last executing test programs:

2.264483981s ago: executing program 0 (id=4372):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x1, {{@in=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2}, {0x4000000, 0x0, 0x800}, 0x200, 0x10000000, 0x0, 0x0, 0x1}, [@tmpl={0xc4, 0x5, [{{@in=@local, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in6=@dev}, {{@in=@remote, 0x0, 0x6c}, 0xa, @in6=@private0}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x1}, 0x4000)

2.263549465s ago: executing program 4 (id=4373):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async, rerun: 64)
r1 = socket$inet_sctp(0x2, 0x1, 0x84) (rerun: 64)
setsockopt$inet_int(r1, 0x0, 0xc, &(0x7f00000002c0)=0x4, 0x4) (async, rerun: 32)
r2 = socket$pppoe(0x18, 0x1, 0x0) (rerun: 32)
ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000040)=0x100) (async)
getsockopt$inet_opts(r1, 0x0, 0x9, 0x0, &(0x7f0000000280)) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x5d31b95f8fcf7cc4, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x2a}}}}, [""]}, 0x28}}, 0xc000) (async, rerun: 32)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) (async, rerun: 32)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$kcm(0x10, 0x2, 0x0) (async)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$inet(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)="5c00000013006bec9e3be35c6e17aa31076b87511d0000007ea60864160af3653c000cc004000202080003000300000307002100eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000200ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async, rerun: 64)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x38, 0x0, 0x30d, 0x4, 0xfffffffd, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x7}, @TIPC_NLA_MON_REF={0xffffffffffffff93, 0x2, 0x81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x1b, 0x2, 0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44011}, 0x20000800) (rerun: 64)

2.173041752s ago: executing program 2 (id=4374):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000c40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@struct={0x0, 0x2, 0x0, 0x4, 0x1, 0x109, [{0x4, 0x4, 0x1}, {0xe, 0x5, 0x9}]}]}, {0x0, [0x30, 0x0, 0x0, 0x2e]}}, &(0x7f0000000f40)=""/4079, 0x42, 0xfef, 0x8}, 0x28) (fail_nth: 14)

2.138652239s ago: executing program 3 (id=4376):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="440000001000013f00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)

2.004968366s ago: executing program 0 (id=4378):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x4008800)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0xfffffffffffffffd, &(0x7f00000001c0)="186bf7ffffffffffffffef0a3254", 0x0, 0xff, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.782718644s ago: executing program 2 (id=4379):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001300000008000a0005"], 0x24}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r2, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r5, 0x0, 0xf3a, 0x0)
splice(r1, 0x0, r5, 0x0, 0x80, 0x4)
read(r1, &(0x7f0000000240)=""/233, 0xe9)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000780)={@private0={0xfc, 0x0, '\x00', 0x1}}, 0x14)
write(r3, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet(0xa, 0x801, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='f2fs_background_gc\x00', r6}, 0x18)
socket$vsock_stream(0x28, 0x1, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000004000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0xf)

1.777456503s ago: executing program 4 (id=4380):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
unshare(0x20000400)
pipe(&(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000180), 0x0, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="d225c412d92f33755162b25f1cc4eb3909000000a60c2f55d0c5c600000000000000000000000000f429e994876ca08ff05951d60bdf644b0c293a776c6d13a4ce97ca421bf11973cf76f4a642cccf5881237ad0f1499f8d61756e9872"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r7, 0x27, 0xe, 0x0, &(0x7f0000000240)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4003, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000300012800b00010067656e6576650000200002801400070020010000000000000000000000000000080001000100000008000a00", @ANYRES32], 0x58}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000500)={'batadv_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000140009052cbd7000fdffffff02180000", @ANYRES32=r10, @ANYBLOB="08000200e066"], 0x28}, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r11, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r11, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}})
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x2012, r12, 0x0)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x0, '\x00', r10, r3, 0x4, 0x3, 0x5}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0xd, &(0x7f0000000900)=ANY=[@ANYBLOB="1586f8fff0ffffff8510000003000000cd54ffff7f0a3c9018010000696c6c2500000000002020f0f111ec49b8b1fb64e7cd723997207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000649200000e0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x200, 0x25, &(0x7f0000000580)=""/37, 0x41100, 0x64, '\x00', r1, 0x25, r12, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0x10, 0xccb3, 0x81}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000740)=[r13, r2], &(0x7f0000000780)=[{0x4, 0x2, 0xe, 0x1}, {0x2, 0x5, 0x6, 0x9}, {0x5, 0x1, 0x5, 0x6}, {0x2, 0x2, 0xd, 0x4}, {0x4, 0x1, 0x10, 0x5}, {0x3, 0x2, 0x6, 0x8}, {0x1, 0x2, 0x0, 0x1}, {0x4, 0x5, 0x9, 0x2}, {0x2, 0x3, 0x9, 0x1}, {0x1, 0x5, 0x5, 0x1}], 0x10, 0x7}, 0x94)
sendmsg$NFT_BATCH(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @private}}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_MASTER={0x18, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2a}}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x38}}}}]}]}, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}}, 0x40)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040200"/20, @ANYRES32=0x0, @ANYBLOB="2825020000080000280012800c0001006d6163766c616e00180002800a0009000000000000000000080007000100000008000500", @ANYRES32=r1], 0x50}}, 0x800)

1.640990144s ago: executing program 0 (id=4381):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x4e8, 0x0, 0x11, 0x148, 0x340, 0x0, 0x450, 0x2a8, 0x2a8, 0x450, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0xce020000, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

1.633383394s ago: executing program 3 (id=4382):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x8, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x18}}]}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)

1.59591702s ago: executing program 4 (id=4383):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x679, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}, 0x1c) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) (async)
sendfile(r0, r0, 0x0, 0x1)

1.552946354s ago: executing program 1 (id=4384):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
pread64(r3, &(0x7f0000001840)=""/4096, 0x1000, 0x1)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@loopback, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}}, 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x20}, 0x20, 0x0, 0x0, 0x0, 0xa, 0x0, 0xa0, 0x2e}}, [@migrate={0x9c, 0x11, [{@in=@loopback=0xac1414aa, @in=@private=0xa010101, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@rand_addr=' \x01\x00', 0x3c, 0x4, 0x0, 0x0, 0x8, 0xa}, {@in=@remote, @in6=@rand_addr=' \x01\x00', @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x4, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.491079859s ago: executing program 3 (id=4385):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x0, &(0x7f0000000100)={<r0=>0x0, <r1=>0x0})
pselect6(0x40, &(0x7f0000000040)={0x7, 0xffffffffffffff06, 0x1, 0x2, 0x0, 0x2, 0x8000000000000001, 0x5}, &(0x7f0000000080)={0x8000000000000001, 0x4, 0x2, 0x100000001, 0x206, 0x401, 0x3, 0x8}, &(0x7f00000000c0)={0x5, 0xfff, 0x5e, 0x7ff, 0x2, 0x2ce, 0xffffffffffffff38, 0x10001}, &(0x7f0000000140)={r0, r1+10000000}, &(0x7f00000001c0)={&(0x7f0000000180)={[0x7]}, 0x8})
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, 0x0, 0x3d)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
bind$ax25(r9, &(0x7f0000000040)={{0x3, @bcast, 0x1}, [@null={0x40, 0x10}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
setsockopt$inet_sctp6_SCTP_INITMSG(r8, 0x84, 0x2, 0x0, 0x0)
ppoll(&(0x7f0000000100)=[{r6, 0x0, 0x900}], 0x1, &(0x7f0000000180)={0x77359400}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
connect$llc(0xffffffffffffffff, 0x0, 0x0)

1.4591538s ago: executing program 1 (id=4386):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r4, &(0x7f0000001cc0)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0xc6f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xc84a}, 0x1c, 0x0, 0x0, &(0x7f0000001640)=[@hoplimit={{0x14, 0x29, 0x34, 0x88b5}}, @pktinfo={{0x24, 0x29, 0x32, {@remote}}}], 0x40}}], 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0xc094)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x58, 0x140d, 0x800, 0x70bd2b, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x90)
unshare(0x20000400)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x66, &(0x7f00000000c0)=0x8001, 0x4)

1.316823968s ago: executing program 0 (id=4387):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x2, 0x80802, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000740)={'ip6gre0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xa}}}, 0x24}}, 0x0)

1.240307982s ago: executing program 0 (id=4388):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x0, &(0x7f0000000100)={<r0=>0x0, <r1=>0x0})
pselect6(0x40, &(0x7f0000000040)={0x7, 0xffffffffffffff06, 0x1, 0x2, 0x0, 0x2, 0x8000000000000001, 0x5}, &(0x7f0000000080)={0x8000000000000001, 0x4, 0x2, 0x100000001, 0x206, 0x401, 0x3, 0x8}, &(0x7f00000000c0)={0x5, 0xfff, 0x5e, 0x7ff, 0x2, 0x2ce, 0xffffffffffffff38, 0x10001}, &(0x7f0000000140)={r0, r1+10000000}, &(0x7f00000001c0)={&(0x7f0000000180)={[0x7]}, 0x8})
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, 0x0, 0x3d)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
bind$ax25(r9, &(0x7f0000000040)={{0x3, @bcast, 0x1}, [@null={0x40, 0x10}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
setsockopt$inet_sctp6_SCTP_INITMSG(r8, 0x84, 0x2, 0x0, 0x0)
ppoll(&(0x7f0000000100)=[{r6}], 0x1, &(0x7f0000000180)={0x77359400}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
openat$cgroup_ro(r4, &(0x7f0000000200)='cpuacct.usage_all\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000002c0)={0x93f, 0x7, 0x7, 0xf, 0x0, 0x800, 0x4, 0x5}, &(0x7f0000000300)={0x4737, 0x5, 0x7d, 0x11, 0x80000000625, 0x2, 0x8, 0x7ff}, &(0x7f00000003c0)={0x49, 0x5, 0xfffffffffffffff9, 0x3, 0x5, 0x80000001, 0xcda, 0x5}, &(0x7f0000000400)={0x0, 0x3938700}, &(0x7f0000000480)={&(0x7f0000000440)={[0x203]}, 0x8})
connect$llc(0xffffffffffffffff, 0x0, 0x0)

1.229792969s ago: executing program 1 (id=4389):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[], 0x14}, 0x1, 0x2000, 0x0, 0x40}, 0x4048880)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (fail_nth: 50)

705.042585ms ago: executing program 1 (id=4390):
shutdown(0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000a00000500150003000000050005000000000005000400000000080d000300686173683a6d6163"], 0x5c}}, 0x0)

704.800512ms ago: executing program 2 (id=4391):
bind$rose(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @broadcast}, 0x0, 0x1, 0x4, 0x4}}, 0x26)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x18)
syz_emit_ethernet(0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffff736de540525ea4107336558e2ed818ffffaaaaaaaaaaaa080045000028006400000402907800000000e000000211009078e0000002000000020000000000000000"], 0x0)

704.597324ms ago: executing program 4 (id=4392):
r0 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001f80)={&(0x7f00000005c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x80, 0x0, 0x0, 0x0, 0xfff4}, 0x0)

553.679283ms ago: executing program 4 (id=4393):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x1f, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x133}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xcd}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5ff}]}]}, 0x80}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x1c, 0x0, 0x0, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="4400000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00000112d45e1a005d3a9e40991800000000001c00020000000000000036677265746170000000080002800400", @ANYRES32=r6, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe00}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYRES16=r6], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000341200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b705000028000000850000006900000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="c48a570389e85e8182eab41a2f16", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

507.963931ms ago: executing program 2 (id=4394):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
unshare(0x20000400)
pipe(&(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r2, &(0x7f0000000180), 0x0, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="d225c412d92f33755162b25f1cc4eb3909000000a60c2f55d0c5c600000000000000000000000000f429e994876ca08ff05951d60bdf644b0c293a776c6d13a4ce97ca421bf11973cf76f4a642cccf5881237ad0f1499f8d61756e9872"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r7, 0x27, 0xe, 0x0, &(0x7f0000000240)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4003, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000300012800b00010067656e6576650000200002801400070020010000000000000000000000000000080001000100000008000a00", @ANYRES32], 0x58}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000500)={'batadv_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000140009052cbd7000fdffffff02180000", @ANYRES32=r10, @ANYBLOB="08000200e066"], 0x28}, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r11, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r11, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @empty}})
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x2012, r12, 0x0)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x0, '\x00', r10, r3, 0x4, 0x3, 0x5}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0xd, &(0x7f0000000900)=ANY=[@ANYBLOB="1586f8fff0ffffff8510000003000000cd54ffff7f0a3c9018010000696c6c2500000000002020f0f111ec49b8b1fb64e7cd723997207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000050000008500000006000000649200000e0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x200, 0x25, &(0x7f0000000580)=""/37, 0x41100, 0x64, '\x00', r1, 0x25, r12, 0x8, &(0x7f00000005c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0x10, 0xccb3, 0x81}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000740)=[r13, r2], &(0x7f0000000780)=[{0x4, 0x2, 0xe, 0x1}, {0x2, 0x5, 0x6, 0x9}, {0x5, 0x1, 0x5, 0x6}, {0x2, 0x2, 0xd, 0x4}, {0x4, 0x1, 0x10, 0x5}, {0x3, 0x2, 0x6, 0x8}, {0x1, 0x2, 0x0, 0x1}, {0x4, 0x5, 0x9, 0x2}, {0x2, 0x3, 0x9, 0x1}, {0x1, 0x5, 0x5, 0x1}], 0x10, 0x7}, 0x94)
sendmsg$NFT_BATCH(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @private}}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_MASTER={0x18, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2a}}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x38}}}}]}]}, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}}, 0x40)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040200"/20, @ANYRES32=0x0, @ANYBLOB="2825020000080000280012800c0001006d6163766c616e00180002800a0009000000000000000000080007000100000008000500", @ANYRES32=r1], 0x50}}, 0x800)

412.905278ms ago: executing program 1 (id=4395):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x9, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0x8, 0x7a, 0x5, 0x7, 0x7fff, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xd5, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0x1, 0x15, 0xfffffe01, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x1, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x7fff, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0x2, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8000008, 0x3, 0x100, 0x2, 0x5, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10001, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0xa, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0x7, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0xb672, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x9, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0xf38, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x4840)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="70000000100003040000800080fe000000007400", @ANYRES32=r2, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)

412.61523ms ago: executing program 3 (id=4396):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x6c, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x2, @local, 0x10000012}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x1000, @mcast1, 0x3}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x40)

264.91542ms ago: executing program 4 (id=4397):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x1c)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000280)={0x62, @remote, 0x4e20, 0x3, 'lblc\x00', 0x1, 0x0, 0x8007b}, 0x2c)
r4 = socket$kcm(0xa, 0x2, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000440)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x98, 0x0, 0x298, 0x0, 0x0, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1, 0x9}}}, {{@ip={@private=0xa010100, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}, 0x6}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x11, 0x6, 0x3, 0x1100, 0x4]}, {0x0, [0x5, 0x0, 0x0, 0x2, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1}}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0xfc}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket(0x2, 0x80805, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r7}, 0x8)
r8 = socket(0x10, 0x803, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'dummy0\x00', 0x7101})
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0x7}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0)
r12 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r11, {0x5, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6fe2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0x4, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}]}, 0x94}, 0x1, 0x0, 0x0, 0x10}, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="120000000800000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="007c94e59419d26096a17b000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x3, 0x81, 0x5}, {@broadcast, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000180)={'wlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}})
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lblcr\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x4, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})

263.697801ms ago: executing program 3 (id=4398):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x8, 0x0, 0x0, 0x3ffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @generic={0x6e, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x2}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0x31)
ioctl$SIOCAX25NOUID(r2, 0x89e3, &(0x7f0000000040)=0x1)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010001fff2bbd7000000000000000", @ANYRES32=0x0, @ANYBLOB="170100008b040200280012800900010076657468"], 0x48}}, 0x24008000)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', <r3=>0x0, 0x0, 0x0, 0x5, 0xf17, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x7, 0x5, 0x1}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x48801}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r5, 0x0}, 0x20)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r8, &(0x7f0000000200)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendto(r6, &(0x7f0000000340)="ba7141d973b53676b450e59f694aacc06352d5b7342f107cec95f7f239270917b70aa1c6d7702b16735e92f3f55a86e2df0bf7ef603c737dd94a831b76f49e850e902927b9abb27cb46d851e03e8072e3938c9b194e98562d33c4b5cf65d1a2193002b9457d0e51618cf0c7df5a4d075425389718c01c07f5b9d0ad40f9c54737846bb047e312dd6953a6733a5fcf298422c6d24a3f92cc21425bcd373a1ad6cdd89bbbab35c38855bd5a6f44e8c4cdf4e0deda5c4b074a7cb378f89219f2ae382c4872699e7a0a2b3b32cfd3f9393", 0xcf, 0x51, 0x0, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/19, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_BURST={0x8, 0x6, 0x58}]}}]}, 0x60}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="000326bd7000fbdbdf2501000000f4d8a83f", @ANYRES32=r3, @ANYBLOB="08000800e0000002140007002001000000000000000000000000000214000700ff010000000000000000000000000001060001004e200000"], 0x54}, 0x1, 0x0, 0x0, 0x40800}, 0x14)

244.974893ms ago: executing program 0 (id=4399):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r4, &(0x7f0000001cc0)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0xc6f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xc84a}, 0x1c, 0x0, 0x0, &(0x7f0000001640)=[@hoplimit={{0x14, 0x29, 0x34, 0x88b5}}, @pktinfo={{0x24, 0x29, 0x32, {@remote}}}], 0x40}}], 0x1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0xc094)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x58, 0x140d, 0x800, 0x70bd2b, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x90)
unshare(0x20000400)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x66, &(0x7f00000000c0)=0x8001, 0x4)

206.794333ms ago: executing program 2 (id=4400):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000c40)={{0xeb9f, 0x1, 0x0, 0x18, 0x1000000, 0x18, 0x18, 0x6, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x109, [{0x4, 0x4, 0x1}]}]}, {0x0, [0x30, 0x0, 0x0, 0x2e]}}, &(0x7f0000000f40)=""/4079, 0x36, 0xfef, 0x8}, 0x28)

68.877918ms ago: executing program 1 (id=4401):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0xd}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffff50ff7717ff0180c200000008004500001c0000000000029078ac1e0001ac1414bb16009078000000"], 0x0)

47.347602ms ago: executing program 2 (id=4402):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x7ffffffe, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

