last executing test programs:

4m13.029294138s ago: executing program 0 (id=11244):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
close(0xffffffffffffffff)
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)

4m12.884038845s ago: executing program 0 (id=11248):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0xfffffffa, 0x4)
recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0)

4m12.709295478s ago: executing program 0 (id=11252):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
close(r0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r3}]}, 0x1c}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)

4m12.547043081s ago: executing program 0 (id=11256):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xe0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}}, 0x0)
sendto$packet(r0, &(0x7f0000000080)="39c394e534ecf02e7e0e9ca208004b54", 0x10, 0x0, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x95, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)

4m12.239679979s ago: executing program 0 (id=11261):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffff5d}, 0x1c)
listen(r0, 0x50)
r1 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
bind$inet(r1, &(0x7f0000000180)={0x2, 0xce20, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10)
listen(r1, 0x3)

4m11.9420038s ago: executing program 0 (id=11266):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r0, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001cc0)=""/220, 0xdc}], 0x1}, 0x7}], 0x1, 0x2, 0x0)

4m11.705834993s ago: executing program 32 (id=11266):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r0, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001cc0)=""/220, 0xdc}], 0x1}, 0x7}], 0x1, 0x2, 0x0)

20.71996315s ago: executing program 5 (id=13926):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000400"/28], 0x48)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
unshare(0x20400) (async)
unshare(0x20400)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}}, 0x1c}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x1}]}}}]}, 0x3c}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x1}]}}}]}, 0x3c}}, 0x0)

20.63398638s ago: executing program 3 (id=13927):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319", 0x66}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x4)

20.623504555s ago: executing program 2 (id=13928):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

20.5376643s ago: executing program 5 (id=13930):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000ac0)={0x3, &(0x7f0000000a80)=[{0x40, 0x0, 0x0, 0x90ffffff}, {0x20, 0x0, 0x0, 0x9}, {0x16}]}, 0x10)
sendmmsg(r0, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000c00)="26f2d136", 0x4}], 0x1}}], 0x1, 0x0)

20.48182582s ago: executing program 2 (id=13931):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x11, &(0x7f0000000040), 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000640)=@mangle={'mangle\x00', 0x64, 0x6, 0x6d8, 0x490, 0x390, 0xd0, 0xd0, 0x490, 0x608, 0x608, 0x608, 0x608, 0x608, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x52}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x33}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x1c8, 0x1f0, 0x0, {}, [@common=@unspec=@comment={{0x120}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@ipv6={@local, @mcast1, [], [], 'lo\x00', 'vlan1\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5]}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x738)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000600)={0x144, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x33}}}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MESH_SETUP={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_TX_RATES={0xcc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc8, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x30, 0x5, 0x30, 0x30, 0x6, 0x4, 0x18, 0xb, 0x24, 0x16, 0x9, 0x48, 0x4, 0x2, 0x60, 0x3, 0x6, 0x1b, 0x6, 0xb, 0x5, 0x4, 0x3, 0x24, 0x9, 0x12, 0x187b214a6e1301c9, 0x6c, 0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x100, 0x34a, 0xf63, 0x5, 0x3, 0xfff, 0x3, 0x3ff]}}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x1, 0x1}, {0x6, 0x9}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x5}, {0x1, 0x4}, {0x4}, {0x0, 0x5}, {0x2, 0x2}, {0x1, 0x3}, {0x0, 0x5}, {0x4, 0x8}, {0x4, 0x6}, {0x1, 0xa}, {0x7}, {0x5, 0x1}, {0x6, 0x4}, {0x6, 0x2}, {0x0, 0x7}, {0x5, 0xa}, {0x1, 0x7}, {0x1, 0x5}, {0x3, 0x3}, {0x3, 0xa}, {0x0, 0x5}, {0x2, 0x4}, {0x3, 0x9}, {0x6, 0x4}]}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x6, 0x7}, {0x0, 0xa}, {0x2, 0xa}, {0x7, 0x5}, {0x2, 0x7}, {0x3, 0x6}, {0x1, 0x2}, {0x3, 0x8}, {0x7, 0x2}, {0x7, 0x8}, {0x0, 0x2}, {0x7, 0x1}, {0x2, 0x7}, {0x1, 0x9}, {0x0, 0x5}, {0x4, 0x4}, {0x1, 0xa}, {0x7, 0x5}, {0x6, 0x5}, {0x7, 0x6}, {0x4, 0x9}, {0x2, 0x4}, {0x2, 0x8}, {0x7, 0x9}, {0x4, 0x3}, {0x1, 0x8}, {0x1, 0x7}, {0x6, 0x5}, {0x1, 0x1}, {0x1, 0x8}, {0x0, 0x1}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x5, 0x0, 0x89b, 0x9, 0x1, 0x2, 0xf52]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0xb, 0x40, 0xff, 0x5dd3, 0x800, 0xb2, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_FORWARDING={0x5, 0x13, 0x1}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0xa87}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x24, 0x24, [{0xb}, {0x8bdc5ba605f53b39, 0x1}, {0x12}, {0xb, 0x1}, {0xc, 0x1}, {0x2}, {0x9}, {0x3, 0x1}, {0x3, 0x1}, {0x48, 0x1}, {0x16, 0x1}, {0x4}, {0x14, 0x1}, {0x2, 0x1}, {0x12, 0x1}, {0x12, 0x1}, {0x12}, {0x12}, {0xc}, {0x1b}, {0x30}, {0x3}, {0x1b, 0x1}, {0x9, 0x1}, {0xc, 0x1}, {0x18}, {0x5}, {0x3, 0x1}, {0x24, 0x1}, {0x6}, {0x3a, 0x1}, {0x2, 0x1}]}]}, 0x144}}, 0x1)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r6=>0x0})
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x2, r6}, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r0)
sendmsg$MPTCP_PM_CMD_REMOVE(r0, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r7, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000030}, 0x20040000)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009112bd000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_TIP={0x8, 0x3b, @multicast1}, @TCA_FLOWER_KEY_ARP_TIP_MASK={0x8, 0x3c, 0xff}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x44001}, 0xc800)

20.409924751s ago: executing program 5 (id=13932):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x28, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110ac000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x94, 0x8}, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x8001, 0x10000, 0xc000, 0x1004, r0, 0x0, '\x00', 0x0, r1, 0x2, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_DEL_MIF(r3, 0x29, 0xcb, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x29, 0x0, 0x8}, 0xc)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80005, {0x0, 0x0, 0x0, 0x0, {}, {0x9, 0xb}, {0xe, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x9f8b8a2ee701f9b2}, 0x240080c4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000240)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r4, @ANYBLOB="00001700000000001c0037"], 0x44}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x65}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)

20.302264222s ago: executing program 5 (id=13934):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)={0x0, @aes256, 0x0, @desc3})
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x9, 0x5, 0x7, 0x3d, 0x7})
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000000c0), 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000100)=0x8001, 0x4)
r1 = accept4$unix(r0, &(0x7f0000000140), &(0x7f00000001c0)=0x6e, 0x0)
recvmsg$unix(r1, &(0x7f0000000700)={&(0x7f0000000200), 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/111, 0x6f}, {&(0x7f0000000300)=""/245, 0xf5}, {&(0x7f0000000400)=""/239, 0xef}, {&(0x7f0000000500)=""/192, 0xc0}], 0x4, &(0x7f0000000600)=[@rights={{0x20, 0x1, 0x1, [<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [<r7=>0xffffffffffffffff, 0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}, 0x40030060)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000780), r8)
sendmsg$TIPC_NL_BEARER_ENABLE(r9, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x68, r10, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xccc}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x814f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2db}]}]}, 0x68}}, 0x0)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000900), r8)
sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r11, 0x8, 0x70bd2b, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
socket(0x3, 0x5, 0x825)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a40)={0x120, 0x25, 0x2, 0x70bd2c, 0x25dfdbfe, {0xe}, [@nested={0x6d, 0xfc, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@empty}, @typed={0xc, 0x138, 0x0, 0x0, @u64=0x7}, @generic="8176c5d04a795cfe541014efde8209dfaabdcdc12d796c1a07b5ac9cbbdcf22838a68dfa5a5a7ea692c9bc7abe6fd809132fa798cac0d68b72db3a59207ef482f678e82ebcbea315058db660f0cb35d92256c1fd", @generic='#']}, @generic="0c7e399996b88a0cb14c3b7e78120b7410412d034609439ce67f53205b39d6d2caab224ade154c5ef56542971af147de13197a70dd56c2774e9bc4fcd972364f6749ae67d0c3ee938481599437e781b612c5b1cefff67d2450ebc2b3fb", @generic="75e1e2e5d714a903a4cf76cbcc815ebe4f75c326198bf69ff97291c42a45d4a609966b39645acf7a5b7746c1ce2bab30df1e4c8349e093948697756056e6"]}, 0x120}, 0x1, 0x0, 0x0, 0x1c1}, 0x80)
r13 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r13, 0x6, 0x11, &(0x7f0000000c00)=0xf01, 0x4)
sendmsg$sock(r3, &(0x7f0000000d40)={&(0x7f0000000c40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x620, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x8001}}, 0x80, &(0x7f0000000cc0), 0x0, &(0x7f0000000d00)=[@mark={{0x14, 0x1, 0x24, 0xfe90}}, @mark={{0x14, 0x1, 0x24, 0xfffffffa}}], 0x30}, 0x40010)
ioctl$VFAT_IOCTL_READDIR_SHORT(r5, 0x82307202, &(0x7f0000000d80)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$sock_inet_SIOCGIFDSTADDR(r4, 0x8917, &(0x7f0000000fc0)={'team_slave_0\x00', {0x2, 0x0, @multicast2}})
bind$vsock_stream(r4, &(0x7f0000001000)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f0000001280)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001240)={&(0x7f0000001080)={0x1b0, 0x14, 0x300, 0x70bd28, 0x25dfdbff, {0x22, 0x65}, [@INET_DIAG_REQ_BYTECODE={0xcc, 0x1, "f1287d46e20315fb151e414f7c41d0112bb2f7a2b820336df222854a873529dba6f4df70e03e34adef57a80f71218afd55caae520de1adb8f8a0e378d55af79736989d1e5f92a788b4856b02d71e301b2da61bf9459d78aaff235c5c404b73671d7cb1d660a2385408333721ca071942316c3aab8c7e32a508c7ce73ccc92ac47e78e21bb00c802e2a70537da8e31e6259fecbf20b893cb436e34f7d9d79dbe34b7451d5dea95aec4a5526fd28181bd141474d1960dfaa67b3ea2437be537e7b0777d32d96073b0d"}, @INET_DIAG_REQ_BYTECODE={0x8d, 0x1, "779267559abc42c5caeb7fd2c5e0519e7b0395e40eec480a101b92dd52d73163d471edfdb75435a828af3676b2ce89863c3966b52aedbe4f68e8a526439208686e474040c44242bb754b4b7d67f0b74d05bfa4b0335036f008b42405e73719872ba700f6e0a123dcf23eeb65398bf548353300f999241dda620c764816a79fefe5ee37300a2ee28ad8"}, @INET_DIAG_REQ_BYTECODE={0x40, 0x1, "3b790095891e62bb13c823dbde41a9df8a2c07fba3132636b789937c8f0dfafab770d4744ee5716a4d5d5363b372ee7b85927631a117c7b508d415a1"}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r14 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), r12)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r7, &(0x7f0000001400)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001340)={0x68, r14, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_PAUSE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5e6ef76bcdbba04}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x8048840}, 0xc0d4)
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001480), r0)
sendmsg$NL80211_CMD_DISASSOCIATE(r2, &(0x7f0000001600)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000015c0)={&(0x7f00000014c0)={0xf4, r15, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffe, 0x67}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_IE={0xa8, 0x2a, [@peer_mgmt={0x75, 0x6, {0x1, 0x2, @void, @val=0x12, @void}}, @random={0xfd, 0x7b, "80aee33b4fe4910a76ae7b719cc4d687cabb558303e8f62c05c5929484ba0c1759ae2405704e5c0e56d1860e2f346b1d8e43c2cf5f62a0b419a56466d7b8c53f965542d5b9ab7614f8652d68ed1cb6aa229add1d03a7469b7921e8092c6bf918dbf7b8a7a742d16b0160c5e51dcdf254e6dd61c68ca4a5c12d9842"}, @tim={0x5, 0x1d, {0x7, 0x62, 0x6, "bdccb6247d9e0aeecb382e6154f919fda20131d9c046b7e2db56"}}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
socket$inet6(0xa, 0x0, 0x3)
r16 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_INTERFACE(r16, &(0x7f0000001780)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x3c, 0x0, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0302}}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000040)

