last executing test programs:

15.198952262s ago: executing program 4 (id=2907):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
unshare(0x62040200)
shutdown(0xffffffffffffffff, 0x1)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000d00), 0x4)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r4, r4, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r6, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)={0x8c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMKID={0x14, 0x55, "b0bd9770b624c164691712a44a114a5b"}, @NL80211_ATTR_PMKID={0x14, 0x55, "920308c1b41afbb8c65c1fa8d58e4d7f"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0x9, 0x34, @random="da475c0298"}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x46}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8080}, 0x4800)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003e40)=@newtaction={0x78, 0x30, 0xffff, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ife={0x60, 0x1, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x9, 0x4, 0x5, 0x1}, 0x1}}, @TCA_IFE_SMAC={0xa, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7040010000000f00000005002a000000000008000300", @ANYRES32=r9, @ANYBLOB="08002b000800000005002f00000000000800320005000000050029"], 0x5c}}, 0x18)
sendmsg$kcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x58, 0x10, 0x403, 0x70b528, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0xa1, 0x106}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x3}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_PHYS_PORT_ID={0x13, 0x22, "2c09fa1b29f77936e04bb515bf45a5"}]}, 0x58}, 0x1, 0xba01, 0x0, 0xc084}, 0x810)

13.548913515s ago: executing program 4 (id=2916):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0xff, @local, 0x5}, 0x1c)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e23, 0xe183, @local, 0x6a30}, 0x1c)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000004c0), r0)
sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, '$([*\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4048001}, 0x10)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$WPAN_WANTACK(r3, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0xa, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e65720000004000028008000240000000840800034000000007080004400000000f08000140000000001c0005800c0001007061796c6f6164000c00028008000240000000040900010073797a30f2ffffff0800020073797a3200000000140000001100010000000000000000000300000a"], 0xa8}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
setsockopt(r4, 0x4, 0x7fffffff, &(0x7f00000003c0)="75d737db4f8ccfe143817bf588b0078411cd16c2bd294211103596557adab390caac58937c0fcaee8b5116a07850f87f473859eff7eff7f4186268b7e204044d72c401c6a3e5ddceb509f28092b5ce1c9a76b6c9a441ac3286b7ce2d79a01e26f495797f70e18e45b757aa10a362245e51c3881575dc6144140e97945ad5be808f9aebc6bd5d0ed749923a376a7d80033d3776fdb83c496a3796de089aae27d84c958a9bc830095f58e7f7a6b7e55b0291a9f5c205a96e8c2e5f40f8537bd181efe85a7f65b8ac0afebd09643cefc987024a16778e913a903b28f30d772e752da30519d3002512c04c43732f6fb2ffb382e0efe3fd2d5158b1d41ae19e", 0xfd)

13.324360818s ago: executing program 4 (id=2920):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e20, 0xfffffffe, @empty, 0x8}}}, 0x108)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x1}}, {{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}}}, 0x108)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}, 0x8a}}, {{0xa, 0x0, 0x10001, @local}}}, 0x108)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3}}}, 0x108)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c2ae4d6", @ANYRES16=r2, @ANYBLOB="0001adbd700000000000300000000500350009000000"], 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0), 0x40800, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001100)=@bpf_lsm={0x1d, 0x1a, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @alu={0x0, 0x0, 0x5, 0x7, 0x4, 0x1, 0x10}, @generic={0x0, 0x7, 0x7, 0x1}, @ldst={0x3, 0x1, 0x2, 0x9, 0xb, 0x100, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x3, 0x7fff}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[{0x1, 0x2, 0x2, 0x9}], 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='scsi_eh_wakeup\x00', r7, 0x0, 0x4}, 0x18)

13.168717397s ago: executing program 4 (id=2923):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xa2}, @generic={0x66}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
unshare(0x2c020400)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x0, 0x6}, 0x10}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000040a0103"], 0x14}, 0x1, 0x0, 0x0, 0x8801}, 0x800)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
recvmsg(r3, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0)
unshare(0x20000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)

4.69057256s ago: executing program 2 (id=2973):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000108000700263a0909140002"], 0x44}, 0x1, 0x1000000, 0x0, 0x4000}, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x3, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000200)={0x9, 0x200, 0x1, 0x6}, 0x10)
sendto$inet(r3, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000004c0)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000240)={0x0, 0x2}, 0x8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400e300100000000500000a5c000000060a0b04000000000000000002000000300004800001800b0001006e756d67656e00001c0002800800034000000000080002ca66000400080001400000001c0900010073797a30000000001900020073797a3200000000140000001105010000000000000000000000000a000000000000000000"], 0x84}, 0x1, 0x0, 0x0, 0x20000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r6, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000100)
recvmsg$unix(r6, &(0x7f0000000140)={0x0, 0x45, 0x0, 0x0, 0x0, 0x30}, 0x180)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000002000003f851000000600000018020000", @ANYRES32, @ANYBLOB="0000000000000100660002007fffffff180000000000000100000000000000009500040000000000360a020000001000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000140)=""/230}, 0xd0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
pipe(&(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
vmsplice(r9, &(0x7f0000000940)=[{&(0x7f0000000040)="1333", 0x2}, {&(0x7f00000007c0)="b4", 0x1}, {&(0x7f00000000c0)="008e777f9d", 0x5}], 0x3, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(r8, 0x541b, &(0x7f0000000180))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r7, 0x0)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000001000)=@ccm_128={{0x303}, "334e39a7860ef467", "ef6d300362bad6fb9db4981af57bee7d", "2aab4f9b", "ca37565876236eaf"}, 0x28)
setsockopt(r10, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r10, 0x84, 0x16, 0x0, &(0x7f0000000480)=0x1b)

3.412184626s ago: executing program 2 (id=2980):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000006000000000000000000000d030000030000000002000000030000000000000004"], 0x0, 0x4e, 0x0, 0x4}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xda01})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000041}, 0x200088d0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000240)="5473feaa5a981d9be8ed76f664b6c1cb562b8d5f13a0993de229fddffc37dc10069a1e562ca16f68ba595cd3888d9b85d3d180a01abed07a473b3d86c2e261968d4cefa4548c6f6314bd47e46bf3faaa04b5238849ba5fdcc266ab4088f3c0dcbae8ba073430023ae324d75c3fed3ce358c79fec62a1425cad28b7aaaf2ca48e2cdfd298cade21dbed0b15f508d170566af7c50a709df3f4ce62a888424c", 0x9e)
socket(0x400000000010, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x23, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0xc004)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r8, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)

3.410108899s ago: executing program 3 (id=2981):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000006000000000000000000000d030000030000000002000000030000000000000004"], 0x0, 0x4e, 0x0, 0x4}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xda01})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000041}, 0x200088d0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000240)="5473feaa5a981d9be8ed76f664b6c1cb562b8d5f13a0993de229fddffc37dc10069a1e562ca16f68ba595cd3888d9b85d3d180a01abed07a473b3d86c2e261968d4cefa4548c6f6314bd47e46bf3faaa04b5238849ba5fdcc266ab4088f3c0dcbae8ba073430023ae324d75c3fed3ce358c79fec62a1425cad28b7aaaf2ca48e2cdfd298cade21dbed0b15f508d170566af7c50a709df3f4ce62a888424c", 0x9e)
socket(0x400000000010, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x23, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0xc004)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r8, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)

3.197735987s ago: executing program 3 (id=2984):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r1 = accept(r0, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000013c0), r1)
write(0xffffffffffffffff, &(0x7f00000002c0), 0x0)
socket$netlink(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r3, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f0000000780)=""/260, 0x104}, {&(0x7f0000000000)=""/32, 0x20}, {&(0x7f0000002900)=""/4114, 0x1012}, {&(0x7f00000017c0)=""/220, 0xdc}, {0x0}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f00000008c0)=""/234, 0xea}], 0x8}, 0x80000002}], 0x4, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2c, r5, 0x12b084226d2dad07, 0x0, 0x0, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}}, 0x2c}}, 0x0)

2.955520514s ago: executing program 1 (id=2986):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) (async, rerun: 32)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x70}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r2}, 0x10) (rerun: 32)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3800004, 0x12, r3, 0x0) (async, rerun: 64)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (rerun: 64)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x989680}, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
pwrite64(r4, &(0x7f00000009c0)="4feff2", 0x3, 0x4)
r5 = socket$vsock_stream(0x28, 0x1, 0x0) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002abd7000fccbdf250900000005000700030000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r6, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="fa000000", @ANYRES16=r8, @ANYBLOB="01012abd7000fddbdf251d00000010002f800c0002000201aaaaaaaaaaaab8002f80080001000600000024000380200003800c0004000202aaaaaaaaaaaa06000300ffff000006000100010000000c0002000000000000000000080001000d000000200003800c00050008000000000000000800010003000000080001000200000054000380080004000001000004000380050002000300000008000100010000000c000500010400000000000008000100010000000c00050003000000000000000c0003800800020002000000080001000300000008000300", @ANYRES32=r9, @ANYBLOB="0c0006000200000000000000"], 0xf0}, 0x1, 0x0, 0x0, 0x40015}, 0x0) (async)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r10, 0x86, &(0x7f0000002600)}, 0x10) (async, rerun: 32)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f00000002c0)) (async, rerun: 32)
connect$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv6_delrule={0x38, 0x21, 0x1, 0x70bd2c, 0x25dfdbfd, {0xa, 0x80, 0x0, 0x4, 0xff, 0x0, 0x0, 0x0, 0x10004}, [@FRA_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}}, @FIB_RULE_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000)

2.905276828s ago: executing program 2 (id=2987):
socket$inet6_sctp(0xa, 0x1, 0x84)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_lsm={0x1d, 0xb, &(0x7f0000000540)=@raw=[@call={0x85, 0x0, 0x0, 0xc0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}], &(0x7f0000000180)='syzkaller\x00', 0x6e4, 0x95, &(0x7f0000000680)=""/149, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f00000005c0)=[0x1, 0x1, 0x1], &(0x7f0000000600)=[{0x1, 0x1, 0x8, 0x4}, {0x3, 0x5, 0x4, 0xa}, {0x4, 0x3, 0x4}], 0x10, 0xf}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\tmm'], 0x3d)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
bind$ax25(r7, &(0x7f0000000040)={{0x3, @bcast, 0x1}, [@null={0x40, 0x10}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
setsockopt$inet_sctp6_SCTP_INITMSG(r6, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb}]}, &(0x7f0000000140)=0x10)
ppoll(&(0x7f0000000100)=[{r4, 0x1000}], 0x1, &(0x7f0000000180)={0x77359400}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
r8 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r8, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
connect$llc(r8, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random='\x00\x00\x00\x00\x00\a'}, 0x10)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x6, 0x81, 0x5}, 0x10)

2.724864328s ago: executing program 1 (id=2988):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.655354419s ago: executing program 1 (id=2990):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a31000000000900010073797a3000000000090003"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000340)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=@newlink={0x54, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x54}, 0x1, 0xba01}, 0x810)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f00000003c0)={'syztnl2\x00', <r8=>0x0, 0x10, 0x10, 0x9, 0x5, {{0xe, 0x4, 0x2, 0x8, 0x38, 0x64, 0x0, 0x9, 0x29, 0x0, @local, @remote, {[@timestamp={0x44, 0x14, 0x48, 0x0, 0xe, [0x5, 0x2, 0x7, 0x2]}, @timestamp={0x44, 0xc, 0x43, 0x0, 0x4, [0x8b, 0x4]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000004c0)={'gretap0\x00', &(0x7f0000000480)={'tunl0\x00', <r9=>0x0, 0x7800, 0x40, 0x9, 0x0, {{0x6, 0x4, 0x1, 0x31, 0x18, 0x65, 0x0, 0x7, 0x29, 0x0, @empty, @remote, {[@noop]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000940)=ANY=[@ANYBLOB="b0000000", @ANYRES16=0x0, @ANYBLOB="010029bd7000fddbdf2506000000240001803000018000000300020000001400020073797a6b616c6c657230000000000000ddfe0200726f736530000000000000000000000008000300030000003400018008000300020000000000030002000000140002007866726d3000000000000000000000001400018001000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="19fdd91d038e27d45469a039a3881665dea91a7eacd4bdbb11d0797d68085b55485add547ad4cec2960521b27d8b7d89e46aa7a22810768a9d0450d1dd0ba98f9dee47272df75a697bbaaba951f8a18fb800001a0abda60f26eb84877ee3a47e1012796415bf9abd140b21493e995a4121be14b549617ce220b81e1a6ed9c02f67dc8806d23b0394ba4f06989f9616d0b04a1585a1af8b269c900743aa3b438ba6614d5e4c175f52507dd78cf9b068f643f4da159c6962159a0e08cd3e8488b7e170d127af0106f6cb736f7e7ca14f0439136e1e2657541689585a42ac338750cc129eb20ba5ed2d13f6f9a8bf5e0e5749cfad345e07000000df5b2b126c0612ddca2f40db06e52dfb3aa1d9a34fe1912a0ed4f13eeaafb434ac3408ff8e0b910ff2cb2465919147bd1ff2af3fecedc18dffc5411e93a274c61f2dba626c1fd5ba67a0bb47004bedb51ab5bdf839cbae585e1d03e72d5e407103093d70b6daded2df9b29ed3904e613ae6d8aed92f0fd821d4a449b196c1c971804df2bf39305f2ac391e1d1e1f9e954efd28114bc935cd2824acba739b2906efed91e56fdc9225740f9cb74b4a8c0db3206248abe77da4edc54773d51feaac11efdf0e3b7b3fc6833a580bbde251a13eda81460b71cb01b5c425c367bdd44151c9fed586c41c7860d378fd1751ca539f818b452f10621f4851c9a51bfa5fbc75de552e7cab0e343100b73137d519ee621f909047d4b037b66dbfbb985535918b00"/552], 0xb0}, 0x1, 0x0, 0x0, 0x20000c4}, 0x40011)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETCARRIER(r10, 0x400454e2, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r12, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x1c}}, 0x0)
r13 = socket$inet(0xa, 0x801, 0x84)
listen(r13, 0x8)
r14 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, r13, &(0x7f0000000240)={0x20000000})
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r11}, 0x10)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0xa3)

2.456989053s ago: executing program 0 (id=2991):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0577ba007c034067d35226a6049c20b62fef3bad5f9e53c8ea5682c0073eec76929c6d3362325fe1144dcc97ff2c5aa59dde347555cd214a311db3942deef1b9143089b894379762ff8b5e92db6ab7ff6e4fe98137ee709c44a9353840f906e9a"}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030080ff00000500030080ff00000500030000000000050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
writev(r1, &(0x7f0000003b00)=[{&(0x7f0000000580)="c2", 0x1}], 0x1)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000c, 0x80010, r1, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000240)='|w')
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000500)="d7")
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080))
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000140)="41000200010007", 0x7)
syz_emit_ethernet(0x5eb, &(0x7f0000000a00)={@multicast, @remote, @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "79388a", 0x5b5, 0x21, 0x37d44ff4ac7a5a71, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, {[@dstopts={0x1d, 0x21, '\x00', [@calipso={0x7, 0x28, {0x0, 0x8, 0x6, 0x3, [0x4, 0x868, 0x8000, 0x1]}}, @generic={0x8, 0x9c, "0d28e80a877bc57c65796c014e63fce6fc457a48633539ca0570120808ebe83f3598fa3c9c7a291209f71d4cef486fe597f1e2d124b00892be2aea96abe0e9977b83885ebf23f2f905ac2a592e2619eaa82ded0aec89593e4c370e28434781bb50a4ad8b834a9678cebd4805d6499505921a70a02961a87e28b74e04f536dac5a8c3a9a6dccb1c26cf9d201bd2ecce27a5cc0c335e705324d98dcfcc"}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @calipso={0x7, 0x30, {0x2, 0xa, 0x1, 0x4, [0x0, 0x2, 0xf601, 0x5, 0x3]}}]}, @routing={0x0, 0x8, 0x0, 0x5, 0x0, [@private2, @private0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}]}, @dstopts={0x21, 0x24, '\x00', [@calipso={0x7, 0x48, {0x2, 0x10, 0xc, 0x1, [0x100, 0x3, 0x0, 0x3ff, 0x70, 0x0, 0x10, 0x195]}}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0xe}, @ra, @calipso={0x7, 0x40, {0x3, 0xe, 0x9, 0x5, [0x100000001, 0x9bd0, 0x9, 0x5, 0x4, 0xe65, 0x4]}}, @enc_lim={0x4, 0x1, 0x7f}, @ra={0x5, 0x2, 0x2}, @generic={0x1, 0x6c, "aaa05adbc0986b6eaff8a762505b1db54041adf20952ad963df027b75c12af2f007c0154e141b00371c610d8997bce42480745dcb0ae098de51e2a4776fdff7cfa08ca1e9c322c8b8a96ecef532ab8ae9d20db218db092cf079dc9c70443b14c48ead9a70a290b9012630d9f"}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, @routing={0x3a, 0xc, 0x2, 0x7, 0x0, [@local, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @private0, @mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0xf}]}, @hopopts={0x33, 0xc, '\x00', [@calipso={0x7, 0x30, {0x2, 0xa, 0x8, 0x800, [0xffff, 0xfff, 0x6, 0x3, 0x7]}}, @padn={0x1, 0x1, [0x0]}, @pad1, @calipso={0x7, 0x28, {0x2, 0x8, 0x5, 0x3, [0x80000000, 0xa000000000000000, 0xfffffffffffffff8, 0x7]}}]}, @srh={0x2, 0x14, 0x4, 0xa, 0xf7, 0x0, 0x7ff, [@private2, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x12}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @private1, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2]}, @dstopts={0x3b, 0x1a, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x6, 0x4e, "913b6cec4548f2cbef9d4aa256215fe2c3d495ca74f56482c80ed7fd026d87ca571e2ff8523741d47e45e2a26068d4751d1f605ec085133a90164d93085a3e9db2c5ebaa3eddce2abe26473d521a"}, @jumbo={0xc2, 0x4, 0x6}, @calipso={0x7, 0x18, {0x1, 0x4, 0x5, 0x0, [0x1, 0x7]}}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @calipso={0x7, 0x40, {0x2, 0xe, 0x7f, 0x200, [0xffffffffffffffff, 0x6d49, 0x7fffffff, 0x6cb2c220, 0x4, 0xa43, 0x0]}}]}], {{0x4e22, 0x4e22, 0x4, 0x1, 0x6, 0x0, 0x0, 0x1, 0x4, "354eb9", 0xa7, "0802c7"}, "0b938ded30256bb33e6c865f58785cffce7074f6e43576d909c9fff919a57c5c8ed3e95ef698f58809e0c402ff68d18fe240d6e9acb5a668f38e1faf967d3bca125f640ba90141cfba9d6f29185d68506f25ea7efbf2b19fc526023ce73213ed3ad3a10c37ee6f9d315cef0e4295cba8fbfdfc7f7875f3e1df40e551601799c15ab911073f216a9e6a0d5b2b5db103a9e87a3bdc82eefe322ff252ba06c1b64a564ed05cf5ae1d95e8a40bf9b7f518db66b0f70934024f705b0bfce149"}}}}}}, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0xa54a9d76e5e2e84, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r8 = openat$cgroup_devices(r7, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB='c ** rwm\x00'], 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fdfeffff000000000400000085000000360000001801000020646c3c00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xe, 0x0, &(0x7f0000000480)="0101000871a7832e6b7303c3cd59", 0x0, 0x6, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)

2.250095907s ago: executing program 3 (id=2992):
unshare(0x24040000)
unshare(0x2c020400) (fail_nth: 29)

1.608369709s ago: executing program 3 (id=2993):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a090400000000000000000200000040000480100001800c0001006e6f747261636b002c0001800e000100696d6d656469617465000000180002800c00028005000100c402000008000140000000080900010073797a3000000000090002"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @inner={{0xa}, @void}}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x24}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x3d}]}, @NFT_MSG_DELCHAIN={0x118, 0x5, 0xa, 0x201, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HOOK={0x1c, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7a4152cb}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x28e20e29}]}, @NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x8}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x8000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x31}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xa1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x513464fe}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x293c4fdc}]}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1c163494}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x39ca53d7}, @NFTA_HOOK_DEV={0x14, 0x3, 'vlan0\x00'}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_USERDATA={0x36, 0xc, "f697113ff4d6955cb13b01b62130a73a03382f6b0508e52a6f19e120adf728ee47eea7128c2545217035b504b1ed916c066c"}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSET={0x21c, 0xb, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_DESC={0xb4, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0xa8, 0x2, 0x0, 0x1, [{0x4}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x400}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6dda42b7}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xc26b}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x69}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x8}]}, @NFTA_SET_EXPRESSIONS={0xec, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}, {0x18, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xd}]}}}, {0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}, {0x4c, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_TUNNEL_KEY={0x8}, @NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_DREG={0x8}, @NFTA_TUNNEL_MODE={0x8}, @NFTA_TUNNEL_DREG={0x8}, @NFTA_TUNNEL_MODE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}, {0x34, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_ADDR={0x8}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x25}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1e}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x9}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_LEVEL={0x8, 0x3, 0xeb}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x18}]}}}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x1}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}]}, @NFT_MSG_DELRULE={0x1cc, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x16c, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @target={{0xb}, @void}}, {0x40, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x6}, @NFTA_SYNPROXY_MSS={0x6}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0xe0}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x2}]}}}, {0x10, 0x1, 0x0, 0x1, @meta={{0x9}, @void}}, {0x5c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_RANGE_FROM_DATA={0x40, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x39, 0x1, "b5b23d0e09f58604bb1b7058a3497ca9fbff51042a8c8e7e63ea6ca1595727521d7ae7d70fd5a9f12abfff8561ecf085526f785129"}]}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xb}]}}}, {0xc, 0x1, 0x0, 0x1, @fwd={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @reject={{0xb}, @void}}, {0x28, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_OSF_TTL={0x5, 0x2, 0x6}, @NFTA_OSF_FLAGS={0x8}]}}}, {0x14, 0x1, 0x0, 0x1, @connlimit={{0xe}, @void}}, {0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0x6}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xe2}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x8}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5bc}, 0x1, 0x0, 0x0, 0x10}, 0x8084)

1.493891813s ago: executing program 2 (id=2994):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x7d4165c9)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x7d4165c9)
listen(r3, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xc}}, 0x0, 0x0, 0x20, 0x0, "9c0fe2154aa786d10084ecfbe8e86f7d312fcc8fde38d5823d22fbbb55a7837e5f2329f4d662f2185f18fae43e09d661d12a01669d6eef2e4733c2c29a3c3d16ef45c7c1c8ecfcc76b47d9ab9a573f11"}, 0xd8)
listen(r6, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000680)={@in6={{0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x81}}, 0x0, 0x0, 0x40, 0x0, "2b20a1a47cddc63b223be606d7303a4d4d11e10450d766feb63b382d54bab577021cad5de4fe7630a33b6deca160b1267ff02123bc27830000000000ffff40000000000000b5b29049cb65f00300"}, 0xd8)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000540)=[{&(0x7f0000000180)}], 0x1)

