last executing test programs:

2.455225457s ago: executing program 0 (id=1648):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000011405002dbd7000fbdbdf25080001"], 0x18}}, 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000024f5638c074706e20000000008000140af6a000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c00048028"], 0xdc}}, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x88802, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1100000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="d651ea75a63d242ad20f331225829f14000000040000000000000000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f0000000340), 0x12}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000a80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x38, 0x1407, 0x100, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x38}}, 0x4014004)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@cgroup, 0x8, 0x0, 0x0, &(0x7f0000000480)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0], <r9=>0x0}, 0x40)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000600)={'vxcan1\x00', <r10=>0x0})
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x4, &(0x7f0000000640)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r4}, @map_val={0x18, 0x1, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f0000000680)='syzkaller\x00', 0x100, 0x1000, &(0x7f0000002840)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000006c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000700)={0x4, 0xc, 0x3, 0xfffffffc}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000740)=[r3, r3, r4, r4, r4], &(0x7f0000000780)=[{0x5, 0x1, 0x1}, {0x2, 0x2, 0x1}], 0x10, 0x7fffffff}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={@ifindex=r10, r8, 0x7, 0x8, 0x0, @void, @value=r11, @void, @void, r9}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r12=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'gre0\x00', &(0x7f0000000880)={'syztnl2\x00', r12, 0x7800, 0x0, 0x7, 0x8001, {{0x1c, 0x4, 0x0, 0x2, 0x70, 0x68, 0x0, 0xf, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @dev={0xac, 0x14, 0x14, 0x5}, {[@noop, @rr={0x7, 0x17, 0xc5, [@dev={0xac, 0x14, 0x14, 0x33}, @local, @multicast2, @broadcast, @rand_addr=0x64010100]}, @timestamp_addr={0x44, 0x44, 0xf1, 0x1, 0x8, [{@dev={0xac, 0x14, 0x14, 0x28}, 0xfffffffb}, {@rand_addr=0x64010100, 0x7}, {@rand_addr=0x64010102, 0x10001}, {@local, 0x1}, {@loopback, 0x4}, {@remote, 0xfffffff9}, {@multicast2, 0x7}, {@private=0xa010100, 0x3}]}]}}}}})
r13 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[@ANYBLOB="040c000004c7ee7289227cd15baf4af87d706ddd", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r13, 0xa2, &(0x7f00000003c0)={0x0, <r14=>0x0}}, 0x10)
r15 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001040)={r14}, 0xc)
close(r15)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r16=>0x0}, &(0x7f00000002c0)=0xc)
sendmsg$nl_generic(r2, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000b40)=ANY=[@ANYBLOB="7c1300003e00200025bd7000fddbdf2520000000a79ed080e47afc0145be7ca14fe1218106ac2865c2d21bba989eb47cbbe7a04dd4dd16bb3497fff06194f54bef3e0c642c4648cd4d108d682653a41830728d4f7cc3bd1cb172664852a5c6034ac686dac4ce6dc52bb9068a8fb73b0eac1359894971615715e704f6d32ed1b3f427156969c25321e1915ab900df91a64a88f57643dbd6719da794255fb41f19ba16b366b51d65b6182744efb3ccd79313021e80e1009d006fa30c3cd1209e40dc1b8f76d38dc13cd543e6ee4b49d0973f967a794608fadc837da9c899364e2b7c5b2876532b9243431582e022acd4ce17102cef94cd06900ec3c04288a29c7b98bee6da6b80ad96ec6648013ef12c8b1fd1fe9f6530abbcdce03cdedf500f1092aa8e6b5a4bb57571200b0675dd9b045ebe89b1850805e6f08969fdc060ab0197cc9e5852188d02db5d513a6d989ef4eeb250140fbc4637b780fd3a14149f7ca984778fccc77a5029a0407486cccf3db98d34c99c8394450ad6404f13735e76bac410f338a67ec419477ed944b19f8309ae7a9d0f00000008003b00", @ANYRES32=r2, @ANYBLOB="0800280028ffffff04001500568a7b5c7fcc1a58e148038f218c044e8735e455d0e9a7d554fc84dcec42ac4e73c94ce4f6f58a9d43ad286e0a4c4e2db02c96e25607d5dac26bb26c622dee734b216e0364ca7d80d22fe42431a90f7a763c7a2038d58f5b51ca539df45d446f6325f36bc07526d567d26d0d242d058748a73aa79bef4b72793542120aef947c7b055e53def46cb1ef1085e47cb54fc7d1ed3aa3bf242b59eed68701e2b41116e53a2526c670ee4880fd51050246a28668db6d0af0b03dd06822219175e71364bf0ab010ff08004400", @ANYRES32=r7, @ANYBLOB="be6d1cd60b74148777f7007535cd77f76eafa39df2387ff38f3b63534fed460329930569da217e7ae5994a1d154b8d7a8653f58aaa0fe480c6351b21a60804003b8008000900", @ANYRES32=r16, @ANYBLOB="0083cc2f4f67b1e4d6f18cba561615d36f7a7aa7ba0cb7f46640d06bdfce741b362aac70ebbf4e6abfeb076a197d554e30d002d39e59d42a3c69f6dc803df6849bad8c0f1439ec39be5ea1039e555986226de1dbe7a3ebd908f0cfe735cf1366e032c421a890c89180112563b9a008587ae0e1a6e527641f90f8b524c1f28c1e52d69214fb8ca9096217be46e6085b9d826388c6087826c2d56756d4f63e6b56eb1f149130fc6e8f41fc47c8200ef01823be07bdac1c702df0d3828b0e00d4557d4d7ff435aaa93e55bcca5194cdd1cfce5cae678974b0b930964a6cf0551521236cee72631e265bf02c917e446338e1b35d130ac448e27bcd7672ede377aa0427f363b27c7e5e8ebfc6245155b22ff679044822b9cbc331b1f1496d0259a5375f74c802dd9f6187dd0e16246863ab605ee2791f3a38a3456049894b1842ec5f9a7ffeb200353c2a321143b84733aa59b28a20d731833c51043cdf743283798a3032e8571862c324ae984b21b2886c07c325a227469cfc8806a7e68d3627ae2c867f672a4e1fce000fdb6b2f5a0304960ee7520e1a5adf87fecfc9ad576bedd752d22b59b3431be6e601c045aa7e3f4d0bfd35facb562234ff3044c8c57213f25ec64570981a2660dd2ea4eaae2f914a3d91b13effe5baa96f9ac7755cf7e29db9a076743d373a5bc9cdd508d90c2c219637f3656a64945b296824002ee8002a193350a246289c3269137a9c80e9e18426a66d484bc79b74da4d40aba44b3dd9055d850f58d5ec6a397382e52921ced300809e753e319e716f7b1ca195ca9d9f74e57f7c5fdc19a0d72b88ee30e2ef5ab2e18213f06a7df133f2c48d1fbf22e8dc7eb9703fe367134290f6358a4857e905aadaa263cf562a647f042af026a4a2326f958de79506bb740e12000a8c75defc88520684224a0b6905b7eb6d50879f449af6664707949ee69fd26803b0f1104533ad13fc9f1c24d6b6e9f614bee41f80cf1ede8a94e8a3462593fe68cdca8ed3406c2a97fc39b659935265dd3a4de320cfa6accba9ef1cc02de0ad7eb794640041667eec64f910c320a1cc4645621840abc92462d9f4d5587130450f1e0024e921f0fdbeb7568c05ec9f889c553e5fd2a59aa3f2f505f130a49fd578761b0c35b4c40e83098e1d0184df723a3f43f13feff30194658d8e9e01f96004cdab51fd87ef43c44258e61649186b65dbe7174d1693ff924ef83db858431a3f4eb59bed25a1733b021419048cfdf98f307fb65dcdadb741c55734387aa36d8e9b870285ac8fcfc58bda6704fd592a42f6ec105dfa3a533bc04d7c1dacbeff1e17aa3a2a647228e9845898dbc51404eb7d3b21422d8ac675c0c3cbbc22d79b7f80c5a74422f7657a861dee4b2db2ca2517f9500d3b6abb4a66fc4892c4c3ac68e1d15bca72ddc007aa31edec89db38196b8ee7362c9b1ac1084adf1283654c4a86926e1576a5947b850ef4059c39f5b722115eea2f918817e51733bba9d64db72ea07bf083e49a88ad9e758bf81afbcc5a13d5acab290145be6457ebd78cb97f6760d92932555d6628c0b7f6c201274805f8c5844d2a366c6174c1fa90e5995446600dbdbb5fdfc72dc3d38bf903e7667d27bbf97234fa48286d4e8c8772261a5d038037fb43ebe9df36c6b0541b38372c3bfbe70428eeabdf2bb1928dec890d31519ff2e00e2bbdb8b2806ee239ddbe41ff86b9e3d4b10c51989a28d2fb9e4d426740cc1dcfee95cceb284ac04dc8c22323f817dab0defa814292fc5d2dbd579bf5f6d86041eedd9471664e49b030fdf08115f6c1d925c79b49178dbef1dfe90a7bd31ae43f98b9de2d2196fb7a790a2ea6133d34542f2963285419999aa2c382b0e49e57592985519b71c70d0eb3880411c04b9730af4377c95fa36ca598b361be1416132a15663fcf28778ca3d3fee27fa184f257b7365afe1928270710454829e2e6744be8edc2ed79ad991882ef93a532b3585e52d5cd1ff4782ace7b5d81895d70bd81b803d7466fd26cfaac665d4f426f2afdd850776dd4c7a9b52006e37d3883d748ed3003c541fbaaf85164f5499fb585dfa079b6f56ad9b1fc792b74ddecac5a5710b4216a9c2725cb8acfccf9c40e79d411b3ec0124a2ed2ddb634926a9a4a6aa7669d5e8469056886fb344ac53f113b37cae2b118f130c49cf48a72aab7a69eac3aa1f3325dda1c3dd5c242cbe00a5aab5597daae9436e96f9fad0d6ea363499cfb647527482cc64c0b9bdd3be1f0913a48f829a2d358aba77955960dc332957375a7564b6e87ea4be034148f540b22dec1eb01fe1acddd8ed59915095172987d23c454e04b5621dbf3357a6141177fd62cd05f6a92284e7cfb08f0e96b698f2e7ff7342aaec92269bd67056360999bfc777682f31465f257914c6377975c4876300112e6496c8d1fd25ffa80186ad0eb54ea5c5c0d1e1434d98c502065b1465a7ce3d898063dd9962f65330d65fe1559f38226ff724994ce5e7d24d30c05165bef0e9b3b179be2665079e450daecd95565594867ad47ce095a105e39e33ff3e713461ac80714ce90710472ee38f4f1bf61542ba5bf7d8401020c365f9dbd094408145a5f4aa9036591d1ec8edc4e6139450f8da4fd1af89bc5baeb3ac1f60f7f13901e9e877e5bbb767176f579e0d4f1fd3a48cf174da5d8dc97e1563d9804be7cb4bd2b5dc2657e21cffa58ec96c59b135659a679e5004e042e43b456c6ba083b46976beb631386fd4c24f592de648365fc9d3e517922adafc94846d4934af25064790a7bdea32245c9467bc6ccc7cbebeff2a578b9ed917454fe18e76d196fb783c1e7359e96332e03ef7b65eb9663a74ed3101ab3158f6e480b1a194e09959777e9142631e46b2433715bd5bbe2ab6355ebd7a5a2edf2c4984d7c9e5f6bbc55a1bd58225ccce458aeaa4982413a0b8282acb85326ec6157ced34da3ee65fcf1880dfe281c2620fdd1a887373b0e1472d826948e2d86b99a343c76c936f5c7d69393e6aa55a1f3d000702a5bfd3dda61c4a90fcf4c0b4035f92c3e9c089d1f93f06c96a9338b8bab2f63d15098435a46575351523732052b2f2eadbc3623c0ff987d91c330311bd9d15a25b4e7f0f30054e97ab4970a8cec9359f8383851ea2abc47fbb64bb502d1b458ac5207720ced625293d8496d88cb6ac297fe5f49eb8040c04e0b9a85e0c6eeb64f306733464006fe541f841b914c2eed4ad4e51a165aeb6981e94d2cd2e673ab6ba3a54a711c1a6b0d8a289985a797ab08b82e2212ac864c354432c2b052cf1855d76f3ac0a6a1fdba763691a660a8df1ffad89ba6ef6b2aa2e62cbd1bd69acc493bb938698f28878037bcda84ae22b4a48c5d86ed231e033e307083e7338e851753a28c5b211f0b413e685efc142e3a635a5fe441107c9ca0149dec8c54b8d765239db80e63bfa62c042d348d87e18f018e69dc4b6ea0a69e0a559cd3d707bdfafc2d6f78d07d3d7abcbbdbf6c6c51c1c2bc46714831ee370e90042810e5398c3e90d2a5f24738b6f396c2491aac30a963456b5eeb19a8da0663db79f48c5b3bf2ec3fa6d41d9e74a331bd89a0f0aa31d15ea7f6e8ce762d9c7231b18ed7114802949688002e819cafb0beacc9c3eba800eeea7aad58524e6ec3d4aef5eee1371d57fea1df2af3bb4ef21d4371540d80fc2f0def244689933491c79bfaa4014450b913c32e5b27b35560bbc2b53d1a4d587455ecfd1784cadc22c280eb82f7e8a506ef8fa431ee5b8e12e63587f70fb1376cf5ee1fcde772d9dfb4ca7aace77cca4945b76c3bd24efd700ff445b28068b43998ab98671adde383a5e226f2068b63c9c8e4f13853534cb811f3708137e8731e1e5360c6463e7c05ebfac0746ef6819599ec8d93c1ea2ccf450887a2a8224dc762cbe5f810a3492c4e7dfc11e946b2e87b10c3614fbefe7a832e2ce67737fe55284e9f5cf7baa8a6427b26b593057f506ed7fc376521760d1bff7ac47695cb88b33934c4ae3d016b00ebc80f4eb1c8770fb850d3818fd2049b6164a118601d11f6b6a6ec2fd474f75129b15db900866f6471ef942ccb8b764bdb5de979af93a25a7972e5f44548272dea29f0f4d588ac1b67aea4c75d6c65bb1df96632826a88281a5708f4439fba3dec62797d6d282a1800593ea88fd542f91bd4089de7295303b3ae1ee601b1c841cd5df177142448bf319e20df1e58b02bf0c4513d4f513c379b15d26c375b55f7842b58d2ad229ce3d165507a592402f5ac3da41aa49c80daabf4565ec3330a980a531518fb5c29484907e05bd1e61c7426fb1401022d4fac31facecb2f645847c19ea7c626f9d44db6557333a2866566afe8787756c1c5c2b709eb6e74b27b352be5b451b4269d2da5806d7aa1d3c3b51b98f8b8b1f733d5fbd1f9ae88f3ae7d90edc0dc0b4d5cb7cbd44460d2053180f11a5b8e8a5f2e664d4065c1c93dbc27d9b36f317b442a2b5ba8f382a4f506d4f7ae1598f4c37227c9bf01f235204114b00cda9d50da692a08454ac34236bcfdaf406ff9799c351a3d46e3d2dd209ddef4bfd64deea03d16320fd6d23c616d8af60b783fcf887a35bd4822ebbb411b311772bc39e35641cbdccc042dfa49428b7e7c3b0a0a19188a029e4dc25339d9cc70582420e4ede13847e7c7a55b3343ffddbdd47dcd34f4d5e0b022bd3e548bff9b1901a065cbf5349e6a4e2217e8754cb742d68f39451828ad7c9cb1b0a771602624576ff8eb5ab24f4acad59b44f883bdcd8ed69e7c8869139e9110c3cd2240b12c823f6b9a7243995c21b7ad0277dca97664f7db6176aa5727cbfe087848ada7a6ae610ddbcd066284a58738d659bca29e2904fd03f7635f1f5630830ff6f29c06fcc6606bd22a789d4191c539bca27852243bbb62d120d0f4741e383987e6af0cf97080e901a709d173ae5d536b793bdd3985e090fbb78918041b1a648e58b3e6ff4dc87ca4e1e462107f5821fc382a7da53fa46b7e5b22e4c148ccb4872eedf7faa932353218e44147dc989632f5a178f60b4a37f195e666cdc8572374105dcf34e8a215f4267301904016ef807cc4ec5651f1a103904a70d7857d6cdffa77101583b2d529e98efef7f5d6b29d1d9dca3efb0b79c606a6a6a98e09a6dc02d7d2e68a33c7c4d170f3f963f6e042483cc62d846cba47a43e6727501c0549387b503d8bf1b0ae2c00cb5b6d856edef8951f1e0422d39d840f4df3193ab30c84a256efde2b9b319de4cd9af80446c5128a95bfaebd9441cefc714bc98474b74c90392f3088171a9cf4145546246aba78010b9a83d0ae4f4ee76f933cec1a7b452cab0eb4c90abc565f7c9aa81121388506c87ff3103ba36ea1e55446a09a35ac44041bf51a0e9687a06ca8047e89b2366e5cf17346684f705fc71324fd367426b477c5e4ac884e23a5bc390929c5ae6b1cd50f04701c4ab16e96ed4b81312097ee812639a7326ddf5d4e9ed1cebff85e76b31a1f9dcb602c88dbc14b2eb07f0d76c2eb23e8edb10ded6e4c04c24da5b9c0ab50b3be289ca58292b038b882e0de623d66925062efe50e8c893f399151007b51e076d109d85ba99d7d0b15f6ce051dec8f16f07d85edcfda238e5d3337c952302d8d5bb304443c76dd5ec62687773e0dd52a4830d8da2a1d29f8cbfc5060c2f5310a91fec271c4bf135dbf6c17611faf6ca85e9db5b2d28df7cb1345d71de355b00cb8c16e1c76b6ad1db70813d48b028fe05fe3651c0be2771a7f5c3caefe693fd658ec2e677c158be03e056f614268cd725d471004004700d8536db81d61521b22d78114fd2e137f15456d7e6a4a1594c0cba5268e8fc41e976b8655ede556705c4d54d0e4456dcfb859e161a520856cce355bd9829873bb36a428375e0288f493f2c9b24e10a712d3c62838fea4cab88e583453f33956e51107ac188cc91091d5934cfaf3675aa19253bdb2146ccf5ce89a8fb6842c9478682d343a360e9c39ba60551f85753736d9d43e096fc33d6c9141e58fd41642526e45fe1534cbb1ff800800c900", @ANYRES32=r4, @ANYBLOB="009149"], 0x137c}, 0x1, 0x0, 0x0, 0x4000091}, 0x844)
r17 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r17, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r18=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000004000ffffffff0200000008000300", @ANYRES32=r18, @ANYBLOB="080002002e"], 0x24}, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0)

2.420717089s ago: executing program 1 (id=1649):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000003400)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f00000032c0)={0x20, r2, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x8010) (async, rerun: 32)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x7, 0x6, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xab, &(0x7f0000000240)=[{}], 0x8, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x16, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) (async, rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'erspan0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x7, 0x20, 0x2, 0x2, {{0x28, 0x4, 0x2, 0x3, 0xa0, 0x65, 0x0, 0xb, 0x4, 0x0, @private=0xa010102, @local, {[@cipso={0x86, 0x18, 0x3, [{0x5, 0xb, "3f85e20a41f9b1c2d9"}, {0x1, 0x7, "c4c006461b"}]}, @cipso={0x86, 0x13, 0x3, [{0x6, 0xd, "b3f28eb865172655d51761"}]}, @generic={0x44}, @timestamp={0x44, 0x10, 0xd2, 0x0, 0xa, [0x8, 0x5, 0x69]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x23, 0x8b, [@local, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010102, @remote, @dev={0xac, 0x14, 0x14, 0x29}, @private=0xa010102, @remote]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000600)={'gre0\x00', &(0x7f0000000940)={'syztnl0\x00', <r4=>0x0, 0x10, 0x10, 0x9, 0x7, {{0x5, 0x4, 0x3, 0x1f, 0x14, 0x65, 0x0, 0x6, 0x2f, 0x0, @private=0xa010101, @loopback}}}}) (async)
r5 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async, rerun: 32)
getsockname$packet(r5, &(0x7f00000001c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (rerun: 32)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) (async, rerun: 32)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000000c0)={0x1, 0x200, 0x7}, 0x10) (async, rerun: 32)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000a80)={0x0, @in6={{0xa, 0x4e21, 0xfffffff9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xbdc}}, 0x9, 0x7, 0x0, 0x9, 0x6afc}, &(0x7f0000000b40)=0x98)
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0xfff1, 0xfff3}, {0x6, 0xffe0}, {0x10, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000006c0)={'syztnl0\x00', &(0x7f0000000640)={'ip6tnl0\x00', <r8=>0x0, 0x4, 0x46, 0x3, 0x0, 0x10, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x20, 0x1, 0xad2, 0x2e033b8a}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000740)=0x14) (async, rerun: 64)
r10 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r11 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010000000000000200001d01080008000a00", @ANYRES32=r11, @ANYBLOB='\b\x00\t\x00', @ANYRES32=r12], 0x24}}, 0x0) (async)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000900)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000780)={0x134, r2, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x801}, 0x40) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x37}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) (async, rerun: 32)
r13 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r14 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r13)
sendmsg$TIPC_CMD_ENABLE_BEARER(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async, rerun: 64)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x1c, r14, 0x800, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4081}, 0x80) (async, rerun: 64)
setsockopt$MRT6_DEL_MIF(r10, 0x29, 0xcb, &(0x7f00000005c0)={0x1, 0x1, 0x6, r4, 0x5}, 0xc)