0s ago: executing program 3 (id=4403):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB="1820000022bf0000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000db003000a0000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x5, 0xc8, &(0x7f0000000040)=""/200}, 0x94)

kernel console output (not intermixed with test programs):

rocess `syz.1.3275'.
[  502.898469][ T1016] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.959732][T16927] Cannot find add_set index 4 as target
[  502.997736][T16910] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  503.024347][ T1016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.066249][ T1016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.177537][T16939] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3278'.
[  503.204897][ T7474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.217417][T16939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3278'.
[  503.235825][ T7474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.419640][T16945] FAULT_INJECTION: forcing a failure.
[  503.419640][T16945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  503.453465][T16945] CPU: 0 UID: 0 PID: 16945 Comm: syz.0.3281 Not tainted syzkaller #0 PREEMPT(full) 
[  503.453496][T16945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  503.453507][T16945] Call Trace:
[  503.453516][T16945]  <TASK>
[  503.453525][T16945]  dump_stack_lvl+0x189/0x250
[  503.453557][T16945]  ? __pfx____ratelimit+0x10/0x10
[  503.453587][T16945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  503.453613][T16945]  ? __pfx__printk+0x10/0x10
[  503.453640][T16945]  ? __might_fault+0xb0/0x130
[  503.453683][T16945]  should_fail_ex+0x414/0x560
[  503.453719][T16945]  _copy_from_user+0x2d/0xb0
[  503.453746][T16945]  kstrtouint_from_user+0xc4/0x170
[  503.453771][T16945]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  503.453815][T16945]  proc_fail_nth_write+0x88/0x200
[  503.453841][T16945]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  503.453874][T16945]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  503.453910][T16945]  vfs_write+0x27e/0xb30
[  503.453950][T16945]  ? __pfx_vfs_write+0x10/0x10
[  503.453979][T16945]  ? __fget_files+0x2a/0x420
[  503.454005][T16945]  ? __fget_files+0x3a0/0x420
[  503.454022][T16945]  ? __fget_files+0x2a/0x420
[  503.454053][T16945]  ksys_write+0x145/0x250
[  503.454084][T16945]  ? __pfx_ksys_write+0x10/0x10
[  503.454115][T16945]  ? do_syscall_64+0xbe/0xfa0
[  503.454139][T16945]  do_syscall_64+0xfa/0xfa0
[  503.454156][T16945]  ? lockdep_hardirqs_on+0x9c/0x150
[  503.454175][T16945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.454195][T16945]  ? clear_bhb_loop+0x60/0xb0
[  503.454219][T16945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.454238][T16945] RIP: 0033:0x7fbaa518e17f
[  503.454258][T16945] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  503.454276][T16945] RSP: 002b:00007fbaa6036030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  503.454299][T16945] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbaa518e17f
[  503.454313][T16945] RDX: 0000000000000001 RSI: 00007fbaa60360a0 RDI: 0000000000000005
[  503.454326][T16945] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  503.454339][T16945] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  503.454351][T16945] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  503.454388][T16945]  </TASK>
[  503.521770][ T5148] Bluetooth: hci2: command tx timeout
[  503.903061][T16961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3286'.
[  503.996994][T16965] Cannot find add_set index 4 as target
[  504.033823][T16961] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  504.316589][T16961] batman_adv: batadv0: Removing interface: batadv_slave_1
[  504.528089][T16979] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.560738][T16982] netlink: 'syz.3.3294': attribute type 2 has an invalid length.
[  504.656110][T16979] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.702330][T16977] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3293'.
[  504.771659][T16984] netlink: 284 bytes leftover after parsing attributes in process `syz.3.3294'.
[  504.801057][T16995] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  504.867876][T16979] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.917096][T16981] lo speed is unknown, defaulting to 1000
[  505.048017][T16979] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.537520][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  505.601666][ T7466] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  505.932296][   T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  505.958578][T17013] lo speed is unknown, defaulting to 1000
[  506.109573][ T7466] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  506.295946][T17031] Cannot find add_set index 4 as target
[  506.393423][T17033] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3304'.
[  506.460238][ T8727] IPVS: starting estimator thread 0...
[  506.581610][T17040] IPVS: using max 26 ests per chain, 62400 per kthread
[  506.838125][T17051] tipc: Started in network mode
[  506.843935][T17051] tipc: Node identity 4ad7a9afaeb5, cluster identity 4711
[  506.851860][T17051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  506.885905][T17051] syzkaller0: entered promiscuous mode
[  506.908538][T17051] syzkaller0: entered allmulticast mode
[  506.989124][T17058] syzkaller0: mtu less than device minimum
[  507.126070][T17047] tipc: Resetting bearer <eth:syzkaller0>
[  507.177834][T17047] tipc: Disabling bearer <eth:syzkaller0>
[  507.215206][T17062] netlink: 'syz.2.3312': attribute type 2 has an invalid length.
[  507.255485][T17064] netlink: 'syz.2.3312': attribute type 2 has an invalid length.
[  507.555507][T17070] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3314'.
[  507.610755][T17074] netlink: 'syz.2.3314': attribute type 1 has an invalid length.
[  507.742127][T17078] Bluetooth: MGMT ver 1.23
[  507.872464][T17070] nbd: socks must be embedded in a SOCK_ITEM attr
[  507.974685][T16143] block nbd64: NBD_DISCONNECT
[  508.297902][T16143] udevd[16143]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  508.545769][T17092] siw: device registration error -23
[  508.609971][T17092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3320'.
[  509.277127][    T9] IPVS: starting estimator thread 0...
[  509.372405][T17120] IPVS: using max 25 ests per chain, 60000 per kthread
[  509.908198][T17147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3337'.
[  509.952183][T17147] netlink: 'syz.2.3337': attribute type 9 has an invalid length.
[  510.063735][T17151] ip6tnl1: entered promiscuous mode
[  510.095785][T17150] vlan2: entered promiscuous mode
[  510.101146][T17150] vlan2: entered allmulticast mode
[  510.107913][T17150] hsr_slave_1: entered allmulticast mode
[  510.135170][T17156] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3340'.
[  510.173391][T17150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3338'.
[  510.233409][   T24] IPVS: starting estimator thread 0...
[  510.321393][T17162] IPVS: using max 25 ests per chain, 60000 per kthread
[  510.502056][T17170] sctp: [Deprecated]: syz.0.3344 (pid 17170) Use of struct sctp_assoc_value in delayed_ack socket option.
[  510.502056][T17170] Use struct sctp_sack_info instead
[  510.540059][T17160] lo speed is unknown, defaulting to 1000
[  510.666629][T17163] lo speed is unknown, defaulting to 1000
[  510.685839][T17177] netlink: 'syz.3.3346': attribute type 12 has an invalid length.
[  510.699338][T17177] netlink: 'syz.3.3346': attribute type 29 has an invalid length.
[  510.710150][T17177] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3346'.
[  510.839747][T17179] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  510.888922][T17179] sctp: [Deprecated]: syz.4.3347 (pid 17179) Use of struct sctp_assoc_value in delayed_ack socket option.
[  510.888922][T17179] Use struct sctp_sack_info instead
[  511.061978][T17179] syzkaller0: entered promiscuous mode
[  511.078216][T17179] syzkaller0: entered allmulticast mode
[  511.087130][T17179] tipc: Resetting bearer <eth:syzkaller0>
[  511.124648][T17178] tipc: Resetting bearer <eth:syzkaller0>
[  511.963830][   T24] tipc: Node number set to 2370229201
[  513.027112][T17178] tipc: Disabling bearer <eth:syzkaller0>
[  513.144846][T17195] tun0: tun_chr_ioctl cmd 1074025675
[  513.151527][T17195] tun0: persist enabled
[  513.156963][T17196] tun0: tun_chr_ioctl cmd 1074025675
[  513.163913][T17196] tun0: persist enabled
[  513.389187][T17206] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3356'.
[  513.419985][T17210] netlink: 6 bytes leftover after parsing attributes in process `syz.3.3358'.
[  513.433656][T17212] syz_tun: entered allmulticast mode
[  513.572615][T17212] syz_tun: left allmulticast mode
[  514.024872][T17230] netlink: 'syz.0.3364': attribute type 13 has an invalid length.
[  514.906075][T17230] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.913995][T17230] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.948177][T17227] Set syz1 is full, maxelem 6117 reached
[  515.406951][T17230] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.903778][T17233] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  515.956490][T17249] vlan2: entered allmulticast mode
[  516.053929][   T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  516.082566][ T7464] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  516.102598][ T7464] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  516.123261][T17236] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  516.146125][ T7464] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  516.627315][T17278] syz_tun: entered allmulticast mode
[  516.672872][T17278] lo speed is unknown, defaulting to 1000
[  516.920159][T17290] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  516.943305][T17277] syz_tun: left allmulticast mode
[  517.616255][T17297] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3381'.
[  517.692895][T17299] Cannot find set identified by id 1 to match
[  517.734970][T17299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3383'.
[  517.797995][T17301] batadv1: entered promiscuous mode
[  517.815860][T17301] 8021q: adding VLAN 0 to HW filter on device batadv1
[  517.901184][T17299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3383'.
[  517.925493][T17306] veth0_to_team: entered promiscuous mode
[  518.065020][T17309] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3386'.
[  518.112240][T17309] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3386'.
[  518.137981][T17313] xt_hashlimit: max too large, truncated to 1048576
[  518.166779][T17313] xt_CT: You must specify a L4 protocol and not use inversions on it
[  518.201544][T17309] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3386'.
[  518.396675][T17299] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3383'.
[  519.205542][T17338] netlink: 'syz.0.3398': attribute type 12 has an invalid length.
[  519.241853][T17338] netlink: 'syz.0.3398': attribute type 29 has an invalid length.
[  519.273459][T17338] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3398'.
[  519.485388][T17347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3400'.
[  519.505293][T17347] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3400'.
[  519.819733][T17357] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  519.894791][T17359] vlan0: entered allmulticast mode
[  519.923239][T17359] veth0_vlan: entered allmulticast mode
[  519.954554][T17359] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  520.455674][T17381] netlink: 'syz.1.3410': attribute type 9 has an invalid length.
[  520.554310][T17385] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  520.677764][T17390] netlink: 'syz.1.3413': attribute type 5 has an invalid length.
[  521.070633][T17405] Cannot find add_set index 4 as target
[  521.202845][T17407] Cannot find add_set index 4 as target
[  521.456092][T17419] netlink: 'syz.1.3423': attribute type 3 has an invalid length.
[  521.487585][T17419] netlink: 'syz.1.3423': attribute type 2 has an invalid length.
[  521.504793][T17419] netlink: 'syz.1.3423': attribute type 2 has an invalid length.
[  521.530291][T17415] veth3: entered promiscuous mode
[  521.785731][T17436] Cannot find add_set index 4 as target
[  522.093250][T17439] syzkaller0: entered promiscuous mode
[  522.098935][T17439] syzkaller0: entered allmulticast mode
[  522.309990][T17447] syzkaller0: entered promiscuous mode
[  522.316086][T17447] syzkaller0: entered allmulticast mode
[  522.349609][T17459] netlink: 'syz.0.3436': attribute type 10 has an invalid length.
[  522.400999][T17461] netlink: 'syz.0.3436': attribute type 10 has an invalid length.
[  523.937083][T17459] bond0: (slave dummy0): Releasing backup interface
[  523.949256][T17459] team0: Port device dummy0 added
[  524.057272][T17472] __nla_validate_parse: 16 callbacks suppressed
[  524.057294][T17472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3440'.
[  524.074171][T17472] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3440'.
[  524.083606][T17472] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3440'.
[  525.533365][T17461] team0: Port device dummy0 removed
[  525.542154][T17461] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  525.551787][T17467] netlink: 204 bytes leftover after parsing attributes in process `syz.0.3436'.
[  525.747696][T17478] netlink: 'syz.0.3441': attribute type 11 has an invalid length.
[  525.773604][T17478] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3441'.
[  525.782623][T17487] Cannot find add_set index 4 as target
[  525.986936][T17497] syz_tun: entered allmulticast mode
[  526.011594][T17499] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  526.080390][T17497] syz_tun: left allmulticast mode
[  526.136276][T17505] vlan2: entered allmulticast mode
[  526.173838][T17509] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3453'.
[  526.183323][T17509] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3453'.
[  526.209598][T17509] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3453'.
[  526.240578][T17508] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  526.270657][T17514] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3454'.
[  526.280424][T17508] syzkaller0: entered promiscuous mode
[  526.289016][T17508] syzkaller0: entered allmulticast mode
[  526.304468][T17508] tipc: Resetting bearer <eth:syzkaller0>
[  526.409286][T17506] tipc: Resetting bearer <eth:syzkaller0>
[  526.460141][T17506] tipc: Disabling bearer <eth:syzkaller0>
[  526.488361][T17521] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3457'.
[  526.528249][T17524] Cannot find add_set index 4 as target
[  526.672221][T17528] bridge0: port 1(bridge_slave_0) entered learning state
[  526.715167][T17526] batadv1: entered promiscuous mode
[  526.738419][T17526] 8021q: adding VLAN 0 to HW filter on device batadv1
[  526.919442][T17544] xt_hashlimit: max too large, truncated to 1048576
[  526.942574][T17544] xt_CT: You must specify a L4 protocol and not use inversions on it
[  527.306895][T17551] netlink: 'syz.2.3469': attribute type 9 has an invalid length.
[  527.575875][T17575] FAULT_INJECTION: forcing a failure.
[  527.575875][T17575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  527.597773][T17575] CPU: 1 UID: 0 PID: 17575 Comm: syz.2.3477 Not tainted syzkaller #0 PREEMPT(full) 
[  527.597804][T17575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  527.597815][T17575] Call Trace:
[  527.597823][T17575]  <TASK>
[  527.597832][T17575]  dump_stack_lvl+0x189/0x250
[  527.597864][T17575]  ? __pfx____ratelimit+0x10/0x10
[  527.597892][T17575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.597915][T17575]  ? __pfx__printk+0x10/0x10
[  527.597936][T17575]  ? __might_fault+0xb0/0x130
[  527.597976][T17575]  should_fail_ex+0x414/0x560
[  527.598010][T17575]  _copy_from_user+0x2d/0xb0
[  527.598036][T17575]  btf_new_fd+0x33f/0xc90
[  527.598056][T17575]  ? apparmor_capable+0x137/0x1b0
[  527.598087][T17575]  ? __pfx_btf_new_fd+0x10/0x10
[  527.598108][T17575]  ? bpf_token_put+0x143/0x160
[  527.598131][T17575]  ? bpf_btf_load+0x126/0x190
[  527.598155][T17575]  __sys_bpf+0x3ed/0x860
[  527.598177][T17575]  ? __pfx___sys_bpf+0x10/0x10
[  527.598214][T17575]  ? ksys_write+0x22a/0x250
[  527.598243][T17575]  ? __pfx_ksys_write+0x10/0x10
[  527.598276][T17575]  __x64_sys_bpf+0x7c/0x90
[  527.598304][T17575]  do_syscall_64+0xfa/0xfa0
[  527.598323][T17575]  ? lockdep_hardirqs_on+0x9c/0x150
[  527.598340][T17575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.598360][T17575]  ? clear_bhb_loop+0x60/0xb0
[  527.598384][T17575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.598403][T17575] RIP: 0033:0x7f212398f6c9
[  527.598421][T17575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.598439][T17575] RSP: 002b:00007f2121bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  527.598461][T17575] RAX: ffffffffffffffda RBX: 00007f2123be5fa0 RCX: 00007f212398f6c9
[  527.598476][T17575] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  527.598488][T17575] RBP: 00007f2121bf6090 R08: 0000000000000000 R09: 0000000000000000
[  527.598499][T17575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.598508][T17575] R13: 00007f2123be6038 R14: 00007f2123be5fa0 R15: 00007fff9ebbc6f8
[  527.598547][T17575]  </TASK>
[  528.139847][T17596] siw: device registration error -23
[  528.450151][T17578] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.458067][T17578] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.670729][T17578] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  528.689621][T17578] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  529.000513][T17589] 8021q: adding VLAN 0 to HW filter on device bond1
[  529.086571][ T7466] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  529.109810][ T7466] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  529.136836][ T7466] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  529.160645][ T7466] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  529.173047][T17585] lo speed is unknown, defaulting to 1000
[  529.195805][T17612] netlink: 'syz.3.3485': attribute type 12 has an invalid length.
[  529.226512][T17612] netlink: 'syz.3.3485': attribute type 29 has an invalid length.
[  529.242257][T17612] __nla_validate_parse: 15 callbacks suppressed
[  529.242277][T17612] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3485'.
[  529.258024][T17612] netlink: 'syz.3.3485': attribute type 2 has an invalid length.
[  529.269652][T17612] netlink: 23 bytes leftover after parsing attributes in process `syz.3.3485'.
[  529.453483][T17614] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3488'.
[  529.520285][T17617] lo speed is unknown, defaulting to 1000
[  530.237767][T17655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3497'.
[  530.279079][T17654] macvtap2: entered allmulticast mode
[  530.291671][T17654] mac80211_hwsim hwsim29 wlan0: entered allmulticast mode
[  530.307354][T17654] mac80211_hwsim hwsim29 wlan0: left allmulticast mode
[  530.594298][T17667] FAULT_INJECTION: forcing a failure.
[  530.594298][T17667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  530.632053][T17667] CPU: 0 UID: 0 PID: 17667 Comm: syz.0.3503 Not tainted syzkaller #0 PREEMPT(full) 
[  530.632083][T17667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  530.632095][T17667] Call Trace:
[  530.632104][T17667]  <TASK>
[  530.632114][T17667]  dump_stack_lvl+0x189/0x250
[  530.632145][T17667]  ? __pfx____ratelimit+0x10/0x10
[  530.632175][T17667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.632201][T17667]  ? __pfx__printk+0x10/0x10
[  530.632238][T17667]  should_fail_ex+0x414/0x560
