last executing test programs:

15.607729089s ago: executing program 0 (id=3067):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$kcm(0x29, 0x5, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002240)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000002500)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000040)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) (fail_nth: 3)

15.420544724s ago: executing program 0 (id=3070):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="94000000", @ANYRES16=r2, @ANYBLOB="010027bd7000ffdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="08007700ff01000054002d801e00"], 0x94}, 0x1, 0x0, 0x0, 0x24008010}, 0x4000004)

15.161492238s ago: executing program 0 (id=3073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001400)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r0, @ANYRESDEC=r0], 0x44}}, 0x48000)
r1 = socket(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
sendfile(r3, r3, 0x0, 0x6)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

15.021472339s ago: executing program 0 (id=3075):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
r3 = socket(0x10, 0x803, 0x6)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14c, r4, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe2, 0xa8, @random="8e682404c6457566ce14b060a6c6034b1e02a1f4315038fb8bbbcc8a53c4a4956fb1254c25385d34562c1921675a648ea1377fc4916bf2686a22282b01f3a56ad7fc756b91391c8bd3364618135e9204be2cf82925b6b6025cee06d5cdc7d2e8d883291c613a02306a1f56e191bb57abab83e2394c06d05a48c201c33031b62db87afcfdcad54b9d7bd874a5fd57c63d4bb006bfce26f5e2eb370ba4e462ffe22c0f26630e94877b12318f74e10d6d06179ab58e615353f6534c0a0fd688de7366ef364c2b8ecb76a0ced65e3b1d6847eda8210de9cc82d66d5ffcd28f32"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xffffffffffffffff}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xb}]}, 0x14c}, 0x1, 0x0, 0x0, 0x20004000}, 0x8010)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001})

14.793297739s ago: executing program 0 (id=3079):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7daa00000000000071101500000040009500000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000140)=@pppoe={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'wg1\x00'}}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000001c0)="2a1bc43ec5f0919d02d7258edefdd79495b61208bfa1de40307f7d96a1fa96282148d690014c850d96ef192d372a8b913372e94e4530fe5ad378d579", 0x3c}, {&(0x7f0000000200)="8b98c4974a738997419c7cb8f7a0af39df88f3db05965cf91496ee2f92204bd05b15c1c10c72836409e35e5ed2efa4e14a7176dc0151826092a6de5efa0a2a9e2bb7ea15b7698f8f31a9acfe7ee55c6cfc70a7835b7517fb45c6d445b658f32890beff260fc79cd954b1917673b5e973582f4b4c1d9e78f124ffc4277b77de34a8e72d287833d763532e596fcd791eba52d5fc5713bef01f4c7bcd70cec01c5ab12af4bf7a05d9c4fe49ba122d5561b0f57cbb812a04bed234bfa0918e6e3ae940588a290d98775601a73b303dd1a8337ef74685a0a9e201f986e5c74203884f4557c651a46b2cfa490528fde6f6b2a55d125aa8de2b9423", 0xf8}, {&(0x7f0000000300)="dd2057b8346cd7d225d9c9e47683e9e769c1f3ce6aee75753636bc808eae3ddcbda3784fc664b8ea1c6b0760b9a45d2dc9b8e33b9d138c87b8142e00fb4d6314be8718b71d628e1bae48697242ebe0081386c3f81ea4752e4e317778b779382b49877c23f22929bd71867c9aa33b65b1b5a7c65611c8392e39126dce1ced5334bcc6c4e6", 0x84}], 0x3}, 0x10)
getsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, &(0x7f00000000c0))
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={0x1, &(0x7f0000000040)="4ef77e6c45decd95b6de11f2c1c9fd16677c03bf5aac268ff10ddecd4d9a96dad779c4b954786a9e228f01e69b5b1178b5fc9d239cd0778117cce29238180f8c4ca8fa7570e9cd8a0998fe4d9f0345ab451fcaa529", &(0x7f00000000c0)=""/62}, 0x20)

14.664301894s ago: executing program 0 (id=3081):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000b00)={r2, r1, 0x25, 0x8, @val=@tcx={@void, @value=r2}}, 0x1c)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x6, &(0x7f0000000dc0)=0x5, 0x4)
sendmsg$netlink(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)={0xe0, 0x10, 0x509, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @generic="4fffb619b45f0877ddd00f05b457a65d54acc046575978fa63c84996f91dfab8f854f66770283b1088bfc185ff58091c43079ec6138ced26654e47f46b51bfd31de4c10572ee0d3e151a33e56aa57e2294f686849277bbba3266a2ec4f4679efde8cf247ef4edee54f85ac023655a75cf5aaa9fc7b3e00a70d007ef1437aaabca2e4a82a093dde658a28be78e5e7668201c2dc09bdf4e2eee54fb4ae974dec1d5579c96a7d4612dacf994e7757204be487b87ffca2c4ec54", @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}]}, 0xe0}], 0x1}, 0x0)

3.23443327s ago: executing program 1 (id=3179):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c0008"], 0x34}}, 0x400c010)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="2400000020000103000000000000000080"], 0x24}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x20, r2, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}}, 0x880)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)

2.156035468s ago: executing program 1 (id=3184):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x500}}], 0x2, 0x0)

1.936778974s ago: executing program 4 (id=3187):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46e8953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000000003626165866c154e2514890000b515a1000000000000000eb2e9c15b6c8f6198282d0086fa0000c2ccf3f6d69cfcf1e15ea7a9e57aee78e12ace55736fa42811654e19a7e9b531636794a718b4766d744263b6681da2b2204d848619a3eb62e77460c048df8e72bfe31438163ec4270439b350274e5aa941bfc32ce08e3790dfb0c59bbe45cd27264669c187eed6d67b3be191137814bcb226b2078a1bc45502705d538d8723113445b08b0ac8dc2dfa17fd79ed5fd33b14b0adabf72df024dcde1ef330b927ce1a80474ce4f99a292c71456ec1abbfbb61dc9f0f71395a1751d35fa1"], &(0x7f0000000340)='GPL\x00'}, 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001380)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_basic={{0xa}, {0xffffffffffffff37, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0xf6, 0x8, 0x9}, {0x1, 0x4}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@delchain={0x2c, 0x65, 0x100, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xa, 0x1}, {0xfff2, 0xffff}, {0x0, 0x1f}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0xffff0000, 0xe, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, r7, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

1.728830542s ago: executing program 4 (id=3189):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
recvmsg(0xffffffffffffffff, 0x0, 0x40000000)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r3 = socket(0x1, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001880)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000004000008000500", @ANYRES32=r5], 0x50}}, 0x2) (async)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x14, 0x36, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) (async)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000000c0)={<r7=>0x0, 0x1}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000200)={0x5, 0x8000, 0xc, 0xa, r7}, &(0x7f00000002c0)=0x10)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a320000000005000400000000000500050002000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000000009500000000000000b7080000000100007b9a00fe00000000b509ffffff1f0000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.639479161s ago: executing program 4 (id=3191):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
readv(r0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)

1.464511464s ago: executing program 4 (id=3192):
r0 = socket(0xa, 0x3, 0x87)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0xb9}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0)={0xb0b, 0x1002, 0x5, 0x2000001, 0x9}, 0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'sit0\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@local, 0x78, r2})
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x8936, &(0x7f0000000000))

1.317075872s ago: executing program 2 (id=3193):
r0 = socket$kcm(0x10, 0x2, 0x10)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000080)={0x3ff, 0x8, 0x2, 0x2, 0x1, 0x0, [{0x6, 0x9b, 0x539e9875, '\x00', 0x100}]})
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}, 0x20000003)
unshare(0x60000f80)
syz_emit_ethernet(0x7e, &(0x7f00000010c0)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x0, 0x0, @empty, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x0, @private, @empty, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@remote}]}, @timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@private}, {@broadcast}, {@dev}, {@private}, {@empty}, {@broadcast}]}]}}}}}}}, 0x0)
socket$kcm(0x29, 0x0, 0x0)

1.279670558s ago: executing program 4 (id=3194):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67100000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
socket(0x8, 0x5, 0x800)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={<r5=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000240)={r5, 0x20, "d656c9a61490b7e8773ca55437fa234c0170c8cbe5ebdd2be9"}, &(0x7f0000000180)=0xfc86)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf3000000000000015000200000000103d030100000000009500000000000000bc26080000000000bf67000000000000070300000fff07006702000003000000160600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$l2tp(0x2, 0x2, 0x73)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r8, 0x8923, &(0x7f0000000000)={'veth1_vlan\x00', 0x1ba})
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x44, 0x6, 0x390, 0x130, 0x0, 0x1c8, 0x130, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x6, 0x0, {[{{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1, 0x9}}}, {{@ip={@loopback, @local, 0x0, 0x0, 'wg2\x00', 'veth0_virt_wifi\x00', {}, {0xff}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1d, 0x6, 0x8001}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0xfc}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x48000)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="05002ebd7000000000000800000008000300", @ANYRES32=r10], 0x2c}, 0x1, 0x0, 0x0, 0x44840}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a80)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x3c, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0x3, 0xa, 0x1, 0xed8, 0x7, 0x8c, 0x40, 0x925e, [{0x101, 0x6, 0x200, 0x3}]}}, @TCA_U32_INDEV={0x14, 0x8, 'nr0\x00'}]}}]}, 0x68}}, 0x20040054)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="00010325bd6000fcffffff06000000"], 0x5a}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000ab0000000080a0000000000000000000001000007500004801c0001800c0001005c80941aad7296f40c0002800800054000000003200001800800010064757000140002800800024000000015080002400000000e100001800c00010062697477697365000c000640000000000000000314000580080001400000003208000140000000290c000640ffffffffffffffff0c00034000000000000000010c000640000000000000000408000b400000000134000000030a01010000000000000000000000060a000700726f7574650000000c000240000000000000000108000b400000000130000000090a010100000000000000000000000008000a400000000308000f40000000050c000b40000000000000000324010000060a01ecff0000000000000007000008080009400000000208000b40000000040900010073797a300000000008000a4000000002e000048010000180090001006861736800000000100001800b0001006c6f6f6b75700000100001800a000100696e6e65720000003c0001800b00010074756e6e656c00002c00028008000140000000010800024000000016080002400000000308000240000000020800014000000001500001800800010064757000440002800800024000000004080002400000000f080002400000000308000240000000140800024000000015080002400000001008000240000000110800024000fde1d1043e6ac514000011140001800e000100636f6e6e6c696d69740000000c000180080001006c6f67000c000340000000000000000414000000110001000000000019e22b4b042ee8db2220f2e76b981bf282"], 0x260}, 0x1, 0x0, 0x0, 0x4000804}, 0x4004045)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2)
sendmsg$NL80211_CMD_TESTMODE(r11, &(0x7f00000006c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x354, r12, 0x8, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4d}}}}, [@NL80211_ATTR_TESTDATA={0xf7, 0x45, "956e7fcbceab96ed716167072289d62a63ab07f2add3b9f71a1737dd9ef3639ec7df825fb019ad7a9a3a53af223e322fa9381c78ae6d2a3212a7cd8bfd5932d11596d9ffa125ea677962b2f95d328f1b537338cbdc9a2bcf18ac56fe0c3060aa3f10e8bfeef835d912f4a462365f98160b0788bb78f5a343e02507b4129ab5a3dca93245d72593bb25f25cf122c3c6d1cd6e4f18837a8285b5bd0efca341236434d5d3262a651653136a901aeb67e3394c8b3f7a6f87dc9c99dff34fc704fc9db47f8f24c238dec5494d79538c4797783b0917d0797325ad2a9c41ff84db48e18e387e8bc0f2b713f2ac3abb5e7406f62c0315"}, @NL80211_ATTR_TESTDATA={0x4}, @NL80211_ATTR_TESTDATA={0xb, 0x45, "12525a5c94e499"}, @NL80211_ATTR_TESTDATA={0x101, 0x45, "a86f23557d6f03d7506a7e87597862303b8574dc7ad94c7df044ea9c29363c7618aad9969e80a709968a3524cf30068ac88cfc3a1a739c1e6092eec9f554be86559d666d85465652d07268d20758735b8d956023b4aa2460d9b8cf2d8dbfed583b7c5b2017fdfb1edc2aa441f91a7f1e18b672473539e116c45246353cb6747b66a45bdb2a96c6c706a8e070391d080e90b85496a8b1afda2d1e7c90e6bd36f6798cddc148fe66b79275da4731434838000f1df8bb6ab54af50de2b1d5f91ee50a3845aa584ea0c8b8bae9f064099557506d189bb7a6ce2bbed10e9991d72f2bef980f2b3e355cd7c865433ea67c878dd540a052fa5aebf0a35414041a"}, @NL80211_ATTR_TESTDATA={0x8e, 0x45, "4a681f340b254a229c51c9e51406d29d5ac6677a5426b2c254e64f9f4e14b8d049cbc6bc44f36d541456acf9d857b239a83ec8a36fec3efdefb3b814f5279e9e023b09b4b596617f1b9ebf15f1168990fcdb051225fe675fda336e5f95e563bfc3cebb9dd23492b0ea45c59d8b4b9f1a22ff995cab388aa43e7c4dc9a15d4be61c7f52b18f83ee8458dd"}, @NL80211_ATTR_TESTDATA={0x7a, 0x45, "7071039567ecf10f5ad2ec1665411fd4a80ae07c8c7558ee943d3cbc4326da361dd130bd54b0c84eed3cd6a57e97992529ff43252d3f9850c3d7ddae317fbfdb21538b9477ed4c760fe2c1fab71a163fe60a06be52a54057c457a0d4d36c13fd4301125c873cdfb957a9379772f4b879eddd3ad45b78"}, @NL80211_ATTR_TESTDATA={0x19, 0x45, "14c297fa3ec9f743f74303106ceaca1d725b9e4bd9"}]}, 0x354}, 0x1, 0x0, 0x0, 0x20004002}, 0x20040880)

1.212751129s ago: executing program 2 (id=3195):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000a0000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000008000000000000000000000000000007000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000d0000000000000000000000000000000000000000000100000000000000000044010500ac1414bb000000000000000000000000000000086c00000000000000ac141408000000000000000000000000000000000000ff00000000000000000001009500fc020000000000000000000000000000000000003200000000000000fe8000000000000000000000000000bb023500000000000000000000ffffffff0000000000000000000000000000000000000001000000003c00000002000000ac1414bb000000000000000000000000000000000103000000000000000000000000000000000000000000000000000000000000000000003200000002000000ac141400000000000000000000000000fffffffff0"], 0x1fc}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_tcp_int(r2, 0x6, 0xc, &(0x7f0000000000), 0x4)

1.027186002s ago: executing program 2 (id=3197):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x48814}, 0x14000012)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = gettid()
ioctl$sock_SIOCSPGRP(r7, 0x8902, &(0x7f0000000000)=r9)
sendmsg$unix(r8, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000008c0)="b6", 0x1}], 0x1, 0x0, 0x0, 0x20000000}, 0x4005)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28, 0xfffd}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x10, 0xfff3}, {}, {0xa, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0x7}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @mcast1}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044005}, 0x40040)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg$unix(r3, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002a00)=""/4100, 0x1004}], 0x1}}], 0x1, 0x10000, 0x0)
syz_emit_ethernet(0x56, &(0x7f00000000c0)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "170100", 0x20, 0x2b, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x2}], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_STATE={0x5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004090}, 0x4040)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r0)
sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r10, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_SEND_SEQ={0x5}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}]}, 0x2c}}, 0x24040040)
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r11, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x54, r12, 0x1, 0x2000020, 0x0, {0x6}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x91}, {0x6, 0x16, 0x2}, {0x5}}]}, 0x54}}, 0x0)

1.010046123s ago: executing program 1 (id=3198):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f00000005c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000640)={0x3c, 0x0, 0xdbbbce496649b613, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{0x0, 0x2, 0x5, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, {0xff}, @initial, @device_b, @device_a, {0x5, 0x1}}, @a_msdu}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x800) (async, rerun: 32)
ioctl$int_in(r0, 0x5421, &(0x7f00000003c0)=0x3d49) (rerun: 32)
read$alg(r0, &(0x7f0000000140)=""/116, 0x74) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r2) (async)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async, rerun: 64)
r3 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000018c0)={{r6}, &(0x7f0000000140), &(0x7f0000000100)='%pS    \x00'}, 0x20) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6, <r7=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000140)="3d6ee2e04b91", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xb, 0xb}, {0xa, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r9, &(0x7f0000000140)="bad386dd", 0x5dc, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r8, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) (async)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x6c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300, 0x8002}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x80}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x101}}]}]}}}, @IFLA_LINK={0x8, 0x5, r11}]}, 0x6c}}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xab}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x94) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macvlan1\x00'})

879.55624ms ago: executing program 3 (id=3199):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_to_team\x00', <r1=>0x0}) (async)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@rand_addr=0x4, @in6=@private0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x20, 0x20}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@remote, 0x4d3, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8) (async)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r4, 0x400, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000100), 0x3e) (async)
r6 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r6, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r5)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x6082011}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r8, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x10) (async)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002500)=ANY=[@ANYRES16=r7, @ANYRES32=r1, @ANYBLOB="c000b2000a0002000000000000000000060005002e5f"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x40800) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000340)) (async)
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0xffffffffffffff78, &(0x7f00000004c0)={&(0x7f0000000840)=@gettaction={0xb8, 0x32, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}, @action_gd=@TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x60, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6c4}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfff}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xdfffffd}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3af}}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x4) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[@ANYBLOB="5940306fbd244a1613704faf0ad7512de4437b51c81779d393e6df92a888491d6d46e462", @ANYRESOCT=r0], 0x1bbc}, 0x1, 0x0, 0x0, 0x24048095}, 0xc000) (async)
sendmsg$nl_route_sched(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0x9}}}, 0x24}}, 0x0) (async)
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000003880)={&(0x7f0000003540)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000003840)={&(0x7f00000035c0)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x800)
sendmsg$TIPC_NL_BEARER_DISABLE(r10, &(0x7f0000000740)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x134, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}, @TIPC_NLA_MEDIA={0x2c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0xd4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3fc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x59ab}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x600000}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}]}, 0x134}}, 0x4800) (async)
recvmmsg(r9, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000004780)}, 0x9}], 0x3, 0x2100, 0x0) (async)
r11 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r11, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000140)=""/240, 0x201000, 0x1c00, 0x3, 0x1}, 0x20) (async)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES16=r1], 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0)