20.148603113s ago: executing program 3 (id=13936):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000009c0)=""/4117, 0x1015}], 0x1}, 0xfffffff9}], 0x1, 0x700, 0x0)

19.922067099s ago: executing program 3 (id=13938):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000004300)={0x2, 0x3, 0x0, 0x2, 0x13, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x8}, @sadb_address={0x1b, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_lifetime={0x4, 0x3}]}, 0x98}, 0x1, 0x7}, 0x0)

19.921735505s ago: executing program 2 (id=13939):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)={0x24, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0) (fail_nth: 4)

19.858346931s ago: executing program 5 (id=13942):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @private2={0xfc, 0x2, '\x00', 0x1}, [{0xe, 0x1, "2025b07f3c58"}]}}}}}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000003e00070127bd700000000000017c00000400fc80907fe4bd7a154773c9d259adb9fbce370c317eedcb85bcbadd5651f129bfc0fadcfa4c1c63cc08000280725eb86208000700", @ANYRES32=0x0, @ANYBLOB="00e492a1426e28d4573b90e9d66a48926300"], 0x50}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xa, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61123000000000006113680000000000bf2000000000000015000600071b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5}, 0x94)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000980)=@security={'security\x00', 0xe, 0x4, 0x420, 0xffffffff, 0x278, 0x0, 0x118, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd8, 0x118, 0x0, {}, [@common=@frag={{0x20}, {[0x8, 0x1ff], 0x3, 0x10, 0x1}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0xa067, 0x8, 0x80000001, 0x1ff, 0x0, 0x52, 0x0, 0x5]}}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@icmp6={{0x28}, {0x11, "4dd4", 0x1}}, @common=@hbh={{0x48}, {0x6043, 0x2, 0x1, [0x2, 0x4, 0x4f, 0x0, 0x3, 0x5, 0x7ff, 0x1, 0x6, 0x401, 0x9, 0x7, 0x3ff, 0x3, 0x0, 0x800], 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz1\x00', {0xfffffffffffffffe}}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x3, 0x4, 0x2}, {0x1, 0x4, 0x5}, 0x6f17, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x480)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000000061109a000000000020000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
gettid()

19.73037303s ago: executing program 3 (id=13943):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1000, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x10080000, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0x8, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x8ec6f8a8b9a40656}, @TCA_TBF_PARMS={0x28, 0x1, {{0xb4, 0x1, 0x1b5b, 0x1, 0x3, 0x8}, {0x7f, 0x0, 0xf, 0xfff, 0x8, 0x2}, 0x0, 0x727d2337, 0xf24}}, @TCA_TBF_RATE64={0xc, 0x4, 0x138811cd6a4124cc}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2000c065}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

19.397285358s ago: executing program 2 (id=13946):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26", 0x77}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x4)

19.217823707s ago: executing program 5 (id=13948):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}}, 0x8004)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8=r11], 0x4)

19.115528828s ago: executing program 3 (id=13950):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0, <r1=>0xffffffffffffffff}, 0x4) (async)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) (async, rerun: 64)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (rerun: 64)
writev(r3, &(0x7f00000005c0)=[{&(0x7f0000000080)='/', 0x1}], 0x1) (async, rerun: 64)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) (async, rerun: 64)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x557081, 0x100408) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800110000000000000000000000ca6c9500000000000000ffdb360734076d08000d0ba8897489c522ba66c5439753d3e0c9b47bef3c2879fc55ce1649fcc6cff6b7eddc1ae3947efadabc0399ee4099902841e1c394783c541a69c0b2af1dcd8598b5c388992876d8e7858aed8e2f5308e47d9b93e38f092f022e25a098b85645ea1b65d5b5e38355cb7d53cb83ed9d6bc2756c81b8692e12b1b572660c0d83d23e57f5ffa19bad8b1feca88786116725e92d6d6e399a37a38899d361337c02c04a0dbda849dc41b918a60e7830677446f3280ea4f0e5"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd1}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3264}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) (async, rerun: 32)
r4 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x8000, 0x711, 0xed5, 0x6, {{0x1c, 0x4, 0x0, 0x2d, 0x70, 0x65, 0x0, 0x9, 0x29, 0x0, @rand_addr=0x64010102, @multicast1, {[@lsrr={0x83, 0xf, 0x1b, [@remote, @broadcast, @multicast1]}, @timestamp_prespec={0x44, 0x3c, 0x64, 0x3, 0x5, [{@dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, {@loopback, 0x6}, {@dev={0xac, 0x14, 0x14, 0x3b}, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@broadcast, 0x7}, {@local}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}]}, @lsrr={0x83, 0xb, 0x36, [@rand_addr=0x64010101, @rand_addr=0x64010100]}, @ra={0x94, 0x4, 0x1}]}}}}})

18.927885702s ago: executing program 2 (id=13952):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$netlink(r0, 0x10e, 0x2, &(0x7f0000000540)=""/4096, &(0x7f0000000040)=0x1000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_TIOCOUTQ(r1, 0x5411, &(0x7f0000000000))
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0, @ANYBLOB="3400000010000002ffea00000000010010000000", @ANYRES32=r1, @ANYRES32=r1], 0x34}}, 0x4000000)

18.794151862s ago: executing program 1 (id=13954):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

18.719274869s ago: executing program 3 (id=13955):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

18.683156334s ago: executing program 2 (id=13956):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (fail_nth: 1)

18.678446896s ago: executing program 1 (id=13957):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newrule={0x28, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x4008001}, 0x20004000)

18.200950759s ago: executing program 1 (id=13958):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8000000, 0x0, 0xff, 0x1, 0xfffc}, 0x20)
syz_emit_ethernet(0xbf, &(0x7f0000001440)=ANY=[@ANYBLOB="ffffffffffff0180c200000081003b000011aa01e239fe95c40805d59f342d79f01023466860d574f9895f9abc0d600d054248ead6121c3eed767dd5e675e2efcc04a08312163c5f3e8f3e9face5cd72d3b1360a126a26acb2fedaa08a27d87dd4aaffff959064fbc50275e8fbffd432ce07d61a3d167dac52bf17c401e75edeac66be9305b477fa1c92ab64489f2fab04e390aa426f9e7dc20ac08be6ea168139a72f129f7b980d4d6ae7eae0800e18961d6d7434681ec0f562aa3d5c6930923d23d4e6627f78658205a762777eecadfe36c558b32d8505b117d42f5d71"], 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x401)
listen(r1, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000300)={0x30, r3, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x30}}, 0x20000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f00000003c0)=ANY=[@ANYBLOB="66696c746572ad50372615d30b1c00000000000000000000000000000000000004"], 0x68)
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000000)=0xffffffffffffffff)
shutdown(r1, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014003000000035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
recvmsg$kcm(r5, &(0x7f0000002800)={&(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000026c0)=[{&(0x7f0000002840)=""/225, 0xe1}, {&(0x7f00000000c0)=""/191, 0xbf}, {&(0x7f0000000380)=""/185, 0xb9}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000002940)=""/4112, 0x1010}, {&(0x7f0000002440)=""/153, 0x99}, {&(0x7f0000002500)=""/160, 0xa0}, {&(0x7f00000025c0)=""/211, 0xd3}], 0x8, &(0x7f0000002740)=""/154, 0x9a}, 0x142)

18.160484848s ago: executing program 1 (id=13960):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1000, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x10080000, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {0x8, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x8ec6f8a8b9a40656}, @TCA_TBF_PARMS={0x28, 0x1, {{0xb4, 0x1, 0x1b5b, 0x1, 0x3, 0x8}, {0x7f, 0x0, 0xf, 0xfff, 0x8, 0x2}, 0x0, 0x727d2337, 0xf24}}, @TCA_TBF_RATE64={0xc, 0x4, 0x138811cd6a4124cc}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2000c065}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

17.97198599s ago: executing program 1 (id=13962):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26", 0x77}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3", 0x17f}], 0x3}, 0x4)

17.814555579s ago: executing program 1 (id=13965):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="05000000000000006b113600000000008510000002000000850000000500000095000000000000009500a50500000000719837a62ecba6b4aca926e6c8a1e509afe04e27090b613f59968cc4b88b4ecb814f46ebe3d5e393478f148c05cb001274b4a292d599"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffdcf}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r0, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x9, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x66, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xc1, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000500)={'syztnl0\x00', r1, 0x6, 0x5, 0xb7, 0x1, 0x20, @mcast1, @mcast1, 0x8000, 0x20, 0xfffffffd, 0x4}})
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x1}, 0x8)

16.426185343s ago: executing program 4 (id=13971):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)={0x24, r1, 0x601, 0xf0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0)