[  530.632274][T17667]  _copy_to_user+0x31/0xb0
[  530.632303][T17667]  simple_read_from_buffer+0xe1/0x170
[  530.632338][T17667]  proc_fail_nth_read+0x1b3/0x220
[  530.632368][T17667]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  530.632397][T17667]  ? rw_verify_area+0x2a6/0x4d0
[  530.632423][T17667]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  530.632449][T17667]  vfs_read+0x200/0xa30
[  530.632486][T17667]  ? __pfx_vfs_read+0x10/0x10
[  530.632517][T17667]  ? bpf_trace_run2+0x322/0x4b0
[  530.632547][T17667]  ? bpf_trace_run2+0x186/0x4b0
[  530.632578][T17667]  ? __pfx_bpf_trace_run2+0x10/0x10
[  530.632616][T17667]  ksys_read+0x145/0x250
[  530.632645][T17667]  ? __pfx_ksys_read+0x10/0x10
[  530.632684][T17667]  do_syscall_64+0xfa/0xfa0
[  530.632702][T17667]  ? lockdep_hardirqs_on+0x9c/0x150
[  530.632722][T17667]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.632741][T17667]  ? clear_bhb_loop+0x60/0xb0
[  530.632766][T17667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.632784][T17667] RIP: 0033:0x7fbaa518e0dc
[  530.632802][T17667] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  530.632819][T17667] RSP: 002b:00007fbaa6036030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  530.632841][T17667] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518e0dc
[  530.632856][T17667] RDX: 000000000000000f RSI: 00007fbaa60360a0 RDI: 0000000000000006
[  530.632869][T17667] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  530.632889][T17667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.632901][T17667] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  530.632937][T17667]  </TASK>
[  530.949922][T17675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3505'.
[  530.959695][T17647] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  531.272492][T17692] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3510'.
[  531.430618][T17697] FAULT_INJECTION: forcing a failure.
[  531.430618][T17697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.471403][T17697] CPU: 1 UID: 0 PID: 17697 Comm: syz.4.3511 Not tainted syzkaller #0 PREEMPT(full) 
[  531.471434][T17697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  531.471446][T17697] Call Trace:
[  531.471455][T17697]  <TASK>
[  531.471463][T17697]  dump_stack_lvl+0x189/0x250
[  531.471496][T17697]  ? __pfx____ratelimit+0x10/0x10
[  531.471524][T17697]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.471551][T17697]  ? __pfx__printk+0x10/0x10
[  531.471571][T17697]  ? __might_fault+0xb0/0x130
[  531.471612][T17697]  should_fail_ex+0x414/0x560
[  531.471647][T17697]  _copy_from_user+0x2d/0xb0
[  531.471684][T17697]  ip_tunnel_parm_from_user+0xa2/0x380
[  531.471710][T17697]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[  531.471733][T17697]  ? __kasan_save_free_info+0x46/0x50
[  531.471776][T17697]  ip_tunnel_siocdevprivate+0x99/0x180
[  531.471802][T17697]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  531.471843][T17697]  ipip6_tunnel_siocdevprivate+0x24e/0x1580
[  531.471868][T17697]  ? __pfx___mutex_trylock_common+0x10/0x10
[  531.471898][T17697]  ? __pfx_ipip6_tunnel_siocdevprivate+0x10/0x10
[  531.471918][T17697]  ? rcu_is_watching+0x15/0xb0
[  531.471938][T17697]  ? trace_contention_end+0x39/0x120
[  531.471961][T17697]  ? __mutex_lock+0x335/0x1350
[  531.471992][T17697]  ? __lock_acquire+0xab9/0xd20
[  531.472016][T17697]  ? dev_ioctl+0x83c/0x1150
[  531.472036][T17697]  ? full_name_hash+0x92/0xe0
[  531.472061][T17697]  ? netdev_name_node_lookup+0xdf/0x120
[  531.472092][T17697]  dev_ifsioc+0xb57/0xf00
[  531.472123][T17697]  dev_ioctl+0x84c/0x1150
[  531.472148][T17697]  sock_ioctl+0x719/0x790
[  531.472177][T17697]  ? __pfx_sock_ioctl+0x10/0x10
[  531.472208][T17697]  ? __fget_files+0x3a0/0x420
[  531.472227][T17697]  ? __fget_files+0x2a/0x420
[  531.472250][T17697]  ? bpf_lsm_file_ioctl+0x9/0x20
[  531.472272][T17697]  ? __pfx_sock_ioctl+0x10/0x10
[  531.472297][T17697]  __se_sys_ioctl+0xfc/0x170
[  531.472327][T17697]  do_syscall_64+0xfa/0xfa0
[  531.472345][T17697]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.472364][T17697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.472385][T17697]  ? clear_bhb_loop+0x60/0xb0
[  531.472410][T17697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.472428][T17697] RIP: 0033:0x7f950e38f6c9
[  531.472447][T17697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.472464][T17697] RSP: 002b:00007f950f15d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  531.472487][T17697] RAX: ffffffffffffffda RBX: 00007f950e5e5fa0 RCX: 00007f950e38f6c9
[  531.472502][T17697] RDX: 0000200000000080 RSI: 00000000000089f3 RDI: 0000000000000003
[  531.472516][T17697] RBP: 00007f950f15d090 R08: 0000000000000000 R09: 0000000000000000
[  531.472529][T17697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.472541][T17697] R13: 00007f950e5e6038 R14: 00007f950e5e5fa0 R15: 00007ffe0f52e648
[  531.472579][T17697]  </TASK>
[  532.211519][T17715] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3518'.
[  532.299034][T17720] vlan2: entered promiscuous mode
[  532.305715][T17720] vlan2: entered allmulticast mode
[  532.310869][T17720] hsr_slave_1: entered allmulticast mode
[  532.444726][T17730] Cannot find add_set index 4 as target
[  532.463789][T17720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3519'.
[  532.800622][T17740] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  532.830007][T17747] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge0
[  532.849604][T17747] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  533.106267][T17744] syzkaller0: entered promiscuous mode
[  533.113332][T17744] syzkaller0: entered allmulticast mode
[  533.119901][T17744] tipc: Resetting bearer <eth:syzkaller0>
[  533.126843][T17752] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  533.137201][T17732] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  533.156782][T17757] netlink: 'syz.1.3533': attribute type 6 has an invalid length.
[  533.171925][T17733] tipc: Resetting bearer <eth:syzkaller0>
[  533.248387][T17761] netlink: 'syz.1.3533': attribute type 6 has an invalid length.
[  533.456977][T17774] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3537'.
[  533.466733][T17774] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3537'.
[  535.027794][T17733] tipc: Disabling bearer <eth:syzkaller0>
[  535.359621][T17263] hid-generic 0005:0007:0008.0002: unknown main item tag 0x0
[  535.430056][T17263] hid-generic 0005:0007:0008.0002: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa
[  535.479741][T17797] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  535.522951][T17802] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3544'.
[  535.595507][T17806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3545'.
[  535.622356][T17806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3545'.
[  535.671766][T17805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3543'.
[  535.699401][T17803] fido_id[17803]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci2/hci2:200/report_descriptor': No such file or directory
[  535.821894][T17811] tipc: Started in network mode
[  535.872609][T17811] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711
[  535.933023][T17811] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  535.969819][T17814] ieee802154 phy0 wpan0: encryption failed: -22
[  535.977824][T17822] netlink: 'syz.4.3550': attribute type 13 has an invalid length.
[  536.007563][T17822] netlink: 'syz.4.3550': attribute type 17 has an invalid length.
[  536.018643][T17811] netlink: 'syz.3.3547': attribute type 10 has an invalid length.
[  536.067063][T17825] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3550'.
[  536.183309][T17822] 8021q: adding VLAN 0 to HW filter on device bond0
[  536.194926][T17822] 8021q: adding VLAN 0 to HW filter on device team0
[  536.211075][T17822] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  536.238361][T17825] 8021q: VLANs not supported on ip_vti0
[  536.368474][T17835] syzkaller0: entered promiscuous mode
[  536.374748][T17835] syzkaller0: entered allmulticast mode
[  536.382902][T17834] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  536.410565][T17826] tipc: Resetting bearer <eth:syzkaller0>
[  538.340643][T17826] tipc: Disabling bearer <eth:syzkaller0>
[  538.359396][T17844] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  538.396829][T17849] bond0: entered promiscuous mode
[  538.403046][T17849] bond_slave_0: entered promiscuous mode
[  538.409910][T17849] bond_slave_1: entered promiscuous mode
[  538.421321][T17849] bond0: left promiscuous mode
[  538.426944][T17849] bond_slave_0: left promiscuous mode
[  538.433954][T17849] bond_slave_1: left promiscuous mode
[  538.468772][T17857] netlink: 'syz.2.3558': attribute type 10 has an invalid length.
[  538.469464][T17843] lo speed is unknown, defaulting to 1000
[  538.532146][T17857] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3558'.
[  538.584762][T17859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3559'.
[  538.619447][T17857] bond0: entered promiscuous mode
[  538.641839][T17857] bond_slave_0: entered promiscuous mode
[  538.647835][T17857] bond_slave_1: entered promiscuous mode
[  538.664957][T17857] bridge0: port 3(bond0) entered blocking state
[  538.682468][T17857] bridge0: port 3(bond0) entered disabled state
[  538.689046][T17857] bond0: entered allmulticast mode
[  538.725308][T17857] bond_slave_0: entered allmulticast mode
[  538.751793][T17857] bond_slave_1: entered allmulticast mode
[  538.775641][T17857] bond0: left allmulticast mode
[  538.793753][T17857] bond_slave_0: left allmulticast mode
[  538.801209][T17867] FAULT_INJECTION: forcing a failure.
[  538.801209][T17867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  538.804733][T17857] bond_slave_1: left allmulticast mode
[  538.831451][T17867] CPU: 1 UID: 0 PID: 17867 Comm: syz.4.3563 Not tainted syzkaller #0 PREEMPT(full) 
[  538.831481][T17867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  538.831492][T17867] Call Trace:
[  538.831501][T17867]  <TASK>
[  538.831510][T17867]  dump_stack_lvl+0x189/0x250
[  538.831542][T17867]  ? __pfx____ratelimit+0x10/0x10
[  538.831571][T17867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  538.831596][T17867]  ? __pfx__printk+0x10/0x10
[  538.831619][T17867]  ? __asan_memcpy+0x40/0x70
[  538.831651][T17867]  should_fail_ex+0x414/0x560
[  538.831686][T17867]  _copy_to_user+0x31/0xb0
[  538.831714][T17867]  bpf_verifier_vlog+0x3ba/0x900
[  538.831755][T17867]  __btf_verifier_log+0xd4/0x120
[  538.831786][T17867]  ? __pfx___btf_verifier_log+0x10/0x10
[  538.831808][T17867]  ? __might_fault+0xb0/0x130
[  538.831843][T17867]  ? btf_parse_hdr+0x1e2/0x6d0
[  538.831877][T17867]  btf_parse_hdr+0x282/0x6d0
[  538.831919][T17867]  btf_new_fd+0x372/0xc90
[  538.831936][T17867]  ? apparmor_capable+0x137/0x1b0
[  538.831964][T17867]  ? __pfx_btf_new_fd+0x10/0x10
[  538.831983][T17867]  ? bpf_token_put+0x143/0x160
[  538.832006][T17867]  ? bpf_btf_load+0x126/0x190
[  538.832029][T17867]  __sys_bpf+0x3ed/0x860
[  538.832051][T17867]  ? __pfx___sys_bpf+0x10/0x10
[  538.832088][T17867]  ? ksys_write+0x22a/0x250
[  538.832118][T17867]  ? __pfx_ksys_write+0x10/0x10
[  538.832152][T17867]  __x64_sys_bpf+0x7c/0x90
[  538.832182][T17867]  do_syscall_64+0xfa/0xfa0
[  538.832199][T17867]  ? lockdep_hardirqs_on+0x9c/0x150
[  538.832219][T17867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.832239][T17867]  ? clear_bhb_loop+0x60/0xb0
[  538.832263][T17867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.832283][T17867] RIP: 0033:0x7f950e38f6c9
[  538.832302][T17867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.832319][T17867] RSP: 002b:00007f950f15d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  538.832341][T17867] RAX: ffffffffffffffda RBX: 00007f950e5e5fa0 RCX: 00007f950e38f6c9
[  538.832356][T17867] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  538.832369][T17867] RBP: 00007f950f15d090 R08: 0000000000000000 R09: 0000000000000000
[  538.832382][T17867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.832394][T17867] R13: 00007f950e5e6038 R14: 00007f950e5e5fa0 R15: 00007ffe0f52e648
[  538.832429][T17867]  </TASK>
[  539.308540][T17866] lo speed is unknown, defaulting to 1000
[  540.319780][T17900] syzkaller0: entered promiscuous mode
[  540.331406][T17900] syzkaller0: entered allmulticast mode
[  540.772088][T17914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3573'.
[  542.317169][T17912] team0: Port device team_slave_0 removed
[  542.387851][T17924] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3574'.
[  542.657405][T17934] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3578'.
[  542.689921][T17934] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3578'.
[  543.083856][T17950] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  543.345518][T17950] syzkaller0: entered promiscuous mode
[  543.376368][T17950] syzkaller0: entered allmulticast mode
[  543.411049][T17950] tipc: Resetting bearer <eth:syzkaller0>
[  543.543642][T17948] tipc: Resetting bearer <eth:syzkaller0>
[  544.101407][ T8729] tipc: Node number set to 4269801642
[  545.805361][T17948] tipc: Disabling bearer <eth:syzkaller0>
[  545.820256][T17994] vlan2: entered allmulticast mode
[  546.064185][T18018] netlink: 'syz.1.3600': attribute type 12 has an invalid length.
[  546.115312][T18018] netlink: 'syz.1.3600': attribute type 29 has an invalid length.
[  546.132989][T18025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3602'.
[  546.145462][T18018] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3600'.
[  546.155419][T18018] netlink: 'syz.1.3600': attribute type 2 has an invalid length.
[  546.164165][T18018] netlink: 23 bytes leftover after parsing attributes in process `syz.1.3600'.
[  546.172701][T18021] netlink: 'syz.4.3599': attribute type 10 has an invalid length.
[  546.216605][T18025] netlink: 'syz.0.3602': attribute type 9 has an invalid length.
[  546.225967][T18021] team0: Port device dummy0 added
[  546.233243][T18029] netlink: 'syz.4.3599': attribute type 10 has an invalid length.
[  546.344561][T18029] team0: Port device dummy0 removed
[  546.379329][T18029] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  546.637125][T18050] bridge_slave_0: left allmulticast mode
[  546.643721][T18050] bridge_slave_0: left promiscuous mode
[  546.649731][T18050] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.708058][T18050] bridge_slave_1: left allmulticast mode
[  546.719795][T18050] bridge_slave_1: left promiscuous mode
[  546.776606][T18050] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.015534][T18050] bond0: (slave bond_slave_0): Releasing backup interface
[  547.097130][T18050] bond_slave_0: left promiscuous mode
[  547.149480][T18050] bond0: (slave bond_slave_1): Releasing backup interface
[  547.184379][T18050] bond_slave_1: left promiscuous mode
[  547.249671][T18050] team0: Port device team_slave_0 removed
[  547.285677][T18050] team0: Port device team_slave_1 removed
[  547.299970][T18050] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  547.324184][T18050] batman_adv: batadv0: Removing interface: batadv_slave_0
[  547.355511][T18084] x_tables: duplicate underflow at hook 3
[  547.394258][T18050] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  547.398588][T18087] FAULT_INJECTION: forcing a failure.
[  547.398588][T18087] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  547.408958][T18050] batman_adv: batadv0: Removing interface: batadv_slave_1
[  547.419466][T18087] CPU: 1 UID: 0 PID: 18087 Comm: syz.4.3614 Not tainted syzkaller #0 PREEMPT(full) 
[  547.419491][T18087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  547.419502][T18087] Call Trace:
[  547.419510][T18087]  <TASK>
[  547.419526][T18087]  dump_stack_lvl+0x189/0x250
[  547.419556][T18087]  ? __pfx____ratelimit+0x10/0x10
[  547.419583][T18087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  547.419606][T18087]  ? __pfx__printk+0x10/0x10
[  547.419626][T18087]  ? fs_reclaim_acquire+0x7d/0x100
[  547.419653][T18087]  should_fail_ex+0x414/0x560
[  547.419685][T18087]  prepare_alloc_pages+0x213/0x610
[  547.419711][T18087]  __alloc_frozen_pages_noprof+0x123/0x370
[  547.419735][T18087]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  547.419763][T18087]  ? policy_nodemask+0x27c/0x720
[  547.419787][T18087]  alloc_pages_mpol+0x232/0x4a0
[  547.419811][T18087]  vma_alloc_folio_noprof+0xe4/0x200
[  547.419833][T18087]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  547.419864][T18087]  folio_prealloc+0x30/0x180
[  547.419891][T18087]  do_wp_page+0x1231/0x5800
[  547.419938][T18087]  ? __pfx_do_wp_page+0x10/0x10
[  547.419957][T18087]  ? do_raw_spin_lock+0x121/0x290
[  547.419983][T18087]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  547.420017][T18087]  __handle_mm_fault+0x1033/0x5400
[  547.420059][T18087]  ? __pfx___handle_mm_fault+0x10/0x10
[  547.420104][T18087]  ? find_vma+0xe7/0x160
[  547.420125][T18087]  ? __pfx_find_vma+0x10/0x10
[  547.420151][T18087]  handle_mm_fault+0x40a/0x8e0
[  547.420185][T18087]  do_user_addr_fault+0x764/0x1380
[  547.420221][T18087]  exc_page_fault+0x82/0x100
[  547.420242][T18087]  asm_exc_page_fault+0x26/0x30
[  547.420259][T18087] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  547.420276][T18087] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 07 68 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  547.420291][T18087] RSP: 0018:ffffc9001335f8b8 EFLAGS: 00050246
[  547.420308][T18087] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000003030
[  547.420320][T18087] RDX: ffff8880265dbc80 RSI: 0000000000000000 RDI: 00000000ffffffff
[  547.420332][T18087] RBP: ffffc9001335fa30 R08: ffffffff8f7cf777 R09: 1ffffffff1ef9eee
[  547.420345][T18087] R10: dffffc0000000000 R11: fffffbfff1ef9eef R12: 0000000000000000
[  547.420357][T18087] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000200000003000
[  547.420389][T18087]  ____sys_recvmsg+0x2ab/0x460
[  547.420421][T18087]  ? __pfx_____sys_recvmsg+0x10/0x10
[  547.420464][T18087]  ? import_iovec+0x74/0xa0
[  547.420490][T18087]  ___sys_recvmsg+0x1b5/0x510
[  547.420529][T18087]  ? __pfx____sys_recvmsg+0x10/0x10
[  547.420585][T18087]  ? __might_fault+0xb0/0x130
[  547.420613][T18087]  do_recvmmsg+0x307/0x770
[  547.420643][T18087]  ? __pfx_do_recvmmsg+0x10/0x10
[  547.420677][T18087]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  547.420716][T18087]  __x64_sys_recvmmsg+0x190/0x240
[  547.420740][T18087]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  547.420765][T18087]  ? do_syscall_64+0xbe/0xfa0
[  547.420787][T18087]  do_syscall_64+0xfa/0xfa0
[  547.420802][T18087]  ? lockdep_hardirqs_on+0x9c/0x150
[  547.420819][T18087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.420836][T18087]  ? clear_bhb_loop+0x60/0xb0
[  547.420858][T18087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.420875][T18087] RIP: 0033:0x7f950e38f6c9
[  547.420891][T18087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.420905][T18087] RSP: 002b:00007f950f15d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  547.420923][T18087] RAX: ffffffffffffffda RBX: 00007f950e5e5fa0 RCX: 00007f950e38f6c9
[  547.420936][T18087] RDX: 03ffffffffffff67 RSI: 0000200000002440 RDI: 0000000000000005
[  547.420948][T18087] RBP: 00007f950f15d090 R08: 0000000000000000 R09: 0000000000000000
[  547.420960][T18087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  547.420971][T18087] R13: 00007f950e5e6038 R14: 00007f950e5e5fa0 R15: 00007ffe0f52e648
[  547.421004][T18087]  </TASK>
[  547.734630][T18097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3616'.
[  547.862110][T18098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3616'.
