7a/0xb0
[ 1864.390025][T16281]  ax25_ioctl+0x8b2/0xca0
[ 1864.390055][T16281]  ? __pfx_ax25_ioctl+0x10/0x10
[ 1864.390081][T16281]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1864.390119][T16281]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1864.390152][T16281]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1864.390185][T16281]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1864.390222][T16281]  sock_do_ioctl+0xd9/0x300
[ 1864.390252][T16281]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1864.390275][T16281]  ? __lock_acquire+0xab9/0xd20
[ 1864.390328][T16281]  sock_ioctl+0x576/0x790
[ 1864.390354][T16281]  ? __pfx_sock_ioctl+0x10/0x10
[ 1864.390379][T16281]  ? __fget_files+0x2a/0x420
[ 1864.390411][T16281]  ? __fget_files+0x3a0/0x420
[ 1864.390441][T16281]  ? __fget_files+0x2a/0x420
[ 1864.390479][T16281]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1864.390509][T16281]  ? __pfx_sock_ioctl+0x10/0x10
[ 1864.390533][T16281]  __se_sys_ioctl+0xfc/0x170
[ 1864.390565][T16281]  do_syscall_64+0xfa/0x3b0
[ 1864.390592][T16281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1864.390621][T16281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1864.390644][T16281]  ? clear_bhb_loop+0x60/0xb0
[ 1864.390673][T16281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1864.390696][T16281] RIP: 0033:0x7f0f9b58ebe9
[ 1864.390717][T16281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1864.390737][T16281] RSP: 002b:00007f0f997f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1864.390760][T16281] RAX: ffffffffffffffda RBX: 00007f0f9b7b5fa0 RCX: 00007f0f9b58ebe9
[ 1864.390777][T16281] RDX: 0000200000000040 RSI: 00000000000089e0 RDI: 0000000000000004
[ 1864.390792][T16281] RBP: 00007f0f997f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1864.390806][T16281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1864.390819][T16281] R13: 00007f0f9b7b6038 R14: 00007f0f9b7b5fa0 R15: 00007ffe0adea808
[ 1864.390857][T16281]  </TASK>
[ 1865.183978][T16298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12551'.
[ 1865.374281][T16307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12556'.
[ 1865.523150][T16310] lo speed is unknown, defaulting to 1000
[ 1865.789492][T16310] lo speed is unknown, defaulting to 1000
[ 1866.118934][T16338] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1866.338189][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12569'.
[ 1866.654957][T16355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12571'.
[ 1866.877163][T16355] lo speed is unknown, defaulting to 1000
[ 1867.164181][T16355] lo speed is unknown, defaulting to 1000
[ 1867.316364][T16373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12578'.
[ 1867.533682][T16376] lo speed is unknown, defaulting to 1000
[ 1867.761575][T16376] lo speed is unknown, defaulting to 1000
[ 1868.125334][T16400] netlink: 104 bytes leftover after parsing attributes in process `syz.1.12584'.
[ 1868.222568][T16404] netlink: 'syz.4.12586': attribute type 1 has an invalid length.
[ 1868.774319][T16422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12592'.
[ 1868.831637][T16428] FAULT_INJECTION: forcing a failure.