16.425576896s ago: executing program 4 (id=13972):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xb, 0xfffd, 0x2, 0x3, 0xfff, 0x6, 0x401, 0x4]}}]}]}]}, 0x38}}, 0x0)

16.385178144s ago: executing program 4 (id=13973):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_delrule={0x30, 0x21, 0x100, 0x0, 0x0, {}, [@FRA_DST={0x14, 0x1, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x40488c1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {}, {0x8, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r2, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x10000)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x10c, 0x1, '$'}], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[], 0x18, 0x500}}], 0x2, 0x0)

16.348231306s ago: executing program 4 (id=13974):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)={0x24, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}}, 0x0) (fail_nth: 7)

16.025358881s ago: executing program 4 (id=13975):
r0 = socket$kcm(0x2, 0x5, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0xffff}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x4, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x400}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r5, 0x0, 0x20000000)
r6 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000600)={'team0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000005c80)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x12, r7, {0x0, 0xfff3}, {0xe, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r9=>0x0})
sendmsg$nl_xfrm(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="000200001c00000426bd7000fedbdf25333f0101007368613531325f6d6200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b8070000877b0a0edaa70632c9305033031a30156c48c989b7d43e238061059215880536169cdf200a1340520ac14ae93ab5c527292d10483127def1c3943e3fda05772f29f168d408694add800f6ccad800f62c28135eb753a525b52d520c22bc5248dfd4baed95446140f62c667e10dd2f02edef324e081447754172235614c330bf4f25de12ef7fb7c5bfc51dd694e097bff0687273cb1b91674deef80d150bd408c7b6aea8d46e0a08b3c67b485b618fa1f4ea74bb18e025e7daaa8bdd35f6a1dabef23eed662ae0bc2c9bfe43e731874226fb34cf64307575e1963ecde81b32bd26d9073b5e65302e0eace03744386c38cd099cfb6089b30400ac00070000000000000000000000000000000001e00000010000000000000000000000004e2400094e203c3f0200c0303c000000", @ANYRES32=r9, @ANYRES32=0x0, @ANYBLOB="00000000000000000f0000000000000006000000000000a6b755730000000000ffffffeaffffff7f070000000000000005000000000000008000000000000000010000000000000005000200000000000c0000005271b427bc9e4a00000000090000000000000007000000bd00000000000000"], 0x200}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000010)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000100)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000740)=[{&(0x7f00000001c0)="629ef49efe", 0x5}], 0x1}, 0x44006)
setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000180), 0x43)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001200)={{{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@loopback}}, &(0x7f0000001300)=0xe8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=@ipv6_getroute={0x34, 0x1a, 0x10, 0x70bd29, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, [@RTA_UID={0x8, 0x19, r10}, @RTA_OIF={0x8, 0x4, r9}, @RTA_MARK={0x8}]}, 0x34}}, 0x20000000)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r12 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r12, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
r15 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r15, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001440)={&(0x7f00000013c0)={0x58, 0x5, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x40c4}, 0x40040041)
sendmsg$TIPC_NL_MON_PEER_GET(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="030b0000000015000100130000002c000980080002000000000008000200000000102c0001000000000008000100000000027afd010000000000"], 0x40}}, 0x0)

15.196756888s ago: executing program 4 (id=13976):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x8, 0x0, 0x8000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r2 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000053c0)=@newtaction={0x2a8, 0x30, 0x2, 0x70bd29, 0x25dfdbfd, {}, [{0x4c, 0x1, [@m_simple={0x48, 0xf, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x4, 0x8, 0xe, 0x6b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, {0xf8, 0x1, [@m_vlan={0xb4, 0xa, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0xb7, 0x7, 0x2, 0x2, 0x3}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}]}, {0x5b, 0x6, "2d7fa46328a61271ffffc0e53ae623b15d4116ac4eada191ca3f0b413385feb0d2821bfb113adaddc0f7e4d13b1a979194c574518298ef2bc7e75f5c9871bfb34467e078a88195b0bc375a7d5163e020c06ce02d7b7442"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x40, 0xe, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xe}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x7}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}, {0x14c, 0x1, [@m_police={0x30, 0x1f, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_simple={0x30, 0x14, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_simple={0x30, 0x15, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_skbmod={0x30, 0x5, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_skbmod={0x88, 0x3, 0x0, 0x0, {{0xb}, {0x38, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x400}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xc67}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, {0x28, 0x6, "ab464050ccb516e2a3efbc8cfe1773c9757b559973f0bad78c8961b439d8afb4aa7dd0b5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}, {0x4}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x84}, 0x8040)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x8, 0x4}, 0x8)

4.001562466s ago: executing program 33 (id=13948):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}}, 0x8004)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8=r11], 0x4)

2.981608493s ago: executing program 34 (id=13956):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (fail_nth: 1)

2.939267992s ago: executing program 35 (id=13955):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

2.500992424s ago: executing program 36 (id=13965):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="05000000000000006b113600000000008510000002000000850000000500000095000000000000009500a50500000000719837a62ecba6b4aca926e6c8a1e509afe04e27090b613f59968cc4b88b4ecb814f46ebe3d5e393478f148c05cb001274b4a292d599"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffdcf}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r0, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x9, 0x8, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x66, &(0x7f0000000180)=[{}, {}], 0x10, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xc1, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000500)={'syztnl0\x00', r1, 0x6, 0x5, 0xb7, 0x1, 0x20, @mcast1, @mcast1, 0x8000, 0x20, 0xfffffffd, 0x4}})
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x1}, 0x8)

0s ago: executing program 37 (id=13976):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x8, 0x0, 0x8000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r2 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000053c0)=@newtaction={0x2a8, 0x30, 0x2, 0x70bd29, 0x25dfdbfd, {}, [{0x4c, 0x1, [@m_simple={0x48, 0xf, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x4, 0x8, 0xe, 0x6b}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, {0xf8, 0x1, [@m_vlan={0xb4, 0xa, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0xb7, 0x7, 0x2, 0x2, 0x3}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}]}, {0x5b, 0x6, "2d7fa46328a61271ffffc0e53ae623b15d4116ac4eada191ca3f0b413385feb0d2821bfb113adaddc0f7e4d13b1a979194c574518298ef2bc7e75f5c9871bfb34467e078a88195b0bc375a7d5163e020c06ce02d7b7442"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x40, 0xe, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xe}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x7}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}, {0x14c, 0x1, [@m_police={0x30, 0x1f, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_simple={0x30, 0x14, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_simple={0x30, 0x15, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_skbmod={0x30, 0x5, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_skbmod={0x88, 0x3, 0x0, 0x0, {{0xb}, {0x38, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x400}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xc67}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, {0x28, 0x6, "ab464050ccb516e2a3efbc8cfe1773c9757b559973f0bad78c8961b439d8afb4aa7dd0b5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}, {0x4}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x84}, 0x8040)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x8, 0x4}, 0x8)

kernel console output (not intermixed with test programs):