601.026991ms ago: executing program 3 (id=3200):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) (async)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10) (async)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='pids.current\x00', 0x0, 0x0) (async)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0x29, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r2, 0xa08, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x2400c0c5) (async)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={<r4=>0x0}, &(0x7f00000000c0)=0xc) (async)
r5 = getgid()
setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={r4, 0xee00, r5}, 0xc)
setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4)
sendto$inet(r0, &(0x7f0000000200)="00ead711fb2b88", 0x7, 0x4000080, 0x0, 0x0)

576.011714ms ago: executing program 2 (id=3201):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005)
readv(r0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)

570.02328ms ago: executing program 3 (id=3202):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000480)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
write(r0, &(0x7f0000000140)="8465000000000016", 0x5ac)

524.793776ms ago: executing program 1 (id=3203):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x28, r3, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040804}, 0x4000010)

364.987537ms ago: executing program 3 (id=3204):
syz_emit_ethernet(0x132, &(0x7f0000000200)={@local, @multicast, @val={@void}, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x120, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@generic={0x44, 0x2}]}}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x3e, 0x2, 0x0, 0x10, 0x0, 0x0, 0xd0a, 0x2c, 0x1, 0x0, @multicast1, @loopback, {[@timestamp_addr={0x44, 0x4c, 0x3d, 0x1, 0x9, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@loopback, 0xf1}, {@broadcast, 0xfffffffc}, {@broadcast, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}, {@loopback, 0xffffffff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xbe91}]}, @timestamp_prespec={0x44, 0x54, 0xd4, 0x3, 0x1, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@private=0xa010102, 0x1}, {@remote, 0x400}, {@remote, 0x1}, {@private=0xa010102, 0xd9}, {@loopback, 0x5}, {@multicast1, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfea8}, {@private=0xa010101, 0x200}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x3c, 0xe6, 0x1, 0x6, [{@multicast1, 0xd72}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}, {@multicast2, 0x8}, {@loopback, 0x8}, {@empty, 0x4}, {@broadcast, 0x7}, {@loopback, 0x5}]}, @end]}}, "813384742b5da2bd"}}}}}, 0x0)

342.617563ms ago: executing program 2 (id=3205):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) (async)
ioctl$sock_netdev_private(r1, 0x89f2, &(0x7f0000000000))
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r3, 0x8917, &(0x7f0000000000)={'bond0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=@newlink={0x40, 0x10, 0xc3b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e20}]}}}]}, 0x40}}, 0x0)

318.615448ms ago: executing program 3 (id=3206):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7be", 0x10)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="07000000040000000001000004"], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r4, 0x84, 0x82, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000004000000000000000000000018120000", @ANYRES32=r3, @ANYRES16=r4], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000001540), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_LINKS(r6, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001580)={0x24, r7, 0x407, 0x0, 0x0, {{}, {0x0, 0x4000}, {0x8}}}, 0x24}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000180)={0xa, 0x4e22, 0xfffffffb, @remote, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r9 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r9, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x403, 0x4, 0x25ffdbfe, {0x0, 0x0, 0x0, 0x0, 0x1c04}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x2}, @IFLA_BOND_NUM_PEER_NOTIF={0x5, 0x10, 0x10}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)

244.617287ms ago: executing program 4 (id=3207):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x206c}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x700}}], 0x2, 0x0)

243.255959ms ago: executing program 1 (id=3208):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001180)=@nat={'nat\x00', 0x1b, 0x5, 0x360, 0x308, 0x1e8, 0xffffffff, 0x1e8, 0x0, 0x420, 0x420, 0xffffffff, 0x420, 0x420, 0x5, 0x0, {[{{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x2, @rand_addr=0x64010100, @multicast2, @port=0x4e22, @icmp_id=0x66}}}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0xff000000, 'macvtap0\x00', 'team0\x00', {}, {}, 0xc, 0x6}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x1, @private=0xa010100, @remote, @gre_key=0x100, @gre_key=0xf0}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0xc, @multicast2, @rand_addr=0x64010102, @gre_key=0x80, @gre_key=0x8}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x100, 0xd, [0x32, 0x30, 0x3c, 0x9, 0x2c, 0x9, 0xb, 0x4, 0x1a, 0x36, 0x3f, 0x20, 0x2e, 0x2b, 0x1, 0x1b], 0x0, 0x400, 0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x5e)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000)={0x7ff, 0x3, 0x7fff, 0xa}, 0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYBLOB="0000000000000000080004000006000008001b0000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000040}, 0x20004004)
write(0xffffffffffffffff, &(0x7f0000000040)="3a03000018002551075c0165ff", 0xd)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, 0x4, 0x8, 0x401, 0x0, 0x0, {0x5, 0x0, 0x1}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x200}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8847}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000040)
r4 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x23, &(0x7f0000000040)={0x0}, 0x10)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@assoc={0x18, 0x117, 0x4, 0x10}], 0x18}], 0x1, 0x40800)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030030000b12d25a80648c2594f91124fc60100c03", 0x17}], 0x1}, 0x0)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r10, 0x8b32, &(0x7f0000000040))
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ab99dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c41ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42cea68bef67422ecc13968a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f381ba6e0363d0a4a8a813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c60"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0xd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r11, 0x0, 0x10, 0x0, &(0x7f0000002580)="f0b9547ee7affa9daabd309a75d387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000002c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x13b2816de0fef34}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES16=r8, @ANYBLOB="100025bd7000fbdbdf254400000008000300", @ANYRES32=r12, @ANYRES32], 0xb8}, 0x1, 0x0, 0x0, 0x2b40461280c98169}, 0x4040041)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r2)

12.499429ms ago: executing program 1 (id=3209):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48) (async)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x7}, 0x10) (async)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x7}, 0x10)
close(r2) (async)
close(r2)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f000000f480), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f000000f780)={0x0, 0x0, &(0x7f000000f740)={&(0x7f0000000240)={0x20, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x44040)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'team_slave_0\x00', 0x1000})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000140)={0x0, 'virt_wifi0\x00', {0x3}, 0x7})
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r5, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) (async)
setsockopt$inet6_udp_int(r5, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
read(r5, &(0x7f0000000000)=""/38, 0x26)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x6, @mcast1}, 0x1c) (async)
sendto$inet6(r6, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x6, @mcast1}, 0x1c)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x48, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_SEQ_ADJ_ORIG={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}]}, @CTA_TUPLE_REPLY={0x4}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'netbios-ns\x00'}}, @CTA_LABELS={0x8, 0x16, 0x1, 0x0, [0x4]}]}, 0x48}}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2) (async)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0000120000000000000060"], 0xfce)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000006c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x20004000)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0xdc, 0x3, 0x1, 0x300, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x24, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x684300}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_NAT_DST={0x78, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_V6_MINIP={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @loopback}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010102}]}]}, 0xdc}}, 0x0)

9.576056ms ago: executing program 2 (id=3210):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="180500000000de000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000010230000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x76, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0x744)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002ebd7000fbdbdf251b0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00001800005519bfe1ee83e7b54601e738ba4b17d1da91f2f30a657c4660929fd8c681459c37f1944da0adfefaa222f7927abda903df37f3c3005d9fc5a73857f47f9a3cb619dfa09f275ceaa65e261c91570b498b91be97aa1f09cc83e8c9d8bd15424fe5c3afb173e5b8ccfdbcfdc019fe248436090a744ddf8004a31e33c1252376769846c78e973ff79cefccd46f5a12f9184df85624dc923b8c9d63f66154bdfc21"], 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
r5 = ioctl$NS_GET_PARENT(r4, 0xb702, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r5, 0x8010661b, &(0x7f00000006c0))
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r6, 0x890c, 0x0)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000380), r4)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000680)={&(0x7f0000000340), 0xc, &(0x7f0000000640)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB="00012bbd7000fedbdf250100000008000600ac1414aa1400070000000000000000000000000000000000060001004e20000008000600ac1414bb06000a004e230000"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x4000841)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100fffe08000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f840000000c0a01030000000000000000010000000900020073797a32000000005800038054000080080003400000000248000b80200001800a00010071756f7461000000100002800c0001400000000000000000100001800c000100636f756e74657200140001800a00010072616e6765000100040002800900010073797a3000000000140000001000010000000000000000000000000acccd571d1232605481f057031b8b6e2e28ec65734d90473545982dab454ded71eb9c76c629f6581a55edca4eb5291b327d7a10073401c5be5c5077d9e7997c9419b7bd6812088a0981a99336b731b6c9b66c04a6a966376cde4fc0780a825fa8e6598485b788c05d4b8b5acb52150690cb3acb49c78aa212d250f3a7df58c4511ab64549bc1f25222b6291d12bbe"], 0x108}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510000003000000180000000000000000000000000000009500000000000000ddaa000000"], 0x0}, 0x90)
connect$netrom(r6, &(0x7f0000000700)={{0x3, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @null, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
ioctl$SIOCAX25OPTRT(r4, 0x89e7, &(0x7f0000000040)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, 0x2, 0x56})
r8 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmsg$NFT_BATCH(r1, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000009c0)={&(0x7f00000008c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0xfffffffd}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x90}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x63b91ff163a99946, 0x0, 0x0, {0x6}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xf8}, 0x1, 0x0, 0x0, 0x20000000}, 0x50)
accept4$bt_l2cap(r8, 0x0, 0x0, 0x80000)
getpeername$inet6(r8, &(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}, &(0x7f0000000300)=0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 3 (id=3211):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipmr_getroute={0x1c, 0x1a, 0x8, 0x70bd2c, 0x25dfdbff, {0x80, 0x10, 0x0, 0x9, 0xff, 0x1, 0xc8, 0xa, 0xe00}, ["", ""]}, 0x1c}}, 0x0)

kernel console output (not intermixed with test programs):