[ 1868.831637][T16428] name failslab, interval 1, probability 0, space 0, times 0
[ 1868.861095][T16428] CPU: 1 UID: 0 PID: 16428 Comm: syz.3.12594 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1868.861129][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1868.861143][T16428] Call Trace:
[ 1868.861152][T16428]  <TASK>
[ 1868.861163][T16428]  dump_stack_lvl+0x189/0x250
[ 1868.861197][T16428]  ? __pfx____ratelimit+0x10/0x10
[ 1868.861226][T16428]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1868.861254][T16428]  ? __pfx__printk+0x10/0x10
[ 1868.861293][T16428]  ? __pfx___might_resched+0x10/0x10
[ 1868.861322][T16428]  should_fail_ex+0x414/0x560
[ 1868.861355][T16428]  should_failslab+0xa8/0x100
[ 1868.861391][T16428]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1868.861423][T16428]  ? dev_exception_add+0x94/0x4a0
[ 1868.861454][T16428]  kmemdup_noprof+0x2b/0x70
[ 1868.861481][T16428]  dev_exception_add+0x94/0x4a0
[ 1868.861507][T16428]  ? parent_has_perm+0x798/0x940
[ 1868.861536][T16428]  devcgroup_access_write+0x102b/0x18b0
[ 1868.861568][T16428]  ? __pfx_devcgroup_access_write+0x10/0x10
[ 1868.861592][T16428]  ? register_lock_class+0x51/0x320
[ 1868.861635][T16428]  ? __lock_acquire+0xab9/0xd20
[ 1868.861712][T16428]  ? kernfs_root+0x1c/0x230
[ 1868.861736][T16428]  ? kernfs_root+0x1c/0x230
[ 1868.861758][T16428]  ? kernfs_root+0x1c/0x230
[ 1868.861785][T16428]  ? kernfs_root+0x1ea/0x230
[ 1868.861807][T16428]  ? __pfx_devcgroup_access_write+0x10/0x10
[ 1868.861832][T16428]  cgroup_file_write+0x39e/0x740
[ 1868.861871][T16428]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1868.861926][T16428]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1868.861954][T16428]  kernfs_fop_write_iter+0x378/0x4f0
[ 1868.861998][T16428]  vfs_write+0x548/0xa90
[ 1868.862034][T16428]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1868.862069][T16428]  ? __pfx_vfs_write+0x10/0x10
[ 1868.862112][T16428]  ? __fget_files+0x2a/0x420
[ 1868.862158][T16428]  ksys_write+0x145/0x250
[ 1868.862192][T16428]  ? __pfx_ksys_write+0x10/0x10
[ 1868.862219][T16428]  ? rcu_is_watching+0x15/0xb0
[ 1868.862249][T16428]  ? do_syscall_64+0xbe/0x3b0
[ 1868.862285][T16428]  do_syscall_64+0xfa/0x3b0
[ 1868.862313][T16428]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1868.862341][T16428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1868.862364][T16428]  ? clear_bhb_loop+0x60/0xb0
[ 1868.862393][T16428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1868.862416][T16428] RIP: 0033:0x7f0f9b58ebe9
[ 1868.862438][T16428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1868.862458][T16428] RSP: 002b:00007f0f997f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1868.862483][T16428] RAX: ffffffffffffffda RBX: 00007f0f9b7b5fa0 RCX: 00007f0f9b58ebe9
[ 1868.862500][T16428] RDX: 000000000000000a RSI: 00002000000000c0 RDI: 0000000000000005
[ 1868.862514][T16428] RBP: 00007f0f997f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1868.862528][T16428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1868.862540][T16428] R13: 00007f0f9b7b6038 R14: 00007f0f9b7b5fa0 R15: 00007ffe0adea808
[ 1868.862580][T16428]  </TASK>
[ 1869.577974][T16432] lo speed is unknown, defaulting to 1000
[ 1869.987850][T16447] netlink: 200 bytes leftover after parsing attributes in process `syz.1.12598'.
[ 1870.244223][T16432] lo speed is unknown, defaulting to 1000
[ 1871.197962][T16479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12607'.
[ 1871.330285][T16482] lo speed is unknown, defaulting to 1000
[ 1871.822978][T16482] lo speed is unknown, defaulting to 1000
[ 1873.065908][T16541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12632'.
[ 1873.122769][T16545] netlink: 52 bytes leftover after parsing attributes in process `syz.1.12633'.
[ 1873.156927][T16546] netlink: 52 bytes leftover after parsing attributes in process `syz.1.12633'.
[ 1873.280873][T16550] netlink: 152 bytes leftover after parsing attributes in process `syz.3.12635'.
[ 1873.335077][T16554] netlink: 'syz.2.12637': attribute type 16 has an invalid length.
[ 1873.354362][T16554] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.12637'.
[ 1873.388985][T16554] tipc: Bearer <ib:lo>: already 2 bearers with priority 10
[ 1873.407969][T16554] tipc: Bearer <ib:lo>: trying with adjusted priority
[ 1873.424781][T16554] lo: MTU too low for tipc bearer
[ 1873.434897][T16554] tipc: Enabling of bearer <ib:lo> rejected, failed to enable media
[ 1874.129885][T16589] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12647'.