e
[  682.497634][ T1653] syzkaller0: entered allmulticast mode
[  682.531482][ T1646] netlink: 128 bytes leftover after parsing attributes in process `syz.1.12551'.
[  682.547947][ T1646] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12551'.
[  682.568068][ T1654] netlink: 'syz.5.12552': attribute type 13 has an invalid length.
[  682.730200][ T1663] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  682.753810][ T1663] syzkaller0: entered promiscuous mode
[  682.762978][ T1663] syzkaller0: entered allmulticast mode
[  682.778143][ T1665] xfrm1: entered allmulticast mode
[  682.898719][ T1654] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  682.984097][ T1651] tipc: Resetting bearer <eth:syzkaller0>
[  683.102639][ T1689] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12559'.
[  683.118587][ T1651] tipc: Disabling bearer <eth:syzkaller0>
[  683.138518][ T1683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12558'.
[  683.156245][ T1683] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12558'.
[  683.192939][ T1683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12558'.
[  683.225998][ T1683] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12558'.
[  683.332340][ T1696] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  683.354082][ T1696] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  683.397588][ T1701] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  683.411173][ T1703] tipc: Resetting bearer <eth:syzkaller0>
[  683.527847][ T1695] tipc: Disabling bearer <eth:syzkaller0>
[  683.959216][ T1724] syzkaller0: entered promiscuous mode
[  683.965034][ T1724] syzkaller0: entered allmulticast mode
[  684.012048][ T1734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.934876][ T1740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12574'.
[  685.944199][ T1740] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12574'.
[  685.953989][ T1740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12574'.
[  685.964002][ T1740] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12574'.
[  685.981139][ T1754] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  686.076722][ T1779] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12579'.
[  686.255860][ T1784] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  686.529347][ T1808] netlink: 'syz.2.12586': attribute type 1 has an invalid length.
[  686.732569][ T1814] bond8: (slave gretap4): making interface the new active one
[  686.765855][ T1814] bond8: (slave gretap4): Enslaving as an active interface with an up link
[  686.801815][ T1808] macvlan2: entered promiscuous mode
[  686.808112][ T1808] macvlan2: entered allmulticast mode
[  686.822923][ T1808] bond8: entered promiscuous mode
[  686.828092][ T1808] gretap4: entered promiscuous mode
[  686.835433][ T1808] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  686.844079][ T1808] bond8: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  686.864060][ T1808] bond8: left promiscuous mode
[  686.868985][ T1808] gretap4: left promiscuous mode
[  686.941122][ T1822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12589'.
[  686.960795][ T1822] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12589'.
[  686.980581][ T1822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12589'.
[  687.000806][ T1822] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12589'.
[  687.171542][ T1837] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  687.217165][ T1837] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  687.243254][ T1837] tipc: Resetting bearer <eth:syzkaller0>
[  687.280200][ T1836] tipc: Disabling bearer <eth:syzkaller0>
[  687.308165][ T1844] lo: Caught tx_queue_len zero misconfig
[  687.820423][ T1865] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12604'.
[  688.307047][ T1907] netlink: 'syz.2.12619': attribute type 1 has an invalid length.
[  688.837732][ T1936] syzkaller0: entered promiscuous mode
[  688.843534][ T1936] syzkaller0: entered allmulticast mode
[  689.334396][ T1964] bond0: entered promiscuous mode
[  689.342011][ T1964] bridge3: entered promiscuous mode
[  689.388544][ T1964] bond0: left promiscuous mode
[  689.407161][ T1964] bridge3: left promiscuous mode
[  690.220586][ T2023] netlink: 'syz.3.12658': attribute type 1 has an invalid length.
[  690.565756][T30333] tipc: Resetting bearer <eth:macvlan1>
[  690.629633][ T2043] bridge0: port 1(macsec0) entered blocking state
[  690.647599][ T2043] bridge0: port 1(macsec0) entered disabled state
[  690.665101][ T2043] macsec0: entered allmulticast mode
[  690.723127][ T2048] nbd: couldn't find a device at index 0
[  690.960417][ T2060] netlink: 'syz.1.12673': attribute type 1 has an invalid length.
[  691.783149][ T3420] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x12
[  693.145442][ T2174] netlink: 'syz.4.12707': attribute type 10 has an invalid length.
[  694.340624][ T2210] __nla_validate_parse: 20 callbacks suppressed
[  694.340654][ T2210] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12721'.
[  694.358309][ T2210] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12721'.
[  694.561509][ T2215] syzkaller1: entered promiscuous mode
[  694.567258][ T2215] syzkaller1: entered allmulticast mode
[  694.589722][ T2222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12724'.
[  694.684425][ T3472] nci: nci_rsp_packet: unsupported rsp opcode 0xf01
[  694.886262][ T2241] netlink: 'syz.2.12728': attribute type 13 has an invalid length.
[  696.579985][ T2234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  696.656946][ T2241] tipc: Resetting bearer <eth:macvlan1>
[  696.734506][ T2268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12732'.
[  696.773144][ T2268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12732'.
[  696.803103][ T2268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12732'.
[  696.823032][ T2268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12732'.
[  697.301153][ T2298] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12741'.
[  697.466812][ T2305] syzkaller0: entered promiscuous mode
[  697.481706][ T2305] syzkaller0: entered allmulticast mode
[  697.541798][ T2274] lec:lec_atm_close: lec0: Shut down!
[  697.839598][ T2313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12747'.
[  697.849521][ T2313] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12747'.
[  697.889003][ T2303] lo speed is unknown, defaulting to 1000
[  697.897575][ T2303] wlan0 speed is unknown, defaulting to 1000
[  698.435930][ T2348] xt_hashlimit: size too large, truncated to 1048576
[  698.563114][ T2353] syzkaller0: entered promiscuous mode
[  698.592813][ T2353] syzkaller0: entered allmulticast mode
[  699.255114][ T2379] netlink: 'syz.4.12767': attribute type 1 has an invalid length.
[  699.508075][ T2400] syzkaller0: entered promiscuous mode
[  699.522559][ T2400] syzkaller0: entered allmulticast mode
[  699.985689][ T2418] __nla_validate_parse: 7 callbacks suppressed
[  699.985711][ T2418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12778'.
[  700.121348][ T2433] netlink: 'syz.4.12781': attribute type 1 has an invalid length.
[  700.401388][ T2453] netlink: 'syz.4.12786': attribute type 4 has an invalid length.
[  700.408767][ T2452] netlink: 'syz.2.12785': attribute type 1 has an invalid length.
[  700.463467][ T2457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12785'.
[  700.471574][ T2452] 8021q: adding VLAN 0 to HW filter on device bond9
[  700.520801][ T2456] syzkaller0: entered promiscuous mode
[  700.528808][ T2456] syzkaller0: entered allmulticast mode
[  700.717600][ T2471] netlink: 180 bytes leftover after parsing attributes in process `syz.4.12792'.
[  701.197227][ T2502] syzkaller0: entered promiscuous mode
[  701.213712][ T2502] syzkaller0: entered allmulticast mode
[  701.436084][ T2504] syzkaller1: entered promiscuous mode
[  701.441646][ T2504] syzkaller1: entered allmulticast mode
[  701.484878][ T2515] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12801'.
[  701.553751][ T2482] lec:lec_atm_close: lec0: Shut down!
[  701.801008][ T2521] syzkaller0: entered promiscuous mode
[  701.821086][ T2521] syzkaller0: entered allmulticast mode
[  701.848583][ T2524] netlink: 180 bytes leftover after parsing attributes in process `syz.1.12806'.
[  701.950927][ T2508] lo speed is unknown, defaulting to 1000
[  701.984101][ T2528] netlink: 'syz.4.12805': attribute type 13 has an invalid length.
[  702.017037][ T2508] wlan0 speed is unknown, defaulting to 1000
[  702.296965][ T2546] syzkaller0: entered promiscuous mode
[  702.313176][ T2546] syzkaller0: entered allmulticast mode
[  702.433012][ T2552] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12813'.
[  702.720395][ T2566] syzkaller0: entered promiscuous mode
[  702.735729][ T2566] syzkaller0: entered allmulticast mode
[  702.771976][ T2566] 0: reclassify loop, rule prio 0, protocol 800
[  702.819876][ T2571] syzkaller0: entered promiscuous mode
[  702.825797][ T2571] syzkaller0: entered allmulticast mode
[  703.196579][ T2578] syzkaller0: entered promiscuous mode
[  703.222061][ T2578] syzkaller0: entered allmulticast mode
[  704.852028][ T2587] syzkaller0: entered promiscuous mode
[  704.862323][ T2587] syzkaller0: entered allmulticast mode
[  704.937657][ T2618] netlink: 12 bytes leftover after parsing attributes in process `syz.5.12825'.
[  706.693948][ T2643] netlink: 2 bytes leftover after parsing attributes in process `syz.4.12829'.
[  706.871450][ T2657] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  707.064541][ T2646] syzkaller0: entered promiscuous mode
[  707.070088][ T2646] syzkaller0: entered allmulticast mode
[  707.112785][ T2646] tipc: Resetting bearer <eth:syzkaller0>
[  707.212286][ T2644] tipc: Resetting bearer <eth:syzkaller0>
[  707.283354][ T2676] netlink: 'syz.3.12836': attribute type 1 has an invalid length.
[  707.463975][ T2681] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12836'.
[  708.995051][ T2644] tipc: Disabling bearer <eth:syzkaller0>
[  709.005761][ T2676] workqueue: Failed to create a rescuer kthread for wq "bond11": -EINTR
[  709.008302][ T2678] workqueue: Failed to create a rescuer kthread for wq "bond11": -EINTR
[  709.029305][ T2667] syzkaller0: entered promiscuous mode
[  709.044682][ T2667] syzkaller0: entered allmulticast mode
[  709.093000][ T2688] syzkaller0: entered promiscuous mode
[  709.108088][ T2688] syzkaller0: entered allmulticast mode
[  709.216518][ T2705] syzkaller0: entered promiscuous mode
[  709.222980][ T2705] syzkaller0: entered allmulticast mode
[  709.310434][ T2711] netlink: 52 bytes leftover after parsing attributes in process `syz.4.12841'.
[  709.629192][ T2728] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  709.665351][ T2728] syzkaller0: entered promiscuous mode