[  547.886396][T18050] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  547.905605][ T8729] lo speed is unknown, defaulting to 1000
[  547.906117][T18053] team0: Mode changed to "activebackup"
[  547.944910][T18056] veth0: entered promiscuous mode
[  547.998992][T18056] veth0: left promiscuous mode
[  548.063290][T18065] lo speed is unknown, defaulting to 1000
[  548.123983][T18104] netlink: 'syz.4.3618': attribute type 1 has an invalid length.
[  548.148336][T18101] tipc: Failed to remove unknown binding: 66,1,1/0:3690055423/3690055426
[  548.212170][T18102] tipc: Failed to remove unknown binding: 66,1,1/0:3690055423/3690055426
[  548.403653][T18114] netlink: 'syz.3.3621': attribute type 10 has an invalid length.
[  548.457162][T18114] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3621'.
[  548.612300][T18114] bond0: entered promiscuous mode
[  548.617639][T18114] bond_slave_0: entered promiscuous mode
[  548.652090][T18114] bond_slave_1: entered promiscuous mode
[  548.658518][T18114] bridge0: port 3(bond0) entered blocking state
[  548.695677][T18114] bridge0: port 3(bond0) entered disabled state
[  548.715414][T18114] bond0: entered allmulticast mode
[  548.728185][T18114] bond_slave_0: entered allmulticast mode
[  548.736399][T18114] bond_slave_1: entered allmulticast mode
[  548.751650][T18114] bridge0: port 3(bond0) entered blocking state
[  548.758180][T18114] bridge0: port 3(bond0) entered forwarding state
[  548.804317][T18134] FAULT_INJECTION: forcing a failure.
[  548.804317][T18134] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  548.825710][T18134] CPU: 0 UID: 0 PID: 18134 Comm: syz.2.3628 Not tainted syzkaller #0 PREEMPT(full) 
[  548.825739][T18134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  548.825752][T18134] Call Trace:
[  548.825788][T18134]  <TASK>
[  548.825798][T18134]  dump_stack_lvl+0x189/0x250
[  548.825832][T18134]  ? __pfx____ratelimit+0x10/0x10
[  548.825862][T18134]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.825889][T18134]  ? __pfx__printk+0x10/0x10
[  548.825927][T18134]  should_fail_ex+0x414/0x560
[  548.825963][T18134]  _copy_from_user+0x2d/0xb0
[  548.825991][T18134]  copy_from_sockptr+0x48/0x70
[  548.826013][T18134]  ip6_mroute_setsockopt+0x618/0xf00
[  548.826056][T18134]  ? __pfx_ip6_mroute_setsockopt+0x10/0x10
[  548.826126][T18134]  do_ipv6_setsockopt+0x35a/0x2eb0
[  548.826160][T18134]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  548.826193][T18134]  ? aa_label_sk_perm+0x4cd/0x630
[  548.826219][T18134]  ? get_pid_task+0x20/0x1f0
[  548.826254][T18134]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  548.826295][T18134]  ? vfs_write+0x956/0xb30
[  548.826329][T18134]  ? __pfx___might_resched+0x10/0x10
[  548.826361][T18134]  ? __lock_acquire+0xab9/0xd20
[  548.826389][T18134]  ipv6_setsockopt+0x59/0x170
[  548.826416][T18134]  rawv6_setsockopt+0x23b/0x5b0
[  548.826443][T18134]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  548.826465][T18134]  ? aa_sock_opt_perm+0xff/0x1b0
[  548.826497][T18134]  ? sock_common_setsockopt+0x36/0xc0
[  548.826522][T18134]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  548.826546][T18134]  do_sock_setsockopt+0x17c/0x1b0
[  548.826571][T18134]  __x64_sys_setsockopt+0x13f/0x1b0
[  548.826597][T18134]  do_syscall_64+0xfa/0xfa0
[  548.826616][T18134]  ? lockdep_hardirqs_on+0x9c/0x150
[  548.826635][T18134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.826655][T18134]  ? clear_bhb_loop+0x60/0xb0
[  548.826680][T18134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.826700][T18134] RIP: 0033:0x7f212398f6c9
[  548.826719][T18134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.826736][T18134] RSP: 002b:00007f2121bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  548.826768][T18134] RAX: ffffffffffffffda RBX: 00007f2123be6090 RCX: 00007f212398f6c9
[  548.826784][T18134] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000004
[  548.826797][T18134] RBP: 00007f2121bd5090 R08: 0000000000000004 R09: 0000000000000000
[  548.826809][T18134] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  548.826822][T18134] R13: 00007f2123be6128 R14: 00007f2123be6090 R15: 00007fff9ebbc6f8
[  548.826859][T18134]  </TASK>
[  549.233894][T18141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3633'.
[  549.243626][T18141] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3633'.
[  549.252760][T18141] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3633'.
[  549.310320][T18145] netlink: 'syz.3.3634': attribute type 1 has an invalid length.
[  549.347084][T18145] bond1: entered promiscuous mode
[  549.353424][T18145] 8021q: adding VLAN 0 to HW filter on device bond1
[  549.383374][T18145] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3634'.
[  549.414965][T18145] bond1: entered allmulticast mode
[  549.533917][T18145] bond1: (slave bridge1): making interface the new active one
[  549.571906][T18145] bridge1: entered promiscuous mode
[  549.577388][T18145] bridge1: entered allmulticast mode
[  549.610252][T18145] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  549.811054][T18164] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  549.832600][ T5148] Bluetooth: hci5: command 0x0406 tx timeout
[  549.869263][T18170] 8021q: VLANs not supported on ipvlan1
[  549.890112][T18170] macsec1: entered promiscuous mode
[  549.898606][T18170] macsec1: entered allmulticast mode
[  549.997279][T18175] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  550.054419][T18175] pim6reg1: entered promiscuous mode
[  550.059998][T18175] pim6reg1: entered allmulticast mode
[  550.119037][T18177] mac80211_hwsim hwsim39 wlan0: entered promiscuous mode
[  550.135066][T18177] macsec1: entered promiscuous mode
[  550.143692][T18177] macsec1: entered allmulticast mode
[  550.175823][T18177] mac80211_hwsim hwsim39 wlan0: entered allmulticast mode
[  550.462776][T18193] lo speed is unknown, defaulting to 1000
[  550.737417][T18203] Cannot find add_set index 4 as target
[  550.845671][T18210] xt_hashlimit: max too large, truncated to 1048576
[  550.853837][T18210] xt_CT: You must specify a L4 protocol and not use inversions on it
[  551.110089][T18221] FAULT_INJECTION: forcing a failure.
[  551.110089][T18221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.126319][T18221] CPU: 1 UID: 0 PID: 18221 Comm: syz.1.3665 Not tainted syzkaller #0 PREEMPT(full) 
[  551.126349][T18221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  551.126360][T18221] Call Trace:
[  551.126369][T18221]  <TASK>
[  551.126378][T18221]  dump_stack_lvl+0x189/0x250
[  551.126411][T18221]  ? __pfx____ratelimit+0x10/0x10
[  551.126437][T18221]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.126463][T18221]  ? __pfx__printk+0x10/0x10
[  551.126501][T18221]  should_fail_ex+0x414/0x560
[  551.126537][T18221]  _copy_to_user+0x31/0xb0
[  551.126565][T18221]  simple_read_from_buffer+0xe1/0x170
[  551.126601][T18221]  proc_fail_nth_read+0x1b3/0x220
[  551.126631][T18221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.126661][T18221]  ? rw_verify_area+0x2a6/0x4d0
[  551.126687][T18221]  ? __lock_acquire+0xab9/0xd20
[  551.126706][T18221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.126733][T18221]  vfs_read+0x200/0xa30
[  551.126759][T18221]  ? fdget_pos+0x247/0x320
[  551.126794][T18221]  ? __pfx___mutex_lock+0x10/0x10
[  551.126817][T18221]  ? __pfx_vfs_read+0x10/0x10
[  551.126846][T18221]  ? __fget_files+0x2a/0x420
[  551.126871][T18221]  ? __fget_files+0x3a0/0x420
[  551.126889][T18221]  ? __fget_files+0x2a/0x420
[  551.126919][T18221]  ksys_read+0x145/0x250
[  551.126951][T18221]  ? __pfx_ksys_read+0x10/0x10
[  551.126983][T18221]  ? do_syscall_64+0xbe/0xfa0
[  551.127007][T18221]  do_syscall_64+0xfa/0xfa0
[  551.127025][T18221]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.127044][T18221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.127065][T18221]  ? clear_bhb_loop+0x60/0xb0
[  551.127090][T18221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.127111][T18221] RIP: 0033:0x7f59a878e0dc
[  551.127131][T18221] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  551.127148][T18221] RSP: 002b:00007f59a966a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  551.127171][T18221] RAX: ffffffffffffffda RBX: 00007f59a89e5fa0 RCX: 00007f59a878e0dc
[  551.127186][T18221] RDX: 000000000000000f RSI: 00007f59a966a0a0 RDI: 0000000000000004
[  551.127199][T18221] RBP: 00007f59a966a090 R08: 0000000000000000 R09: 0000000000000000
[  551.127212][T18221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.127224][T18221] R13: 00007f59a89e6038 R14: 00007f59a89e5fa0 R15: 00007ffdb5653738
[  551.127262][T18221]  </TASK>
[  551.200437][T18224] __nla_validate_parse: 5 callbacks suppressed
[  551.200456][T18224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3666'.
[  551.218189][T18225] IPVS: set_ctl: invalid protocol: 135 127.0.0.1:20004
[  551.264006][T18227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3667'.
[  551.353714][T18230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3668'.
[  551.357620][T18224] netlink: 'syz.2.3666': attribute type 9 has an invalid length.
[  552.142852][T18255] FAULT_INJECTION: forcing a failure.
[  552.142852][T18255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  552.183696][T18255] CPU: 0 UID: 0 PID: 18255 Comm: syz.0.3677 Not tainted syzkaller #0 PREEMPT(full) 
[  552.183726][T18255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  552.183738][T18255] Call Trace:
[  552.183747][T18255]  <TASK>
[  552.183757][T18255]  dump_stack_lvl+0x189/0x250
[  552.183790][T18255]  ? __pfx____ratelimit+0x10/0x10
[  552.183820][T18255]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.183847][T18255]  ? __pfx__printk+0x10/0x10
[  552.183870][T18255]  ? __asan_memcpy+0x40/0x70
[  552.183906][T18255]  should_fail_ex+0x414/0x560
[  552.183942][T18255]  _copy_to_user+0x31/0xb0
[  552.183970][T18255]  bpf_verifier_vlog+0x3ba/0x900
[  552.184006][T18255]  __btf_verifier_log+0xd4/0x120
[  552.184039][T18255]  ? __pfx___btf_verifier_log+0x10/0x10
[  552.184061][T18255]  ? __might_fault+0xb0/0x130
[  552.184094][T18255]  ? btf_parse_hdr+0x1e2/0x6d0
[  552.184129][T18255]  btf_parse_hdr+0x2d8/0x6d0
[  552.184166][T18255]  btf_new_fd+0x372/0xc90
[  552.184184][T18255]  ? apparmor_capable+0x137/0x1b0
[  552.184217][T18255]  ? __pfx_btf_new_fd+0x10/0x10
[  552.184238][T18255]  ? bpf_token_put+0x143/0x160
[  552.184261][T18255]  ? bpf_btf_load+0x126/0x190
[  552.184285][T18255]  __sys_bpf+0x3ed/0x860
[  552.184307][T18255]  ? __pfx___sys_bpf+0x10/0x10
[  552.184346][T18255]  ? ksys_write+0x22a/0x250
[  552.184377][T18255]  ? __pfx_ksys_write+0x10/0x10
[  552.184411][T18255]  __x64_sys_bpf+0x7c/0x90
[  552.184440][T18255]  do_syscall_64+0xfa/0xfa0
[  552.184466][T18255]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.184485][T18255]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.184505][T18255]  ? clear_bhb_loop+0x60/0xb0
[  552.184529][T18255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.184549][T18255] RIP: 0033:0x7fbaa518f6c9
[  552.184567][T18255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  552.184586][T18255] RSP: 002b:00007fbaa6036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  552.184609][T18255] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518f6c9
[  552.184624][T18255] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  552.184637][T18255] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  552.184649][T18255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  552.184661][T18255] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  552.184697][T18255]  </TASK>
[  554.834224][T18288] netlink: 'syz.4.3686': attribute type 1 has an invalid length.
[  554.922976][T18293] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  555.115853][T18301] Set syz1 is full, maxelem 6117 reached
[  555.234616][T18306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3691'.
[  555.276868][T18306] netlink: 'syz.2.3691': attribute type 9 has an invalid length.
[  555.451177][T18314] Cannot find add_set index 4 as target
[  555.543939][T18318] batadv2: entered promiscuous mode
[  555.550686][T18318] 8021q: adding VLAN 0 to HW filter on device batadv2
[  556.355541][T18343] syzkaller0: entered promiscuous mode
[  556.361149][T18343] syzkaller0: entered allmulticast mode
[  556.400836][T18355] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3711'.
[  556.428306][T18355] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3711'.
[  558.482174][T18388] netlink: 'syz.2.3722': attribute type 10 has an invalid length.
[  558.499189][T18389] netlink: 'syz.2.3722': attribute type 10 has an invalid length.
[  558.511087][T18390] FAULT_INJECTION: forcing a failure.
[  558.511087][T18390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.525299][T18390] CPU: 1 UID: 0 PID: 18390 Comm: syz.0.3719 Not tainted syzkaller #0 PREEMPT(full) 
[  558.525328][T18390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  558.525341][T18390] Call Trace:
[  558.525350][T18390]  <TASK>
[  558.525359][T18390]  dump_stack_lvl+0x189/0x250
[  558.525404][T18390]  ? __pfx____ratelimit+0x10/0x10
[  558.525435][T18390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.525462][T18390]  ? __pfx__printk+0x10/0x10
[  558.525483][T18390]  ? __might_fault+0xb0/0x130
[  558.525524][T18390]  should_fail_ex+0x414/0x560
[  558.525560][T18390]  _copy_from_user+0x2d/0xb0
[  558.525587][T18390]  get_timespec64+0x8e/0x1a0
[  558.525606][T18390]  ? __pfx_get_timespec64+0x10/0x10
[  558.525626][T18390]  ? __fget_files+0x3a0/0x420
[  558.525653][T18390]  __se_sys_ppoll+0xce/0x260
[  558.525686][T18390]  ? __pfx___se_sys_ppoll+0x10/0x10
[  558.525717][T18390]  ? __pfx_ksys_write+0x10/0x10
[  558.525749][T18390]  ? do_syscall_64+0xbe/0xfa0
[  558.525767][T18390]  ? __x64_sys_ppoll+0x20/0xc0
[  558.525799][T18390]  do_syscall_64+0xfa/0xfa0
[  558.525817][T18390]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.525836][T18390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.525857][T18390]  ? clear_bhb_loop+0x60/0xb0
[  558.525882][T18390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.525901][T18390] RIP: 0033:0x7fbaa518f6c9
[  558.525920][T18390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.525938][T18390] RSP: 002b:00007fbaa6015038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  558.525961][T18390] RAX: ffffffffffffffda RBX: 00007fbaa53e6090 RCX: 00007fbaa518f6c9
[  558.525977][T18390] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 0000200000000100
[  558.525991][T18390] RBP: 00007fbaa6015090 R08: 0000000000000000 R09: 0000000000000000
[  558.526004][T18390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  558.526016][T18390] R13: 00007fbaa53e6128 R14: 00007fbaa53e6090 R15: 00007ffc5c714568
[  558.526052][T18390]  </TASK>
[  558.572986][T18388] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3722'.
[  558.579558][T18389] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3722'.
[  558.608325][T18388] bridge0: port 1(bond0) entered blocking state
[  558.763717][T18388] bridge0: port 1(bond0) entered disabled state
[  558.770324][T18388] bond0: entered allmulticast mode
[  558.780847][T18388] bond0: left allmulticast mode
[  558.788032][T18389] bridge0: port 1(bond0) entered blocking state
[  558.795572][T18389] bridge0: port 1(bond0) entered disabled state
[  558.802486][T18389] bond0: entered allmulticast mode
[  558.809316][T18389] bond0: left allmulticast mode
[  558.931998][T18406] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3728'.
[  559.209281][T18414] lo speed is unknown, defaulting to 1000
[  559.455792][T18421] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3730'.
[  559.869481][T18432] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3731'.
[  559.957824][T18438] siw: device registration error -23
[  559.992519][ T5831] Bluetooth: hci4: command 0x0406 tx timeout
[  560.008771][T18445] x_tables: duplicate underflow at hook 1
[  560.205832][T18438] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3735'.
[  560.314396][T18444] lo speed is unknown, defaulting to 1000
[  560.517746][T18451] lo speed is unknown, defaulting to 1000
[  560.568138][T18455] lo speed is unknown, defaulting to 1000
[  560.601147][T18463] netlink: 'syz.2.3740': attribute type 10 has an invalid length.
[  560.645980][T18463] team0: Device veth0_vlan is up. Set it down before adding it as a team port
[  560.726315][T18465] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3741'.
[  560.743726][T18466] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  561.626414][T18509] netlink: 'syz.0.3754': attribute type 12 has an invalid length.
[  561.636505][T18509] netlink: 'syz.0.3754': attribute type 29 has an invalid length.
[  561.648577][T18509] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3754'.
[  561.658093][T18509] netlink: 'syz.0.3754': attribute type 2 has an invalid length.
[  561.666577][T18509] netlink: 23 bytes leftover after parsing attributes in process `syz.0.3754'.
[  561.755564][T18512] Cannot find add_set index 4 as target
[  561.872067][T18514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3756'.
[  561.900145][T18514] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3756'.
[  561.921321][T18514] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3756'.
[  562.536129][T18539] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3762'.
[  562.547291][T18538] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3762'.
[  562.557412][T18540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3761'.
[  562.591435][T18540] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3761'.
[  562.714799][T18553] Cannot find add_set index 4 as target
[  562.873184][T18563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3770'.
[  563.009589][T18560] lo speed is unknown, defaulting to 1000
[  563.038313][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  563.047435][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  563.243491][T18578] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  563.312568][T18580] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  563.641930][T18596] FAULT_INJECTION: forcing a failure.
[  563.641930][T18596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.674445][T18596] CPU: 1 UID: 0 PID: 18596 Comm: syz.1.3781 Not tainted syzkaller #0 PREEMPT(full) 
[  563.674474][T18596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  563.674487][T18596] Call Trace:
[  563.674495][T18596]  <TASK>
[  563.674505][T18596]  dump_stack_lvl+0x189/0x250
[  563.674537][T18596]  ? __pfx____ratelimit+0x10/0x10
[  563.674566][T18596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.674591][T18596]  ? __pfx__printk+0x10/0x10
[  563.674613][T18596]  ? __might_fault+0xb0/0x130
[  563.674652][T18596]  should_fail_ex+0x414/0x560
[  563.674686][T18596]  _copy_from_user+0x2d/0xb0
[  563.674712][T18596]  ___sys_recvmsg+0x12e/0x510
[  563.674743][T18596]  ? __pfx____sys_recvmsg+0x10/0x10
[  563.674802][T18596]  ? __might_fault+0xb0/0x130
[  563.674833][T18596]  do_recvmmsg+0x307/0x770
[  563.674866][T18596]  ? __pfx_do_recvmmsg+0x10/0x10
[  563.674904][T18596]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  563.674957][T18596]  __x64_sys_recvmmsg+0x190/0x240
[  563.674984][T18596]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  563.675013][T18596]  ? do_syscall_64+0xbe/0xfa0
[  563.675037][T18596]  do_syscall_64+0xfa/0xfa0
[  563.675054][T18596]  ? lockdep_hardirqs_on+0x9c/0x150
[  563.675072][T18596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.675092][T18596]  ? clear_bhb_loop+0x60/0xb0
[  563.675116][T18596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.675135][T18596] RIP: 0033:0x7f59a878f6c9