2.267403754s ago: executing program 0 (id=1652):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x200448c0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000100)=0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c844)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001300)=""/4068, 0xfe4}, {&(0x7f00000001c0)=""/172, 0xac}, {&(0x7f0000000100)=""/29, 0x1d}], 0x3}, 0x12100)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24044054)

2.23491747s ago: executing program 1 (id=1653):
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x802)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x268}, 0x8000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) (fail_nth: 34)

2.175078529s ago: executing program 3 (id=1654):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x307, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0xffffffffffffffff}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}], {0x14}}, 0x70}}, 0x0)

1.857647425s ago: executing program 1 (id=1656):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000002c00000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xad}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = syz_open_procfs$namespace(0x0, &(0x7f00000025c0)='ns/cgroup\x00')
preadv(r2, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74) (async)
bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x74)
ioctl$FICLONE(r3, 0x40049409, 0xffffffffffffffff) (async)
ioctl$FICLONE(r3, 0x40049409, 0xffffffffffffffff)
sendmmsg$unix(r3, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000023c0)={r0, 0x58, &(0x7f00000014c0)}, 0x10) (async)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000023c0)={r0, 0x58, &(0x7f00000014c0)}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25017c0000100036800c00020004000f00000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (async)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25017c0000100036800c00020004000f00000000000c000180060006008e"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x70, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x2}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x4}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5c}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x70}}, 0x8000)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r6, &(0x7f0000000ec0)=[{{&(0x7f0000000580)={0xa, 0x4e24, 0x401, @dev={0xfe, 0x80, '\x00', 0x24}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f00000005c0)=[@rthdrdstopts={{0x11, 0x29, 0x37, {0x1}}}], 0x18}}], 0x1, 0x0)

1.851915882s ago: executing program 3 (id=1657):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000d40)=@delchain={0x238, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x204, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1ec, 0x1, [@m_mirred={0x184, 0x11, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0xf1, 0xffffffffffffffff, 0x6}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10001, 0x3, 0x1, 0xe, 0x4}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x5c, 0x7, 0xfff, 0x1}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xe, 0xff000000, 0x8, 0xffff0001, 0xff}, 0x2}}]}, {0xd8, 0x6, "319bb848351b002738b6c4c50b9141bebb58a1fd9f04e35af9c32268b29dfa1c25c9502b51b55eff39526a56fd0f6d8f94d05679ea0836ee4adecfe3236d2d9a2d17310974eb3856d00a1028999d09c1f69183f20defc6d04e2c20de3729c15f156d19b570d01b6142387bd42a81ccacf99246c39d5c0d6e393d44dab6dd2521c8f0dd94491c7577458990a9641f0c88b8c57718b8f2c791c8d35eeee9461545ee2dd6d5371b63e2755d125610f6fb5c23db3466b1c9e7b9a79e2f269e7e897258f89199853270075498a6c432cdecdb391557a9"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_tunnel_key={0x64, 0x1d, 0x0, 0x0, {{0xf}, {0x4}, {0x31, 0x6, "309e7046678cfa85254c612d61e3d2c3e3b6590ca2f3e70c7fcdf5868b95845dfa60edad38b3b8c47659e35d23"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x1d8}]}, 0x238}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

1.722391718s ago: executing program 2 (id=1659):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FIB_DREG={0x8}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x41000000}, 0x0)

1.719620687s ago: executing program 3 (id=1660):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000006440)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000600)={0x34, 0x11, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @uid}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@loopback={0x21}}]}, 0x34}], 0x1}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=@can_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_LIM_HOPS={0x5}]}, 0x1c}}, 0x0)
socket(0x15, 0x2, 0xfffeffff)

1.682017165s ago: executing program 1 (id=1661):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x0, 0x4, {{@in6=@private0={0xfc, 0x0, '\x00', 0x2}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {}, 0x400}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x4c050)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x2, 0x10, 0x9, 0x9, 0xa, 0x0, 0x70bd2a, 0x25dfdbfb, [@sadb_x_policy={0x8, 0x12, 0x4, 0x3, 0x0, 0x0, 0x8, {0x6, 0x32, 0x3, 0x8, 0x0, 0x0, 0x0, @in=@rand_addr=0x5, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}}}]}, 0x50}}, 0x40010)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)="e9bed67a87ee4623d39c10780000000000", 0x11}}, 0x20040814)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xf0, 0x10, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3a}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(ecb-camellia-aesni-avx2)\x00'}, 0x58)
bind$alg(r4, &(0x7f0000000ec0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(serpent)\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="0401", @ANYRES16=0x0, @ANYBLOB="000000000000000000000200000008000100", @ANYRES32=0x0, @ANYBLOB="e80002803800010024000100d9476c625f66746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400000000003c00010024000100757365725f6c696e6b75705f656e61626c656400000000000000000000000000050003000600000004"], 0x104}}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="8400000010000305000000000000000003000000", @ANYRES32=0x0, @ANYBLOB="00000000000000006400128009000100626f6e64000000005400028008001f"], 0x84}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x1e}}, &(0x7f0000000480)='GPL\x00'}, 0x90)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)

1.63695982s ago: executing program 0 (id=1662):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000002000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000200000000000000000000000000000000000000000000ffffffffffffffde000000000000000000000000000000000000000000000000000a000000000000000000000080400002000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000002a63a2a50000000403"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x87, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.5589613s ago: executing program 2 (id=1663):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="140100001600010000000000000000007f000001000000000000000000000000ff0100000000000000000000000000010000000300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000ffffffff000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe5d00000c0015005c07350001000000"], 0x104}}, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r2, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r4, &(0x7f0000000540)="d1926d8eaef41d", &(0x7f0000000240)=@tcp}, 0x20)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)

1.511755102s ago: executing program 4 (id=1664):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x100, 0x8}, &(0x7f0000000040)=0x8) (async)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={<r1=>0x0, 0x100, 0x8}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1, 0x7fff}, &(0x7f00000000c0)=0x8) (async)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1, 0x7fff}, &(0x7f00000000c0)=0x8)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000100)={<r3=>r1, 0x5}, &(0x7f0000000140)=0x8)
ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x2)
socket(0x26, 0x7, 0x0) (async)
r4 = socket(0x26, 0x7, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000180)) (async)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000180)=<r5=>0x0)
ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f00000001c0)=r5)
setsockopt$MRT_PIM(r4, 0x0, 0xcf, &(0x7f0000000200)=0x1, 0x4) (async)
setsockopt$MRT_PIM(r4, 0x0, 0xcf, &(0x7f0000000200)=0x1, 0x4)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendto$inet6(r6, &(0x7f0000000240)="2f0855e044d4c6138a2a42abcecff3e06871b6eb21f9708f2a94d2003704dba140049715f74288ed4e5f65cfa5950dba801426a83e8cb956910f1e3a4ba68c89e2906f02025cbd7f1da6c663aa31607ef71b68551a304d84b027a26f", 0x5c, 0x20048000, &(0x7f00000002c0)={0xa, 0x4e20, 0x10001, @remote, 0x7ff}, 0x1c)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xa4, r7, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONNECTED_TO_GATE={0x5}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0xc}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0x55}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x3}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xc}]}, @NL80211_ATTR_MESH_CONFIG={0x44, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x6}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0x96}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xcc}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x7}, @NL80211_MESHCONF_FORWARDING={0x5}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5, 0xe, 0x1}, @NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x5}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x9}]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x400}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20008004}, 0x800)
recvmsg$kcm(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000004c0)=""/252, 0xfc}, {&(0x7f00000005c0)=""/180, 0xb4}, {&(0x7f0000000680)=""/219, 0xdb}, {&(0x7f0000000780)=""/113, 0x71}, {&(0x7f0000000800)=""/64, 0x40}, {&(0x7f0000000840)=""/62, 0x3e}], 0x6, &(0x7f0000000900)=""/102, 0x66}, 0x12040) (async)
recvmsg$kcm(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000004c0)=""/252, 0xfc}, {&(0x7f00000005c0)=""/180, 0xb4}, {&(0x7f0000000680)=""/219, 0xdb}, {&(0x7f0000000780)=""/113, 0x71}, {&(0x7f0000000800)=""/64, 0x40}, {&(0x7f0000000840)=""/62, 0x3e}], 0x6, &(0x7f0000000900)=""/102, 0x66}, 0x12040)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wpan3\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a80)={'wpan3\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000a80)={'wpan3\x00', <r11=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r8, &(0x7f0000000b80)={&(0x7f00000009c0), 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x6c, r9, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_KEY={0x28, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "6d1475d76d49510c2ffdffb61837a4072dd8ce5905b37139fccb7dae000b9485"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000010}, 0x894)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000c40)=@mangle={'mangle\x00', 0x1f, 0x6, 0x760, 0x5c0, 0x138, 0x4d0, 0x2a0, 0x4d0, 0x690, 0x690, 0x690, 0x690, 0x690, 0x6, &(0x7f0000000bc0), {[{{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x6904142c, 0x10000, @ipv4=@broadcast, 0x4e23}}}, {{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @empty}, [0xff000000, 0xffffff00, 0xffffff00, 0xff000000], [0xffffffff, 0xff000000, 0xff], 'sit0\x00', 'veth0_to_batadv\x00', {}, {0xff}, 0x5c, 0xae, 0x6}, 0x0, 0x120, 0x168, 0x0, {}, [@common=@frag={{0x30}, {[0x2, 0x6], 0xfffffff7, 0x4}}, @common=@dst={{0x48}, {0x1, 0x0, 0x1, [0xb, 0x5, 0x3, 0x7fff, 0x0, 0x6, 0x3, 0x9, 0xc, 0x8a48, 0x4f, 0x4, 0x0, 0x6, 0x4, 0x8], 0x5}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@private2, @ipv6=@mcast2, 0x3a, 0x6, 0xeb12}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, [0xffffffff, 0xff000000, 0xffffffff, 0xff], [0x0, 0xffffff00, 0xff000000, 0xff], 'wlan1\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0xaca08fa903e0d6dc, 0x6, 0x1, 0x71}, 0x0, 0x208, 0x230, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x7}}, @common=@rt={{0x138}, {0xd, [0x8481, 0x10], 0x40, 0x2, 0x2, [@private1={0xfc, 0x1, '\x00', 0x1}, @remote, @private1, @dev={0xfe, 0x80, '\x00', 0x11}, @loopback, @private2, @empty, @dev={0xfe, 0x80, '\x00', 0x30}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @mcast1, @dev={0xfe, 0x80, '\x00', 0x1c}, @mcast1, @dev={0xfe, 0x80, '\x00', 0x20}, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'], 0xa}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@loopback, @ipv4={'\x00', '\xff\xff', @local}, [0xffffffff, 0xff000000, 0x0, 0xffffff00], [0xffffffff, 0xffffff00, 0x0, 0xff], 'pim6reg1\x00', 'veth1_to_batadv\x00', {0x7e52b506d2e1b5d8}, {}, 0x2b, 0x1, 0x0, 0x41}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010101, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1d, 0x1c, 0x1}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, [0x0, 0x0, 0xffffffff, 0x1ff000001], [0xff, 0xff, 0xff, 0xff], 'vxcan1\x00', 'virt_wifi0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x8, 0x2}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x61b7}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7c0)
sendmsg$NL802154_CMD_SET_PAN_ID(r8, &(0x7f00000014c0)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x1c, r9, 0xa2, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
bind(r6, &(0x7f0000001500)=@l2={0x1f, 0x100, @none, 0x0, 0x1}, 0x80) (async)
bind(r6, &(0x7f0000001500)=@l2={0x1f, 0x100, @none, 0x0, 0x1}, 0x80)
sendmsg$NL802154_CMD_SET_LBT_MODE(r8, &(0x7f0000001640)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x14, r9, 0x400, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r8, &(0x7f0000001800)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000017c0)={&(0x7f00000016c0)={0xc4, r9, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_SEC_DEVKEY={0x94, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1000}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xe}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1000}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000080)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r8, &(0x7f0000001a00)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001880)={0x130, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_SEC_KEY={0xcc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "79541725ece5c5de319f3829e0d2db2a581ff0c0ec0077baaae768452c13114f"}, @NL802154_KEY_ATTR_ID={0x90, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xb}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x10000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "0f79475794024588169198ce8ddd880c"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x40}]}, @NL802154_ATTR_SEC_KEY={0x20, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd58c}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x5c}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x20008054}, 0x0) (async)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r8, &(0x7f0000001a00)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001880)={0x130, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_SEC_KEY={0xcc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "79541725ece5c5de319f3829e0d2db2a581ff0c0ec0077baaae768452c13114f"}, @NL802154_KEY_ATTR_ID={0x90, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xb}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x10000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "0f79475794024588169198ce8ddd880c"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x40}]}, @NL802154_ATTR_SEC_KEY={0x20, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd58c}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x5c}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x20008054}, 0x0)
setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000001a40)={0x1, 0x6}, 0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000001a80)={r3, @in={{0x2, 0x4e24, @empty}}, 0x1ff, 0x401, 0x7, 0x7, 0xb4, 0x3, 0x9}, &(0x7f0000001b40)=0x9c)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r6, 0x40189429, &(0x7f0000001b80)={0x1, 0x8001, 0x3a})
bpf$PROG_LOAD(0x5, &(0x7f0000001ec0)={0x19, 0x17, &(0x7f0000001c40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1800000, 0x0, 0x0, 0x0, 0x80}, {}, {}, [@jmp={0x5, 0x1, 0x8, 0xa, 0x9, 0x40, 0x1}, @jmp={0x5, 0x1, 0x5, 0x0, 0x0, 0x18, 0x1}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x7}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001d00)='syzkaller\x00', 0x800, 0x1d, &(0x7f0000001d40)=""/29, 0x41100, 0x10, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

1.477500372s ago: executing program 3 (id=1665):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, &(0x7f0000000000)="2e000300010000", 0x7)

1.382932535s ago: executing program 0 (id=1666):
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x802)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x268}, 0x8000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) (fail_nth: 35)

1.270709389s ago: executing program 4 (id=1667):
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x2b, &(0x7f00000007c0)=ANY=[], 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_SELECT={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$SMC_PNETID_DEL(r1, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003480), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r3, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

1.263772779s ago: executing program 3 (id=1668):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xe07e872420dfefca)
r0 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x200)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xe}, {0xe, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x80, 0x0, 0x0, 0x6000000, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

954.993255ms ago: executing program 2 (id=1669):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x54}, 0x1, 0x0, 0x0, 0x600}, 0x0)

942.903ms ago: executing program 0 (id=1670):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000d40)=@delchain={0x238, 0x65, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x0, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x204, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1ec, 0x1, [@m_mirred={0x184, 0x11, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x4, 0xf1, 0xffffffffffffffff, 0x6}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10001, 0x3, 0x1, 0xe, 0x4}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x5c, 0x7, 0xfff, 0x1}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xe, 0xff000000, 0x8, 0xffff0001, 0xff}, 0x2}}]}, {0xd8, 0x6, "319bb848351b002738b6c4c50b9141bebb58a1fd9f04e35af9c32268b29dfa1c25c9502b51b55eff39526a56fd0f6d8f94d05679ea0836ee4adecfe3236d2d9a2d17310974eb3856d00a1028999d09c1f69183f20defc6d04e2c20de3729c15f156d19b570d01b6142387bd42a81ccacf99246c39d5c0d6e393d44dab6dd2521c8f0dd94491c7577458990a9641f0c88b8c57718b8f2c791c8d35eeee9461545ee2dd6d5371b63e2755d125610f6fb5c23db3466b1c9e7b9a79e2f269e7e897258f89199853270075498a6c432cdecdb391557a9"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_tunnel_key={0x64, 0x1d, 0x0, 0x0, {{0xf}, {0x4}, {0x31, 0x6, "309e7046678cfa85254c612d61e3d2c3e3b6590ca2f3e70c7fcdf5868b95845dfa60edad38b3b8c47659e35d23"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x1d8}]}, 0x238}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

899.939254ms ago: executing program 4 (id=1671):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @remote}, {0x306, @broadcast}, 0x2, {0x2, 0x4e23, @rand_addr=0x64010101}, 'syzkaller0\x00'})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173683a6e657400000000050005000a000000050004"], 0x5c}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @remote}, {0x306, @broadcast}, 0x2, {0x2, 0x4e23, @rand_addr=0x64010101}, 'syzkaller0\x00'}) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173683a6e657400000000050005000a000000050004"], 0x5c}}, 0x0) (async)

814.963004ms ago: executing program 1 (id=1672):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000001c0)=0x2, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
listen(r1, 0x10000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="7a0af8ff75256320bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640ab321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f94cf3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd9030a46c190e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d}, 0x94)
setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000200)=0x6ec, 0x4)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000240)=0x7, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2000d00, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)

720.964414ms ago: executing program 1 (id=1673):
r0 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x4, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={<r3=>0x0, 0x6}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={r3, @in={{0x2, 0x4e22, @remote}}, 0x5, 0x2, 0x4, 0x3ff, 0xa0, 0x4, 0x6}, &(0x7f0000000440)=0x9c)
close(r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000240012800b00010067726574617000001400028006000e0003000000080007007f00000108000a00", @ANYRES32=r9, @ANYBLOB="3b90ad8ae5819e4749fafb32772dba1bd8de3bd30000000079241d5dd876f79daba71f8d286a980590aa"], 0x4c}}, 0x4000)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
ioctl$SIOCSIFHWADDR(r10, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @local})

712.332374ms ago: executing program 4 (id=1674):
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x802)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x268}, 0x8000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0, 0x0, 0x8400}, 0x38)

709.004284ms ago: executing program 0 (id=1675):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x50, 0x8, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4004010)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f00000002c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@delchain={0x44, 0x64, 0xf31, 0xfffffffb, 0x1000000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_CT_ZONE_MASK={0x6, 0x5e, 0x3}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001280)=ANY=[@ANYBLOB="140000002300010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010800000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021140000001000010000000000000000000084000a"], 0x84}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, 0x3, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x26ffc86098878bdf}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}]}, 0x20}}, 0x0)
sendto$packet(r0, 0x0, 0x543, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000000)=0x401, 0x4)

521.507976ms ago: executing program 2 (id=1676):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000002000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000200000000000000000000000000000000000000000000ffffffffffffffde000000000000000000000000000000000000000000000000000a000000000000000000000080400002000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000002a63a2a50000000403"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x88, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

503.443874ms ago: executing program 3 (id=1677):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYBLOB="1faeb6ae48b5ffde9ad29adf20db72c9a0777e403b74c11e5b426f3a2a648d39cd79295f9fb1787d5fdd1ab87b7cc97c5f8a67698432dac45eac55bd7ea496c0e501217f18b148b7b763bff18dedf3fff7ace10ba238840bd379f7edf1ec8910b4207c1878680c193fe28449563c7883b158ae96c68e38b34746437c5e515e82b5f5d97d6c7ba1fb0e2ff03360f3a022c26283a70fc3f7e45eddd8a0f6d9fcd9250b80db6a0fe83df55a7ee12633e9813e056442efb4480ba474136d185313e8a7b0755d5e0055f1843ee5b602d71eaf43369552", @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r1, @ANYRES32=r1], 0x44}}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596cf"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
pipe(&(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$tun(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="0000930003000600e20000809c9867ab9ade010106ff00000000000000000000ffffac1eda0100000000000000000000ffffac1414bbaa180000000000000728000000000897070000000000000000000000000000000000ffffffffffffffffb580000000000000010100f97d08e56f62d1833a01406a04cf2195d9426969d7583d921e2a087d5ccad483a56c2d7db9f4ef5feef9dfee7f8704ce575a46c3b59fee661a4536a2e7e6400cd38f5e06e6a8c2fe711ed9fd359b19bf320374a2c82150c1e62f30e8a03161084400fb0c69ef8542c2276ab9edb9ea28ba086042c40ec9ca2fbb83332a609800010005020002c910fe80000000000000000000000000003d0000000000000000000000000000000000000400004e2100004e2200000004000000010000000100000004000000000000000000"], 0x137)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r6 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000240), 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x20040880)
r8 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r5}, &(0x7f00000001c0), &(0x7f0000000440)=r6}, 0x20)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000080)=0x4)
ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f0000000100)={@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast, @bcast]})

347.171083ms ago: executing program 4 (id=1678):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
write(r0, &(0x7f0000000000)="2e000300010000", 0x7)