1.400845899s ago: executing program 3 (id=2995):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$packet(0x11, 0x2, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x4, 0xffffffffffffffdd, 0x400000, 0x0, 0xffffffffffffff1b, 0x3b}, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001801000020786c3100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r4, 0x0, 0x4004015)

1.349154838s ago: executing program 1 (id=2996):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000006000000000000000000000d030000030000000002000000030000000000000004"], 0x0, 0x4e, 0x0, 0x4}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xda01})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000041}, 0x200088d0)
socket$inet6(0xa, 0x2, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000240)="5473feaa5a981d9be8ed76f664b6c1cb562b8d5f13a0993de229fddffc37dc10069a1e562ca16f68ba595cd3888d9b85d3d180a01abed07a473b3d86c2e261968d4cefa4548c6f6314bd47e46bf3faaa04b5238849ba5fdcc266ab4088f3c0dcbae8ba073430023ae324d75c3fed3ce358c79fec62a1425cad28b7aaaf2ca48e2cdfd298cade21dbed0b15f508d170566af7c50a709df3f4ce62a888424c", 0x9e)
socket(0x400000000010, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x23, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0xc004)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r8, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)

1.298045763s ago: executing program 2 (id=2997):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x80000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x81}]}}}]}, 0x3c}}, 0x40)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, r0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r4, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED]}, 0x2c}, 0x1, 0x0, 0x0, 0x2402c004}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r2, 0x0, 0xbe}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1005c, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x31, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1b}, 0xa1)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000b00)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
sendmmsg$alg(r6, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000080)="f703010010fff3be522ba800000000", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba1282", 0x12}], 0x2, 0x0, 0x0, 0x2000847}], 0x1, 0x40800)
recvmmsg$unix(r6, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000580)=""/21, 0x15}, {&(0x7f0000000640)=""/11, 0xb}], 0x2}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/192, 0xc0}], 0x1}}], 0x2, 0x40000000, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYBLOB="97020000000000005c00128009000100626f6e64000000004c00028008000a00000000001800088000000000e00000017f00000164010102000000000500010000000000080007"], 0x8c}}, 0x0)
write$tun(r8, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x16, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r10, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r10, 0x0, 0x2e, &(0x7f00000004c0)={0x5, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
setsockopt$inet_group_source_req(r10, 0x0, 0x2e, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e24, @multicast2}}}, 0x108)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0)

1.23680535s ago: executing program 0 (id=2998):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x68}}, 0x0)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673"], 0x44}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000a80)={'gretap0\x00', 0x0, 0x7, 0x10, 0x0, 0xfffffffa, {{0x14, 0x4, 0x2, 0x0, 0x50, 0x65, 0x0, 0x3, 0x29, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x13}, {[@timestamp={0x44, 0xc, 0xa9, 0x0, 0x5, [0x6, 0x6]}, @generic={0x89, 0xb, "0f727d435671a3eb18"}, @timestamp_prespec={0x44, 0x24, 0xcb, 0x3, 0x7, [{@multicast1, 0x7f}, {@multicast1, 0x9}, {@private=0xa010101, 0xfffffff9}, {@multicast2, 0x5}]}]}}}}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@getchain={0x24, 0x11, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r4, {0x9}, {}, {0x5}}}, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0xaa, 0xb, 0x10, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8000, 0x7800, 0x6, 0x7d7}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x4}}}]}, 0x3c}}, 0x4000010)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'ip6_vti0\x00', 0x0, 0x2f, 0x9, 0x7, 0x1, 0x9, @remote, @empty, 0x7, 0x8000, 0x800, 0x2}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x58, &(0x7f0000000400)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000004c0)={'wg2\x00'})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000500)={'wg1\x00'})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000580)={'ip6_vti0\x00', 0x0, 0x29, 0xc, 0x3, 0xd636, 0x51, @local, @private1, 0x700, 0x80, 0x6, 0xd}})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r9=>0x0})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r10, 0x1000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r10, @ANYBLOB="0e0000000055f04bd9c676215d00000000000000", @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="02000000010000000100"/28], 0x50)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000e80)=ANY=[@ANYRESDEC=r1, @ANYRES64, @ANYBLOB="0100"/20, @ANYRES8=r5, @ANYRESHEX=r2, @ANYBLOB="0300000003000000deffffff0d0000000000000079a2ee23438eec6be369f91b6bb5af60d7fb24ed99c0f9179b33f8903adae07c973a63c356d2223edf0d74a452017e81a3fb72d3d44b31561b226e9e2d0bc96fdb076a5d09683eab3d5572026295284474012b4d54a1c3a82c462cc64efd6621b09f61adbfdf22455f00008e10ef60e0f7508cf332d8e64fa6e6e9c723c2361e2489301855e9a85a99f1912e886153f29c44fb7c6865029e704bec6dd42efa89c074cf5f45198c78bcf69c4e64c58cae8fdf5028a1f0dfa1d8e428f109048dc0540d63f4d95c59832dfa0c435a5161b8c765ec725f4daa81c76173cb22e83244a1a4604bc629bd1d39f3fb7a", @ANYRES64=r10, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0], 0x50)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r9, {0x0, 0xffe0}, {0x0, 0xffff}, {0x6}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x6}}]}, 0x2c}}, 0x0)

901.147072ms ago: executing program 2 (id=2999):
socket$inet6_sctp(0xa, 0x1, 0x84)
recvmsg(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000480)=@x25={0x9, @remote}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000340)=""/22, 0x16}, {&(0x7f0000000180)=""/36, 0x24}, {0x0}, {&(0x7f0000000200)=""/4, 0x4}], 0x4}, 0x2002)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2d, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000440)={0x2d, 0x0, 0x1}, 0xc)
r1 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r1, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = socket$caif_seqpacket(0x25, 0x5, 0x5)
setsockopt$CAIFSO_REQ_PARAM(r2, 0x116, 0x80, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000800)=[@in6={0xa, 0x4e20, 0xff7c, @remote, 0x2}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x43}}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1f}}, @in6={0xa, 0x4e21, 0xbe5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, @in={0x2, 0x4e23, @remote}], 0x88)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0xdd86, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000540001002bbd7000fcdbdf2507000000", @ANYRES32=r8, @ANYBLOB="20000100", @ANYRES32=r5, @ANYBLOB="010203007f0000ab6500000000000000000000000000f9ff"], 0x38}, 0x1, 0x0, 0x0, 0x24044015}, 0x800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a4000000ae905000300020000000900020073797a310000000005000100070000007406ef595b885cedabed14949bb79fd19ceea15183fc7f3643c95c0cc0a5dca60f82237f1340e9ed3d1b07ab87aec3f4bdbd0ec21479f80d6f1a9525eab299d4128f3010604b1a80729ac77184c0da8c2a0d2deb1b23a90f2f9dbad198dfc294676cf97c1c67a2ffd1fba69e17662b9ba39e4661f96a0f2ec3bad3dfd8c51fbf8490d7f2b7"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r10, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[@ANYBLOB="300000000406010400000000000000000f0000010900020073797a31000000000500010007000000050001000700000076cc478fbd3f164a5ff230b6f707eeaf7c2ff5e15a102434c085b8a90891de141f5d73b3b17b57f0d181fa09a3a08673749724edae6e4befd53f13848ac5771d83"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r12, @ANYBLOB="7c5aa286e479f71eb8dd0489ed5cbf591f222622f4e1fbbe3c9d68656792e782bc20576efb0fc2f4771a3d10e84cbaf03f0e2e29394c78873b90f38e68ff006f3ad874f92f43f157a633a3414b82f8bf890c56ed2b5b36ac31267cc8b9c448950e08f4e6c83a089a01bb94b92613f37b5ad4e7b4bd304f"], 0x3c}, 0x1, 0x0, 0x0, 0x45844}, 0x0)

866.041721ms ago: executing program 0 (id=3000):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff00080002", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x2000800)

840.745682ms ago: executing program 1 (id=3001):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000940)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000004}, 0x20)

696.488878ms ago: executing program 0 (id=3002):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1ff, 0x4)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendmmsg(r1, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="080100000000000029000000", @ANYRES64=r1], 0x108}}], 0x1, 0xc040)
r2 = socket$packet(0x11, 0x2, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000015c0)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'macvtap0\x00', <r3=>0x0})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x800448d4, &(0x7f00000002c0)={0x4, 0x2, '\x00', 0x0, 0x4})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'})
r6 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x25dfdbfe, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_red={{0x8}, {0x18, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0xfffffffb, 0x53, 0x36, 0x1c, 0x10, 0x1d, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x20008804)
r9 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r9, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}}], 0x2, 0x7c9ce322e12d340)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r11}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r10}, 0x10)
r12 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)

388.793722ms ago: executing program 3 (id=3003):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, 0x0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x62)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x80080, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020300001b0000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000000000a00000000000000fe8000000000000000000000000000bb00000000000000000400040000000000000000000000000000000000000000000000000000000000020001000000000000000000000000ff05000500000000000a00000000000000fe8896380000000000000001000000010000000000000000030007000000000002004e24ac14141f0000000000000000020013"], 0xd8}}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0xcf, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6, 0x0, 0x0, 0x4}]}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth1_to_hsr\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

388.251747ms ago: executing program 0 (id=3004):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYRES16=r2], 0x44}}, 0x2000800)

333.258495ms ago: executing program 4 (id=2926):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff05140100000e1208000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bff", 0xd8}], 0x1, 0x0, 0x20, 0x7400}, 0x0)

216.795515ms ago: executing program 0 (id=3005):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a31000000000900010073797a3000000000090003"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000340)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=@newlink={0x54, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x54}, 0x1, 0xba01}, 0x810)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f00000003c0)={'syztnl2\x00', <r8=>0x0, 0x10, 0x10, 0x9, 0x5, {{0xe, 0x4, 0x2, 0x8, 0x38, 0x64, 0x0, 0x9, 0x29, 0x0, @local, @remote, {[@timestamp={0x44, 0x14, 0x48, 0x0, 0xe, [0x5, 0x2, 0x7, 0x2]}, @timestamp={0x44, 0xc, 0x43, 0x0, 0x4, [0x8b, 0x4]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000004c0)={'gretap0\x00', &(0x7f0000000480)={'tunl0\x00', <r9=>0x0, 0x7800, 0x40, 0x9, 0x0, {{0x6, 0x4, 0x1, 0x31, 0x18, 0x65, 0x0, 0x7, 0x29, 0x0, @empty, @remote, {[@noop]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000940)=ANY=[@ANYBLOB="b0000000", @ANYRES16=0x0, @ANYBLOB="010029bd7000fddbdf2506000000240001803000018000000300020000001400020073797a6b616c6c657230000000000000ddfe0200726f736530000000000000000000000008000300030000003400018008000300020000000000030002000000140002007866726d3000000000000000000000001400018001000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="19fdd91d038e27d45469a039a3881665dea91a7eacd4bdbb11d0797d68085b55485add547ad4cec2960521b27d8b7d89e46aa7a22810768a9d0450d1dd0ba98f9dee47272df75a697bbaaba951f8a18fb800001a0abda60f26eb84877ee3a47e1012796415bf9abd140b21493e995a4121be14b549617ce220b81e1a6ed9c02f67dc8806d23b0394ba4f06989f9616d0b04a1585a1af8b269c900743aa3b438ba6614d5e4c175f52507dd78cf9b068f643f4da159c6962159a0e08cd3e8488b7e170d127af0106f6cb736f7e7ca14f0439136e1e2657541689585a42ac338750cc129eb20ba5ed2d13f6f9a8bf5e0e5749cfad345e07000000df5b2b126c0612ddca2f40db06e52dfb3aa1d9a34fe1912a0ed4f13eeaafb434ac3408ff8e0b910ff2cb2465919147bd1ff2af3fecedc18dffc5411e93a274c61f2dba626c1fd5ba67a0bb47004bedb51ab5bdf839cbae585e1d03e72d5e407103093d70b6daded2df9b29ed3904e613ae6d8aed92f0fd821d4a449b196c1c971804df2bf39305f2ac391e1d1e1f9e954efd28114bc935cd2824acba739b2906efed91e56fdc9225740f9cb74b4a8c0db3206248abe77da4edc54773d51feaac11efdf0e3b7b3fc6833a580bbde251a13eda81460b71cb01b5c425c367bdd44151c9fed586c41c7860d378fd1751ca539f818b452f10621f4851c9a51bfa5fbc75de552e7cab0e343100b73137d519ee621f909047d4b037b66dbfbb985535918b00"/552], 0xb0}, 0x1, 0x0, 0x0, 0x20000c4}, 0x40011)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETCARRIER(r10, 0x400454e2, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r12, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x1c}}, 0x0)
r13 = socket$inet(0xa, 0x801, 0x84)
listen(r13, 0x8)
r14 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, r13, &(0x7f0000000240)={0x20000000})
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r11}, 0x10)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0xa3)

509.957µs ago: executing program 4 (id=3007):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0577ba007c034067d35226a6049c20b62fef3bad5f9e53c8ea5682c0073eec76929c6d3362325fe1144dcc97ff2c5aa59dde347555cd214a311db3942deef1b9143089b894379762ff8b5e92db6ab7ff6e4fe98137ee709c44a9353840f906e9a"}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000100000008000100030000002c0004800500030080ff00000500030080ff00000500030000000000050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
writev(r1, &(0x7f0000003b00)=[{&(0x7f0000000580)="c2", 0x1}], 0x1)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000c, 0x80010, r1, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000240)='|w')
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000500)="d7")
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080))
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000140)="41000200010007", 0x7)
syz_emit_ethernet(0x5eb, &(0x7f0000000a00)={@multicast, @remote, @void, {@ipv6={0x86dd, @dccp_packet={0x7, 0x6, "79388a", 0x5b5, 0x21, 0x37d44ff4ac7a5a71, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, {[@dstopts={0x1d, 0x21, '\x00', [@calipso={0x7, 0x28, {0x0, 0x8, 0x6, 0x3, [0x4, 0x868, 0x8000, 0x1]}}, @generic={0x8, 0x9c, "0d28e80a877bc57c65796c014e63fce6fc457a48633539ca0570120808ebe83f3598fa3c9c7a291209f71d4cef486fe597f1e2d124b00892be2aea96abe0e9977b83885ebf23f2f905ac2a592e2619eaa82ded0aec89593e4c370e28434781bb50a4ad8b834a9678cebd4805d6499505921a70a02961a87e28b74e04f536dac5a8c3a9a6dccb1c26cf9d201bd2ecce27a5cc0c335e705324d98dcfcc"}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @calipso={0x7, 0x30, {0x2, 0xa, 0x1, 0x4, [0x0, 0x2, 0xf601, 0x5, 0x3]}}]}, @routing={0x0, 0x8, 0x0, 0x5, 0x0, [@private2, @private0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}]}, @dstopts={0x21, 0x24, '\x00', [@calipso={0x7, 0x48, {0x2, 0x10, 0xc, 0x1, [0x100, 0x3, 0x0, 0x3ff, 0x70, 0x0, 0x10, 0x195]}}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0xe}, @ra, @calipso={0x7, 0x40, {0x3, 0xe, 0x9, 0x5, [0x100000001, 0x9bd0, 0x9, 0x5, 0x4, 0xe65, 0x4]}}, @enc_lim={0x4, 0x1, 0x7f}, @ra={0x5, 0x2, 0x2}, @generic={0x1, 0x6c, "aaa05adbc0986b6eaff8a762505b1db54041adf20952ad963df027b75c12af2f007c0154e141b00371c610d8997bce42480745dcb0ae098de51e2a4776fdff7cfa08ca1e9c322c8b8a96ecef532ab8ae9d20db218db092cf079dc9c70443b14c48ead9a70a290b9012630d9f"}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, @routing={0x3a, 0xc, 0x2, 0x7, 0x0, [@local, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @private0, @mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0xf}]}, @hopopts={0x33, 0xc, '\x00', [@calipso={0x7, 0x30, {0x2, 0xa, 0x8, 0x800, [0xffff, 0xfff, 0x6, 0x3, 0x7]}}, @padn={0x1, 0x1, [0x0]}, @pad1, @calipso={0x7, 0x28, {0x2, 0x8, 0x5, 0x3, [0x80000000, 0xa000000000000000, 0xfffffffffffffff8, 0x7]}}]}, @srh={0x2, 0x14, 0x4, 0xa, 0xf7, 0x0, 0x7ff, [@private2, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x12}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @private1, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2]}, @dstopts={0x3b, 0x1a, '\x00', [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x6, 0x4e, "913b6cec4548f2cbef9d4aa256215fe2c3d495ca74f56482c80ed7fd026d87ca571e2ff8523741d47e45e2a26068d4751d1f605ec085133a90164d93085a3e9db2c5ebaa3eddce2abe26473d521a"}, @jumbo={0xc2, 0x4, 0x6}, @calipso={0x7, 0x18, {0x1, 0x4, 0x5, 0x0, [0x1, 0x7]}}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @calipso={0x7, 0x40, {0x2, 0xe, 0x7f, 0x200, [0xffffffffffffffff, 0x6d49, 0x7fffffff, 0x6cb2c220, 0x4, 0xa43, 0x0]}}]}], {{0x4e22, 0x4e22, 0x4, 0x1, 0x6, 0x0, 0x0, 0x1, 0x4, "354eb9", 0xa7, "0802c7"}, "0b938ded30256bb33e6c865f58785cffce7074f6e43576d909c9fff919a57c5c8ed3e95ef698f58809e0c402ff68d18fe240d6e9acb5a668f38e1faf967d3bca125f640ba90141cfba9d6f29185d68506f25ea7efbf2b19fc526023ce73213ed3ad3a10c37ee6f9d315cef0e4295cba8fbfdfc7f7875f3e1df40e551601799c15ab911073f216a9e6a0d5b2b5db103a9e87a3bdc82eefe322ff252ba06c1b64a564ed05cf5ae1d95e8a40bf9b7f518db66b0f70934024f705b0bfce149"}}}}}}, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0xa54a9d76e5e2e84, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r8 = openat$cgroup_devices(r7, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB='c ** rwm\x00'], 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fdfeffff000000000400000085000000360000001801000020646c3c00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xe, 0x0, &(0x7f0000000480)="0101000871a7832e6b7303c3cd59", 0x0, 0x6, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)

0s ago: executing program 1 (id=3008):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x18}}, 0x20004000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01034000000000000000010000000900010073797a3100000000080002400000000140000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000030000000050a01020000000000000000010020000c00024000000000000000010900010073797a31000000000400048014000000110001"], 0xc0}, 0x1, 0x0, 0x0, 0x1}, 0x200000d4)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000180)=[{0x1d, 0x5, 0xa, 0x5}, {0xd, 0x81, 0xd, 0x403}]})
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6)

kernel console output (not intermixed with test programs):