[  563.675154][T18596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.675171][T18596] RSP: 002b:00007f59a966a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  563.675194][T18596] RAX: ffffffffffffffda RBX: 00007f59a89e5fa0 RCX: 00007f59a878f6c9
[  563.675209][T18596] RDX: 03ffffffffffff67 RSI: 0000200000002440 RDI: 0000000000000005
[  563.675223][T18596] RBP: 00007f59a966a090 R08: 0000000000000000 R09: 0000000000000000
[  563.675235][T18596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  563.675248][T18596] R13: 00007f59a89e6038 R14: 00007f59a89e5fa0 R15: 00007ffdb5653738
[  563.675284][T18596]  </TASK>
[  564.031154][T18605] siw: device registration error -23
[  564.850039][T18644] lo speed is unknown, defaulting to 1000
[  565.357068][T18653] siw: device registration error -23
[  565.484979][T18655] netlink: 'syz.3.3800': attribute type 10 has an invalid length.
[  566.249775][T18681] Cannot find add_set index 4 as target
[  566.313081][T18682] lo speed is unknown, defaulting to 1000
[  566.374720][T18684] veth0_to_team: entered promiscuous mode
[  566.432118][T18686] siw: device registration error -23
[  566.603074][T18690] netlink: 'syz.3.3812': attribute type 9 has an invalid length.
[  566.872443][ T5831] Bluetooth: hci2: command 0x0405 tx timeout
[  567.426608][T18709] Cannot find add_set index 4 as target
[  567.597657][T18718] __nla_validate_parse: 16 callbacks suppressed
[  567.597680][T18718] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3824'.
[  567.631435][T18718] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3824'.
[  567.654997][T18715] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  567.867535][T18725] x_tables: duplicate underflow at hook 2
[  567.885712][T18725] x_tables: duplicate underflow at hook 1
[  568.026862][T18730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3828'.
[  568.275097][T18741] xt_TCPMSS: Only works on TCP SYN packets
[  569.160446][T18755] netlink: 'syz.2.3837': attribute type 4 has an invalid length.
[  569.179991][T17259] lo speed is unknown, defaulting to 1000
[  569.229596][T17259] syz1: Port: 1 Link DOWN
[  569.283126][T18755] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3837'.
[  569.293183][T18755] block nbd0: not configured, cannot reconfigure
[  569.307507][T18761] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  569.367640][T18757] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3837'.
[  569.429788][T18764] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3838'.
[  569.461996][T18757] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3837'.
[  569.555122][T18762] FAULT_INJECTION: forcing a failure.
[  569.555122][T18762] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  569.596329][T18762] CPU: 1 UID: 0 PID: 18762 Comm: syz.0.3840 Not tainted syzkaller #0 PREEMPT(full) 
[  569.596361][T18762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  569.596375][T18762] Call Trace:
[  569.596384][T18762]  <TASK>
[  569.596394][T18762]  dump_stack_lvl+0x189/0x250
[  569.596429][T18762]  ? __pfx____ratelimit+0x10/0x10
[  569.596460][T18762]  ? __pfx_dump_stack_lvl+0x10/0x10
[  569.596488][T18762]  ? __pfx__printk+0x10/0x10
[  569.596513][T18762]  ? fs_reclaim_acquire+0x7d/0x100
[  569.596543][T18762]  should_fail_ex+0x414/0x560
[  569.596580][T18762]  prepare_alloc_pages+0x213/0x610
[  569.596612][T18762]  __alloc_frozen_pages_noprof+0x123/0x370
[  569.596639][T18762]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  569.596673][T18762]  ? policy_nodemask+0x27c/0x720
[  569.596701][T18762]  alloc_pages_mpol+0x232/0x4a0
[  569.596730][T18762]  vma_alloc_folio_noprof+0xe4/0x200
[  569.596755][T18762]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  569.596792][T18762]  folio_prealloc+0x30/0x180
[  569.596824][T18762]  do_wp_page+0x1231/0x5800
[  569.596880][T18762]  ? __pfx_do_wp_page+0x10/0x10
[  569.596902][T18762]  ? do_raw_spin_lock+0x121/0x290
[  569.596934][T18762]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  569.596975][T18762]  __handle_mm_fault+0x1033/0x5400
[  569.597024][T18762]  ? __pfx___handle_mm_fault+0x10/0x10
[  569.597070][T18762]  ? follow_page_pte+0xd03/0x13e0
[  569.597110][T18762]  handle_mm_fault+0x40a/0x8e0
[  569.597151][T18762]  __get_user_pages+0x165c/0x2a00
[  569.597222][T18762]  __gup_longterm_locked+0xde4/0x1660
[  569.597266][T18762]  ? sanity_check_pinned_pages+0x1241/0x1300
[  569.597305][T18762]  ? gup_fast_fallback+0x1b86/0x22d0
[  569.597342][T18762]  gup_fast_fallback+0x1d65/0x22d0
[  569.597367][T18762]  ? __kernel_text_address+0xd/0x40
[  569.597397][T18762]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  569.597466][T18762]  ? __pfx_gup_fast_fallback+0x10/0x10
[  569.597488][T18762]  ? kasan_save_track+0x4f/0x80
[  569.597515][T18762]  ? __kasan_kmalloc+0x93/0xb0
[  569.597539][T18762]  ? __kmalloc_noprof+0x411/0x7f0
[  569.597565][T18762]  ? sock_kmalloc+0xd6/0x160
[  569.597587][T18762]  ? skcipher_recvmsg+0x3d1/0x11d0
[  569.597612][T18762]  ? sock_recvmsg+0x22c/0x270
[  569.597637][T18762]  ? ____sys_recvmsg+0x1c9/0x460
[  569.597658][T18762]  ? __x64_sys_recvmsg+0x198/0x260
[  569.597679][T18762]  ? do_syscall_64+0xfa/0xfa0
[  569.597696][T18762]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.597722][T18762]  ? pin_user_pages_fast+0x4d/0xb0
[  569.597751][T18762]  iov_iter_extract_pages+0x35f/0x5e0
[  569.597789][T18762]  extract_iter_to_sg+0xe46/0x24e0
[  569.597833][T18762]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  569.597861][T18762]  ? rcu_is_watching+0x15/0xb0
[  569.597885][T18762]  ? trace_kmalloc+0x1f/0xd0
[  569.597911][T18762]  ? sock_kmalloc+0xd6/0x160
[  569.597942][T18762]  ? __asan_memset+0x22/0x50
[  569.597972][T18762]  af_alg_get_rsgl+0x436/0x810
[  569.598022][T18762]  skcipher_recvmsg+0x3d1/0x11d0
[  569.598054][T18762]  ? aa_sk_perm+0x81e/0x950
[  569.598097][T18762]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  569.598129][T18762]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  569.598149][T18762]  ? security_socket_recvmsg+0x7e/0x2e0
[  569.598170][T18762]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  569.598198][T18762]  sock_recvmsg+0x22c/0x270
[  569.598231][T18762]  ____sys_recvmsg+0x1c9/0x460
[  569.598267][T18762]  ? __pfx_____sys_recvmsg+0x10/0x10
[  569.598321][T18762]  ? import_iovec+0x74/0xa0
[  569.598352][T18762]  ___sys_recvmsg+0x1b5/0x510
[  569.598384][T18762]  ? __pfx____sys_recvmsg+0x10/0x10
[  569.598443][T18762]  ? __fget_files+0x3a0/0x420
[  569.598478][T18762]  __x64_sys_recvmsg+0x198/0x260
[  569.598506][T18762]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  569.598542][T18762]  ? __pfx_ksys_write+0x10/0x10
[  569.598576][T18762]  ? do_syscall_64+0xbe/0xfa0
[  569.598600][T18762]  do_syscall_64+0xfa/0xfa0
[  569.598617][T18762]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.598636][T18762]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.598655][T18762]  ? clear_bhb_loop+0x60/0xb0
[  569.598681][T18762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.598700][T18762] RIP: 0033:0x7fbaa518f6c9
[  569.598720][T18762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.598737][T18762] RSP: 002b:00007fbaa6036038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  569.598761][T18762] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518f6c9
[  569.598777][T18762] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 000000000000000c
[  569.598790][T18762] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  569.598802][T18762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  569.598815][T18762] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  569.598855][T18762]  </TASK>
[  570.292131][T18769] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3843'.
[  570.305868][T18769] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  570.314480][T18769] syzkaller0: entered promiscuous mode
[  570.324408][T18769] syzkaller0: entered allmulticast mode
[  570.371854][T18769] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3843'.
[  570.429950][T18773] vlan2: entered allmulticast mode
[  570.503023][T18768] tipc: Resetting bearer <eth:syzkaller0>
[  570.535535][T18768] tipc: Disabling bearer <eth:syzkaller0>
[  570.673221][T18779] netlink: 'syz.4.3847': attribute type 12 has an invalid length.
[  570.699838][T18779] netlink: 'syz.4.3847': attribute type 29 has an invalid length.
[  570.728248][T18785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3849'.
[  570.737884][T18779] netlink: 'syz.4.3847': attribute type 2 has an invalid length.
[  570.796149][T18779] netlink: 'syz.4.3847': attribute type 3 has an invalid length.
[  571.100337][T18801] netlink: 'syz.3.3857': attribute type 12 has an invalid length.
[  571.127022][T18801] netlink: 'syz.3.3857': attribute type 29 has an invalid length.
[  571.502267][T18819] ieee802154 phy0 wpan0: encryption failed: -90
[  571.604979][T18823] lo speed is unknown, defaulting to 1000
[  571.689621][T18832] lo speed is unknown, defaulting to 1000
[  572.597309][T18872] netlink: 'syz.0.3881': attribute type 12 has an invalid length.
[  572.606827][T18872] netlink: 'syz.0.3881': attribute type 29 has an invalid length.
[  572.660638][T18872] __nla_validate_parse: 7 callbacks suppressed
[  572.660660][T18872] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3881'.
[  572.729789][T18872] netlink: 'syz.0.3881': attribute type 2 has an invalid length.
[  572.738730][T18872] netlink: 23 bytes leftover after parsing attributes in process `syz.0.3881'.
[  572.921901][T18890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3887'.
[  572.936679][T18891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3886'.
[  573.680476][T18928] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3898'.
[  573.741162][T18932] x_tables: duplicate underflow at hook 3
[  573.800541][T18935] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3899'.
[  573.818069][T18935] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3899'.
[  573.916450][T18940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3905'.
[  573.927559][T18940] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3905'.
[  573.942800][T18940] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3905'.
[  574.349919][T18961] veth0: entered promiscuous mode
[  574.400229][T18960] veth0: left promiscuous mode
[  574.738978][T18977] FAULT_INJECTION: forcing a failure.
[  574.738978][T18977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.752846][T18977] CPU: 1 UID: 0 PID: 18977 Comm: syz.4.3916 Not tainted syzkaller #0 PREEMPT(full) 
[  574.752875][T18977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  574.752888][T18977] Call Trace:
[  574.752896][T18977]  <TASK>
[  574.752906][T18977]  dump_stack_lvl+0x189/0x250
[  574.752938][T18977]  ? __pfx____ratelimit+0x10/0x10
[  574.752967][T18977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.752993][T18977]  ? __pfx__printk+0x10/0x10
[  574.753017][T18977]  ? __asan_memcpy+0x40/0x70
[  574.753051][T18977]  should_fail_ex+0x414/0x560
[  574.753086][T18977]  _copy_to_user+0x31/0xb0
[  574.753115][T18977]  bpf_verifier_vlog+0x3ba/0x900
[  574.753150][T18977]  __btf_verifier_log+0xd4/0x120
[  574.753182][T18977]  ? __pfx___btf_verifier_log+0x10/0x10
[  574.753204][T18977]  ? __might_fault+0xb0/0x130
[  574.753238][T18977]  ? btf_parse_hdr+0x1e2/0x6d0
[  574.753282][T18977]  btf_parse_hdr+0x302/0x6d0
[  574.753318][T18977]  btf_new_fd+0x372/0xc90
[  574.753336][T18977]  ? apparmor_capable+0x137/0x1b0
[  574.753369][T18977]  ? __pfx_btf_new_fd+0x10/0x10
[  574.753391][T18977]  ? bpf_token_put+0x143/0x160
[  574.753415][T18977]  ? bpf_btf_load+0x126/0x190
[  574.753439][T18977]  __sys_bpf+0x3ed/0x860
[  574.753462][T18977]  ? __pfx___sys_bpf+0x10/0x10
[  574.753500][T18977]  ? ksys_write+0x22a/0x250
[  574.753530][T18977]  ? __pfx_ksys_write+0x10/0x10
[  574.753564][T18977]  __x64_sys_bpf+0x7c/0x90
[  574.753593][T18977]  do_syscall_64+0xfa/0xfa0
[  574.753611][T18977]  ? lockdep_hardirqs_on+0x9c/0x150
[  574.753629][T18977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.753648][T18977]  ? clear_bhb_loop+0x60/0xb0
[  574.753673][T18977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.753691][T18977] RIP: 0033:0x7f950e38f6c9
[  574.753710][T18977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.753728][T18977] RSP: 002b:00007f950f15d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  574.753757][T18977] RAX: ffffffffffffffda RBX: 00007f950e5e5fa0 RCX: 00007f950e38f6c9
[  574.753772][T18977] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  574.753784][T18977] RBP: 00007f950f15d090 R08: 0000000000000000 R09: 0000000000000000
[  574.753797][T18977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.753808][T18977] R13: 00007f950e5e6038 R14: 00007f950e5e5fa0 R15: 00007ffe0f52e648
[  574.753844][T18977]  </TASK>
[  577.083262][T18987] netlink: 'syz.4.3918': attribute type 7 has an invalid length.
[  577.092750][T18987] netlink: 'syz.4.3918': attribute type 8 has an invalid length.
[  577.126722][T18999] syzkaller0: entered promiscuous mode
[  577.141970][T18999] syzkaller0: entered allmulticast mode
[  577.379109][T19012] syzkaller0: entered promiscuous mode
[  577.390676][T19012] syzkaller0: entered allmulticast mode
[  577.825145][T19025] tipc: Invalid UDP bearer configuration
[  577.825215][T19025] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  577.882433][T19025] __nla_validate_parse: 3 callbacks suppressed
[  577.882455][T19025] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3929'.
[  577.960709][T19017] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  578.468199][T19060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3938'.
[  578.503927][T19060] netlink: 'syz.2.3938': attribute type 9 has an invalid length.
[  578.654114][T19064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3940'.
[  578.850182][T19068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3942'.
[  579.602260][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3947'.
[  579.641026][T19082] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3947'.
[  579.651622][T19082] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3947'.
[  580.117374][T19096] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  581.112259][T19114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3959'.
[  581.121812][T19114] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3959'.
[  581.130787][T19114] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3959'.
[  581.144316][T19106] FAULT_INJECTION: forcing a failure.
[  581.144316][T19106] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.159140][T19106] CPU: 0 UID: 0 PID: 19106 Comm: syz.0.3955 Not tainted syzkaller #0 PREEMPT(full) 
[  581.159170][T19106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  581.159182][T19106] Call Trace:
[  581.159191][T19106]  <TASK>
[  581.159200][T19106]  dump_stack_lvl+0x189/0x250
[  581.159233][T19106]  ? __pfx____ratelimit+0x10/0x10
[  581.159263][T19106]  ? __pfx_dump_stack_lvl+0x10/0x10
[  581.159290][T19106]  ? __pfx__printk+0x10/0x10
[  581.159315][T19106]  ? ktime_get_ts64+0xa9/0x3d0
[  581.159351][T19106]  should_fail_ex+0x414/0x560
[  581.159386][T19106]  _copy_to_user+0x31/0xb0
[  581.159414][T19106]  put_timespec64+0xc0/0x120
[  581.159435][T19106]  ? __pfx_put_timespec64+0x10/0x10
[  581.159467][T19106]  poll_select_finish+0x479/0x5e0
[  581.159510][T19106]  ? __pfx_poll_select_finish+0x10/0x10
[  581.159545][T19106]  ? set_user_sigmask+0xc7/0x1b0
[  581.159568][T19106]  ? __pfx_set_user_sigmask+0x10/0x10
[  581.159588][T19106]  ? bpf_trace_run2+0x186/0x4b0
[  581.159629][T19106]  __se_sys_ppoll+0x213/0x260
[  581.159660][T19106]  ? __pfx___se_sys_ppoll+0x10/0x10
[  581.159699][T19106]  ? __x64_sys_ppoll+0x20/0xc0
[  581.159731][T19106]  do_syscall_64+0xfa/0xfa0
[  581.159749][T19106]  ? lockdep_hardirqs_on+0x9c/0x150
[  581.159769][T19106]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.159789][T19106]  ? clear_bhb_loop+0x60/0xb0
[  581.159814][T19106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.159833][T19106] RIP: 0033:0x7fbaa518f6c9
[  581.159852][T19106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.159869][T19106] RSP: 002b:00007fbaa6015038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  581.159892][T19106] RAX: ffffffffffffffda RBX: 00007fbaa53e6090 RCX: 00007fbaa518f6c9
[  581.159906][T19106] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 0000200000000100
[  581.159926][T19106] RBP: 00007fbaa6015090 R08: 0000000000000000 R09: 0000000000000000
[  581.159939][T19106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.159952][T19106] R13: 00007fbaa53e6128 R14: 00007fbaa53e6090 R15: 00007ffc5c714568
[  581.159988][T19106]  </TASK>
[  581.629751][T19121] netlink: 'syz.2.3960': attribute type 9 has an invalid length.
[  582.414621][T19151] siw: device registration error -23
[  582.435297][T19153] netlink: 'syz.3.3973': attribute type 12 has an invalid length.
[  582.456683][T19153] netlink: 'syz.3.3973': attribute type 29 has an invalid length.
[  582.465778][T19153] netlink: 'syz.3.3973': attribute type 2 has an invalid length.
[  582.739897][T19169] netlink: 'syz.3.3980': attribute type 9 has an invalid length.
[  583.007745][T19180] __nla_validate_parse: 8 callbacks suppressed
[  583.007769][T19180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3984'.
[  583.041806][T19180] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3984'.
[  583.061150][T19180] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3984'.
[  583.889487][T19200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3992'.
[  583.926742][T19204] IPv6: addrconf: prefix option has invalid lifetime
[  583.988885][T19207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3993'.
[  584.154178][T19215] netlink: 'syz.0.3993': attribute type 9 has an invalid length.
[  584.472845][T19223] netlink: 'syz.2.3994': attribute type 1 has an invalid length.
[  584.864159][T19232] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  585.029555][T19237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3998'.
[  585.244012][T19242] siw: device registration error -23
[  585.335324][T19242] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3999'.
[  585.605585][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  586.303041][T19273] FAULT_INJECTION: forcing a failure.
[  586.303041][T19273] name failslab, interval 1, probability 0, space 0, times 0
[  586.361351][T19273] CPU: 0 UID: 0 PID: 19273 Comm: syz.0.4010 Not tainted syzkaller #0 PREEMPT(full) 
[  586.361381][T19273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  586.361394][T19273] Call Trace:
[  586.361403][T19273]  <TASK>
[  586.361412][T19273]  dump_stack_lvl+0x189/0x250
[  586.361444][T19273]  ? __pfx____ratelimit+0x10/0x10
[  586.361471][T19273]  ? __pfx_dump_stack_lvl+0x10/0x10
[  586.361493][T19273]  ? __pfx__printk+0x10/0x10
[  586.361516][T19273]  ? __pfx___might_resched+0x10/0x10
[  586.361537][T19273]  ? fs_reclaim_acquire+0x7d/0x100
[  586.361560][T19273]  should_fail_ex+0x414/0x560
[  586.361592][T19273]  ? __pfx_sock_alloc_inode+0x10/0x10
[  586.361616][T19273]  should_failslab+0xa8/0x100
[  586.361637][T19273]  ? __pfx_sock_alloc_inode+0x10/0x10
[  586.361659][T19273]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[  586.361683][T19273]  ? sock_alloc_inode+0x28/0xc0
[  586.361712][T19273]  ? __pfx_sock_alloc_inode+0x10/0x10
[  586.361735][T19273]  sock_alloc_inode+0x28/0xc0
[  586.361758][T19273]  alloc_inode+0x6a/0x1b0
[  586.361789][T19273]  do_accept+0x111/0x680
[  586.361815][T19273]  ? __pfx_do_accept+0x10/0x10
[  586.361871][T19273]  __sys_accept4+0x11c/0x1c0
[  586.361894][T19273]  ? __pfx___sys_accept4+0x10/0x10
[  586.361910][T19273]  ? ksys_write+0x22a/0x250
[  586.361940][T19273]  ? __pfx_ksys_write+0x10/0x10
[  586.361973][T19273]  __x64_sys_accept4+0x9a/0xb0