238.696742ms ago: executing program 2 (id=1679):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x100)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$bt_hci(r1, 0x0, 0x1, 0x0, &(0x7f0000000740))
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44090}, 0x8040)
close(0xffffffffffffffff)
syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f00000002c0)=@random="4008d2f8fc94c70b43c002008c6e6128d55c7886b1e16a", 0x17, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="0002020000000000ff020000010000000000000000000001"], 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002000010000001700000000000a00000000000000000000000500"], 0x24}}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7e}, {@private=0xa010102, 0x4e20, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006601000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}}, 0x0)

199.814812ms ago: executing program 4 (id=1680):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x100)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$bt_hci(r1, 0x0, 0x1, 0x0, &(0x7f0000000740))
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44090}, 0x8040)
close(0xffffffffffffffff)
syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f00000002c0)=@random="4008d2f8fc94c70b43c002008c6e6128d55c7886b1e16a", 0x17, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="0002020000000000ff020000010000000000000000000001"], 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002000010000001700000000000a00000000000000000000000500"], 0x24}}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7e}, {@private=0xa010102, 0x4e20, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006601000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b700"], 0x2c}}, 0x0)

0s ago: executing program 2 (id=1681):
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x2b, &(0x7f00000007c0)=ANY=[], 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_SELECT={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$SMC_PNETID_DEL(r1, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003480), 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r3, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

kernel console output (not intermixed with test programs):