209': attribute type 12 has an invalid length.
[  309.070231][T13380] syzkaller0: entered promiscuous mode
[  309.076339][T13380] syzkaller0: entered allmulticast mode
[  309.150540][T13386] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  309.190875][T13386] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2214'.
[  309.221814][T13384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2213'.
[  309.244171][T13386] tipc: Resetting bearer <eth:syzkaller0>
[  309.297181][T13392] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2215'.
[  309.597457][T13410] IPv6: Can't replace route, no match found
[  309.773402][T13419] wg1 speed is unknown, defaulting to 1000
[  309.828620][T13422] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  309.991463][T13434] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2227'.
[  310.012789][T13437] FAULT_INJECTION: forcing a failure.
[  310.012789][T13437] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  310.029193][T13428] wg1 speed is unknown, defaulting to 1000
[  310.056577][T13437] CPU: 1 UID: 0 PID: 13437 Comm: syz.3.2228 Not tainted syzkaller #0 PREEMPT(full) 
[  310.056602][T13437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  310.056612][T13437] Call Trace:
[  310.056619][T13437]  <TASK>
[  310.056627][T13437]  dump_stack_lvl+0x189/0x250
[  310.056655][T13437]  ? __pfx____ratelimit+0x10/0x10
[  310.056677][T13437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  310.056697][T13437]  ? __pfx__printk+0x10/0x10
[  310.056715][T13437]  ? __might_fault+0xb0/0x130
[  310.056747][T13437]  should_fail_ex+0x414/0x560
[  310.056775][T13437]  _copy_from_user+0x2d/0xb0
[  310.056796][T13437]  ___sys_sendmsg+0x158/0x2a0
[  310.056819][T13437]  ? __pfx____sys_sendmsg+0x10/0x10
[  310.056873][T13437]  ? __fget_files+0x2a/0x420
[  310.056889][T13437]  ? __fget_files+0x3a0/0x420
[  310.056916][T13437]  __x64_sys_sendmsg+0x19b/0x260
[  310.056938][T13437]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  310.056967][T13437]  ? __pfx_ksys_write+0x10/0x10
[  310.056994][T13437]  ? do_syscall_64+0xbe/0xfa0
[  310.057020][T13437]  do_syscall_64+0xfa/0xfa0
[  310.057041][T13437]  ? lockdep_hardirqs_on+0x9c/0x150
[  310.057063][T13437]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.057080][T13437]  ? clear_bhb_loop+0x60/0xb0
[  310.057102][T13437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.057118][T13437] RIP: 0033:0x7f330178f6c9
[  310.057144][T13437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.057160][T13437] RSP: 002b:00007f33025b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.057180][T13437] RAX: ffffffffffffffda RBX: 00007f33019e6090 RCX: 00007f330178f6c9
[  310.057193][T13437] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  310.057204][T13437] RBP: 00007f33025b6090 R08: 0000000000000000 R09: 0000000000000000
[  310.057215][T13437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.057226][T13437] R13: 00007f33019e6128 R14: 00007f33019e6090 R15: 00007ffc2fa91dd8
[  310.057258][T13437]  </TASK>
[  310.286049][ T5877] tipc: Node number set to 3599625304
[  310.621024][T13443] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2230'.
[  311.256967][T13472] netlink: 'syz.2.2236': attribute type 12 has an invalid length.
[  311.547446][T13485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2238'.
[  311.820716][T13484] wg1 speed is unknown, defaulting to 1000
[  311.840667][T13491] FAULT_INJECTION: forcing a failure.
[  311.840667][T13491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  311.897470][T13491] CPU: 0 UID: 0 PID: 13491 Comm: syz.0.2240 Not tainted syzkaller #0 PREEMPT(full) 
[  311.897498][T13491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  311.897509][T13491] Call Trace:
[  311.897516][T13491]  <TASK>
[  311.897524][T13491]  dump_stack_lvl+0x189/0x250
[  311.897553][T13491]  ? __pfx____ratelimit+0x10/0x10
[  311.897580][T13491]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.897603][T13491]  ? __pfx__printk+0x10/0x10
[  311.897635][T13491]  should_fail_ex+0x414/0x560
[  311.897666][T13491]  _copy_from_user+0x2d/0xb0
[  311.897689][T13491]  bpf_test_init+0xd8/0x150
[  311.897719][T13491]  bpf_prog_test_run_flow_dissector+0x1e1/0x5c0
[  311.897751][T13491]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  311.897773][T13491]  ? __fget_files+0x2a/0x420
[  311.897791][T13491]  ? __fget_files+0x2a/0x420
[  311.897806][T13491]  ? __fget_files+0x3a0/0x420
[  311.897822][T13491]  ? __fget_files+0x2a/0x420
[  311.897843][T13491]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  311.897863][T13491]  bpf_prog_test_run+0x2c7/0x340
[  311.897886][T13491]  __sys_bpf+0x562/0x860
[  311.897906][T13491]  ? __pfx___sys_bpf+0x10/0x10
[  311.897940][T13491]  ? ksys_write+0x22a/0x250
[  311.897973][T13491]  ? __pfx_ksys_write+0x10/0x10
[  311.898002][T13491]  __x64_sys_bpf+0x7c/0x90
[  311.898027][T13491]  do_syscall_64+0xfa/0xfa0
[  311.898051][T13491]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.898068][T13491]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  311.898086][T13491]  ? clear_bhb_loop+0x60/0xb0
[  311.898107][T13491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.898124][T13491] RIP: 0033:0x7fb9f018f6c9
[  311.898141][T13491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.898157][T13491] RSP: 002b:00007fb9f10e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  311.898178][T13491] RAX: ffffffffffffffda RBX: 00007fb9f03e5fa0 RCX: 00007fb9f018f6c9
[  311.898191][T13491] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[  311.898202][T13491] RBP: 00007fb9f10e4090 R08: 0000000000000000 R09: 0000000000000000
[  311.898214][T13491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.898225][T13491] R13: 00007fb9f03e6038 R14: 00007fb9f03e5fa0 R15: 00007fff40564a68
[  311.898256][T13491]  </TASK>
[  312.406315][T13497] syzkaller0: entered promiscuous mode
[  312.412165][T13497] syzkaller0: entered allmulticast mode
[  312.418650][T13497] tipc: Resetting bearer <eth:syzkaller0>
[  312.725126][T13511] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2246'.
[  313.028761][T13523] wg1 speed is unknown, defaulting to 1000
[  313.040399][T13524] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  313.249978][T13535] dvmrp1: tun_chr_ioctl cmd 1074812118
[  313.633528][T13553] wg1 speed is unknown, defaulting to 1000
[  313.779290][T13563] wg1 speed is unknown, defaulting to 1000
[  313.847803][T13575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2267'.
[  313.883143][T13562] wg1 speed is unknown, defaulting to 1000
[  313.898430][T13578] IPv6: NLM_F_CREATE should be specified when creating new route
[  314.361459][T13604] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2279'.
[  314.437511][T13607] wg1 speed is unknown, defaulting to 1000
[  314.692671][T13620] Set syz1 is full, maxelem 65536 reached
[  314.787807][T13623] bridge0: port 7(batadv6) entered blocking state
[  314.822522][T13623] bridge0: port 7(batadv6) entered disabled state
[  314.830812][T13623] batadv6: entered allmulticast mode
[  314.843245][T13623] batadv6: entered promiscuous mode
[  315.285286][T13637] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2285'.
[  315.294589][ T1317] batman_adv: batadv6: No IGMP Querier present - multicast optimizations disabled
[  315.303840][ T1317] batman_adv: batadv6: No MLD Querier present - multicast optimizations disabled
[  315.372227][T13639] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2285'.
[  315.439281][T13629] wg1 speed is unknown, defaulting to 1000
[  315.595121][T13638] wg1 speed is unknown, defaulting to 1000
[  316.174788][T13662] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2296'.
[  316.288165][T13656] wg1 speed is unknown, defaulting to 1000
[  316.305461][T13666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2297'.
[  316.804477][T13689] wg1 speed is unknown, defaulting to 1000
[  316.921675][T13693] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  316.970342][T13697] wg1 speed is unknown, defaulting to 1000
[  317.037490][T13698] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input10
[  317.393140][T13717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2314'.
[  317.609150][T13733] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2318'.
[  317.619405][T13713] wg1 speed is unknown, defaulting to 1000
[  317.808706][T13739] wg1 speed is unknown, defaulting to 1000
[  318.315945][T13745] wg1 speed is unknown, defaulting to 1000
[  318.479806][T13768] syzkaller0: left promiscuous mode
[  318.495279][T13768] syzkaller0: left allmulticast mode
[  319.047022][T13786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2331'.
[  319.207742][T13775] bridge0: port 3(batadv5) entered blocking state
[  319.269229][T13775] bridge0: port 3(batadv5) entered disabled state
[  319.405843][T13775] batadv5: entered allmulticast mode
[  319.412250][T13796] netlink: 'syz.2.2334': attribute type 10 has an invalid length.
[  319.441801][T13796] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2334'.
[  319.481298][T13775] batadv5: entered promiscuous mode
[  319.665961][   T60] batman_adv: batadv5: No IGMP Querier present - multicast optimizations disabled
[  319.675216][   T60] batman_adv: batadv5: No MLD Querier present - multicast optimizations disabled
[  319.691215][T13802] FAULT_INJECTION: forcing a failure.
[  319.691215][T13802] name failslab, interval 1, probability 0, space 0, times 0
[  319.723880][T13802] CPU: 1 UID: 0 PID: 13802 Comm: syz.1.2338 Not tainted syzkaller #0 PREEMPT(full) 
[  319.723907][T13802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  319.723917][T13802] Call Trace:
[  319.723925][T13802]  <TASK>
[  319.723935][T13802]  dump_stack_lvl+0x189/0x250
[  319.723963][T13802]  ? __pfx____ratelimit+0x10/0x10
[  319.723986][T13802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.724009][T13802]  ? __pfx__printk+0x10/0x10
[  319.724024][T13802]  ? __sock_sendmsg+0x21c/0x270
[  319.724047][T13802]  ? __x64_sys_sendmmsg+0xa0/0xc0
[  319.724065][T13802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.724092][T13802]  should_fail_ex+0x414/0x560
[  319.724123][T13802]  should_failslab+0xa8/0x100
[  319.724151][T13802]  kmem_cache_alloc_noprof+0x74/0x6e0
[  319.724175][T13802]  ? skb_clone+0x212/0x3a0
[  319.724200][T13802]  skb_clone+0x212/0x3a0
[  319.724223][T13802]  __netlink_deliver_tap+0x404/0x850
[  319.724255][T13802]  ? netlink_deliver_tap+0x2e/0x1b0
[  319.724274][T13802]  netlink_deliver_tap+0x19c/0x1b0
[  319.724294][T13802]  netlink_sendskb+0x68/0x140
[  319.724320][T13802]  netlink_unicast+0x397/0x9e0
[  319.724341][T13802]  ? __asan_memcpy+0x40/0x70
[  319.724372][T13802]  ? __pfx_netlink_unicast+0x10/0x10
[  319.724406][T13802]  netlink_rcv_skb+0x28c/0x470
[  319.724424][T13802]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  319.724451][T13802]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  319.724480][T13802]  ? netlink_deliver_tap+0x2e/0x1b0
[  319.724513][T13802]  netlink_unicast+0x82f/0x9e0
[  319.724547][T13802]  ? __pfx_netlink_unicast+0x10/0x10
[  319.724573][T13802]  ? netlink_sendmsg+0x642/0xb30
[  319.724589][T13802]  ? skb_put+0x11b/0x210
[  319.724610][T13802]  netlink_sendmsg+0x805/0xb30
[  319.724638][T13802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.724660][T13802]  ? aa_sock_msg_perm+0xf1/0x1d0
[  319.724687][T13802]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  319.724703][T13802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.724721][T13802]  __sock_sendmsg+0x21c/0x270
[  319.724747][T13802]  ____sys_sendmsg+0x52d/0x830
[  319.724772][T13802]  ? __pfx_____sys_sendmsg+0x10/0x10
[  319.724801][T13802]  ? import_iovec+0x74/0xa0
[  319.724827][T13802]  ___sys_sendmsg+0x21f/0x2a0
[  319.724848][T13802]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.724906][T13802]  ? __fget_files+0x2a/0x420
[  319.724922][T13802]  ? __fget_files+0x3a0/0x420
[  319.724949][T13802]  __sys_sendmmsg+0x227/0x430
[  319.724975][T13802]  ? __pfx___sys_sendmmsg+0x10/0x10
[  319.725004][T13802]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  319.725048][T13802]  ? ksys_write+0x22a/0x250
[  319.725073][T13802]  ? __pfx_ksys_write+0x10/0x10
[  319.725102][T13802]  __x64_sys_sendmmsg+0xa0/0xc0
[  319.725124][T13802]  do_syscall_64+0xfa/0xfa0
[  319.725151][T13802]  ? lockdep_hardirqs_on+0x9c/0x150
[  319.725173][T13802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.725191][T13802]  ? clear_bhb_loop+0x60/0xb0
[  319.725213][T13802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.725230][T13802] RIP: 0033:0x7fa9c558f6c9
[  319.725246][T13802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.725263][T13802] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  319.725282][T13802] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  319.725296][T13802] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  319.725309][T13802] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  319.725321][T13802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  319.725332][T13802] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  319.725365][T13802]  </TASK>
[  320.096945][T13816] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2340'.
[  320.190085][T13819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2339'.
[  320.200920][T13796] netlink: 'syz.2.2334': attribute type 12 has an invalid length.
[  320.330692][T13819] bond6: Invalid ad_actor_system MAC address.
[  320.337188][T13819] bond6: option ad_actor_system: invalid value (7)
[  320.349741][T13827] FAULT_INJECTION: forcing a failure.
[  320.349741][T13827] name failslab, interval 1, probability 0, space 0, times 0
[  320.362597][T13827] CPU: 1 UID: 0 PID: 13827 Comm: syz.1.2341 Not tainted syzkaller #0 PREEMPT(full) 
[  320.362620][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  320.362629][T13827] Call Trace:
[  320.362636][T13827]  <TASK>
[  320.362643][T13827]  dump_stack_lvl+0x189/0x250
[  320.362668][T13827]  ? __pfx____ratelimit+0x10/0x10
[  320.362690][T13827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  320.362711][T13827]  ? __pfx__printk+0x10/0x10
[  320.362735][T13827]  ? __pfx___might_resched+0x10/0x10
[  320.362751][T13827]  ? fs_reclaim_acquire+0x7d/0x100
[  320.362778][T13827]  should_fail_ex+0x414/0x560
[  320.362808][T13827]  should_failslab+0xa8/0x100
[  320.362827][T13827]  kmem_cache_alloc_noprof+0x74/0x6e0
[  320.362848][T13827]  ? alloc_vfsmnt+0x23/0x430
[  320.362872][T13827]  alloc_vfsmnt+0x23/0x430
[  320.362896][T13827]  clone_mnt+0x4b/0x9a0
[  320.362915][T13827]  ? do_raw_spin_unlock+0x122/0x240
[  320.362943][T13827]  copy_tree+0x3d4/0x930
[  320.362973][T13827]  copy_mnt_ns+0x19d/0x870
[  320.362997][T13827]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  320.363020][T13827]  ? create_new_namespaces+0x31/0x720
[  320.363042][T13827]  create_new_namespaces+0xd1/0x720
[  320.363064][T13827]  ? bpf_lsm_capable+0x9/0x20
[  320.363084][T13827]  ? security_capable+0x7e/0x2e0
[  320.363113][T13827]  unshare_nsproxy_namespaces+0x11c/0x170
[  320.363146][T13827]  ksys_unshare+0x4c8/0x8c0
[  320.363174][T13827]  ? __pfx_ksys_unshare+0x10/0x10
[  320.363193][T13827]  ? ksys_write+0x22a/0x250
[  320.363218][T13827]  ? __pfx_ksys_write+0x10/0x10
[  320.363248][T13827]  __x64_sys_unshare+0x38/0x50
[  320.363268][T13827]  do_syscall_64+0xfa/0xfa0
[  320.363289][T13827]  ? lockdep_hardirqs_on+0x9c/0x150
[  320.363310][T13827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.363326][T13827]  ? clear_bhb_loop+0x60/0xb0
[  320.363346][T13827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.363361][T13827] RIP: 0033:0x7fa9c558f6c9
[  320.363376][T13827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  320.363389][T13827] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  320.363408][T13827] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  320.363420][T13827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  320.363430][T13827] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  320.363440][T13827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  320.363449][T13827] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  320.363479][T13827]  </TASK>
[  320.365350][T13819] bond6 (unregistering): Released all slaves
[  320.654490][T13808] wg1 speed is unknown, defaulting to 1000
[  320.838680][T13829] wg1 speed is unknown, defaulting to 1000
[  320.897373][T13833] wg1 speed is unknown, defaulting to 1000
[  320.954322][T13848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2346'.
[  321.029067][T13852] netlink: 'syz.0.2347': attribute type 13 has an invalid length.
[  321.058941][T13849] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2347'.
[  321.099726][T13852] tipc: Resetting bearer <eth:syzkaller0>
[  321.310553][T13860] vlan3: entered promiscuous mode
[  321.317251][T13860] bond0: entered promiscuous mode
[  321.322311][T13860] bond_slave_0: entered promiscuous mode
[  321.350909][T13860] bond_slave_1: entered promiscuous mode
[  321.358642][T13860] team0: entered promiscuous mode
[  321.363906][T13860] team_slave_0: entered promiscuous mode
[  321.370642][T13860] team_slave_1: entered promiscuous mode
[  321.522440][T13875] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2354'.
[  321.643869][T13880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2355'.
[  321.683700][T13880] netlink: 'syz.2.2355': attribute type 13 has an invalid length.
[  321.799449][T13880] tipc: Resetting bearer <eth:syzkaller0>
[  321.977128][T13893] wg1 speed is unknown, defaulting to 1000
[  322.350286][T13916] netlink: 'syz.4.2365': attribute type 1 has an invalid length.
[  322.378646][T13918] syzkaller0: entered promiscuous mode
[  322.384578][T13918] syzkaller0: entered allmulticast mode
[  322.490682][T13918] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  322.742135][T13927] FAULT_INJECTION: forcing a failure.
[  322.742135][T13927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.766090][T13927] CPU: 0 UID: 0 PID: 13927 Comm: syz.3.2370 Not tainted syzkaller #0 PREEMPT(full) 
[  322.766122][T13927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  322.766132][T13927] Call Trace:
[  322.766140][T13927]  <TASK>
[  322.766148][T13927]  dump_stack_lvl+0x189/0x250
[  322.766175][T13927]  ? __pfx____ratelimit+0x10/0x10
[  322.766197][T13927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.766219][T13927]  ? __pfx__printk+0x10/0x10
[  322.766238][T13927]  ? __might_fault+0xb0/0x130
[  322.766271][T13927]  should_fail_ex+0x414/0x560
[  322.766301][T13927]  _copy_from_user+0x2d/0xb0
[  322.766323][T13927]  kstrtouint_from_user+0xc4/0x170
[  322.766344][T13927]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  322.766389][T13927]  proc_fail_nth_write+0x88/0x200
[  322.766411][T13927]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  322.766439][T13927]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  322.766463][T13927]  vfs_write+0x27e/0xb30
[  322.766499][T13927]  ? __pfx_vfs_write+0x10/0x10
[  322.766523][T13927]  ? __fget_files+0x2a/0x420
[  322.766543][T13927]  ? __fget_files+0x3a0/0x420
[  322.766557][T13927]  ? __fget_files+0x2a/0x420
[  322.766583][T13927]  ksys_write+0x145/0x250
[  322.766607][T13927]  ? __pfx_ksys_write+0x10/0x10
[  322.766633][T13927]  ? do_syscall_64+0xbe/0xfa0
[  322.766657][T13927]  do_syscall_64+0xfa/0xfa0
[  322.766678][T13927]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.766699][T13929] netlink: 'syz.0.2371': attribute type 12 has an invalid length.
[  322.766698][T13927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.766716][T13927]  ? clear_bhb_loop+0x60/0xb0
[  322.766736][T13927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.766748][T13927] RIP: 0033:0x7f330178e17f
[  322.766763][T13927] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  322.766778][T13927] RSP: 002b:00007f33025d7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  322.766796][T13927] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f330178e17f
[  322.766809][T13927] RDX: 0000000000000001 RSI: 00007f33025d70a0 RDI: 0000000000000016
[  322.766820][T13927] RBP: 00007f33025d7090 R08: 0000000000000000 R09: 0000000000000000
[  322.766831][T13927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  322.766842][T13927] R13: 00007f33019e6038 R14: 00007f33019e5fa0 R15: 00007ffc2fa91dd8
[  322.766873][T13927]  </TASK>
[  323.016194][T13939] __nla_validate_parse: 3 callbacks suppressed
[  323.016212][T13939] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2373'.
[  323.091014][T13944] netlink: 'syz.1.2374': attribute type 21 has an invalid length.
[  323.115009][T13944] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2374'.
[  323.174622][T13947] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2375'.
[  323.220134][T13950] netlink: 'syz.0.2377': attribute type 39 has an invalid length.
[  323.413843][T13962] bridge0: port 1(batadv6) entered blocking state
[  323.421846][T13962] bridge0: port 1(batadv6) entered disabled state
[  323.429159][T13962] batadv6: entered allmulticast mode
[  323.437162][T13962] batadv6: entered promiscuous mode
[  323.652518][T13969] FAULT_INJECTION: forcing a failure.
[  323.652518][T13969] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  323.673878][T13973] wg1 speed is unknown, defaulting to 1000
[  323.694121][T13975] bridge0: port 12(batadv11) entered blocking state
[  323.701284][T13975] bridge0: port 12(batadv11) entered disabled state
[  323.708334][T13975] batadv11: entered allmulticast mode
[  323.709526][T13969] CPU: 0 UID: 0 PID: 13969 Comm: syz.4.2384 Not tainted syzkaller #0 PREEMPT(full) 
[  323.709550][T13969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  323.709560][T13969] Call Trace:
[  323.709568][T13969]  <TASK>
[  323.709577][T13969]  dump_stack_lvl+0x189/0x250
[  323.709604][T13969]  ? __pfx____ratelimit+0x10/0x10
[  323.709626][T13969]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.709648][T13969]  ? __pfx__printk+0x10/0x10
[  323.709679][T13969]  should_fail_ex+0x414/0x560
[  323.709709][T13969]  _copy_to_user+0x31/0xb0
[  323.709732][T13969]  simple_read_from_buffer+0xe1/0x170
[  323.709762][T13969]  proc_fail_nth_read+0x1b3/0x220
[  323.709786][T13969]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  323.709810][T13969]  ? rw_verify_area+0x2a6/0x4d0
[  323.709831][T13969]  ? __lock_acquire+0xab9/0xd20
[  323.709846][T13969]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  323.709869][T13969]  vfs_read+0x200/0xa30
[  323.709890][T13969]  ? fdget_pos+0x247/0x320
[  323.709915][T13969]  ? __pfx___mutex_lock+0x10/0x10
[  323.709939][T13969]  ? __pfx_vfs_read+0x10/0x10
[  323.709963][T13969]  ? __fget_files+0x2a/0x420
[  323.709989][T13969]  ? __fget_files+0x3a0/0x420
[  323.710004][T13969]  ? __fget_files+0x2a/0x420
[  323.710028][T13969]  ksys_read+0x145/0x250
[  323.710053][T13969]  ? __pfx_ksys_read+0x10/0x10
[  323.710079][T13969]  ? do_syscall_64+0xbe/0xfa0
[  323.710106][T13969]  do_syscall_64+0xfa/0xfa0
[  323.710126][T13969]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.710146][T13969]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.710164][T13969]  ? clear_bhb_loop+0x60/0xb0