[  709.670898][ T2728] syzkaller0: entered allmulticast mode
[  709.783829][ T2728] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  709.873926][ T2728] tipc: Resetting bearer <eth:syzkaller0>
[  709.883669][ T2727] tipc: Resetting bearer <eth:syzkaller0>
[  709.926040][ T2727] tipc: Disabling bearer <eth:syzkaller0>
[  709.956951][ T2743] syzkaller0: entered promiscuous mode
[  709.972033][ T2743] syzkaller0: entered allmulticast mode
[  710.091043][ T2745] netlink: 'syz.4.12850': attribute type 13 has an invalid length.
[  710.228442][ T2745] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  710.283025][ T2745] syzkaller0: entered promiscuous mode
[  710.288557][ T2745] syzkaller0: entered allmulticast mode
[  710.316679][ T2746] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  710.347846][ T2744] tipc: Resetting bearer <eth:syzkaller0>
[  710.413151][ T2744] tipc: Disabling bearer <eth:syzkaller0>
[  710.426907][ T2754] netlink: 8 bytes leftover after parsing attributes in process `syz.5.12852'.
[  710.532390][ T2759] netlink: 'syz.5.12852': attribute type 10 has an invalid length.
[  710.545619][ T2754] 8021q: adding VLAN 0 to HW filter on device bond5
[  710.583226][ T2762] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12856'.
[  710.594007][ T2759] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.601952][ T2759] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.678280][ T2759] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.685580][ T2759] bridge0: port 2(bridge_slave_1) entered forwarding state
[  710.693233][ T2759] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.700465][ T2759] bridge0: port 1(bridge_slave_0) entered forwarding state
[  710.738546][ T2759] `: (slave bridge0): Enslaving as an active interface with an up link
[  710.747810][ T2755] syzkaller0: entered promiscuous mode
[  710.755409][ T2755] syzkaller0: entered allmulticast mode
[  711.115844][ T2776] syzkaller0: entered promiscuous mode
[  711.148059][ T2776] syzkaller0: entered allmulticast mode
[  711.764124][ T2820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  711.885884][ T2796] syzkaller0: entered promiscuous mode
[  711.904765][ T2796] syzkaller0: entered allmulticast mode
[  712.205079][ T2850] netlink: 16 bytes leftover after parsing attributes in process `syz.3.12875'.
[  712.295724][ T2842] netlink: 128 bytes leftover after parsing attributes in process `syz.3.12875'.
[  712.305175][ T2842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12875'.
[  712.343740][ T2861] netlink: 'syz.1.12876': attribute type 13 has an invalid length.
[  713.771140][ T2842] bond0: entered promiscuous mode
[  713.777165][ T2842] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  713.786238][ T2842] bond0: left promiscuous mode
[  713.791056][ T2842] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  713.833460][T23763] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  713.870787][ T2874] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  714.163277][ T5948] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  714.599749][ T2919] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12891'.
[  714.616949][ T2919] netlink: 4 bytes leftover after parsing attributes in process `syz.5.12891'.
[  714.657240][ T2921] netlink: 'syz.4.12892': attribute type 13 has an invalid length.
[  714.685429][ T2913] netlink: 'syz.2.12890': attribute type 13 has an invalid length.
[  714.710256][ T2921] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  714.726896][ T2921] syzkaller0: entered promiscuous mode
[  714.743002][ T2921] syzkaller0: entered allmulticast mode
[  714.763945][ T2921] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  714.788355][ T2920] tipc: Resetting bearer <eth:syzkaller0>
[  714.835927][ T2920] tipc: Disabling bearer <eth:syzkaller0>
[  715.198026][ T2951] netlink: zone id is out of range
[  715.216878][ T2951] netlink: zone id is out of range
[  715.232508][ T2951] netlink: zone id is out of range
[  715.370985][ T2959] netlink: 'syz.4.12907': attribute type 13 has an invalid length.
[  715.393382][ T2959] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  715.414948][ T2959] syzkaller0: entered promiscuous mode
[  715.420575][ T2959] syzkaller0: entered allmulticast mode
[  715.444272][ T2959] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  715.469579][ T2958] tipc: Resetting bearer <eth:syzkaller0>
[  715.554881][ T2958] tipc: Disabling bearer <eth:syzkaller0>
[  716.420326][ T3025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12931'.
[  716.619848][ T3039] syzkaller0: entered promiscuous mode
[  716.632881][ T3039] syzkaller0: entered allmulticast mode
[  716.682410][ T3035] syzkaller0: entered promiscuous mode
[  716.687953][ T3035] syzkaller0: entered allmulticast mode
[  717.065960][ T3062] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  717.090760][ T3062] syzkaller0: entered promiscuous mode
[  717.116323][ T3062] syzkaller0: entered allmulticast mode
[  717.854137][ T3110] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  717.873761][ T3110] syzkaller0: entered promiscuous mode
[  717.879293][ T3110] syzkaller0: entered allmulticast mode
[  718.058859][ T3116] netlink: 'syz.1.12966': attribute type 13 has an invalid length.
[  718.101195][ T3126] mac80211_hwsim hwsim29 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  718.464869][ T3139] sctp: [Deprecated]: syz.1.12973 (pid 3139) Use of struct sctp_assoc_value in delayed_ack socket option.
[  718.464869][ T3139] Use struct sctp_sack_info instead
[  718.524956][ T5900] hid-generic 0005:0C45:0009.0003: unknown main item tag 0x0
[  718.586648][ T5900] hid-generic 0005:0C45:0009.0003: hidraw0: BLUETOOTH HID v0.09 Device [syz1] on aa:aa:aa:aa:aa:aa
[  718.615597][ T3148] netlink: 'syz.4.12976': attribute type 13 has an invalid length.
[  718.642327][ T3148] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  718.651685][ T3148] syzkaller0: entered promiscuous mode
[  718.661299][ T3148] syzkaller0: entered allmulticast mode
[  718.672344][ T3148] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  718.717997][ T3147] tipc: Resetting bearer <eth:syzkaller0>
[  718.816203][ T3147] tipc: Disabling bearer <eth:syzkaller0>
[  718.845206][ T3151] lec:lec_vcc_attach: copy from user failed for 28 bytes
[  718.853928][ T3155] lo: Caught tx_queue_len zero misconfig
[  719.019857][ T3158] netlink: 'syz.3.12979': attribute type 13 has an invalid length.
[  719.285038][ T3173] syzkaller1: entered promiscuous mode
[  719.300932][ T3173] syzkaller1: entered allmulticast mode
[  719.571185][ T3196] netlink: 'syz.2.12990': attribute type 13 has an invalid length.
[  719.592169][ T3196] tipc: Resetting bearer <eth:macvlan1>
[  720.565336][ T3213] netlink: 'syz.2.12995': attribute type 13 has an invalid length.
[  721.119536][ T3251] netlink: 'syz.3.13005': attribute type 13 has an invalid length.
[  721.337050][ T3251] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  721.456253][ T3250] tipc: Disabling bearer <eth:syzkaller0>
[  721.503919][ T3267] syzkaller1: entered promiscuous mode
[  721.512400][ T3267] syzkaller1: entered allmulticast mode
[  721.647896][ T3282] netlink: 'syz.2.13012': attribute type 13 has an invalid length.
[  721.884820][ T3295] bond0: Caught tx_queue_len zero misconfig
[  722.025959][ T3306] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13018'.
[  722.053488][ T3306] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13018'.
[  722.135747][ T3311] netlink: 'syz.2.13023': attribute type 13 has an invalid length.
[  722.167969][ T3311] tipc: Resetting bearer <eth:macvlan1>
[  722.236986][ T3317] lo: entered allmulticast mode
[  722.243583][ T3316] lo: left allmulticast mode
[  722.283990][ T3311] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  722.345209][ T3310] tipc: Disabling bearer <eth:syzkaller0>
[  722.673252][ T3339] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13030'.
[  722.685323][ T3339] netlink: 'syz.4.13030': attribute type 5 has an invalid length.
[  722.693979][ T3339] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13030'.
[  722.894784][ T1025] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  722.912470][ T1025] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 20004 - 0
[  722.929300][ T1025] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 6081 - 0
[  722.946294][ T3340] syzkaller0: entered promiscuous mode
[  722.953427][ T3340] syzkaller0: entered allmulticast mode
[  722.971272][ T3339] geneve5: entered promiscuous mode
[  722.978509][ T3339] geneve5: entered allmulticast mode
[  723.045037][ T1025] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  723.066095][ T1025] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 20004 - 0
[  723.095631][ T1025] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 6081 - 0
[  723.117842][ T1025] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 256 - 0
[  723.181209][ T1025] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  723.203832][ T1025] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 20004 - 0
[  723.213914][ T1025] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 6081 - 0
[  723.223307][ T1025] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 256 - 0
[  723.252237][ T1025] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  723.261188][ T1025] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 20004 - 0
[  723.279417][ T1025] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 6081 - 0
[  723.289820][ T1025] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 256 - 0
[  723.327659][ T1025] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  723.558217][ T3379] netlink: 'syz.2.13038': attribute type 13 has an invalid length.
[  723.598425][ T3379] tipc: Resetting bearer <eth:macvlan1>
[  723.627146][ T3382] syzkaller0: entered promiscuous mode
[  723.634268][ T3382] syzkaller0: entered allmulticast mode
[  723.648011][ T3382] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  725.511022][ T3379] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  725.538145][ T3376] tipc: Disabling bearer <eth:syzkaller0>
[  725.704228][ T3429] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  725.722463][ T3427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  725.730228][ T3429] syzkaller0: entered promiscuous mode
[  725.736727][ T3429] syzkaller0: entered allmulticast mode
[  725.747546][ T3427] syzkaller0: entered promiscuous mode
[  725.756416][ T3427] syzkaller0: entered allmulticast mode
[  725.809727][ T3427] tipc: Resetting bearer <eth:syzkaller0>
[  725.851395][ T3426] tipc: Resetting bearer <eth:syzkaller0>
[  725.880162][ T3426] tipc: Disabling bearer <eth:syzkaller0>