promiscuous mode
[  100.258109][ T6149] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.305845][ T6150] syz.2.47 uses obsolete (PF_INET,SOCK_PACKET)
[  100.351805][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.359684][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.556032][ T6161] netlink: 'syz.1.52': attribute type 12 has an invalid length.
[  100.583466][ T6161] netlink: 'syz.1.52': attribute type 29 has an invalid length.
[  100.721146][ T6165] vti0: entered promiscuous mode
[  100.729127][ T6165] team0: Device vti0 is of different type
[  101.119454][ T6189] FAULT_INJECTION: forcing a failure.
[  101.119454][ T6189] name failslab, interval 1, probability 0, space 0, times 1
[  101.138395][ T6189] CPU: 0 UID: 0 PID: 6189 Comm: syz.4.58 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  101.138426][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.138447][ T6189] Call Trace:
[  101.138455][ T6189]  <TASK>
[  101.138464][ T6189]  dump_stack_lvl+0x189/0x250
[  101.138502][ T6189]  ? __pfx____ratelimit+0x10/0x10
[  101.138530][ T6189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.138555][ T6189]  ? __pfx__printk+0x10/0x10
[  101.138591][ T6189]  ? __pfx___might_resched+0x10/0x10
[  101.138618][ T6189]  should_fail_ex+0x414/0x560
[  101.138649][ T6189]  should_failslab+0xa8/0x100
[  101.138684][ T6189]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  101.138716][ T6189]  ? __alloc_skb+0x112/0x2d0
[  101.138751][ T6189]  __alloc_skb+0x112/0x2d0
[  101.138782][ T6189]  netlink_sendmsg+0x5c6/0xb30
[  101.138819][ T6189]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.138850][ T6189]  ? aa_sock_msg_perm+0xf1/0x1d0
[  101.138882][ T6189]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  101.138905][ T6189]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.138935][ T6189]  __sock_sendmsg+0x219/0x270
[  101.138963][ T6189]  ____sys_sendmsg+0x505/0x830
[  101.139002][ T6189]  ? __pfx_____sys_sendmsg+0x10/0x10
[  101.139044][ T6189]  ? import_iovec+0x74/0xa0
[  101.139069][ T6189]  ___sys_sendmsg+0x21f/0x2a0
[  101.139104][ T6189]  ? __pfx____sys_sendmsg+0x10/0x10
[  101.139176][ T6189]  ? __fget_files+0x2a/0x420
[  101.139207][ T6189]  ? __fget_files+0x3a0/0x420
[  101.139252][ T6189]  __x64_sys_sendmsg+0x19b/0x260
[  101.139287][ T6189]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  101.139329][ T6189]  ? __pfx_ksys_write+0x10/0x10
[  101.139355][ T6189]  ? rcu_is_watching+0x15/0xb0
[  101.139391][ T6189]  ? do_syscall_64+0xbe/0x3b0
[  101.139424][ T6189]  do_syscall_64+0xfa/0x3b0
[  101.139450][ T6189]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.139476][ T6189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.139498][ T6189]  ? clear_bhb_loop+0x60/0xb0
[  101.139524][ T6189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.139545][ T6189] RIP: 0033:0x7fe02198ebe9
[  101.139572][ T6189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.139590][ T6189] RSP: 002b:00007fe0227af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.139612][ T6189] RAX: ffffffffffffffda RBX: 00007fe021bb5fa0 RCX: 00007fe02198ebe9
[  101.139628][ T6189] RDX: 0000000010008044 RSI: 0000200000005640 RDI: 0000000000000003
[  101.139641][ T6189] RBP: 00007fe0227af090 R08: 0000000000000000 R09: 0000000000000000
[  101.139654][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.139666][ T6189] R13: 00007fe021bb6038 R14: 00007fe021bb5fa0 R15: 00007ffcc39de568
[  101.139699][ T6189]  </TASK>
[  101.447268][ T6193] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  101.726774][ T6199] __nla_validate_parse: 5 callbacks suppressed
[  101.726795][ T6199] netlink: 12 bytes leftover after parsing attributes in process `syz.4.64'.
[  101.858593][ T6199] netlink: 'syz.4.64': attribute type 21 has an invalid length.
[  101.867571][ T6199] netlink: 'syz.4.64': attribute type 22 has an invalid length.
[  101.912526][ T6199] netlink: 'syz.4.64': attribute type 23 has an invalid length.
[  101.964018][ T6199] netlink: 'syz.4.64': attribute type 25 has an invalid length.
[  101.999299][ T6199] netlink: 96 bytes leftover after parsing attributes in process `syz.4.64'.
[  102.711868][ T6245] netlink: 'syz.0.80': attribute type 23 has an invalid length.
[  102.937364][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.82'.
[  102.947870][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.82'.
[  102.972837][ T6257] netlink: 50 bytes leftover after parsing attributes in process `syz.4.82'.
[  103.324420][ T6272] netlink: 20 bytes leftover after parsing attributes in process `syz.4.89'.
[  103.508241][ T6278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.92'.
[  103.704889][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.4.96'.
[  103.792592][ T6288] netlink: 12 bytes leftover after parsing attributes in process `syz.4.96'.
[  104.040678][ T6297] only policy match revision 0 supported
[  104.040712][ T6297] unable to load match
[  104.939550][ T6336] FAULT_INJECTION: forcing a failure.
[  104.939550][ T6336] name failslab, interval 1, probability 0, space 0, times 0
[  105.002389][ T6336] CPU: 1 UID: 0 PID: 6336 Comm: syz.3.115 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  105.002421][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  105.002433][ T6336] Call Trace:
[  105.002442][ T6336]  <TASK>
[  105.002452][ T6336]  dump_stack_lvl+0x189/0x250
[  105.002485][ T6336]  ? __pfx____ratelimit+0x10/0x10
[  105.002520][ T6336]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.002548][ T6336]  ? __pfx__printk+0x10/0x10
[  105.002583][ T6336]  ? __lock_acquire+0xab9/0xd20
[  105.002628][ T6336]  should_fail_ex+0x414/0x560
[  105.002661][ T6336]  should_failslab+0xa8/0x100
[  105.002698][ T6336]  kmem_cache_alloc_noprof+0x73/0x3c0
[  105.002728][ T6336]  ? skb_clone+0x212/0x3a0
[  105.002755][ T6336]  skb_clone+0x212/0x3a0
[  105.002781][ T6336]  __netlink_deliver_tap+0x404/0x850
[  105.002839][ T6336]  ? netlink_deliver_tap+0x2e/0x1b0
[  105.002870][ T6336]  netlink_deliver_tap+0x19c/0x1b0
[  105.002902][ T6336]  netlink_unicast+0x7fa/0x9e0
[  105.002939][ T6336]  ? __pfx_netlink_unicast+0x10/0x10
[  105.002969][ T6336]  ? netlink_sendmsg+0x642/0xb30
[  105.002996][ T6336]  ? skb_put+0x11b/0x210
[  105.003037][ T6336]  netlink_sendmsg+0x805/0xb30
[  105.003081][ T6336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.003116][ T6336]  ? aa_sock_msg_perm+0xf1/0x1d0
[  105.003156][ T6336]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  105.003181][ T6336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.003213][ T6336]  __sock_sendmsg+0x219/0x270
[  105.003244][ T6336]  ____sys_sendmsg+0x505/0x830
[  105.003285][ T6336]  ? __pfx_____sys_sendmsg+0x10/0x10
[  105.003331][ T6336]  ? import_iovec+0x74/0xa0
[  105.003358][ T6336]  ___sys_sendmsg+0x21f/0x2a0
[  105.003396][ T6336]  ? __pfx____sys_sendmsg+0x10/0x10
[  105.003475][ T6336]  ? __fget_files+0x2a/0x420
[  105.003509][ T6336]  ? __fget_files+0x3a0/0x420
[  105.003557][ T6336]  __x64_sys_sendmsg+0x19b/0x260
[  105.003595][ T6336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  105.003642][ T6336]  ? __pfx_ksys_write+0x10/0x10
[  105.003670][ T6336]  ? rcu_is_watching+0x15/0xb0
[  105.003700][ T6336]  ? do_syscall_64+0xbe/0x3b0
[  105.003734][ T6336]  do_syscall_64+0xfa/0x3b0
[  105.003762][ T6336]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.003790][ T6336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.003819][ T6336]  ? clear_bhb_loop+0x60/0xb0
[  105.003861][ T6336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.003883][ T6336] RIP: 0033:0x7fec2478ebe9
[  105.003918][ T6336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.003937][ T6336] RSP: 002b:00007fec2560d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.003959][ T6336] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478ebe9
[  105.003975][ T6336] RDX: 0000000010008044 RSI: 0000200000005640 RDI: 0000000000000003
[  105.003989][ T6336] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  105.004001][ T6336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.004014][ T6336] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  105.004048][ T6336]  </TASK>
[  105.673959][ T6354] netlink: 244 bytes leftover after parsing attributes in process `syz.3.120'.
[  106.279062][ T6388] netlink: 'syz.2.133': attribute type 12 has an invalid length.
[  106.330366][ T6388] netlink: 'syz.2.133': attribute type 29 has an invalid length.
[  107.058390][ T6419] Bluetooth: MGMT ver 1.23
[  107.077588][   T13] tipc: Subscription rejected, illegal request
[  107.172484][ T6423] __nla_validate_parse: 4 callbacks suppressed
[  107.172508][ T6423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.147'.
[  107.189271][ T6425] netlink: 'syz.4.148': attribute type 12 has an invalid length.
[  107.212393][ T6425] netlink: 'syz.4.148': attribute type 29 has an invalid length.
[  107.235477][ T6425] netlink: 148 bytes leftover after parsing attributes in process `syz.4.148'.
[  107.280382][ T6425] netlink: 59 bytes leftover after parsing attributes in process `syz.4.148'.
[  107.287778][ T6423] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.765052][ T6445] veth0: entered promiscuous mode
[  107.789719][ T6445] netlink: 12 bytes leftover after parsing attributes in process `syz.4.157'.
[  107.831974][ T6444] veth0: left promiscuous mode
[  108.193227][ T6466] sit0: entered promiscuous mode
[  108.227851][ T6466] netlink: 'syz.2.164': attribute type 1 has an invalid length.
[  108.256991][ T6466] netlink: 1 bytes leftover after parsing attributes in process `syz.2.164'.
[  108.276594][ T6469] netlink: 20 bytes leftover after parsing attributes in process `syz.2.164'.
[  108.302748][ T6469] netlink: 20 bytes leftover after parsing attributes in process `syz.2.164'.
[  108.649185][ T6482] FAULT_INJECTION: forcing a failure.
[  108.649185][ T6482] name failslab, interval 1, probability 0, space 0, times 0
[  108.735398][ T6482] CPU: 1 UID: 0 PID: 6482 Comm: syz.3.172 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  108.735429][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  108.735442][ T6482] Call Trace:
[  108.735450][ T6482]  <TASK>
[  108.735460][ T6482]  dump_stack_lvl+0x189/0x250
[  108.735492][ T6482]  ? __pfx____ratelimit+0x10/0x10
[  108.735520][ T6482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.735545][ T6482]  ? __pfx__printk+0x10/0x10
[  108.735581][ T6482]  ? __pfx___might_resched+0x10/0x10
[  108.735603][ T6482]  ? fs_reclaim_acquire+0x7d/0x100
[  108.735643][ T6482]  should_fail_ex+0x414/0x560
[  108.735674][ T6482]  should_failslab+0xa8/0x100
[  108.735709][ T6482]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  108.735740][ T6482]  ? __alloc_skb+0x112/0x2d0
[  108.735772][ T6482]  __alloc_skb+0x112/0x2d0
[  108.735806][ T6482]  netlink_ack+0x146/0xa50
[  108.735838][ T6482]  ? __pfx_genl_rcv_msg+0x10/0x10
[  108.735878][ T6482]  netlink_rcv_skb+0x28c/0x470
[  108.735903][ T6482]  ? __lock_acquire+0xab9/0xd20
[  108.735936][ T6482]  ? __pfx_genl_rcv_msg+0x10/0x10
[  108.735959][ T6482]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  108.736009][ T6482]  ? down_read+0x1ad/0x2e0
[  108.736042][ T6482]  genl_rcv+0x28/0x40
[  108.736072][ T6482]  netlink_unicast+0x82f/0x9e0
[  108.736107][ T6482]  ? __pfx_netlink_unicast+0x10/0x10
[  108.736135][ T6482]  ? netlink_sendmsg+0x642/0xb30
[  108.736161][ T6482]  ? skb_put+0x11b/0x210
[  108.736195][ T6482]  netlink_sendmsg+0x805/0xb30
[  108.736233][ T6482]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.736267][ T6482]  ? aa_sock_msg_perm+0xf1/0x1d0
[  108.736300][ T6482]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  108.736324][ T6482]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.736353][ T6482]  __sock_sendmsg+0x219/0x270
[  108.736381][ T6482]  ____sys_sendmsg+0x505/0x830
[  108.736418][ T6482]  ? __pfx_____sys_sendmsg+0x10/0x10
[  108.736459][ T6482]  ? import_iovec+0x74/0xa0
[  108.736505][ T6482]  ___sys_sendmsg+0x21f/0x2a0
[  108.736539][ T6482]  ? __pfx____sys_sendmsg+0x10/0x10
[  108.736608][ T6482]  ? __fget_files+0x2a/0x420
[  108.736640][ T6482]  ? __fget_files+0x3a0/0x420
[  108.736685][ T6482]  __x64_sys_sendmsg+0x19b/0x260
[  108.736720][ T6482]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  108.736763][ T6482]  ? __pfx_ksys_write+0x10/0x10
[  108.736794][ T6482]  ? do_syscall_64+0xbe/0x3b0
[  108.736831][ T6482]  do_syscall_64+0xfa/0x3b0
[  108.736854][ T6482]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.736875][ T6482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.736893][ T6482]  ? clear_bhb_loop+0x60/0xb0
[  108.736914][ T6482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.736931][ T6482] RIP: 0033:0x7fec2478ebe9
[  108.736947][ T6482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.736962][ T6482] RSP: 002b:00007fec2560d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.736981][ T6482] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478ebe9
[  108.736993][ T6482] RDX: 0000000000000800 RSI: 0000200000000540 RDI: 0000000000000004
[  108.737004][ T6482] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  108.737014][ T6482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.737024][ T6482] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  108.737051][ T6482]  </TASK>
[  109.364301][ T6498] netlink: 'syz.4.179': attribute type 12 has an invalid length.
[  109.391482][ T6498] netlink: 'syz.4.179': attribute type 29 has an invalid length.
[  109.434435][ T6498] netlink: 148 bytes leftover after parsing attributes in process `syz.4.179'.
[  109.460456][ T6498] netlink: 59 bytes leftover after parsing attributes in process `syz.4.179'.
[  109.718170][ T6507] netlink: 12 bytes leftover after parsing attributes in process `syz.2.185'.
[  109.991642][ T6517] netlink: 'syz.2.188': attribute type 2 has an invalid length.
[  110.006556][ T6517] netlink: 'syz.2.188': attribute type 1 has an invalid length.
[  110.017296][ T6517] netlink: 'syz.2.188': attribute type 3 has an invalid length.
[  111.747801][ T6588] FAULT_INJECTION: forcing a failure.
[  111.747801][ T6588] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  111.844534][ T6588] CPU: 0 UID: 0 PID: 6588 Comm: syz.3.209 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  111.844565][ T6588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.844579][ T6588] Call Trace:
[  111.844587][ T6588]  <TASK>
[  111.844596][ T6588]  dump_stack_lvl+0x189/0x250
[  111.844630][ T6588]  ? __pfx____ratelimit+0x10/0x10
[  111.844657][ T6588]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.844684][ T6588]  ? __pfx__printk+0x10/0x10
[  111.844728][ T6588]  should_fail_ex+0x414/0x560
[  111.844759][ T6588]  _copy_to_user+0x31/0xb0
[  111.844783][ T6588]  simple_read_from_buffer+0xe1/0x170
[  111.844821][ T6588]  proc_fail_nth_read+0x1b3/0x220
[  111.844850][ T6588]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.844880][ T6588]  ? rw_verify_area+0x2a6/0x4d0
[  111.844907][ T6588]  ? __lock_acquire+0xab9/0xd20
[  111.844937][ T6588]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  111.844963][ T6588]  vfs_read+0x200/0x980
[  111.844990][ T6588]  ? fdget_pos+0x247/0x320
[  111.845014][ T6588]  ? __pfx___mutex_lock+0x10/0x10
[  111.845043][ T6588]  ? __pfx_vfs_read+0x10/0x10
[  111.845073][ T6588]  ? __fget_files+0x2a/0x420
[  111.845115][ T6588]  ? __fget_files+0x3a0/0x420
[  111.845147][ T6588]  ? __fget_files+0x2a/0x420
[  111.845190][ T6588]  ksys_read+0x145/0x250
[  111.845222][ T6588]  ? __pfx_ksys_read+0x10/0x10
[  111.845248][ T6588]  ? rcu_is_watching+0x15/0xb0
[  111.845276][ T6588]  ? do_syscall_64+0xbe/0x3b0
[  111.845310][ T6588]  do_syscall_64+0xfa/0x3b0
[  111.845336][ T6588]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.845363][ T6588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.845385][ T6588]  ? clear_bhb_loop+0x60/0xb0
[  111.845412][ T6588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.845433][ T6588] RIP: 0033:0x7fec2478d5fc
[  111.845453][ T6588] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  111.845471][ T6588] RSP: 002b:00007fec2560d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  111.845494][ T6588] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478d5fc
[  111.845509][ T6588] RDX: 000000000000000f RSI: 00007fec2560d0a0 RDI: 0000000000000003
[  111.845522][ T6588] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  111.845542][ T6588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.845554][ T6588] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  111.845588][ T6588]  </TASK>
[  113.022629][ T6628] __nla_validate_parse: 6 callbacks suppressed
[  113.022649][ T6628] netlink: 20 bytes leftover after parsing attributes in process `syz.3.221'.
[  113.104738][ T6628] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  113.307164][ T6641] netlink: 8 bytes leftover after parsing attributes in process `syz.3.225'.
[  113.744685][ T6654] vcan0: tx drop: invalid da for name 0x0000000000000002
[  113.808226][ T1209] IPVS: starting estimator thread 0...
[  113.814780][ T6659] IPVS: ip_vs_add_dest(): server weight less than zero
[  113.912408][ T6660] IPVS: using max 25 ests per chain, 60000 per kthread
[  114.047155][ T6664] dvmrp1: entered allmulticast mode
[  114.061552][ T6669] trusted_key: syz.1.234 sent an empty control message without MSG_MORE.
[  114.096983][ T6669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.234'.
[  114.477766][ T6682] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'.
[  114.489200][ T6678] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.497678][ T6678] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.664084][ T6678] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  114.748346][ T6682] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  114.970398][ T6703] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  115.298217][ T6723] validate_nla: 2 callbacks suppressed
[  115.298240][ T6723] netlink: 'syz.0.247': attribute type 1 has an invalid length.
[  115.327861][ T6723] netlink: 'syz.0.247': attribute type 2 has an invalid length.
[  115.372042][ T6723] netlink: 1172 bytes leftover after parsing attributes in process `syz.0.247'.
[  115.444941][ T6733] warning: `syz.4.250' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  115.504730][ T6733] netlink: 'syz.4.250': attribute type 10 has an invalid length.
[  115.607955][ T6733] team0: Port device dummy0 added
[  115.822893][ T6747] netlink: 'syz.3.254': attribute type 12 has an invalid length.
[  115.867810][ T6757] netlink: 12 bytes leftover after parsing attributes in process `syz.2.255'.
[  116.035829][ T6759] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  116.439483][ T6775] netlink: 28 bytes leftover after parsing attributes in process `syz.3.263'.
[  116.885326][ T6802] netlink: 12 bytes leftover after parsing attributes in process `syz.0.270'.
[  117.009296][ T6797] netlink: 12 bytes leftover after parsing attributes in process `syz.3.266'.
[  117.056659][ T6797] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[  117.084762][ T6797] tipc: Enabled bearer <udp:s>, priority 10
[  117.104470][ T6808] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  117.385104][ T6826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.277'.
[  117.546734][ T6822] bond1: entered allmulticast mode
[  117.553050][ T6822] 8021q: adding VLAN 0 to HW filter on device bond1
[  117.560911][ T6822] bridge0: port 3(bond1) entered blocking state
[  117.569698][ T6822] bridge0: port 3(bond1) entered disabled state
[  117.579793][ T6822] bond1: entered promiscuous mode
[  117.587992][ T6822] bridge0: port 3(bond1) entered blocking state
[  117.595444][ T6822] bridge0: port 3(bond1) entered forwarding state
[  117.719725][ T6835] 8021q: VLANs not supported on ip6_vti0
[  117.922634][ T6841] sctp: [Deprecated]: syz.1.281 (pid 6841) Use of int in max_burst socket option deprecated.
[  117.922634][ T6841] Use struct sctp_assoc_value instead
[  118.228912][ T6852] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.237699][ T6852] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.473343][ T6852] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  118.509759][ T6852] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.010981][ T6880] __nla_validate_parse: 3 callbacks suppressed
[  119.011004][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.291'.
[  119.074197][ T4532] bridge0: port 3(bond1) entered disabled state
[  119.101952][ T6874] netlink: 64 bytes leftover after parsing attributes in process `syz.1.290'.
[  119.141775][ T6874] netlink: 64 bytes leftover after parsing attributes in process `syz.1.290'.
[  119.156285][   T13] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.178150][   T13] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.201476][ T6852] syz.4.283 (6852) used greatest stack depth: 19960 bytes left
[  119.246933][   T13] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.294635][   T13] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.336750][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.292'.
[  119.383069][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz.3.292'.
[  119.384879][ T6893] netlink: 'syz.0.296': attribute type 12 has an invalid length.
[  119.412125][ T6891] netlink: 28 bytes leftover after parsing attributes in process `syz.1.295'.
[  119.439942][ T6893] netlink: 'syz.0.296': attribute type 29 has an invalid length.
[  119.448282][ T6893] netlink: 148 bytes leftover after parsing attributes in process `syz.0.296'.
[  119.458670][ T6893] netlink: 59 bytes leftover after parsing attributes in process `syz.0.296'.
[  119.957716][ T6917] netlink: 12 bytes leftover after parsing attributes in process `syz.3.302'.
[  120.275341][ T6934] ip6erspan0: entered promiscuous mode
[  120.306578][ T6934] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  120.731249][ T6943] netlink: 2 bytes leftover after parsing attributes in process `syz.1.310'.
[  120.774157][ T6943] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  122.384785][ T7016] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  122.646555][ T7026] Bluetooth: MGMT ver 1.23
[  124.370238][ T7095] __nla_validate_parse: 7 callbacks suppressed
[  124.370259][ T7095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.371'.
[  124.426485][ T7094] netlink: 40 bytes leftover after parsing attributes in process `syz.3.370'.
[  124.428217][ T7095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.371'.
[  124.488522][ T7095] netlink: 'syz.1.371': attribute type 83 has an invalid length.
[  124.594450][    C0] Illegal XDP return value 16128 on prog  (id 25) dev team0, expect packet loss!
[  125.011184][ T5936] IPVS: starting estimator thread 0...
[  125.122376][ T7123] IPVS: using max 27 ests per chain, 64800 per kthread
[  125.175000][ T7129] netlink: 'syz.0.384': attribute type 1 has an invalid length.
[  125.608196][ T7144] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  125.867599][ T7149] netlink: 'syz.1.393': attribute type 12 has an invalid length.
[  125.920326][ T7149] netlink: 'syz.1.393': attribute type 29 has an invalid length.
[  125.960525][ T7149] netlink: 148 bytes leftover after parsing attributes in process `syz.1.393'.
[  126.019946][ T7149] netlink: 43 bytes leftover after parsing attributes in process `syz.1.393'.
[  126.303314][ T7175] netlink: 'syz.4.402': attribute type 12 has an invalid length.
[  126.331900][ T7175] netlink: 'syz.4.402': attribute type 29 has an invalid length.
[  126.341333][ T7176] netlink: 'syz.0.399': attribute type 1 has an invalid length.
[  126.374221][ T7175] netlink: 148 bytes leftover after parsing attributes in process `syz.4.402'.
[  126.423355][ T7175] netlink: 59 bytes leftover after parsing attributes in process `syz.4.402'.
[  126.589244][ T7188] bond0: option ad_select: unable to set because the bond device is up
[  126.762611][ T7203] netlink: 4 bytes leftover after parsing attributes in process `syz.2.404'.
[  126.826085][ T7203] bridge_slave_1: left allmulticast mode
[  126.852566][ T7188] netlink: 24 bytes leftover after parsing attributes in process `syz.2.404'.
[  126.879321][ T7203] bridge_slave_1: left promiscuous mode
[  126.939752][ T7203] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.993886][ T7203] bridge_slave_0: left allmulticast mode
[  127.027336][ T7203] bridge_slave_0: left promiscuous mode
[  127.046618][ T7203] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.655674][ T7237] netlink: 'syz.2.417': attribute type 1 has an invalid length.
[  127.726559][ T7239] netlink: 'syz.4.415': attribute type 10 has an invalid length.
[  128.005187][ T7250] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  128.331525][ T7261] syz.4.426 uses old SIOCAX25GETINFO
[  128.574514][ T7268] netlink: 16 bytes leftover after parsing attributes in process `syz.2.428'.
[  128.604805][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  128.642676][   T36] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  128.651571][ T3429] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  129.073408][ T5923] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  129.243041][ T5923] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  129.441607][ T7302] __nla_validate_parse: 2 callbacks suppressed