tiation: (ctr(des3_ede),blowfish,nhpoly1305)
[  215.215176][T10341] FAULT_INJECTION: forcing a failure.
[  215.215176][T10341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.257918][T10341] CPU: 0 UID: 0 PID: 10341 Comm: syz.2.1589 Not tainted syzkaller #0 PREEMPT(full) 
[  215.257952][T10341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  215.257964][T10341] Call Trace:
[  215.257972][T10341]  <TASK>
[  215.257981][T10341]  dump_stack_lvl+0x189/0x250
[  215.258015][T10341]  ? __pfx____ratelimit+0x10/0x10
[  215.258044][T10341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.258076][T10341]  ? __pfx__printk+0x10/0x10
[  215.258111][T10341]  should_fail_ex+0x414/0x560
[  215.258148][T10341]  _copy_to_user+0x31/0xb0
[  215.258178][T10341]  simple_read_from_buffer+0xe1/0x170
[  215.258219][T10341]  proc_fail_nth_read+0x1b3/0x220
[  215.258250][T10341]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  215.258281][T10341]  ? rw_verify_area+0x2a6/0x4d0
[  215.258312][T10341]  ? __lock_acquire+0xab9/0xd20
[  215.258331][T10341]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  215.258358][T10341]  vfs_read+0x200/0xa30
[  215.258386][T10341]  ? fdget_pos+0x247/0x320
[  215.258411][T10341]  ? __pfx___mutex_lock+0x10/0x10
[  215.258442][T10341]  ? __pfx_vfs_read+0x10/0x10
[  215.258476][T10341]  ? __fget_files+0x2a/0x420
[  215.258501][T10341]  ? __fget_files+0x3a0/0x420
[  215.258519][T10341]  ? __fget_files+0x2a/0x420
[  215.258547][T10341]  ksys_read+0x145/0x250
[  215.258576][T10341]  ? __pfx_ksys_read+0x10/0x10
[  215.258607][T10341]  ? do_syscall_64+0xbe/0xfa0
[  215.258639][T10341]  do_syscall_64+0xfa/0xfa0
[  215.258665][T10341]  ? lockdep_hardirqs_on+0x9c/0x150
[  215.258701][T10341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.258720][T10341]  ? clear_bhb_loop+0x60/0xb0
[  215.258744][T10341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.258763][T10341] RIP: 0033:0x7ff28018e0dc
[  215.258782][T10341] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  215.258799][T10341] RSP: 002b:00007ff280f72030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  215.258824][T10341] RAX: ffffffffffffffda RBX: 00007ff2803e5fa0 RCX: 00007ff28018e0dc
[  215.258838][T10341] RDX: 000000000000000f RSI: 00007ff280f720a0 RDI: 0000000000000006
[  215.258851][T10341] RBP: 00007ff280f72090 R08: 0000000000000000 R09: 0000000000000000
[  215.258863][T10341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.258874][T10341] R13: 00007ff2803e6038 R14: 00007ff2803e5fa0 R15: 00007ffcec4d7028
[  215.258908][T10341]  </TASK>
[  215.611831][T10348] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1590'.
[  215.791615][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1598'.
[  215.816373][T10356] only policy match revision 0 supported
[  215.816396][T10356] unable to load match
[  215.842880][T10362] netlink: 'syz.2.1596': attribute type 10 has an invalid length.
[  215.892983][T10368] FAULT_INJECTION: forcing a failure.
[  215.892983][T10368] name failslab, interval 1, probability 0, space 0, times 0
[  215.914007][T10368] CPU: 0 UID: 0 PID: 10368 Comm: syz.4.1601 Not tainted syzkaller #0 PREEMPT(full) 
[  215.914035][T10368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  215.914048][T10368] Call Trace:
[  215.914056][T10368]  <TASK>
[  215.914064][T10368]  dump_stack_lvl+0x189/0x250
[  215.914097][T10368]  ? __pfx____ratelimit+0x10/0x10
[  215.914125][T10368]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.914150][T10368]  ? __pfx__printk+0x10/0x10
[  215.914167][T10368]  ? __sock_sendmsg+0x21c/0x270
[  215.914194][T10368]  ? do_syscall_64+0xfa/0xfa0
[  215.914233][T10368]  should_fail_ex+0x414/0x560
[  215.914269][T10368]  should_failslab+0xa8/0x100
[  215.914292][T10368]  kmem_cache_alloc_noprof+0x74/0x6e0
[  215.914321][T10368]  ? skb_clone+0x212/0x3a0
[  215.914349][T10368]  skb_clone+0x212/0x3a0
[  215.914376][T10368]  __netlink_deliver_tap+0x404/0x850
[  215.914408][T10368]  ? netlink_deliver_tap+0x2e/0x1b0
[  215.914429][T10368]  netlink_deliver_tap+0x19c/0x1b0
[  215.914449][T10368]  netlink_sendskb+0x68/0x140
[  215.914481][T10368]  netlink_unicast+0x397/0x9e0
[  215.914507][T10368]  ? __asan_memcpy+0x40/0x70
[  215.914542][T10368]  ? __pfx_netlink_unicast+0x10/0x10
[  215.914581][T10368]  nfnetlink_rcv+0x2309/0x2590
[  215.914655][T10368]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  215.914703][T10368]  ? ref_tracker_free+0x63a/0x7d0
[  215.914752][T10368]  ? __netlink_deliver_tap+0x807/0x850
[  215.914772][T10368]  ? netlink_deliver_tap+0x2e/0x1b0
[  215.914808][T10368]  netlink_unicast+0x82f/0x9e0
[  215.914845][T10368]  ? __pfx_netlink_unicast+0x10/0x10
[  215.914876][T10368]  ? netlink_sendmsg+0x642/0xb30
[  215.914892][T10368]  ? skb_put+0x11b/0x210
[  215.914915][T10368]  netlink_sendmsg+0x805/0xb30
[  215.914944][T10368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.914967][T10368]  ? aa_sock_msg_perm+0xf1/0x1d0
[  215.914999][T10368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  215.915020][T10368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.915041][T10368]  __sock_sendmsg+0x21c/0x270
[  215.915071][T10368]  ____sys_sendmsg+0x505/0x830
[  215.915099][T10368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.915130][T10368]  ? import_iovec+0x74/0xa0
[  215.915160][T10368]  ___sys_sendmsg+0x21f/0x2a0
[  215.915185][T10368]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.915246][T10368]  ? __fget_files+0x2a/0x420
[  215.915263][T10368]  ? __fget_files+0x3a0/0x420
[  215.915293][T10368]  __x64_sys_sendmsg+0x19b/0x260
[  215.915318][T10368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  215.915351][T10368]  ? __pfx_ksys_write+0x10/0x10
[  215.915386][T10368]  ? do_syscall_64+0xbe/0xfa0
[  215.915438][T10368]  do_syscall_64+0xfa/0xfa0
[  215.915465][T10368]  ? lockdep_hardirqs_on+0x9c/0x150
[  215.915495][T10368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.915515][T10368]  ? clear_bhb_loop+0x60/0xb0
[  215.915540][T10368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.915560][T10368] RIP: 0033:0x7f17aa58f6c9
[  215.915579][T10368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.915597][T10368] RSP: 002b:00007f17ab46b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  215.915619][T10368] RAX: ffffffffffffffda RBX: 00007f17aa7e5fa0 RCX: 00007f17aa58f6c9
[  215.915635][T10368] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  215.915654][T10368] RBP: 00007f17ab46b090 R08: 0000000000000000 R09: 0000000000000000
[  215.915667][T10368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.915679][T10368] R13: 00007f17aa7e6038 R14: 00007f17aa7e5fa0 R15: 00007ffce3bb37f8
[  215.915715][T10368]  </TASK>
[  216.338725][T10362] bridge_slave_1: left allmulticast mode
[  216.345661][T10362] bridge_slave_1: left promiscuous mode
[  216.351464][T10362] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.367603][T10362] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  216.371940][T10375] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1604'.
[  216.541412][T10380] xt_time: unknown flags 0xf4
[  216.707637][T10390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  216.753318][T10390] syzkaller0: entered promiscuous mode
[  216.758926][T10390] syzkaller0: entered allmulticast mode
[  216.786329][T10390] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  216.817087][T10396] netlink: 2412 bytes leftover after parsing attributes in process `syz.4.1613'.
[  216.839706][T10394] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  216.866350][T10390] tipc: Resetting bearer <eth:syzkaller0>
[  216.886504][T10389] tipc: Resetting bearer <eth:syzkaller0>
[  216.937497][T10389] tipc: Disabling bearer <eth:syzkaller0>
[  216.974583][T10400] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1616'.
[  217.006056][T10400] netlink: 'syz.3.1616': attribute type 22 has an invalid length.
[  217.046128][T10405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1617'.
[  217.151535][T10409] xt_bpf: check failed: parse error
[  217.282988][T10417] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1622'.
[  217.294182][T10417] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  217.995327][T10449] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  218.054214][T10446] IPv6: Can't replace route, no match found
[  218.505322][T10476] xt_l2tp: invalid flags combination: 8
[  218.690472][T10481] netlink: 'syz.2.1647': attribute type 13 has an invalid length.
[  218.733395][T10481] netlink: 'syz.2.1647': attribute type 13 has an invalid length.
[  219.769296][T10524] __nla_validate_parse: 10 callbacks suppressed
[  219.769316][T10524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1664'.
[  219.884633][T10533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1666'.
[  219.906826][T10524] macvtap1: entered promiscuous mode
[  219.914218][T10524] vlan0: entered promiscuous mode
[  219.920973][T10524] macvtap1: entered allmulticast mode
[  219.928124][T10524] vlan0: entered allmulticast mode
[  219.936815][T10524] veth0_vlan: entered allmulticast mode
[  220.099541][T10523] hsr0 speed is unknown, defaulting to 1000
[  220.162063][T10545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1671'.
[  220.181225][T10535] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1667'.
[  220.413330][T10545] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  220.436210][ T1107] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  220.457940][ T1107] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  220.489524][ T1107] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  220.550652][ T1107] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  220.704410][T10565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1678'.
[  220.730838][T10565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1678'.
[  221.237832][T10593] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  221.428652][T10593] syzkaller0: entered promiscuous mode
[  221.444730][T10593] syzkaller0: entered allmulticast mode
[  221.461327][T10593] tipc: Resetting bearer <eth:syzkaller0>
[  221.528611][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1691'.
[  221.919843][T10585] tipc: Resetting bearer <eth:syzkaller0>
[  222.419438][T10609] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  222.810395][T10645] netlink: 'syz.0.1704': attribute type 22 has an invalid length.
[  223.690078][T10585] tipc: Disabling bearer <eth:syzkaller0>
[  223.700464][ T9410] tipc: Node number set to 1489471817
[  223.713384][T10663] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1708'.
[  224.343199][T10685] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  224.355270][T10691] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1720'.
[  224.378125][T10685] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  224.394357][T10685] gretap1: entered promiscuous mode
[  224.410096][T10685] gretap1: entered allmulticast mode
[  224.542525][T10703] IPVS: Unknown mcast interface: vcan0
[  224.881386][T10716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1725'.
[  224.932545][T10720] netlink: 'syz.2.1726': attribute type 2 has an invalid length.
[  225.004342][T10720] �9: entered promiscuous mode
[  225.058439][T10728] FAULT_INJECTION: forcing a failure.
[  225.058439][T10728] name failslab, interval 1, probability 0, space 0, times 0
[  225.094431][T10728] CPU: 0 UID: 0 PID: 10728 Comm: syz.4.1728 Not tainted syzkaller #0 PREEMPT(full) 
[  225.094457][T10728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.094469][T10728] Call Trace:
[  225.094476][T10728]  <TASK>
[  225.094483][T10728]  dump_stack_lvl+0x189/0x250
[  225.094513][T10728]  ? __pfx____ratelimit+0x10/0x10
[  225.094537][T10728]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.094563][T10728]  ? __pfx__printk+0x10/0x10
[  225.094587][T10728]  ? __pfx___might_resched+0x10/0x10
[  225.094612][T10728]  should_fail_ex+0x414/0x560
[  225.094643][T10728]  should_failslab+0xa8/0x100
[  225.094664][T10728]  kmem_cache_alloc_node_noprof+0x77/0x710
[  225.094690][T10728]  ? __alloc_skb+0x112/0x2d0
[  225.094712][T10728]  __alloc_skb+0x112/0x2d0
[  225.094732][T10728]  netlink_ack+0x146/0xa50
[  225.094758][T10728]  ? __pfx_genl_rcv_msg+0x10/0x10
[  225.094779][T10728]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  225.094807][T10728]  ? __pfx_nl80211_post_doit+0x10/0x10
[  225.094841][T10728]  netlink_rcv_skb+0x28c/0x470
[  225.094856][T10728]  ? __lock_acquire+0xab9/0xd20
[  225.094874][T10728]  ? __pfx_genl_rcv_msg+0x10/0x10
[  225.094898][T10728]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  225.094933][T10728]  ? down_read+0x1ad/0x2e0
[  225.094953][T10728]  genl_rcv+0x28/0x40
[  225.094972][T10728]  netlink_unicast+0x82f/0x9e0
[  225.095007][T10728]  ? __pfx_netlink_unicast+0x10/0x10
[  225.095034][T10728]  ? netlink_sendmsg+0x642/0xb30
[  225.095050][T10728]  ? skb_put+0x11b/0x210
[  225.095070][T10728]  netlink_sendmsg+0x805/0xb30
[  225.095097][T10728]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.095118][T10728]  ? aa_sock_msg_perm+0xf1/0x1d0
[  225.095148][T10728]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  225.095165][T10728]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.095184][T10728]  __sock_sendmsg+0x21c/0x270
[  225.095212][T10728]  ____sys_sendmsg+0x505/0x830
[  225.095237][T10728]  ? __pfx_____sys_sendmsg+0x10/0x10
[  225.095267][T10728]  ? import_iovec+0x74/0xa0
[  225.095293][T10728]  ___sys_sendmsg+0x21f/0x2a0
[  225.095316][T10728]  ? __pfx____sys_sendmsg+0x10/0x10
[  225.095372][T10728]  ? __fget_files+0x2a/0x420
[  225.095389][T10728]  ? __fget_files+0x3a0/0x420
[  225.095435][T10728]  __x64_sys_sendmsg+0x19b/0x260
[  225.095459][T10728]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  225.095489][T10728]  ? __pfx_ksys_write+0x10/0x10
[  225.095520][T10728]  ? do_syscall_64+0xbe/0xfa0
[  225.095553][T10728]  do_syscall_64+0xfa/0xfa0
[  225.095578][T10728]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.095605][T10728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.095623][T10728]  ? clear_bhb_loop+0x60/0xb0
[  225.095646][T10728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.095664][T10728] RIP: 0033:0x7f17aa58f6c9
[  225.095682][T10728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.095699][T10728] RSP: 002b:00007f17ab46b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.095719][T10728] RAX: ffffffffffffffda RBX: 00007f17aa7e5fa0 RCX: 00007f17aa58f6c9
[  225.095734][T10728] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  225.095745][T10728] RBP: 00007f17ab46b090 R08: 0000000000000000 R09: 0000000000000000
[  225.095757][T10728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.095768][T10728] R13: 00007f17aa7e6038 R14: 00007f17aa7e5fa0 R15: 00007ffce3bb37f8
[  225.095809][T10728]  </TASK>
[  225.862002][T10747] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1736'.
[  225.945156][T10754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1740'.
[  225.973012][T10757] xt_l2tp: v2 doesn't support IP mode
[  226.669790][T10789] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  227.334447][T10817] netlink: 'syz.2.1760': attribute type 29 has an invalid length.
[  227.403918][T10817] netlink: 'syz.2.1760': attribute type 29 has an invalid length.
[  227.550932][T10824] syzkaller0: entered promiscuous mode
[  227.559361][T10824] syzkaller0: entered allmulticast mode
[  227.605020][T10822] netlink: 'syz.3.1764': attribute type 1 has an invalid length.
[  227.613213][T10822] netlink: 'syz.3.1764': attribute type 1 has an invalid length.
[  227.673741][T10822] netlink: 'syz.3.1764': attribute type 1 has an invalid length.
[  227.681529][T10822] netlink: 'syz.3.1764': attribute type 2 has an invalid length.
[  227.730655][T10822] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1764'.
[  227.970288][T10848] netlink: 'syz.1.1769': attribute type 1 has an invalid length.
[  228.022524][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1769'.
[  229.318167][T10866] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1777'.
[  229.395926][T10865] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1777'.
[  229.406370][T10865] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1777'.
[  229.849484][T10892] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1784'.
[  229.879798][T10892] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1784'.
[  229.907334][T10894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1785'.
[  230.148444][T10906] netlink: 2412 bytes leftover after parsing attributes in process `syz.4.1790'.
[  230.250854][T10908] netlink: 'syz.1.1791': attribute type 1 has an invalid length.
[  230.257826][T10910] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1792'.
[  230.279816][T10908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1791'.
[  230.678375][T10931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1802'.
[  230.744922][T10931] openvswitch: netlink: Flow key attr not present in new flow.
[  231.000600][T10943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'.
[  231.057119][T10947] netlink: 'syz.2.1807': attribute type 1 has an invalid length.
[  231.065011][T10947] netlink: 'syz.2.1807': attribute type 3 has an invalid length.
[  231.072768][T10947] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1807'.
[  231.082488][T10947] NCSI netlink: No device for ifindex 813332851
[  231.219930][T10951] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1810'.
[  231.225232][T10953] x_tables: unsorted entry at hook 2
[  231.229661][T10951] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1810'.
[  231.244865][T10951] netlink: 'syz.1.1810': attribute type 6 has an invalid length.
[  231.252747][T10951] netlink: 'syz.1.1810': attribute type 5 has an invalid length.
[  231.293826][T10951] netlink: 43 bytes leftover after parsing attributes in process `syz.1.1810'.
[  231.536058][T10964] netlink: 'syz.1.1816': attribute type 4 has an invalid length.
[  232.109563][T10989] netlink: 'syz.2.1827': attribute type 1 has an invalid length.
[  232.138980][T10989] netlink: 'syz.2.1827': attribute type 2 has an invalid length.
[  232.160575][ T9410] IPVS: starting estimator thread 0...
[  232.264781][T10994] IPVS: using max 27 ests per chain, 64800 per kthread
[  232.377922][T11000] xt_hashlimit: size too large, truncated to 1048576
[  232.466367][T11009] syzkaller0: entered promiscuous mode
[  232.484161][T11009] syzkaller0: entered allmulticast mode
[  233.088286][T11037] netlink: 'syz.3.1845': attribute type 7 has an invalid length.
[  233.113711][T11037] netlink: 'syz.3.1845': attribute type 8 has an invalid length.
[  233.152494][T11037] bridge0: entered promiscuous mode
[  233.190594][T11037] ip6gretap0: entered promiscuous mode
[  233.203120][T11037] gretap0: entered promiscuous mode
[  233.217634][T11037] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network
[  233.238454][T11037] hsr1: Slave B (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  233.273730][T11037] hsr1: Interlink (gretap0) is not up; please bring it up to get a fully working HSR network
[  233.482638][T11061] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  233.542160][T11062] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  233.593416][T11067] netlink: 'syz.2.1857': attribute type 22 has an invalid length.
[  234.123100][T11095] sctp: [Deprecated]: syz.0.1866 (pid 11095) Use of struct sctp_assoc_value in delayed_ack socket option.
[  234.123100][T11095] Use struct sctp_sack_info instead
[  234.412270][T11103] FAULT_INJECTION: forcing a failure.
[  234.412270][T11103] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.446220][T11103] CPU: 0 UID: 0 PID: 11103 Comm: syz.2.1872 Not tainted syzkaller #0 PREEMPT(full) 
[  234.446249][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  234.446262][T11103] Call Trace:
[  234.446270][T11103]  <TASK>
[  234.446280][T11103]  dump_stack_lvl+0x189/0x250
[  234.446314][T11103]  ? __pfx____ratelimit+0x10/0x10
[  234.446343][T11103]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.446369][T11103]  ? __pfx__printk+0x10/0x10
[  234.446402][T11103]  should_fail_ex+0x414/0x560
[  234.446441][T11103]  _copy_to_user+0x31/0xb0
[  234.446469][T11103]  simple_read_from_buffer+0xe1/0x170
[  234.446506][T11103]  proc_fail_nth_read+0x1b3/0x220
[  234.446535][T11103]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.446565][T11103]  ? rw_verify_area+0x2a6/0x4d0
[  234.446603][T11103]  ? __lock_acquire+0xab9/0xd20
[  234.446620][T11103]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  234.446647][T11103]  vfs_read+0x200/0xa30
[  234.446673][T11103]  ? fdget_pos+0x247/0x320
[  234.446696][T11103]  ? __pfx___mutex_lock+0x10/0x10
[  234.446725][T11103]  ? __pfx_vfs_read+0x10/0x10
[  234.446753][T11103]  ? __fget_files+0x2a/0x420
[  234.446785][T11103]  ? __fget_files+0x3a0/0x420
[  234.446803][T11103]  ? __fget_files+0x2a/0x420
[  234.446831][T11103]  ksys_read+0x145/0x250
[  234.446861][T11103]  ? __pfx_ksys_read+0x10/0x10