[  725.898631][ T3433] syzkaller0: entered promiscuous mode
[  725.912413][ T3433] syzkaller0: entered allmulticast mode
[  726.060396][ T3442] netlink: 'syz.5.13049': attribute type 13 has an invalid length.
[  726.463660][ T3454] syzkaller0: entered promiscuous mode
[  726.469282][ T3454] syzkaller0: entered allmulticast mode
[  726.723472][ T3478] netlink: 'syz.2.13056': attribute type 13 has an invalid length.
[  728.295383][ T3467] syzkaller0: entered promiscuous mode
[  728.300933][ T3467] syzkaller0: entered allmulticast mode
[  728.329209][ T3478] tipc: Resetting bearer <eth:macvlan1>
[  728.341625][ T3484] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  728.559795][ T3503] syzkaller0: entered promiscuous mode
[  728.580635][ T3503] syzkaller0: entered allmulticast mode
[  728.749281][ T3506] netlink: 'syz.5.13061': attribute type 13 has an invalid length.
[  728.777893][ T3510] syzkaller0: entered promiscuous mode
[  728.797362][ T3510] syzkaller0: entered allmulticast mode
[  728.821365][ T3513] syzkaller0: entered promiscuous mode
[  728.828712][ T3513] syzkaller0: entered allmulticast mode
[  729.034800][ T3522] netlink: 'syz.2.13065': attribute type 1 has an invalid length.
[  729.098897][ T3524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13067'.
[  729.120950][ T3524] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13067'.
[  729.165781][ T3524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13067'.
[  729.188782][ T3524] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13067'.
[  729.202898][ T3529] netlink: 'syz.3.13069': attribute type 13 has an invalid length.
[  729.242754][ T3529] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  729.332990][ T3528] tipc: Disabling bearer <eth:syzkaller0>
[  729.340317][ T3535] FAULT_INJECTION: forcing a failure.
[  729.340317][ T3535] name failslab, interval 1, probability 0, space 0, times 1
[  729.358048][ T3535] CPU: 1 UID: 0 PID: 3535 Comm: syz.2.13072 Not tainted syzkaller #0 PREEMPT(full) 
[  729.358088][ T3535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  729.358102][ T3535] Call Trace:
[  729.358110][ T3535]  <TASK>
[  729.358120][ T3535]  dump_stack_lvl+0x189/0x250
[  729.358153][ T3535]  ? __pfx____ratelimit+0x10/0x10
[  729.358174][ T3535]  ? __pfx_dump_stack_lvl+0x10/0x10
[  729.358200][ T3535]  ? __pfx__printk+0x10/0x10
[  729.358237][ T3535]  ? __pfx___might_resched+0x10/0x10
[  729.358266][ T3535]  should_fail_ex+0x414/0x560
[  729.358304][ T3535]  should_failslab+0xa8/0x100
[  729.358332][ T3535]  __kmalloc_noprof+0xdf/0x800
[  729.358352][ T3535]  ? kfree+0x4d/0x660
[  729.358378][ T3535]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  729.358414][ T3535]  tomoyo_realpath_from_path+0xe3/0x5d0
[  729.358444][ T3535]  ? tomoyo_domain+0xd8/0x130
[  729.358479][ T3535]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  729.358503][ T3535]  tomoyo_path_number_perm+0x1e8/0x5a0
[  729.358530][ T3535]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  729.358573][ T3535]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  729.358620][ T3535]  ? __fget_files+0x2a/0x420
[  729.358651][ T3535]  ? __fget_files+0x3a0/0x420
[  729.358676][ T3535]  ? __fget_files+0x2a/0x420
[  729.358707][ T3535]  security_file_ioctl+0xcb/0x2d0
[  729.358732][ T3535]  __se_sys_ioctl+0x47/0x170
[  729.358755][ T3535]  do_syscall_64+0xfa/0xf80
[  729.358778][ T3535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.358799][ T3535]  ? clear_bhb_loop+0x60/0xb0
[  729.358825][ T3535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.358845][ T3535] RIP: 0033:0x7fc1fa98f749
[  729.358865][ T3535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  729.358882][ T3535] RSP: 002b:00007fc1fb7ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  729.358905][ T3535] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98f749
[  729.358920][ T3535] RDX: 0000200000000640 RSI: 000000000000890c RDI: 0000000000000003
[  729.358934][ T3535] RBP: 00007fc1fb7ef090 R08: 0000000000000000 R09: 0000000000000000
[  729.358946][ T3535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.358959][ T3535] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  729.358995][ T3535]  </TASK>
[  729.359014][ T3535] ERROR: Out of memory at tomoyo_realpath_from_path.
[  729.736214][ T3537] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  729.916813][ T3543] syzkaller0: entered promiscuous mode
[  729.932484][ T3543] syzkaller0: entered allmulticast mode
[  730.027336][ T3558] syzkaller0: entered promiscuous mode
[  730.069607][ T3558] syzkaller0: entered allmulticast mode
[  730.313710][ T3586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13082'.
[  731.917160][ T3598] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13083'.
[  732.092770][ T3610] FAULT_INJECTION: forcing a failure.
[  732.092770][ T3610] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  732.117355][ T3610] CPU: 1 UID: 0 PID: 3610 Comm: syz.5.13088 Not tainted syzkaller #0 PREEMPT(full) 
[  732.117384][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  732.117397][ T3610] Call Trace:
[  732.117406][ T3610]  <TASK>
[  732.117415][ T3610]  dump_stack_lvl+0x189/0x250
[  732.117445][ T3610]  ? __pfx____ratelimit+0x10/0x10
[  732.117466][ T3610]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.117491][ T3610]  ? __pfx__printk+0x10/0x10
[  732.117523][ T3610]  ? __might_fault+0xb0/0x130
[  732.117566][ T3610]  should_fail_ex+0x414/0x560
[  732.117603][ T3610]  _copy_from_user+0x2d/0xb0
[  732.117630][ T3610]  ___sys_sendmsg+0x158/0x2a0
[  732.117659][ T3610]  ? __pfx____sys_sendmsg+0x10/0x10
[  732.117692][ T3610]  ? rcu_read_lock_any_held+0xb3/0x120
[  732.117751][ T3610]  ? __fget_files+0x2a/0x420
[  732.117776][ T3610]  ? __fget_files+0x3a0/0x420
[  732.117814][ T3610]  __x64_sys_sendmsg+0x19b/0x260
[  732.117843][ T3610]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  732.117886][ T3610]  ? __pfx_ksys_write+0x10/0x10
[  732.117911][ T3610]  ? do_syscall_64+0xbe/0xf80
[  732.117936][ T3610]  do_syscall_64+0xfa/0xf80
[  732.117959][ T3610]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.117979][ T3610]  ? clear_bhb_loop+0x60/0xb0
[  732.118004][ T3610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.118023][ T3610] RIP: 0033:0x7f473a38f749
[  732.118041][ T3610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.118058][ T3610] RSP: 002b:00007f473b150038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  732.118079][ T3610] RAX: ffffffffffffffda RBX: 00007f473a5e5fa0 RCX: 00007f473a38f749
[  732.118095][ T3610] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003
[  732.118107][ T3610] RBP: 00007f473b150090 R08: 0000000000000000 R09: 0000000000000000
[  732.118120][ T3610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.118132][ T3610] R13: 00007f473a5e6038 R14: 00007f473a5e5fa0 R15: 00007ffd288f4df8
[  732.118166][ T3610]  </TASK>
[  732.577533][ T3630] FAULT_INJECTION: forcing a failure.
[  732.577533][ T3630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  732.604114][ T3630] CPU: 0 UID: 0 PID: 3630 Comm: syz.5.13092 Not tainted syzkaller #0 PREEMPT(full) 
[  732.604143][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  732.604156][ T3630] Call Trace:
[  732.604164][ T3630]  <TASK>
[  732.604173][ T3630]  dump_stack_lvl+0x189/0x250
[  732.604203][ T3630]  ? __pfx____ratelimit+0x10/0x10
[  732.604224][ T3630]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.604248][ T3630]  ? __pfx__printk+0x10/0x10
[  732.604278][ T3630]  ? __might_fault+0xb0/0x130
[  732.604319][ T3630]  should_fail_ex+0x414/0x560
[  732.604356][ T3630]  _copy_from_user+0x2d/0xb0
[  732.604383][ T3630]  __sys_connect+0x123/0x440
[  732.604405][ T3630]  ? __fget_files+0x3a0/0x420
[  732.604431][ T3630]  ? __pfx___sys_connect+0x10/0x10
[  732.604465][ T3630]  ? __pfx_ksys_write+0x10/0x10
[  732.604493][ T3630]  __x64_sys_connect+0x7a/0x90
[  732.604517][ T3630]  do_syscall_64+0xfa/0xf80
[  732.604541][ T3630]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.604560][ T3630]  ? clear_bhb_loop+0x60/0xb0
[  732.604584][ T3630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.604604][ T3630] RIP: 0033:0x7f473a38f749
[  732.604624][ T3630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.604641][ T3630] RSP: 002b:00007f473b150038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  732.604663][ T3630] RAX: ffffffffffffffda RBX: 00007f473a5e5fa0 RCX: 00007f473a38f749
[  732.604678][ T3630] RDX: 0000000000000010 RSI: 0000200000000200 RDI: 0000000000000003
[  732.604691][ T3630] RBP: 00007f473b150090 R08: 0000000000000000 R09: 0000000000000000
[  732.604704][ T3630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.604716][ T3630] R13: 00007f473a5e6038 R14: 00007f473a5e5fa0 R15: 00007ffd288f4df8
[  732.604752][ T3630]  </TASK>
[  732.816011][ T3633] netlink: 40 bytes leftover after parsing attributes in process `syz.4.13090'.
[  733.310044][ T3652] netlink: 44 bytes leftover after parsing attributes in process `syz.5.13095'.
[  733.369032][ T3653] netlink: 56 bytes leftover after parsing attributes in process `syz.5.13095'.
[  733.380282][ T3653] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13095'.
[  734.506755][ T3651] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  734.515136][ T3651] batman_adv: batadv0: Removing interface: batadv_slave_0
[  734.534111][ T3651] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  734.541663][ T3651] batman_adv: batadv0: Removing interface: batadv_slave_1
[  734.761517][ T3666] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13100'.
[  735.005473][ T3685] FAULT_INJECTION: forcing a failure.
[  735.005473][ T3685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.083447][ T3685] CPU: 1 UID: 0 PID: 3685 Comm: syz.1.13105 Not tainted syzkaller #0 PREEMPT(full) 
[  735.083477][ T3685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  735.083491][ T3685] Call Trace:
[  735.083499][ T3685]  <TASK>
[  735.083507][ T3685]  dump_stack_lvl+0x189/0x250
[  735.083538][ T3685]  ? __pfx____ratelimit+0x10/0x10
[  735.083559][ T3685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  735.083584][ T3685]  ? __pfx__printk+0x10/0x10
[  735.083630][ T3685]  should_fail_ex+0x414/0x560
[  735.083675][ T3685]  _copy_from_user+0x2d/0xb0
[  735.083701][ T3685]  sctp_setsockopt+0x1c4/0x12c0
[  735.083721][ T3685]  ? sock_common_setsockopt+0x36/0xc0
[  735.083753][ T3685]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  735.083787][ T3685]  do_sock_setsockopt+0x17c/0x1b0
[  735.083818][ T3685]  __x64_sys_setsockopt+0x13f/0x1b0
[  735.083848][ T3685]  do_syscall_64+0xfa/0xf80
[  735.083871][ T3685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.083893][ T3685]  ? clear_bhb_loop+0x60/0xb0