[  323.710185][T13969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.710202][T13969] RIP: 0033:0x7fd2bd58e0dc
[  323.710218][T13969] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  323.710232][T13969] RSP: 002b:00007fd2bb7ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  323.710252][T13969] RAX: ffffffffffffffda RBX: 00007fd2bd7e5fa0 RCX: 00007fd2bd58e0dc
[  323.710265][T13969] RDX: 000000000000000f RSI: 00007fd2bb7ee0a0 RDI: 0000000000000004
[  323.710275][T13969] RBP: 00007fd2bb7ee090 R08: 0000000000000000 R09: 0000000000000000
[  323.710286][T13969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.710297][T13969] R13: 00007fd2bd7e6038 R14: 00007fd2bd7e5fa0 R15: 00007ffc81c20278
[  323.710327][T13969]  </TASK>
[  323.978164][T13975] batadv11: entered promiscuous mode
[  323.985893][  T148] batman_adv: batadv6: No IGMP Querier present - multicast optimizations disabled
[  323.995468][  T148] batman_adv: batadv6: No MLD Querier present - multicast optimizations disabled
[  324.203151][ T3483] batman_adv: batadv11: No IGMP Querier present - multicast optimizations disabled
[  324.212672][ T3483] batman_adv: batadv11: No MLD Querier present - multicast optimizations disabled
[  324.420824][T13965] Set syz1 is full, maxelem 65536 reached
[  324.688256][T13993] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2392'.
[  324.827393][T14001] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2393'.
[  325.097548][T14012] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2396'.
[  325.323871][T14019] netlink: 'syz.2.2398': attribute type 1 has an invalid length.
[  325.330786][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2399'.
[  325.507021][T14028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2401'.
[  325.528735][T14028] IPv6: NLM_F_CREATE should be specified when creating new route
[  325.536718][T14028] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  325.543985][T14028] IPv6: NLM_F_CREATE should be set when creating new route
[  325.679928][T14036] nftables ruleset with unbound set
[  325.692645][T14037] bridge0: port 9(batadv8) entered blocking state
[  325.745830][T14037] bridge0: port 9(batadv8) entered disabled state
[  325.752458][T14037] batadv8: entered allmulticast mode
[  325.759809][T14037] batadv8: entered promiscuous mode
[  325.767383][T14041] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2403'.
[  325.793746][T14045] FAULT_INJECTION: forcing a failure.
[  325.793746][T14045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  325.807986][T14045] CPU: 1 UID: 0 PID: 14045 Comm: syz.1.2406 Not tainted syzkaller #0 PREEMPT(full) 
[  325.808012][T14045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  325.808022][T14045] Call Trace:
[  325.808028][T14045]  <TASK>
[  325.808036][T14045]  dump_stack_lvl+0x189/0x250
[  325.808063][T14045]  ? __pfx____ratelimit+0x10/0x10
[  325.808084][T14045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  325.808106][T14045]  ? __pfx__printk+0x10/0x10
[  325.808122][T14045]  ? __might_fault+0xb0/0x130
[  325.808155][T14045]  should_fail_ex+0x414/0x560
[  325.808184][T14045]  _copy_from_user+0x2d/0xb0
[  325.808205][T14045]  ___sys_recvmsg+0x12e/0x510
[  325.808230][T14045]  ? __pfx____sys_recvmsg+0x10/0x10
[  325.808264][T14045]  ? __pfx_set_normalized_timespec64+0x10/0x10
[  325.808294][T14045]  do_recvmmsg+0x307/0x770
[  325.808315][T14045]  ? __pfx_do_recvmmsg+0x10/0x10
[  325.808339][T14045]  ? _copy_from_user+0x94/0xb0
[  325.808366][T14045]  __x64_sys_recvmmsg+0x1af/0x240
[  325.808384][T14045]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  325.808402][T14045]  ? do_syscall_64+0xbe/0xfa0
[  325.808422][T14045]  do_syscall_64+0xfa/0xfa0
[  325.808438][T14045]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.808456][T14045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.808476][T14045]  ? clear_bhb_loop+0x60/0xb0
[  325.808493][T14045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.808506][T14045] RIP: 0033:0x7fa9c558f6c9
[  325.808538][T14045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.808550][T14045] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  325.808566][T14045] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  325.808576][T14045] RDX: 0400000000000ec0 RSI: 0000200000002ec0 RDI: 0000000000000003
[  325.808585][T14045] RBP: 00007fa9c63d8090 R08: 00002000000001c0 R09: 0000000000000000
[  325.808594][T14045] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  325.808602][T14045] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  325.808625][T14045]  </TASK>
[  326.085243][T14047] FAULT_INJECTION: forcing a failure.
[  326.085243][T14047] name failslab, interval 1, probability 0, space 0, times 0
[  326.121590][T14047] CPU: 0 UID: 0 PID: 14047 Comm: syz.1.2408 Not tainted syzkaller #0 PREEMPT(full) 
[  326.121616][T14047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  326.121626][T14047] Call Trace:
[  326.121634][T14047]  <TASK>
[  326.121642][T14047]  dump_stack_lvl+0x189/0x250
[  326.121669][T14047]  ? __pfx____ratelimit+0x10/0x10
[  326.121692][T14047]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.121715][T14047]  ? __pfx__printk+0x10/0x10
[  326.121738][T14047]  ? __pfx___might_resched+0x10/0x10
[  326.121757][T14047]  ? fs_reclaim_acquire+0x7d/0x100
[  326.121787][T14047]  should_fail_ex+0x414/0x560
[  326.121817][T14047]  should_failslab+0xa8/0x100
[  326.121836][T14047]  kmem_cache_alloc_noprof+0x74/0x6e0
[  326.121860][T14047]  ? alloc_empty_file+0x55/0x1d0
[  326.121885][T14047]  alloc_empty_file+0x55/0x1d0
[  326.121905][T14047]  alloc_file_pseudo+0x13d/0x210
[  326.121927][T14047]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  326.121946][T14047]  ? alloc_fd+0x64c/0x6c0
[  326.121981][T14047]  anon_inode_getfd+0xca/0x1b0
[  326.122006][T14047]  map_create+0x11d8/0x1640
[  326.122026][T14047]  ? security_bpf+0x7e/0x300
[  326.122049][T14047]  __sys_bpf+0x5f0/0x860
[  326.122068][T14047]  ? __pfx___sys_bpf+0x10/0x10
[  326.122101][T14047]  ? ksys_write+0x22a/0x250
[  326.122126][T14047]  ? __pfx_ksys_write+0x10/0x10
[  326.122154][T14047]  __x64_sys_bpf+0x7c/0x90
[  326.122179][T14047]  do_syscall_64+0xfa/0xfa0
[  326.122201][T14047]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.122223][T14047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.122240][T14047]  ? clear_bhb_loop+0x60/0xb0
[  326.122261][T14047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.122278][T14047] RIP: 0033:0x7fa9c558f6c9
[  326.122294][T14047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.122310][T14047] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  326.122329][T14047] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  326.122343][T14047] RDX: 0000000000000017 RSI: 0000200000000400 RDI: 0000000000000000
[  326.122355][T14047] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  326.122365][T14047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.122376][T14047] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  326.122407][T14047]  </TASK>
[  326.372315][ T1317] batman_adv: batadv8: No IGMP Querier present - multicast optimizations disabled
[  326.382479][ T1317] batman_adv: batadv8: No MLD Querier present - multicast optimizations disabled
[  326.423723][T14050] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2409'.
[  326.721391][T14058] wg1 speed is unknown, defaulting to 1000
[  326.797269][T14060] macvlan0: entered allmulticast mode
[  326.802695][T14060] ������: entered allmulticast mode
[  327.465020][T14079] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  327.472327][T14079] IPv6: NLM_F_CREATE should be set when creating new route
[  327.479627][T14079] IPv6: NLM_F_CREATE should be set when creating new route
[  327.904861][T14095] IPv6: Can't replace route, no match found
[  328.013319][ T5834] Bluetooth: hci1: link tx timeout
[  328.018642][ T5834] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  328.031182][T14099] netlink: 'syz.1.2424': attribute type 21 has an invalid length.
[  328.039253][T14099] __nla_validate_parse: 5 callbacks suppressed
[  328.039270][T14099] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2424'.
[  328.078967][T14099] netlink: 'syz.1.2424': attribute type 4 has an invalid length.
[  328.095824][T14099] netlink: 'syz.1.2424': attribute type 3 has an invalid length.
[  328.125892][T14099] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2424'.
[  328.292590][T14104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2426'.
[  328.313556][T14104] dummy0 (unregistering): left promiscuous mode
[  328.329387][T14104] team0: Port device dummy0 removed
[  328.585235][T14109] wg1 speed is unknown, defaulting to 1000
[  328.612177][T14110] raw_sendmsg: syz.0.2427 forgot to set AF_INET. Fix it!
[  328.989553][T14118] wg1 speed is unknown, defaulting to 1000
[  329.032419][T14119] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input11
[  329.150275][T14119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2430'.
[  329.269349][T14027] Set syz1 is full, maxelem 65536 reached
[  329.520172][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2431'.
[  329.532573][T14130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2433'.
[  329.572875][T14128] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2431'.
[  329.585392][T14130] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2433'.
[  329.661643][T14127] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  329.934184][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2434'.
[  329.971075][T14134] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2435'.
[  330.055706][ T5845] Bluetooth: hci1: command 0x0405 tx timeout
[  330.319626][T14081] Set syz1 is full, maxelem 65536 reached
[  330.614880][T14159] bridge15: entered allmulticast mode
[  330.798378][T14164] vlan2: entered promiscuous mode
[  330.872904][T14175] FAULT_INJECTION: forcing a failure.
[  330.872904][T14175] name failslab, interval 1, probability 0, space 0, times 0
[  330.908455][T14175] CPU: 0 UID: 0 PID: 14175 Comm: syz.0.2451 Not tainted syzkaller #0 PREEMPT(full) 
[  330.908482][T14175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  330.908492][T14175] Call Trace:
[  330.908500][T14175]  <TASK>
[  330.908508][T14175]  dump_stack_lvl+0x189/0x250
[  330.908535][T14175]  ? __pfx____ratelimit+0x10/0x10
[  330.908559][T14175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.908582][T14175]  ? __pfx__printk+0x10/0x10
[  330.908607][T14175]  ? __pfx___might_resched+0x10/0x10
[  330.908632][T14175]  should_fail_ex+0x414/0x560
[  330.908663][T14175]  should_failslab+0xa8/0x100
[  330.908684][T14175]  __kmalloc_node_track_caller_noprof+0xcd/0x800
[  330.908710][T14175]  ? alloc_vfsmnt+0xeb/0x430
[  330.908737][T14175]  kstrdup+0x42/0x100
[  330.908759][T14175]  alloc_vfsmnt+0xeb/0x430
[  330.908783][T14175]  clone_mnt+0x4b/0x9a0
[  330.908804][T14175]  ? do_raw_spin_unlock+0x122/0x240
[  330.908832][T14175]  copy_tree+0x3d4/0x930
[  330.908870][T14175]  copy_mnt_ns+0x19d/0x870
[  330.908895][T14175]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  330.908918][T14175]  ? create_new_namespaces+0x31/0x720
[  330.908942][T14175]  create_new_namespaces+0xd1/0x720
[  330.908971][T14175]  ? bpf_lsm_capable+0x9/0x20
[  330.908992][T14175]  ? security_capable+0x7e/0x2e0
[  330.909022][T14175]  unshare_nsproxy_namespaces+0x11c/0x170
[  330.909045][T14175]  ksys_unshare+0x4c8/0x8c0
[  330.909074][T14175]  ? __pfx_ksys_unshare+0x10/0x10
[  330.909094][T14175]  ? ksys_write+0x22a/0x250
[  330.909120][T14175]  ? __pfx_ksys_write+0x10/0x10
[  330.909152][T14175]  __x64_sys_unshare+0x38/0x50
[  330.909173][T14175]  do_syscall_64+0xfa/0xfa0
[  330.909195][T14175]  ? lockdep_hardirqs_on+0x9c/0x150
[  330.909217][T14175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.909235][T14175]  ? clear_bhb_loop+0x60/0xb0
[  330.909257][T14175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.909274][T14175] RIP: 0033:0x7fb9f018f6c9
[  330.909291][T14175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.909306][T14175] RSP: 002b:00007fb9f10e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  330.909326][T14175] RAX: ffffffffffffffda RBX: 00007fb9f03e5fa0 RCX: 00007fb9f018f6c9
[  330.909339][T14175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  330.909350][T14175] RBP: 00007fb9f10e4090 R08: 0000000000000000 R09: 0000000000000000
[  330.909361][T14175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  330.909372][T14175] R13: 00007fb9f03e6038 R14: 00007fb9f03e5fa0 R15: 00007fff40564a68
[  330.909405][T14175]  </TASK>
[  331.274685][T14179] FAULT_INJECTION: forcing a failure.
[  331.274685][T14179] name failslab, interval 1, probability 0, space 0, times 0
[  331.290978][T14179] CPU: 1 UID: 0 PID: 14179 Comm: syz.3.2453 Not tainted syzkaller #0 PREEMPT(full) 
[  331.291003][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.291020][T14179] Call Trace:
[  331.291027][T14179]  <TASK>
[  331.291035][T14179]  dump_stack_lvl+0x189/0x250
[  331.291063][T14179]  ? __pfx____ratelimit+0x10/0x10
[  331.291086][T14179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.291109][T14179]  ? __pfx__printk+0x10/0x10
[  331.291133][T14179]  ? __pfx___might_resched+0x10/0x10
[  331.291152][T14179]  ? fs_reclaim_acquire+0x7d/0x100
[  331.291182][T14179]  should_fail_ex+0x414/0x560
[  331.291213][T14179]  should_failslab+0xa8/0x100
[  331.291233][T14179]  __kmalloc_cache_node_noprof+0x74/0x6f0
[  331.291258][T14179]  ? __get_vm_area_node+0x13f/0x300
[  331.291287][T14179]  __get_vm_area_node+0x13f/0x300
[  331.291314][T14179]  __vmalloc_node_range_noprof+0x30c/0x12d0
[  331.291340][T14179]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.291361][T14179]  ? __lock_acquire+0xab9/0xd20
[  331.291393][T14179]  ? __lock_acquire+0xab9/0xd20
[  331.291417][T14179]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  331.291442][T14179]  ? __might_fault+0xb0/0x130
[  331.291473][T14179]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.291489][T14179]  __vmalloc_noprof+0xb1/0xf0
[  331.291513][T14179]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.291534][T14179]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.291558][T14179]  bpf_prog_alloc+0x3c/0x1a0
[  331.291578][T14179]  bpf_prog_load+0x735/0x19e0
[  331.291609][T14179]  ? __pfx_bpf_prog_load+0x10/0x10
[  331.291651][T14179]  ? bpf_lsm_bpf+0x9/0x20
[  331.291669][T14179]  ? security_bpf+0x7e/0x300
[  331.291693][T14179]  __sys_bpf+0x507/0x860
[  331.291712][T14179]  ? __pfx___sys_bpf+0x10/0x10
[  331.291746][T14179]  ? ksys_write+0x22a/0x250
[  331.291772][T14179]  ? __pfx_ksys_write+0x10/0x10
[  331.291801][T14179]  __x64_sys_bpf+0x7c/0x90
[  331.291826][T14179]  do_syscall_64+0xfa/0xfa0
[  331.291847][T14179]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.291869][T14179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.291890][T14179]  ? clear_bhb_loop+0x60/0xb0
[  331.291913][T14179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.291930][T14179] RIP: 0033:0x7f330178f6c9
[  331.291946][T14179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.291962][T14179] RSP: 002b:00007f33025d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  331.291983][T14179] RAX: ffffffffffffffda RBX: 00007f33019e5fa0 RCX: 00007f330178f6c9
[  331.291996][T14179] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[  331.292008][T14179] RBP: 00007f33025d7090 R08: 0000000000000000 R09: 0000000000000000
[  331.292024][T14179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.292035][T14179] R13: 00007f33019e6038 R14: 00007f33019e5fa0 R15: 00007ffc2fa91dd8
[  331.292067][T14179]  </TASK>
[  331.292337][T14179] syz.3.2453: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  331.609378][T14182] netlink: 'syz.2.2454': attribute type 1 has an invalid length.
[  331.617477][T14179] CPU: 1 UID: 0 PID: 14179 Comm: syz.3.2453 Not tainted syzkaller #0 PREEMPT(full) 
[  331.617501][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.617512][T14179] Call Trace:
[  331.617520][T14179]  <TASK>
[  331.617528][T14179]  dump_stack_lvl+0x189/0x250
[  331.617559][T14179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.617582][T14179]  ? __pfx__printk+0x10/0x10
[  331.617601][T14179]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  331.617624][T14179]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  331.617649][T14179]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  331.617675][T14179]  warn_alloc+0x214/0x310
[  331.617707][T14179]  ? __pfx_warn_alloc+0x10/0x10
[  331.617741][T14179]  ? __get_vm_area_node+0x2b5/0x300
[  331.617771][T14179]  __vmalloc_node_range_noprof+0x331/0x12d0
[  331.617798][T14179]  ? __lock_acquire+0xab9/0xd20
[  331.617831][T14179]  ? __lock_acquire+0xab9/0xd20
[  331.617855][T14179]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  331.617881][T14179]  ? __might_fault+0xb0/0x130
[  331.617910][T14179]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.617927][T14179]  __vmalloc_noprof+0xb1/0xf0
[  331.617950][T14179]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.617970][T14179]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  331.617994][T14179]  bpf_prog_alloc+0x3c/0x1a0
[  331.618014][T14179]  bpf_prog_load+0x735/0x19e0
[  331.618045][T14179]  ? __pfx_bpf_prog_load+0x10/0x10
[  331.618085][T14179]  ? bpf_lsm_bpf+0x9/0x20
[  331.618104][T14179]  ? security_bpf+0x7e/0x300
[  331.618128][T14179]  __sys_bpf+0x507/0x860
[  331.618154][T14179]  ? __pfx___sys_bpf+0x10/0x10
[  331.618188][T14179]  ? ksys_write+0x22a/0x250
[  331.618213][T14179]  ? __pfx_ksys_write+0x10/0x10
[  331.618242][T14179]  __x64_sys_bpf+0x7c/0x90
[  331.618268][T14179]  do_syscall_64+0xfa/0xfa0
[  331.618289][T14179]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.618312][T14179]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.618330][T14179]  ? clear_bhb_loop+0x60/0xb0
[  331.618351][T14179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.618369][T14179] RIP: 0033:0x7f330178f6c9
[  331.618384][T14179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.618400][T14179] RSP: 002b:00007f33025d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  331.618419][T14179] RAX: ffffffffffffffda RBX: 00007f33019e5fa0 RCX: 00007f330178f6c9
[  331.618432][T14179] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[  331.618444][T14179] RBP: 00007f33025d7090 R08: 0000000000000000 R09: 0000000000000000
[  331.618455][T14179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.618466][T14179] R13: 00007f33019e6038 R14: 00007f33019e5fa0 R15: 00007ffc2fa91dd8
[  331.618497][T14179]  </TASK>
[  331.618516][T14179] Mem-Info:
[  331.926062][T14179] active_anon:5115 inactive_anon:0 isolated_anon:0
[  331.926062][T14179]  active_file:3903 inactive_file:39981 isolated_file:0
[  331.926062][T14179]  unevictable:768 dirty:269 writeback:0
[  331.926062][T14179]  slab_reclaimable:11604 slab_unreclaimable:170161
[  331.926062][T14179]  mapped:29848 shmem:1359 pagetables:1060
[  331.926062][T14179]  sec_pagetables:0 bounce:0
[  331.926062][T14179]  kernel_misc_reclaimable:0
[  331.926062][T14179]  free:1257643 free_pcp:15896 free_cma:0
[  331.981032][T14179] Node 0 active_anon:20560kB inactive_anon:0kB active_file:15612kB inactive_file:159724kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119392kB dirty:1072kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12056kB pagetables:4116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  332.013597][T14179] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  332.046073][T14179] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  332.122557][T14179] lowmem_reserve[]: 0 2505 2505 2505 2505
[  332.128930][T14179] Node 0 DMA32 free:1113132kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20460kB inactive_anon:0kB active_file:15612kB inactive_file:159724kB unevictable:1536kB writepending:1072kB zspages:0kB present:3129332kB managed:2565152kB mlocked:0kB bounce:0kB free_pcp:51788kB local_pcp:27728kB free_cma:0kB
[  332.205776][T14179] lowmem_reserve[]: 0 0 0 0 0
[  332.210741][T14179] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  332.247387][T14179] lowmem_reserve[]: 0 0 0 0 0
[  332.253020][T14179] Node 1 Normal free:3901868kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12160kB local_pcp:4128kB free_cma:0kB
[  332.290550][T14179] lowmem_reserve[]: 0 0 0 0 0
[  332.307481][T14179] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  332.323050][T14179] Node 0 DMA32: 2510*4kB (UME) 1543*8kB (UME) 1192*16kB (UME) 993*32kB (UME) 246*64kB (UME) 156*128kB (UME) 53*256kB (UME) 38*512kB (UM) 11*1024kB (UME) 1*2048kB (M) 234*4096kB (UM) = 1113744kB
[  332.343862][T14179] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  332.356947][T14179] Node 1 Normal: 197*4kB (U) 55*8kB (UME) 46*16kB (UME) 158*32kB (UME) 45*64kB (UME) 8*128kB (UME) 5*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3901868kB
[  332.389553][T14179] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  332.406276][T14179] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  332.441158][T14179] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  332.452239][T14179] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  332.470273][T14199] bond1: entered promiscuous mode
[  332.475375][T14199] bond1: entered allmulticast mode
[  332.481788][T14199] 8021q: adding VLAN 0 to HW filter on device bond1
[  332.489825][T14179] 45240 total pagecache pages
[  332.494551][T14179] 0 pages in swap cache
[  332.503904][T14179] Free swap  = 124996kB
[  332.508692][T14179] Total swap = 124996kB
[  332.526188][T14179] 2097051 pages RAM
[  332.530035][T14179] 0 pages HighMem/MovableOnly
[  332.534712][T14179] 424121 pages reserved
[  332.555807][T14179] 0 pages cma reserved
[  332.683261][T14199] bond1 (unregistering): Released all slaves
[  332.999949][T14225] vlan1: entered promiscuous mode
[  333.343147][T14237] wg1 speed is unknown, defaulting to 1000
[  333.422384][T14242] wg1 speed is unknown, defaulting to 1000
[  333.459490][T14250] __nla_validate_parse: 6 callbacks suppressed
[  333.459508][T14250] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2477'.
[  333.515773][T14243] wg1 speed is unknown, defaulting to 1000
[  333.583495][T14253] lo: Caught tx_queue_len zero misconfig
[  333.589725][T14253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2476'.
[  333.602200][T14253] netem: unknown loss type 0
[  333.608090][T14253] netem: change failed
[  333.965185][T14265] netlink: 'syz.0.2478': attribute type 13 has an invalid length.
[  333.979314][T14260] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2478'.
[  334.968252][T14290] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2488'.
[  335.165714][T14299] syzkaller0: left promiscuous mode
[  335.180909][T14299] syzkaller0: left allmulticast mode
[  335.319901][T14306] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2493'.
[  335.342525][T14306] netlink: 'syz.0.2493': attribute type 13 has an invalid length.
[  335.362006][T14306] netlink: 'syz.0.2493': attribute type 27 has an invalid length.