[  234.446893][T11103]  ? do_syscall_64+0xbe/0xfa0
[  234.446926][T11103]  do_syscall_64+0xfa/0xfa0
[  234.446952][T11103]  ? lockdep_hardirqs_on+0x9c/0x150
[  234.446980][T11103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.446999][T11103]  ? clear_bhb_loop+0x60/0xb0
[  234.447024][T11103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.447043][T11103] RIP: 0033:0x7ff28018e0dc
[  234.447062][T11103] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  234.447098][T11103] RSP: 002b:00007ff280f72030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  234.447120][T11103] RAX: ffffffffffffffda RBX: 00007ff2803e5fa0 RCX: 00007ff28018e0dc
[  234.447135][T11103] RDX: 000000000000000f RSI: 00007ff280f720a0 RDI: 0000000000000004
[  234.447148][T11103] RBP: 00007ff280f72090 R08: 0000000000000000 R09: 0000000000000000
[  234.447160][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.447171][T11103] R13: 00007ff2803e6038 R14: 00007ff2803e5fa0 R15: 00007ffcec4d7028
[  234.447204][T11103]  </TASK>
[  235.072057][T11128] netlink: 'syz.3.1881': attribute type 4 has an invalid length.
[  235.139095][T11131] netlink: 'syz.2.1883': attribute type 10 has an invalid length.
[  235.152856][T11131] __nla_validate_parse: 8 callbacks suppressed
[  235.152878][T11131] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1883'.
[  235.421867][T11146] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1886'.
[  235.559766][T11154] openvswitch: netlink: IP tunnel dst address not specified
[  235.898939][T11168] FAULT_INJECTION: forcing a failure.
[  235.898939][T11168] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.942438][T11168] CPU: 0 UID: 0 PID: 11168 Comm: syz.4.1894 Not tainted syzkaller #0 PREEMPT(full) 
[  235.942467][T11168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  235.942481][T11168] Call Trace:
[  235.942489][T11168]  <TASK>
[  235.942498][T11168]  dump_stack_lvl+0x189/0x250
[  235.942532][T11168]  ? __pfx____ratelimit+0x10/0x10
[  235.942560][T11168]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.942588][T11168]  ? __pfx__printk+0x10/0x10
[  235.942622][T11168]  ? __might_fault+0xb0/0x130
[  235.942663][T11168]  should_fail_ex+0x414/0x560
[  235.942701][T11168]  _copy_from_user+0x2d/0xb0
[  235.942729][T11168]  ___sys_sendmsg+0x158/0x2a0
[  235.942756][T11168]  ? __pfx____sys_sendmsg+0x10/0x10
[  235.942818][T11168]  ? __fget_files+0x2a/0x420
[  235.942837][T11168]  ? __fget_files+0x3a0/0x420
[  235.942867][T11168]  __x64_sys_sendmsg+0x19b/0x260
[  235.942893][T11168]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  235.942927][T11168]  ? __pfx_ksys_write+0x10/0x10
[  235.942961][T11168]  ? do_syscall_64+0xbe/0xfa0
[  235.942995][T11168]  do_syscall_64+0xfa/0xfa0
[  235.943022][T11168]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.943051][T11168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.943071][T11168]  ? clear_bhb_loop+0x60/0xb0
[  235.943096][T11168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.943115][T11168] RIP: 0033:0x7f17aa58f6c9
[  235.943134][T11168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.943153][T11168] RSP: 002b:00007f17ab46b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  235.943174][T11168] RAX: ffffffffffffffda RBX: 00007f17aa7e5fa0 RCX: 00007f17aa58f6c9
[  235.943189][T11168] RDX: 0000000004000004 RSI: 0000200000000380 RDI: 0000000000000004
[  235.943202][T11168] RBP: 00007f17ab46b090 R08: 0000000000000000 R09: 0000000000000000
[  235.943215][T11168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.943226][T11168] R13: 00007f17aa7e6038 R14: 00007f17aa7e5fa0 R15: 00007ffce3bb37f8
[  235.943260][T11168]  </TASK>
[  235.953737][T11171] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1895'.
[  236.071558][T11176] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  236.252047][T11185] IPVS: sync thread started: state = BACKUP, mcast_ifn = geneve1, syncid = 3, id = 0
[  236.473464][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1902'.
[  236.579229][T11197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1904'.
[  237.041777][T11209] netlink: 'syz.3.1909': attribute type 6 has an invalid length.
[  237.062266][T11213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1911'.
[  237.175267][T11216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1912'.
[  237.187077][T11216] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1912'.
[  237.205268][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1911'.
[  237.651234][T11236] ip6t_srh: unknown srh invflags 4000
[  237.694685][T11239] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  237.964853][T11254] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1922'.
[  238.077844][T11258] IPv6: addrconf: prefix option has invalid lifetime
[  238.089566][T11259] netlink: 'syz.0.1925': attribute type 2 has an invalid length.
[  238.254714][T11266] netlink: 'syz.0.1928': attribute type 4 has an invalid length.
[  238.519045][T11278] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  238.545032][T11279] geneve2: left promiscuous mode
[  238.578861][T11279] vlan0: left allmulticast mode
[  238.583990][T11279] veth0_vlan: left allmulticast mode
[  238.589426][T11279] vlan0: left promiscuous mode
[  238.596244][T11279] macvtap1: left promiscuous mode
[  238.619113][T11281] netlink: 'syz.1.1936': attribute type 1 has an invalid length.
[  238.621233][T11279] gretap1: left promiscuous mode
[  238.669550][T10708] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20039 - 0
[  238.702821][T10708] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20039 - 0
[  238.796807][T11281] bond3: entered promiscuous mode
[  238.801985][T11281] bond3: entered allmulticast mode
[  238.807938][T11281] 8021q: adding VLAN 0 to HW filter on device bond3
[  238.833678][T10708] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20039 - 0
[  238.842698][T10708] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20039 - 0
[  239.117113][T11308] openvswitch: netlink: Message has 536 unknown bytes.
[  239.143650][T11308] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  239.328402][T11316] dummy0: left promiscuous mode
[  239.355500][T11316] bond1: (slave dummy0): Releasing active interface
[  239.389280][T11316] bridge_slave_0: left allmulticast mode
[  239.411963][T11316] bridge_slave_0: left promiscuous mode
[  239.425866][T11316] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.449427][T11316] bridge_slave_1: left allmulticast mode
[  239.457887][T11316] bridge_slave_1: left promiscuous mode
[  239.466817][T11316] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.488808][T11316] bond0: (slave bond_slave_0): Releasing backup interface
[  239.556024][T11316] bond0: (slave bond_slave_1): Releasing backup interface
[  239.600879][T11316] team0: Port device team_slave_0 removed
[  239.631583][T11316] team0: Port device team_slave_1 removed
[  239.648006][T11316] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  240.269144][T11358] __nla_validate_parse: 4 callbacks suppressed
[  240.269164][T11358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1963'.
[  240.583343][T11380] netlink: 'syz.3.1967': attribute type 1 has an invalid length.
[  240.609749][T11383] xt_hashlimit: size too large, truncated to 1048576
[  240.628565][T11374] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.664266][T11380] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1967'.
[  240.856849][T11396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1970'.
[  241.015616][T11402] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1975'.
[  241.088080][T11408] IPVS: set_ctl: invalid protocol: 47 127.0.0.1:20000
[  241.773344][T11433] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1987'.
[  241.823305][T11438] openvswitch: netlink: IP tunnel dst address not specified
[  241.878767][T11439] macvtap1: entered promiscuous mode
[  241.906517][T11439] vlan0: entered promiscuous mode
[  241.927880][T11439] erspan0: entered promiscuous mode
[  241.942541][T11439] macvtap1: entered allmulticast mode
[  241.961645][T11439] vlan0: entered allmulticast mode
[  241.978225][T11439] erspan0: entered allmulticast mode
[  241.986975][T11442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1991'.
[  242.016580][T11440] macvtap2: entered promiscuous mode
[  242.033796][T11440] macvtap2: entered allmulticast mode
[  242.245897][T11452] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1996'.
[  242.428451][T11461] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1999'.
[  242.481742][T11466] x_tables: duplicate underflow at hook 2
[  242.695643][T11470] sctp: [Deprecated]: syz.3.2003 (pid 11470) Use of int in max_burst socket option.
[  242.695643][T11470] Use struct sctp_assoc_value instead
[  243.161114][T11492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2013'.
[  243.381393][T11510] netlink: 2412 bytes leftover after parsing attributes in process `syz.1.2019'.
[  243.727205][T11522] syzkaller0: entered promiscuous mode
[  243.751228][T11522] syzkaller0: entered allmulticast mode
[  243.783840][T11520] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.862705][T11531] tipc: Failed to remove unknown binding: 66,1,1/0:9893681/9893683
[  243.903168][T11530] xt_CT: You must specify a L4 protocol and not use inversions on it
[  243.911759][T11531] tipc: Failed to remove unknown binding: 66,1,1/0:9893681/9893683
[  243.991557][T10708] syzkaller0: tun_net_xmit 76
[  243.997211][T10708] syzkaller0: tun_net_xmit 48
[  244.024055][ T9410] syzkaller0: tun_net_xmit 76
[  244.461010][T11557] netlink: 'syz.2.2037': attribute type 1 has an invalid length.
[  244.469197][T11557] netlink: 'syz.2.2037': attribute type 1 has an invalid length.
[  245.854791][T11572] syzkaller0: entered promiscuous mode
[  245.860753][T11572] syzkaller0: entered allmulticast mode
[  246.247743][T11598] __nla_validate_parse: 3 callbacks suppressed
[  246.247763][T11598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2050'.
[  246.406614][T11605] netlink: 'syz.0.2055': attribute type 22 has an invalid length.
[  246.503691][ T5844] Bluetooth: hci4: command 0x0405 tx timeout
[  246.714117][T11621] netlink: 'syz.1.2061': attribute type 3 has an invalid length.
[  246.721906][T11621] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2061'.
[  247.390288][T11650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2069'.
[  247.428029][T11650] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2069'.
[  247.619153][T11659] ieee802154 phy0 wpan0: encryption failed: -22
[  247.677695][T11663] syzkaller0: entered promiscuous mode
[  247.701646][T11663] syzkaller0: entered allmulticast mode
[  248.464447][T11718] xt_TPROXY: Can be used only with -p tcp or -p udp
[  248.972441][T11746] netlink: 'syz.4.2091': attribute type 22 has an invalid length.
[  249.395864][T11764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2099'.
[  249.494368][T11767] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2101'.
[  249.503686][T11767] block nbd0: Unsupported socket: should be TCP or UNIX.
[  249.544300][T11767] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2101'.
[  249.553890][T11767] 0��{X��: renamed from gretap0 (while UP)
[  249.597917][T11767] 0��{X��: entered allmulticast mode
[  249.618934][T11767] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  249.737092][T11778] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2105'.
[  250.321290][T11805] netlink: 2412 bytes leftover after parsing attributes in process `syz.3.2114'.
[  250.528480][T11818] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2118'.
[  250.581316][T11824] netlink: 'syz.4.2120': attribute type 22 has an invalid length.
[  251.314550][T11859] netlink: 'syz.1.2134': attribute type 22 has an invalid length.
[  251.357290][T11856] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.389372][T11856] syzkaller0: entered promiscuous mode
[  251.402347][T11856] syzkaller0: entered allmulticast mode
[  251.451035][T11857] tipc: Resetting bearer <eth:syzkaller0>
[  251.495616][T11864] __nla_validate_parse: 3 callbacks suppressed
[  251.495635][T11864] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2136'.
[  251.542778][T11857] tipc: Resetting bearer <eth:syzkaller0>
[  251.587806][T11857] tipc: Disabling bearer <eth:syzkaller0>
[  251.619693][T11877] netlink: 'syz.3.2140': attribute type 9 has an invalid length.
[  251.800730][T11880] : entered promiscuous mode
[  251.827319][T11887] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2144'.
[  251.828651][T11888] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2145'.
[  251.837995][T11887] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2144'.
[  251.854837][T11887] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2144'.
[  252.076017][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2146'.
[  252.127304][T11897] netlink: 'syz.0.2149': attribute type 22 has an invalid length.
[  252.557843][T11917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2157'.
[  252.576848][T11685] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  252.576988][T11917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2157'.
[  252.597726][T11685] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  252.635946][T11922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2160'.
[  252.657748][T11692] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  252.671939][T11692] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  252.872953][T11932] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2164'.
[  253.013391][T11934] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  253.054363][T11934] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  253.605199][T11973] netlink: 'syz.1.2177': attribute type 12 has an invalid length.
[  253.646672][T11965] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  253.753789][T11973] syzkaller1: tun_chr_ioctl cmd 1074025677
[  253.759877][T11973] syzkaller1: Refused to change device type
[  253.770101][T11977] netlink: 'syz.1.2177': attribute type 12 has an invalid length.
[  254.306086][T12002] pim6reg1: entered promiscuous mode
[  254.311516][T12002] pim6reg1: entered allmulticast mode
[  254.406502][T12005] netlink: 'syz.0.2187': attribute type 13 has an invalid length.
[  254.423260][T12005] netlink: 'syz.0.2187': attribute type 27 has an invalid length.
[  254.475304][T12013] netlink: 'syz.2.2192': attribute type 22 has an invalid length.
[  255.203225][T12051] openvswitch: netlink: Missing key (keys=40, expected=80)
[  255.278885][T12055] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  256.681973][T12124] __nla_validate_parse: 18 callbacks suppressed
[  256.681993][T12124] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2237'.
[  256.818465][T12130] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2240'.
[  256.852461][T12132] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0
[  256.930648][T12143] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2240'.
[  257.142302][T12154] netlink: 'syz.3.2248': attribute type 13 has an invalid length.
[  257.336016][T12160] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2252'.
[  257.556041][T12172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2254'.
[  257.714259][T12182] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2258'.
[  257.844613][T12189] lo: Caught tx_queue_len zero misconfig
[  258.039272][T12204] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2265'.
[  258.210995][T12212] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2268'.
[  258.405228][T12217] netlink: 'syz.3.2269': attribute type 1 has an invalid length.
[  258.533119][T12213] syzkaller0: entered promiscuous mode
[  258.539696][T12213] syzkaller0: entered allmulticast mode
[  258.713809][T12235] netlink: 'syz.3.2275': attribute type 22 has an invalid length.
[  259.108643][T12256] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2279'.
[  260.425683][T12239] batadv_slave_0: entered promiscuous mode
[  260.450450][T12261] vlan2: entered allmulticast mode
[  260.842734][T12289] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  261.059176][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  261.066646][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  261.183160][T12302] syzkaller0: entered allmulticast mode
[  261.200535][T12304] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2296'.
[  261.350564][T12313] netlink: 'syz.1.2298': attribute type 22 has an invalid length.
[  261.718640][T12326] __nla_validate_parse: 2 callbacks suppressed
[  261.718661][T12326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2303'.
[  261.745096][T12326] netlink: 'syz.3.2303': attribute type 1 has an invalid length.
[  261.756444][T12326] netlink: 'syz.3.2303': attribute type 2 has an invalid length.
[  261.972949][T12343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2310'.
[  262.035577][T12345] netlink: 'syz.4.2311': attribute type 22 has an invalid length.
[  262.110249][T12349] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2313'.
[  262.132499][T12349] tunl0: left promiscuous mode
[  262.223424][T12356] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2316'.
[  262.590723][T12349] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.598441][T12349] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.678244][T12349] batman_adv: batadv0: Interface deactivated: dummy0
[  263.136865][T12349] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.166268][T12349] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.421688][T12349] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  263.604432][T12349] bond3: left promiscuous mode
[  263.609416][T12349] bond3: left allmulticast mode
[  263.656837][T10708] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.686186][T10708] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.695381][T10708] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.737940][T10708] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  263.818471][T12396] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2325'.
[  263.911687][T12399] netlink: 'syz.0.2326': attribute type 22 has an invalid length.
[  264.087556][T12406] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2329'.
[  264.247339][T12413] netlink: 2412 bytes leftover after parsing attributes in process `syz.4.2332'.
[  264.800944][T12442] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  264.814271][T12442] batadv_slave_1: entered allmulticast mode
[  264.829591][T12442] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2344'.
[  264.867737][T12442] tipc: Resetting bearer <eth:syzkaller0>
[  264.881519][T12441] tipc: Disabling bearer <eth:syzkaller0>
[  264.918461][T12448] bond0: Error: Cannot enslave bond to itself.
[  265.113046][T12454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2348'.
[  265.197287][T12460] bond3: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[  265.675300][T12489] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2360'.
[  265.948960][T12507] netlink: 'syz.2.2368': attribute type 22 has an invalid length.
[  265.989245][T12505] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  266.544352][T12530] syzkaller1: entered promiscuous mode
[  266.550308][T12530] syzkaller1: entered allmulticast mode
[  266.622393][T12539] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  266.634858][T12538] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  266.880442][T12555] __nla_validate_parse: 2 callbacks suppressed
[  266.880461][T12555] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2385'.
[  267.391242][T12573] netlink: 'syz.3.2394': attribute type 22 has an invalid length.
[  267.488702][T12579] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  267.502706][T12579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2397'.
[  267.512526][T12579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2397'.
[  268.051936][T12599] Cannot find del_set index 0 as target
[  268.071731][T12605] netlink: 'syz.1.2405': attribute type 1 has an invalid length.
[  268.080659][T12601] --map-set only usable from mangle table
[  268.083393][T12605] netlink: 'syz.1.2405': attribute type 3 has an invalid length.
[  268.143910][T12605] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2405'.
[  268.183816][T12605] NCSI netlink: No device for ifindex 813332851
[  268.304296][T12613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2412'.
[  268.377914][T12621] sctp: [Deprecated]: syz.2.2409 (pid 12621) Use of int in maxseg socket option.
[  268.377914][T12621] Use struct sctp_assoc_value instead
[  268.538964][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2415'.
[  268.576026][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2415'.
[  268.612820][T12638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2414'.
[  268.627834][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2415'.
[  268.660277][T12633] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2415'.
[  268.810407][T12643] syzkaller0: entered promiscuous mode