[  129.441627][ T7302] netlink: 8 bytes leftover after parsing attributes in process `syz.4.437'.
[  130.029583][ T7327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'.
[  130.061497][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'.
[  130.610140][ T7359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.452'.
[  131.713787][ T7406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.471'.
[  132.275961][ T7432] netlink: 40 bytes leftover after parsing attributes in process `syz.1.480'.
[  132.512492][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  132.587653][ T7450] netlink: 'syz.0.486': attribute type 12 has an invalid length.
[  132.621320][ T7450] netlink: 'syz.0.486': attribute type 29 has an invalid length.
[  132.640233][ T7450] netlink: 148 bytes leftover after parsing attributes in process `syz.0.486'.
[  132.661200][ T7450] netlink: 59 bytes leftover after parsing attributes in process `syz.0.486'.
[  132.812614][ T7461] netlink: 44 bytes leftover after parsing attributes in process `syz.1.488'.
[  132.880358][ T7461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.488'.
[  132.944866][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.962371][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  133.567970][ T7493] openvswitch: netlink: Message has 4 unknown bytes.
[  134.030750][ T7513] netlink: 'syz.2.510': attribute type 16 has an invalid length.
[  134.109334][ T7516] raw_sendmsg: syz.0.509 forgot to set AF_INET. Fix it!
[  134.143995][ T7513] netlink: 'syz.2.510': attribute type 17 has an invalid length.
[  134.226561][ T7513] sit0: left promiscuous mode
[  134.361299][ T7513] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  134.786683][ T7542] __nla_validate_parse: 5 callbacks suppressed
[  134.786705][ T7542] netlink: 24 bytes leftover after parsing attributes in process `syz.0.522'.
[  134.867186][ T7551] netlink: 44 bytes leftover after parsing attributes in process `syz.3.523'.
[  134.891298][ T7551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.523'.
[  135.590476][ T7580] netlink: 'syz.1.534': attribute type 12 has an invalid length.
[  135.620539][ T7580] netlink: 'syz.1.534': attribute type 29 has an invalid length.
[  135.650572][ T7580] netlink: 148 bytes leftover after parsing attributes in process `syz.1.534'.
[  135.671765][ T7580] netlink: 59 bytes leftover after parsing attributes in process `syz.1.534'.
[  135.734841][ T7586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.536'.
[  135.764359][ T7586] bond1: left promiscuous mode
[  135.779516][ T7586] bridge0: port 3(bond1) entered disabled state
[  135.850834][ T7588] netlink: 24 bytes leftover after parsing attributes in process `syz.2.537'.
[  135.877313][ T7586] bridge_slave_1: left allmulticast mode
[  135.890623][ T7586] bridge_slave_1: left promiscuous mode
[  135.919204][ T7586] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.964148][ T7586] bridge_slave_0: left allmulticast mode
[  135.976407][ T7586] bridge_slave_0: left promiscuous mode
[  135.995159][ T7586] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.191367][ T7596] geneve0: mtu less than device minimum
[  136.670301][ T7623] geneve2: entered promiscuous mode
[  136.817746][ T7647] netlink: 44 bytes leftover after parsing attributes in process `syz.1.548'.
[  136.916974][ T7647] netlink: 8 bytes leftover after parsing attributes in process `syz.1.548'.
[  137.390115][ T7668] netlink: 24 bytes leftover after parsing attributes in process `syz.4.551'.
[  137.666622][ T7677] bond0: option ad_select: unable to set because the bond device is up
[  138.446951][ T7711] bond0: option mode: unable to set because the bond device has slaves
[  139.569697][ T7760] bond0: entered promiscuous mode
[  139.590538][ T7760] bond_slave_0: entered promiscuous mode
[  139.610475][ T7760] bond_slave_1: entered promiscuous mode
[  139.642729][ T7760] bond0: entered allmulticast mode
[  139.648120][ T7760] bond_slave_0: entered allmulticast mode
[  139.681674][ T7760] bond_slave_1: entered allmulticast mode
[  139.691054][ T7760] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.748838][ T7766] vlan2: entered allmulticast mode
[  139.758398][ T7766] bridge0: entered allmulticast mode
[  139.773092][ T7766] bridge0: port 1(vlan2) entered blocking state
[  139.779614][ T7766] bridge0: port 1(vlan2) entered disabled state
[  139.920762][ T7771] gretap1: entered promiscuous mode
[  139.940878][ T7771] bridge0: port 1(gretap1) entered blocking state
[  139.952466][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  139.986604][ T7771] bridge0: port 1(gretap1) entered disabled state
[  140.023355][ T7771] gretap1: entered allmulticast mode
[  140.396175][ T7801] dvmrp0: entered allmulticast mode
[  140.443893][ T7801] dvmrp0: left allmulticast mode
[  140.608227][ T7810] __nla_validate_parse: 9 callbacks suppressed
[  140.608249][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.603'.
[  140.717847][ T7812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.604'.
[  140.794905][ T7814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[  140.944638][ T7824] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.607'.
[  141.134160][ T7840] netlink: 348 bytes leftover after parsing attributes in process `syz.3.607'.
[  141.198879][ T7817] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  141.443702][ T7850] netlink: 'syz.4.610': attribute type 1 has an invalid length.
[  141.502878][ T7848] netlink: 12 bytes leftover after parsing attributes in process `syz.0.609'.
[  141.512043][ T7850] netlink: 4 bytes leftover after parsing attributes in process `syz.4.610'.
[  142.408574][ T7888] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  142.438628][ T7888] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  142.490338][ T7895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.625'.
[  143.835981][ T7937] netlink: 12 bytes leftover after parsing attributes in process `syz.4.637'.
[  143.851816][ T7936] netlink: 24 bytes leftover after parsing attributes in process `syz.2.638'.
[  144.217355][ T7954] netlink: 'syz.1.644': attribute type 8 has an invalid length.
[  144.599225][ T7971] syzkaller1: entered promiscuous mode
[  144.614304][ T7971] syzkaller1: entered allmulticast mode
[  144.638880][ T7971] Bluetooth: MGMT ver 1.23
[  144.711755][ T7975] bond0: option ad_select: unable to set because the bond device is up
[  144.745373][ T7975] bridge_slave_1: left allmulticast mode
[  144.765406][ T7975] bridge_slave_1: left promiscuous mode
[  144.771312][ T7975] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.906276][ T7975] bridge_slave_0: left allmulticast mode
[  144.926319][ T7975] bridge_slave_0: left promiscuous mode
[  144.937780][ T7975] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.012062][ T7985] FAULT_INJECTION: forcing a failure.
[  145.012062][ T7985] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  145.045395][ T7985] CPU: 1 UID: 0 PID: 7985 Comm: syz.4.655 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  145.045426][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.045439][ T7985] Call Trace:
[  145.045448][ T7985]  <TASK>
[  145.045458][ T7985]  dump_stack_lvl+0x189/0x250
[  145.045500][ T7985]  ? __pfx____ratelimit+0x10/0x10
[  145.045527][ T7985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.045554][ T7985]  ? __pfx__printk+0x10/0x10
[  145.045585][ T7985]  ? __might_fault+0xb0/0x130
[  145.045629][ T7985]  should_fail_ex+0x414/0x560
[  145.045660][ T7985]  _copy_from_user+0x2d/0xb0
[  145.045682][ T7985]  ___sys_recvmsg+0x12e/0x510
[  145.045723][ T7985]  ? __pfx____sys_recvmsg+0x10/0x10
[  145.045793][ T7985]  ? __might_fault+0xb0/0x130
[  145.045827][ T7985]  do_recvmmsg+0x307/0x770
[  145.045878][ T7985]  ? __pfx_do_recvmmsg+0x10/0x10
[  145.045929][ T7985]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  145.045979][ T7985]  __x64_sys_recvmmsg+0x190/0x240
[  145.046017][ T7985]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  145.046057][ T7985]  ? do_syscall_64+0xbe/0x3b0
[  145.046090][ T7985]  do_syscall_64+0xfa/0x3b0
[  145.046117][ T7985]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.046143][ T7985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.046165][ T7985]  ? clear_bhb_loop+0x60/0xb0
[  145.046192][ T7985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.046214][ T7985] RIP: 0033:0x7fe02198ebe9
[  145.046237][ T7985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.046257][ T7985] RSP: 002b:00007fe02278e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  145.046283][ T7985] RAX: ffffffffffffffda RBX: 00007fe021bb6090 RCX: 00007fe02198ebe9
[  145.046299][ T7985] RDX: 0000000000000004 RSI: 0000200000002c00 RDI: 0000000000000003
[  145.046312][ T7985] RBP: 00007fe02278e090 R08: 0000000000000000 R09: 0000000000000000
[  145.046324][ T7985] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001
[  145.046337][ T7985] R13: 00007fe021bb6128 R14: 00007fe021bb6090 R15: 00007ffcc39de568
[  145.046372][ T7985]  </TASK>
[  145.403504][ T7986] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  145.597617][ T8003] netlink: 'syz.1.660': attribute type 30 has an invalid length.
[  145.724437][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  145.760572][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  145.791686][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  145.836337][ T8014] __nla_validate_parse: 2 callbacks suppressed
[  145.836358][ T8014] netlink: 64 bytes leftover after parsing attributes in process `syz.0.663'.
[  145.867194][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  146.031151][ T8024] netlink: 'syz.1.666': attribute type 10 has an invalid length.
[  146.094045][ T8024] team0: Port device dummy0 added
[  146.408270][ T8024] syzkaller0: entered promiscuous mode
[  146.424724][ T8024] syzkaller0: entered allmulticast mode
[  150.766798][ T8065] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  151.446090][ T8093] bond0: option ad_select: unable to set because the bond device is up
[  151.492699][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.689'.
[  151.639428][ T8099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.692'.
[  151.706898][ T8103] netlink: 'syz.0.694': attribute type 10 has an invalid length.
[  151.753499][ T8103] team0: Port device dummy0 added
[  151.913004][ T8103] syzkaller0: entered promiscuous mode
[  151.919719][ T8103] syzkaller0: entered allmulticast mode
[  152.375686][ T8129] netlink: 8 bytes leftover after parsing attributes in process `syz.3.705'.
[  154.072945][ T8153] netlink: 16 bytes leftover after parsing attributes in process `syz.0.711'.
[  154.331472][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.716'.
[  154.563238][ T8176] netlink: 'syz.1.721': attribute type 10 has an invalid length.
[  154.726909][ T8176] syzkaller0: entered promiscuous mode
[  154.736173][ T8176] syzkaller0: entered allmulticast mode
[  155.131453][ T8196] netlink: 40 bytes leftover after parsing attributes in process `syz.3.730'.
[  155.229344][ T8199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.731'.
[  155.312407][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  156.558198][ T8192] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  156.876450][ T8216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.737'.
[  156.920916][ T8216] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  157.049379][ T8221] netlink: 28 bytes leftover after parsing attributes in process `syz.2.740'.
[  157.191579][ T8228] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  157.418838][ T8236] bond0: option ad_select: unable to set because the bond device is up
[  157.446522][ T8240] netlink: 4 bytes leftover after parsing attributes in process `syz.4.746'.
[  157.477065][ T8229] netlink: 14544 bytes leftover after parsing attributes in process `syz.1.743'.
[  157.486930][ T8236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.745'.
[  157.540956][ T8240] bridge_slave_1 (unregistering): left allmulticast mode
[  157.548520][ T8240] bridge_slave_1 (unregistering): left promiscuous mode
[  157.556288][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.568182][ T8246] netlink: 'syz.3.747': attribute type 10 has an invalid length.
[  157.603515][ T8236] bridge_slave_1: left allmulticast mode
[  157.609334][ T8236] bridge_slave_1: left promiscuous mode
[  157.616392][ T8236] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.636754][ T8236] bridge_slave_0: left allmulticast mode
[  157.643260][ T8236] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.789889][ T8246] team0: Port device dummy0 added
[  157.905772][ T8243] syzkaller0: entered promiscuous mode
[  157.935457][ T8243] syzkaller0: entered allmulticast mode
[  159.416603][ T8260] tipc: Started in network mode
[  159.423718][ T8260] tipc: Node identity c, cluster identity 4711
[  159.429956][ T8260] tipc: Node number set to 12
[  159.460035][ T8265] netlink: 24 bytes leftover after parsing attributes in process `syz.2.753'.
[  159.584452][ T8267] netlink: 'syz.3.754': attribute type 11 has an invalid length.
[  159.614223][ T8267] netlink: 224 bytes leftover after parsing attributes in process `syz.3.754'.
[  160.117439][ T8290] netlink: 'syz.4.763': attribute type 1 has an invalid length.
[  160.126174][ T8297] netlink: 'syz.2.765': attribute type 10 has an invalid length.
[  160.143026][ T8290] netlink: 228 bytes leftover after parsing attributes in process `syz.4.763'.
[  160.165541][ T8297] team0: Port device dummy0 added
[  160.283311][ T8300] netlink: 'syz.1.767': attribute type 1 has an invalid length.
[  160.297277][ T8297] syzkaller0: entered promiscuous mode
[  160.304643][ T8297] syzkaller0: entered allmulticast mode
[  160.412029][ T8290] netlink: 'syz.4.763': attribute type 10 has an invalid length.
[  160.426728][ T8290] netlink: 40 bytes leftover after parsing attributes in process `syz.4.763'.
[  161.774588][ T8300] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  161.781338][ T8290] team0: Port device geneve0 added
[  161.812941][  T971] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  161.862594][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  161.871393][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  161.937098][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.059031][ T8316] bond0: option ad_select: unable to set because the bond device is up
[  162.124204][ T8316] netlink: 4 bytes leftover after parsing attributes in process `syz.1.772'.
[  162.177940][ T8328] veth0: entered promiscuous mode
[  162.255261][ T8327] veth0: left promiscuous mode
[  162.332793][ T8333] tipc: Started in network mode
[  162.359187][ T8331] netlink: 56 bytes leftover after parsing attributes in process `syz.2.777'.
[  162.373669][ T8333] tipc: Node identity ac14140f, cluster identity 4711
[  162.401482][ T8333] tipc: New replicast peer: 255.255.255.255
[  162.402801][ T8331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.777'.
[  162.409209][ T8333] tipc: Enabled bearer <udp:syz2>, priority 10
[  162.457930][ T8331] netlink: 31 bytes leftover after parsing attributes in process `syz.2.777'.
[  162.493319][ T8331] netlink: 'syz.2.777': attribute type 3 has an invalid length.
[  162.542880][ T8331] netlink: 'syz.2.777': attribute type 2 has an invalid length.
[  162.567970][ T8331] netlink: 31 bytes leftover after parsing attributes in process `syz.2.777'.
[  162.989128][ T8352] syzkaller0: entered promiscuous mode
[  162.996729][ T8352] syzkaller0: entered allmulticast mode
[  163.004968][ T8354] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  163.118833][ T8363] netlink: 40 bytes leftover after parsing attributes in process `syz.4.789'.
[  163.532328][ T1209] tipc: Node number set to 2886997007
[  163.546559][ T8376] netlink: 4092 bytes leftover after parsing attributes in process `syz.3.793'.
[  164.799929][ T8384] netlink: 12 bytes leftover after parsing attributes in process `syz.0.796'.
[  165.153385][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  165.159842][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  165.671423][ T8411] syzkaller0: entered promiscuous mode
[  165.680368][ T8411] syzkaller0: entered allmulticast mode
[  167.313376][   T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  167.314635][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout
[  167.341935][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.813'.
[  167.478543][ T8436] netlink: 8 bytes leftover after parsing attributes in process `syz.2.817'.
[  167.487805][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.817'.
[  168.196435][ T8456] syzkaller0: entered promiscuous mode
[  168.196688][ T8463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.828'.
[  168.202158][ T8456] syzkaller0: entered allmulticast mode
[  169.556985][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout
[  169.563593][ T8436] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  169.895040][ T8485] netlink: 'syz.3.835': attribute type 1 has an invalid length.
[  170.043720][ T8488] netlink: 'syz.2.836': attribute type 21 has an invalid length.
[  170.262620][ T8500] netlink: 8 bytes leftover after parsing attributes in process `syz.2.839'.
[  170.385028][ T8504] netlink: 4 bytes leftover after parsing attributes in process `syz.4.840'.
[  170.819435][ T8515] syzkaller0: entered promiscuous mode
[  170.825428][ T8515] syzkaller0: entered allmulticast mode
[  170.872475][ T8522] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  172.362673][ T8547] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  172.585825][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.4.853'.
[  172.768875][ T8563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.856'.
[  172.825833][ T8563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.856'.
[  173.176577][ T8583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.862'.
[  173.437449][ T8594] netlink: 28 bytes leftover after parsing attributes in process `syz.3.868'.
[  173.738825][ T8604] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'.
[  173.778421][ T8599] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  173.836595][ T8606] netlink: 'syz.2.872': attribute type 1 has an invalid length.
[  173.912116][ T8608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.873'.
[  174.158869][ T8617] bond0: entered promiscuous mode
[  174.175603][ T8617] bond_slave_0: entered promiscuous mode
[  174.220928][ T8617] bond_slave_1: entered promiscuous mode
[  174.237263][ T8617] bond0: entered allmulticast mode
[  174.245835][ T8617] bond_slave_0: entered allmulticast mode
[  174.255376][ T8617] bond_slave_1: entered allmulticast mode
[  174.267227][ T8617] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.352500][ T8629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.876'.
[  174.494445][ T8635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.883'.
[  174.514852][ T8637] netlink: 'syz.3.884': attribute type 1 has an invalid length.
[  174.587009][ T8641] netlink: 28 bytes leftover after parsing attributes in process `syz.2.885'.
[  174.717722][ T8647] netlink: 'syz.0.887': attribute type 1 has an invalid length.
[  174.751715][ T8646] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  174.771336][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  174.774307][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  174.808587][ T8649] netlink: 'syz.4.888': attribute type 12 has an invalid length.
[  174.816989][ T8649] netlink: 'syz.4.888': attribute type 29 has an invalid length.
[  175.155149][ T8661] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  175.266094][ T8669] bond0: option ad_select: unable to set because the bond device is up
[  175.401892][ T8677] FAULT_INJECTION: forcing a failure.
[  175.401892][ T8677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.439495][ T8677] CPU: 0 UID: 0 PID: 8677 Comm: syz.3.897 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  175.439528][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.439541][ T8677] Call Trace:
[  175.439550][ T8677]  <TASK>
[  175.439559][ T8677]  dump_stack_lvl+0x189/0x250
[  175.439593][ T8677]  ? __pfx____ratelimit+0x10/0x10
[  175.439621][ T8677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.439648][ T8677]  ? __pfx__printk+0x10/0x10
[  175.439679][ T8677]  ? __might_fault+0xb0/0x130
[  175.439722][ T8677]  should_fail_ex+0x414/0x560
[  175.439754][ T8677]  _copy_from_user+0x2d/0xb0
[  175.439777][ T8677]  ___sys_sendmsg+0x158/0x2a0
[  175.439813][ T8677]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.439886][ T8677]  ? __fget_files+0x2a/0x420
[  175.439919][ T8677]  ? __fget_files+0x3a0/0x420
[  175.439963][ T8677]  __x64_sys_sendmsg+0x19b/0x260
[  175.439999][ T8677]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  175.440051][ T8677]  ? __pfx_ksys_write+0x10/0x10
[  175.440081][ T8677]  ? rcu_is_watching+0x15/0xb0
[  175.440116][ T8677]  ? do_syscall_64+0xbe/0x3b0
[  175.440149][ T8677]  do_syscall_64+0xfa/0x3b0
[  175.440175][ T8677]  ? lockdep_hardirqs_on+0x9c/0x150
[  175.440200][ T8677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.440222][ T8677]  ? clear_bhb_loop+0x60/0xb0
[  175.440250][ T8677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.440272][ T8677] RIP: 0033:0x7fec2478ebe9
[  175.440292][ T8677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.440311][ T8677] RSP: 002b:00007fec2560d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.440334][ T8677] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478ebe9
[  175.440349][ T8677] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000013
[  175.440362][ T8677] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  175.440373][ T8677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.440383][ T8677] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  175.440415][ T8677]  </TASK>
[  175.719194][ T8680] netlink: 'syz.2.898': attribute type 1 has an invalid length.
[  175.781503][ T8686] FAULT_INJECTION: forcing a failure.
[  175.781503][ T8686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.832534][ T8686] CPU: 0 UID: 0 PID: 8686 Comm: syz.2.898 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  175.832564][ T8686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.832577][ T8686] Call Trace:
[  175.832586][ T8686]  <TASK>
[  175.832595][ T8686]  dump_stack_lvl+0x189/0x250
[  175.832628][ T8686]  ? __pfx____ratelimit+0x10/0x10
[  175.832655][ T8686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.832683][ T8686]  ? __pfx__printk+0x10/0x10
[  175.832729][ T8686]  should_fail_ex+0x414/0x560
[  175.832759][ T8686]  _copy_from_user+0x2d/0xb0
[  175.832781][ T8686]  __copy_msghdr+0x3c5/0x5b0
[  175.832819][ T8686]  ___sys_sendmsg+0x1a5/0x2a0
[  175.832854][ T8686]  ? __pfx____sys_sendmsg+0x10/0x10
[  175.832926][ T8686]  ? __fget_files+0x2a/0x420
[  175.832959][ T8686]  ? __fget_files+0x3a0/0x420
[  175.833003][ T8686]  __sys_sendmmsg+0x227/0x430
[  175.833043][ T8686]  ? __pfx___sys_sendmmsg+0x10/0x10
[  175.833073][ T8686]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  175.833133][ T8686]  ? ksys_write+0x22a/0x250
[  175.833166][ T8686]  ? __pfx_ksys_write+0x10/0x10
[  175.833193][ T8686]  ? rcu_is_watching+0x15/0xb0
[  175.833225][ T8686]  __x64_sys_sendmmsg+0xa0/0xc0
[  175.833261][ T8686]  do_syscall_64+0xfa/0x3b0
[  175.833300][ T8686]  ? lockdep_hardirqs_on+0x9c/0x150
[  175.833326][ T8686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.833349][ T8686]  ? clear_bhb_loop+0x60/0xb0
[  175.833377][ T8686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.833399][ T8686] RIP: 0033:0x7fdf69f8ebe9
[  175.833419][ T8686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.833438][ T8686] RSP: 002b:00007fdf6ae72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  175.833462][ T8686] RAX: ffffffffffffffda RBX: 00007fdf6a1b6090 RCX: 00007fdf69f8ebe9
[  175.833478][ T8686] RDX: 0000000000000001 RSI: 0000200000001cc0 RDI: 0000000000000007
[  175.833491][ T8686] RBP: 00007fdf6ae72090 R08: 0000000000000000 R09: 0000000000000000
[  175.833504][ T8686] R10: e6aa0a9f27214269 R11: 0000000000000246 R12: 0000000000000001
[  175.833518][ T8686] R13: 00007fdf6a1b6128 R14: 00007fdf6a1b6090 R15: 00007ffc1dd7b008
[  175.833551][ T8686]  </TASK>
[  176.377503][ T8707] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  176.505932][ T8709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.618215][ T8715] netlink: 'syz.1.910': attribute type 1 has an invalid length.
[  176.636699][ T8687] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  176.651205][ T8709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.861146][ T8709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.876454][ T8728] IPVS: set_ctl: invalid protocol: 33 172.20.20.170:20001
[  176.997929][ T8709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.114919][ T8734] netlink: 'syz.1.915': attribute type 1 has an invalid length.
[  177.147881][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.164030][ T8735] FAULT_INJECTION: forcing a failure.