[  335.464251][T14310] FAULT_INJECTION: forcing a failure.
[  335.464251][T14310] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.478172][T14310] CPU: 1 UID: 0 PID: 14310 Comm: syz.1.2494 Not tainted syzkaller #0 PREEMPT(full) 
[  335.478198][T14310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  335.478208][T14310] Call Trace:
[  335.478215][T14310]  <TASK>
[  335.478223][T14310]  dump_stack_lvl+0x189/0x250
[  335.478257][T14310]  ? __pfx____ratelimit+0x10/0x10
[  335.478278][T14310]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.478300][T14310]  ? __pfx__printk+0x10/0x10
[  335.478331][T14310]  should_fail_ex+0x414/0x560
[  335.478360][T14310]  _copy_to_user+0x31/0xb0
[  335.478383][T14310]  bpf_test_finish+0x24e/0x700
[  335.478409][T14310]  ? __pfx_bpf_test_finish+0x10/0x10
[  335.478437][T14310]  bpf_prog_test_run_flow_dissector+0x44e/0x5c0
[  335.478467][T14310]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  335.478488][T14310]  ? __fget_files+0x2a/0x420
[  335.478512][T14310]  ? __fget_files+0x2a/0x420
[  335.478531][T14310]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  335.478550][T14310]  bpf_prog_test_run+0x2c7/0x340
[  335.478573][T14310]  __sys_bpf+0x562/0x860
[  335.478592][T14310]  ? __pfx___sys_bpf+0x10/0x10
[  335.478625][T14310]  ? ksys_write+0x22a/0x250
[  335.478651][T14310]  ? __pfx_ksys_write+0x10/0x10
[  335.478679][T14310]  __x64_sys_bpf+0x7c/0x90
[  335.478704][T14310]  do_syscall_64+0xfa/0xfa0
[  335.478725][T14310]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.478746][T14310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.478764][T14310]  ? clear_bhb_loop+0x60/0xb0
[  335.478793][T14310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.478809][T14310] RIP: 0033:0x7fa9c558f6c9
[  335.478825][T14310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.478841][T14310] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  335.478860][T14310] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  335.478873][T14310] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[  335.478885][T14310] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  335.478896][T14310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.478906][T14310] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  335.478938][T14310]  </TASK>
[  335.731684][T14315] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  335.914736][T14321] syzkaller0: left promiscuous mode
[  335.934228][T14321] syzkaller0: left allmulticast mode
[  335.951620][T14321] tipc: Resetting bearer <eth:syzkaller0>
[  336.034061][T14327] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2502'.
[  336.268302][T14339] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2506'.
[  336.288287][T14339] netlink: 'syz.2.2506': attribute type 13 has an invalid length.
[  336.310575][T14339] netlink: 'syz.2.2506': attribute type 27 has an invalid length.
[  336.326011][T14341] syzkaller0: entered promiscuous mode
[  336.332045][T14341] syzkaller0: entered allmulticast mode
[  336.380399][T14345] lo speed is unknown, defaulting to 1000
[  336.403559][T14345] lo speed is unknown, defaulting to 1000
[  336.432648][T14345] lo speed is unknown, defaulting to 1000
[  336.445498][T14341] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  336.464237][T14351] vlan2: entered promiscuous mode
[  336.489441][T14345] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  336.591318][T14345] lo speed is unknown, defaulting to 1000
[  336.614935][T14353] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2512'.
[  336.632095][T14345] lo speed is unknown, defaulting to 1000
[  336.640777][T14345] lo speed is unknown, defaulting to 1000
[  336.651574][T14345] lo speed is unknown, defaulting to 1000
[  336.660600][T14345] lo speed is unknown, defaulting to 1000
[  336.846783][T14364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2517'.
[  336.958791][T14370] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2519'.
[  337.256045][T14383] tc_dump_action: action bad kind
[  337.303531][T14379] syzkaller0: entered promiscuous mode
[  337.326672][T14379] syzkaller0: entered allmulticast mode
[  337.344853][T14392] FAULT_INJECTION: forcing a failure.
[  337.344853][T14392] name failslab, interval 1, probability 0, space 0, times 0
[  337.346051][T14379] tipc: Resetting bearer <eth:syzkaller0>
[  337.359659][T14392] CPU: 1 UID: 0 PID: 14392 Comm: syz.0.2524 Not tainted syzkaller #0 PREEMPT(full) 
[  337.359684][T14392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  337.359695][T14392] Call Trace:
[  337.359703][T14392]  <TASK>
[  337.359711][T14392]  dump_stack_lvl+0x189/0x250
[  337.359739][T14392]  ? __pfx____ratelimit+0x10/0x10
[  337.359762][T14392]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.359784][T14392]  ? __pfx__printk+0x10/0x10
[  337.359808][T14392]  ? __pfx___might_resched+0x10/0x10
[  337.359827][T14392]  ? fs_reclaim_acquire+0x7d/0x100
[  337.359857][T14392]  should_fail_ex+0x414/0x560
[  337.359887][T14392]  should_failslab+0xa8/0x100
[  337.359906][T14392]  kmem_cache_alloc_noprof+0x74/0x6e0
[  337.359929][T14392]  ? vm_area_alloc+0x24/0x140
[  337.359950][T14392]  vm_area_alloc+0x24/0x140
[  337.359967][T14392]  mmap_region+0xdcd/0x2110
[  337.359991][T14392]  ? mas_prev_slot+0xb31/0xbb0
[  337.360024][T14392]  ? __pfx_mmap_region+0x10/0x10
[  337.360044][T14392]  ? unmapped_area_topdown+0x561/0x580
[  337.360130][T14392]  ? mm_get_unmapped_area_vmflags+0xb3/0xe0
[  337.360166][T14392]  ? bpf_lsm_mmap_addr+0x9/0x20
[  337.360183][T14392]  ? security_mmap_addr+0x71/0x270
[  337.360213][T14392]  do_mmap+0xc45/0x10d0
[  337.360246][T14392]  ? __pfx_do_mmap+0x10/0x10
[  337.360264][T14392]  ? down_write_killable+0x178/0x230
[  337.360284][T14392]  ? __pfx_down_write_killable+0x10/0x10
[  337.360306][T14392]  ? apparmor_mmap_file+0xc4/0xe0
[  337.360332][T14392]  vm_mmap_pgoff+0x2a6/0x4d0
[  337.360362][T14392]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  337.360384][T14392]  ? do_user_addr_fault+0xc85/0x1380
[  337.360404][T14392]  ? ksys_mmap_pgoff+0xf4/0x760
[  337.360425][T14392]  ? __x64_sys_mmap+0x7f/0x140
[  337.360448][T14392]  do_syscall_64+0xfa/0xfa0
[  337.360468][T14392]  ? lockdep_hardirqs_on+0x9c/0x150
[  337.360489][T14392]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.360507][T14392]  ? clear_bhb_loop+0x60/0xb0
[  337.360528][T14392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.360550][T14392] RIP: 0033:0x7fb9f018f703
[  337.360566][T14392] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[  337.360581][T14392] RSP: 002b:00007fb9f10e2bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  337.360600][T14392] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb9f018f703
[  337.360612][T14392] RDX: 0000000000000000 RSI: 0000000008000000 RDI: 0000000000000000
[  337.360626][T14392] RBP: 0000000004000000 R08: 00000000ffffffff R09: 0000000000000000
[  337.360637][T14392] R10: 0000000000004022 R11: 0000000000000246 R12: 0000000000004022
[  337.360647][T14392] R13: 0000000000001000 R14: 0000000000021000 R15: 00007fb9f10e46c0
[  337.360677][T14392]  </TASK>
[  337.667950][T14382] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  337.717365][T14390] netlink: 'syz.4.2523': attribute type 13 has an invalid length.
[  337.861893][T14414] FAULT_INJECTION: forcing a failure.
[  337.861893][T14414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  337.863151][T14401] wg1 speed is unknown, defaulting to 1000
[  337.876885][T14411] tunl0: Caught tx_queue_len zero misconfig
[  337.898815][T14414] CPU: 1 UID: 0 PID: 14414 Comm: syz.1.2529 Not tainted syzkaller #0 PREEMPT(full) 
[  337.898841][T14414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  337.898852][T14414] Call Trace:
[  337.898860][T14414]  <TASK>
[  337.898868][T14414]  dump_stack_lvl+0x189/0x250
[  337.898896][T14414]  ? __pfx____ratelimit+0x10/0x10
[  337.898919][T14414]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.898942][T14414]  ? __pfx__printk+0x10/0x10
[  337.898960][T14414]  ? __might_fault+0xb0/0x130
[  337.898996][T14414]  should_fail_ex+0x414/0x560
[  337.899026][T14414]  _copy_from_user+0x2d/0xb0
[  337.899049][T14414]  kstrtouint_from_user+0xc4/0x170
[  337.899070][T14414]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  337.899106][T14414]  proc_fail_nth_write+0x88/0x200
[  337.899128][T14414]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  337.899155][T14414]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  337.899179][T14414]  vfs_write+0x27e/0xb30
[  337.899211][T14414]  ? __pfx_vfs_write+0x10/0x10
[  337.899253][T14414]  ? __fget_files+0x2a/0x420
[  337.899275][T14414]  ? __fget_files+0x3a0/0x420
[  337.899290][T14414]  ? __fget_files+0x2a/0x420
[  337.899315][T14414]  ksys_write+0x145/0x250
[  337.899341][T14414]  ? __pfx_ksys_write+0x10/0x10
[  337.899367][T14414]  ? do_syscall_64+0xbe/0xfa0
[  337.899397][T14414]  do_syscall_64+0xfa/0xfa0
[  337.899417][T14414]  ? lockdep_hardirqs_on+0x9c/0x150
[  337.899440][T14414]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.899457][T14414]  ? clear_bhb_loop+0x60/0xb0
[  337.899479][T14414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.899495][T14414] RIP: 0033:0x7fa9c558e17f
[  337.899513][T14414] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  337.899533][T14414] RSP: 002b:00007fa9c63d8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  337.899552][T14414] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa9c558e17f
[  337.899565][T14414] RDX: 0000000000000001 RSI: 00007fa9c63d80a0 RDI: 0000000000000003
[  337.899576][T14414] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  337.899588][T14414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  337.899598][T14414] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  337.899630][T14414]  </TASK>
[  338.170460][T14401] lo speed is unknown, defaulting to 1000
[  338.793525][T14450] wg1 speed is unknown, defaulting to 1000
[  338.804268][T14450] lo speed is unknown, defaulting to 1000
[  338.829325][T14449] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  339.018908][T14463] wg1 speed is unknown, defaulting to 1000
[  339.039181][T14463] lo speed is unknown, defaulting to 1000
[  339.149365][T14467] __nla_validate_parse: 4 callbacks suppressed
[  339.149382][T14467] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2542'.
[  339.650087][T14478] syzkaller0: left promiscuous mode
[  339.663886][T14478] syzkaller0: left allmulticast mode
[  339.802328][T14480] Set syz1 is full, maxelem 65536 reached
[  339.926917][T14484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2548'.
[  339.994778][T14486] netlink: 'syz.1.2551': attribute type 16 has an invalid length.
[  340.015697][T14486] netlink: 'syz.1.2551': attribute type 17 has an invalid length.
[  340.027595][T14487] bridge0: port 10(batadv9) entered blocking state
[  340.036069][T14487] bridge0: port 10(batadv9) entered disabled state
[  340.058247][T14491] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2551'.
[  340.082821][T14487] batadv9: entered allmulticast mode
[  340.091534][T14487] batadv9: entered promiscuous mode
[  340.266887][T14486] tipc: Resetting bearer <eth:syzkaller0>
[  340.413621][ T5892] lo speed is unknown, defaulting to 1000
[  340.420971][ T5892] syz1: Port: 1 Link DOWN
[  340.465702][ T3483] batman_adv: batadv9: No IGMP Querier present - multicast optimizations disabled
[  340.475188][ T3483] batman_adv: batadv9: No MLD Querier present - multicast optimizations disabled
[  340.613375][T14499] syzkaller0: entered promiscuous mode
[  340.619230][T14499] syzkaller0: entered allmulticast mode
[  340.650024][T14500] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  341.247834][T14525] FAULT_INJECTION: forcing a failure.
[  341.247834][T14525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  341.254176][T14522] wg1 speed is unknown, defaulting to 1000
[  341.278917][T14525] CPU: 1 UID: 0 PID: 14525 Comm: syz.1.2561 Not tainted syzkaller #0 PREEMPT(full) 
[  341.278941][T14525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  341.278952][T14525] Call Trace:
[  341.278959][T14525]  <TASK>
[  341.278967][T14525]  dump_stack_lvl+0x189/0x250
[  341.278993][T14525]  ? __pfx____ratelimit+0x10/0x10
[  341.279015][T14525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.279037][T14525]  ? __pfx__printk+0x10/0x10
[  341.279069][T14525]  should_fail_ex+0x414/0x560
[  341.279097][T14525]  _copy_to_user+0x31/0xb0
[  341.279119][T14525]  simple_read_from_buffer+0xe1/0x170
[  341.279150][T14525]  proc_fail_nth_read+0x1b3/0x220
[  341.279174][T14525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  341.279202][T14525]  ? rw_verify_area+0x2a6/0x4d0
[  341.279219][T14525]  ? __lock_acquire+0xab9/0xd20
[  341.279232][T14525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  341.279249][T14525]  vfs_read+0x200/0xa30
[  341.279266][T14525]  ? fdget_pos+0x247/0x320
[  341.279282][T14525]  ? __pfx___mutex_lock+0x10/0x10
[  341.279302][T14525]  ? __pfx_vfs_read+0x10/0x10
[  341.279321][T14525]  ? __fget_files+0x2a/0x420
[  341.279337][T14525]  ? __fget_files+0x3a0/0x420
[  341.279348][T14525]  ? __fget_files+0x2a/0x420
[  341.279367][T14525]  ksys_read+0x145/0x250
[  341.279387][T14525]  ? __pfx_ksys_read+0x10/0x10
[  341.279408][T14525]  ? do_syscall_64+0xbe/0xfa0
[  341.279428][T14525]  do_syscall_64+0xfa/0xfa0
[  341.279445][T14525]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.279462][T14525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.279475][T14525]  ? clear_bhb_loop+0x60/0xb0
[  341.279492][T14525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.279505][T14525] RIP: 0033:0x7fa9c558e0dc
[  341.279518][T14525] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  341.279530][T14525] RSP: 002b:00007fa9c63d8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  341.279545][T14525] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558e0dc
[  341.279556][T14525] RDX: 000000000000000f RSI: 00007fa9c63d80a0 RDI: 0000000000000004
[  341.279564][T14525] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  341.279573][T14525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  341.279581][T14525] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  341.279604][T14525]  </TASK>
[  341.581236][T14533] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2559'.
[  341.628402][T14522] lo speed is unknown, defaulting to 1000
[  342.053251][T14549] netlink: 'syz.4.2569': attribute type 12 has an invalid length.
[  342.529427][T14568] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2577'.
[  342.665937][T14574] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2579'.
[  342.934103][T14583] netlink: 'syz.3.2581': attribute type 39 has an invalid length.
[  342.957006][T14585] xt_connbytes: Forcing CT accounting to be enabled
[  343.139329][T14589] netlink: 'syz.1.2583': attribute type 58 has an invalid length.
[  343.159599][T14591] syzkaller0: left promiscuous mode
[  343.164935][T14591] syzkaller0: left allmulticast mode
[  343.189190][T14589] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2583'.
[  343.451115][T14607] syzkaller0: Caught tx_queue_len zero misconfig
[  343.561436][T14611] vlan3: entered promiscuous mode
[  343.621356][T14614] vlan2: entered promiscuous mode
[  343.790571][T14622] bridge0: port 8(batadv7) entered blocking state
[  343.827212][T14622] bridge0: port 8(batadv7) entered disabled state
[  343.854881][T14622] batadv7: entered allmulticast mode
[  343.878166][T14624] netlink: 'syz.4.2594': attribute type 13 has an invalid length.
[  343.896227][T14624] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2594'.
[  343.908283][T14622] batadv7: entered promiscuous mode
[  343.929051][T14623] netlink: 240 bytes leftover after parsing attributes in process `syz.4.2594'.
[  344.289827][ T3526] batman_adv: batadv7: No IGMP Querier present - multicast optimizations disabled
[  344.299265][ T3526] batman_adv: batadv7: No MLD Querier present - multicast optimizations disabled
[  344.744153][T14631] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2597'.
[  344.787822][T14631] netlink: 'syz.2.2597': attribute type 13 has an invalid length.
[  344.957152][T14634] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  345.031716][T14634] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2598'.
[  345.348000][T14643] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2602'.
[  346.286907][T14660] syzkaller0: left promiscuous mode
[  346.292338][T14660] syzkaller0: left allmulticast mode
[  346.299389][T14660] tipc: Resetting bearer <eth:syzkaller0>
[  346.371812][T14662] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2608'.
[  346.385352][T14662] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2608'.
[  346.905777][T14677] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2614'.
[  346.930508][T14679] netlink: 240 bytes leftover after parsing attributes in process `syz.0.2613'.
[  346.941019][T14679] netlink: 'syz.0.2613': attribute type 13 has an invalid length.
[  346.948999][T14679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2613'.
[  347.045439][T14681] FAULT_INJECTION: forcing a failure.
[  347.045439][T14681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.089331][T14681] CPU: 1 UID: 0 PID: 14681 Comm: syz.3.2615 Not tainted syzkaller #0 PREEMPT(full) 
[  347.089364][T14681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  347.089374][T14681] Call Trace:
[  347.089381][T14681]  <TASK>
[  347.089389][T14681]  dump_stack_lvl+0x189/0x250
[  347.089417][T14681]  ? __pfx____ratelimit+0x10/0x10
[  347.089439][T14681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.089462][T14681]  ? __pfx__printk+0x10/0x10
[  347.089492][T14681]  should_fail_ex+0x414/0x560
[  347.089522][T14681]  _copy_to_user+0x31/0xb0
[  347.089546][T14681]  bpf_test_finish+0x56f/0x700
[  347.089573][T14681]  ? __pfx_bpf_test_finish+0x10/0x10
[  347.089601][T14681]  bpf_prog_test_run_flow_dissector+0x44e/0x5c0
[  347.089633][T14681]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  347.089655][T14681]  ? __fget_files+0x2a/0x420
[  347.089678][T14681]  ? __fget_files+0x2a/0x420
[  347.089700][T14681]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  347.089727][T14681]  bpf_prog_test_run+0x2c7/0x340
[  347.089751][T14681]  __sys_bpf+0x562/0x860
[  347.089770][T14681]  ? __pfx___sys_bpf+0x10/0x10
[  347.089803][T14681]  ? ksys_write+0x22a/0x250
[  347.089828][T14681]  ? __pfx_ksys_write+0x10/0x10
[  347.089857][T14681]  __x64_sys_bpf+0x7c/0x90
[  347.089882][T14681]  do_syscall_64+0xfa/0xfa0
[  347.089903][T14681]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.089925][T14681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.089943][T14681]  ? clear_bhb_loop+0x60/0xb0
[  347.089965][T14681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.089981][T14681] RIP: 0033:0x7f330178f6c9
[  347.089998][T14681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.090014][T14681] RSP: 002b:00007f33025d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  347.090034][T14681] RAX: ffffffffffffffda RBX: 00007f33019e5fa0 RCX: 00007f330178f6c9
[  347.090047][T14681] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a
[  347.090059][T14681] RBP: 00007f33025d7090 R08: 0000000000000000 R09: 0000000000000000
[  347.090071][T14681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.090082][T14681] R13: 00007f33019e6038 R14: 00007f33019e5fa0 R15: 00007ffc2fa91dd8
[  347.090113][T14681]  </TASK>
[  347.617456][T14685] wg1 speed is unknown, defaulting to 1000
[  347.625103][T14685] lo speed is unknown, defaulting to 1000
[  347.693757][T14686] veth0: entered promiscuous mode
[  347.866134][T14686] veth0: left promiscuous mode
[  348.045248][T14697] syzkaller0: left promiscuous mode
[  348.050589][T14697] syzkaller0: left allmulticast mode
[  348.056298][T14621] Set syz1 is full, maxelem 65536 reached
[  348.208563][T14704] netlink: 212324 bytes leftover after parsing attributes in process `syz.0.2624'.
[  348.259024][T14705] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2625'.
[  348.661024][T14616] Set syz1 is full, maxelem 65536 reached
[  349.256260][T14765] netlink: 'syz.1.2646': attribute type 1 has an invalid length.
[  349.294047][T14765] 8021q: adding VLAN 0 to HW filter on device bond2
[  349.325057][T14765] veth15: entered promiscuous mode
[  349.333918][T14765] bond2: (slave veth15): Enslaving as an active interface with an up link
[  349.536355][T14771] FAULT_INJECTION: forcing a failure.
[  349.536355][T14771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.553694][T14771] CPU: 0 UID: 0 PID: 14771 Comm: syz.1.2648 Not tainted syzkaller #0 PREEMPT(full) 
[  349.553719][T14771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  349.553730][T14771] Call Trace:
[  349.553737][T14771]  <TASK>
[  349.553746][T14771]  dump_stack_lvl+0x189/0x250
[  349.553774][T14771]  ? __pfx____ratelimit+0x10/0x10
[  349.553797][T14771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.553820][T14771]  ? __pfx__printk+0x10/0x10
[  349.553839][T14771]  ? __might_fault+0xb0/0x130
[  349.553870][T14771]  should_fail_ex+0x414/0x560
[  349.553898][T14771]  _copy_from_iter+0x1de/0x1790
[  349.553924][T14771]  ? rcu_is_watching+0x15/0xb0
[  349.553948][T14771]  ? kmalloc_reserve+0xbd/0x290
[  349.553966][T14771]  ? __pfx__copy_from_iter+0x10/0x10
[  349.553986][T14771]  ? __build_skb_around+0x262/0x3f0
[  349.554014][T14771]  ? netlink_sendmsg+0x642/0xb30
[  349.554030][T14771]  ? skb_put+0x11b/0x210
[  349.554051][T14771]  netlink_sendmsg+0x6b2/0xb30
[  349.554078][T14771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  349.554099][T14771]  ? aa_sock_msg_perm+0xf1/0x1d0
[  349.554125][T14771]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  349.554142][T14771]  ? __pfx_netlink_sendmsg+0x10/0x10
[  349.554161][T14771]  __sock_sendmsg+0x21c/0x270
[  349.554187][T14771]  ____sys_sendmsg+0x505/0x830
[  349.554212][T14771]  ? __pfx_____sys_sendmsg+0x10/0x10
[  349.554240][T14771]  ? import_iovec+0x74/0xa0
[  349.554265][T14771]  ___sys_sendmsg+0x21f/0x2a0
[  349.554286][T14771]  ? __pfx____sys_sendmsg+0x10/0x10
[  349.554347][T14771]  ? __fget_files+0x2a/0x420
[  349.554364][T14771]  ? __fget_files+0x3a0/0x420
[  349.554390][T14771]  __x64_sys_sendmsg+0x19b/0x260
[  349.554412][T14771]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  349.554442][T14771]  ? __pfx_ksys_write+0x10/0x10
[  349.554469][T14771]  ? do_syscall_64+0xbe/0xfa0
[  349.554496][T14771]  do_syscall_64+0xfa/0xfa0
[  349.554519][T14771]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.554544][T14771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.554561][T14771]  ? clear_bhb_loop+0x60/0xb0
[  349.554580][T14771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.554595][T14771] RIP: 0033:0x7fa9c558f6c9
[  349.554611][T14771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.554628][T14771] RSP: 002b:00007fa9c63d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  349.554646][T14771] RAX: ffffffffffffffda RBX: 00007fa9c57e5fa0 RCX: 00007fa9c558f6c9