[  586.361995][T19273]  do_syscall_64+0xfa/0xfa0
[  586.362013][T19273]  ? lockdep_hardirqs_on+0x9c/0x150
[  586.362032][T19273]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.362052][T19273]  ? clear_bhb_loop+0x60/0xb0
[  586.362077][T19273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.362095][T19273] RIP: 0033:0x7fbaa518f6c9
[  586.362114][T19273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  586.362132][T19273] RSP: 002b:00007fbaa6036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  586.362156][T19273] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518f6c9
[  586.362171][T19273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  586.362183][T19273] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  586.362196][T19273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  586.362282][T19273] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  586.362318][T19273]  </TASK>
[  586.871813][ T5148] Bluetooth: hci0: command tx timeout
[  586.909305][T19279] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  586.965085][T19286] lo speed is unknown, defaulting to 1000
[  587.325787][T19288] lo speed is unknown, defaulting to 1000
[  587.356063][T19301] netlink: 'syz.0.4017': attribute type 15 has an invalid length.
[  587.448932][T19305] debugfs: '1ùàV!' already exists in 'ieee80211'
[  587.642729][T19311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4021'.
[  588.065726][T19320] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4023'.
[  588.238955][T17604] IPVS: starting estimator thread 0...
[  588.338601][T19331] IPVS: using max 27 ests per chain, 64800 per kthread
[  589.844062][T19372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4043'.
[  590.517828][T19388] IPv6: NLM_F_REPLACE set, but no existing node found!
[  590.551125][T19386] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4050'.
[  590.563623][T19386] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4050'.
[  591.082765][T19406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4057'.
[  591.172756][T19408] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4058'.
[  591.201412][T19408] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4058'.
[  591.210514][T19408] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4058'.
[  591.853826][T19427] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4066'.
[  591.890223][T19427] 8021q: VLANs not supported on ipvlan1
[  592.097756][T19434] netlink: 'syz.3.4068': attribute type 2 has an invalid length.
[  592.341522][T19440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4070'.
[  592.519370][T19447] netlink: 'syz.0.4073': attribute type 12 has an invalid length.
[  592.620743][T19453] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  592.628071][T19453] IPv6: NLM_F_CREATE should be set when creating new route
[  592.635424][T19453] IPv6: NLM_F_CREATE should be set when creating new route
[  592.860236][T19465] lo speed is unknown, defaulting to 1000
[  593.042748][T19472] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.183991][T19472] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.212619][T19484] __nla_validate_parse: 4 callbacks suppressed
[  593.212640][T19484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4084'.
[  593.230518][T19470] lo speed is unknown, defaulting to 1000
[  593.335178][T19472] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.566443][T19472] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.590068][T19490] batadv1: entered promiscuous mode
[  593.598079][T19490] 8021q: adding VLAN 0 to HW filter on device batadv1
[  594.105365][ T1016] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  594.177514][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  594.190693][T19498] siw: device registration error -23
[  594.250075][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  594.309245][T19501] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4090'.
[  594.374511][ T1016] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  594.506699][T19505] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4093'.
[  594.522919][T19505] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4093'.
[  594.642666][T19513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4095'.
[  594.837364][T19518] netlink: 'syz.4.4096': attribute type 21 has an invalid length.
[  594.872440][T19518] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4096'.
[  595.365615][T19535] debugfs: '1ùàV!' already exists in 'ieee80211'
[  595.462467][T19537] x_tables: duplicate underflow at hook 4
[  595.478333][T19537] xt_time: unknown flags 0xf4
[  595.600679][T19544] netlink: 'syz.4.4105': attribute type 12 has an invalid length.
[  595.641616][T19544] netlink: 'syz.4.4105': attribute type 29 has an invalid length.
[  595.649499][T19544] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4105'.
[  595.701749][T19547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4107'.
[  595.941094][T19560] FAULT_INJECTION: forcing a failure.
[  595.941094][T19560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  595.998102][T19560] CPU: 0 UID: 0 PID: 19560 Comm: syz.3.4110 Not tainted syzkaller #0 PREEMPT(full) 
[  595.998133][T19560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  595.998146][T19560] Call Trace:
[  595.998154][T19560]  <TASK>
[  595.998164][T19560]  dump_stack_lvl+0x189/0x250
[  595.998198][T19560]  ? __pfx____ratelimit+0x10/0x10
[  595.998227][T19560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.998255][T19560]  ? __pfx__printk+0x10/0x10
[  595.998292][T19560]  should_fail_ex+0x414/0x560
[  595.998338][T19560]  _copy_to_user+0x31/0xb0
[  595.998367][T19560]  simple_read_from_buffer+0xe1/0x170
[  595.998403][T19560]  proc_fail_nth_read+0x1b3/0x220
[  595.998433][T19560]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  595.998462][T19560]  ? rw_verify_area+0x2a6/0x4d0
[  595.998486][T19560]  ? __lock_acquire+0xab9/0xd20
[  595.998505][T19560]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  595.998530][T19560]  vfs_read+0x200/0xa30
[  595.998556][T19560]  ? fdget_pos+0x247/0x320
[  595.998581][T19560]  ? __pfx___mutex_lock+0x10/0x10
[  595.998604][T19560]  ? __pfx_vfs_read+0x10/0x10
[  595.998633][T19560]  ? __fget_files+0x2a/0x420
[  595.998657][T19560]  ? __fget_files+0x3a0/0x420
[  595.998675][T19560]  ? __fget_files+0x2a/0x420
[  595.998705][T19560]  ksys_read+0x145/0x250
[  595.998736][T19560]  ? __pfx_ksys_read+0x10/0x10
[  595.998767][T19560]  ? do_syscall_64+0xbe/0xfa0
[  595.998792][T19560]  do_syscall_64+0xfa/0xfa0
[  595.998809][T19560]  ? lockdep_hardirqs_on+0x9c/0x150
[  595.998828][T19560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.998848][T19560]  ? clear_bhb_loop+0x60/0xb0
[  595.998874][T19560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.998892][T19560] RIP: 0033:0x7f95aab8e0dc
[  595.998911][T19560] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  595.998929][T19560] RSP: 002b:00007f95ab9af030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  595.998952][T19560] RAX: ffffffffffffffda RBX: 00007f95aade5fa0 RCX: 00007f95aab8e0dc
[  595.998967][T19560] RDX: 000000000000000f RSI: 00007f95ab9af0a0 RDI: 0000000000000004
[  595.998980][T19560] RBP: 00007f95ab9af090 R08: 0000000000000000 R09: 0000000000000000
[  595.998992][T19560] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.999005][T19560] R13: 00007f95aade6038 R14: 00007f95aade5fa0 R15: 00007fff03e93748
[  595.999041][T19560]  </TASK>
[  596.494268][T19565] netlink: 'syz.3.4113': attribute type 29 has an invalid length.
[  596.506793][T19565] netlink: 'syz.3.4113': attribute type 29 has an invalid length.
[  596.516100][T19565] netlink: 500 bytes leftover after parsing attributes in process `syz.3.4113'.
[  596.685082][T19570] netlink: 'syz.4.4114': attribute type 12 has an invalid length.
[  596.694693][T19570] netlink: 'syz.4.4114': attribute type 29 has an invalid length.
[  596.702929][T19570] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4114'.
[  596.712986][T19570] netlink: 'syz.4.4114': attribute type 2 has an invalid length.
[  597.828891][T19610] netlink: 'syz.3.4126': attribute type 13 has an invalid length.
[  597.996006][T19613] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  598.079780][T19616] syzkaller0: entered promiscuous mode
[  598.086697][T19616] syzkaller0: entered allmulticast mode
[  598.094810][T19616] tipc: Resetting bearer <eth:syzkaller0>
[  598.126033][T19609] tipc: Resetting bearer <eth:syzkaller0>
[  598.316937][T19632] __nla_validate_parse: 2 callbacks suppressed
[  598.316954][T19632] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.4132'.
[  598.470717][T19635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4133'.
[  599.112287][T17263] tipc: Node number set to 3831671215
[  599.936624][T19609] tipc: Disabling bearer <eth:syzkaller0>
[  600.325617][T19665] FAULT_INJECTION: forcing a failure.
[  600.325617][T19665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.458984][T19665] CPU: 1 UID: 0 PID: 19665 Comm: syz.0.4140 Not tainted syzkaller #0 PREEMPT(full) 
[  600.459014][T19665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  600.459026][T19665] Call Trace:
[  600.459035][T19665]  <TASK>
[  600.459044][T19665]  dump_stack_lvl+0x189/0x250
[  600.459076][T19665]  ? __pfx____ratelimit+0x10/0x10
[  600.459104][T19665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.459129][T19665]  ? __pfx__printk+0x10/0x10
[  600.459152][T19665]  ? __asan_memcpy+0x40/0x70
[  600.459184][T19665]  should_fail_ex+0x414/0x560
[  600.459220][T19665]  _copy_to_user+0x31/0xb0
[  600.459248][T19665]  bpf_verifier_vlog+0x3ba/0x900
[  600.459281][T19665]  __btf_verifier_log+0xd4/0x120
[  600.459320][T19665]  ? __pfx___btf_verifier_log+0x10/0x10
[  600.459342][T19665]  ? __might_fault+0xb0/0x130
[  600.459376][T19665]  ? btf_parse_hdr+0x1e2/0x6d0
[  600.459409][T19665]  btf_parse_hdr+0x356/0x6d0
[  600.459442][T19665]  btf_new_fd+0x372/0xc90
[  600.459460][T19665]  ? apparmor_capable+0x137/0x1b0
[  600.459491][T19665]  ? __pfx_btf_new_fd+0x10/0x10
[  600.459512][T19665]  ? bpf_token_put+0x143/0x160
[  600.459534][T19665]  ? bpf_btf_load+0x126/0x190
[  600.459558][T19665]  __sys_bpf+0x3ed/0x860
[  600.459580][T19665]  ? __pfx___sys_bpf+0x10/0x10
[  600.459617][T19665]  ? ksys_write+0x22a/0x250
[  600.459647][T19665]  ? __pfx_ksys_write+0x10/0x10
[  600.459680][T19665]  __x64_sys_bpf+0x7c/0x90
[  600.459708][T19665]  do_syscall_64+0xfa/0xfa0
[  600.459726][T19665]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.459746][T19665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.459765][T19665]  ? clear_bhb_loop+0x60/0xb0
[  600.459789][T19665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.459808][T19665] RIP: 0033:0x7fbaa518f6c9
[  600.459827][T19665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.459844][T19665] RSP: 002b:00007fbaa6036038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  600.459867][T19665] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518f6c9
[  600.459882][T19665] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  600.459895][T19665] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  600.459908][T19665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  600.459920][T19665] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  600.459957][T19665]  </TASK>
[  601.207392][T19679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4146'.
[  601.236016][T19683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4148'.
[  601.250764][T19683] netlink: 'syz.1.4148': attribute type 9 has an invalid length.
[  601.503373][T19691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  601.518443][T19698] xt_NFQUEUE: number of queues (1024) out of range (got 66558)
[  601.519532][T19691] syzkaller0: entered promiscuous mode
[  601.557831][T19691] syzkaller0: entered allmulticast mode
[  601.688268][T19706] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  601.761843][T19708] tipc: Resetting bearer <eth:syzkaller0>
[  601.915791][T19687] tipc: Resetting bearer <eth:syzkaller0>
[  602.034696][T19687] tipc: Disabling bearer <eth:syzkaller0>
[  602.115419][T19714] lo speed is unknown, defaulting to 1000
[  602.126352][T19723] siw: device registration error -23
[  602.284139][T19727] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4159'.
[  603.774764][T19754] FAULT_INJECTION: forcing a failure.
[  603.774764][T19754] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  603.789956][T19754] CPU: 1 UID: 0 PID: 19754 Comm: syz.0.4167 Not tainted syzkaller #0 PREEMPT(full) 
[  603.789985][T19754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  603.789998][T19754] Call Trace:
[  603.790007][T19754]  <TASK>
[  603.790026][T19754]  dump_stack_lvl+0x189/0x250
[  603.790059][T19754]  ? __pfx____ratelimit+0x10/0x10
[  603.790089][T19754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  603.790117][T19754]  ? __pfx__printk+0x10/0x10
[  603.790141][T19754]  ? fs_reclaim_acquire+0x7d/0x100
[  603.790172][T19754]  should_fail_ex+0x414/0x560
[  603.790208][T19754]  prepare_alloc_pages+0x213/0x610
[  603.790239][T19754]  __alloc_frozen_pages_noprof+0x123/0x370
[  603.790265][T19754]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  603.790298][T19754]  ? policy_nodemask+0x27c/0x720
[  603.790325][T19754]  alloc_pages_mpol+0x232/0x4a0
[  603.790353][T19754]  vma_alloc_folio_noprof+0xe4/0x200
[  603.790378][T19754]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  603.790415][T19754]  folio_prealloc+0x30/0x180
[  603.790447][T19754]  do_wp_page+0x1231/0x5800
[  603.790502][T19754]  ? __pfx_do_wp_page+0x10/0x10
[  603.790524][T19754]  ? do_raw_spin_lock+0x121/0x290
[  603.790557][T19754]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  603.790599][T19754]  __handle_mm_fault+0x1033/0x5400
[  603.790647][T19754]  ? __pfx___handle_mm_fault+0x10/0x10
[  603.790692][T19754]  ? follow_page_pte+0xd03/0x13e0
[  603.790730][T19754]  handle_mm_fault+0x40a/0x8e0
[  603.790770][T19754]  __get_user_pages+0x165c/0x2a00
[  603.790839][T19754]  __gup_longterm_locked+0xde4/0x1660
[  603.790881][T19754]  ? sanity_check_pinned_pages+0x1241/0x1300
[  603.790909][T19754]  ? gup_fast_fallback+0x1b86/0x22d0
[  603.790939][T19754]  gup_fast_fallback+0x1d65/0x22d0
[  603.790965][T19754]  ? __kernel_text_address+0xd/0x40
[  603.790994][T19754]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  603.791068][T19754]  ? __pfx_gup_fast_fallback+0x10/0x10
[  603.791092][T19754]  ? kasan_save_track+0x4f/0x80
[  603.791119][T19754]  ? __kasan_kmalloc+0x93/0xb0
[  603.791144][T19754]  ? __kmalloc_noprof+0x411/0x7f0
[  603.791170][T19754]  ? sock_kmalloc+0xd6/0x160
[  603.791198][T19754]  ? skcipher_recvmsg+0x3d1/0x11d0
[  603.791221][T19754]  ? sock_recvmsg+0x22c/0x270
[  603.791243][T19754]  ? ____sys_recvmsg+0x1c9/0x460
[  603.791262][T19754]  ? __x64_sys_recvmsg+0x198/0x260
[  603.791281][T19754]  ? do_syscall_64+0xfa/0xfa0
[  603.791297][T19754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.791322][T19754]  ? pin_user_pages_fast+0x4d/0xb0
[  603.791350][T19754]  iov_iter_extract_pages+0x35f/0x5e0
[  603.791387][T19754]  extract_iter_to_sg+0xe46/0x24e0
[  603.791430][T19754]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  603.791457][T19754]  ? rcu_is_watching+0x15/0xb0
[  603.791481][T19754]  ? trace_kmalloc+0x1f/0xd0
[  603.791507][T19754]  ? sock_kmalloc+0xd6/0x160
[  603.791536][T19754]  ? __asan_memset+0x22/0x50
[  603.791564][T19754]  af_alg_get_rsgl+0x436/0x810
[  603.791630][T19754]  skcipher_recvmsg+0x3d1/0x11d0
[  603.791662][T19754]  ? aa_sk_perm+0x81e/0x950
[  603.791704][T19754]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  603.791737][T19754]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  603.791753][T19754]  ? security_socket_recvmsg+0x7e/0x2e0
[  603.791798][T19754]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  603.791825][T19754]  sock_recvmsg+0x22c/0x270
[  603.791859][T19754]  ____sys_recvmsg+0x1c9/0x460
[  603.791893][T19754]  ? __pfx_____sys_recvmsg+0x10/0x10
[  603.791936][T19754]  ? import_iovec+0x74/0xa0
[  603.791966][T19754]  ___sys_recvmsg+0x1b5/0x510
[  603.791998][T19754]  ? __pfx____sys_recvmsg+0x10/0x10
[  603.792058][T19754]  ? __fget_files+0x3a0/0x420
[  603.792092][T19754]  __x64_sys_recvmsg+0x198/0x260
[  603.792119][T19754]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  603.792152][T19754]  ? __pfx_ksys_write+0x10/0x10
[  603.792185][T19754]  ? do_syscall_64+0xbe/0xfa0
[  603.792209][T19754]  do_syscall_64+0xfa/0xfa0
[  603.792227][T19754]  ? lockdep_hardirqs_on+0x9c/0x150
[  603.792246][T19754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.792266][T19754]  ? clear_bhb_loop+0x60/0xb0
[  603.792291][T19754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.792311][T19754] RIP: 0033:0x7fbaa518f6c9
[  603.792330][T19754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  603.792347][T19754] RSP: 002b:00007fbaa6036038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  603.792369][T19754] RAX: ffffffffffffffda RBX: 00007fbaa53e5fa0 RCX: 00007fbaa518f6c9
[  603.792385][T19754] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 000000000000000c
[  603.792398][T19754] RBP: 00007fbaa6036090 R08: 0000000000000000 R09: 0000000000000000
[  603.792410][T19754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  603.792421][T19754] R13: 00007fbaa53e6038 R14: 00007fbaa53e5fa0 R15: 00007ffc5c714568
[  603.792458][T19754]  </TASK>
[  604.448338][T19756] Cannot find add_set index 4 as target
[  604.628376][T19763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4171'.
[  604.713144][T19768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4173'.
[  604.756601][T19761] lo speed is unknown, defaulting to 1000
[  604.794159][T19763] netlink: 'syz.2.4171': attribute type 9 has an invalid length.
[  605.220125][T19781] lo speed is unknown, defaulting to 1000
[  605.627492][T19799] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4183'.
[  605.818734][T19804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4184'.
[  605.912050][T19801] syzkaller0: entered promiscuous mode
[  605.917599][T19801] syzkaller0: entered allmulticast mode
[  606.055884][T19815] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4189'.
[  606.738835][T19824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4190'.
[  606.899103][T19828] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  607.896229][T19837] FAULT_INJECTION: forcing a failure.
[  607.896229][T19837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  607.937681][T19836] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  607.960814][T19837] CPU: 0 UID: 0 PID: 19837 Comm: syz.3.4196 Not tainted syzkaller #0 PREEMPT(full) 
[  607.960843][T19837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  607.960856][T19837] Call Trace:
[  607.960864][T19837]  <TASK>
[  607.960874][T19837]  dump_stack_lvl+0x189/0x250
[  607.960908][T19837]  ? __pfx____ratelimit+0x10/0x10
[  607.960937][T19837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  607.960962][T19837]  ? __pfx__printk+0x10/0x10
[  607.960986][T19837]  ? __asan_memcpy+0x40/0x70
[  607.961020][T19837]  should_fail_ex+0x414/0x560
[  607.961054][T19837]  _copy_to_user+0x31/0xb0
[  607.961082][T19837]  bpf_verifier_vlog+0x3ba/0x900
[  607.961116][T19837]  __btf_verifier_log+0xd4/0x120
[  607.961149][T19837]  ? __pfx___btf_verifier_log+0x10/0x10
[  607.961170][T19837]  ? __might_fault+0xb0/0x130
[  607.961216][T19837]  ? btf_parse_hdr+0x1e2/0x6d0
[  607.961250][T19837]  btf_parse_hdr+0x3aa/0x6d0
[  607.961282][T19837]  btf_new_fd+0x372/0xc90
[  607.961301][T19837]  ? apparmor_capable+0x137/0x1b0
[  607.961349][T19837]  ? __pfx_btf_new_fd+0x10/0x10
[  607.961371][T19837]  ? bpf_token_put+0x143/0x160