[  177.164030][ T8735] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.215778][ T8735] CPU: 1 UID: 0 PID: 8735 Comm: syz.1.915 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  177.215810][ T8735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  177.215823][ T8735] Call Trace:
[  177.215832][ T8735]  <TASK>
[  177.215842][ T8735]  dump_stack_lvl+0x189/0x250
[  177.215875][ T8735]  ? __pfx____ratelimit+0x10/0x10
[  177.215903][ T8735]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.215939][ T8735]  ? __pfx__printk+0x10/0x10
[  177.215970][ T8735]  ? __might_fault+0xb0/0x130
[  177.216010][ T8735]  should_fail_ex+0x414/0x560
[  177.216057][ T8735]  _copy_from_user+0x2d/0xb0
[  177.216078][ T8735]  ____sys_sendmsg+0x2fe/0x830
[  177.216118][ T8735]  ? __pfx_____sys_sendmsg+0x10/0x10
[  177.216160][ T8735]  ? import_iovec+0x74/0xa0
[  177.216185][ T8735]  ___sys_sendmsg+0x21f/0x2a0
[  177.216218][ T8735]  ? __pfx____sys_sendmsg+0x10/0x10
[  177.216286][ T8735]  ? __fget_files+0x2a/0x420
[  177.216318][ T8735]  ? __fget_files+0x3a0/0x420
[  177.216362][ T8735]  __sys_sendmmsg+0x227/0x430
[  177.216402][ T8735]  ? __pfx___sys_sendmmsg+0x10/0x10
[  177.216432][ T8735]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  177.216490][ T8735]  ? ksys_write+0x22a/0x250
[  177.216522][ T8735]  ? __pfx_ksys_write+0x10/0x10
[  177.216548][ T8735]  ? rcu_is_watching+0x15/0xb0
[  177.216577][ T8735]  __x64_sys_sendmmsg+0xa0/0xc0
[  177.216612][ T8735]  do_syscall_64+0xfa/0x3b0
[  177.216639][ T8735]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.216664][ T8735]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.216684][ T8735]  ? clear_bhb_loop+0x60/0xb0
[  177.216711][ T8735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.216732][ T8735] RIP: 0033:0x7fba13b8ebe9
[  177.216751][ T8735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.216774][ T8735] RSP: 002b:00007fba11df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  177.216797][ T8735] RAX: ffffffffffffffda RBX: 00007fba13db6090 RCX: 00007fba13b8ebe9
[  177.216812][ T8735] RDX: 0000000000000001 RSI: 0000200000001cc0 RDI: 0000000000000007
[  177.216825][ T8735] RBP: 00007fba11df6090 R08: 0000000000000000 R09: 0000000000000000
[  177.216837][ T8735] R10: e6aa0a9f27214269 R11: 0000000000000246 R12: 0000000000000001
[  177.216849][ T8735] R13: 00007fba13db6128 R14: 00007fba13db6090 R15: 00007ffed2ea3368
[  177.216883][ T8735]  </TASK>
[  177.301582][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.326593][ T8742] FAULT_INJECTION: forcing a failure.
[  177.326593][ T8742] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.483942][ T8742] CPU: 1 UID: 0 PID: 8742 Comm: syz.2.917 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  177.483974][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  177.483987][ T8742] Call Trace:
[  177.483996][ T8742]  <TASK>
[  177.484005][ T8742]  dump_stack_lvl+0x189/0x250
[  177.484038][ T8742]  ? __pfx____ratelimit+0x10/0x10
[  177.484067][ T8742]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.484094][ T8742]  ? __pfx__printk+0x10/0x10
[  177.484125][ T8742]  ? __might_fault+0xb0/0x130
[  177.484170][ T8742]  should_fail_ex+0x414/0x560
[  177.484210][ T8742]  _copy_from_iter+0x1db/0x16f0
[  177.484248][ T8742]  ? rcu_is_watching+0x15/0xb0
[  177.484273][ T8742]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  177.484306][ T8742]  ? __pfx__copy_from_iter+0x10/0x10
[  177.484340][ T8742]  ? __build_skb_around+0x257/0x3e0
[  177.484375][ T8742]  ? netlink_sendmsg+0x642/0xb30
[  177.484402][ T8742]  ? skb_put+0x11b/0x210
[  177.484436][ T8742]  netlink_sendmsg+0x6b2/0xb30
[  177.484477][ T8742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.484511][ T8742]  ? aa_sock_msg_perm+0xf1/0x1d0
[  177.484544][ T8742]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  177.484568][ T8742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  177.484599][ T8742]  __sock_sendmsg+0x219/0x270
[  177.484627][ T8742]  ____sys_sendmsg+0x505/0x830
[  177.484667][ T8742]  ? __pfx_____sys_sendmsg+0x10/0x10
[  177.484712][ T8742]  ? import_iovec+0x74/0xa0
[  177.484737][ T8742]  ___sys_sendmsg+0x21f/0x2a0
[  177.484773][ T8742]  ? __pfx____sys_sendmsg+0x10/0x10
[  177.484850][ T8742]  ? __fget_files+0x2a/0x420
[  177.484882][ T8742]  ? __fget_files+0x3a0/0x420
[  177.484931][ T8742]  __x64_sys_sendmsg+0x19b/0x260
[  177.484969][ T8742]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  177.485015][ T8742]  ? __pfx_ksys_write+0x10/0x10
[  177.485042][ T8742]  ? rcu_is_watching+0x15/0xb0
[  177.485070][ T8742]  ? do_syscall_64+0xbe/0x3b0
[  177.485104][ T8742]  do_syscall_64+0xfa/0x3b0
[  177.485131][ T8742]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.485157][ T8742]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.485179][ T8742]  ? clear_bhb_loop+0x60/0xb0
[  177.485214][ T8742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.485236][ T8742] RIP: 0033:0x7fdf69f8ebe9
[  177.485255][ T8742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.485274][ T8742] RSP: 002b:00007fdf6ae93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  177.485297][ T8742] RAX: ffffffffffffffda RBX: 00007fdf6a1b5fa0 RCX: 00007fdf69f8ebe9
[  177.485312][ T8742] RDX: 0000000000044040 RSI: 0000200000000580 RDI: 0000000000000004
[  177.485326][ T8742] RBP: 00007fdf6ae93090 R08: 0000000000000000 R09: 0000000000000000
[  177.485339][ T8742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.485351][ T8742] R13: 00007fdf6a1b6038 R14: 00007fdf6a1b5fa0 R15: 00007ffc1dd7b008
[  177.485386][ T8742]  </TASK>
[  177.841272][ T7661] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.906810][ T7661] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.083816][ T8746] __nla_validate_parse: 6 callbacks suppressed
[  178.083836][ T8746] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.918'.
[  178.128863][ T8746] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  178.272374][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  178.290448][ T8768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.924'.
[  178.335419][ T8770] netlink: 64 bytes leftover after parsing attributes in process `syz.2.927'.
[  178.351164][ T8770] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.522944][ T8773] netlink: 32 bytes leftover after parsing attributes in process `syz.0.929'.
[  178.555229][ T8773] netlink: 32 bytes leftover after parsing attributes in process `syz.0.929'.
[  178.571021][ T8777] netlink: 'syz.3.930': attribute type 1 has an invalid length.
[  178.580814][ T8775] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'.
[  178.629003][ T8777] FAULT_INJECTION: forcing a failure.
[  178.629003][ T8777] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.646161][ T8777] CPU: 0 UID: 0 PID: 8777 Comm: syz.3.930 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  178.646193][ T8777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  178.646206][ T8777] Call Trace:
[  178.646215][ T8777]  <TASK>
[  178.646224][ T8777]  dump_stack_lvl+0x189/0x250
[  178.646257][ T8777]  ? __pfx____ratelimit+0x10/0x10
[  178.646286][ T8777]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.646312][ T8777]  ? __pfx__printk+0x10/0x10
[  178.646358][ T8777]  should_fail_ex+0x414/0x560
[  178.646388][ T8777]  _copy_to_user+0x31/0xb0
[  178.646413][ T8777]  simple_read_from_buffer+0xe1/0x170
[  178.646451][ T8777]  proc_fail_nth_read+0x1b3/0x220
[  178.646480][ T8777]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  178.646509][ T8777]  ? rw_verify_area+0x2a6/0x4d0
[  178.646535][ T8777]  ? __lock_acquire+0xab9/0xd20
[  178.646565][ T8777]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  178.646592][ T8777]  vfs_read+0x200/0x980
[  178.646619][ T8777]  ? fdget_pos+0x247/0x320
[  178.646643][ T8777]  ? __pfx___mutex_lock+0x10/0x10
[  178.646672][ T8777]  ? __pfx_vfs_read+0x10/0x10
[  178.646703][ T8777]  ? __fget_files+0x2a/0x420
[  178.646747][ T8777]  ? __fget_files+0x3a0/0x420
[  178.646777][ T8777]  ? __fget_files+0x2a/0x420
[  178.646828][ T8777]  ksys_read+0x145/0x250
[  178.646859][ T8777]  ? __pfx_ksys_read+0x10/0x10
[  178.646885][ T8777]  ? rcu_is_watching+0x15/0xb0
[  178.646914][ T8777]  ? do_syscall_64+0xbe/0x3b0
[  178.646947][ T8777]  do_syscall_64+0xfa/0x3b0
[  178.646974][ T8777]  ? lockdep_hardirqs_on+0x9c/0x150
[  178.646999][ T8777]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.647020][ T8777]  ? clear_bhb_loop+0x60/0xb0
[  178.647046][ T8777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.647066][ T8777] RIP: 0033:0x7fec2478d5fc
[  178.647086][ T8777] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  178.647105][ T8777] RSP: 002b:00007fec2560d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  178.647125][ T8777] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478d5fc
[  178.647140][ T8777] RDX: 000000000000000f RSI: 00007fec2560d0a0 RDI: 0000000000000008
[  178.647152][ T8777] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  178.647164][ T8777] R10: e6aa0a9f27214269 R11: 0000000000000246 R12: 0000000000000001
[  178.647176][ T8777] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  178.647211][ T8777]  </TASK>
[  179.130860][ T8787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.934'.
[  179.203728][ T8793] FAULT_INJECTION: forcing a failure.
[  179.203728][ T8793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.252354][ T8793] CPU: 0 UID: 0 PID: 8793 Comm: syz.1.936 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  179.252385][ T8793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  179.252398][ T8793] Call Trace:
[  179.252406][ T8793]  <TASK>
[  179.252415][ T8793]  dump_stack_lvl+0x189/0x250
[  179.252447][ T8793]  ? __pfx____ratelimit+0x10/0x10
[  179.252475][ T8793]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.252501][ T8793]  ? __pfx__printk+0x10/0x10
[  179.252530][ T8793]  ? __might_fault+0xb0/0x130
[  179.252570][ T8793]  should_fail_ex+0x414/0x560
[  179.252598][ T8793]  _copy_from_user+0x2d/0xb0
[  179.252620][ T8793]  ___sys_sendmsg+0x158/0x2a0
[  179.252656][ T8793]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.252728][ T8793]  ? __fget_files+0x2a/0x420
[  179.252759][ T8793]  ? __fget_files+0x3a0/0x420
[  179.252816][ T8793]  __x64_sys_sendmsg+0x19b/0x260
[  179.252852][ T8793]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  179.252897][ T8793]  ? __pfx_ksys_write+0x10/0x10
[  179.252923][ T8793]  ? rcu_is_watching+0x15/0xb0
[  179.252951][ T8793]  ? do_syscall_64+0xbe/0x3b0
[  179.252984][ T8793]  do_syscall_64+0xfa/0x3b0
[  179.253012][ T8793]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.253037][ T8793]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.253059][ T8793]  ? clear_bhb_loop+0x60/0xb0
[  179.253086][ T8793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.253106][ T8793] RIP: 0033:0x7fba13b8ebe9
[  179.253125][ T8793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.253144][ T8793] RSP: 002b:00007fba14929038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.253166][ T8793] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8ebe9
[  179.253181][ T8793] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000006
[  179.253193][ T8793] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  179.253205][ T8793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.253217][ T8793] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  179.253249][ T8793]  </TASK>
[  179.539529][ T8801] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  179.751675][ T8803] sch_tbf: burst 4 is lower than device ip6tnl0 mtu (1452) !
[  180.056893][ T8824] netlink: 'syz.2.949': attribute type 1 has an invalid length.
[  180.305543][ T8833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.954'.
[  180.349306][ T8836] netlink: 20 bytes leftover after parsing attributes in process `syz.2.952'.
[  180.438780][ T8837] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  181.107472][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.963'.
[  181.620179][ T8885] ieee802154 phy0 wpan0: encryption failed: -22
[  182.055754][ T8903] netlink: 'syz.1.983': attribute type 1 has an invalid length.
[  182.064988][ T8903] netlink: 'syz.1.983': attribute type 3 has an invalid length.
[  182.208414][ T8907] FAULT_INJECTION: forcing a failure.
[  182.208414][ T8907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.234692][ T8907] CPU: 0 UID: 0 PID: 8907 Comm: syz.1.984 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  182.234722][ T8907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  182.234735][ T8907] Call Trace:
[  182.234742][ T8907]  <TASK>
[  182.234750][ T8907]  dump_stack_lvl+0x189/0x250
[  182.234778][ T8907]  ? __pfx____ratelimit+0x10/0x10
[  182.234801][ T8907]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.234823][ T8907]  ? __pfx__printk+0x10/0x10
[  182.234847][ T8907]  ? __might_fault+0xb0/0x130
[  182.234882][ T8907]  should_fail_ex+0x414/0x560
[  182.234907][ T8907]  _copy_from_iter+0x1db/0x16f0
[  182.234936][ T8907]  ? rcu_is_watching+0x15/0xb0
[  182.234955][ T8907]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  182.234982][ T8907]  ? __pfx__copy_from_iter+0x10/0x10
[  182.235009][ T8907]  ? __build_skb_around+0x257/0x3e0
[  182.235036][ T8907]  ? netlink_sendmsg+0x642/0xb30
[  182.235058][ T8907]  ? skb_put+0x11b/0x210
[  182.235085][ T8907]  netlink_sendmsg+0x6b2/0xb30
[  182.235116][ T8907]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.235142][ T8907]  ? aa_sock_msg_perm+0xf1/0x1d0
[  182.235169][ T8907]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  182.235189][ T8907]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.235213][ T8907]  __sock_sendmsg+0x219/0x270
[  182.235236][ T8907]  ____sys_sendmsg+0x505/0x830
[  182.235271][ T8907]  ? __pfx_____sys_sendmsg+0x10/0x10
[  182.235306][ T8907]  ? import_iovec+0x74/0xa0
[  182.235325][ T8907]  ___sys_sendmsg+0x21f/0x2a0
[  182.235354][ T8907]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.235412][ T8907]  ? __fget_files+0x2a/0x420
[  182.235438][ T8907]  ? __fget_files+0x3a0/0x420
[  182.235474][ T8907]  __x64_sys_sendmsg+0x19b/0x260
[  182.235508][ T8907]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  182.235543][ T8907]  ? __pfx_ksys_write+0x10/0x10
[  182.235565][ T8907]  ? rcu_is_watching+0x15/0xb0
[  182.235586][ T8907]  ? do_syscall_64+0xbe/0x3b0
[  182.235613][ T8907]  do_syscall_64+0xfa/0x3b0
[  182.235637][ T8907]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.235654][ T8907]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  182.235672][ T8907]  ? clear_bhb_loop+0x60/0xb0
[  182.235693][ T8907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.235710][ T8907] RIP: 0033:0x7fba13b8ebe9
[  182.235725][ T8907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.235741][ T8907] RSP: 002b:00007fba14929038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.235762][ T8907] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8ebe9
[  182.235774][ T8907] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000006
[  182.235785][ T8907] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  182.235795][ T8907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.235805][ T8907] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  182.235832][ T8907]  </TASK>
[  183.174463][ T8934] __nla_validate_parse: 6 callbacks suppressed
[  183.174485][ T8934] netlink: 28 bytes leftover after parsing attributes in process `syz.1.996'.
[  183.310001][ T8935] pimreg3: entered allmulticast mode
[  183.373188][ T8942] netlink: 830 bytes leftover after parsing attributes in process `syz.0.998'.
[  183.387578][ T8944] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2)
[  183.692434][ T8955] netlink: 'syz.0.1001': attribute type 4 has an invalid length.
[  183.750371][ T8961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1002'.
[  184.046335][ T8965] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1003'.
[  184.099126][ T8965] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1003'.
[  184.274435][ T8977] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1010'.
[  184.489933][ T8982] FAULT_INJECTION: forcing a failure.
[  184.489933][ T8982] name failslab, interval 1, probability 0, space 0, times 0
[  184.514917][ T8982] CPU: 1 UID: 0 PID: 8982 Comm: syz.2.1012 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  184.514948][ T8982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  184.514962][ T8982] Call Trace:
[  184.514970][ T8982]  <TASK>
[  184.514980][ T8982]  dump_stack_lvl+0x189/0x250
[  184.515013][ T8982]  ? __pfx____ratelimit+0x10/0x10
[  184.515041][ T8982]  ? __pfx_dump_stack_lvl+0x10/0x10
[  184.515068][ T8982]  ? __pfx__printk+0x10/0x10
[  184.515107][ T8982]  ? __pfx___might_resched+0x10/0x10
[  184.515126][ T8982]  ? fs_reclaim_acquire+0x7d/0x100
[  184.515167][ T8982]  should_fail_ex+0x414/0x560
[  184.515198][ T8982]  should_failslab+0xa8/0x100
[  184.515231][ T8982]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  184.515261][ T8982]  ? rcu_is_watching+0x15/0xb0
[  184.515281][ T8982]  ? ethnl_default_set_doit+0x3d6/0x890
[  184.515334][ T8982]  kmemdup_noprof+0x2b/0x70
[  184.515360][ T8982]  ethnl_default_set_doit+0x3d6/0x890
[  184.515403][ T8982]  genl_family_rcv_msg_doit+0x212/0x300
[  184.515433][ T8982]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  184.515471][ T8982]  ? bpf_lsm_capable+0x9/0x20
[  184.515499][ T8982]  ? security_capable+0x7e/0x2e0
[  184.515536][ T8982]  genl_rcv_msg+0x60e/0x790
[  184.515565][ T8982]  ? __pfx_genl_rcv_msg+0x10/0x10
[  184.515586][ T8982]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  184.515635][ T8982]  netlink_rcv_skb+0x208/0x470
[  184.515660][ T8982]  ? __lock_acquire+0xab9/0xd20
[  184.515692][ T8982]  ? __pfx_genl_rcv_msg+0x10/0x10
[  184.515714][ T8982]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  184.515769][ T8982]  ? down_read+0x1ad/0x2e0
[  184.515802][ T8982]  genl_rcv+0x28/0x40
[  184.515833][ T8982]  netlink_unicast+0x82f/0x9e0
[  184.515869][ T8982]  ? __pfx_netlink_unicast+0x10/0x10
[  184.515896][ T8982]  ? netlink_sendmsg+0x642/0xb30
[  184.515922][ T8982]  ? skb_put+0x11b/0x210
[  184.515957][ T8982]  netlink_sendmsg+0x805/0xb30
[  184.515996][ T8982]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.516028][ T8982]  ? aa_sock_msg_perm+0xf1/0x1d0
[  184.516060][ T8982]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  184.516083][ T8982]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.516113][ T8982]  __sock_sendmsg+0x219/0x270
[  184.516151][ T8982]  ____sys_sendmsg+0x505/0x830
[  184.516192][ T8982]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.516235][ T8982]  ? import_iovec+0x74/0xa0
[  184.516261][ T8982]  ___sys_sendmsg+0x21f/0x2a0
[  184.516296][ T8982]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.516378][ T8982]  ? __fget_files+0x2a/0x420
[  184.516410][ T8982]  ? __fget_files+0x3a0/0x420
[  184.516454][ T8982]  __x64_sys_sendmsg+0x19b/0x260
[  184.516491][ T8982]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  184.516536][ T8982]  ? __pfx_ksys_write+0x10/0x10
[  184.516574][ T8982]  ? rcu_is_watching+0x15/0xb0
[  184.516603][ T8982]  ? do_syscall_64+0xbe/0x3b0
[  184.516638][ T8982]  do_syscall_64+0xfa/0x3b0
[  184.516665][ T8982]  ? lockdep_hardirqs_on+0x9c/0x150
[  184.516691][ T8982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.516714][ T8982]  ? clear_bhb_loop+0x60/0xb0
[  184.516742][ T8982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.516764][ T8982] RIP: 0033:0x7fdf69f8ebe9
[  184.516784][ T8982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.516803][ T8982] RSP: 002b:00007fdf6ae93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.516825][ T8982] RAX: ffffffffffffffda RBX: 00007fdf6a1b5fa0 RCX: 00007fdf69f8ebe9
[  184.516841][ T8982] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000013
[  184.516854][ T8982] RBP: 00007fdf6ae93090 R08: 0000000000000000 R09: 0000000000000000
[  184.516867][ T8982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.516878][ T8982] R13: 00007fdf6a1b6038 R14: 00007fdf6a1b5fa0 R15: 00007ffc1dd7b008
[  184.516914][ T8982]  </TASK>
[  185.181384][ T8993] netlink: 'syz.0.1018': attribute type 1 has an invalid length.
[  185.338289][ T8997] FAULT_INJECTION: forcing a failure.
[  185.338289][ T8997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.372595][ T8997] CPU: 1 UID: 0 PID: 8997 Comm: syz.1.1016 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  185.372628][ T8997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  185.372641][ T8997] Call Trace:
[  185.372649][ T8997]  <TASK>
[  185.372658][ T8997]  dump_stack_lvl+0x189/0x250
[  185.372690][ T8997]  ? __pfx____ratelimit+0x10/0x10
[  185.372717][ T8997]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.372744][ T8997]  ? __pfx__printk+0x10/0x10
[  185.372789][ T8997]  should_fail_ex+0x414/0x560
[  185.372821][ T8997]  _copy_to_user+0x31/0xb0
[  185.372845][ T8997]  simple_read_from_buffer+0xe1/0x170
[  185.372883][ T8997]  proc_fail_nth_read+0x1b3/0x220
[  185.372912][ T8997]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  185.372940][ T8997]  ? rw_verify_area+0x2a6/0x4d0
[  185.372966][ T8997]  ? __lock_acquire+0xab9/0xd20
[  185.372992][ T8997]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  185.373018][ T8997]  vfs_read+0x200/0x980
[  185.373045][ T8997]  ? fdget_pos+0x247/0x320
[  185.373070][ T8997]  ? __pfx___mutex_lock+0x10/0x10
[  185.373100][ T8997]  ? __pfx_vfs_read+0x10/0x10
[  185.373130][ T8997]  ? __fget_files+0x2a/0x420
[  185.373175][ T8997]  ? __fget_files+0x3a0/0x420
[  185.373207][ T8997]  ? __fget_files+0x2a/0x420
[  185.373251][ T8997]  ksys_read+0x145/0x250
[  185.373282][ T8997]  ? __pfx_ksys_read+0x10/0x10
[  185.373308][ T8997]  ? rcu_is_watching+0x15/0xb0
[  185.373336][ T8997]  ? do_syscall_64+0xbe/0x3b0
[  185.373369][ T8997]  do_syscall_64+0xfa/0x3b0
[  185.373396][ T8997]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.373422][ T8997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.373445][ T8997]  ? clear_bhb_loop+0x60/0xb0
[  185.373471][ T8997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.373492][ T8997] RIP: 0033:0x7fba13b8d5fc
[  185.373511][ T8997] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  185.373537][ T8997] RSP: 002b:00007fba14929030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  185.373560][ T8997] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8d5fc
[  185.373574][ T8997] RDX: 000000000000000f RSI: 00007fba149290a0 RDI: 0000000000000016
[  185.373587][ T8997] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  185.373600][ T8997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.373612][ T8997] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  185.373648][ T8997]  </TASK>
[  185.636886][ T9003] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1019'.
[  185.839077][ T9008] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1020'.
[  185.904735][ T9010] sctp: [Deprecated]: syz.1.1022 (pid 9010) Use of int in maxseg socket option.
[  185.904735][ T9010] Use struct sctp_assoc_value instead
[  186.021115][ T9017] sctp: [Deprecated]: syz.1.1022 (pid 9017) Use of int in maxseg socket option.
[  186.021115][ T9017] Use struct sctp_assoc_value instead
[  186.032766][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  186.111155][ T9015] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1024'.
[  186.154158][ T9015] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1024'.
[  186.175950][ T9024] FAULT_INJECTION: forcing a failure.
[  186.175950][ T9024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.264192][ T9024] CPU: 0 UID: 0 PID: 9024 Comm: syz.4.1025 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  186.264231][ T9024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  186.264248][ T9024] Call Trace:
[  186.264257][ T9024]  <TASK>
[  186.264266][ T9024]  dump_stack_lvl+0x189/0x250
[  186.264301][ T9024]  ? __pfx____ratelimit+0x10/0x10
[  186.264329][ T9024]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.264356][ T9024]  ? __pfx__printk+0x10/0x10
[  186.264404][ T9024]  should_fail_ex+0x414/0x560
[  186.264435][ T9024]  _copy_to_user+0x31/0xb0
[  186.264461][ T9024]  simple_read_from_buffer+0xe1/0x170
[  186.264513][ T9024]  proc_fail_nth_read+0x1b3/0x220
[  186.264544][ T9024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  186.264574][ T9024]  ? rw_verify_area+0x2a6/0x4d0
[  186.264602][ T9024]  ? __lock_acquire+0xab9/0xd20
[  186.264632][ T9024]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  186.264679][ T9024]  vfs_read+0x200/0x980
[  186.264708][ T9024]  ? fdget_pos+0x247/0x320
[  186.264733][ T9024]  ? __pfx___mutex_lock+0x10/0x10
[  186.264764][ T9024]  ? __pfx_vfs_read+0x10/0x10
[  186.264796][ T9024]  ? __fget_files+0x2a/0x420
[  186.264837][ T9024]  ? __fget_files+0x3a0/0x420
[  186.264870][ T9024]  ? __fget_files+0x2a/0x420
[  186.264914][ T9024]  ksys_read+0x145/0x250
[  186.264945][ T9024]  ? __pfx_ksys_read+0x10/0x10
[  186.264972][ T9024]  ? rcu_is_watching+0x15/0xb0
[  186.265001][ T9024]  ? do_syscall_64+0xbe/0x3b0
[  186.265035][ T9024]  do_syscall_64+0xfa/0x3b0