[  268.816373][T12643] syzkaller0: entered allmulticast mode
[  268.853887][T12643] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  268.959886][T12652] netlink: 'syz.0.2421': attribute type 22 has an invalid length.
[  269.355305][T12673] xt_l2tp: v2 doesn't support IP mode
[  269.382927][T12675] xt_l2tp: v2 doesn't support IP mode
[  270.009483][T12708] bond0: (slave rose0): Error: Device can not be enslaved while up
[  270.718006][   T30] audit: type=1800 audit(1763157257.562:4): pid=12753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2456" name="memory.events" dev="tmpfs" ino=2365 res=0 errno=0
[  271.023151][T12768] netlink: 'syz.4.2463': attribute type 22 has an invalid length.
[  271.118884][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.125982][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.146252][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.197077][T12773] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  271.352276][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.433659][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.441639][T11692] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.471597][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.478636][T12787] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  271.534038][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.542109][T12773] wlan0 speed is unknown, defaulting to 1000
[  271.871827][T12806] netlink: 'syz.0.2477': attribute type 22 has an invalid length.
[  272.305130][T12827] __nla_validate_parse: 39 callbacks suppressed
[  272.305151][T12827] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2485'.
[  272.554539][T12841] ieee802154 phy0 wpan0: encryption failed: -22
[  272.568954][T12843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2490'.
[  272.684336][T12851] netlink: 'syz.3.2494': attribute type 22 has an invalid length.
[  272.990576][T10708] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  273.020350][T10708] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  273.048865][T10708] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  273.250248][T12877] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2503'.
[  273.261202][T12890] netlink: 'syz.0.2510': attribute type 22 has an invalid length.
[  273.391490][T12883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2503'.
[  273.446251][T12877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2503'.
[  273.795492][T12916] netlink: 2412 bytes leftover after parsing attributes in process `syz.2.2517'.
[  273.808733][T12912] netlink: 'syz.4.2516': attribute type 11 has an invalid length.
[  273.844451][T12912] netlink: 'syz.4.2516': attribute type 11 has an invalid length.
[  273.870547][T12912] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2516'.
[  274.269155][T12939] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  274.775336][T12971] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2537'.
[  274.910218][T12978] netlink: 'syz.3.2540': attribute type 22 has an invalid length.
[  275.056259][T12989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2541'.
[  275.100598][T12968] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  275.179681][T12974] bond4: option packets_per_slave: invalid value (18446744073709551615)
[  275.195993][T12974] bond4: option packets_per_slave: allowed values 0 - 65535
[  275.216015][T12974] bond4 (unregistering): Released all slaves
[  275.445254][T13002] netlink: 'syz.2.2546': attribute type 13 has an invalid length.
[  275.815380][T13014] nbd: must specify an index to disconnect
[  275.824553][T13013] nbd: must specify an index to disconnect
[  276.046627][T13019] netlink: 'syz.3.2550': attribute type 4 has an invalid length.
[  276.054888][T13019] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2550'.
[  276.085555][T13021] netlink: 'syz.0.2551': attribute type 1 has an invalid length.
[  276.106051][T13021] netlink: 'syz.0.2551': attribute type 4 has an invalid length.
[  276.115443][T13021] netlink: 'syz.0.2551': attribute type 1 has an invalid length.
[  276.123237][T13021] netlink: 'syz.0.2551': attribute type 4 has an invalid length.
[  277.172626][T13002] macvtap0: entered allmulticast mode
[  277.178676][T13002] macvtap0: refused to change device tx_queue_len
[  277.193390][T13004] bridge0: port 3(batadv1) entered blocking state
[  277.202365][T13004] bridge0: port 3(batadv1) entered disabled state
[  277.221318][T13004] batadv1: entered allmulticast mode
[  277.233461][T13004] batadv1: entered promiscuous mode
[  277.267413][T13019] `: renamed from bond0
[  277.428660][T13044] netlink: 'syz.2.2559': attribute type 1 has an invalid length.
[  277.439337][T13045] __nla_validate_parse: 5 callbacks suppressed
[  277.439355][T13045] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2558'.
[  277.511817][T13044] 8021q: adding VLAN 0 to HW filter on device bond4
[  277.604534][T13055] IPVS: ip_vs_add_dest(): server weight less than zero
[  277.619238][ T9412] IPVS: starting estimator thread 0...
[  277.653216][T13049] 8021q: adding VLAN 0 to HW filter on device bond4
[  277.694312][T10708] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  277.699244][T13049] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  277.704275][T10708] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  277.724161][T13049] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  277.755316][T13058] IPVS: using max 26 ests per chain, 62400 per kthread
[  277.920953][T13044] veth9: entered promiscuous mode
[  277.945590][T13044] bond4: (slave veth9): Enslaving as an active interface with a down link
[  277.990060][T13059] vlan0: entered allmulticast mode
[  277.995829][T13059] bond4: entered allmulticast mode
[  278.009688][T13078] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2569'.
[  278.066223][T13062] netlink: 'syz.2.2559': attribute type 29 has an invalid length.
[  278.086745][T13064] netlink: 'syz.2.2559': attribute type 29 has an invalid length.
[  278.200331][T13079] bond0 (unregistering): Released all slaves
[  278.266508][T13088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2572'.
[  278.277238][T13088] IPVS: set_ctl: invalid protocol: 117 172.20.20.170:20000
[  278.487848][T13104] netdevsim netdevsim3: Direct firmware load for /.� failed with error -2
[  278.514003][T13104] netdevsim netdevsim3: Falling back to sysfs fallback for: /.�
[  278.563372][T13107] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2580'.
[  278.622028][T13107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.877897][T13124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2583'.
[  278.896067][T13117] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  278.896956][T13124] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2583'.
[  278.922227][T13117] bond3 (unregistering): Released all slaves
[  279.252462][T13146] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2591'.
[  279.395446][T13153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2592'.
[  279.434808][T13153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2592'.
[  279.437197][T13146] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2591'.
[  280.473042][T13213] lo: entered promiscuous mode
[  280.480348][T13213] tunl0: entered promiscuous mode
[  280.486406][T13213] gre0: entered promiscuous mode
[  280.513129][T13213] erspan0: entered promiscuous mode
[  280.525763][T13213] ip_vti0: entered promiscuous mode
[  280.531455][T13213] ip6_vti0: entered promiscuous mode
[  280.561967][T13219] sctp: [Deprecated]: syz.0.2611 (pid 13219) Use of int in maxseg socket option.
[  280.561967][T13219] Use struct sctp_assoc_value instead
[  280.578436][T13213] sit0: entered promiscuous mode
[  280.601449][T13213] ip6tnl0: entered promiscuous mode
[  280.627034][T13213] ip6gre0: entered promiscuous mode
[  280.644926][T13213] syz_tun: entered promiscuous mode
[  280.661190][T13213] vcan0: entered promiscuous mode
[  280.671230][T13225] IPVS: length: 59 != 24
[  280.690378][T13213] `: entered promiscuous mode
[  280.717394][T13213] bond_slave_0: entered promiscuous mode
[  280.723266][T13213] bond_slave_1: entered promiscuous mode
[  280.732383][T13213] dummy0: entered promiscuous mode
[  280.739144][T13213] team0: entered promiscuous mode
[  280.746843][T13213] team_slave_0: entered promiscuous mode
[  280.756363][T13213] team_slave_1: entered promiscuous mode
[  280.762243][T13213] ip6gretap2: entered promiscuous mode
[  280.769936][T13213] nlmon0: entered promiscuous mode
[  280.775928][T13213] caif0: entered promiscuous mode
[  280.781389][T13213] batadv0: entered promiscuous mode
[  280.787148][T13213] veth0: entered promiscuous mode
[  280.792544][T13213] veth1: entered promiscuous mode
[  280.798095][T13213] wg0: entered promiscuous mode
[  280.803268][T13213] wg1: entered promiscuous mode
[  280.809092][T13213] veth0_to_bridge: entered promiscuous mode
[  280.816214][T13213] veth1_to_bridge: entered promiscuous mode
[  280.822859][T13213] veth0_to_bond: entered promiscuous mode
[  280.830024][T13213] veth1_to_bond: entered promiscuous mode
[  280.836703][T13213] veth0_to_team: entered promiscuous mode
[  280.843143][T13213] veth1_to_team: entered promiscuous mode
[  280.849946][T13213] veth0_to_batadv: entered promiscuous mode
[  280.856382][T13213] batadv_slave_0: entered promiscuous mode
[  280.862616][T13213] veth1_to_batadv: entered promiscuous mode
[  280.869538][T13213] batadv_slave_1: entered promiscuous mode
[  280.874345][T13234] validate_nla: 3 callbacks suppressed
[  280.874364][T13234] netlink: 'syz.4.2619': attribute type 2 has an invalid length.
[  280.890127][T13213] xfrm0: entered promiscuous mode
[  280.897962][T13213] veth0_to_hsr: entered promiscuous mode
[  280.904959][T13213] veth1_to_hsr: entered promiscuous mode
[  280.911216][T13213] hsr0: entered promiscuous mode
[  280.917020][T13213] veth1_virt_wifi: entered promiscuous mode
[  280.923358][T13213] veth0_virt_wifi: entered promiscuous mode
[  280.930837][T13213] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  280.939400][T13213] vlan0: entered promiscuous mode
[  280.945341][T13213] vlan1: entered promiscuous mode
[  280.950970][T13213] macvlan0: entered promiscuous mode
[  280.963875][T13213] macvlan1: entered promiscuous mode
[  280.969490][T13213] ipvlan0: entered promiscuous mode
[  280.975411][T13213] ipvlan1: entered promiscuous mode
[  280.981055][T13213] veth1_macvtap: entered promiscuous mode
[  280.989382][T13213] macvtap0: entered promiscuous mode
[  280.995367][T13213] macsec0: entered promiscuous mode
[  281.001123][T13213] geneve0: entered promiscuous mode
[  281.008680][T13213] geneve1: entered promiscuous mode
[  281.015499][T13213] netdevsim netdevsim3 netdevsim1: entered promiscuous mode
[  281.023387][T13213] netdevsim netdevsim3 netdevsim2: entered promiscuous mode
[  281.031502][T13213] netdevsim netdevsim3 netdevsim3: entered promiscuous mode
[  281.039590][T13213] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  281.047631][T13213] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode
[  281.055197][T13213] macsec1: entered promiscuous mode
[  281.060889][T13213] ip6gretap1: entered promiscuous mode
[  281.069357][T13213] bridge1: entered promiscuous mode
[  281.075505][T13213] vlan0.0: entered promiscuous mode
[  281.081571][T13213] bond1: entered promiscuous mode
[  281.090847][T13213] ip6gre1: entered promiscuous mode
[  281.097241][T13213] geneve2: entered promiscuous mode
[  281.102700][T13213] geneve2: left allmulticast mode
[  281.110322][T13213] ip6erspan0: entered promiscuous mode
[  281.117182][T13213] gtp0: entered promiscuous mode
[  281.122885][T13213] macvtap1: entered promiscuous mode
[  281.129192][T13213] macvtap1: left allmulticast mode
[  281.145956][T13213] gretap1: entered promiscuous mode
[  281.151474][T13213] gretap1: left allmulticast mode
[  281.157631][T13213] hsr1: entered promiscuous mode
[  281.163729][T13213] macvlan2: entered promiscuous mode
[  281.169464][T13213] ip6erspan1: entered promiscuous mode
[  281.175719][T13213] bond2: entered promiscuous mode
[  281.181157][T13213] bond3: entered promiscuous mode
[  281.188194][T13213] gre1: entered promiscuous mode
[  281.198118][T13213] macvlan3: entered promiscuous mode
[  281.440499][T13247] IPVS: set_ctl: invalid protocol: 12 0.0.0.0:0
[  281.636249][T13256] bridge0: port 4(vlan2) entered blocking state
[  281.663940][T13256] bridge0: port 4(vlan2) entered disabled state
[  281.674284][T13256] vlan2: entered allmulticast mode
[  281.694198][T13256] bridge0: entered allmulticast mode
[  281.724102][T13256] vlan2: left allmulticast mode
[  281.740708][T13256] bridge0: left allmulticast mode
[  282.083232][T13277] syzkaller1: entered promiscuous mode
[  282.113895][T13277] syzkaller1: entered allmulticast mode
[  282.456166][T13301] __nla_validate_parse: 9 callbacks suppressed
[  282.456187][T13301] netlink: 2412 bytes leftover after parsing attributes in process `syz.3.2641'.
[  282.605002][T13305] bond6: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2)
[  282.639488][T13305] bond6 (unregistering): Released all slaves
[  282.682353][T13303] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  282.934333][T13327] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2650'.
[  283.442957][T13358] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2657'.
[  283.484376][T13355] bridge0: port 4(ipvlan3) entered blocking state
[  283.509755][T13355] bridge0: port 4(ipvlan3) entered disabled state
[  283.566790][T13355] ipvlan3: entered allmulticast mode
[  283.599495][T13355] bridge0: entered allmulticast mode
[  283.637332][T13355] ipvlan3: left allmulticast mode
[  283.649354][T13355] bridge0: left allmulticast mode
[  283.940644][T13385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2662'.
[  283.964120][T13383] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2664'.
[  283.993646][T13385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2662'.
[  284.085088][T13373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2662'.
[  284.350246][T13402] netlink: 'syz.3.2671': attribute type 22 has an invalid length.
[  284.593162][T13407] bond6: option lp_interval: invalid value (0)
[  284.613994][T13407] bond6: option lp_interval: allowed values 1 - 2147483647
[  284.627471][T13407] bond6 (unregistering): Released all slaves
[  284.665737][T13424] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2674'.
[  284.861996][T13433] netlink: 'syz.2.2681': attribute type 1 has an invalid length.
[  284.968336][T13436] netlink: 'syz.2.2684': attribute type 32 has an invalid length.
[  285.235512][T13452] netlink: 'syz.1.2686': attribute type 22 has an invalid length.
[  285.363319][T13455] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  285.371472][T13455] syzkaller0: entered promiscuous mode
[  285.378016][T13455] syzkaller0: entered allmulticast mode
[  285.386329][T13458] vet�0_virt_wifi: renamed from dummy0
[  285.409308][T13455] tipc: Resetting bearer <eth:syzkaller0>
[  285.422083][T13459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  285.432418][T13454] tipc: Resetting bearer <eth:syzkaller0>
[  285.485905][T13454] tipc: Disabling bearer <eth:syzkaller0>
[  285.523825][T13459] syzkaller0: entered promiscuous mode
[  285.535060][T13459] syzkaller0: entered allmulticast mode
[  285.544708][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2690'.
[  285.617561][T13459] tipc: Resetting bearer <eth:syzkaller0>
[  285.657622][T13459] tipc: Disabling bearer <eth:syzkaller0>
[  285.671970][T13464] syzkaller1: entered promiscuous mode
[  285.681152][T13464] syzkaller1: entered allmulticast mode
[  285.848266][T13489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2695'.
[  285.866569][T13489] netlink: 'syz.4.2695': attribute type 22 has an invalid length.
[  285.936359][T13489] netlink: 'syz.4.2695': attribute type 22 has an invalid length.
[  286.101741][T13495] netlink: 'syz.0.2698': attribute type 22 has an invalid length.
[  286.727644][T13538] netlink: 'syz.3.2715': attribute type 22 has an invalid length.
[  286.991194][T13552] IPVS: set_ctl: invalid protocol: 94 255.255.255.255:20004
[  287.295260][T13566] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.313018][T13566] tipc: Resetting bearer <eth:syzkaller0>
[  287.348237][T13563] tipc: Disabling bearer <eth:syzkaller0>
[  287.374013][T13574] netlink: 'syz.0.2730': attribute type 22 has an invalid length.
[  287.471315][T13577] __nla_validate_parse: 9 callbacks suppressed
[  287.471333][T13577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2729'.
[  287.659277][T13588] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2734'.
[  288.023032][T13609] netlink: 'syz.2.2742': attribute type 22 has an invalid length.
[  288.081775][T13607] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2741'.
[  288.257735][T13621] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2747'.
[  288.725947][T13640] netlink: 'syz.0.2754': attribute type 22 has an invalid length.
[  288.979638][T13650] netlink: 2412 bytes leftover after parsing attributes in process `syz.0.2756'.
[  289.188540][T13652] netlink: 'syz.3.2757': attribute type 2 has an invalid length.
[  289.205500][T13652] netlink: 'syz.3.2757': attribute type 11 has an invalid length.
[  289.234403][T13652] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2757'.
[  289.264314][T13657] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  289.553194][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  289.582178][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  289.590848][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  289.599801][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  289.616243][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  289.668425][T13675] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  289.716295][T13675] syzkaller0: entered promiscuous mode
[  289.759707][T13675] syzkaller0: entered allmulticast mode
[  289.792002][T13670] hsr0 speed is unknown, defaulting to 1000
[  289.816590][T13670] wlan0 speed is unknown, defaulting to 1000
[  289.829692][T13676] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2764'.
[  289.839364][T13677] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2764'.
[  290.179629][T13673] tipc: Resetting bearer <eth:syzkaller0>
[  290.216525][T13673] tipc: Disabling bearer <eth:syzkaller0>
[  290.643263][T13670] chnl_net:caif_netlink_parms(): no params data found
[  290.859009][T13670] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.884411][T13670] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.891795][T13670] bridge_slave_0: entered allmulticast mode
[  290.904476][T13670] bridge_slave_0: entered promiscuous mode
[  290.913742][T13670] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.920993][T13670] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.929114][T13670] bridge_slave_1: entered allmulticast mode
[  290.937429][T13670] bridge_slave_1: entered promiscuous mode
[  290.960136][T13727] netlink: 'syz.3.2777': attribute type 22 has an invalid length.
[  291.016125][T13670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.042059][T13725] syzkaller0: entered promiscuous mode
[  291.049146][T13725] syzkaller0: entered allmulticast mode
[  291.067450][T13670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.119912][T13732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2779'.
[  291.213335][T13670] team0: Port device team_slave_0 added
[  291.231015][T13670] team0: Port device team_slave_1 added
[  291.371002][T13670] batman_adv: batadv0: Adding interface: batadv_slave_0
[  291.391078][T13670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.426120][T13670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.449690][T13670] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.459529][T13670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.489342][T13670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.675787][T13670] hsr_slave_0: entered promiscuous mode
[  291.692709][T13670] hsr_slave_1: entered promiscuous mode
[  291.701515][ T5844] Bluetooth: hci3: command tx timeout
[  291.709789][T13670] debugfs: 'hsr0' already exists in 'hsr'
[  291.718006][T13670] Cannot create hsr debugfs directory
[  291.759657][T13756] netlink: 'syz.4.2787': attribute type 22 has an invalid length.
[  291.828420][T13758] ieee802154 phy1 wpan1: encryption failed: -22
[  292.436765][T13786] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2797'.
[  292.656409][T13670] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  292.688631][T13670] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  292.710505][T13670] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  292.739423][T13670] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  292.937840][T13670] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.945611][T13815] netlink: 'syz.4.2804': attribute type 1 has an invalid length.
[  293.024090][T13815] bond3: entered promiscuous mode