[  735.083918][ T3685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.083938][ T3685] RIP: 0033:0x7f16de38f749
[  735.083957][ T3685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.083975][ T3685] RSP: 002b:00007f16df257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  735.083997][ T3685] RAX: ffffffffffffffda RBX: 00007f16de5e5fa0 RCX: 00007f16de38f749
[  735.084013][ T3685] RDX: 000000000000000d RSI: 0000000000000084 RDI: 0000000000000004
[  735.084024][ T3685] RBP: 00007f16df257090 R08: 0000000000000008 R09: 0000000000000000
[  735.084036][ T3685] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.084049][ T3685] R13: 00007f16de5e6038 R14: 00007f16de5e5fa0 R15: 00007ffd42770af8
[  735.084084][ T3685]  </TASK>
[  735.318750][ T3695] FAULT_INJECTION: forcing a failure.
[  735.318750][ T3695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.354200][ T3692] FAULT_INJECTION: forcing a failure.
[  735.354200][ T3692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.378644][ T3692] CPU: 0 UID: 0 PID: 3692 Comm: syz.4.13110 Not tainted syzkaller #0 PREEMPT(full) 
[  735.378673][ T3692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  735.378685][ T3692] Call Trace:
[  735.378692][ T3692]  <TASK>
[  735.378701][ T3692]  dump_stack_lvl+0x189/0x250
[  735.378730][ T3692]  ? __pfx____ratelimit+0x10/0x10
[  735.378750][ T3692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  735.378775][ T3692]  ? __pfx__printk+0x10/0x10
[  735.378807][ T3692]  ? __might_fault+0xb0/0x130
[  735.378851][ T3692]  should_fail_ex+0x414/0x560
[  735.378889][ T3692]  _copy_from_user+0x2d/0xb0
[  735.378916][ T3692]  kstrtouint_from_user+0xc4/0x170
[  735.378940][ T3692]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  735.378976][ T3692]  proc_fail_nth_write+0x88/0x200
[  735.378993][ T3692]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  735.379014][ T3692]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  735.379031][ T3692]  vfs_write+0x27e/0xb30
[  735.379054][ T3692]  ? __pfx_vfs_write+0x10/0x10
[  735.379070][ T3692]  ? __fget_files+0x2a/0x420
[  735.379092][ T3692]  ? __fget_files+0x3a0/0x420
[  735.379110][ T3692]  ? __fget_files+0x2a/0x420
[  735.379136][ T3692]  ksys_write+0x145/0x250
[  735.379152][ T3692]  ? __pfx_ksys_write+0x10/0x10
[  735.379170][ T3692]  ? do_syscall_64+0xbe/0xf80
[  735.379189][ T3692]  do_syscall_64+0xfa/0xf80
[  735.379205][ T3692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.379221][ T3692]  ? clear_bhb_loop+0x60/0xb0
[  735.379240][ T3692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.379254][ T3692] RIP: 0033:0x7f240698e1ff
[  735.379268][ T3692] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  735.379281][ T3692] RSP: 002b:00007f240783a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  735.379297][ T3692] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f240698e1ff
[  735.379308][ T3692] RDX: 0000000000000001 RSI: 00007f240783a0a0 RDI: 0000000000000004
[  735.379317][ T3692] RBP: 00007f240783a090 R08: 0000000000000000 R09: 0000000000000000
[  735.379326][ T3692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  735.379334][ T3692] R13: 00007f2406be6038 R14: 00007f2406be5fa0 R15: 00007ffc9d7203a8
[  735.379359][ T3692]  </TASK>
[  735.393401][ T3695] CPU: 1 UID: 0 PID: 3695 Comm: syz.5.13109 Not tainted syzkaller #0 PREEMPT(full) 
[  735.393474][ T3695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  735.393507][ T3695] Call Trace:
[  735.393535][ T3695]  <TASK>
[  735.393557][ T3695]  dump_stack_lvl+0x189/0x250
[  735.393631][ T3695]  ? __pfx____ratelimit+0x10/0x10
[  735.393683][ T3695]  ? __pfx_dump_stack_lvl+0x10/0x10
[  735.393746][ T3695]  ? __pfx__printk+0x10/0x10
[  735.393870][ T3695]  should_fail_ex+0x414/0x560
[  735.393974][ T3695]  _copy_to_user+0x31/0xb0
[  735.394047][ T3695]  simple_read_from_buffer+0xe1/0x170
[  735.394144][ T3695]  proc_fail_nth_read+0x1b3/0x220
[  735.394229][ T3695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  735.394300][ T3695]  ? rw_verify_area+0x2a6/0x4d0
[  735.394345][ T3695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  735.394407][ T3695]  vfs_read+0x200/0xa30
[  735.394458][ T3695]  ? fdget_pos+0x247/0x320
[  735.394534][ T3695]  ? __pfx___mutex_lock+0x10/0x10
[  735.394597][ T3695]  ? __pfx_vfs_read+0x10/0x10
[  735.394660][ T3695]  ? __fget_files+0x2a/0x420
[  735.394736][ T3695]  ? __fget_files+0x3a0/0x420
[  735.394799][ T3695]  ? __fget_files+0x2a/0x420
[  735.394901][ T3695]  ksys_read+0x145/0x250
[  735.394942][ T3695]  ? __pfx_ksys_read+0x10/0x10
[  735.394963][ T3695]  ? do_syscall_64+0xbe/0xf80
[  735.395027][ T3695]  do_syscall_64+0xfa/0xf80
[  735.395089][ T3695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.395142][ T3695]  ? clear_bhb_loop+0x60/0xb0
[  735.395206][ T3695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.395258][ T3695] RIP: 0033:0x7f473a38e15c
[  735.395308][ T3695] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  735.395350][ T3695] RSP: 002b:00007f473b150030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  735.395412][ T3695] RAX: ffffffffffffffda RBX: 00007f473a5e5fa0 RCX: 00007f473a38e15c
[  735.395453][ T3695] RDX: 000000000000000f RSI: 00007f473b1500a0 RDI: 0000000000000003
[  735.395492][ T3695] RBP: 00007f473b150090 R08: 0000000000000000 R09: 0000000000000000
[  735.395534][ T3695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.395579][ T3695] R13: 00007f473a5e6038 R14: 00007f473a5e5fa0 R15: 00007ffd288f4df8
[  735.395689][ T3695]  </TASK>
[  736.046523][ T3707] netlink: 36 bytes leftover after parsing attributes in process `syz.3.13116'.
[  736.079612][ T3712] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13117'.
[  736.611531][ T3734] syzkaller1: entered promiscuous mode
[  736.617862][ T3734] syzkaller1: entered allmulticast mode
[  736.649387][ T3747] netlink: 'syz.1.13125': attribute type 10 has an invalid length.
[  736.658108][ T3747] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13125'.
[  736.715918][ T3747] team0: Port device geneve0 added
[  736.796108][ T3753] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  736.894527][ T3758] FAULT_INJECTION: forcing a failure.
[  736.894527][ T3758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.907872][ T3758] CPU: 1 UID: 0 PID: 3758 Comm: syz.4.13130 Not tainted syzkaller #0 PREEMPT(full) 
[  736.907900][ T3758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  736.907912][ T3758] Call Trace:
[  736.907920][ T3758]  <TASK>
[  736.907929][ T3758]  dump_stack_lvl+0x189/0x250
[  736.907960][ T3758]  ? __pfx____ratelimit+0x10/0x10
[  736.907981][ T3758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.908004][ T3758]  ? __pfx__printk+0x10/0x10
[  736.908048][ T3758]  should_fail_ex+0x414/0x560
[  736.908084][ T3758]  _copy_to_user+0x31/0xb0
[  736.908112][ T3758]  simple_read_from_buffer+0xe1/0x170
[  736.908143][ T3758]  proc_fail_nth_read+0x1b3/0x220
[  736.908168][ T3758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  736.908195][ T3758]  ? rw_verify_area+0x2a6/0x4d0
[  736.908214][ T3758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  736.908239][ T3758]  vfs_read+0x200/0xa30
[  736.908257][ T3758]  ? fdget_pos+0x247/0x320
[  736.908288][ T3758]  ? __pfx___mutex_lock+0x10/0x10
[  736.908312][ T3758]  ? __pfx_vfs_read+0x10/0x10
[  736.908334][ T3758]  ? __fget_files+0x2a/0x420
[  736.908365][ T3758]  ? __fget_files+0x3a0/0x420
[  736.908390][ T3758]  ? __fget_files+0x2a/0x420
[  736.908433][ T3758]  ksys_read+0x145/0x250
[  736.908456][ T3758]  ? __pfx_ksys_read+0x10/0x10
[  736.908479][ T3758]  ? do_syscall_64+0xbe/0xf80
[  736.908513][ T3758]  do_syscall_64+0xfa/0xf80
[  736.908535][ T3758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.908555][ T3758]  ? clear_bhb_loop+0x60/0xb0
[  736.908579][ T3758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.908598][ T3758] RIP: 0033:0x7f240698e15c
[  736.908616][ T3758] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  736.908633][ T3758] RSP: 002b:00007f240783a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  736.908653][ T3758] RAX: ffffffffffffffda RBX: 00007f2406be5fa0 RCX: 00007f240698e15c
[  736.908668][ T3758] RDX: 000000000000000f RSI: 00007f240783a0a0 RDI: 0000000000000005
[  736.908681][ T3758] RBP: 00007f240783a090 R08: 0000000000000000 R09: 0000000000000000
[  736.908693][ T3758] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.908706][ T3758] R13: 00007f2406be6038 R14: 00007f2406be5fa0 R15: 00007ffc9d7203a8
[  736.908743][ T3758]  </TASK>
[  738.848032][ T3778] tipc: Enabled bearer <ib:gretap0>, priority 10
[  738.860474][ T3788] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.13135'.
[  739.032839][ T3800] syzkaller0: entered promiscuous mode
[  739.038391][ T3800] syzkaller0: entered allmulticast mode
[  739.063965][ T3802] FAULT_INJECTION: forcing a failure.
[  739.063965][ T3802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  739.117508][ T3802] CPU: 0 UID: 0 PID: 3802 Comm: syz.5.13139 Not tainted syzkaller #0 PREEMPT(full) 
[  739.117539][ T3802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  739.117553][ T3802] Call Trace:
[  739.117561][ T3802]  <TASK>
[  739.117570][ T3802]  dump_stack_lvl+0x189/0x250
[  739.117601][ T3802]  ? __pfx____ratelimit+0x10/0x10
[  739.117622][ T3802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  739.117648][ T3802]  ? __pfx__printk+0x10/0x10
[  739.117679][ T3802]  ? __might_fault+0xb0/0x130
[  739.117724][ T3802]  should_fail_ex+0x414/0x560
[  739.117762][ T3802]  _copy_from_user+0x2d/0xb0
[  739.117789][ T3802]  ip_tunnel_parm_from_user+0xa2/0x380
[  739.117818][ T3802]  ? __lock_acquire+0x6b6/0x2cf0
[  739.117840][ T3802]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[  739.117889][ T3802]  ip_tunnel_siocdevprivate+0x99/0x180
[  739.117920][ T3802]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  739.117946][ T3802]  ? do_raw_spin_lock+0x121/0x290
[  739.117987][ T3802]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  739.118025][ T3802]  ipip6_tunnel_siocdevprivate+0x24e/0x1560
[  739.118058][ T3802]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  739.118096][ T3802]  ? __pfx_ipip6_tunnel_siocdevprivate+0x10/0x10
[  739.118124][ T3802]  ? rcu_is_watching+0x15/0xb0
[  739.118155][ T3802]  ? __mutex_lock+0xd3b/0x1350
[  739.118183][ T3802]  ? __mutex_lock+0x5bb/0x1350
[  739.118211][ T3802]  ? dev_ioctl+0x83c/0x1150
[  739.118235][ T3802]  ? full_name_hash+0x92/0xe0
[  739.118267][ T3802]  ? netdev_name_node_lookup+0xdf/0x120
[  739.118301][ T3802]  dev_ifsioc+0xb57/0xf00
[  739.118335][ T3802]  dev_ioctl+0x84c/0x1150
[  739.118361][ T3802]  sock_ioctl+0x719/0x790