[  349.554659][T14771] RDX: 0000000000001000 RSI: 0000200000000200 RDI: 0000000000000003
[  349.554670][T14771] RBP: 00007fa9c63d8090 R08: 0000000000000000 R09: 0000000000000000
[  349.554681][T14771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.554691][T14771] R13: 00007fa9c57e6038 R14: 00007fa9c57e5fa0 R15: 00007fff99ef36e8
[  349.554721][T14771]  </TASK>
[  350.127823][T14786] wg1 speed is unknown, defaulting to 1000
[  350.148438][T14786] lo speed is unknown, defaulting to 1000
[  350.204278][T14790] tun0: tun_chr_ioctl cmd 2148045848
[  350.394688][T14797] __nla_validate_parse: 3 callbacks suppressed
[  350.394709][T14797] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2656'.
[  350.441254][T14797] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2656'.
[  350.492505][T14802] syzkaller0: Caught tx_queue_len zero misconfig
[  350.548356][T14804] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2660'.
[  350.552506][T14802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2658'.
[  350.568409][T14802] netlink: 'syz.4.2658': attribute type 1 has an invalid length.
[  350.681734][T14802] bond0: option xmit_hash_policy: invalid value (9)
[  350.920756][T14823] vlan2: entered promiscuous mode
[  350.926084][T14823] bond0: entered promiscuous mode
[  350.931240][T14823] bond_slave_0: entered promiscuous mode
[  350.943238][T14823] bond_slave_1: entered promiscuous mode
[  350.950243][T14823] team0: entered promiscuous mode
[  350.955771][T14823] team_slave_0: entered promiscuous mode
[  350.961723][T14823] team_slave_1: entered promiscuous mode
[  351.173883][T14835] sctp: [Deprecated]: syz.2.2670 (pid 14835) Use of struct sctp_assoc_value in delayed_ack socket option.
[  351.173883][T14835] Use struct sctp_sack_info instead
[  351.244918][T14838] syzkaller0: left promiscuous mode
[  351.250773][T14838] syzkaller0: left allmulticast mode
[  351.390204][T14843] 8021q: VLANs not supported on ip6tnl0
[  351.667726][T14851] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2676'.
[  351.950016][T14865] wg1 speed is unknown, defaulting to 1000
[  351.960644][T14865] lo speed is unknown, defaulting to 1000
[  352.170919][T14875] vlan2: entered promiscuous mode
[  352.184631][T14873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2684'.
[  352.444838][T14882] wg1 speed is unknown, defaulting to 1000
[  352.478336][T14882] lo speed is unknown, defaulting to 1000
[  352.681459][T14887] syzkaller0: entered promiscuous mode
[  352.690064][T14887] syzkaller0: entered allmulticast mode
[  352.748564][T14887] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  353.023702][T14890] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  353.265239][T14898] tc_dump_action: action bad kind
[  353.514658][T14913] netlink: 'syz.2.2696': attribute type 39 has an invalid length.
[  354.360318][T14951] IPv6: Can't replace route, no match found
[  354.488328][T14957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2715'.
[  354.509687][T14959] netlink: 516 bytes leftover after parsing attributes in process `syz.2.2716'.
[  354.725339][T14965] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2718'.
[  354.867348][T14970] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2720'.
[  354.891084][T14976] netlink: 'syz.3.2723': attribute type 4 has an invalid length.
[  355.120314][T14984] wg1 speed is unknown, defaulting to 1000
[  355.158595][T14984] lo speed is unknown, defaulting to 1000
[  355.786988][T15034] __nla_validate_parse: 5 callbacks suppressed
[  355.787005][T15034] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2735'.
[  355.827573][T15028] wg1 speed is unknown, defaulting to 1000
[  355.835112][T15028] lo speed is unknown, defaulting to 1000
[  355.860137][T15037] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2737'.
[  356.002040][T15046] x_tables: duplicate underflow at hook 2
[  356.010426][T15025] wg1 speed is unknown, defaulting to 1000
[  356.013150][T15047] netlink: 'syz.4.2742': attribute type 1 has an invalid length.
[  356.041208][T15044] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2741'.
[  356.107672][T15047] 8021q: adding VLAN 0 to HW filter on device bond2
[  356.119572][T15025] lo speed is unknown, defaulting to 1000
[  356.174774][T15050] ipvlan2: entered allmulticast mode
[  356.188761][T15050] bond2: entered allmulticast mode
[  356.237448][T15056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2743'.
[  356.265008][T15047] bond2: (slave gretap1): making interface the new active one
[  356.275253][T15047] gretap1: entered allmulticast mode
[  356.292822][T15047] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  356.352981][T15056] FAULT_INJECTION: forcing a failure.
[  356.352981][T15056] name failslab, interval 1, probability 0, space 0, times 0
[  356.402374][T15056] CPU: 1 UID: 0 PID: 15056 Comm: syz.3.2743 Not tainted syzkaller #0 PREEMPT(full) 
[  356.402423][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  356.402438][T15056] Call Trace:
[  356.402446][T15056]  <TASK>
[  356.402453][T15056]  dump_stack_lvl+0x189/0x250
[  356.402482][T15056]  ? __pfx____ratelimit+0x10/0x10
[  356.402506][T15056]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.402528][T15056]  ? __pfx__printk+0x10/0x10
[  356.402551][T15056]  ? __pfx___might_resched+0x10/0x10
[  356.402575][T15056]  should_fail_ex+0x414/0x560
[  356.402603][T15056]  should_failslab+0xa8/0x100
[  356.402621][T15056]  kmem_cache_alloc_node_noprof+0x77/0x710
[  356.402645][T15056]  ? __alloc_skb+0x112/0x2d0
[  356.402665][T15056]  __alloc_skb+0x112/0x2d0
[  356.402689][T15056]  netlink_ack+0x146/0xa50
[  356.402711][T15056]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  356.402751][T15056]  netlink_rcv_skb+0x28c/0x470
[  356.402765][T15056]  ? __lock_acquire+0xab9/0xd20
[  356.402783][T15056]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  356.402807][T15056]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  356.402833][T15056]  ? netlink_deliver_tap+0x2e/0x1b0
[  356.402856][T15056]  netlink_unicast+0x82f/0x9e0
[  356.402886][T15056]  ? __pfx_netlink_unicast+0x10/0x10
[  356.402911][T15056]  ? netlink_sendmsg+0x642/0xb30
[  356.402925][T15056]  ? skb_put+0x11b/0x210
[  356.402945][T15056]  netlink_sendmsg+0x805/0xb30
[  356.402972][T15056]  ? __pfx_netlink_sendmsg+0x10/0x10
[  356.402992][T15056]  ? aa_sock_msg_perm+0xf1/0x1d0
[  356.403019][T15056]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  356.403035][T15056]  ? __pfx_netlink_sendmsg+0x10/0x10
[  356.403053][T15056]  __sock_sendmsg+0x21c/0x270
[  356.403080][T15056]  ____sys_sendmsg+0x505/0x830
[  356.403104][T15056]  ? __pfx_____sys_sendmsg+0x10/0x10
[  356.403130][T15056]  ? import_iovec+0x74/0xa0
[  356.403153][T15056]  ___sys_sendmsg+0x21f/0x2a0
[  356.403174][T15056]  ? __pfx____sys_sendmsg+0x10/0x10
[  356.403227][T15056]  ? __fget_files+0x2a/0x420
[  356.403243][T15056]  ? __fget_files+0x3a0/0x420
[  356.403269][T15056]  __x64_sys_sendmsg+0x19b/0x260
[  356.403291][T15056]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  356.403318][T15056]  ? __pfx_ksys_write+0x10/0x10
[  356.403353][T15056]  ? do_syscall_64+0xbe/0xfa0
[  356.403379][T15056]  do_syscall_64+0xfa/0xfa0
[  356.403401][T15056]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.403423][T15056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.403441][T15056]  ? clear_bhb_loop+0x60/0xb0
[  356.403462][T15056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.403479][T15056] RIP: 0033:0x7f330178f6c9
[  356.403496][T15056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.403512][T15056] RSP: 002b:00007f33025b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  356.403532][T15056] RAX: ffffffffffffffda RBX: 00007f33019e6090 RCX: 00007f330178f6c9
[  356.403545][T15056] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[  356.403557][T15056] RBP: 00007f33025b6090 R08: 0000000000000000 R09: 0000000000000000
[  356.403568][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.403579][T15056] R13: 00007f33019e6128 R14: 00007f33019e6090 R15: 00007ffc2fa91dd8
[  356.403609][T15056]  </TASK>
[  356.872070][T15069] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2749'.
[  356.956249][T15076] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  357.001185][T15076] FAULT_INJECTION: forcing a failure.
[  357.001185][T15076] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  357.030967][T15079] vlan2: entered promiscuous mode
[  357.045725][T15076] CPU: 1 UID: 0 PID: 15076 Comm: syz.0.2751 Not tainted syzkaller #0 PREEMPT(full) 
[  357.045751][T15076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  357.045763][T15076] Call Trace:
[  357.045770][T15076]  <TASK>
[  357.045778][T15076]  dump_stack_lvl+0x189/0x250
[  357.045806][T15076]  ? __pfx____ratelimit+0x10/0x10
[  357.045828][T15076]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.045851][T15076]  ? __pfx__printk+0x10/0x10
[  357.045882][T15076]  should_fail_ex+0x414/0x560
[  357.045912][T15076]  _copy_to_user+0x31/0xb0
[  357.045937][T15076]  simple_read_from_buffer+0xe1/0x170
[  357.045968][T15076]  proc_fail_nth_read+0x1b3/0x220
[  357.045993][T15076]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  357.046018][T15076]  ? rw_verify_area+0x2a6/0x4d0
[  357.046039][T15076]  ? __lock_acquire+0xab9/0xd20
[  357.046055][T15076]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  357.046079][T15076]  vfs_read+0x200/0xa30
[  357.046100][T15076]  ? fdget_pos+0x247/0x320
[  357.046122][T15076]  ? __pfx___mutex_lock+0x10/0x10
[  357.046145][T15076]  ? __pfx_vfs_read+0x10/0x10
[  357.046167][T15076]  ? __fget_files+0x2a/0x420
[  357.046188][T15076]  ? __fget_files+0x3a0/0x420
[  357.046203][T15076]  ? __fget_files+0x2a/0x420
[  357.046229][T15076]  ksys_read+0x145/0x250
[  357.046251][T15076]  ? __fget_files+0x2a/0x420
[  357.046269][T15076]  ? __pfx_ksys_read+0x10/0x10
[  357.046305][T15076]  ? do_syscall_64+0xbe/0xfa0
[  357.046332][T15076]  do_syscall_64+0xfa/0xfa0
[  357.046353][T15076]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.046375][T15076]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.046394][T15076]  ? clear_bhb_loop+0x60/0xb0
[  357.046415][T15076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.046433][T15076] RIP: 0033:0x7fb9f018e0dc
[  357.046450][T15076] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  357.046466][T15076] RSP: 002b:00007fb9f10e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  357.046486][T15076] RAX: ffffffffffffffda RBX: 00007fb9f03e5fa0 RCX: 00007fb9f018e0dc
[  357.046500][T15076] RDX: 000000000000000f RSI: 00007fb9f10e40a0 RDI: 0000000000000009
[  357.046511][T15076] RBP: 00007fb9f10e4090 R08: 0000000000000000 R09: 0000000000000000
[  357.046523][T15076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.046532][T15076] R13: 00007fb9f03e6038 R14: 00007fb9f03e5fa0 R15: 00007fff40564a68
[  357.046565][T15076]  </TASK>
[  357.418682][T15090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2755'.
[  357.441847][T15085] vlan2: entered promiscuous mode
[  357.658029][T15096] sctp: [Deprecated]: syz.0.2756 (pid 15096) Use of struct sctp_assoc_value in delayed_ack socket option.
[  357.658029][T15096] Use struct sctp_sack_info instead
[  357.671768][T15088] wg1 speed is unknown, defaulting to 1000
[  357.933102][T15092] wg1 speed is unknown, defaulting to 1000
[  357.956937][T15084] wg1 speed is unknown, defaulting to 1000
[  357.970162][T15092] lo speed is unknown, defaulting to 1000
[  357.989160][T15088] lo speed is unknown, defaulting to 1000
[  358.010915][T15084] lo speed is unknown, defaulting to 1000
[  358.065748][T15103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2758'.
[  358.174598][T15102] wg1 speed is unknown, defaulting to 1000
[  358.224805][T15102] lo speed is unknown, defaulting to 1000
[  358.405150][T15106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2758'.
[  358.415901][T15106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2758'.
[  358.425190][T15106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2758'.
[  358.462902][T15112] netlink: 'syz.1.2759': attribute type 13 has an invalid length.
[  358.514610][T15112] tipc: Resetting bearer <eth:syzkaller0>
[  358.764845][T15120] netlink: 'syz.2.2763': attribute type 12 has an invalid length.
[  359.230301][T15135] No such timeout policy "syz1"
[  359.230660][T15138] netlink: 'syz.0.2771': attribute type 13 has an invalid length.
[  359.240675][T15135] �x9�: renamed from bridge_slave_0
[  359.276531][T15138] tipc: Resetting bearer <eth:syzkaller0>
[  359.826019][T15165] syzkaller0: entered promiscuous mode
[  359.843588][T15165] syzkaller0: entered allmulticast mode
[  359.850441][T15165] tipc: Resetting bearer <eth:syzkaller0>
[  359.857284][T15177] netlink: 'syz.1.2787': attribute type 13 has an invalid length.
[  359.894126][T15165] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  360.119797][T15188] batadv_slave_1: entered promiscuous mode
[  360.182217][T15188] batadv_slave_1 (unregistering): left promiscuous mode
[  360.200648][T15188] batman_adv: batadv0: Removing interface: batadv_slave_1
[  360.294267][T15193] FAULT_INJECTION: forcing a failure.
[  360.294267][T15193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.308164][T15194] veth0_to_hsr: Caught tx_queue_len zero misconfig
[  360.323296][T15193] CPU: 0 UID: 0 PID: 15193 Comm: syz.2.2793 Not tainted syzkaller #0 PREEMPT(full) 
[  360.323322][T15193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  360.323333][T15193] Call Trace:
[  360.323340][T15193]  <TASK>
[  360.323348][T15193]  dump_stack_lvl+0x189/0x250
[  360.323376][T15193]  ? __pfx____ratelimit+0x10/0x10
[  360.323399][T15193]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.323421][T15193]  ? __pfx__printk+0x10/0x10
[  360.323452][T15193]  should_fail_ex+0x414/0x560
[  360.323483][T15193]  _copy_to_user+0x31/0xb0
[  360.323507][T15193]  simple_read_from_buffer+0xe1/0x170
[  360.323537][T15193]  proc_fail_nth_read+0x1b3/0x220
[  360.323563][T15193]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.323588][T15193]  ? rw_verify_area+0x2a6/0x4d0
[  360.323608][T15193]  ? __lock_acquire+0xab9/0xd20
[  360.323622][T15193]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.323645][T15193]  vfs_read+0x200/0xa30
[  360.323666][T15193]  ? fdget_pos+0x247/0x320
[  360.323684][T15193]  ? __pfx___mutex_lock+0x10/0x10
[  360.323707][T15193]  ? __pfx_vfs_read+0x10/0x10
[  360.323729][T15193]  ? __fget_files+0x2a/0x420
[  360.323749][T15193]  ? __fget_files+0x3a0/0x420
[  360.323764][T15193]  ? __fget_files+0x2a/0x420
[  360.323787][T15193]  ksys_read+0x145/0x250
[  360.323810][T15193]  ? __pfx_ksys_read+0x10/0x10
[  360.323836][T15193]  ? do_syscall_64+0xbe/0xfa0
[  360.323862][T15193]  do_syscall_64+0xfa/0xfa0
[  360.323882][T15193]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.323903][T15193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.323920][T15193]  ? clear_bhb_loop+0x60/0xb0
[  360.323940][T15193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.323955][T15193] RIP: 0033:0x7fcec778e0dc
[  360.323978][T15193] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  360.323993][T15193] RSP: 002b:00007fcec8619030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  360.324010][T15193] RAX: ffffffffffffffda RBX: 00007fcec79e5fa0 RCX: 00007fcec778e0dc
[  360.324021][T15193] RDX: 000000000000000f RSI: 00007fcec86190a0 RDI: 0000000000000004
[  360.324031][T15193] RBP: 00007fcec8619090 R08: 0000000000000000 R09: 0000000000000000
[  360.324041][T15193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.324052][T15193] R13: 00007fcec79e6038 R14: 00007fcec79e5fa0 R15: 00007fff4b4cd798
[  360.324084][T15193]  </TASK>
[  360.769239][T15213] syzkaller0: left promiscuous mode
[  360.786554][T15213] syzkaller0: left allmulticast mode
[  360.816239][    C0] 0: reclassify loop, rule prio 0, protocol 800
[  360.840844][T15220] netlink: 'syz.3.2803': attribute type 1 has an invalid length.
[  360.990963][T15230] __nla_validate_parse: 10 callbacks suppressed
[  360.990980][T15230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2806'.
[  361.010594][T15232] syzkaller1: entered promiscuous mode
[  361.019524][T15232] syzkaller1: entered allmulticast mode
[  361.037986][T15230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2806'.
[  361.072113][T15230] veth0: entered promiscuous mode
[  361.100797][T15231] wg1 speed is unknown, defaulting to 1000
[  361.122888][T15231] lo speed is unknown, defaulting to 1000
[  361.735868][    C0] 0: reclassify loop, rule prio 0, protocol 800
[  361.830961][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  361.840635][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  361.850668][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  361.859543][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  361.867379][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  361.933753][T15251] vxlan0: entered promiscuous mode
[  361.940279][T15251] vxlan0: entered allmulticast mode
[  361.988759][ T3526] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  362.050216][ T3526] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  362.064789][ T3526] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  362.098823][ T3526] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  362.119073][T15244] wg1 speed is unknown, defaulting to 1000
[  362.127008][T15258] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  362.176934][T15244] lo speed is unknown, defaulting to 1000
[  362.402391][T15271] pim6reg1: entered promiscuous mode
[  362.441621][T15271] pim6reg1: entered allmulticast mode
[  362.672915][T15278] syzkaller0: entered promiscuous mode
[  362.681998][T15278] syzkaller0: entered allmulticast mode
[  362.733105][ T1317] batadv7: left allmulticast mode
[  362.745283][ T1317] batadv7: left promiscuous mode
[  362.758049][ T1317] bridge0: port 8(batadv7) entered disabled state
[  362.769880][ T1317] batadv6: left allmulticast mode
[  362.782622][ T1317] batadv6: left promiscuous mode
[  362.798144][ T1317] bridge0: port 7(batadv6) entered disabled state
[  362.808814][ T1317] batadv5: left allmulticast mode
[  362.813987][ T1317] batadv5: left promiscuous mode
[  362.819475][ T1317] bridge0: port 6(batadv5) entered disabled state
[  362.827722][ T1317] batadv4: left allmulticast mode
[  362.832777][ T1317] batadv4: left promiscuous mode
[  362.838129][ T1317] bridge0: port 5(batadv4) entered disabled state
[  362.846353][ T1317] batadv3: left allmulticast mode
[  362.851586][ T1317] batadv3: left promiscuous mode
[  362.858547][ T1317] bridge0: port 4(batadv3) entered disabled state
[  362.867529][ T1317] batadv2: left allmulticast mode
[  362.872672][ T1317] batadv2: left promiscuous mode
[  362.878309][ T1317] bridge0: port 2(batadv2) entered disabled state
[  362.887918][ T1317] batadv1: left allmulticast mode
[  362.892980][ T1317] batadv1: left promiscuous mode
[  362.898532][ T1317] bridge0: port 3(batadv1) entered disabled state
[  362.907488][ T1317] �x9�: left promiscuous mode
[  362.912438][ T1317] bridge0: port 1(
1�x9�) entered disabled state
[  363.166749][ T1317] bridge0 (unregistering): left promiscuous mode
[  363.518290][ T1317] tipc: Disabling bearer <eth:syzkaller0>
[  363.867552][ T1317] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  363.876542][ T1317] bond_slave_0: left promiscuous mode
[  363.883547][ T1317] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  363.892562][ T1317] bond_slave_1: left promiscuous mode
[  363.901257][ T1317] bond0 (unregistering): (slave team0): Releasing backup interface
[  363.909834][ T1317] team0: left promiscuous mode
[  363.914695][ T1317] team_slave_0: left promiscuous mode
[  363.920312][ T1317] team_slave_1: left promiscuous mode
[  363.926091][ T1317] veth0_virt_wifi: left promiscuous mode
[  363.934836][ T1317] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  363.943442][ T1317] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  363.951046][ T1317] bond0 (unregistering): Released all slaves
[  363.989364][ T5845] Bluetooth: hci5: command tx timeout
[  364.064558][ T1317] bond1 (unregistering): Released all slaves
[  364.164863][ T1317] bond2 (unregistering): (slave veth15): Releasing backup interface
[  364.173781][ T1317] bond2 (unregistering): Released all slaves
[  364.218910][T15244] chnl_net:caif_netlink_parms(): no params data found
[  364.341438][T15298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2829'.
[  364.358950][ T1317] tipc: Left network mode
[  364.408185][T15306] netlink: 19 bytes leftover after parsing attributes in process `syz.4.2831'.
[  364.621664][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2833'.
[  364.637998][T15244] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.647061][T15244] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.654799][T15244] bridge_slave_0: entered allmulticast mode
[  364.663590][T15244] bridge_slave_0: entered promiscuous mode
[  364.726613][T15244] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.733908][T15244] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.766022][T15244] bridge_slave_1: entered allmulticast mode
[  364.786016][T15244] bridge_slave_1: entered promiscuous mode
[  364.832182][T15316] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  364.923711][T15244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  364.952063][T15326] syzkaller0: entered promiscuous mode
[  364.963470][T15326] syzkaller0: entered allmulticast mode
[  365.024072][T15244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  365.063746][T15316] xt_CT: No such helper "netbios-ns"
[  365.078263][T15330] bond6: option min_links: invalid value (18446744073709551612)
[  365.086158][T15330] bond6: option min_links: allowed values 0 - 2147483647
[  365.095977][T15330] bond6 (unregistering): Released all slaves
[  365.109990][T15335] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2838'.
[  365.138672][T15320] wg1 speed is unknown, defaulting to 1000
[  365.174270][T15325] 8021q: adding VLAN 0 to HW filter on device bond6
[  365.228278][T15320] lo speed is unknown, defaulting to 1000
[  365.265175][T15244] team0: Port device team_slave_0 added
[  365.294943][ T1317] hsr_slave_0: left promiscuous mode
[  365.305785][ T1317] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.327396][ T1317] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.603497][T15345] sctp: [Deprecated]: syz.0.2841 (pid 15345) Use of int in maxseg socket option.
[  365.603497][T15345] Use struct sctp_assoc_value instead
[  365.718664][ T1317] team0 (unregistering): Port device veth0_virt_wifi removed
[  365.880973][ T1317] team0 (unregistering): Port device team_slave_1 removed
[  365.920628][ T1317] team0 (unregistering): Port device team_slave_0 removed
[  366.058149][ T5845] Bluetooth: hci5: command tx timeout
[  366.264973][T15244] team0: Port device team_slave_1 added
[  366.380255][T15244] batman_adv: batadv0: Adding interface: batadv_slave_0
[  366.395808][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  366.426480][T15244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  366.474538][T15244] batman_adv: batadv0: Adding interface: batadv_slave_1