[ 1877.234830][T16698] netlink: 48 bytes leftover after parsing attributes in process `syz.4.12684'.
[ 1877.812217][T16731] netlink: 844 bytes leftover after parsing attributes in process `syz.1.12695'.
[ 1877.901388][T16731] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12695'.
[ 1877.943194][T16735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12696'.
[ 1878.107559][T16736] lo speed is unknown, defaulting to 1000
[ 1878.426534][T16744] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12699'.
[ 1878.715163][T16736] lo speed is unknown, defaulting to 1000
[ 1878.741271][T16751] siw: device registration error -23
[ 1878.899875][T16762] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12704'.
[ 1879.156644][T16771] lo speed is unknown, defaulting to 1000
[ 1879.178534][T16777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12710'.
[ 1879.302219][T16783] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.322733][T16783] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1879.397946][T16783] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.409694][T16783] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1879.448142][T16771] lo speed is unknown, defaulting to 1000
[ 1879.456442][T16782] lo speed is unknown, defaulting to 1000
[ 1879.494515][T16783] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.507030][T16783] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1879.599276][T16783] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.609272][T16783] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1879.876290][T16782] lo speed is unknown, defaulting to 1000
[ 1880.172411][ T1146] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 256 - 0
[ 1880.190503][ T1146] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[ 1880.372658][ T1146] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 256 - 0
[ 1880.409720][ T1146] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[ 1880.481016][T28103] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 256 - 0
[ 1880.489252][T28103] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[ 1880.568484][T28103] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 256 - 0
[ 1880.578869][T28103] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[ 1880.829881][T16800] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12717'.
[ 1880.968437][T16803] lo speed is unknown, defaulting to 1000
[ 1881.275015][T16803] lo speed is unknown, defaulting to 1000
[ 1881.319407][T16818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12723'.
[ 1881.483258][T16821] lo speed is unknown, defaulting to 1000
[ 1881.569365][T16828] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12725'.
[ 1881.728279][T16821] lo speed is unknown, defaulting to 1000
[ 1881.974149][T16836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12727'.
[ 1882.442461][T16846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12729'.
[ 1882.582934][T16852] lo speed is unknown, defaulting to 1000
[ 1882.598279][T16856] 
[ 1882.600669][T16856] ======================================================
[ 1882.607719][T16856] WARNING: possible circular locking dependency detected
[ 1882.614786][T16856] 6.16.0-syzkaller-12063-g37816488247d #0 Not tainted
[ 1882.621561][T16856] ------------------------------------------------------
[ 1882.628582][T16856] syz.3.12728/16856 is trying to acquire lock:
[ 1882.634741][T16856] ffffffff8f689f58 (nr_neigh_list_lock){+.-.}-{3:3}, at: nr_remove_neigh+0x25/0xe0
[ 1882.644086][T16856] 
[ 1882.644086][T16856] but task is already holding lock:
[ 1882.651459][T16856] ffff8880794cff70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[ 1882.660790][T16856] 
[ 1882.660790][T16856] which lock already depends on the new lock.