[  186.265062][ T9024]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.265089][ T9024]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.265112][ T9024]  ? clear_bhb_loop+0x60/0xb0
[  186.265142][ T9024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.265163][ T9024] RIP: 0033:0x7fe02198d5fc
[  186.265183][ T9024] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  186.265211][ T9024] RSP: 002b:00007fe0227af030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  186.265233][ T9024] RAX: ffffffffffffffda RBX: 00007fe021bb5fa0 RCX: 00007fe02198d5fc
[  186.265249][ T9024] RDX: 000000000000000f RSI: 00007fe0227af0a0 RDI: 0000000000000014
[  186.265262][ T9024] RBP: 00007fe0227af090 R08: 0000000000000000 R09: 0000000000000000
[  186.265274][ T9024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.265287][ T9024] R13: 00007fe021bb6038 R14: 00007fe021bb5fa0 R15: 00007ffcc39de568
[  186.265324][ T9024]  </TASK>
[  186.305592][ T9028] Bluetooth: MGMT ver 1.23
[  186.477096][ T9030] netlink: 'syz.1.1027': attribute type 13 has an invalid length.
[  186.565925][ T9030] lo: entered promiscuous mode
[  186.570888][ T9030] lo: entered allmulticast mode
[  186.577149][ T9030] tunl0: entered promiscuous mode
[  186.592808][ T9030] tunl0: entered allmulticast mode
[  186.626209][ T9030] gre0: entered promiscuous mode
[  186.632001][ T9030] gre0: entered allmulticast mode
[  186.640353][ T9030] gretap0: entered promiscuous mode
[  186.646589][ T9030] gretap0: entered allmulticast mode
[  186.654382][ T9030] erspan0: entered promiscuous mode
[  186.660161][ T9030] erspan0: entered allmulticast mode
[  186.667338][ T9030] erspan0: refused to change device tx_queue_len
[  186.675126][ T9030] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  186.860306][ T9032] syzkaller0: entered promiscuous mode
[  186.868031][ T9032] syzkaller0: entered allmulticast mode
[  188.662473][ T9064] netlink: 'syz.1.1037': attribute type 29 has an invalid length.
[  188.670554][ T9073] netlink: 'syz.4.1039': attribute type 12 has an invalid length.
[  188.695436][ T9073] netlink: 'syz.4.1039': attribute type 29 has an invalid length.
[  188.729598][ T9073] __nla_validate_parse: 1 callbacks suppressed
[  188.729619][ T9073] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1039'.
[  188.757762][ T9073] netlink: 59 bytes leftover after parsing attributes in process `syz.4.1039'.
[  188.848736][ T9082] bond0: option ad_select: unable to set because the bond device is up
[  188.907156][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1040'.
[  189.206269][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1048'.
[  189.217196][ T9094] netlink: 'syz.2.1047': attribute type 1 has an invalid length.
[  189.909732][ T9127] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.928059][ T9129] macvlan0: entered promiscuous mode
[  189.937258][ T9129] macvlan0: entered allmulticast mode
[  189.956043][ T9129] veth1_vlan: entered allmulticast mode
[  190.128337][ T9129] tipc: Disabling bearer <eth:syzkaller0>
[  190.202051][ T9139] syzkaller1: entered promiscuous mode
[  190.248898][ T9139] syzkaller1: entered allmulticast mode
[  190.303014][ T9139] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1061'.
[  190.313982][ T9139] netlink: 'syz.3.1061': attribute type 3 has an invalid length.
[  190.321771][ T9139] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1061'.
[  190.575513][ T9160] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1068'.
[  190.628450][ T9150] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1065'.
[  190.649938][ T9150] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1065'.
[  190.664528][ T9160] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1068'.
[  190.874406][ T9174] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  191.235261][ T9190] RDS: rds_bind could not find a transport for ::ffff:172.30.0.4, load rds_tcp or rds_rdma?
[  191.314650][   T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  191.321460][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout
[  191.869272][ T9220] netlink: 'syz.4.1085': attribute type 12 has an invalid length.
[  191.882139][ T9220] netlink: 'syz.4.1085': attribute type 29 has an invalid length.
[  192.044549][ T9227] IPVS: set_ctl: invalid protocol: 43 172.30.0.1:20000
[  192.188100][ T9223] ifb0: entered promiscuous mode
[  192.209706][ T9223] ifb0: entered allmulticast mode
[  192.396064][ T9227] geneve3: entered promiscuous mode
[  192.416053][ T9227] geneve3: entered allmulticast mode
[  193.117444][ T9268] netlink: 'syz.4.1093': attribute type 4 has an invalid length.
[  193.150700][ T9275] unknown channel width for channel at 909000KHz?
[  193.233066][ T9275] unknown channel width for channel at 909000KHz?
[  193.269203][ T9275] unknown channel width for channel at 909000KHz?
[  193.556546][ T9288] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4032
[  193.706024][ T9295] netlink: 'syz.1.1103': attribute type 11 has an invalid length.
[  193.739379][ T9295] netlink: 'syz.1.1103': attribute type 11 has an invalid length.
[  193.749446][ T9295] __nla_validate_parse: 10 callbacks suppressed
[  193.749464][ T9295] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1103'.
[  194.146481][ T9302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1104'.
[  194.366247][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.372794][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  194.505749][ T9313] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1107'.
[  194.522699][ T9313] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1107'.
[  194.753575][ T9330] netlink: 'syz.1.1113': attribute type 1 has an invalid length.
[  194.805715][ T9339] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1113'.
[  194.827187][ T9340] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1115'.
[  194.849890][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1113'.
[  195.178465][ T9345] gretap1: entered promiscuous mode
[  195.189244][ T9345] bond3: (slave gretap1): making interface the new active one
[  195.198894][ T9345] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  195.261444][ T9330] macvlan2: entered promiscuous mode
[  195.282416][ T9330] macvlan2: entered allmulticast mode
[  195.324855][ T9330] bond3: entered promiscuous mode
[  195.331015][ T9330] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  195.363542][ T9330] bond3: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  195.453114][ T9330] bond3: left promiscuous mode
[  195.736876][ T9371] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1126'.
[  195.784003][ T9371] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1126'.
[  195.834397][ T9374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1127'.
[  195.962504][ T7661] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  196.003523][ T7661] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  196.012664][   T12] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  196.020934][   T12] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  196.868906][ T9417] IPv6: sit1: Disabled Multicast RS
[  196.881557][ T9417] sit1: entered allmulticast mode
[  197.668800][ T9451] bond0: option ad_select: unable to set because the bond device is up
[  197.699004][ T9450] netlink: 'syz.0.1152': attribute type 3 has an invalid length.
[  197.740774][ T9450] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  198.239368][ T9474] netlink: 'syz.3.1161': attribute type 1 has an invalid length.
[  198.493315][ T9484] veth1_to_batadv: mtu less than device minimum
[  198.812171][ T9499] __nla_validate_parse: 7 callbacks suppressed
[  198.842462][ T9499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1169'.
[  198.862091][ T9499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1169'.
[  199.128038][ T9514] netlink: 'syz.0.1172': attribute type 1 has an invalid length.
[  199.258438][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1174'.
[  200.177060][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1183'.
[  200.197113][ T9550] veth3: entered allmulticast mode
[  200.318285][ T9560] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  200.433665][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  200.440095][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout
[  200.500867][ T9574] netlink: 'syz.4.1189': attribute type 10 has an invalid length.
[  200.562628][ T9575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1187'.
[  201.346731][ T9611] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  201.371771][ T9611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1197'.
[  201.673545][ T9624] netlink: 'syz.0.1202': attribute type 2 has an invalid length.
[  202.043109][ T9631] tipc: Started in network mode
[  202.066699][ T9631] tipc: Node identity 626f2eb5ea8a, cluster identity 4711
[  202.074908][ T9631] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  202.218146][ T9640] syzkaller0: entered promiscuous mode
[  202.253664][ T9640] syzkaller0: entered allmulticast mode
[  202.289876][ T9640] tipc: Resetting bearer <eth:syzkaller0>
[  202.350589][ T9630] tipc: Resetting bearer <eth:syzkaller0>
[  202.390376][ T9658] netlink: 'syz.3.1210': attribute type 1 has an invalid length.
[  203.072539][ T7839] tipc: Node number set to 2296721077
[  203.155301][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  203.155529][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  204.070346][ T9630] tipc: Disabling bearer <eth:syzkaller0>
[  204.091503][ T9658] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR
[  204.316317][ T9685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1218'.
[  204.330798][ T9686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1220'.
[  204.364192][ T9689] netlink: 'syz.4.1217': attribute type 33 has an invalid length.
[  204.719302][ T9700] syzkaller1: entered promiscuous mode
[  204.741592][ T9700] syzkaller1: entered allmulticast mode
[  204.828436][ T9709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1225'.
[  204.925870][ T9709] netlink: 'syz.1.1225': attribute type 2 has an invalid length.
[  204.934676][ T9709] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1225'.
[  205.405650][ T9730] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  205.536365][ T9741] openvswitch: netlink: Unknown key attributes 2
[  205.590697][ T9730] syzkaller0: entered promiscuous mode
[  205.609357][ T9730] syzkaller0: entered allmulticast mode
[  205.630939][ T9730] tipc: Resetting bearer <eth:syzkaller0>
[  205.705158][ T9729] tipc: Resetting bearer <eth:syzkaller0>
[  206.354206][ T9776] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1240'.
[  206.775196][ T9784] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  207.719679][ T9729] tipc: Disabling bearer <eth:syzkaller0>
[  207.824412][ T9780] veth0: entered promiscuous mode
[  207.834946][ T9786] netlink: 'syz.1.1243': attribute type 21 has an invalid length.
[  207.866245][ T9786] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1243'.
[  208.019193][ T9782] veth3: entered promiscuous mode
[  208.068265][ T9781] veth0: left promiscuous mode
[  208.296944][ T9801] netlink: 'syz.4.1247': attribute type 1 has an invalid length.
[  208.403451][ T9811] veth0: entered promiscuous mode
[  208.746327][ T9802] veth0: left promiscuous mode
[  208.900288][ T9824] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  209.107904][ T9824] syzkaller0: entered promiscuous mode
[  209.120873][ T9824] syzkaller0: entered allmulticast mode
[  209.137412][ T9824] tipc: Resetting bearer <eth:syzkaller0>
[  209.219820][ T9823] tipc: Resetting bearer <eth:syzkaller0>
[  210.217686][ T9858] netlink: 'syz.3.1262': attribute type 3 has an invalid length.
[  210.231063][ T9858] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1262'.
[  210.595026][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  210.602897][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  211.134036][ T9823] tipc: Disabling bearer <eth:syzkaller0>
[  211.517696][ T9881] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1267'.
[  211.743934][ T9889] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1272'.
[  211.796366][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  211.798946][ T5875] Bluetooth: hci4: command 0x0405 tx timeout
[  211.803348][ T5869] Bluetooth: hci2: command 0x0406 tx timeout
[  211.809370][ T5879] Bluetooth: hci1: command 0x0406 tx timeout
[  212.016864][ T9901] netlink: 'syz.0.1276': attribute type 1 has an invalid length.
[  212.158642][ T9908] netlink: 'syz.4.1275': attribute type 15 has an invalid length.
[  212.252258][ T9901] 8021q: adding VLAN 0 to HW filter on device bond8
[  212.346190][ T9904] 8021q: adding VLAN 0 to HW filter on device bond8
[  212.354221][ T9904] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address
[  212.366074][ T9901] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1276'.
[  212.385043][ T9904] bond8: (slave vxcan3): Error -95 calling set_mac_address
[  212.496811][ T9907] veth3: entered promiscuous mode
[  212.521635][ T9916] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1278'.
[  212.539881][ T9907] bond8: (slave veth3): Enslaving as an active interface with a down link
[  212.556053][ T9901] 8021q: adding VLAN 0 to HW filter on device bond8
[  212.673687][ T5183] Bluetooth: hci0: command 0x0c1a tx timeout
[  212.679813][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  213.403340][ T9951] vlan2: entered promiscuous mode
[  213.425411][ T9951] vlan2: entered allmulticast mode
[  213.456328][ T9951] hsr_slave_1: entered allmulticast mode
[  214.752460][ T5183] Bluetooth: hci0: command 0x0c1a tx timeout
[  214.759145][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  216.834058][ T5877] Bluetooth: hci0: command 0x0c1a tx timeout
[  238.874543][T10009] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1307'.
[  238.908696][T10011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1307'.
[  238.946627][T10013] pimreg3: entered allmulticast mode
[  238.977109][T10018] netlink: 'syz.3.1307': attribute type 196 has an invalid length.
[  239.015787][T10019] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1309'.
[  239.371450][T10034] netlink: 'syz.2.1314': attribute type 21 has an invalid length.
[  239.380151][T10034] netlink: 'syz.2.1314': attribute type 6 has an invalid length.
[  239.392466][T10034] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1314'.
[  239.427247][T10034] netlink: 324 bytes leftover after parsing attributes in process `syz.2.1314'.
[  239.459733][T10034] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  239.798506][T10050] hsr0: entered promiscuous mode
[  239.817560][T10050] hsr0: left promiscuous mode
[  239.967226][T10055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1322'.
[  239.993158][T10055] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1322'.
[  240.226437][T10059] netlink: 'syz.4.1324': attribute type 1 has an invalid length.
[  240.433280][ T5867] Bluetooth: hci0: command 0x0c1a tx timeout
[  240.434997][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  240.662450][T10080] nbd0: detected capacity change from 0 to 127
[  240.927345][T10093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1337'.
[  240.968396][ T5877] block nbd0: Receive control failed (result -104)
[  241.423323][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1342'.
[  241.497826][T10118] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1345'.
[  242.860816][T10104] bond0: entered promiscuous mode
[  242.866086][T10104] bond_slave_0: entered promiscuous mode
[  242.872963][T10104] bond_slave_1: entered promiscuous mode
[  242.879116][T10104] bond0: entered allmulticast mode
[  242.884768][T10104] bond_slave_0: entered allmulticast mode
[  242.890583][T10104] bond_slave_1: entered allmulticast mode
[  242.898931][T10104] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.072394][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  243.072472][ T5183] Bluetooth: hci0: command 0x0c1a tx timeout
[  243.351304][T10144] netlink: 'syz.1.1356': attribute type 1 has an invalid length.
[  243.754552][T10168] bond0: option ad_select: unable to set because the bond device is up
[  243.965056][T10177] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  244.103179][T10182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  244.301175][T10197] netlink: 'syz.0.1373': attribute type 1 has an invalid length.
[  244.467892][T10208] __nla_validate_parse: 3 callbacks suppressed
[  244.467912][T10208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1374'.
[  244.692282][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1376'.
[  244.739494][T10213] bond0: option ad_select: unable to set because the bond device is up
[  245.003343][T10240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1384'.
[  245.035283][T10240] openvswitch: netlink: Unknown nsh attribute 0
[  245.078190][T10240] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  245.126782][T10252] netlink: 'syz.1.1386': attribute type 1 has an invalid length.
[  245.505032][T10273] bond0: option ad_select: unable to set because the bond device is up
[  245.520067][T10273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1394'.
[  245.552514][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  245.601367][T10275] bond7: entered promiscuous mode
[  245.606683][T10275] bond7: entered allmulticast mode
[  245.612472][T10275] 8021q: adding VLAN 0 to HW filter on device bond7
[  245.645462][T10275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1396'.
[  245.773079][T10288] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1399'.
[  246.265703][T10316] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  246.281795][T10322] bond0: entered promiscuous mode
[  246.301473][T10322] bond_slave_0: entered promiscuous mode
[  246.308707][T10330] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1408'.
[  246.319559][T10322] bond_slave_1: entered promiscuous mode
[  246.329578][T10322] bond0: entered allmulticast mode
[  246.339069][T10322] bond_slave_0: entered allmulticast mode
[  246.346993][T10322] bond_slave_1: entered allmulticast mode
[  246.355571][T10322] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.367171][T10331] netlink: 'syz.0.1410': attribute type 1 has an invalid length.
[  246.519198][T10330] bridge_slave_0: left allmulticast mode
[  246.562551][T10330] bridge_slave_0: left promiscuous mode
[  246.568446][T10330] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.612763][T10346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1414'.
[  246.682490][ T5877] Bluetooth: hci4: command 0x0405 tx timeout
[  246.711487][T10341] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  246.724476][T10328] syzkaller0: entered promiscuous mode
[  246.738163][T10353] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1415'.
[  246.757074][T10328] syzkaller0: entered allmulticast mode
[  246.855783][T10328] syzkaller0: mtu less than device minimum
[  246.967434][T10325] tipc: Resetting bearer <eth:syzkaller0>
[  247.007203][T10325] tipc: Disabling bearer <eth:syzkaller0>
[  247.077543][T10373] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  247.097887][T10373] team0: Device macvtap1 is already an upper device of the team interface
[  247.478595][T10393] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1430'.
[  247.560892][T10387] 8021q: adding VLAN 0 to HW filter on device bond6
[  247.572076][T10387] bond6: entered promiscuous mode
[  247.577854][T10387] bond6: entered allmulticast mode
[  247.713519][T10387] bond6 (unregistering): Released all slaves
[  247.739996][T10398] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  248.359884][  T971] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  248.407831][  T971] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  248.430023][T10432] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  248.476411][  T971] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  248.506067][  T971] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  248.540953][T10438] netlink: 'syz.0.1446': attribute type 10 has an invalid length.
[  248.659063][T10446] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  249.049067][T10471] block nbd1: Unsupported socket: shutdown callout must be supported.
[  249.261266][T10482] openvswitch: netlink: nsh attr 8196 is out of range max 3
[  249.270026][T10482] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  249.666168][T10495] __nla_validate_parse: 5 callbacks suppressed
[  249.666191][T10495] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1470'.
[  249.707796][T10499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1469'.
[  249.952376][ T5867] Bluetooth: hci4: command 0x0405 tx timeout
[  250.147955][T10519] syzkaller1: entered promiscuous mode
[  250.153872][T10519] syzkaller1: entered allmulticast mode
[  250.164734][T10519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1478'.
[  250.300967][T10530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1479'.
[  250.436302][T10539] bond0: option ad_select: unable to set because the bond device is up
[  250.512753][ T5183] Bluetooth: hci0: command 0x0c1a tx timeout
[  250.512791][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  250.539160][T10543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1482'.
[  250.634938][T10547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1484'.
[  250.721791][T10552] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  250.743263][T10552] syzkaller0: entered promiscuous mode
[  250.755405][T10552] syzkaller0: entered allmulticast mode
[  250.788323][T10552] tipc: Resetting bearer <eth:syzkaller0>
[  250.801790][T10551] tipc: Resetting bearer <eth:syzkaller0>
[  250.828409][T10551] tipc: Disabling bearer <eth:syzkaller0>
[  250.841155][T10557] netlink: 'syz.3.1489': attribute type 1 has an invalid length.
[  250.968263][T10564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1492'.
[  250.981182][T10564] netlink: 'syz.1.1492': attribute type 7 has an invalid length.
[  250.996490][T10564] netlink: 'syz.1.1492': attribute type 8 has an invalid length.
[  251.005944][T10564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1492'.
[  251.039395][T10564] batadv_slave_1: entered promiscuous mode
[  251.049281][T10564] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network
[  251.110579][T10569] netlink: 'syz.3.1494': attribute type 1 has an invalid length.
[  251.120003][T10569] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1494'.
[  251.130076][T10569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1494'.
[  251.384038][T10582] netlink: 'syz.3.1499': attribute type 11 has an invalid length.
[  251.419562][T10584] bond0: option ad_select: unable to set because the bond device is up
[  251.931211][T10616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  252.011005][T10621] bond0: option ad_select: unable to set because the bond device is up
[  252.033525][T10624] FAULT_INJECTION: forcing a failure.
[  252.033525][T10624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  252.053588][T10624] CPU: 1 UID: 0 PID: 10624 Comm: syz.0.1515 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  252.053622][T10624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  252.053648][T10624] Call Trace:
[  252.053658][T10624]  <TASK>
[  252.053669][T10624]  dump_stack_lvl+0x189/0x250
[  252.053703][T10624]  ? __pfx____ratelimit+0x10/0x10
[  252.053730][T10624]  ? __pfx_dump_stack_lvl+0x10/0x10
[  252.053756][T10624]  ? __pfx__printk+0x10/0x10
[  252.053786][T10624]  ? __might_fault+0xb0/0x130
[  252.053828][T10624]  should_fail_ex+0x414/0x560
[  252.053859][T10624]  _copy_from_user+0x2d/0xb0
[  252.053882][T10624]  generic_map_update_batch+0x51b/0x7f0
[  252.053919][T10624]  ? __pfx_generic_map_update_batch+0x10/0x10
[  252.053944][T10624]  ? __fget_files+0x2a/0x420
[  252.053986][T10624]  ? __pfx_generic_map_update_batch+0x10/0x10
[  252.054010][T10624]  bpf_map_do_batch+0x369/0x5f0
[  252.054049][T10624]  __sys_bpf+0x6af/0x870
[  252.054081][T10624]  ? __pfx___sys_bpf+0x10/0x10
[  252.054132][T10624]  ? ksys_write+0x22a/0x250
[  252.054166][T10624]  ? __pfx_ksys_write+0x10/0x10
[  252.054193][T10624]  ? rcu_is_watching+0x15/0xb0
[  252.054225][T10624]  __x64_sys_bpf+0x7c/0x90
[  252.054251][T10624]  do_syscall_64+0xfa/0x3b0
[  252.054279][T10624]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.054306][T10624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.054327][T10624]  ? clear_bhb_loop+0x60/0xb0
[  252.054355][T10624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.054377][T10624] RIP: 0033:0x7fde4a18ebe9
[  252.054398][T10624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.054430][T10624] RSP: 002b:00007fde483f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  252.054453][T10624] RAX: ffffffffffffffda RBX: 00007fde4a3b5fa0 RCX: 00007fde4a18ebe9
[  252.054469][T10624] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[  252.054483][T10624] RBP: 00007fde483f6090 R08: 0000000000000000 R09: 0000000000000000
[  252.054496][T10624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  252.054508][T10624] R13: 00007fde4a3b6038 R14: 00007fde4a3b5fa0 R15: 00007ffd145b8848