[  607.961394][T19837]  ? bpf_btf_load+0x126/0x190
[  607.961428][T19837]  __sys_bpf+0x3ed/0x860
[  607.961451][T19837]  ? __pfx___sys_bpf+0x10/0x10
[  607.961489][T19837]  ? ksys_write+0x22a/0x250
[  607.961527][T19837]  ? __pfx_ksys_write+0x10/0x10
[  607.961562][T19837]  __x64_sys_bpf+0x7c/0x90
[  607.961591][T19837]  do_syscall_64+0xfa/0xfa0
[  607.961608][T19837]  ? lockdep_hardirqs_on+0x9c/0x150
[  607.961628][T19837]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.961648][T19837]  ? clear_bhb_loop+0x60/0xb0
[  607.961672][T19837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.961690][T19837] RIP: 0033:0x7f95aab8f6c9
[  607.961709][T19837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.961726][T19837] RSP: 002b:00007f95ab9af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  607.961749][T19837] RAX: ffffffffffffffda RBX: 00007f95aade5fa0 RCX: 00007f95aab8f6c9
[  607.961763][T19837] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  607.961776][T19837] RBP: 00007f95ab9af090 R08: 0000000000000000 R09: 0000000000000000
[  607.961787][T19837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  607.961798][T19837] R13: 00007f95aade6038 R14: 00007f95aade5fa0 R15: 00007fff03e93748
[  607.961831][T19837]  </TASK>
[  608.021639][T19838] netlink: 'syz.2.4193': attribute type 2 has an invalid length.
[  608.218089][T19851] Cannot find add_set index 4 as target
[  608.435117][T19863] pim6reg1: entered allmulticast mode
[  608.577665][T19865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4203'.
[  608.864018][T19890] Cannot find add_set index 4 as target
[  608.866085][T19882] netlink: 136 bytes leftover after parsing attributes in process `syz.1.4211'.
[  609.114517][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  609.406897][T19916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4224'.
[  609.417341][T19915] geneve2: entered promiscuous mode
[  609.445209][ T7466] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  609.455849][ T7466] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  609.488976][T19917] ip6erspan1: entered allmulticast mode
[  609.495238][ T7466] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  609.506687][ T7466] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  609.669619][T19908] lo speed is unknown, defaulting to 1000
[  610.146401][T19925] lo speed is unknown, defaulting to 1000
[  610.163439][T19937] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 3, id = 0
[  610.455360][T19947] netlink: 168 bytes leftover after parsing attributes in process `syz.3.4231'.
[  611.585471][T19979] debugfs: '1ùàV!' already exists in 'ieee80211'
[  611.775168][T19990] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  611.937779][T19996] lo speed is unknown, defaulting to 1000
[  612.023808][T20002] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4246'.
[  612.438512][T20013] lo speed is unknown, defaulting to 1000
[  612.831895][T20026] syzkaller0: entered promiscuous mode
[  612.837549][T20026] syzkaller0: entered allmulticast mode
[  612.844350][T20034] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  612.941593][ T7466] tipc: Resetting bearer <eth:syzkaller0>
[  612.947956][T20039] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4253'.
[  612.962233][T20039] tipc: Invalid UDP bearer configuration
[  612.962304][T20039] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  613.036282][T20025] tipc: Resetting bearer <eth:syzkaller0>
[  613.288149][T20049] Cannot find add_set index 4 as target
[  614.919725][T20025] tipc: Disabling bearer <eth:syzkaller0>
[  615.090059][T20058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4258'.
[  615.230635][T20058] 8021q: adding VLAN 0 to HW filter on device bond2
[  615.302660][T20063] bond0: left promiscuous mode
[  615.325122][T20069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4262'.
[  615.648767][T20064] bond2 (unregistering): Released all slaves
[  615.679051][T20082] netlink: 'syz.4.4266': attribute type 12 has an invalid length.
[  615.688940][T20082] netlink: 'syz.4.4266': attribute type 29 has an invalid length.
[  615.697686][T20082] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4266'.
[  615.707631][T20082] netlink: 'syz.4.4266': attribute type 2 has an invalid length.
[  615.716398][T20082] netlink: 23 bytes leftover after parsing attributes in process `syz.4.4266'.
[  615.910804][T20087] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  615.927363][T20088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4269'.
[  615.937714][T20089] Cannot find add_set index 4 as target
[  615.996472][T20087] syzkaller0: entered promiscuous mode
[  616.011397][T20087] syzkaller0: entered allmulticast mode
[  616.023766][T20087] tipc: Resetting bearer <eth:syzkaller0>
[  616.044519][T20084] tipc: Resetting bearer <eth:syzkaller0>
[  616.046333][T20088] netlink: 'syz.2.4269': attribute type 9 has an invalid length.
[  617.739247][T20084] tipc: Disabling bearer <eth:syzkaller0>
[  617.748881][T20096] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.4271'.
[  617.898863][T20115] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4279'.
[  617.927671][T20115] tipc: Invalid UDP bearer configuration
[  617.927739][T20115] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  617.954635][T20118] Cannot find add_set index 4 as target
[  618.021895][T20123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4278'.
[  618.546469][T20147] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  618.557620][T20148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4291'.
[  618.644089][T20147] syzkaller0: entered promiscuous mode
[  618.649707][T20147] syzkaller0: entered allmulticast mode
[  618.656386][T20147] tipc: Resetting bearer <eth:syzkaller0>
[  618.723722][T20145] tipc: Resetting bearer <eth:syzkaller0>
[  618.835887][T20161] Cannot find add_set index 4 as target
[  618.947115][T20165] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4298'.
[  619.316527][T20173] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4296'.
[  621.722017][T20145] tipc: Disabling bearer <eth:syzkaller0>
[  621.732422][T20166] tipc: New replicast peer: 255.255.255.255
[  621.739475][T20166] tipc: Enabled bearer <udp:syz2>, priority 10
[  622.039039][T20195] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4306'.
[  622.118763][T20204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4307'.
[  622.139783][T20207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4309'.
[  622.150261][T20207] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4309'.
[  622.189066][T20207] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4309'.
[  622.193383][T20197] netlink: 'syz.1.4307': attribute type 9 has an invalid length.
[  622.279723][T20198] lo speed is unknown, defaulting to 1000
[  622.287072][T20208] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4310'.
[  622.688386][T20229] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  622.925308][T20222] syzkaller0: entered promiscuous mode
[  622.931054][T20222] syzkaller0: entered allmulticast mode
[  622.941842][T20222] tipc: Resetting bearer <eth:syzkaller0>
[  623.219244][ T1338] tipc: Resetting bearer <eth:syzkaller0>
[  623.252060][T20220] tipc: Resetting bearer <eth:syzkaller0>
[  624.168712][T20250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4322'.
[  624.489591][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  624.496277][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  625.225862][T20255] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4323'.
[  625.235323][T20255] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4323'.
[  625.245169][T20255] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4323'.
[  625.630064][T20220] tipc: Disabling bearer <eth:syzkaller0>
[  625.933374][T20268] Cannot find add_set index 4 as target
[  626.273525][T20283] ip6tnl0: Caught tx_queue_len zero misconfig
[  626.532062][T20299] sctp: [Deprecated]: syz.3.4337 (pid 20299) Use of struct sctp_assoc_value in delayed_ack socket option.
[  626.532062][T20299] Use struct sctp_sack_info instead
[  628.251174][T20304] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  628.353214][T20314] FAULT_INJECTION: forcing a failure.
[  628.353214][T20314] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  628.401594][T20314] CPU: 1 UID: 0 PID: 20314 Comm: syz.2.4340 Not tainted syzkaller #0 PREEMPT(full) 
[  628.401625][T20314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  628.401638][T20314] Call Trace:
[  628.401647][T20314]  <TASK>
[  628.401656][T20314]  dump_stack_lvl+0x189/0x250
[  628.401689][T20314]  ? __pfx____ratelimit+0x10/0x10
[  628.401718][T20314]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.401744][T20314]  ? __pfx__printk+0x10/0x10
[  628.401766][T20314]  ? fs_reclaim_acquire+0x7d/0x100
[  628.401795][T20314]  should_fail_ex+0x414/0x560
[  628.401830][T20314]  prepare_alloc_pages+0x213/0x610
[  628.401858][T20314]  __alloc_frozen_pages_noprof+0x123/0x370
[  628.401892][T20314]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  628.401923][T20314]  ? policy_nodemask+0x27c/0x720
[  628.401949][T20314]  alloc_pages_mpol+0x232/0x4a0
[  628.401975][T20314]  vma_alloc_folio_noprof+0xe4/0x200
[  628.401998][T20314]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  628.402032][T20314]  folio_prealloc+0x30/0x180
[  628.402063][T20314]  do_wp_page+0x1231/0x5800
[  628.402114][T20314]  ? __pfx_do_wp_page+0x10/0x10
[  628.402134][T20314]  ? do_raw_spin_lock+0x121/0x290
[  628.402165][T20314]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  628.402203][T20314]  __handle_mm_fault+0x1033/0x5400
[  628.402246][T20314]  ? __pfx___handle_mm_fault+0x10/0x10
[  628.402289][T20314]  ? follow_page_pte+0xd03/0x13e0
[  628.402327][T20314]  handle_mm_fault+0x40a/0x8e0
[  628.402366][T20314]  __get_user_pages+0x165c/0x2a00
[  628.402434][T20314]  __gup_longterm_locked+0xde4/0x1660
[  628.402476][T20314]  ? sanity_check_pinned_pages+0x1241/0x1300
[  628.402504][T20314]  ? gup_fast_fallback+0x1b86/0x22d0
[  628.402532][T20314]  gup_fast_fallback+0x1d65/0x22d0
[  628.402554][T20314]  ? __kernel_text_address+0xd/0x40
[  628.402582][T20314]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  628.402645][T20314]  ? __pfx_gup_fast_fallback+0x10/0x10
[  628.402668][T20314]  ? kasan_save_track+0x4f/0x80
[  628.402693][T20314]  ? __kasan_kmalloc+0x93/0xb0
[  628.402719][T20314]  ? __kmalloc_noprof+0x411/0x7f0
[  628.402744][T20314]  ? sock_kmalloc+0xd6/0x160
[  628.402766][T20314]  ? skcipher_recvmsg+0x3d1/0x11d0
[  628.402791][T20314]  ? sock_recvmsg+0x22c/0x270
[  628.402815][T20314]  ? ____sys_recvmsg+0x1c9/0x460
[  628.402836][T20314]  ? __x64_sys_recvmsg+0x198/0x260
[  628.402856][T20314]  ? do_syscall_64+0xfa/0xfa0
[  628.402908][T20314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.402934][T20314]  ? pin_user_pages_fast+0x4d/0xb0
[  628.402963][T20314]  iov_iter_extract_pages+0x35f/0x5e0
[  628.403001][T20314]  extract_iter_to_sg+0xe46/0x24e0
[  628.403043][T20314]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  628.403069][T20314]  ? rcu_is_watching+0x15/0xb0
[  628.403093][T20314]  ? trace_kmalloc+0x1f/0xd0
[  628.403118][T20314]  ? sock_kmalloc+0xd6/0x160
[  628.403148][T20314]  ? __asan_memset+0x22/0x50
[  628.403176][T20314]  af_alg_get_rsgl+0x436/0x810
[  628.403225][T20314]  skcipher_recvmsg+0x3d1/0x11d0
[  628.403257][T20314]  ? aa_sk_perm+0x81e/0x950
[  628.403298][T20314]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  628.403329][T20314]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  628.403348][T20314]  ? security_socket_recvmsg+0x7e/0x2e0
[  628.403369][T20314]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  628.403396][T20314]  sock_recvmsg+0x22c/0x270
[  628.403429][T20314]  ____sys_recvmsg+0x1c9/0x460
[  628.403465][T20314]  ? __pfx_____sys_recvmsg+0x10/0x10
[  628.403508][T20314]  ? import_iovec+0x74/0xa0
[  628.403537][T20314]  ___sys_recvmsg+0x1b5/0x510
[  628.403568][T20314]  ? __pfx____sys_recvmsg+0x10/0x10
[  628.403624][T20314]  ? __fget_files+0x3a0/0x420
[  628.403658][T20314]  __x64_sys_recvmsg+0x198/0x260
[  628.403686][T20314]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  628.403722][T20314]  ? __pfx_ksys_write+0x10/0x10
[  628.403754][T20314]  ? do_syscall_64+0xbe/0xfa0
[  628.403777][T20314]  do_syscall_64+0xfa/0xfa0
[  628.403794][T20314]  ? lockdep_hardirqs_on+0x9c/0x150
[  628.403813][T20314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.403833][T20314]  ? clear_bhb_loop+0x60/0xb0
[  628.403858][T20314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.403886][T20314] RIP: 0033:0x7f212398f6c9
[  628.403907][T20314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.403924][T20314] RSP: 002b:00007f2121bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  628.403948][T20314] RAX: ffffffffffffffda RBX: 00007f2123be5fa0 RCX: 00007f212398f6c9
[  628.403963][T20314] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 000000000000000c
[  628.403976][T20314] RBP: 00007f2121bf6090 R08: 0000000000000000 R09: 0000000000000000
[  628.403988][T20314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  628.404001][T20314] R13: 00007f2123be6038 R14: 00007f2123be5fa0 R15: 00007fff9ebbc6f8
[  628.404039][T20314]  </TASK>
[  628.950108][T20325] __nla_validate_parse: 7 callbacks suppressed
[  628.950130][T20325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4345'.
[  628.965777][T20325] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4345'.
[  629.363904][T20331] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  629.587979][T20351] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4352'.
[  629.608597][T20350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4353'.
[  629.625227][T20350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4353'.
[  629.629921][T20351] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4352'.
[  629.676886][T20356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4353'.
[  629.702132][T20356] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4353'.
[  629.757494][T20350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4353'.
[  629.787312][T20350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4353'.
[  630.296953][T20381] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  630.417618][T20382] syzkaller0: entered promiscuous mode
[  630.425119][T20382] syzkaller0: entered allmulticast mode
[  630.443368][T20384] netlink: 'syz.4.4364': attribute type 9 has an invalid length.
[  632.348210][T20389] batadv1: entered promiscuous mode
[  632.355301][T20389] 8021q: adding VLAN 0 to HW filter on device batadv1
[  632.562931][T20421] FAULT_INJECTION: forcing a failure.
[  632.562931][T20421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  632.601040][T20421] CPU: 0 UID: 0 PID: 20421 Comm: syz.2.4374 Not tainted syzkaller #0 PREEMPT(full) 
[  632.601069][T20421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  632.601088][T20421] Call Trace:
[  632.601097][T20421]  <TASK>
[  632.601106][T20421]  dump_stack_lvl+0x189/0x250
[  632.601138][T20421]  ? __pfx____ratelimit+0x10/0x10
[  632.601168][T20421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.601198][T20421]  ? __pfx__printk+0x10/0x10
[  632.601220][T20421]  ? __asan_memcpy+0x40/0x70
[  632.601253][T20421]  should_fail_ex+0x414/0x560
[  632.601287][T20421]  _copy_to_user+0x31/0xb0
[  632.601314][T20421]  bpf_verifier_vlog+0x3ba/0x900
[  632.601348][T20421]  __btf_verifier_log+0xd4/0x120
[  632.601379][T20421]  ? __pfx___btf_verifier_log+0x10/0x10
[  632.601400][T20421]  ? __might_fault+0xb0/0x130
[  632.601433][T20421]  ? btf_parse_hdr+0x1e2/0x6d0
[  632.601466][T20421]  btf_parse_hdr+0x3c1/0x6d0
[  632.601500][T20421]  btf_new_fd+0x372/0xc90
[  632.601518][T20421]  ? apparmor_capable+0x137/0x1b0
[  632.601549][T20421]  ? __pfx_btf_new_fd+0x10/0x10
[  632.601570][T20421]  ? bpf_token_put+0x143/0x160
[  632.601594][T20421]  ? bpf_btf_load+0x126/0x190
[  632.601619][T20421]  __sys_bpf+0x3ed/0x860
[  632.601641][T20421]  ? __pfx___sys_bpf+0x10/0x10
[  632.601678][T20421]  ? ksys_write+0x22a/0x250
[  632.601708][T20421]  ? __pfx_ksys_write+0x10/0x10
[  632.601743][T20421]  __x64_sys_bpf+0x7c/0x90
[  632.601780][T20421]  do_syscall_64+0xfa/0xfa0
[  632.601797][T20421]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.601817][T20421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.601835][T20421]  ? clear_bhb_loop+0x60/0xb0
[  632.601861][T20421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.601879][T20421] RIP: 0033:0x7f212398f6c9
[  632.601898][T20421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.601915][T20421] RSP: 002b:00007f2121bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  632.601938][T20421] RAX: ffffffffffffffda RBX: 00007f2123be5fa0 RCX: 00007f212398f6c9
[  632.601953][T20421] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012
[  632.601967][T20421] RBP: 00007f2121bf6090 R08: 0000000000000000 R09: 0000000000000000
[  632.601980][T20421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  632.601992][T20421] R13: 00007f2123be6038 R14: 00007f2123be5fa0 R15: 00007fff9ebbc6f8
[  632.602028][T20421]  </TASK>
[  633.034692][T20437] netlink: 'syz.4.4380': attribute type 9 has an invalid length.
[  633.220332][T20450] xt_hashlimit: max too large, truncated to 1048576
[  633.524064][T20462] FAULT_INJECTION: forcing a failure.
[  633.524064][T20462] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  633.540333][T20462] CPU: 0 UID: 0 PID: 20462 Comm: syz.1.4389 Not tainted syzkaller #0 PREEMPT(full) 
[  633.540361][T20462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  633.540374][T20462] Call Trace:
[  633.540383][T20462]  <TASK>
[  633.540392][T20462]  dump_stack_lvl+0x189/0x250
[  633.540426][T20462]  ? __pfx____ratelimit+0x10/0x10
[  633.540456][T20462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.540483][T20462]  ? __pfx__printk+0x10/0x10
[  633.540507][T20462]  ? fs_reclaim_acquire+0x7d/0x100
[  633.540538][T20462]  should_fail_ex+0x414/0x560
[  633.540575][T20462]  prepare_alloc_pages+0x213/0x610
[  633.540606][T20462]  __alloc_frozen_pages_noprof+0x123/0x370
[  633.540632][T20462]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  633.540671][T20462]  ? policy_nodemask+0x27c/0x720
[  633.540690][T20462]  ? __pfx__copy_from_iter+0x10/0x10
[  633.540717][T20462]  alloc_pages_mpol+0x232/0x4a0
[  633.540744][T20462]  alloc_pages_noprof+0xa9/0x190
[  633.540767][T20462]  af_alg_sendmsg+0x1445/0x2440
[  633.540821][T20462]  ? __pfx_af_alg_sendmsg+0x10/0x10
[  633.540847][T20462]  ? __pfx_aa_sk_perm+0x10/0x10
[  633.540872][T20462]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  633.540908][T20462]  ? aa_sock_msg_perm+0xf1/0x1d0
[  633.540940][T20462]  ? skcipher_sendmsg+0x26/0xf0
[  633.540973][T20462]  ? __pfx_skcipher_sendmsg+0x10/0x10
[  633.541002][T20462]  __sock_sendmsg+0x21c/0x270
[  633.541036][T20462]  ____sys_sendmsg+0x52d/0x830
[  633.541067][T20462]  ? __pfx_____sys_sendmsg+0x10/0x10
[  633.541100][T20462]  ? import_iovec+0x74/0xa0
[  633.541131][T20462]  ___sys_sendmsg+0x21f/0x2a0
[  633.541157][T20462]  ? __pfx____sys_sendmsg+0x10/0x10
[  633.541220][T20462]  ? __fget_files+0x2a/0x420
[  633.541237][T20462]  ? __fget_files+0x3a0/0x420
[  633.541268][T20462]  __sys_sendmmsg+0x227/0x430
[  633.541297][T20462]  ? __pfx___sys_sendmmsg+0x10/0x10
[  633.541329][T20462]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  633.541372][T20462]  ? ksys_write+0x22a/0x250
[  633.541402][T20462]  ? __pfx_ksys_write+0x10/0x10
[  633.541435][T20462]  __x64_sys_sendmmsg+0xa0/0xc0
[  633.541461][T20462]  do_syscall_64+0xfa/0xfa0
[  633.541479][T20462]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.541498][T20462]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.541519][T20462]  ? clear_bhb_loop+0x60/0xb0