[  366.481804][T15244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  366.508077][T15244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  366.520704][T15357] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  366.768716][T15244] hsr_slave_0: entered promiscuous mode
[  366.779837][T15244] hsr_slave_1: entered promiscuous mode
[  366.797129][T15244] debugfs: 'hsr0' already exists in 'hsr'
[  366.814432][T15244] Cannot create hsr debugfs directory
[  366.911000][T15373] xt_hashlimit: overflow, rate too high: 0
[  366.973240][T15373] Cannot find add_set index 2 as target
[  367.163397][T15379] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2851'.
[  367.210079][T15379] netlink: 'syz.3.2851': attribute type 2 has an invalid length.
[  367.266406][T15379] �9: entered promiscuous mode
[  367.293391][T15378] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2849'.
[  367.377830][ T1317] IPVS: stop unused estimator thread 0...
[  367.616247][T15391] syzkaller0: entered promiscuous mode
[  367.623672][T15391] syzkaller0: entered allmulticast mode
[  367.880817][T15400] wg1 speed is unknown, defaulting to 1000
[  368.034152][T15408] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  368.139757][ T5845] Bluetooth: hci5: command tx timeout
[  368.176554][T15396] lec:lec_atm_close: lec0: Shut down!
[  368.251622][T15414] wg1: entered promiscuous mode
[  368.261820][T15414] wg1: entered allmulticast mode
[  368.269856][ T5892] wg1 speed is unknown, defaulting to 1000
[  368.286520][ T5892] syz0: Port: 1 Link ACTIVE
[  368.372399][T15244] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  368.389868][T15244] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  368.405934][T15244] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  368.408244][T15417] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2864'.
[  368.438103][T15244] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  368.681242][T15436] bridge13: the hash_elasticity option has been deprecated and is always 16
[  368.719892][T15436] bridge13: entered allmulticast mode
[  368.760633][T15440] FAULT_INJECTION: forcing a failure.
[  368.760633][T15440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.795787][T15440] CPU: 0 UID: 0 PID: 15440 Comm: syz.4.2870 Not tainted syzkaller #0 PREEMPT(full) 
[  368.795813][T15440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  368.795828][T15440] Call Trace:
[  368.795835][T15440]  <TASK>
[  368.795843][T15440]  dump_stack_lvl+0x189/0x250
[  368.795871][T15440]  ? __pfx____ratelimit+0x10/0x10
[  368.795893][T15440]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.795916][T15440]  ? __pfx__printk+0x10/0x10
[  368.795935][T15440]  ? __might_fault+0xb0/0x130
[  368.795970][T15440]  should_fail_ex+0x414/0x560
[  368.796000][T15440]  _copy_from_user+0x2d/0xb0
[  368.796022][T15440]  ____sys_sendmsg+0x2fe/0x830
[  368.796048][T15440]  ? __pfx_____sys_sendmsg+0x10/0x10
[  368.796095][T15440]  ? import_iovec+0x74/0xa0
[  368.796126][T15440]  ___sys_sendmsg+0x21f/0x2a0
[  368.796147][T15440]  ? __pfx____sys_sendmsg+0x10/0x10
[  368.796210][T15440]  ? __might_fault+0xb0/0x130
[  368.796237][T15440]  __sys_sendmmsg+0x227/0x430
[  368.796261][T15440]  ? __pfx___sys_sendmmsg+0x10/0x10
[  368.796290][T15440]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  368.796332][T15440]  ? ksys_write+0x22a/0x250
[  368.796358][T15440]  ? __pfx_ksys_write+0x10/0x10
[  368.796389][T15440]  __x64_sys_sendmmsg+0xa0/0xc0
[  368.796411][T15440]  do_syscall_64+0xfa/0xfa0
[  368.796431][T15440]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.796453][T15440]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.796470][T15440]  ? clear_bhb_loop+0x60/0xb0
[  368.796492][T15440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.796512][T15440] RIP: 0033:0x7fd2bd58f6c9
[  368.796529][T15440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.796544][T15440] RSP: 002b:00007fd2bb7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  368.796564][T15440] RAX: ffffffffffffffda RBX: 00007fd2bd7e5fa0 RCX: 00007fd2bd58f6c9
[  368.796577][T15440] RDX: 0000000000000003 RSI: 0000200000000580 RDI: 0000000000000008
[  368.796589][T15440] RBP: 00007fd2bb7ee090 R08: 0000000000000000 R09: 0000000000000000
[  368.796600][T15440] R10: 0000000000000088 R11: 0000000000000246 R12: 0000000000000001
[  368.796610][T15440] R13: 00007fd2bd7e6038 R14: 00007fd2bd7e5fa0 R15: 00007ffc81c20278
[  368.796641][T15440]  </TASK>
[  368.847616][T15450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2873'.
[  368.892671][T15451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2871'.
[  369.149020][T15244] 8021q: adding VLAN 0 to HW filter on device bond0
[  369.199267][T15244] 8021q: adding VLAN 0 to HW filter on device team0
[  369.251398][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.258713][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.297665][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.304839][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  369.570327][T15476] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2880'.
[  369.669965][T15482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'.
[  369.741572][T15244] 8021q: adding VLAN 0 to HW filter on device batadv0
[  369.781616][T15486] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2883'.
[  369.874877][T15489] vlan2: entered promiscuous mode
[  370.025333][T15244] veth0_vlan: entered promiscuous mode
[  370.141939][T15244] veth1_vlan: entered promiscuous mode
[  370.159392][T15497] syzkaller0: left promiscuous mode
[  370.167121][T15497] syzkaller0: left allmulticast mode
[  370.217153][ T5845] Bluetooth: hci5: command tx timeout
[  370.271573][T15244] veth0_macvtap: entered promiscuous mode
[  370.307406][T15244] veth1_macvtap: entered promiscuous mode
[  370.379753][T15244] batman_adv: batadv0: Interface activated: batadv_slave_0
[  370.413063][T15504] FAULT_INJECTION: forcing a failure.
[  370.413063][T15504] name failslab, interval 1, probability 0, space 0, times 0
[  370.436657][T15504] CPU: 1 UID: 0 PID: 15504 Comm: syz.0.2888 Not tainted syzkaller #0 PREEMPT(full) 
[  370.436683][T15504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  370.436694][T15504] Call Trace:
[  370.436701][T15504]  <TASK>
[  370.436710][T15504]  dump_stack_lvl+0x189/0x250
[  370.436739][T15504]  ? __pfx____ratelimit+0x10/0x10
[  370.436762][T15504]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.436786][T15504]  ? __pfx__printk+0x10/0x10
[  370.436813][T15504]  ? __pfx___might_resched+0x10/0x10
[  370.436839][T15504]  should_fail_ex+0x414/0x560
[  370.436872][T15504]  should_failslab+0xa8/0x100
[  370.436893][T15504]  __kmalloc_noprof+0xcb/0x7f0
[  370.436915][T15504]  ? kfree+0x4d/0x6d0
[  370.436935][T15504]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  370.436976][T15504]  tomoyo_realpath_from_path+0xe3/0x5d0
[  370.437004][T15504]  ? tomoyo_domain+0xd9/0x130
[  370.437027][T15504]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  370.437050][T15504]  tomoyo_path_number_perm+0x1e8/0x5a0
[  370.437075][T15504]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  370.437140][T15504]  ? __fget_files+0x2a/0x420
[  370.437163][T15504]  ? __fget_files+0x3a0/0x420
[  370.437179][T15504]  ? __fget_files+0x2a/0x420
[  370.437198][T15504]  security_file_ioctl+0xcb/0x2d0
[  370.437221][T15504]  __se_sys_ioctl+0x47/0x170
[  370.437246][T15504]  do_syscall_64+0xfa/0xfa0
[  370.437267][T15504]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.437291][T15504]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.437309][T15504]  ? clear_bhb_loop+0x60/0xb0
[  370.437331][T15504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.437349][T15504] RIP: 0033:0x7fb9f018f6c9
[  370.437366][T15504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.437382][T15504] RSP: 002b:00007fb9f10e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.437401][T15504] RAX: ffffffffffffffda RBX: 00007fb9f03e5fa0 RCX: 00007fb9f018f6c9
[  370.437426][T15504] RDX: 00002000000001c0 RSI: 00000000000089f4 RDI: 0000000000000003
[  370.437438][T15504] RBP: 00007fb9f10e4090 R08: 0000000000000000 R09: 0000000000000000
[  370.437450][T15504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.437460][T15504] R13: 00007fb9f03e6038 R14: 00007fb9f03e5fa0 R15: 00007fff40564a68
[  370.437490][T15504]  </TASK>
[  370.437499][T15504] ERROR: Out of memory at tomoyo_realpath_from_path.
[  370.486969][T15503] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  370.493984][T15244] batman_adv: batadv0: Interface activated: batadv_slave_1
[  370.720368][ T1317] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  370.734848][ T1317] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  370.780343][ T1317] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  370.816428][ T1317] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  370.899711][T15514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2893'.
[  371.177726][T15521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2894'.
[  371.298763][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.317810][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.365442][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  371.369878][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.277985][T15562] wg1 speed is unknown, defaulting to 1000
[  372.353424][T15568] wg1 speed is unknown, defaulting to 1000
[  372.484873][T15580] __nla_validate_parse: 4 callbacks suppressed
[  372.484916][T15580] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2907'.
[  372.737451][T15576] wg1 speed is unknown, defaulting to 1000
[  373.049566][T15594] vlan2: entered promiscuous mode
[  373.303302][T15604] netlink: 'syz.3.2911': attribute type 16 has an invalid length.
[  373.328574][T15604] netlink: 'syz.3.2911': attribute type 17 has an invalid length.
[  373.361838][T15606] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2911'.
[  373.545301][T15604] tipc: Resetting bearer <eth:syzkaller0>
[  373.572261][T15604] veth0: left promiscuous mode
[  373.598320][ T5877] wg1 speed is unknown, defaulting to 1000
[  373.612384][ T5877] syz0: Port: 1 Link DOWN
[  374.001391][T15617] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2916'.
[  374.670350][T15639] bridge0: port 3(batadv1) entered blocking state
[  374.716011][T15639] bridge0: port 3(batadv1) entered disabled state
[  374.736421][T15639] batadv1: entered allmulticast mode
[  374.778828][T15639] batadv1: entered promiscuous mode
[  374.928803][T15646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2928'.
[  375.165869][   T36] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  375.175149][   T36] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  375.278831][T15656] netlink: 'syz.2.2930': attribute type 10 has an invalid length.
[  375.329444][T15658] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2931'.
[  375.367574][T15654] wg1 speed is unknown, defaulting to 1000
[  375.376285][T15658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2931'.
[  375.445151][T15657] wg1 speed is unknown, defaulting to 1000
[  375.545384][T15662] netlink: 'syz.0.2932': attribute type 12 has an invalid length.
[  375.558593][T15662] netlink: 'syz.0.2932': attribute type 29 has an invalid length.
[  375.566770][T15662] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2932'.
[  375.577786][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  375.587324][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  375.595844][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  375.617708][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  375.625807][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  375.737197][T15662] netlink: 'syz.0.2932': attribute type 12 has an invalid length.
[  375.745060][T15662] netlink: 'syz.0.2932': attribute type 29 has an invalid length.
[  375.753099][T15662] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2932'.
[  376.021840][T15663] wg1 speed is unknown, defaulting to 1000
[  376.229414][T15680] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  376.236738][T15680] IPv6: NLM_F_CREATE should be set when creating new route
[  376.244065][T15680] IPv6: NLM_F_CREATE should be set when creating new route
[  376.310777][T15684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2935'.
[  376.428070][T15680] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2937'.
[  376.514618][T15690] wg1 speed is unknown, defaulting to 1000
[  376.529103][T15663] chnl_net:caif_netlink_parms(): no params data found
[  376.689816][   T36] batadv5: left allmulticast mode
[  376.695125][   T36] batadv5: left promiscuous mode
[  376.701041][   T36] bridge0: port 3(batadv5) entered disabled state
[  376.717963][   T36] batadv4: left allmulticast mode
[  376.723152][   T36] batadv4: left promiscuous mode
[  376.729692][   T36] bridge0: port 2(batadv4) entered disabled state
[  376.746797][   T36] batadv3: left allmulticast mode
[  376.756369][   T36] batadv3: left promiscuous mode
[  376.764072][   T36] bridge0: port 1(batadv3) entered disabled state
[  376.860245][   T36] tipc: Resetting bearer <eth:syzkaller0>
[  377.268880][   T36] bond2 (unregistering): (slave gretap1): Releasing active interface
[  377.280410][   T36] gretap1 (unregistering): left allmulticast mode
[  377.745723][ T5834] Bluetooth: hci2: command tx timeout
[  378.199823][   T36] tipc: Disabling bearer <eth:syzkaller0>
[  378.396538][T15635] Set syz1 is full, maxelem 65536 reached
[  378.728553][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  378.737742][   T36] bond_slave_0: left promiscuous mode
[  378.744217][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  378.753575][   T36] bond_slave_1: left promiscuous mode
[  378.760316][   T36] bond0 (unregistering): (slave team0): Releasing backup interface
[  378.768664][   T36] team0: left promiscuous mode
[  378.773469][   T36] team_slave_0: left promiscuous mode
[  378.779781][   T36] team_slave_1: left promiscuous mode
[  378.786601][   T36] bond0 (unregistering): Released all slaves
[  378.891533][   T36] bond1 (unregistering): Released all slaves
[  378.997069][   T36] bond2 (unregistering): Released all slaves
[  379.018008][T15702] __nla_validate_parse: 3 callbacks suppressed
[  379.018026][T15702] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2941'.
[  379.226949][T15718] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2946'.
[  379.252500][   T36] tipc: Left network mode
[  379.272091][T15663] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.295349][T15663] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.305032][T15663] bridge_slave_0: entered allmulticast mode
[  379.325949][T15663] bridge_slave_0: entered promiscuous mode
[  379.375760][T15663] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.383540][T15663] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.393199][T15663] bridge_slave_1: entered allmulticast mode
[  379.422629][T15663] bridge_slave_1: entered promiscuous mode
[  379.521201][T15663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.559716][T15663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.589045][T15727] wg1 speed is unknown, defaulting to 1000
[  379.598762][T15729] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2948'.
[  379.686428][T15663] team0: Port device team_slave_0 added
[  379.695053][T15663] team0: Port device team_slave_1 added
[  379.815824][ T5834] Bluetooth: hci2: command tx timeout
[  379.949621][T15730] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  379.977341][T15731] wg1 speed is unknown, defaulting to 1000
[  380.021606][T15663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  380.044272][T15663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.072253][T15663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.099967][T15740] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2952'.
[  380.120948][T15663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.146215][T15663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.180162][T15663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.248334][T15746] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2954'.
[  380.347678][T15750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2956'.
[  380.374050][   T36] hsr_slave_0: left promiscuous mode
[  380.387216][   T36] hsr_slave_1: left promiscuous mode
[  380.400869][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.419049][T15754] netlink: 'syz.0.2956': attribute type 13 has an invalid length.
[  380.429004][   T36] ������: left allmulticast mode
[  380.600495][T15759] Bluetooth: MGMT ver 1.23
[  380.844622][T15761] Set syz1 is full, maxelem 65536 reached
[  380.900278][   T36] team0 (unregistering): Port device team_slave_1 removed
[  380.908540][T15762] netlink: 'syz.3.2958': attribute type 13 has an invalid length.
[  380.947665][   T36] team0 (unregistering): Port device team_slave_0 removed
[  381.357806][T15765] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2959'.
[  381.369295][T15761] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2958'.
[  381.514450][T15663] hsr_slave_0: entered promiscuous mode
[  381.530804][T15663] hsr_slave_1: entered promiscuous mode
[  381.578497][T15663] debugfs: 'hsr0' already exists in 'hsr'
[  381.584653][T15663] Cannot create hsr debugfs directory
[  381.604818][T15773] netlink: 'syz.2.2961': attribute type 10 has an invalid length.
[  381.659278][T15769] netlink: 'syz.2.2961': attribute type 10 has an invalid length.
[  381.669642][T15773] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.670202][T15769] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2961'.
[  381.690252][T15773] batadv0: entered promiscuous mode
[  381.698571][T15773] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  381.708545][T15769] batadv0: entered allmulticast mode
[  381.715386][T15769] bond0: (slave batadv0): Releasing backup interface
[  381.727243][T15769] bridge0: port 11(batadv0) entered blocking state
[  381.734133][T15769] bridge0: port 11(batadv0) entered disabled state
[  381.910014][ T5834] Bluetooth: hci2: command tx timeout
[  381.920730][T15771] wg1 speed is unknown, defaulting to 1000
[  382.114334][   T60] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  382.123632][   T60] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  382.171668][T15779] lo: entered promiscuous mode
[  382.188501][T15779] tunl0: entered promiscuous mode
[  382.205159][T15779] gre0: entered promiscuous mode
[  382.220160][T15779] gretap0: entered promiscuous mode
[  382.227663][T15779] erspan0: entered promiscuous mode
[  382.234986][T15779] ip_vti0: entered promiscuous mode
[  382.242129][T15779] ip6_vti0: entered promiscuous mode
[  382.249632][T15779] sit0: entered promiscuous mode
[  382.261952][T15779] ip6tnl0: entered promiscuous mode
[  382.269663][T15779] ip6gre0: entered promiscuous mode
[  382.278284][T15779] ip6gretap0: entered promiscuous mode
[  382.288030][T15779] vcan0: entered promiscuous mode
[  382.296769][T15779] 8021q: adding VLAN 0 to HW filter on device bond0
[  382.307666][T15779] 8021q: adding VLAN 0 to HW filter on device team0
[  382.315265][T15779] nlmon0: entered promiscuous mode
[  382.326041][T15779] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  382.421576][T15788] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2966'.
[  382.608916][   T36] IPVS: stop unused estimator thread 0...
[  382.684950][T15793] syzkaller0: left promiscuous mode
[  382.692888][T15793] syzkaller0: left allmulticast mode
[  382.711390][T15798] tipc: Started in network mode
[  382.724378][T15798] tipc: Node identity 4e22838ba5ba, cluster identity 4711
[  382.739803][T15798] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  382.773776][T15802] syzkaller0: entered promiscuous mode
[  382.788003][T15802] syzkaller0: entered allmulticast mode
[  382.833529][T15798] tipc: Resetting bearer <eth:syzkaller0>
[  382.852878][T15798] syzkaller0: tun_net_xmit 90
[  382.906082][    C1] 0: reclassify loop, rule prio 0, protocol 800
[  382.985663][    C1] syzkaller0: tun_net_xmit 90
[  383.043052][T15797] tipc: Resetting bearer <eth:syzkaller0>
[  383.082266][T15797] tipc: Disabling bearer <eth:syzkaller0>
[  383.148812][T15814] vlan1: entered promiscuous mode
[  383.238300][T15663] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  383.290131][T15820] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  383.297492][T15820] IPv6: NLM_F_CREATE should be set when creating new route
[  383.304772][T15820] IPv6: NLM_F_CREATE should be set when creating new route
[  383.329891][T15663] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  383.365833][    C1] 0: reclassify loop, rule prio 0, protocol 800
[  383.384034][T15663] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  383.432476][T15663] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  383.899365][T15663] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.986122][ T5834] Bluetooth: hci2: command tx timeout
[  384.060428][T15663] 8021q: adding VLAN 0 to HW filter on device team0
[  384.090153][ T3526] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.097357][ T3526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.127417][ T3526] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.134616][ T3526] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.204219][T15836] syzkaller0: entered promiscuous mode
[  384.210692][T15836] syzkaller0: entered allmulticast mode
[  384.232430][T15836] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  384.454303][T15838] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  384.515394][T15848] __nla_validate_parse: 2 callbacks suppressed
[  384.515412][T15848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2985'.
[  384.978927][T15870] vlan2: entered promiscuous mode
[  384.984216][T15870] bond0: entered promiscuous mode
[  384.991189][T15870] bond_slave_0: entered promiscuous mode
[  384.997625][T15870] bond_slave_1: entered promiscuous mode
[  385.307745][T15663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.400719][T15882] FAULT_INJECTION: forcing a failure.
[  385.400719][T15882] name failslab, interval 1, probability 0, space 0, times 0
[  385.432002][T15882] CPU: 1 UID: 0 PID: 15882 Comm: syz.3.2992 Not tainted syzkaller #0 PREEMPT(full) 
[  385.432029][T15882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  385.432040][T15882] Call Trace:
[  385.432049][T15882]  <TASK>
[  385.432059][T15882]  dump_stack_lvl+0x189/0x250
[  385.432089][T15882]  ? __pfx____ratelimit+0x10/0x10
[  385.432112][T15882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.432136][T15882]  ? __pfx__printk+0x10/0x10
[  385.432159][T15882]  ? __pfx___might_resched+0x10/0x10
[  385.432183][T15882]  should_fail_ex+0x414/0x560
[  385.432214][T15882]  should_failslab+0xa8/0x100
[  385.432232][T15882]  __kmalloc_node_track_caller_noprof+0xcd/0x800
[  385.432255][T15882]  ? alloc_vfsmnt+0xeb/0x430
[  385.432283][T15882]  kstrdup+0x42/0x100
[  385.432303][T15882]  alloc_vfsmnt+0xeb/0x430