[  293.031162][T13815] 8021q: adding VLAN 0 to HW filter on device bond3
[  293.051387][T13670] 8021q: adding VLAN 0 to HW filter on device team0
[  293.108749][T13827] netlink: 'syz.2.2807': attribute type 1 has an invalid length.
[  293.122982][T13820] bond3: (slave bridge2): making interface the new active one
[  293.131244][T13820] bridge2: entered promiscuous mode
[  293.138250][T13820] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  293.210059][T13827] 8021q: adding VLAN 0 to HW filter on device bond6
[  293.320703][T13830] bond6: (slave veth11): Enslaving as an active interface with a down link
[  293.334370][T13837] netlink: 'syz.4.2810': attribute type 11 has an invalid length.
[  293.340547][T10708] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.342510][T13837] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2810'.
[  293.349406][T10708] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.353965][T13838] netlink: 'syz.3.2808': attribute type 1 has an invalid length.
[  293.376537][T13837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2810'.
[  293.389611][T13838] netlink: 'syz.3.2808': attribute type 2 has an invalid length.
[  293.395823][T13833] bond6: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  293.414418][T13842] netlink: 'syz.3.2808': attribute type 1 has an invalid length.
[  293.422204][T13842] netlink: 'syz.3.2808': attribute type 2 has an invalid length.
[  293.495696][T13845] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2811'.
[  293.498863][T13827] bond6: (slave veth13): Enslaving as an active interface with a down link
[  293.522387][T11689] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.529727][T11689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.774799][ T5844] Bluetooth: hci3: command tx timeout
[  293.778268][T13852] netlink: 'syz.4.2814': attribute type 1 has an invalid length.
[  293.891318][T13859] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2818'.
[  294.147423][T13876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2820'.
[  294.164486][T13869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2820'.
[  294.183992][T13877] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2821'.
[  294.200500][T13877] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  294.221896][T13869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2820'.
[  294.234353][T13877] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.249110][T13876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2820'.
[  294.311731][T13670] 8021q: adding VLAN 0 to HW filter on device batadv0
[  294.457212][T13670] veth0_vlan: entered promiscuous mode
[  294.493075][T13670] veth1_vlan: entered promiscuous mode
[  294.559063][T13670] veth0_macvtap: entered promiscuous mode
[  294.579853][T13670] veth1_macvtap: entered promiscuous mode
[  294.612334][T13670] batman_adv: batadv0: Interface activated: batadv_slave_0
[  294.667546][T13670] batman_adv: batadv0: Interface activated: batadv_slave_1
[  294.706494][T13893] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2826'.
[  294.718376][   T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  294.734586][   T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  294.785807][   T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  294.823651][   T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  294.938264][T11685] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  294.971892][T11685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  295.076321][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  295.085348][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  295.149133][T13909] syzkaller1: entered promiscuous mode
[  295.176707][T13909] syzkaller1: entered allmulticast mode
[  295.249624][T13914] openvswitch: netlink: Tunnel attr 15060 out of range max 16
[  295.299632][T13914] netem: change failed
[  295.320771][T13914] syzkaller0: entered promiscuous mode
[  295.350917][T13914] syzkaller0: entered allmulticast mode
[  295.864089][ T5844] Bluetooth: hci3: command tx timeout
[  295.939017][T13946] tipc: Failed to remove unknown binding: 66,1,1/0:3357797023/3357797025
[  295.951359][T13946] tipc: Failed to remove unknown binding: 66,1,1/0:3357797023/3357797025
[  296.109692][T13954] pim6reg527: entered allmulticast mode
[  296.205301][T13959] ieee802154 phy1 wpan1: encryption failed: -22
[  296.846237][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  296.854911][T13997] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  296.877672][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  296.885907][T13997] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  296.903781][T14001] netlink: 'syz.2.2867': attribute type 22 has an invalid length.
[  296.931492][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  296.939783][T13997] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  296.989865][T13998] netlink: 'syz.1.2865': attribute type 10 has an invalid length.
[  296.998576][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.006825][T13997] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815
[  297.027067][T13997] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  297.078349][T14012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  297.943983][ T5844] Bluetooth: hci3: command tx timeout
[  299.819289][T13998] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  299.843635][T14017] __nla_validate_parse: 11 callbacks suppressed
[  299.843657][T14017] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2870'.
[  300.045082][T14026] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2874'.
[  300.077334][T14026] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2874'.
[  300.316047][T14039] netlink: 'syz.4.2879': attribute type 22 has an invalid length.
[  300.337324][T14041] netlink: 2412 bytes leftover after parsing attributes in process `syz.2.2880'.
[  300.489401][T14051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2884'.
[  300.538541][T14051] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2884'.
[  300.688966][T14063] netlink: 'syz.1.2888': attribute type 1 has an invalid length.
[  300.722512][T14063] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2888'.
[  300.854437][T14065] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  300.889047][T14065] syzkaller0: entered promiscuous mode
[  300.913906][T14065] syzkaller0: entered allmulticast mode
[  300.972376][T14065] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  301.025887][T14065] x_tables: unsorted entry at hook 1
[  301.057792][T14065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2889'.
[  301.089551][T14065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2889'.
[  301.099123][T14065] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2889'.
[  301.120421][T14072] tipc: Resetting bearer <eth:syzkaller0>
[  301.208059][T14064] tipc: Resetting bearer <eth:syzkaller0>
[  301.261913][T14064] tipc: Disabling bearer <eth:syzkaller0>
[  301.532862][T14103] FAULT_INJECTION: forcing a failure.
[  301.532862][T14103] name failslab, interval 1, probability 0, space 0, times 0
[  301.582475][T14103] CPU: 1 UID: 0 PID: 14103 Comm: syz.4.2902 Not tainted syzkaller #0 PREEMPT(full) 
[  301.582511][T14103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.582536][T14103] Call Trace:
[  301.582545][T14103]  <TASK>
[  301.582554][T14103]  dump_stack_lvl+0x189/0x250
[  301.582590][T14103]  ? __pfx____ratelimit+0x10/0x10
[  301.582619][T14103]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.582647][T14103]  ? __pfx__printk+0x10/0x10
[  301.582675][T14103]  ? __pfx___might_resched+0x10/0x10
[  301.582697][T14103]  ? fs_reclaim_acquire+0x7d/0x100
[  301.582721][T14103]  should_fail_ex+0x414/0x560
[  301.582759][T14103]  should_failslab+0xa8/0x100
[  301.582782][T14103]  kmem_cache_alloc_node_noprof+0x77/0x710
[  301.582810][T14103]  ? __sock_sendmsg+0x19c/0x270
[  301.582836][T14103]  ? __alloc_skb+0x112/0x2d0
[  301.582853][T14103]  ? ksys_write+0x145/0x250
[  301.582878][T14103]  ? do_syscall_64+0xfa/0xfa0
[  301.582906][T14103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.582932][T14103]  __alloc_skb+0x112/0x2d0
[  301.582957][T14103]  __ip6_append_data+0x2c16/0x3f30
[  301.583015][T14103]  ? __pfx_raw6_getfrag+0x10/0x10
[  301.583067][T14103]  ? __pfx___ip6_append_data+0x10/0x10
[  301.583096][T14103]  ? __pfx_ip6_mtu+0x10/0x10
[  301.583135][T14103]  ip6_append_data+0x1c1/0x380
[  301.583172][T14103]  ? __pfx_raw6_getfrag+0x10/0x10
[  301.583198][T14103]  rawv6_sendmsg+0x1286/0x1830
[  301.583241][T14103]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  301.583274][T14103]  ? aa_file_perm+0x13a/0x1550
[  301.583310][T14103]  ? __pfx_aa_sk_perm+0x10/0x10
[  301.583344][T14103]  ? sock_rps_record_flow+0x19/0x410
[  301.583380][T14103]  ? inet_sendmsg+0x2f4/0x370
[  301.583398][T14103]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  301.583424][T14103]  __sock_sendmsg+0x19c/0x270
[  301.583456][T14103]  sock_write_iter+0x279/0x360
[  301.583486][T14103]  ? __pfx_sock_write_iter+0x10/0x10
[  301.583524][T14103]  ? bpf_lsm_file_permission+0x9/0x20
[  301.583547][T14103]  ? security_file_permission+0x75/0x290
[  301.583582][T14103]  vfs_write+0x5c9/0xb30
[  301.583617][T14103]  ? __pfx_sock_write_iter+0x10/0x10
[  301.583644][T14103]  ? __pfx_vfs_write+0x10/0x10
[  301.583686][T14103]  ? __fget_files+0x2a/0x420
[  301.583719][T14103]  ksys_write+0x145/0x250
[  301.583752][T14103]  ? __pfx_ksys_write+0x10/0x10
[  301.583786][T14103]  ? do_syscall_64+0xbe/0xfa0
[  301.583821][T14103]  do_syscall_64+0xfa/0xfa0
[  301.583849][T14103]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.583879][T14103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.583899][T14103]  ? clear_bhb_loop+0x60/0xb0
[  301.583926][T14103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.583947][T14103] RIP: 0033:0x7f17aa58f6c9
[  301.583966][T14103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.583983][T14103] RSP: 002b:00007f17ab46b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  301.584005][T14103] RAX: ffffffffffffffda RBX: 00007f17aa7e5fa0 RCX: 00007f17aa58f6c9
[  301.584021][T14103] RDX: 00000000000005ac RSI: 00002000000000c0 RDI: 0000000000000003
[  301.584054][T14103] RBP: 00007f17ab46b090 R08: 0000000000000000 R09: 0000000000000000
[  301.584066][T14103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.584077][T14103] R13: 00007f17aa7e6038 R14: 00007f17aa7e5fa0 R15: 00007ffce3bb37f8
[  301.584112][T14103]  </TASK>
[  302.066434][T14117] bond1: option lp_interval: invalid value (0)
[  302.072716][T14117] bond1: option lp_interval: allowed values 1 - 2147483647
[  302.103171][T14117] bond1 (unregistering): Released all slaves
[  302.275478][T14130] netlink: 'syz.2.2913': attribute type 22 has an invalid length.
[  302.513207][T14139] net_ratelimit: 66048 callbacks suppressed
[  302.513232][T14139] sock: sock_set_timeout: `syz.0.2917' (pid 14139) tries to set negative timeout
[  302.680665][T14146] openvswitch: netlink: Flow actions attr not present in new flow.
[  303.148293][T14172] netlink: 'syz.4.2929': attribute type 1 has an invalid length.
[  303.248128][T14179] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  303.274838][T14179] xt_hashlimit: size too large, truncated to 1048576
[  303.298995][T14172] 8021q: adding VLAN 0 to HW filter on device bond4
[  303.486045][T14178] 8021q: adding VLAN 0 to HW filter on device bond4
[  303.525421][T14178] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  303.556929][T14178] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  303.728908][T14172] vlan2: entered allmulticast mode
[  303.753262][T14172] bond4: entered allmulticast mode
[  303.977036][T14216] netlink: 'syz.0.2938': attribute type 1 has an invalid length.
[  303.999053][T14218] netlink: 'syz.0.2938': attribute type 1 has an invalid length.
[  304.077529][T14216] 8021q: adding VLAN 0 to HW filter on device bond1
[  304.108881][T14223] bond1: option lacp_active: mode dependency failed, not supported in mode balance-alb(6)
[  304.169021][T14229] netlink: 'syz.4.2943': attribute type 22 has an invalid length.
[  304.211958][T14227] : entered promiscuous mode
[  304.254081][T14231] pim6reg1: entered promiscuous mode
[  304.269413][T14231] pim6reg1: entered allmulticast mode
[  304.374535][T14236] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  304.459750][T14236] tipc: Disabling bearer <eth:syzkaller0>
[  304.675277][T14250] bond0: entered allmulticast mode
[  304.885401][T14266] netlink: 'syz.0.2956': attribute type 22 has an invalid length.
[  305.267366][T14282] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  305.348200][T14276] netlink: 'syz.2.2961': attribute type 16 has an invalid length.
[  305.357294][T14276] netlink: 'syz.2.2961': attribute type 17 has an invalid length.
[  305.414319][T14276] 8021q: adding VLAN 0 to HW filter on device bond0
[  305.425525][T14276] 8021q: adding VLAN 0 to HW filter on device team0
[  305.439273][T14276] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  305.624208][T14290] netlink: 'syz.1.2966': attribute type 4 has an invalid length.
[  305.693141][T14290] netlink: 'syz.1.2966': attribute type 4 has an invalid length.
[  305.862514][T14307] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  305.985314][T14310] IPv6: addrconf: prefix option has invalid lifetime
[  305.997150][T14311] __nla_validate_parse: 13 callbacks suppressed
[  305.997172][T14311] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2973'.
[  306.029921][T14311] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2973'.
[  306.049034][T14311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2973'.
[  306.070506][T14304] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  306.219646][T14320] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2978'.
[  306.229539][T14320] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  306.391401][T14330] netlink: 2412 bytes leftover after parsing attributes in process `syz.2.2981'.
[  306.493697][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  306.565662][T14335] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2982'.
[  306.616412][T14335] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2982'.
[  307.011382][T14351] netem: change failed
[  307.099532][T14355] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2989'.
[  307.394764][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  307.407880][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  307.417235][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  307.435399][T14369] validate_nla: 2 callbacks suppressed
[  307.435419][T14369] netlink: 'syz.2.2993': attribute type 22 has an invalid length.
[  307.435464][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  307.469022][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  307.665245][T14364] hsr0 speed is unknown, defaulting to 1000
[  307.687411][T14364] wlan0 speed is unknown, defaulting to 1000
[  307.808920][T14386] IPv6: addrconf: prefix option has invalid lifetime
[  307.949949][T14391] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3001'.
[  307.967100][T14393] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3002'.
[  308.167268][T14409] netlink: 'syz.2.3006': attribute type 22 has an invalid length.
[  308.378723][   T30] audit: type=1107 audit(1763157295.222:5): pid=14416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�c��?�-���A��]*I[�
[  308.378723][   T30] #�b^Av���C��w��;aS;��|��
�%�]����ui��ӕ&�����7�H<L8�'2ތҵ��f^��ގ�7u*E9kj:�X'
[  308.409598][T14364] chnl_net:caif_netlink_parms(): no params data found
[  308.454414][ T9415] IPVS: starting estimator thread 0...
[  308.573998][T14421] IPVS: using max 27 ests per chain, 64800 per kthread
[  308.697958][T14364] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.723934][T14434] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  308.732482][T14364] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.750226][T14364] bridge_slave_0: entered allmulticast mode
[  308.775676][T14364] bridge_slave_0: entered promiscuous mode
[  308.827961][T14364] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.836707][T14364] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.844931][T14364] bridge_slave_1: entered allmulticast mode
[  308.853407][T14364] bridge_slave_1: entered promiscuous mode
[  308.929946][T14444] IPv6: addrconf: prefix option has invalid lifetime
[  308.967072][T14364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.210405][T14446] team0 (unregistering): Port device ip6gretap1 removed
[  309.256004][T14364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.505941][T14364] team0: Port device team_slave_0 added
[  309.540464][T14364] team0: Port device team_slave_1 added
[  309.548625][ T5844] Bluetooth: hci5: command tx timeout
[  309.729729][T14364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.740559][T14364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  309.814828][T14364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.868060][T14364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.871469][T14476] ksmbd: Unknown IPC event: 3, ignore.
[  309.903664][T14364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  309.972892][T14364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  309.987388][T14482] netlink: 'syz.1.3020': attribute type 12 has an invalid length.
[  309.997507][T14478] netlink: 'syz.1.3020': attribute type 12 has an invalid length.
[  310.114729][T14364] hsr_slave_0: entered promiscuous mode
[  310.128664][T14364] hsr_slave_1: entered promiscuous mode
[  310.145653][T14364] debugfs: 'hsr0' already exists in 'hsr'
[  310.152130][T14364] Cannot create hsr debugfs directory
[  310.492224][T14505] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  310.578410][T14510] netlink: 'syz.0.3030': attribute type 22 has an invalid length.
[  311.140830][T14364] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  311.220538][T14364] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  311.291975][T14364] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  311.319108][T14529] FAULT_INJECTION: forcing a failure.
[  311.319108][T14529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  311.324180][T14364] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  311.364002][T14529] CPU: 1 UID: 0 PID: 14529 Comm: syz.0.3034 Not tainted syzkaller #0 PREEMPT(full) 
[  311.364029][T14529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  311.364043][T14529] Call Trace:
[  311.364052][T14529]  <TASK>
[  311.364061][T14529]  dump_stack_lvl+0x189/0x250
[  311.364096][T14529]  ? __pfx____ratelimit+0x10/0x10
[  311.364133][T14529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.364162][T14529]  ? __pfx__printk+0x10/0x10
[  311.364184][T14529]  ? __might_fault+0xb0/0x130
[  311.364225][T14529]  should_fail_ex+0x414/0x560
[  311.364262][T14529]  _copy_from_user+0x2d/0xb0
[  311.364290][T14529]  ___sys_sendmsg+0x158/0x2a0
[  311.364317][T14529]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.364380][T14529]  ? __fget_files+0x2a/0x420
[  311.364399][T14529]  ? __fget_files+0x3a0/0x420
[  311.364430][T14529]  __x64_sys_sendmsg+0x19b/0x260
[  311.364456][T14529]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  311.364490][T14529]  ? __pfx_ksys_write+0x10/0x10
[  311.364524][T14529]  ? do_syscall_64+0xbe/0xfa0
[  311.364557][T14529]  do_syscall_64+0xfa/0xfa0
[  311.364584][T14529]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.364612][T14529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.364631][T14529]  ? clear_bhb_loop+0x60/0xb0
[  311.364656][T14529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.364676][T14529] RIP: 0033:0x7f2a9398f6c9
[  311.364696][T14529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.364714][T14529] RSP: 002b:00007f2a94742038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  311.364754][T14529] RAX: ffffffffffffffda RBX: 00007f2a93be5fa0 RCX: 00007f2a9398f6c9
[  311.364771][T14529] RDX: 0000000020000000 RSI: 0000200000002500 RDI: 0000000000000003
[  311.364786][T14529] RBP: 00007f2a94742090 R08: 0000000000000000 R09: 0000000000000000
[  311.364799][T14529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  311.364813][T14529] R13: 00007f2a93be6038 R14: 00007f2a93be5fa0 R15: 00007fffa6a99758
[  311.364849][T14529]  </TASK>
[  311.629810][ T5844] Bluetooth: hci5: command tx timeout
[  311.671934][T14545] netlink: 'syz.0.3041': attribute type 22 has an invalid length.
[  311.789002][T14550] __nla_validate_parse: 6 callbacks suppressed
[  311.789022][T14550] netlink: 81 bytes leftover after parsing attributes in process `syz.2.3039'.
[  311.930995][T14364] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.037710][T14560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3045'.
[  312.050207][T14556] bond2: option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  312.066584][T14556] bond2 (unregistering): Released all slaves
[  312.151254][T14364] 8021q: adding VLAN 0 to HW filter on device team0