[  633.541543][T20462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.541563][T20462] RIP: 0033:0x7f59a878f6c9
[  633.541582][T20462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.541599][T20462] RSP: 002b:00007f59a966a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  633.541622][T20462] RAX: ffffffffffffffda RBX: 00007f59a89e5fa0 RCX: 00007f59a878f6c9
[  633.541637][T20462] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[  633.541650][T20462] RBP: 00007f59a966a090 R08: 0000000000000000 R09: 0000000000000000
[  633.541663][T20462] R10: 0000000000040800 R11: 0000000000000246 R12: 0000000000000002
[  633.541675][T20462] R13: 00007f59a89e6038 R14: 00007f59a89e5fa0 R15: 00007ffdb5653738
[  633.541711][T20462]  </TASK>
[  634.241215][T20472] netlink: 'syz.4.4393': attribute type 1 has an invalid length.
[  634.285316][T20472] 8021q: adding VLAN 0 to HW filter on device bond1
[  634.294530][T20474] __nla_validate_parse: 7 callbacks suppressed
[  634.294548][T20474] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4393'.
[  634.346342][T20476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4394'.
[  634.362101][T20476] netlink: 'syz.2.4394': attribute type 9 has an invalid length.
[  634.368656][T20478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4395'.
[  634.390822][T20480] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  634.454662][T20482] IPVS: set_ctl: invalid protocol: 98 172.20.20.187:20000
[  634.541877][T20486] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4398'.
[  634.573414][T20487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4399'.
[  634.713271][    C1] ------------[ cut here ]------------
[  634.719221][    C1] ODEBUG: free active (active state 0) object: ffff88804cb41090 object type: timer_list hint: rose_t0timer_expiry+0x0/0x350
[  634.732645][    C1] WARNING: CPU: 1 PID: 20487 at lib/debugobjects.c:615 debug_print_object+0x16b/0x1e0
[  634.742295][    C1] Modules linked in:
[  634.746534][    C1] CPU: 1 UID: 0 PID: 20487 Comm: syz.0.4399 Not tainted syzkaller #0 PREEMPT(full) 
[  634.755987][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  634.766145][    C1] RIP: 0010:debug_print_object+0x16b/0x1e0
[  634.772318][    C1] Code: 4c 89 ff e8 77 e4 92 fd 4d 8b 0f 48 c7 c7 00 11 bf 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 5a 49 f0 fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 57 50 ea 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[  634.792034][    C1] RSP: 0018:ffffc90000a08a00 EFLAGS: 00010296
[  634.798152][    C1] RAX: e4faa33cac3d7700 RBX: dffffc0000000000 RCX: ffff88805aa2bc80
[  634.806278][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  634.814321][    C1] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  634.822391][    C1] R10: dffffc0000000000 R11: fffffbfff1bba680 R12: ffffffff8a39a160
[  634.830398][    C1] R13: ffffffff8bbf1280 R14: ffff88804cb41090 R15: ffffffff8b6cf7a0
[  634.838427][    C1] FS:  0000000000000000(0000) GS:ffff888126238000(0000) knlGS:0000000000000000
[  634.847602][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  634.854278][    C1] CR2: 00007f2123a4f762 CR3: 000000004ba52000 CR4: 00000000003526f0
[  634.862335][    C1] Call Trace:
[  634.865653][    C1]  <IRQ>
[  634.868529][    C1]  debug_check_no_obj_freed+0x3a2/0x470
[  634.874183][    C1]  ? rose_timer_expiry+0x4cb/0x600
[  634.879338][    C1]  kfree+0x115/0x6d0
[  634.883344][    C1]  rose_timer_expiry+0x4cb/0x600
[  634.888328][    C1]  ? call_timer_fn+0x155/0x5f0
[  634.893200][    C1]  call_timer_fn+0x17e/0x5f0
[  634.897841][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  634.903426][    C1]  ? call_timer_fn+0xbe/0x5f0
[  634.908161][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  634.913381][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  634.918635][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  634.923911][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  634.929495][    C1]  __run_timer_base+0x61a/0x860
[  634.934618][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  634.940109][    C1]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[  634.946557][    C1]  run_timer_softirq+0xb7/0x180
[  634.951469][    C1]  handle_softirqs+0x286/0x870
[  634.956268][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  634.961048][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  634.966432][    C1]  __irq_exit_rcu+0xca/0x1f0
[  634.971067][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  634.976380][    C1]  irq_exit_rcu+0x9/0x30
[  634.980660][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  634.986376][    C1]  </IRQ>
[  634.989400][    C1]  <TASK>
[  634.992395][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  634.998399][    C1] RIP: 0010:stack_depot_save_flags+0xad/0x860
[  635.004533][    C1] Code: cf 01 c5 29 f8 41 89 f8 41 c1 c0 06 41 31 c0 01 ef 45 89 c1 41 c1 c1 08 44 29 c5 41 31 e9 41 01 f8 44 29 cf 44 89 c9 c1 c1 10 <31> f9 45 01 c1 89 c8 c1 c0 13 41 29 c8 44 31 c0 44 01 c9 41 29 c1
[  635.024307][    C1] RSP: 0018:ffffc900025cefc8 EFLAGS: 00000286
[  635.030399][    C1] RAX: 0000000080165e77 RBX: 0000000000000000 RCX: 00000000e746a77e
[  635.038423][    C1] RDX: ffffc900025cf06c RSI: 000000000000001d RDI: 00000000db0856d2
[  635.046457][    C1] RBP: 00000000a978d686 R08: 0000000042954449 R09: 00000000a77ee746
[  635.054500][    C1] R10: 0000000000000016 R11: ffffffff81ac2f50 R12: ffffea0001cebf00
[  635.062535][    C1] R13: 0000000000000000 R14: ffffc900025cf030 R15: ffffc900025cf030
[  635.070512][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  635.076765][    C1]  ? stack_depot_save_flags+0x40/0x860
[  635.082311][    C1]  kasan_save_track+0x4f/0x80
[  635.086996][    C1]  ? kasan_save_track+0x3e/0x80
[  635.091904][    C1]  ? __kasan_save_free_info+0x46/0x50
[  635.097307][    C1]  ? __kasan_slab_free+0x5c/0x80
[  635.102311][    C1]  ? kmem_cache_free+0x19b/0x690
[  635.107277][    C1]  ? netlink_broadcast_filtered+0xec7/0x1000
[  635.113336][    C1]  ? netlink_broadcast+0x37/0x50
[  635.118299][    C1]  ? kobject_uevent_net_broadcast+0x4bc/0x560
[  635.124440][    C1]  ? kobject_uevent_env+0x55b/0x8c0
[  635.129665][    C1]  ? device_del+0x73a/0x8e0
[  635.134230][    C1]  ? unregister_netdevice_many_notify+0x1df2/0x2390
[  635.140870][    C1]  ? unregister_netdevice_queue+0x33c/0x380
[  635.146854][    C1]  ? __tun_detach+0x6d9/0x15d0
[  635.151689][    C1]  ? tun_chr_close+0x10a/0x1c0
[  635.156478][    C1]  ? __fput+0x44c/0xa70
[  635.160632][    C1]  ? task_work_run+0x1d4/0x260
[  635.165441][    C1]  ? do_exit+0x6b5/0x2300
[  635.169795][    C1]  ? do_group_exit+0x21c/0x2d0
[  635.174618][    C1]  ? get_signal+0x1285/0x1340
[  635.179326][    C1]  ? arch_do_signal_or_restart+0xa0/0x790
[  635.185113][    C1]  ? exit_to_user_mode_loop+0x72/0x130
[  635.190602][    C1]  ? do_syscall_64+0x2bd/0xfa0
[  635.195427][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.201596][    C1]  ? netlink_broadcast_filtered+0xec7/0x1000
[  635.207618][    C1]  __kasan_save_free_info+0x46/0x50
[  635.212870][    C1]  __kasan_slab_free+0x5c/0x80
[  635.217673][    C1]  kmem_cache_free+0x19b/0x690
[  635.222526][    C1]  netlink_broadcast_filtered+0xec7/0x1000
[  635.228365][    C1]  ? sprintf+0xd9/0x120
[  635.232607][    C1]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  635.238883][    C1]  ? alloc_uevent_skb+0xeb/0x230
[  635.243897][    C1]  ? __asan_memcpy+0x40/0x70
[  635.248534][    C1]  netlink_broadcast+0x37/0x50
[  635.253389][    C1]  kobject_uevent_net_broadcast+0x4bc/0x560
[  635.259388][    C1]  kobject_uevent_env+0x55b/0x8c0
[  635.264512][    C1]  device_del+0x73a/0x8e0
[  635.269408][    C1]  ? __pfx_device_del+0x10/0x10
[  635.274347][    C1]  ? netdev_unregister_kobject+0x344/0x450
[  635.280284][    C1]  unregister_netdevice_many_notify+0x1df2/0x2390
[  635.286796][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  635.293725][    C1]  ? queue_delayed_work_on+0x11a/0x280
[  635.299193][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  635.304483][    C1]  unregister_netdevice_queue+0x33c/0x380
[  635.310328][    C1]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  635.316208][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  635.322507][    C1]  ? linkwatch_urgent_event+0x62/0x3a0
[  635.327976][    C1]  __tun_detach+0x6d9/0x15d0
[  635.332624][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[  635.337786][    C1]  tun_chr_close+0x10a/0x1c0
[  635.342448][    C1]  __fput+0x44c/0xa70
[  635.346472][    C1]  task_work_run+0x1d4/0x260
[  635.351250][    C1]  ? __pfx_task_work_run+0x10/0x10
[  635.356562][    C1]  ? do_exit+0x6b0/0x2300
[  635.360988][    C1]  ? kmem_cache_free+0x19b/0x690
[  635.366007][    C1]  do_exit+0x6b5/0x2300
[  635.370188][    C1]  ? cgroup_freezing+0x20/0x350
[  635.375100][    C1]  ? __pfx_do_exit+0x10/0x10
[  635.379721][    C1]  ? cgroup_freezing+0x20/0x350
[  635.384641][    C1]  ? cgroup_freezing+0x20/0x350
[  635.389538][    C1]  do_group_exit+0x21c/0x2d0
[  635.394211][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  635.399444][    C1]  get_signal+0x1285/0x1340
[  635.404072][    C1]  arch_do_signal_or_restart+0xa0/0x790
[  635.409778][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  635.416012][    C1]  ? __se_sys_futex+0x36f/0x400
[  635.421006][    C1]  ? exit_to_user_mode_loop+0x40/0x130
[  635.426542][    C1]  exit_to_user_mode_loop+0x72/0x130
[  635.431887][    C1]  do_syscall_64+0x2bd/0xfa0
[  635.436505][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  635.441747][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.447854][    C1]  ? clear_bhb_loop+0x60/0xb0
[  635.452578][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.458489][    C1] RIP: 0033:0x7fbaa518f6c9
[  635.462948][    C1] Code: Unable to access opcode bytes at 0x7fbaa518f69f.
[  635.469991][    C1] RSP: 002b:00007fbaa60360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  635.478488][    C1] RAX: 0000000000000001 RBX: 00007fbaa53e5fa8 RCX: 00007fbaa518f6c9
[  635.486596][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbaa53e5fac
[  635.494623][    C1] RBP: 00007fbaa53e5fa0 R08: 3fffffffffffffff R09: 0000000000000000
[  635.503101][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  635.511115][    C1] R13: 00007fbaa53e6038 R14: 00007ffc5c714480 R15: 00007ffc5c714568
[  635.519267][    C1]  </TASK>
[  635.522356][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  635.529806][    C1] CPU: 1 UID: 0 PID: 20487 Comm: syz.0.4399 Not tainted syzkaller #0 PREEMPT(full) 
[  635.539450][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  635.549518][    C1] Call Trace:
[  635.552819][    C1]  <IRQ>
[  635.555669][    C1]  dump_stack_lvl+0x99/0x250
[  635.560269][    C1]  ? __asan_memcpy+0x40/0x70
[  635.564877][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  635.570095][    C1]  ? __pfx__printk+0x10/0x10
[  635.574712][    C1]  vpanic+0x237/0x6d0
[  635.578702][    C1]  ? __pfx_vpanic+0x10/0x10
[  635.583227][    C1]  panic+0xb9/0xc0
[  635.586961][    C1]  ? __pfx_panic+0x10/0x10
[  635.591489][    C1]  __warn+0x31b/0x4b0
[  635.595479][    C1]  ? debug_print_object+0x16b/0x1e0
[  635.600685][    C1]  ? debug_print_object+0x16b/0x1e0
[  635.605904][    C1]  report_bug+0x2be/0x4f0
[  635.610245][    C1]  ? debug_print_object+0x16b/0x1e0
[  635.615455][    C1]  ? debug_print_object+0x16b/0x1e0
[  635.620663][    C1]  ? debug_print_object+0x16d/0x1e0
[  635.625865][    C1]  handle_bug+0x84/0x160
[  635.630113][    C1]  exc_invalid_op+0x1a/0x50
[  635.634620][    C1]  asm_exc_invalid_op+0x1a/0x20
[  635.639478][    C1] RIP: 0010:debug_print_object+0x16b/0x1e0
[  635.645292][    C1] Code: 4c 89 ff e8 77 e4 92 fd 4d 8b 0f 48 c7 c7 00 11 bf 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 5a 49 f0 fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 57 50 ea 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41
[  635.664916][    C1] RSP: 0018:ffffc90000a08a00 EFLAGS: 00010296
[  635.671012][    C1] RAX: e4faa33cac3d7700 RBX: dffffc0000000000 RCX: ffff88805aa2bc80
[  635.679001][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  635.687069][    C1] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  635.695048][    C1] R10: dffffc0000000000 R11: fffffbfff1bba680 R12: ffffffff8a39a160
[  635.703031][    C1] R13: ffffffff8bbf1280 R14: ffff88804cb41090 R15: ffffffff8b6cf7a0
[  635.711009][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  635.716669][    C1]  debug_check_no_obj_freed+0x3a2/0x470
[  635.722310][    C1]  ? rose_timer_expiry+0x4cb/0x600
[  635.727439][    C1]  kfree+0x115/0x6d0
[  635.731359][    C1]  rose_timer_expiry+0x4cb/0x600
[  635.736331][    C1]  ? call_timer_fn+0x155/0x5f0
[  635.741129][    C1]  call_timer_fn+0x17e/0x5f0
[  635.745737][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  635.751306][    C1]  ? call_timer_fn+0xbe/0x5f0
[  635.755991][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  635.761212][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  635.766438][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  635.771647][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  635.777176][    C1]  __run_timer_base+0x61a/0x860
[  635.782079][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  635.787563][    C1]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[  635.793857][    C1]  run_timer_softirq+0xb7/0x180
[  635.798720][    C1]  handle_softirqs+0x286/0x870
[  635.803495][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  635.808265][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  635.813569][    C1]  __irq_exit_rcu+0xca/0x1f0
[  635.818161][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  635.823370][    C1]  irq_exit_rcu+0x9/0x30
[  635.827615][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  635.833262][    C1]  </IRQ>
[  635.836199][    C1]  <TASK>
[  635.839135][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  635.845124][    C1] RIP: 0010:stack_depot_save_flags+0xad/0x860
[  635.851218][    C1] Code: cf 01 c5 29 f8 41 89 f8 41 c1 c0 06 41 31 c0 01 ef 45 89 c1 41 c1 c1 08 44 29 c5 41 31 e9 41 01 f8 44 29 cf 44 89 c9 c1 c1 10 <31> f9 45 01 c1 89 c8 c1 c0 13 41 29 c8 44 31 c0 44 01 c9 41 29 c1
[  635.871087][    C1] RSP: 0018:ffffc900025cefc8 EFLAGS: 00000286
[  635.877167][    C1] RAX: 0000000080165e77 RBX: 0000000000000000 RCX: 00000000e746a77e
[  635.885144][    C1] RDX: ffffc900025cf06c RSI: 000000000000001d RDI: 00000000db0856d2
[  635.893205][    C1] RBP: 00000000a978d686 R08: 0000000042954449 R09: 00000000a77ee746
[  635.901180][    C1] R10: 0000000000000016 R11: ffffffff81ac2f50 R12: ffffea0001cebf00
[  635.909159][    C1] R13: 0000000000000000 R14: ffffc900025cf030 R15: ffffc900025cf030
[  635.917245][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  635.923531][    C1]  ? stack_depot_save_flags+0x40/0x860
[  635.929043][    C1]  kasan_save_track+0x4f/0x80
[  635.933797][    C1]  ? kasan_save_track+0x3e/0x80
[  635.938841][    C1]  ? __kasan_save_free_info+0x46/0x50
[  635.944265][    C1]  ? __kasan_slab_free+0x5c/0x80
[  635.949209][    C1]  ? kmem_cache_free+0x19b/0x690
[  635.954155][    C1]  ? netlink_broadcast_filtered+0xec7/0x1000
[  635.960143][    C1]  ? netlink_broadcast+0x37/0x50
[  635.965081][    C1]  ? kobject_uevent_net_broadcast+0x4bc/0x560
[  635.971242][    C1]  ? kobject_uevent_env+0x55b/0x8c0
[  635.976446][    C1]  ? device_del+0x73a/0x8e0
[  635.980984][    C1]  ? unregister_netdevice_many_notify+0x1df2/0x2390
[  635.987607][    C1]  ? unregister_netdevice_queue+0x33c/0x380
[  635.993538][    C1]  ? __tun_detach+0x6d9/0x15d0
[  635.998440][    C1]  ? tun_chr_close+0x10a/0x1c0
[  636.003236][    C1]  ? __fput+0x44c/0xa70
[  636.007401][    C1]  ? task_work_run+0x1d4/0x260
[  636.012178][    C1]  ? do_exit+0x6b5/0x2300
[  636.016610][    C1]  ? do_group_exit+0x21c/0x2d0
[  636.021379][    C1]  ? get_signal+0x1285/0x1340
[  636.026060][    C1]  ? arch_do_signal_or_restart+0xa0/0x790
[  636.031796][    C1]  ? exit_to_user_mode_loop+0x72/0x130
[  636.037278][    C1]  ? do_syscall_64+0x2bd/0xfa0
[  636.042225][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.048336][    C1]  ? netlink_broadcast_filtered+0xec7/0x1000
[  636.054415][    C1]  __kasan_save_free_info+0x46/0x50
[  636.059647][    C1]  __kasan_slab_free+0x5c/0x80
[  636.064449][    C1]  kmem_cache_free+0x19b/0x690
[  636.069234][    C1]  netlink_broadcast_filtered+0xec7/0x1000
[  636.075060][    C1]  ? sprintf+0xd9/0x120
[  636.079248][    C1]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[  636.085502][    C1]  ? alloc_uevent_skb+0xeb/0x230
[  636.090460][    C1]  ? __asan_memcpy+0x40/0x70
[  636.095064][    C1]  netlink_broadcast+0x37/0x50
[  636.099838][    C1]  kobject_uevent_net_broadcast+0x4bc/0x560
[  636.105749][    C1]  kobject_uevent_env+0x55b/0x8c0
[  636.110789][    C1]  device_del+0x73a/0x8e0
[  636.115138][    C1]  ? __pfx_device_del+0x10/0x10
[  636.120005][    C1]  ? netdev_unregister_kobject+0x344/0x450
[  636.125827][    C1]  unregister_netdevice_many_notify+0x1df2/0x2390
[  636.132269][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  636.139174][    C1]  ? queue_delayed_work_on+0x11a/0x280
[  636.144651][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.149947][    C1]  unregister_netdevice_queue+0x33c/0x380
[  636.155688][    C1]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  636.161510][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  636.167753][    C1]  ? linkwatch_urgent_event+0x62/0x3a0
[  636.173227][    C1]  __tun_detach+0x6d9/0x15d0
[  636.177837][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[  636.182957][    C1]  tun_chr_close+0x10a/0x1c0
[  636.187594][    C1]  __fput+0x44c/0xa70
[  636.191590][    C1]  task_work_run+0x1d4/0x260
[  636.196190][    C1]  ? __pfx_task_work_run+0x10/0x10
[  636.201307][    C1]  ? do_exit+0x6b0/0x2300
[  636.205642][    C1]  ? kmem_cache_free+0x19b/0x690
[  636.210617][    C1]  do_exit+0x6b5/0x2300
[  636.214788][    C1]  ? cgroup_freezing+0x20/0x350
[  636.219749][    C1]  ? __pfx_do_exit+0x10/0x10
[  636.224369][    C1]  ? cgroup_freezing+0x20/0x350
[  636.229227][    C1]  ? cgroup_freezing+0x20/0x350
[  636.234091][    C1]  do_group_exit+0x21c/0x2d0
[  636.238717][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.243928][    C1]  get_signal+0x1285/0x1340
[  636.248453][    C1]  arch_do_signal_or_restart+0xa0/0x790
[  636.254018][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  636.260293][    C1]  ? __se_sys_futex+0x36f/0x400
[  636.265250][    C1]  ? exit_to_user_mode_loop+0x40/0x130
[  636.270809][    C1]  exit_to_user_mode_loop+0x72/0x130
[  636.276095][    C1]  do_syscall_64+0x2bd/0xfa0
[  636.280685][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.285925][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.291998][    C1]  ? clear_bhb_loop+0x60/0xb0
[  636.296681][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.302574][    C1] RIP: 0033:0x7fbaa518f6c9
[  636.306999][    C1] Code: Unable to access opcode bytes at 0x7fbaa518f69f.
[  636.314100][    C1] RSP: 002b:00007fbaa60360e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  636.322524][    C1] RAX: 0000000000000001 RBX: 00007fbaa53e5fa8 RCX: 00007fbaa518f6c9
[  636.330497][    C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbaa53e5fac
[  636.338474][    C1] RBP: 00007fbaa53e5fa0 R08: 3fffffffffffffff R09: 0000000000000000
[  636.346457][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  636.354516][    C1] R13: 00007fbaa53e6038 R14: 00007ffc5c714480 R15: 00007ffc5c714568
[  636.362593][    C1]  </TASK>
[  636.365923][    C1] Kernel Offset: disabled
[  636.370246][    C1] Rebooting in 86400 seconds..