[  252.054544][T10624]  </TASK>
[  253.152357][T10667] team0: Device gtp0 is of different type
[  253.196129][T10672] delete_channel: no stack
[  253.201586][T10672] netlink: 'syz.1.1534': attribute type 1 has an invalid length.
[  253.298673][T10676] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  253.712578][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  253.718810][ T5183] Bluetooth: hci0: command 0x0c1a tx timeout
[  253.752588][T10693] dvmrp0: entered allmulticast mode
[  253.818051][T10693] dvmrp0: left allmulticast mode
[  253.862853][T10702] openvswitch: netlink: Multiple metadata blocks provided
[  254.175119][T10703] syzkaller1: entered promiscuous mode
[  254.182697][T10703] syzkaller1: entered allmulticast mode
[  254.773136][T10754] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  254.788270][T10753] netlink: 'syz.2.1563': attribute type 6 has an invalid length.
[  254.807626][T10754] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  254.827029][T10754] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[  254.874226][T10756] __nla_validate_parse: 14 callbacks suppressed
[  254.874250][T10756] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1566'.
[  254.898450][T10753] netlink: 'syz.2.1563': attribute type 13 has an invalid length.
[  255.027131][T10753] 8021q: adding VLAN 0 to HW filter on device team0
[  255.039206][T10753] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  255.713941][T10805] sctp: [Deprecated]: syz.0.1580 (pid 10805) Use of struct sctp_assoc_value in delayed_ack socket option.
[  255.713941][T10805] Use struct sctp_sack_info instead
[  255.803321][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  256.261792][T10828] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1587'.
[  256.287950][T10828] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1587'.
[  256.336382][T10828] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1587'.
[  256.369809][T10828] netlink: 'syz.4.1587': attribute type 2 has an invalid length.
[  256.397638][T10828] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1587'.
[  256.418505][T10837] openvswitch: netlink: IP tunnel TTL not specified.
[  256.596634][T10846] nbd: couldn't find a device at index -373156329
[  256.617160][T10847] nbd: couldn't find a device at index -373156329
[  256.650805][T10848] netlink: 'syz.4.1594': attribute type 1 has an invalid length.
[  256.785343][T10858] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1598'.
[  256.851262][T10858] netlink: 'syz.2.1598': attribute type 39 has an invalid length.
[  256.972099][T10869] netlink: 'syz.0.1603': attribute type 1 has an invalid length.
[  257.001850][T10874] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1605'.
[  257.025424][T10869] 8021q: adding VLAN 0 to HW filter on device bond11
[  257.066551][T10876] bond11: (slave gretap1): making interface the new active one
[  257.076120][T10876] bond11: (slave gretap1): Enslaving as an active interface with an up link
[  257.081207][T10872] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1604'.
[  257.147863][T10879] team0: Device gtp0 is of different type
[  257.249188][T10889] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1609'.
[  257.427721][T10901] FAULT_INJECTION: forcing a failure.
[  257.427721][T10901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.444851][T10901] CPU: 0 UID: 0 PID: 10901 Comm: syz.3.1612 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  257.444884][T10901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  257.444898][T10901] Call Trace:
[  257.444906][T10901]  <TASK>
[  257.444916][T10901]  dump_stack_lvl+0x189/0x250
[  257.444948][T10901]  ? __pfx____ratelimit+0x10/0x10
[  257.444977][T10901]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.445003][T10901]  ? __pfx__printk+0x10/0x10
[  257.445033][T10901]  ? __might_fault+0xb0/0x130
[  257.445077][T10901]  should_fail_ex+0x414/0x560
[  257.445111][T10901]  _copy_from_user+0x2d/0xb0
[  257.445134][T10901]  ___sys_sendmsg+0x158/0x2a0
[  257.445172][T10901]  ? __pfx____sys_sendmsg+0x10/0x10
[  257.445245][T10901]  ? __fget_files+0x2a/0x420
[  257.445278][T10901]  ? __fget_files+0x3a0/0x420
[  257.445324][T10901]  __x64_sys_sendmsg+0x19b/0x260
[  257.445367][T10901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  257.445413][T10901]  ? __pfx_ksys_write+0x10/0x10
[  257.445440][T10901]  ? rcu_is_watching+0x15/0xb0
[  257.445470][T10901]  ? do_syscall_64+0xbe/0x3b0
[  257.445503][T10901]  do_syscall_64+0xfa/0x3b0
[  257.445530][T10901]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.445557][T10901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.445579][T10901]  ? clear_bhb_loop+0x60/0xb0
[  257.445607][T10901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.445628][T10901] RIP: 0033:0x7fec2478ebe9
[  257.445648][T10901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.445667][T10901] RSP: 002b:00007fec2560d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  257.445691][T10901] RAX: ffffffffffffffda RBX: 00007fec249b5fa0 RCX: 00007fec2478ebe9
[  257.445706][T10901] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000003
[  257.445719][T10901] RBP: 00007fec2560d090 R08: 0000000000000000 R09: 0000000000000000
[  257.445733][T10901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.445744][T10901] R13: 00007fec249b6038 R14: 00007fec249b5fa0 R15: 00007ffe799006d8
[  257.445780][T10901]  </TASK>
[  257.716765][T10905] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  257.788659][T10909] netlink: 'syz.0.1615': attribute type 1 has an invalid length.
[  258.075290][T10916] ipvlan2: entered promiscuous mode
[  258.103882][T10916] bridge0: port 2(ipvlan2) entered blocking state
[  258.141357][T10916] bridge0: port 2(ipvlan2) entered disabled state
[  258.148743][T10916] ipvlan2: entered allmulticast mode
[  258.156991][T10916] ipvlan2: left allmulticast mode
[  258.354464][T10936] netlink: 'syz.2.1626': attribute type 1 has an invalid length.
[  258.378148][T10940] FAULT_INJECTION: forcing a failure.
[  258.378148][T10940] name failslab, interval 1, probability 0, space 0, times 0
[  258.392267][T10936] netlink: 'syz.2.1626': attribute type 1 has an invalid length.
[  258.410545][T10940] CPU: 1 UID: 0 PID: 10940 Comm: syz.1.1627 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  258.410579][T10940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  258.410593][T10940] Call Trace:
[  258.410603][T10940]  <TASK>
[  258.410613][T10940]  dump_stack_lvl+0x189/0x250
[  258.410646][T10940]  ? __pfx____ratelimit+0x10/0x10
[  258.410674][T10940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  258.410701][T10940]  ? __pfx__printk+0x10/0x10
[  258.410738][T10940]  ? __pfx___might_resched+0x10/0x10
[  258.410766][T10940]  should_fail_ex+0x414/0x560
[  258.410797][T10940]  should_failslab+0xa8/0x100
[  258.410830][T10940]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  258.410862][T10940]  ? __alloc_skb+0x112/0x2d0
[  258.410896][T10940]  __alloc_skb+0x112/0x2d0
[  258.410931][T10940]  netlink_sendmsg+0x5c6/0xb30
[  258.410971][T10940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.411005][T10940]  ? aa_sock_msg_perm+0xf1/0x1d0
[  258.411037][T10940]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  258.411061][T10940]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.411092][T10940]  __sock_sendmsg+0x219/0x270
[  258.411120][T10940]  ____sys_sendmsg+0x505/0x830
[  258.411160][T10940]  ? __pfx_____sys_sendmsg+0x10/0x10
[  258.411203][T10940]  ? import_iovec+0x74/0xa0
[  258.411229][T10940]  ___sys_sendmsg+0x21f/0x2a0
[  258.411265][T10940]  ? __pfx____sys_sendmsg+0x10/0x10
[  258.411345][T10940]  ? __fget_files+0x2a/0x420
[  258.411378][T10940]  ? __fget_files+0x3a0/0x420
[  258.411423][T10940]  __x64_sys_sendmsg+0x19b/0x260
[  258.411460][T10940]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  258.411505][T10940]  ? __pfx_ksys_write+0x10/0x10
[  258.411531][T10940]  ? rcu_is_watching+0x15/0xb0
[  258.411560][T10940]  ? do_syscall_64+0xbe/0x3b0
[  258.411593][T10940]  do_syscall_64+0xfa/0x3b0
[  258.411620][T10940]  ? lockdep_hardirqs_on+0x9c/0x150
[  258.411647][T10940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.411669][T10940]  ? clear_bhb_loop+0x60/0xb0
[  258.411697][T10940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.411719][T10940] RIP: 0033:0x7fba13b8ebe9
[  258.411738][T10940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.411758][T10940] RSP: 002b:00007fba14929038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  258.411780][T10940] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8ebe9
[  258.411796][T10940] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000003
[  258.411809][T10940] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  258.411822][T10940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.411834][T10940] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  258.411869][T10940]  </TASK>
[  258.422593][T10939] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1628'.
[  258.928753][T10954] netlink: 'syz.3.1635': attribute type 1 has an invalid length.
[  259.200799][T10989] FAULT_INJECTION: forcing a failure.
[  259.200799][T10989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.215823][T10989] CPU: 0 UID: 0 PID: 10989 Comm: syz.1.1642 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  259.215856][T10989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  259.215868][T10989] Call Trace:
[  259.215877][T10989]  <TASK>
[  259.215885][T10989]  dump_stack_lvl+0x189/0x250
[  259.215916][T10989]  ? __pfx____ratelimit+0x10/0x10
[  259.215942][T10989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.215968][T10989]  ? __pfx__printk+0x10/0x10
[  259.215998][T10989]  ? __might_fault+0xb0/0x130
[  259.216041][T10989]  should_fail_ex+0x414/0x560
[  259.216070][T10989]  _copy_from_user+0x2d/0xb0
[  259.216092][T10989]  generic_map_update_batch+0x572/0x7f0
[  259.216132][T10989]  ? __pfx_generic_map_update_batch+0x10/0x10
[  259.216156][T10989]  ? __fget_files+0x2a/0x420
[  259.216202][T10989]  ? __pfx_generic_map_update_batch+0x10/0x10
[  259.216226][T10989]  bpf_map_do_batch+0x369/0x5f0
[  259.216263][T10989]  __sys_bpf+0x6af/0x870
[  259.216292][T10989]  ? __pfx___sys_bpf+0x10/0x10
[  259.216337][T10989]  ? ksys_write+0x22a/0x250
[  259.216368][T10989]  ? __pfx_ksys_write+0x10/0x10
[  259.216392][T10989]  ? rcu_is_watching+0x15/0xb0
[  259.216424][T10989]  __x64_sys_bpf+0x7c/0x90
[  259.216452][T10989]  do_syscall_64+0xfa/0x3b0
[  259.216480][T10989]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.216507][T10989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.216529][T10989]  ? clear_bhb_loop+0x60/0xb0
[  259.216556][T10989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.216577][T10989] RIP: 0033:0x7fba13b8ebe9
[  259.216597][T10989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.216617][T10989] RSP: 002b:00007fba14929038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  259.216640][T10989] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8ebe9
[  259.216656][T10989] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[  259.216670][T10989] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  259.216683][T10989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  259.216696][T10989] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  259.216735][T10989]  </TASK>
[  259.447651][T10984] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  259.461258][T10984] netlink: 'syz.0.1641': attribute type 13 has an invalid length.
[  259.469578][T10984] netlink: 'syz.0.1641': attribute type 58 has an invalid length.
[  259.864310][ T7649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.892866][ T7649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.020001][T11001] __nla_validate_parse: 5 callbacks suppressed
[  260.020027][T11001] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1647'.
[  260.251382][T11020] FAULT_INJECTION: forcing a failure.
[  260.251382][T11020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.265952][T11020] CPU: 1 UID: 0 PID: 11020 Comm: syz.1.1653 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  260.265985][T11020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  260.265998][T11020] Call Trace:
[  260.266006][T11020]  <TASK>
[  260.266015][T11020]  dump_stack_lvl+0x189/0x250
[  260.266047][T11020]  ? __pfx____ratelimit+0x10/0x10
[  260.266075][T11020]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.266102][T11020]  ? __pfx__printk+0x10/0x10
[  260.266133][T11020]  ? __might_fault+0xb0/0x130
[  260.266178][T11020]  should_fail_ex+0x414/0x560
[  260.266222][T11020]  _copy_from_user+0x2d/0xb0
[  260.266245][T11020]  generic_map_update_batch+0x51b/0x7f0
[  260.266285][T11020]  ? __pfx_generic_map_update_batch+0x10/0x10
[  260.266310][T11020]  ? __fget_files+0x2a/0x420
[  260.266351][T11020]  ? __pfx_generic_map_update_batch+0x10/0x10
[  260.266375][T11020]  bpf_map_do_batch+0x369/0x5f0
[  260.266414][T11020]  __sys_bpf+0x6af/0x870
[  260.266445][T11020]  ? __pfx___sys_bpf+0x10/0x10
[  260.266490][T11020]  ? ksys_write+0x22a/0x250
[  260.266523][T11020]  ? __pfx_ksys_write+0x10/0x10
[  260.266549][T11020]  ? rcu_is_watching+0x15/0xb0
[  260.266580][T11020]  __x64_sys_bpf+0x7c/0x90
[  260.266607][T11020]  do_syscall_64+0xfa/0x3b0
[  260.266635][T11020]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.266662][T11020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.266684][T11020]  ? clear_bhb_loop+0x60/0xb0
[  260.266712][T11020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.266734][T11020] RIP: 0033:0x7fba13b8ebe9
[  260.266754][T11020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.266774][T11020] RSP: 002b:00007fba14929038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  260.266796][T11020] RAX: ffffffffffffffda RBX: 00007fba13db5fa0 RCX: 00007fba13b8ebe9
[  260.266811][T11020] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[  260.266825][T11020] RBP: 00007fba14929090 R08: 0000000000000000 R09: 0000000000000000
[  260.266838][T11020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  260.266850][T11020] R13: 00007fba13db6038 R14: 00007fba13db5fa0 R15: 00007ffed2ea3368
[  260.266885][T11020]  </TASK>
[  260.797504][T11040] ieee802154 phy0 wpan0: encryption failed: -22
[  260.910739][T11050] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1661'.
[  260.956030][T11050] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1661'.
[  261.085674][T11061] FAULT_INJECTION: forcing a failure.
[  261.085674][T11061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.160765][T11061] CPU: 1 UID: 0 PID: 11061 Comm: syz.0.1666 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  261.160795][T11061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.160806][T11061] Call Trace:
[  261.160813][T11061]  <TASK>
[  261.160821][T11061]  dump_stack_lvl+0x189/0x250
[  261.160849][T11061]  ? __pfx____ratelimit+0x10/0x10
[  261.160873][T11061]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.160894][T11061]  ? __pfx__printk+0x10/0x10
[  261.160921][T11061]  ? __might_fault+0xb0/0x130
[  261.160957][T11061]  should_fail_ex+0x414/0x560
[  261.160983][T11061]  _copy_from_user+0x2d/0xb0
[  261.161004][T11061]  generic_map_update_batch+0x572/0x7f0
[  261.161037][T11061]  ? __pfx_generic_map_update_batch+0x10/0x10
[  261.161057][T11061]  ? __fget_files+0x2a/0x420
[  261.161094][T11061]  ? __pfx_generic_map_update_batch+0x10/0x10
[  261.161114][T11061]  bpf_map_do_batch+0x369/0x5f0
[  261.161145][T11061]  __sys_bpf+0x6af/0x870
[  261.161172][T11061]  ? __pfx___sys_bpf+0x10/0x10
[  261.161210][T11061]  ? ksys_write+0x22a/0x250
[  261.161239][T11061]  ? __pfx_ksys_write+0x10/0x10
[  261.161263][T11061]  ? rcu_is_watching+0x15/0xb0
[  261.161290][T11061]  __x64_sys_bpf+0x7c/0x90
[  261.161313][T11061]  do_syscall_64+0xfa/0x3b0
[  261.161358][T11061]  ? lockdep_hardirqs_on+0x9c/0x150
[  261.161381][T11061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.161402][T11061]  ? clear_bhb_loop+0x60/0xb0
[  261.161426][T11061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.161444][T11061] RIP: 0033:0x7fde4a18ebe9
[  261.161461][T11061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.161478][T11061] RSP: 002b:00007fde483f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  261.161499][T11061] RAX: ffffffffffffffda RBX: 00007fde4a3b5fa0 RCX: 00007fde4a18ebe9
[  261.161512][T11061] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[  261.161524][T11061] RBP: 00007fde483f6090 R08: 0000000000000000 R09: 0000000000000000
[  261.161536][T11061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  261.161546][T11061] R13: 00007fde4a3b6038 R14: 00007fde4a3b5fa0 R15: 00007ffd145b8848
[  261.161581][T11061]  </TASK>
[  261.429692][T11066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1669'.
[  261.447075][T11068] bond0: option ad_select: unable to set because the bond device is up
[  261.461764][T11068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1667'.
[  261.573293][T11066] 8021q: adding VLAN 0 to HW filter on device bond6
[  261.630497][T11070] vlan4: entered allmulticast mode
[  261.636204][T11070] bond6: entered allmulticast mode
[  261.797878][T11083] validate_nla: 1 callbacks suppressed
[  261.797900][T11083] netlink: 'syz.1.1673': attribute type 1 has an invalid length.
[  261.884909][T11090] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1675'.
[  262.066862][T11087] bond6: (slave gretap2): making interface the new active one
[  262.080538][T11087] bond6: (slave gretap2): Enslaving as an active interface with an up link
[  262.243670][T11091] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  262.250861][T11099] syzkaller0: entered promiscuous mode
[  262.257113][T11099] syzkaller0: entered allmulticast mode
[  262.279905][T11082] tipc: Resetting bearer <eth:syzkaller0>
[  262.324691][T11082] tipc: Disabling bearer <eth:syzkaller0>
[  262.361101][ T7649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.372863][ T7649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.386685][ T7661] ------------[ cut here ]------------
[  262.392980][ T7661] WARNING: CPU: 0 PID: 7661 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440
[  262.404265][ T7661] Modules linked in:
[  262.408801][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: kworker/u8:16 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  262.421034][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  262.432028][ T7661] Workqueue: cfg80211 cfg80211_event_work
[  262.438519][ T7661] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[  262.445079][ T7661] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 eb a3 00 cc e8 62 fb e7 f6 90 0f 0b 90 eb bd e8 57 fb e7 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 47 fb e7 f6 90 0f 0b 90 e9 de fd
[  262.465249][ T7661] RSP: 0018:ffffc9001bf9f8e0 EFLAGS: 00010293
[  262.471372][ T7661] RAX: ffffffff8ad7b059 RBX: dffffc0000000000 RCX: ffff888057220000
[  262.480371][ T7661] RDX: 0000000000000000 RSI: ffffffff8d9b4911 RDI: ffffffff8be32680
[  262.489715][ T7661] RBP: ffffc9001bf9f9b0 R08: ffffffff8fa34637 R09: 1ffffffff1f468c6
[  262.499063][ T7661] R10: dffffc0000000000 R11: fffffbfff1f468c7 R12: ffff8880441f8d90
[  262.507533][ T7661] R13: 1ffff920037f3f24 R14: ffff88805788b338 R15: 0000000000000017
[  262.515633][ T7661] FS:  0000000000000000(0000) GS:ffff888125c21000(0000) knlGS:0000000000000000
[  262.524693][ T7661] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  262.531414][ T7661] CR2: 0000000000000000 CR3: 000000007eb06000 CR4: 00000000003526f0
[  262.539938][ T7661] Call Trace:
[  262.543304][ T7661]  <TASK>
[  262.546276][ T7661]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.551547][ T7661]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[  262.557721][ T7661]  ? __pfx___mutex_lock+0x10/0x10
[  262.561459][T11114] bond0: option ad_select: unable to set because the bond device is up
[  262.563339][ T7661]  cfg80211_process_wdev_events+0x38a/0x4f0
[  262.577581][T11114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1681'.
[  262.577757][ T7661]  cfg80211_process_rdev_events+0xa1/0x110
[  262.593763][ T7661]  cfg80211_event_work+0x31/0x70
[  262.598771][ T7661]  ? process_scheduled_works+0x9ef/0x17b0
[  262.605662][ T7661]  process_scheduled_works+0xade/0x17b0
[  262.611312][ T7661]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.617626][ T7661]  worker_thread+0x8a0/0xda0
[  262.622363][ T7661]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.628761][ T7661]  ? __kthread_parkme+0x7b/0x200
[  262.634155][ T7661]  kthread+0x70e/0x8a0
[  262.638305][ T7661]  ? __pfx_worker_thread+0x10/0x10
[  262.643548][ T7661]  ? __pfx_kthread+0x10/0x10
[  262.648202][ T7661]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.653535][ T7661]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.658788][ T7661]  ? __pfx_kthread+0x10/0x10
[  262.663856][ T7661]  ret_from_fork+0x3fc/0x770
[  262.668531][ T7661]  ? __pfx_ret_from_fork+0x10/0x10
[  262.673766][ T7661]  ? __switch_to_asm+0x39/0x70
[  262.678598][ T7661]  ? __switch_to_asm+0x33/0x70
[  262.683564][ T7661]  ? __pfx_kthread+0x10/0x10
[  262.688910][ T7661]  ret_from_fork_asm+0x1a/0x30
[  262.694759][ T7661]  </TASK>
[  262.697842][ T7661] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  262.705167][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: kworker/u8:16 Not tainted 6.16.0-syzkaller-12108-gc04fdca8a98a #0 PREEMPT(full) 
[  262.717103][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  262.727200][ T7661] Workqueue: cfg80211 cfg80211_event_work
[  262.732983][ T7661] Call Trace:
[  262.736290][ T7661]  <TASK>
[  262.739262][ T7661]  dump_stack_lvl+0x99/0x250
[  262.743941][ T7661]  ? __asan_memcpy+0x40/0x70
[  262.748839][ T7661]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.754105][ T7661]  ? __pfx__printk+0x10/0x10
[  262.758744][ T7661]  vpanic+0x281/0x750
[  262.762744][ T7661]  ? __pfx__printk+0x10/0x10
[  262.767370][ T7661]  ? __pfx_vpanic+0x10/0x10
[  262.772009][ T7661]  ? is_bpf_text_address+0x26/0x2b0
[  262.777262][ T7661]  panic+0xb9/0xc0
[  262.781013][ T7661]  ? __pfx_panic+0x10/0x10
[  262.785472][ T7661]  __warn+0x31b/0x4b0
[  262.789500][ T7661]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  262.795083][ T7661]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  262.800652][ T7661]  report_bug+0x2be/0x4f0
[  262.805003][ T7661]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  262.810654][ T7661]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  262.816229][ T7661]  ? __cfg80211_ibss_joined+0x3cc/0x440
[  262.821788][ T7661]  handle_bug+0x84/0x160
[  262.826056][ T7661]  exc_invalid_op+0x1a/0x50
[  262.830599][ T7661]  asm_exc_invalid_op+0x1a/0x20
[  262.835480][ T7661] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[  262.841657][ T7661] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 98 eb a3 00 cc e8 62 fb e7 f6 90 0f 0b 90 eb bd e8 57 fb e7 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 47 fb e7 f6 90 0f 0b 90 e9 de fd
[  262.861329][ T7661] RSP: 0018:ffffc9001bf9f8e0 EFLAGS: 00010293
[  262.867422][ T7661] RAX: ffffffff8ad7b059 RBX: dffffc0000000000 RCX: ffff888057220000
[  262.875408][ T7661] RDX: 0000000000000000 RSI: ffffffff8d9b4911 RDI: ffffffff8be32680
[  262.883400][ T7661] RBP: ffffc9001bf9f9b0 R08: ffffffff8fa34637 R09: 1ffffffff1f468c6
[  262.891417][ T7661] R10: dffffc0000000000 R11: fffffbfff1f468c7 R12: ffff8880441f8d90
[  262.899420][ T7661] R13: 1ffff920037f3f24 R14: ffff88805788b338 R15: 0000000000000017
[  262.907437][ T7661]  ? __cfg80211_ibss_joined+0x3c9/0x440
[  262.913019][ T7661]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.918252][ T7661]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[  262.924172][ T7661]  ? __pfx___mutex_lock+0x10/0x10
[  262.929220][ T7661]  cfg80211_process_wdev_events+0x38a/0x4f0
[  262.935237][ T7661]  cfg80211_process_rdev_events+0xa1/0x110
[  262.941072][ T7661]  cfg80211_event_work+0x31/0x70
[  262.946373][ T7661]  ? process_scheduled_works+0x9ef/0x17b0
[  262.952200][ T7661]  process_scheduled_works+0xade/0x17b0
[  262.958073][ T7661]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.964210][ T7661]  worker_thread+0x8a0/0xda0
[  262.968861][ T7661]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.975797][ T7661]  ? __kthread_parkme+0x7b/0x200
[  262.981130][ T7661]  kthread+0x70e/0x8a0
[  262.985323][ T7661]  ? __pfx_worker_thread+0x10/0x10
[  262.990453][ T7661]  ? __pfx_kthread+0x10/0x10
[  262.995160][ T7661]  ? _raw_spin_unlock_irq+0x23/0x50
[  263.000466][ T7661]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.005684][ T7661]  ? __pfx_kthread+0x10/0x10
[  263.010391][ T7661]  ret_from_fork+0x3fc/0x770
[  263.015008][ T7661]  ? __pfx_ret_from_fork+0x10/0x10
[  263.020138][ T7661]  ? __switch_to_asm+0x39/0x70
[  263.024955][ T7661]  ? __switch_to_asm+0x33/0x70
[  263.029841][ T7661]  ? __pfx_kthread+0x10/0x10
[  263.034455][ T7661]  ret_from_fork_asm+0x1a/0x30
[  263.039255][ T7661]  </TASK>
[  263.042578][ T7661] Kernel Offset: disabled
[  263.047200][ T7661] Rebooting in 86400 seconds..