[  312.187392][T11689] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.194678][T11689] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.245209][T10708] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.252409][T10708] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.302556][T14569] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3049'.
[  312.451352][T14573] FAULT_INJECTION: forcing a failure.
[  312.451352][T14573] name failslab, interval 1, probability 0, space 0, times 0
[  312.471044][T14573] CPU: 0 UID: 0 PID: 14573 Comm: syz.2.3051 Not tainted syzkaller #0 PREEMPT(full) 
[  312.471073][T14573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  312.471087][T14573] Call Trace:
[  312.471096][T14573]  <TASK>
[  312.471106][T14573]  dump_stack_lvl+0x189/0x250
[  312.471139][T14573]  ? __pfx____ratelimit+0x10/0x10
[  312.471167][T14573]  ? __pfx_dump_stack_lvl+0x10/0x10
[  312.471196][T14573]  ? __pfx__printk+0x10/0x10
[  312.471224][T14573]  ? __pfx___might_resched+0x10/0x10
[  312.471245][T14573]  ? fs_reclaim_acquire+0x7d/0x100
[  312.471270][T14573]  should_fail_ex+0x414/0x560
[  312.471308][T14573]  should_failslab+0xa8/0x100
[  312.471331][T14573]  kmem_cache_alloc_node_noprof+0x77/0x710
[  312.471361][T14573]  ? __alloc_skb+0x112/0x2d0
[  312.471387][T14573]  __alloc_skb+0x112/0x2d0
[  312.471411][T14573]  netlink_sendmsg+0x5c6/0xb30
[  312.471443][T14573]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.471469][T14573]  ? aa_sock_msg_perm+0xf1/0x1d0
[  312.471503][T14573]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  312.471524][T14573]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.471547][T14573]  __sock_sendmsg+0x21c/0x270
[  312.471579][T14573]  ____sys_sendmsg+0x505/0x830
[  312.471608][T14573]  ? __pfx_____sys_sendmsg+0x10/0x10
[  312.471641][T14573]  ? import_iovec+0x74/0xa0
[  312.471672][T14573]  ___sys_sendmsg+0x21f/0x2a0
[  312.471697][T14573]  ? __pfx____sys_sendmsg+0x10/0x10
[  312.471762][T14573]  ? __fget_files+0x2a/0x420
[  312.471781][T14573]  ? __fget_files+0x3a0/0x420
[  312.471811][T14573]  __x64_sys_sendmsg+0x19b/0x260
[  312.471846][T14573]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  312.471880][T14573]  ? __pfx_ksys_write+0x10/0x10
[  312.471915][T14573]  ? do_syscall_64+0xbe/0xfa0
[  312.471947][T14573]  do_syscall_64+0xfa/0xfa0
[  312.471971][T14573]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.471999][T14573]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.472020][T14573]  ? clear_bhb_loop+0x60/0xb0
[  312.472051][T14573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.472072][T14573] RIP: 0033:0x7ff28018f6c9
[  312.472091][T14573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.472110][T14573] RSP: 002b:00007ff280f72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  312.472132][T14573] RAX: ffffffffffffffda RBX: 00007ff2803e5fa0 RCX: 00007ff28018f6c9
[  312.472148][T14573] RDX: 0000000020000000 RSI: 0000200000002500 RDI: 0000000000000003
[  312.472163][T14573] RBP: 00007ff280f72090 R08: 0000000000000000 R09: 0000000000000000
[  312.472176][T14573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  312.472189][T14573] R13: 00007ff2803e6038 R14: 00007ff2803e5fa0 R15: 00007ffcec4d7028
[  312.472225][T14573]  </TASK>
[  312.837605][T14589] openvswitch: netlink: Missing key (keys=40, expected=80)
[  312.992055][T14364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.016185][T14594] netlink: 2412 bytes leftover after parsing attributes in process `syz.1.3056'.
[  313.053353][T14598] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3059'.
[  313.197576][T14364] veth0_vlan: entered promiscuous mode
[  313.221190][T14364] veth1_vlan: entered promiscuous mode
[  313.281440][T14606] hsr0 speed is unknown, defaulting to 1000
[  313.299625][T14610] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3060'.
[  313.331527][T14609] geneve2: entered promiscuous mode
[  313.348181][T14609] geneve2: entered allmulticast mode
[  313.370660][T14614] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3062'.
[  313.389186][T14606] wlan0 speed is unknown, defaulting to 1000
[  313.392881][   T36] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0
[  313.410642][   T36] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0
[  313.429625][T14616] openvswitch: netlink: Flow actions attr not present in new flow.
[  313.440104][   T36] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0
[  313.471797][   T36] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0
[  313.475109][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3062'.
[  313.560701][T14609] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.572433][T14609] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  313.619956][T14364] veth0_macvtap: entered promiscuous mode
[  313.679784][T14609] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.693993][T14609] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  313.705719][ T5844] Bluetooth: hci5: command tx timeout
[  313.752646][T14364] veth1_macvtap: entered promiscuous mode
[  313.811349][T14609] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.824417][T14609] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  313.860552][T14364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  314.081526][T14609] bond0: (slave netdevsim0): Releasing backup interface
[  314.093795][T14637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3070'.
[  314.118923][T14609] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.130890][T14609] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  314.155464][T14364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  314.174310][T11692] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  314.187198][T10708] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  314.260882][T10708] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  314.286155][T10708] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.350250][T14646] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3072'.
[  314.493862][   T36] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 19999 - 0
[  314.524067][   T36] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  314.591391][T14657] netlink: 'syz.4.3076': attribute type 6 has an invalid length.
[  314.600828][T10708] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 19999 - 0
[  314.609890][T10708] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  314.641373][T14657] netlink: 'syz.4.3076': attribute type 5 has an invalid length.
[  314.670812][T11689] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 19999 - 0
[  314.688272][T11689] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  314.715038][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.724671][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.776858][T11689] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 19999 - 0
[  314.797344][T11689] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  314.864805][T10708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.889619][T10708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.993925][T14675] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  315.393967][T14689] netlink: 'syz.3.3087': attribute type 1 has an invalid length.
[  315.426273][T14689] ip6_vti0: entered promiscuous mode
[  315.431810][T14689] ip6_vti0: entered allmulticast mode
[  315.490430][T14693] IPv6: addrconf: prefix option has invalid lifetime
[  315.775051][ T5844] Bluetooth: hci5: command tx timeout
[  315.841421][T14707] netlink: 'syz.4.3093': attribute type 3 has an invalid length.
[  315.858198][T14706] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  316.008866][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  316.019363][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  316.028674][T14716] netlink: 'syz.4.3096': attribute type 22 has an invalid length.
[  316.028777][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  316.045986][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  316.055047][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  316.210462][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  316.254476][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.415068][T14713] hsr0 speed is unknown, defaulting to 1000
[  316.486284][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  316.523521][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.589731][T14713] wlan0 speed is unknown, defaulting to 1000
[  316.611550][T14747] IPv6: addrconf: prefix option has invalid lifetime
[  316.698953][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  316.732409][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.782198][T14754] FAULT_INJECTION: forcing a failure.
[  316.782198][T14754] name failslab, interval 1, probability 0, space 0, times 0
[  316.803668][T14754] CPU: 1 UID: 0 PID: 14754 Comm: syz.3.3105 Not tainted syzkaller #0 PREEMPT(full) 
[  316.803699][T14754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  316.803712][T14754] Call Trace:
[  316.803721][T14754]  <TASK>
[  316.803731][T14754]  dump_stack_lvl+0x189/0x250
[  316.803766][T14754]  ? __pfx____ratelimit+0x10/0x10
[  316.803795][T14754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.803823][T14754]  ? __pfx__printk+0x10/0x10
[  316.803852][T14754]  ? __pfx___might_resched+0x10/0x10
[  316.803875][T14754]  ? fs_reclaim_acquire+0x7d/0x100
[  316.803902][T14754]  should_fail_ex+0x414/0x560
[  316.803941][T14754]  should_failslab+0xa8/0x100
[  316.803964][T14754]  __kmalloc_noprof+0xcb/0x7f0
[  316.803994][T14754]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  316.804022][T14754]  ? __local_bh_enable_ip+0x12d/0x1c0
[  316.804052][T14754]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  316.804087][T14754]  genl_family_rcv_msg_doit+0xb8/0x300
[  316.804123][T14754]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  316.804159][T14754]  ? apparmor_capable+0x137/0x1b0
[  316.804185][T14754]  ? bpf_lsm_capable+0x9/0x20
[  316.804211][T14754]  ? security_capable+0x7e/0x2e0
[  316.804248][T14754]  genl_rcv_msg+0x60e/0x790
[  316.804282][T14754]  ? __pfx_genl_rcv_msg+0x10/0x10
[  316.804306][T14754]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  316.804330][T14754]  ? __pfx_nl80211_set_station+0x10/0x10
[  316.804355][T14754]  ? __pfx_nl80211_post_doit+0x10/0x10
[  316.804381][T14754]  ? __asan_memcpy+0x40/0x70
[  316.804408][T14754]  ? __pfx_ref_tracker_free+0x10/0x10
[  316.804444][T14754]  netlink_rcv_skb+0x208/0x470
[  316.804463][T14754]  ? __lock_acquire+0xab9/0xd20
[  316.804484][T14754]  ? __pfx_genl_rcv_msg+0x10/0x10
[  316.804511][T14754]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  316.804553][T14754]  ? down_read+0x1ad/0x2e0
[  316.804577][T14754]  genl_rcv+0x28/0x40
[  316.804601][T14754]  netlink_unicast+0x82f/0x9e0
[  316.804640][T14754]  ? __pfx_netlink_unicast+0x10/0x10
[  316.804673][T14754]  ? netlink_sendmsg+0x642/0xb30
[  316.804692][T14754]  ? skb_put+0x11b/0x210
[  316.804717][T14754]  netlink_sendmsg+0x805/0xb30
[  316.804747][T14754]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.804768][T14754]  ? aa_sock_msg_perm+0xf1/0x1d0
[  316.804795][T14754]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  316.804811][T14754]  ? __pfx_netlink_sendmsg+0x10/0x10
[  316.804828][T14754]  __sock_sendmsg+0x21c/0x270
[  316.804855][T14754]  ____sys_sendmsg+0x505/0x830
[  316.804879][T14754]  ? __pfx_____sys_sendmsg+0x10/0x10
[  316.804906][T14754]  ? import_iovec+0x74/0xa0
[  316.804932][T14754]  ___sys_sendmsg+0x21f/0x2a0
[  316.804953][T14754]  ? __pfx____sys_sendmsg+0x10/0x10
[  316.805008][T14754]  ? __fget_files+0x2a/0x420
[  316.805026][T14754]  ? __fget_files+0x3a0/0x420
[  316.805055][T14754]  __x64_sys_sendmsg+0x19b/0x260
[  316.805078][T14754]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  316.805110][T14754]  ? __pfx_ksys_write+0x10/0x10
[  316.805140][T14754]  ? do_syscall_64+0xbe/0xfa0
[  316.805169][T14754]  do_syscall_64+0xfa/0xfa0
[  316.805193][T14754]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.805218][T14754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.805236][T14754]  ? clear_bhb_loop+0x60/0xb0
[  316.805261][T14754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.805278][T14754] RIP: 0033:0x7fa01538f6c9
[  316.805295][T14754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.805310][T14754] RSP: 002b:00007fa016277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  316.805331][T14754] RAX: ffffffffffffffda RBX: 00007fa0155e5fa0 RCX: 00007fa01538f6c9
[  316.805344][T14754] RDX: 0000000020000000 RSI: 0000200000002500 RDI: 0000000000000003
[  316.805356][T14754] RBP: 00007fa016277090 R08: 0000000000000000 R09: 0000000000000000
[  316.805369][T14754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.805381][T14754] R13: 00007fa0155e6038 R14: 00007fa0155e5fa0 R15: 00007ffe1df5fc88
[  316.805416][T14754]  </TASK>
[  317.388003][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  317.398111][T14763] xt_recent: Unsupported userspace flags (000000b1)
[  317.398487][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.411470][T14763] __nla_validate_parse: 10 callbacks suppressed
[  317.411492][T14763] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3110'.
[  317.885075][T14782] IPv6: addrconf: prefix option has invalid lifetime
[  318.094531][ T5844] Bluetooth: hci0: command tx timeout
[  318.153991][T14787] FAULT_INJECTION: forcing a failure.
[  318.153991][T14787] name failslab, interval 1, probability 0, space 0, times 0
[  318.225661][T14787] CPU: 1 UID: 0 PID: 14787 Comm: syz.3.3117 Not tainted syzkaller #0 PREEMPT(full) 
[  318.225691][T14787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  318.225704][T14787] Call Trace:
[  318.225713][T14787]  <TASK>
[  318.225723][T14787]  dump_stack_lvl+0x189/0x250
[  318.225758][T14787]  ? __pfx____ratelimit+0x10/0x10
[  318.225787][T14787]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.225816][T14787]  ? __pfx__printk+0x10/0x10
[  318.225845][T14787]  ? __pfx___might_resched+0x10/0x10
[  318.225875][T14787]  should_fail_ex+0x414/0x560
[  318.225913][T14787]  should_failslab+0xa8/0x100
[  318.225938][T14787]  kmem_cache_alloc_node_noprof+0x77/0x710
[  318.225970][T14787]  ? __alloc_skb+0x112/0x2d0
[  318.225997][T14787]  __alloc_skb+0x112/0x2d0
[  318.226021][T14787]  netlink_ack+0x146/0xa50
[  318.226051][T14787]  ? __pfx_genl_rcv_msg+0x10/0x10
[  318.226076][T14787]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  318.226100][T14787]  ? __pfx_nl80211_post_doit+0x10/0x10
[  318.226125][T14787]  ? __asan_memcpy+0x40/0x70
[  318.226152][T14787]  ? __pfx_ref_tracker_free+0x10/0x10
[  318.226182][T14787]  netlink_rcv_skb+0x28c/0x470
[  318.226200][T14787]  ? __lock_acquire+0xab9/0xd20
[  318.226222][T14787]  ? __pfx_genl_rcv_msg+0x10/0x10
[  318.226251][T14787]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  318.226294][T14787]  ? down_read+0x1ad/0x2e0
[  318.226318][T14787]  genl_rcv+0x28/0x40
[  318.226340][T14787]  netlink_unicast+0x82f/0x9e0
[  318.226382][T14787]  ? __pfx_netlink_unicast+0x10/0x10
[  318.226415][T14787]  ? netlink_sendmsg+0x642/0xb30
[  318.226434][T14787]  ? skb_put+0x11b/0x210
[  318.226459][T14787]  netlink_sendmsg+0x805/0xb30
[  318.226492][T14787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.226517][T14787]  ? aa_sock_msg_perm+0xf1/0x1d0
[  318.226560][T14787]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  318.226581][T14787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.226604][T14787]  __sock_sendmsg+0x21c/0x270
[  318.226636][T14787]  ____sys_sendmsg+0x505/0x830
[  318.226667][T14787]  ? __pfx_____sys_sendmsg+0x10/0x10
[  318.226703][T14787]  ? import_iovec+0x74/0xa0
[  318.226734][T14787]  ___sys_sendmsg+0x21f/0x2a0
[  318.226760][T14787]  ? __pfx____sys_sendmsg+0x10/0x10
[  318.226827][T14787]  ? __fget_files+0x2a/0x420
[  318.226847][T14787]  ? __fget_files+0x3a0/0x420
[  318.226880][T14787]  __x64_sys_sendmsg+0x19b/0x260
[  318.226907][T14787]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  318.226941][T14787]  ? __pfx_ksys_write+0x10/0x10
[  318.226975][T14787]  ? do_syscall_64+0xbe/0xfa0
[  318.227009][T14787]  do_syscall_64+0xfa/0xfa0
[  318.227037][T14787]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.227067][T14787]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.227088][T14787]  ? clear_bhb_loop+0x60/0xb0
[  318.227114][T14787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.227135][T14787] RIP: 0033:0x7fa01538f6c9
[  318.227154][T14787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.227173][T14787] RSP: 002b:00007fa016277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  318.227195][T14787] RAX: ffffffffffffffda RBX: 00007fa0155e5fa0 RCX: 00007fa01538f6c9
[  318.227210][T14787] RDX: 0000000020000000 RSI: 0000200000002500 RDI: 0000000000000003
[  318.227224][T14787] RBP: 00007fa016277090 R08: 0000000000000000 R09: 0000000000000000
[  318.227236][T14787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.227250][T14787] R13: 00007fa0155e6038 R14: 00007fa0155e5fa0 R15: 00007ffe1df5fc88
[  318.227285][T14787]  </TASK>
[  318.229437][T14713] chnl_net:caif_netlink_parms(): no params data found
[  318.233774][T14796] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  318.416295][T14790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3116'.
[  318.567425][T14785] syzkaller0: entered promiscuous mode
[  318.669902][T14807] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3120'.
[  318.679507][T14785] syzkaller0: entered allmulticast mode
[  318.705917][   T36] bridge_slave_1: left allmulticast mode
[  318.722051][   T36] bridge_slave_1: left promiscuous mode
[  318.738050][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.757511][   T36] bridge_slave_0: left allmulticast mode
[  318.766106][   T36] bridge_slave_0: left promiscuous mode
[  318.772964][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.192040][   T36] vlan0 (unregistering): left allmulticast mode
[  319.209197][   T36] erspan0 (unregistering): left allmulticast mode
[  319.217476][   T36] vlan0 (unregistering): left promiscuous mode
[  319.224366][   T36] erspan0 (unregistering): left promiscuous mode
[  319.487824][   T36] team0: Port device bridge1 removed
[  319.780921][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.790375][   T36] bond_slave_0: left promiscuous mode
[  319.799162][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.808539][   T36] bond_slave_1: left promiscuous mode
[  319.816187][   T36] bond0 (unregistering): Released all slaves
[  319.924513][   T36] bond1 (unregistering): Released all slaves
[  319.960039][T14818] Bluetooth: hci2: Opcode 0x0401 failed: -4
[  320.121993][T14837] netlink: 'syz.2.3124': attribute type 22 has an invalid length.
[  320.179948][ T5844] Bluetooth: hci0: command tx timeout
[  320.583719][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  321.224730][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  321.631068][T14824] netlink: 'syz.1.3122': attribute type 1 has an invalid length.
[  321.639387][T14824] netlink: 'syz.1.3122': attribute type 1 has an invalid length.
[  321.656929][   T36] tipc: Left network mode
[  321.705477][   T36] IPVS: stopping backup sync thread 8332 ...
[  321.801113][T14713] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.857241][T14713] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.874016][T14713] bridge_slave_0: entered allmulticast mode
[  321.890581][T14713] bridge_slave_0: entered promiscuous mode
[  321.944039][T14713] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.951242][T14713] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.960604][T14713] bridge_slave_1: entered allmulticast mode
[  321.970801][T14713] bridge_slave_1: entered promiscuous mode
[  322.159930][T14713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.217387][T14713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  322.253576][ T5844] Bluetooth: hci0: command tx timeout
[  322.354387][T14862] netlink: 'syz.3.3136': attribute type 1 has an invalid length.
[  322.429808][T14713] team0: Port device team_slave_0 added
[  322.472013][T14713] team0: Port device team_slave_1 added
[  322.472253][T14862] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3136'.
[  322.508158][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  322.580876][T14867] netlink: 'syz.2.3137': attribute type 5 has an invalid length.
[  322.607071][T14876] netlink: 'syz.4.3139': attribute type 2 has an invalid length.
[  322.615186][T14876] netlink: 'syz.4.3139': attribute type 8 has an invalid length.
[  322.622955][T14876] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3139'.
[  322.880437][T14713] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.902160][T14713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  322.930926][T14884] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3142'.
[  322.940600][T14713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.953409][T14886] FAULT_INJECTION: forcing a failure.