[  385.432326][T15882]  clone_mnt+0x4b/0x9a0
[  385.432345][T15882]  ? do_raw_spin_unlock+0x122/0x240
[  385.432371][T15882]  copy_tree+0x3d4/0x930
[  385.432401][T15882]  copy_mnt_ns+0x19d/0x870
[  385.432424][T15882]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  385.432446][T15882]  ? create_new_namespaces+0x31/0x720
[  385.432467][T15882]  create_new_namespaces+0xd1/0x720
[  385.432488][T15882]  ? bpf_lsm_capable+0x9/0x20
[  385.432509][T15882]  ? security_capable+0x7e/0x2e0
[  385.432539][T15882]  unshare_nsproxy_namespaces+0x11c/0x170
[  385.432561][T15882]  ksys_unshare+0x4c8/0x8c0
[  385.432589][T15882]  ? __pfx_ksys_unshare+0x10/0x10
[  385.432608][T15882]  ? ksys_write+0x22a/0x250
[  385.432634][T15882]  ? __pfx_ksys_write+0x10/0x10
[  385.432675][T15882]  __x64_sys_unshare+0x38/0x50
[  385.432695][T15882]  do_syscall_64+0xfa/0xfa0
[  385.432718][T15882]  ? lockdep_hardirqs_on+0x9c/0x150
[  385.432741][T15882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.432758][T15882]  ? clear_bhb_loop+0x60/0xb0
[  385.432780][T15882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.432797][T15882] RIP: 0033:0x7f330178f6c9
[  385.432815][T15882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.432831][T15882] RSP: 002b:00007f33025d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  385.432854][T15882] RAX: ffffffffffffffda RBX: 00007f33019e5fa0 RCX: 00007f330178f6c9
[  385.432869][T15882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  385.432881][T15882] RBP: 00007f33025d7090 R08: 0000000000000000 R09: 0000000000000000
[  385.432893][T15882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  385.432904][T15882] R13: 00007f33019e6038 R14: 00007f33019e5fa0 R15: 00007ffc2fa91dd8
[  385.432938][T15882]  </TASK>
[  386.111850][T15663] veth0_vlan: entered promiscuous mode
[  386.162585][T15663] veth1_vlan: entered promiscuous mode
[  386.217324][T15898] bond1: Unable to set down delay as MII monitoring is disabled
[  386.227410][T15898] bond1 (unregistering): Released all slaves
[  386.270006][T15896] syzkaller0: entered promiscuous mode
[  386.275714][T15896] syzkaller0: entered allmulticast mode
[  386.300320][T15663] veth0_macvtap: entered promiscuous mode
[  386.343040][T15663] veth1_macvtap: entered promiscuous mode
[  386.366335][T15896] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  386.377060][T15896] tipc: Enabled bearer <udp:syz0>, priority 10
[  386.400800][T15663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.469760][T15663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.490998][T15908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2998'.
[  386.552666][ T1338] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.588041][ T1338] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.618168][ T1338] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.638810][ T1338] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.801910][T15917] bridge0: port 12(batadv10) entered blocking state
[  386.819586][T15917] bridge0: port 12(batadv10) entered disabled state
[  386.829716][T15917] batadv10: entered allmulticast mode
[  386.838085][T15917] batadv10: entered promiscuous mode
[  386.864112][T15919] vlan3: entered allmulticast mode
[  386.873534][T15919] macvtap0: entered allmulticast mode
[  386.916110][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  386.924173][T15920] lo: Caught tx_queue_len zero misconfig
[  386.932329][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.021378][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.032194][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.285967][   T36] batman_adv: batadv10: No IGMP Querier present - multicast optimizations disabled
[  387.295396][   T36] batman_adv: batadv10: No MLD Querier present - multicast optimizations disabled
[  387.389561][T15932] vlan3: entered promiscuous mode
[  387.426198][    T9] ==================================================================
[  387.434295][    T9] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x37/0x170
[  387.442197][    T9] Write of size 4 at addr ffff88805d321c24 by task kworker/0:0/9
[  387.449922][    T9] 
[  387.452256][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) 
[  387.452279][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  387.452292][    T9] Workqueue: mld mld_ifc_work
[  387.452319][    T9] Call Trace:
[  387.452327][    T9]  <TASK>
[  387.452337][    T9]  dump_stack_lvl+0x189/0x250
[  387.452362][    T9]  ? __virt_addr_valid+0x1c8/0x5c0
[  387.452385][    T9]  ? rcu_is_watching+0x15/0xb0
[  387.452404][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  387.452426][    T9]  ? rcu_is_watching+0x15/0xb0
[  387.452445][    T9]  ? lock_release+0x4b/0x3e0
[  387.452462][    T9]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  387.452485][    T9]  ? __virt_addr_valid+0x1c8/0x5c0
[  387.452506][    T9]  ? __virt_addr_valid+0x4a5/0x5c0
[  387.452529][    T9]  print_report+0xca/0x240
[  387.452549][    T9]  ? sk_skb_reason_drop+0x37/0x170
[  387.452567][    T9]  kasan_report+0x118/0x150
[  387.452586][    T9]  ? sk_skb_reason_drop+0x37/0x170
[  387.452607][    T9]  kasan_check_range+0x2b0/0x2c0
[  387.452626][    T9]  sk_skb_reason_drop+0x37/0x170
[  387.452645][    T9]  dev_kfree_skb_any_reason+0x111/0x120
[  387.452666][    T9]  ? __pfx_dev_kfree_skb_any_reason+0x10/0x10
[  387.452687][    T9]  ? netif_skb_features+0xa69/0x1540
[  387.452709][    T9]  team_dummy_transmit+0x1a/0x30
[  387.452731][    T9]  team_xmit+0x2e9/0x490
[  387.452756][    T9]  ? __pfx_team_xmit+0x10/0x10
[  387.452780][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  387.452807][    T9]  __dev_queue_xmit+0x172a/0x3740
[  387.452827][    T9]  ? __lock_acquire+0xab9/0xd20
[  387.452850][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  387.452872][    T9]  ? get_random_u16+0x48e/0x940
[  387.452890][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.452912][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  387.452935][    T9]  ? __pfx_get_random_u16+0x10/0x10
[  387.452950][    T9]  ? cake_overhead+0xc78/0x1500
[  387.452980][    T9]  ? __pfx_bond_get_slave_by_id+0x10/0x10
[  387.453003][    T9]  ? netdev_lower_get_next_private_rcu+0xd6/0x100
[  387.453030][    T9]  bond_start_xmit+0xdc7/0x1a10
[  387.453049][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.453073][    T9]  ? bond_start_xmit+0xf8/0x1a10
[  387.453091][    T9]  ? __pfx_bond_start_xmit+0x10/0x10
[  387.453108][    T9]  ? netif_skb_features+0xa69/0x1540
[  387.453127][    T9]  ? validate_xmit_xfrm+0xbf/0x1160
[  387.453155][    T9]  ? __pfx_validate_xmit_xfrm+0x10/0x10
[  387.453186][    T9]  ? cake_dequeue+0x4009/0x4ab0
[  387.453203][    T9]  ? __skb_flow_dissect+0x22d5/0x68b0
[  387.453225][    T9]  ? validate_xmit_skb+0xbc1/0x1270
[  387.453248][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  387.453275][    T9]  sch_direct_xmit+0x241/0x4b0
[  387.453302][    T9]  ? __pfx_sch_direct_xmit+0x10/0x10
[  387.453330][    T9]  __qdisc_run+0xb16/0x15f0
[  387.453362][    T9]  qdisc_run+0xc5/0x290
[  387.453386][    T9]  __dev_queue_xmit+0x1b21/0x3740
[  387.453407][    T9]  ? ret_from_fork_asm+0x1a/0x30
[  387.453428][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  387.453448][    T9]  ? stack_depot_save_flags+0x40/0x860
[  387.453473][    T9]  ? unwind_next_frame+0x19ae/0x2390
[  387.453496][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  387.453515][    T9]  ? kasan_record_aux_stack+0xbd/0xd0
[  387.453537][    T9]  ? mld_sendpack+0x8d4/0xe60
[  387.453560][    T9]  ? mld_ifc_work+0x83e/0xd60
[  387.453581][    T9]  ? process_scheduled_works+0xae1/0x17b0
[  387.453600][    T9]  ? worker_thread+0x8a0/0xda0
[  387.453618][    T9]  ? kthread+0x711/0x8a0
[  387.453638][    T9]  ? ret_from_fork+0x4bc/0x870
[  387.453657][    T9]  ? skb_network_protocol+0x508/0x760
[  387.453678][    T9]  ? __pfx_skb_network_protocol+0x10/0x10
[  387.453704][    T9]  ? validate_xmit_xfrm+0xbf/0x1160
[  387.453732][    T9]  vlan_dev_hard_start_xmit+0x346/0x5e0
[  387.453754][    T9]  ? __pfx_vlan_dev_hard_start_xmit+0x10/0x10
[  387.453777][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  387.453804][    T9]  __dev_queue_xmit+0x172a/0x3740
[  387.453824][    T9]  ? look_up_lock_class+0x74/0x170
[  387.453847][    T9]  ? register_lock_class+0x51/0x320
[  387.453867][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  387.453892][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  387.453914][    T9]  ? read_seqbegin+0x122/0x250
[  387.453936][    T9]  ? neigh_connected_output+0x1ea/0x460
[  387.453957][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.453978][    T9]  ? read_seqbegin+0x1ac/0x250
[  387.453999][    T9]  ? __pfx_read_seqbegin+0x10/0x10
[  387.454019][    T9]  ? eth_header+0x11b/0x200
[  387.454036][    T9]  ? __asan_memcpy+0x40/0x70
[  387.454069][    T9]  ip6_finish_output2+0xfb3/0x1480
[  387.454100][    T9]  ? __pfx_ip6_finish_output2+0x10/0x10
[  387.454124][    T9]  ? ip6_mtu+0x7d/0x490
[  387.454163][    T9]  ? ip6_mtu+0x38c/0x490
[  387.454191][    T9]  ? ip6_finish_output+0x2ef/0x4e0
[  387.454212][    T9]  ? ip6_output+0x126/0x550
[  387.454233][    T9]  ip6_output+0x340/0x550
[  387.454258][    T9]  NF_HOOK+0x9e/0x380
[  387.454281][    T9]  ? NF_HOOK+0x101/0x380
[  387.454303][    T9]  ? __pfx_NF_HOOK+0x10/0x10
[  387.454328][    T9]  ? __pfx_dst_output+0x10/0x10
[  387.454350][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[  387.454373][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[  387.454398][    T9]  mld_sendpack+0x8d4/0xe60
[  387.454429][    T9]  ? mld_sendpack+0x1e7/0xe60
[  387.454453][    T9]  ? __pfx_mld_sendpack+0x10/0x10
[  387.454486][    T9]  mld_ifc_work+0x83e/0xd60
[  387.454510][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  387.454530][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  387.454549][    T9]  process_scheduled_works+0xae1/0x17b0
[  387.454581][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  387.454608][    T9]  worker_thread+0x8a0/0xda0
[  387.454639][    T9]  kthread+0x711/0x8a0
[  387.454662][    T9]  ? __pfx_worker_thread+0x10/0x10
[  387.454678][    T9]  ? __pfx_kthread+0x10/0x10
[  387.454699][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  387.454719][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.454740][    T9]  ? __pfx_kthread+0x10/0x10
[  387.454762][    T9]  ret_from_fork+0x4bc/0x870
[  387.454782][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  387.454802][    T9]  ? __switch_to_asm+0x39/0x70
[  387.454817][    T9]  ? __switch_to_asm+0x33/0x70
[  387.454833][    T9]  ? __pfx_kthread+0x10/0x10
[  387.454855][    T9]  ret_from_fork_asm+0x1a/0x30
[  387.454879][    T9]  </TASK>
[  387.454887][    T9] 
[  388.048334][    T9] Allocated by task 9:
[  388.052382][    T9]  kasan_save_track+0x3e/0x80
[  388.057053][    T9]  __kasan_slab_alloc+0x6c/0x80
[  388.062024][    T9]  kmem_cache_alloc_node_noprof+0x433/0x710
[  388.068551][    T9]  __alloc_skb+0x112/0x2d0
[  388.073548][    T9]  mld_newpack+0x13c/0xc40
[  388.078153][    T9]  add_grhead+0x5a/0x2a0
[  388.082489][    T9]  add_grec+0x1452/0x1740
[  388.086914][    T9]  mld_ifc_work+0x6ed/0xd60
[  388.091424][    T9]  process_scheduled_works+0xae1/0x17b0
[  388.096953][    T9]  worker_thread+0x8a0/0xda0
[  388.101624][    T9]  kthread+0x711/0x8a0
[  388.105679][    T9]  ret_from_fork+0x4bc/0x870
[  388.110374][    T9]  ret_from_fork_asm+0x1a/0x30
[  388.115140][    T9] 
[  388.117460][    T9] Freed by task 9:
[  388.121157][    T9]  kasan_save_track+0x3e/0x80
[  388.125834][    T9]  __kasan_save_free_info+0x46/0x50
[  388.131027][    T9]  __kasan_slab_free+0x5c/0x80
[  388.135845][    T9]  kmem_cache_free_bulk+0xb0c/0xdb0
[  388.141032][    T9]  kfree_skb_list_reason+0x3eb/0x460
[  388.146299][    T9]  __dev_queue_xmit+0x1fb7/0x3740
[  388.151305][    T9]  team_xmit+0x247/0x490
[  388.155531][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.160727][    T9]  __dev_queue_xmit+0x172a/0x3740
[  388.165754][    T9]  bond_start_xmit+0xdc7/0x1a10
[  388.170600][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.175715][    T9]  sch_direct_xmit+0x241/0x4b0
[  388.180480][    T9]  __qdisc_run+0xb16/0x15f0
[  388.184972][    T9]  qdisc_run+0xc5/0x290
[  388.189113][    T9]  __dev_queue_xmit+0x1b21/0x3740
[  388.194120][    T9]  vlan_dev_hard_start_xmit+0x346/0x5e0
[  388.199647][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.204742][    T9]  __dev_queue_xmit+0x172a/0x3740
[  388.209773][    T9]  ip6_finish_output2+0xfb3/0x1480
[  388.214886][    T9]  ip6_output+0x340/0x550
[  388.219289][    T9]  NF_HOOK+0x9e/0x380
[  388.223321][    T9]  mld_sendpack+0x8d4/0xe60
[  388.227851][    T9]  mld_ifc_work+0x83e/0xd60
[  388.232355][    T9]  process_scheduled_works+0xae1/0x17b0
[  388.237904][    T9]  worker_thread+0x8a0/0xda0
[  388.242577][    T9]  kthread+0x711/0x8a0
[  388.246850][    T9]  ret_from_fork+0x4bc/0x870
[  388.251442][    T9]  ret_from_fork_asm+0x1a/0x30
[  388.256187][    T9] 
[  388.258696][    T9] The buggy address belongs to the object at ffff88805d321b40
[  388.258696][    T9]  which belongs to the cache skbuff_head_cache of size 240
[  388.273365][    T9] The buggy address is located 228 bytes inside of
[  388.273365][    T9]  freed 240-byte region [ffff88805d321b40, ffff88805d321c30)
[  388.287296][    T9] 
[  388.289742][    T9] The buggy address belongs to the physical page:
[  388.296164][    T9] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d321
[  388.304907][    T9] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  388.312430][    T9] page_type: f5(slab)
[  388.316396][    T9] raw: 00fff00000000000 ffff88801dee4a00 0000000000000000 dead000000000001
[  388.324961][    T9] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[  388.333546][    T9] page dumped because: kasan: bad access detected
[  388.340034][    T9] page_owner tracks the page as allocated
[  388.345726][    T9] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15521, tgid 15516 (syz.0.2894), ts 372211489082, free_ts 368716102711
[  388.365358][    T9]  post_alloc_hook+0x240/0x2a0
[  388.370116][    T9]  get_page_from_freelist+0x2365/0x2440
[  388.375647][    T9]  __alloc_frozen_pages_noprof+0x181/0x370
[  388.381452][    T9]  alloc_pages_mpol+0x232/0x4a0
[  388.386290][    T9]  allocate_slab+0x96/0x350
[  388.390789][    T9]  ___slab_alloc+0xe94/0x18a0
[  388.395452][    T9]  __slab_alloc+0x65/0x100
[  388.399847][    T9]  kmem_cache_alloc_node_noprof+0x4c5/0x710
[  388.405727][    T9]  __alloc_skb+0x112/0x2d0
[  388.410131][    T9]  xfrm_send_acquire+0x154/0xee0
[  388.415046][    T9]  km_query+0x11c/0x210
[  388.419193][    T9]  xfrm_state_find+0x3bca/0x5400
[  388.424111][    T9]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  388.430248][    T9]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  388.435641][    T9]  xfrm_lookup_route+0x3c/0x1c0
[  388.440475][    T9]  udp_sendmsg+0x142e/0x2170
[  388.445042][    T9] page last free pid 5830 tgid 5830 stack trace:
[  388.451346][    T9]  __free_frozen_pages+0xbc4/0xd30
[  388.456445][    T9]  tlb_remove_table_rcu+0x85/0x100
[  388.461538][    T9]  rcu_core+0xcab/0x1770
[  388.465762][    T9]  handle_softirqs+0x286/0x870
[  388.470506][    T9]  __irq_exit_rcu+0xca/0x1f0
[  388.475100][    T9]  irq_exit_rcu+0x9/0x30
[  388.479327][    T9]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  388.484944][    T9]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  388.490908][    T9] 
[  388.493230][    T9] Memory state around the buggy address:
[  388.498836][    T9]  ffff88805d321b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  388.506876][    T9]  ffff88805d321b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  388.514987][    T9] >ffff88805d321c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  388.523025][    T9]                                ^
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  388.528119][    T9]  ffff88805d321c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  388.536163][    T9]  ffff88805d321d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  388.544218][    T9] ==================================================================
[  388.552486][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  388.559679][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT(full) 
[  388.568797][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  388.578860][    T9] Workqueue: mld mld_ifc_work
[  388.583539][    T9] Call Trace:
[  388.586800][    T9]  <TASK>
[  388.589720][    T9]  dump_stack_lvl+0x99/0x250
[  388.594300][    T9]  ? __asan_memcpy+0x40/0x70
[  388.598878][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.604067][    T9]  ? __pfx__printk+0x10/0x10
[  388.608655][    T9]  vpanic+0x237/0x6d0
[  388.612644][    T9]  ? __pfx_vpanic+0x10/0x10
[  388.617238][    T9]  panic+0xb9/0xc0
[  388.620950][    T9]  ? __pfx_panic+0x10/0x10
[  388.625354][    T9]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  388.631242][    T9]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  388.637121][    T9]  ? is_module_address+0x17/0xf0
[  388.642047][    T9]  ? sk_skb_reason_drop+0x37/0x170
[  388.647143][    T9]  check_panic_on_warn+0x89/0xb0
[  388.652072][    T9]  ? sk_skb_reason_drop+0x37/0x170
[  388.657168][    T9]  end_report+0x78/0x160
[  388.661587][    T9]  kasan_report+0x129/0x150
[  388.666095][    T9]  ? sk_skb_reason_drop+0x37/0x170
[  388.671204][    T9]  kasan_check_range+0x2b0/0x2c0
[  388.676131][    T9]  sk_skb_reason_drop+0x37/0x170
[  388.681081][    T9]  dev_kfree_skb_any_reason+0x111/0x120
[  388.686618][    T9]  ? __pfx_dev_kfree_skb_any_reason+0x10/0x10
[  388.692667][    T9]  ? netif_skb_features+0xa69/0x1540
[  388.697939][    T9]  team_dummy_transmit+0x1a/0x30
[  388.702880][    T9]  team_xmit+0x2e9/0x490
[  388.707136][    T9]  ? __pfx_team_xmit+0x10/0x10
[  388.711905][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.717029][    T9]  __dev_queue_xmit+0x172a/0x3740
[  388.722039][    T9]  ? __lock_acquire+0xab9/0xd20
[  388.726875][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  388.731973][    T9]  ? get_random_u16+0x48e/0x940
[  388.736805][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.741990][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  388.747359][    T9]  ? __pfx_get_random_u16+0x10/0x10
[  388.752549][    T9]  ? cake_overhead+0xc78/0x1500
[  388.757412][    T9]  ? __pfx_bond_get_slave_by_id+0x10/0x10
[  388.763124][    T9]  ? netdev_lower_get_next_private_rcu+0xd6/0x100
[  388.769527][    T9]  bond_start_xmit+0xdc7/0x1a10
[  388.774364][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.779561][    T9]  ? bond_start_xmit+0xf8/0x1a10
[  388.784483][    T9]  ? __pfx_bond_start_xmit+0x10/0x10
[  388.789750][    T9]  ? netif_skb_features+0xa69/0x1540
[  388.795019][    T9]  ? validate_xmit_xfrm+0xbf/0x1160
[  388.800208][    T9]  ? __pfx_validate_xmit_xfrm+0x10/0x10
[  388.805756][    T9]  ? cake_dequeue+0x4009/0x4ab0
[  388.810602][    T9]  ? __skb_flow_dissect+0x22d5/0x68b0
[  388.815965][    T9]  ? validate_xmit_skb+0xbc1/0x1270
[  388.821180][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.826283][    T9]  sch_direct_xmit+0x241/0x4b0
[  388.831038][    T9]  ? __pfx_sch_direct_xmit+0x10/0x10
[  388.836312][    T9]  __qdisc_run+0xb16/0x15f0
[  388.840813][    T9]  qdisc_run+0xc5/0x290
[  388.844955][    T9]  __dev_queue_xmit+0x1b21/0x3740
[  388.849974][    T9]  ? ret_from_fork_asm+0x1a/0x30
[  388.854898][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  388.860232][    T9]  ? stack_depot_save_flags+0x40/0x860
[  388.865887][    T9]  ? unwind_next_frame+0x19ae/0x2390
[  388.871170][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  388.876629][    T9]  ? kasan_record_aux_stack+0xbd/0xd0
[  388.882106][    T9]  ? mld_sendpack+0x8d4/0xe60
[  388.886886][    T9]  ? mld_ifc_work+0x83e/0xd60
[  388.891560][    T9]  ? process_scheduled_works+0xae1/0x17b0
[  388.897277][    T9]  ? worker_thread+0x8a0/0xda0
[  388.902217][    T9]  ? kthread+0x711/0x8a0
[  388.906536][    T9]  ? ret_from_fork+0x4bc/0x870
[  388.911307][    T9]  ? skb_network_protocol+0x508/0x760
[  388.916690][    T9]  ? __pfx_skb_network_protocol+0x10/0x10
[  388.922415][    T9]  ? validate_xmit_xfrm+0xbf/0x1160
[  388.927613][    T9]  vlan_dev_hard_start_xmit+0x346/0x5e0
[  388.933145][    T9]  ? __pfx_vlan_dev_hard_start_xmit+0x10/0x10
[  388.939211][    T9]  dev_hard_start_xmit+0x2d7/0x830
[  388.944516][    T9]  __dev_queue_xmit+0x172a/0x3740
[  388.949611][    T9]  ? look_up_lock_class+0x74/0x170
[  388.954808][    T9]  ? register_lock_class+0x51/0x320
[  388.960461][    T9]  ? __dev_queue_xmit+0x284/0x3740
[  388.965694][    T9]  ? __pfx___dev_queue_xmit+0x10/0x10
[  388.971293][    T9]  ? read_seqbegin+0x122/0x250
[  388.976063][    T9]  ? neigh_connected_output+0x1ea/0x460
[  388.981628][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.986861][    T9]  ? read_seqbegin+0x1ac/0x250
[  388.991721][    T9]  ? __pfx_read_seqbegin+0x10/0x10
[  388.997012][    T9]  ? eth_header+0x11b/0x200
[  389.001889][    T9]  ? __asan_memcpy+0x40/0x70
[  389.006494][    T9]  ip6_finish_output2+0xfb3/0x1480
[  389.011626][    T9]  ? __pfx_ip6_finish_output2+0x10/0x10
[  389.017173][    T9]  ? ip6_mtu+0x7d/0x490
[  389.021315][    T9]  ? ip6_mtu+0x38c/0x490
[  389.025653][    T9]  ? ip6_finish_output+0x2ef/0x4e0
[  389.030756][    T9]  ? ip6_output+0x126/0x550
[  389.035297][    T9]  ip6_output+0x340/0x550
[  389.039685][    T9]  NF_HOOK+0x9e/0x380
[  389.043671][    T9]  ? NF_HOOK+0x101/0x380
[  389.047906][    T9]  ? __pfx_NF_HOOK+0x10/0x10
[  389.052507][    T9]  ? __pfx_dst_output+0x10/0x10
[  389.057461][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[  389.062418][    T9]  ? icmp6_dst_alloc+0x3a5/0x420
[  389.067436][    T9]  mld_sendpack+0x8d4/0xe60
[  389.071938][    T9]  ? mld_sendpack+0x1e7/0xe60
[  389.076615][    T9]  ? __pfx_mld_sendpack+0x10/0x10
[  389.081658][    T9]  mld_ifc_work+0x83e/0xd60
[  389.086183][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.091389][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  389.097206][    T9]  process_scheduled_works+0xae1/0x17b0
[  389.102752][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  389.108722][    T9]  worker_thread+0x8a0/0xda0
[  389.113308][    T9]  kthread+0x711/0x8a0
[  389.117364][    T9]  ? __pfx_worker_thread+0x10/0x10
[  389.122461][    T9]  ? __pfx_kthread+0x10/0x10
[  389.127057][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.132242][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  389.137428][    T9]  ? __pfx_kthread+0x10/0x10
[  389.142081][    T9]  ret_from_fork+0x4bc/0x870
[  389.146656][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  389.151753][    T9]  ? __switch_to_asm+0x39/0x70
[  389.156586][    T9]  ? __switch_to_asm+0x33/0x70
[  389.161329][    T9]  ? __pfx_kthread+0x10/0x10
[  389.165968][    T9]  ret_from_fork_asm+0x1a/0x30
[  389.170732][    T9]  </TASK>
[  389.174006][    T9] Kernel Offset: disabled
[  389.178313][    T9] Rebooting in 86400 seconds..