[ 1882.660790][T16856] 
[ 1882.671191][T16856] 
[ 1882.671191][T16856] the existing dependency chain (in reverse order) is:
[ 1882.680228][T16856] 
[ 1882.680228][T16856] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[ 1882.688233][T16856]        lock_acquire+0x120/0x360
[ 1882.693279][T16856]        _raw_spin_lock_bh+0x36/0x50
[ 1882.698579][T16856]        nr_rt_device_down+0x12a/0x720
[ 1882.704045][T16856]        nr_device_event+0x137/0x150
[ 1882.709345][T16856]        notifier_call_chain+0x1b6/0x3e0
[ 1882.714984][T16856]        __dev_notify_flags+0x18d/0x2e0
[ 1882.720540][T16856]        netif_change_flags+0xe8/0x1a0
[ 1882.726032][T16856]        dev_change_flags+0x130/0x260
[ 1882.731426][T16856]        dev_ioctl+0x7b4/0x1150
[ 1882.736313][T16856]        sock_do_ioctl+0x22c/0x300
[ 1882.741454][T16856]        sock_ioctl+0x576/0x790
[ 1882.746331][T16856]        __se_sys_ioctl+0xfc/0x170
[ 1882.751457][T16856]        do_syscall_64+0xfa/0x3b0
[ 1882.756497][T16856]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1882.762920][T16856] 
[ 1882.762920][T16856] -> #1 (nr_node_list_lock){+...}-{3:3}:
[ 1882.770759][T16856]        lock_acquire+0x120/0x360
[ 1882.775812][T16856]        _raw_spin_lock_bh+0x36/0x50
[ 1882.781149][T16856]        nr_rt_device_down+0xa9/0x720
[ 1882.786551][T16856]        nr_device_event+0x137/0x150
[ 1882.791870][T16856]        notifier_call_chain+0x1b6/0x3e0
[ 1882.797560][T16856]        __dev_notify_flags+0x18d/0x2e0
[ 1882.803142][T16856]        netif_change_flags+0xe8/0x1a0
[ 1882.808630][T16856]        dev_change_flags+0x130/0x260
[ 1882.814022][T16856]        dev_ioctl+0x7b4/0x1150
[ 1882.818887][T16856]        sock_do_ioctl+0x22c/0x300
[ 1882.824017][T16856]        sock_ioctl+0x576/0x790
[ 1882.828876][T16856]        __se_sys_ioctl+0xfc/0x170
[ 1882.833996][T16856]        do_syscall_64+0xfa/0x3b0
[ 1882.839035][T16856]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1882.845456][T16856] 
[ 1882.845456][T16856] -> #0 (nr_neigh_list_lock){+.-.}-{3:3}:
[ 1882.853375][T16856]        validate_chain+0xb9b/0x2140
[ 1882.858685][T16856]        __lock_acquire+0xab9/0xd20
[ 1882.863901][T16856]        lock_acquire+0x120/0x360
[ 1882.868941][T16856]        _raw_spin_lock_bh+0x36/0x50
[ 1882.874230][T16856]        nr_remove_neigh+0x25/0xe0
[ 1882.879350][T16856]        nr_add_node+0x1d9f/0x2570
[ 1882.884473][T16856]        nr_rt_ioctl+0xc12/0xd50
[ 1882.889436][T16856]        sock_do_ioctl+0xd9/0x300
[ 1882.894468][T16856]        sock_ioctl+0x576/0x790
[ 1882.899327][T16856]        __se_sys_ioctl+0xfc/0x170
[ 1882.904462][T16856]        do_syscall_64+0xfa/0x3b0
[ 1882.909498][T16856]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1882.915919][T16856] 
[ 1882.915919][T16856] other info that might help us debug this:
[ 1882.915919][T16856] 
[ 1882.926166][T16856] Chain exists of:
[ 1882.926166][T16856]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[ 1882.926166][T16856] 
[ 1882.940016][T16856]  Possible unsafe locking scenario:
[ 1882.940016][T16856] 
[ 1882.947478][T16856]        CPU0                    CPU1
[ 1882.952852][T16856]        ----                    ----
[ 1882.958222][T16856]   lock(&nr_node->node_lock);
[ 1882.962995][T16856]                                lock(nr_node_list_lock);
[ 1882.970112][T16856]                                lock(&nr_node->node_lock);
[ 1882.977399][T16856]   lock(nr_neigh_list_lock);
[ 1882.982086][T16856] 
[ 1882.982086][T16856]  *** DEADLOCK ***
[ 1882.982086][T16856] 
[ 1882.990230][T16856] 1 lock held by syz.3.12728/16856:
[ 1882.995429][T16856]  #0: ffff8880794cff70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[ 1883.005199][T16856] 