[  322.953409][T14886] name failslab, interval 1, probability 0, space 0, times 0
[  322.995710][T14886] CPU: 1 UID: 0 PID: 14886 Comm: syz.4.3143 Not tainted syzkaller #0 PREEMPT(full) 
[  322.995740][T14886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  322.995755][T14886] Call Trace:
[  322.995764][T14886]  <TASK>
[  322.995774][T14886]  dump_stack_lvl+0x189/0x250
[  322.995810][T14886]  ? __pfx____ratelimit+0x10/0x10
[  322.995839][T14886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.995877][T14886]  ? __pfx__printk+0x10/0x10
[  322.995895][T14886]  ? netlink_sendmsg+0x805/0xb30
[  322.995918][T14886]  ? __x64_sys_sendmsg+0x19b/0x260
[  322.995940][T14886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.995972][T14886]  should_fail_ex+0x414/0x560
[  322.996011][T14886]  should_failslab+0xa8/0x100
[  322.996035][T14886]  kmem_cache_alloc_noprof+0x74/0x6e0
[  322.996066][T14886]  ? skb_clone+0x212/0x3a0
[  322.996096][T14886]  skb_clone+0x212/0x3a0
[  322.996125][T14886]  __netlink_deliver_tap+0x404/0x850
[  322.996161][T14886]  ? netlink_deliver_tap+0x2e/0x1b0
[  322.996184][T14886]  netlink_deliver_tap+0x19c/0x1b0
[  322.996207][T14886]  netlink_sendskb+0x68/0x140
[  322.996240][T14886]  netlink_unicast+0x397/0x9e0
[  322.996267][T14886]  ? __asan_memcpy+0x40/0x70
[  322.996304][T14886]  ? __pfx_netlink_unicast+0x10/0x10
[  322.996346][T14886]  netlink_rcv_skb+0x28c/0x470
[  322.996364][T14886]  ? __lock_acquire+0xab9/0xd20
[  322.996386][T14886]  ? __pfx_genl_rcv_msg+0x10/0x10
[  322.996415][T14886]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  322.996458][T14886]  ? down_read+0x1ad/0x2e0
[  322.996482][T14886]  genl_rcv+0x28/0x40
[  322.996506][T14886]  netlink_unicast+0x82f/0x9e0
[  322.996546][T14886]  ? __pfx_netlink_unicast+0x10/0x10
[  322.996579][T14886]  ? netlink_sendmsg+0x642/0xb30
[  322.996598][T14886]  ? skb_put+0x11b/0x210
[  322.996622][T14886]  netlink_sendmsg+0x805/0xb30
[  322.996655][T14886]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.996681][T14886]  ? aa_sock_msg_perm+0xf1/0x1d0
[  322.996721][T14886]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  322.996742][T14886]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.996765][T14886]  __sock_sendmsg+0x21c/0x270
[  322.996798][T14886]  ____sys_sendmsg+0x505/0x830
[  322.996828][T14886]  ? __pfx_____sys_sendmsg+0x10/0x10
[  322.996871][T14886]  ? import_iovec+0x74/0xa0
[  322.996904][T14886]  ___sys_sendmsg+0x21f/0x2a0
[  322.996930][T14886]  ? __pfx____sys_sendmsg+0x10/0x10
[  322.996996][T14886]  ? __fget_files+0x2a/0x420
[  322.997016][T14886]  ? __fget_files+0x3a0/0x420
[  322.997048][T14886]  __x64_sys_sendmsg+0x19b/0x260
[  322.997075][T14886]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  322.997110][T14886]  ? __pfx_ksys_write+0x10/0x10
[  322.997145][T14886]  ? do_syscall_64+0xbe/0xfa0
[  322.997181][T14886]  do_syscall_64+0xfa/0xfa0
[  322.997209][T14886]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.997238][T14886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.997258][T14886]  ? clear_bhb_loop+0x60/0xb0
[  322.997285][T14886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.997305][T14886] RIP: 0033:0x7f17aa58f6c9
[  322.997325][T14886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.997344][T14886] RSP: 002b:00007f17ab46b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  322.997367][T14886] RAX: ffffffffffffffda RBX: 00007f17aa7e5fa0 RCX: 00007f17aa58f6c9
[  322.997384][T14886] RDX: 0000000020000000 RSI: 0000200000002500 RDI: 0000000000000003
[  322.997397][T14886] RBP: 00007f17ab46b090 R08: 0000000000000000 R09: 0000000000000000
[  322.997411][T14886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.997424][T14886] R13: 00007f17aa7e6038 R14: 00007f17aa7e5fa0 R15: 00007ffce3bb37f8
[  322.997461][T14886]  </TASK>
[  323.443916][T14713] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.451015][T14713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  323.455526][T14892] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  323.508087][T14713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.721121][ T9413] wlan0 speed is unknown, defaulting to 1000
[  323.729175][ T9413] infiniband syz0: ib_query_port failed (-19)
[  323.788464][T14713] hsr_slave_0: entered promiscuous mode
[  323.796593][T14713] hsr_slave_1: entered promiscuous mode
[  323.803624][T14713] debugfs: 'hsr0' already exists in 'hsr'
[  323.824891][T14713] Cannot create hsr debugfs directory
[  323.901989][T14908] IPv6: addrconf: prefix option has invalid lifetime
[  323.966474][   T36] hsr_slave_0: left promiscuous mode
[  323.977951][   T36] hsr_slave_1: left promiscuous mode
[  323.985465][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  324.002213][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  324.013984][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  324.022656][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  324.069400][   T36] veth1_macvtap: left promiscuous mode
[  324.075904][   T36] veth0_macvtap: left promiscuous mode
[  324.333634][ T5844] Bluetooth: hci0: command tx timeout
[  324.487861][T14928] IPv6: addrconf: prefix option has invalid lifetime
[  324.544597][   T36] team0 (unregistering): Port device team_slave_1 removed
[  324.590737][   T36] team0 (unregistering): Port device team_slave_0 removed
[  324.921882][T14915] syzkaller0: entered promiscuous mode
[  324.928030][T14915] syzkaller0: entered allmulticast mode
[  324.936882][T14930] FAULT_INJECTION: forcing a failure.
[  324.936882][T14930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  324.950359][T14930] CPU: 1 UID: 0 PID: 14930 Comm: syz.2.3158 Not tainted syzkaller #0 PREEMPT(full) 
[  324.950384][T14930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  324.950395][T14930] Call Trace:
[  324.950403][T14930]  <TASK>
[  324.950411][T14930]  dump_stack_lvl+0x189/0x250
[  324.950440][T14930]  ? __pfx____ratelimit+0x10/0x10
[  324.950464][T14930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.950490][T14930]  ? __pfx__printk+0x10/0x10
[  324.950520][T14930]  should_fail_ex+0x414/0x560
[  324.950549][T14930]  _copy_to_user+0x31/0xb0
[  324.950572][T14930]  simple_read_from_buffer+0xe1/0x170
[  324.950604][T14930]  proc_fail_nth_read+0x1b3/0x220
[  324.950635][T14930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.950665][T14930]  ? rw_verify_area+0x2a6/0x4d0
[  324.950701][T14930]  ? __lock_acquire+0xab9/0xd20
[  324.950720][T14930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  324.950748][T14930]  vfs_read+0x200/0xa30
[  324.950775][T14930]  ? fdget_pos+0x247/0x320
[  324.950817][T14930]  ? __pfx___mutex_lock+0x10/0x10
[  324.950861][T14930]  ? __pfx_vfs_read+0x10/0x10
[  324.950892][T14930]  ? __fget_files+0x2a/0x420
[  324.950916][T14930]  ? __fget_files+0x3a0/0x420
[  324.950934][T14930]  ? __fget_files+0x2a/0x420
[  324.950965][T14930]  ksys_read+0x145/0x250
[  324.950996][T14930]  ? __pfx_ksys_read+0x10/0x10
[  324.951028][T14930]  ? do_syscall_64+0xbe/0xfa0
[  324.951062][T14930]  do_syscall_64+0xfa/0xfa0
[  324.951089][T14930]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.951118][T14930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.951139][T14930]  ? clear_bhb_loop+0x60/0xb0
[  324.951163][T14930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.951183][T14930] RIP: 0033:0x7ff28018e0dc
[  324.951202][T14930] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  324.951220][T14930] RSP: 002b:00007ff280f72030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  324.951260][T14930] RAX: ffffffffffffffda RBX: 00007ff2803e5fa0 RCX: 00007ff28018e0dc
[  324.951275][T14930] RDX: 000000000000000f RSI: 00007ff280f720a0 RDI: 0000000000000005
[  324.951287][T14930] RBP: 00007ff280f72090 R08: 0000000000000000 R09: 0000000000000000
[  324.951299][T14930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  324.951311][T14930] R13: 00007ff2803e6038 R14: 00007ff2803e5fa0 R15: 00007ffcec4d7028
[  324.951347][T14930]  </TASK>
[  325.357597][T14937] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  325.497884][T14945] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3163'.
[  325.510773][T14942] netlink: 'syz.1.3162': attribute type 21 has an invalid length.
[  325.656564][T14942] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3162'.
[  325.836865][T14962] netlink: 'syz.1.3167': attribute type 2 has an invalid length.
[  325.944338][T14969] netlink: 276 bytes leftover after parsing attributes in process `syz.1.3170'.
[  326.046356][   T36] IPVS: stop unused estimator thread 0...
[  326.198553][T14980] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  326.214616][T14980] syzkaller0: entered promiscuous mode
[  326.223710][T14980] syzkaller0: entered allmulticast mode
[  326.238098][   T36] bridge_slave_1: left allmulticast mode
[  326.244945][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.267496][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.277423][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3179'.
[  326.333345][   T36] team0: Port device ip6gretap2 removed
[  326.354223][T14993] netlink: 'syz.4.3176': attribute type 6 has an invalid length.
[  326.881846][T15010] netlink: 'syz.2.3180': attribute type 32 has an invalid length.
[  327.081962][   T36] ` (unregistering): (slave bond_slave_0): Releasing backup interface
[  327.093111][   T36] ` (unregistering): (slave bond_slave_1): Releasing backup interface
[  327.108798][   T36] ` (unregistering): (slave dummy0): Releasing backup interface
[  327.119171][   T36] ` (unregistering): Released all slaves
[  327.136939][   T36] bond1 (unregistering): Released all slaves
[  327.158759][   T36] bond2 (unregistering): Released all slaves
[  327.162497][T15017] IPv6: addrconf: prefix option has invalid lifetime
[  327.182311][   T36] bond3 (unregistering): Released all slaves
[  327.207659][   T36] bond0 (unregistering): Released all slaves
[  327.236579][T15019] sctp: [Deprecated]: syz.2.3183 (pid 15019) Use of struct sctp_assoc_value in delayed_ack socket option.
[  327.236579][T15019] Use struct sctp_sack_info instead
[  327.290025][T14999] tipc: Resetting bearer <eth:syzkaller0>
[  327.307574][T14979] tipc: Resetting bearer <eth:syzkaller0>
[  327.365663][T15023] netlink: 596 bytes leftover after parsing attributes in process `syz.2.3183'.
[  327.377737][T14979] tipc: Disabling bearer <eth:syzkaller0>
[  327.421308][T15019] netlink: 'syz.2.3183': attribute type 29 has an invalid length.
[  327.432673][T15020] netlink: 'syz.2.3183': attribute type 29 has an invalid length.
[  327.545168][T14713] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  327.565848][T14713] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  327.588039][T15030] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3187'.
[  327.594675][T14713] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  327.636837][T14713] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  327.846933][T14713] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.897299][T14713] 8021q: adding VLAN 0 to HW filter on device team0
[  327.912564][T11683] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.919828][T11683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  327.958041][T11683] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.965354][T11683] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.149761][T14713] 8021q: adding VLAN 0 to HW filter on device batadv0
[  328.240412][T14713] veth0_vlan: entered promiscuous mode
[  328.275114][T14713] veth1_vlan: entered promiscuous mode
[  328.323259][T15065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3195'.
[  328.356883][T14713] veth0_macvtap: entered promiscuous mode
[  328.369120][T14713] veth1_macvtap: entered promiscuous mode
[  328.379523][T15066] �
: renamed from veth1_vlan (while UP)
[  328.458077][T14713] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.492103][T15066] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3194'.
[  328.508435][T14713] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.559198][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.589602][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.646051][T15088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3197'.
[  328.749447][T15077] syzkaller0: entered promiscuous mode
[  328.755147][T15077] syzkaller0: entered allmulticast mode
[  328.762272][   T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.775749][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.890102][   T36] : left promiscuous mode
[  329.002420][   T36] tipc: Left network mode
[  329.033575][T10708] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.041471][T10708] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.068097][   T36] IPVS: stopping backup sync thread 11185 ...
[  329.361072][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.371029][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.513167][   T36] ------------[ cut here ]------------
[  329.518931][   T36] Have pending ack frames!
[  329.530304][   T36] WARNING: CPU: 1 PID: 36 at net/mac80211/main.c:1713 ieee80211_free_ack_frame+0x4d/0x60
[  329.540613][   T36] Modules linked in:
[  329.544823][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  329.554198][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  329.564360][   T36] Workqueue: netns cleanup_net
[  329.569165][   T36] RIP: 0010:ieee80211_free_ack_frame+0x4d/0x60
[  329.575439][   T36] Code: 00 00 e8 46 b9 6b fe 31 c0 5b c3 cc cc cc cc cc e8 98 f8 0b f7 c6 05 9a 00 b3 04 01 90 48 c7 c7 60 2c 89 8c e8 64 14 cf f6 90 <0f> 0b 90 90 eb c8 cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90
[  329.595420][   T36] RSP: 0018:ffffc90000ac7590 EFLAGS: 00010246
[  329.601530][   T36] RAX: ab7c4ebeff486500 RBX: ffff8880785c6000 RCX: ffff8881432e9e40
[  329.609780][   T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  329.618209][   T36] RBP: ffffc90000ac7698 R08: 0000000000000003 R09: 0000000000000004
[  329.626647][   T36] R10: dffffc0000000000 R11: fffffbfff1bba684 R12: ffffc90000ac7600
[  329.634753][   T36] R13: ffff888056713730 R14: ffff88807e292ff8 R15: 0000000000000001
[  329.642761][   T36] FS:  0000000000000000(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000
[  329.651768][   T36] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  329.658651][   T36] CR2: 0000200000000040 CR3: 000000000dd38000 CR4: 00000000003526f0
[  329.666807][   T36] Call Trace:
[  329.670111][   T36]  <TASK>
[  329.673076][   T36]  idr_for_each+0x1b5/0x290
[  329.677687][   T36]  ? kasan_quarantine_put+0xdd/0x220
[  329.683027][   T36]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  329.689187][   T36]  ? __pfx_idr_for_each+0x10/0x10
[  329.694755][   T36]  ? kfree+0x19a/0x6d0
[  329.698888][   T36]  ieee80211_free_hw+0x44/0x3d0
[  329.703841][   T36]  mac80211_hwsim_del_radio+0x2de/0x460
[  329.709424][   T36]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  329.715582][   T36]  hwsim_exit_net+0xef4/0xfb0
[  329.720284][   T36]  ? hwsim_exit_net+0x333/0xfb0
[  329.725224][   T36]  ? __pfx_hwsim_exit_net+0x10/0x10
[  329.730448][   T36]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  329.736364][   T36]  ops_undo_list+0x49a/0x990
[  329.740979][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[  329.746218][   T36]  ? do_raw_spin_unlock+0x122/0x240
[  329.751471][   T36]  cleanup_net+0x4d8/0x820
[  329.756005][   T36]  ? __pfx_cleanup_net+0x10/0x10
[  329.760982][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  329.766261][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  329.771991][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  329.777764][   T36]  process_scheduled_works+0xae1/0x17b0
[  329.783379][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  329.789445][   T36]  worker_thread+0x8a0/0xda0
[  329.794145][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  329.800536][   T36]  ? __kthread_parkme+0x7b/0x200
[  329.805596][   T36]  kthread+0x711/0x8a0
[  329.809710][   T36]  ? __pfx_worker_thread+0x10/0x10
[  329.814930][   T36]  ? __pfx_kthread+0x10/0x10
[  329.819557][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  329.824842][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  329.830060][   T36]  ? __pfx_kthread+0x10/0x10
[  329.834733][   T36]  ret_from_fork+0x4bc/0x870
[  329.839348][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  329.844505][   T36]  ? __switch_to_asm+0x39/0x70
[  329.849284][   T36]  ? __switch_to_asm+0x33/0x70
[  329.854465][   T36]  ? __pfx_kthread+0x10/0x10
[  329.859107][   T36]  ret_from_fork_asm+0x1a/0x30
[  329.864054][   T36]  </TASK>
[  329.867118][   T36] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  329.874428][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  329.883734][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  329.893801][   T36] Workqueue: netns cleanup_net
[  329.898590][   T36] Call Trace:
[  329.901904][   T36]  <TASK>
[  329.904846][   T36]  dump_stack_lvl+0x99/0x250
[  329.909447][   T36]  ? __asan_memcpy+0x40/0x70
[  329.914055][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.919268][   T36]  ? __pfx__printk+0x10/0x10
[  329.923902][   T36]  vpanic+0x237/0x6d0
[  329.927912][   T36]  ? __pfx_vpanic+0x10/0x10
[  329.932440][   T36]  panic+0xb9/0xc0
[  329.936177][   T36]  ? __pfx_panic+0x10/0x10
[  329.940619][   T36]  __warn+0x31b/0x4b0
[  329.944613][   T36]  ? ieee80211_free_ack_frame+0x4d/0x60
[  329.950175][   T36]  ? ieee80211_free_ack_frame+0x4d/0x60
[  329.955742][   T36]  report_bug+0x2be/0x4f0
[  329.960091][   T36]  ? ieee80211_free_ack_frame+0x4d/0x60
[  329.965652][   T36]  ? ieee80211_free_ack_frame+0x4d/0x60
[  329.971205][   T36]  ? ieee80211_free_ack_frame+0x4f/0x60
[  329.976759][   T36]  handle_bug+0x84/0x160
[  329.981015][   T36]  exc_invalid_op+0x1a/0x50
[  329.985532][   T36]  asm_exc_invalid_op+0x1a/0x20
[  329.990386][   T36] RIP: 0010:ieee80211_free_ack_frame+0x4d/0x60
[  329.996549][   T36] Code: 00 00 e8 46 b9 6b fe 31 c0 5b c3 cc cc cc cc cc e8 98 f8 0b f7 c6 05 9a 00 b3 04 01 90 48 c7 c7 60 2c 89 8c e8 64 14 cf f6 90 <0f> 0b 90 90 eb c8 cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90
[  330.016158][   T36] RSP: 0018:ffffc90000ac7590 EFLAGS: 00010246
[  330.022231][   T36] RAX: ab7c4ebeff486500 RBX: ffff8880785c6000 RCX: ffff8881432e9e40
[  330.030212][   T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  330.038186][   T36] RBP: ffffc90000ac7698 R08: 0000000000000003 R09: 0000000000000004
[  330.046161][   T36] R10: dffffc0000000000 R11: fffffbfff1bba684 R12: ffffc90000ac7600
[  330.054140][   T36] R13: ffff888056713730 R14: ffff88807e292ff8 R15: 0000000000000001
[  330.062141][   T36]  idr_for_each+0x1b5/0x290
[  330.066666][   T36]  ? kasan_quarantine_put+0xdd/0x220
[  330.071970][   T36]  ? __pfx_ieee80211_free_ack_frame+0x10/0x10
[  330.078050][   T36]  ? __pfx_idr_for_each+0x10/0x10
[  330.083093][   T36]  ? kfree+0x19a/0x6d0
[  330.087179][   T36]  ieee80211_free_hw+0x44/0x3d0
[  330.092054][   T36]  mac80211_hwsim_del_radio+0x2de/0x460
[  330.097616][   T36]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  330.103697][   T36]  hwsim_exit_net+0xef4/0xfb0
[  330.108394][   T36]  ? hwsim_exit_net+0x333/0xfb0
[  330.113258][   T36]  ? __pfx_hwsim_exit_net+0x10/0x10
[  330.118503][   T36]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  330.124669][   T36]  ops_undo_list+0x49a/0x990
[  330.129270][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[  330.134405][   T36]  ? do_raw_spin_unlock+0x122/0x240
[  330.139622][   T36]  cleanup_net+0x4d8/0x820
[  330.144044][   T36]  ? __pfx_cleanup_net+0x10/0x10
[  330.148985][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  330.154190][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  330.159983][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[  330.165729][   T36]  process_scheduled_works+0xae1/0x17b0
[  330.171319][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[  330.177332][   T36]  worker_thread+0x8a0/0xda0
[  330.181939][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  330.188289][   T36]  ? __kthread_parkme+0x7b/0x200
[  330.193251][   T36]  kthread+0x711/0x8a0
[  330.197338][   T36]  ? __pfx_worker_thread+0x10/0x10
[  330.202464][   T36]  ? __pfx_kthread+0x10/0x10
[  330.207064][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  330.212296][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  330.217507][   T36]  ? __pfx_kthread+0x10/0x10
[  330.222119][   T36]  ret_from_fork+0x4bc/0x870
[  330.226729][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  330.231863][   T36]  ? __switch_to_asm+0x39/0x70
[  330.236632][   T36]  ? __switch_to_asm+0x33/0x70
[  330.241542][   T36]  ? __pfx_kthread+0x10/0x10
[  330.246149][   T36]  ret_from_fork_asm+0x1a/0x30
[  330.250937][   T36]  </TASK>
[  330.254326][   T36] Kernel Offset: disabled
[  330.258654][   T36] Rebooting in 86400 seconds..