[ 1883.005199][T16856] stack backtrace:
[ 1883.011100][T16856] CPU: 0 UID: 0 PID: 16856 Comm: syz.3.12728 Not tainted 6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT(full) 
[ 1883.011127][T16856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1883.011140][T16856] Call Trace:
[ 1883.011148][T16856]  <TASK>
[ 1883.011158][T16856]  dump_stack_lvl+0x189/0x250
[ 1883.011187][T16856]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1883.011209][T16856]  ? __pfx__printk+0x10/0x10
[ 1883.011233][T16856]  ? stack_trace_save+0x9c/0xe0
[ 1883.011262][T16856]  print_circular_bug+0x2ee/0x310
[ 1883.011285][T16856]  check_noncircular+0x134/0x160
[ 1883.011309][T16856]  validate_chain+0xb9b/0x2140
[ 1883.011329][T16856]  ? kernel_text_address+0xa5/0xe0
[ 1883.011355][T16856]  ? __kernel_text_address+0xd/0x40
[ 1883.011379][T16856]  ? unwind_get_return_address+0x4d/0x90
[ 1883.011400][T16856]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1883.011429][T16856]  ? arch_stack_walk+0xfc/0x150
[ 1883.011457][T16856]  __lock_acquire+0xab9/0xd20
[ 1883.011488][T16856]  ? nr_remove_neigh+0x25/0xe0
[ 1883.011508][T16856]  lock_acquire+0x120/0x360
[ 1883.011534][T16856]  ? nr_remove_neigh+0x25/0xe0
[ 1883.011557][T16856]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1883.011578][T16856]  ? do_raw_spin_unlock+0x122/0x240
[ 1883.011601][T16856]  ? nr_remove_neigh+0x25/0xe0
[ 1883.011621][T16856]  _raw_spin_lock_bh+0x36/0x50
[ 1883.011640][T16856]  ? nr_remove_neigh+0x25/0xe0
[ 1883.011660][T16856]  nr_remove_neigh+0x25/0xe0
[ 1883.011683][T16856]  nr_add_node+0x1d9f/0x2570
[ 1883.011707][T16856]  ? nr_call_to_digi+0x126/0x1b0
[ 1883.011728][T16856]  nr_rt_ioctl+0xc12/0xd50
[ 1883.011751][T16856]  ? kasan_quarantine_put+0xdd/0x220
[ 1883.011775][T16856]  ? __pfx_nr_rt_ioctl+0x10/0x10
[ 1883.011799][T16856]  ? apparmor_capable+0x137/0x1b0
[ 1883.011822][T16856]  ? capable+0x89/0xe0
[ 1883.011839][T16856]  ? nr_ioctl+0x1b1/0x3b0
[ 1883.011865][T16856]  sock_do_ioctl+0xd9/0x300
[ 1883.011887][T16856]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1883.011904][T16856]  ? __lock_acquire+0xab9/0xd20
[ 1883.011939][T16856]  sock_ioctl+0x576/0x790
[ 1883.011958][T16856]  ? __pfx_sock_ioctl+0x10/0x10
[ 1883.011975][T16856]  ? __fget_files+0x2a/0x420
[ 1883.012003][T16856]  ? __fget_files+0x3a0/0x420
[ 1883.012030][T16856]  ? __fget_files+0x2a/0x420
[ 1883.012058][T16856]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1883.012081][T16856]  ? __pfx_sock_ioctl+0x10/0x10
[ 1883.012099][T16856]  __se_sys_ioctl+0xfc/0x170
[ 1883.012122][T16856]  do_syscall_64+0xfa/0x3b0
[ 1883.012146][T16856]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1883.012167][T16856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1883.012186][T16856]  ? clear_bhb_loop+0x60/0xb0
[ 1883.012208][T16856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1883.012227][T16856] RIP: 0033:0x7f0f9b58ebe9
[ 1883.012245][T16856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1883.012263][T16856] RSP: 002b:00007f0f997d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1883.012283][T16856] RAX: ffffffffffffffda RBX: 00007f0f9b7b6090 RCX: 00007f0f9b58ebe9
[ 1883.012297][T16856] RDX: 0000200000000280 RSI: 000000000000890b RDI: 0000000000000009
[ 1883.012309][T16856] RBP: 00007f0f9b611e19 R08: 0000000000000000 R09: 0000000000000000
[ 1883.012320][T16856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1883.012331][T16856] R13: 00007f0f9b7b6128 R14: 00007f0f9b7b6090 R15: 00007ffe0adea808
[ 1883.012353][T16856]  </TASK>
[ 1883.473070][T16852] lo speed is unknown, defaulting to 1000