[  739.118394][ T3802]  ? __pfx_sock_ioctl+0x10/0x10
[  739.118435][ T3802]  ? __fget_files+0x3a0/0x420
[  739.118461][ T3802]  ? __fget_files+0x2a/0x420
[  739.118490][ T3802]  ? bpf_lsm_file_ioctl+0x9/0x20
[  739.118515][ T3802]  ? __pfx_sock_ioctl+0x10/0x10
[  739.118546][ T3802]  __se_sys_ioctl+0xfc/0x170
[  739.118570][ T3802]  do_syscall_64+0xfa/0xf80
[  739.118594][ T3802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.118614][ T3802]  ? clear_bhb_loop+0x60/0xb0
[  739.118640][ T3802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.118660][ T3802] RIP: 0033:0x7f473a38f749
[  739.118679][ T3802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  739.118697][ T3802] RSP: 002b:00007f473b150038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  739.118719][ T3802] RAX: ffffffffffffffda RBX: 00007f473a5e5fa0 RCX: 00007f473a38f749
[  739.118735][ T3802] RDX: 0000200000000040 RSI: 00000000000089f2 RDI: 0000000000000003
[  739.118748][ T3802] RBP: 00007f473b150090 R08: 0000000000000000 R09: 0000000000000000
[  739.118761][ T3802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.118773][ T3802] R13: 00007f473a5e6038 R14: 00007f473a5e5fa0 R15: 00007ffd288f4df8
[  739.118809][ T3802]  </TASK>
[  739.816944][ T3827] FAULT_INJECTION: forcing a failure.
[  739.816944][ T3827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  739.882138][ T3827] CPU: 1 UID: 0 PID: 3827 Comm: syz.3.13145 Not tainted syzkaller #0 PREEMPT(full) 
[  739.882168][ T3827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  739.882181][ T3827] Call Trace:
[  739.882189][ T3827]  <TASK>
[  739.882202][ T3827]  dump_stack_lvl+0x189/0x250
[  739.882233][ T3827]  ? __pfx____ratelimit+0x10/0x10
[  739.882254][ T3827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  739.882279][ T3827]  ? __pfx__printk+0x10/0x10
[  739.882324][ T3827]  should_fail_ex+0x414/0x560
[  739.882363][ T3827]  _copy_to_user+0x31/0xb0
[  739.882391][ T3827]  simple_read_from_buffer+0xe1/0x170
[  739.882423][ T3827]  proc_fail_nth_read+0x1b3/0x220
[  739.882450][ T3827]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  739.882477][ T3827]  ? rw_verify_area+0x2a6/0x4d0
[  739.882496][ T3827]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  739.882521][ T3827]  vfs_read+0x200/0xa30
[  739.882549][ T3827]  ? fdget_pos+0x247/0x320
[  739.882582][ T3827]  ? __pfx___mutex_lock+0x10/0x10
[  739.882606][ T3827]  ? __pfx_vfs_read+0x10/0x10
[  739.882629][ T3827]  ? __fget_files+0x2a/0x420
[  739.882660][ T3827]  ? __fget_files+0x3a0/0x420
[  739.882686][ T3827]  ? __fget_files+0x2a/0x420
[  739.882721][ T3827]  ksys_read+0x145/0x250
[  739.882745][ T3827]  ? __pfx_ksys_read+0x10/0x10
[  739.882770][ T3827]  ? do_syscall_64+0xbe/0xf80
[  739.882797][ T3827]  do_syscall_64+0xfa/0xf80
[  739.882821][ T3827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.882841][ T3827]  ? clear_bhb_loop+0x60/0xb0
[  739.882867][ T3827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  739.882887][ T3827] RIP: 0033:0x7f056878e15c
[  739.882907][ T3827] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  739.882925][ T3827] RSP: 002b:00007f0569648030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  739.882947][ T3827] RAX: ffffffffffffffda RBX: 00007f05689e5fa0 RCX: 00007f056878e15c
[  739.882963][ T3827] RDX: 000000000000000f RSI: 00007f05696480a0 RDI: 0000000000000005
[  739.882976][ T3827] RBP: 00007f0569648090 R08: 0000000000000000 R09: 0000000000000000
[  739.882988][ T3827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.883000][ T3827] R13: 00007f05689e6038 R14: 00007f05689e5fa0 R15: 00007ffde0dddf68
[  739.883037][ T3827]  </TASK>
[  739.888780][ T3823] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  741.727922][ T3847] netlink: 182 bytes leftover after parsing attributes in process `syz.5.13152'.
[  741.828739][ T3849] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13153'.
[  741.907405][ T3856] FAULT_INJECTION: forcing a failure.
[  741.907405][ T3856] name failslab, interval 1, probability 0, space 0, times 0
[  741.926201][ T3856] CPU: 1 UID: 0 PID: 3856 Comm: syz.1.13156 Not tainted syzkaller #0 PREEMPT(full) 
[  741.926237][ T3856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  741.926250][ T3856] Call Trace:
[  741.926259][ T3856]  <TASK>
[  741.926268][ T3856]  dump_stack_lvl+0x189/0x250
[  741.926299][ T3856]  ? __pfx____ratelimit+0x10/0x10
[  741.926319][ T3856]  ? __pfx_dump_stack_lvl+0x10/0x10
[  741.926344][ T3856]  ? __pfx__printk+0x10/0x10
[  741.926378][ T3856]  ? __pfx___might_resched+0x10/0x10
[  741.926401][ T3856]  ? fs_reclaim_acquire+0x7d/0x100
[  741.926430][ T3856]  should_fail_ex+0x414/0x560
[  741.926469][ T3856]  should_failslab+0xa8/0x100
[  741.926497][ T3856]  kmem_cache_alloc_node_noprof+0x8c/0x720
[  741.926531][ T3856]  ? __alloc_skb+0x255/0x430
[  741.926551][ T3856]  ? napi_skb_cache_get+0x4a5/0x780
[  741.926572][ T3856]  ? napi_skb_cache_get+0x151/0x780
[  741.926598][ T3856]  __alloc_skb+0x255/0x430
[  741.926623][ T3856]  ? __pfx___alloc_skb+0x10/0x10
[  741.926658][ T3856]  pfkey_sendmsg+0xca5/0x1090
[  741.926701][ T3856]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  741.926755][ T3856]  ? aa_sock_msg_perm+0xf1/0x1b0
[  741.926785][ T3856]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  741.926804][ T3856]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  741.926829][ T3856]  __sock_sendmsg+0x21c/0x270
[  741.926864][ T3856]  ____sys_sendmsg+0x505/0x820
[  741.926896][ T3856]  ? __pfx_____sys_sendmsg+0x10/0x10
[  741.926932][ T3856]  ? import_iovec+0x74/0xa0
[  741.926962][ T3856]  ___sys_sendmsg+0x21f/0x2a0
[  741.926990][ T3856]  ? __pfx____sys_sendmsg+0x10/0x10
[  741.927059][ T3856]  ? __fget_files+0x2a/0x420
[  741.927084][ T3856]  ? __fget_files+0x3a0/0x420
[  741.927123][ T3856]  __x64_sys_sendmsg+0x19b/0x260
[  741.927152][ T3856]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  741.927192][ T3856]  ? rcu_is_watching+0x15/0xb0
[  741.927229][ T3856]  do_syscall_64+0xfa/0xf80
[  741.927259][ T3856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.927280][ T3856]  ? clear_bhb_loop+0x60/0xb0
[  741.927306][ T3856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.927326][ T3856] RIP: 0033:0x7f16de38f749
[  741.927344][ T3856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.927362][ T3856] RSP: 002b:00007f16df257038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  741.927384][ T3856] RAX: ffffffffffffffda RBX: 00007f16de5e5fa0 RCX: 00007f16de38f749
[  741.927400][ T3856] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  741.927412][ T3856] RBP: 00007f16df257090 R08: 0000000000000000 R09: 0000000000000000
[  741.927426][ T3856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.927438][ T3856] R13: 00007f16de5e6038 R14: 00007f16de5e5fa0 R15: 00007ffd42770af8
[  741.927475][ T3856]  </TASK>
[  742.237724][ T3854] syzkaller0: entered promiscuous mode
[  742.244432][ T3854] syzkaller0: entered allmulticast mode
[  742.380890][ T3863] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13158'.
[  742.417571][ T3867] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  742.603749][ T3879] netlink: 'syz.1.13164': attribute type 33 has an invalid length.
[  742.874538][ T3891] FAULT_INJECTION: forcing a failure.
[  742.874538][ T3891] name failslab, interval 1, probability 0, space 0, times 0
[  742.921814][ T3891] CPU: 1 UID: 0 PID: 3891 Comm: syz.2.13170 Not tainted syzkaller #0 PREEMPT(full) 
[  742.921849][ T3891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  742.921862][ T3891] Call Trace:
[  742.921870][ T3891]  <TASK>
[  742.921880][ T3891]  dump_stack_lvl+0x189/0x250
[  742.921911][ T3891]  ? __pfx____ratelimit+0x10/0x10
[  742.921930][ T3891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.921956][ T3891]  ? __pfx__printk+0x10/0x10
[  742.921993][ T3891]  ? __pfx___might_resched+0x10/0x10
[  742.922015][ T3891]  ? fs_reclaim_acquire+0x7d/0x100
[  742.922044][ T3891]  should_fail_ex+0x414/0x560
[  742.922081][ T3891]  should_failslab+0xa8/0x100
[  742.922115][ T3891]  __kmalloc_cache_noprof+0x84/0x700
[  742.922136][ T3891]  ? trace_kmalloc+0x1f/0xb0
[  742.922152][ T3891]  ? call_usermodehelper_setup+0x8e/0x270
[  742.922169][ T3891]  ? __kasan_kmalloc+0x93/0xb0
[  742.922197][ T3891]  call_usermodehelper_setup+0x8e/0x270
[  742.922215][ T3891]  ? __pfx_free_modprobe_argv+0x10/0x10
[  742.922244][ T3891]  __request_module+0x38f/0x5d0
[  742.922274][ T3891]  ? rtnl_link_ops_get+0x23/0x250
[  742.922300][ T3891]  ? __pfx___request_module+0x10/0x10
[  742.922337][ T3891]  ? rtnl_link_ops_get+0x23/0x250
[  742.922359][ T3891]  ? rtnl_link_ops_get+0x23/0x250
[  742.922384][ T3891]  ? rtnl_link_ops_get+0x215/0x250
[  742.922413][ T3891]  rtnl_newlink+0x65d/0x1c90
[  742.922438][ T3891]  ? kasan_save_track+0x3e/0x80
[  742.922457][ T3891]  ? kasan_save_free_info+0x46/0x50
[  742.922484][ T3891]  ? __kasan_slab_free+0x5c/0x80
[  742.922505][ T3891]  ? nlmon_xmit+0xb0/0x100
[  742.922530][ T3891]  ? netlink_deliver_tap+0x19c/0x1b0
[  742.922554][ T3891]  ? netlink_unicast+0x7fa/0x9e0
[  742.922574][ T3891]  ? netlink_sendmsg+0x805/0xb30
[  742.922600][ T3891]  ? __pfx_rtnl_newlink+0x10/0x10
[  742.922620][ T3891]  ? __se_sys_splice+0x2e1/0x460
[  742.922644][ T3891]  ? do_syscall_64+0xfa/0xf80
[  742.922664][ T3891]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.922723][ T3891]  ? kasan_quarantine_put+0xdd/0x220
[  742.922742][ T3891]  ? lockdep_hardirqs_on+0x98/0x140
[  742.922771][ T3891]  ? kmem_cache_free+0x197/0x620
[  742.922792][ T3891]  ? nlmon_xmit+0xb0/0x100
[  742.922829][ T3891]  ? __lock_acquire+0x6b6/0x2cf0
[  742.922855][ T3891]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  742.922883][ T3891]  ? __dev_queue_xmit+0x289/0x3140
[  742.922912][ T3891]  ? __dev_queue_xmit+0x289/0x3140
[  742.922937][ T3891]  ? __dev_queue_xmit+0x289/0x3140
[  742.922998][ T3891]  ? __pfx_rtnl_newlink+0x10/0x10
[  742.923020][ T3891]  rtnetlink_rcv_msg+0x7cf/0xb70
[  742.923048][ T3891]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  742.923070][ T3891]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  742.923090][ T3891]  ? ref_tracker_free+0x63a/0x7d0
[  742.923122][ T3891]  ? __asan_memcpy+0x40/0x70
[  742.923139][ T3891]  ? __pfx_ref_tracker_free+0x10/0x10
[  742.923172][ T3891]  netlink_rcv_skb+0x208/0x470
[  742.923200][ T3891]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  742.923226][ T3891]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  742.923264][ T3891]  ? netlink_deliver_tap+0x2e/0x1b0
[  742.923300][ T3891]  netlink_unicast+0x82f/0x9e0
[  742.923336][ T3891]  ? __pfx_netlink_unicast+0x10/0x10
[  742.923363][ T3891]  ? netlink_sendmsg+0x642/0xb30
[  742.923386][ T3891]  ? skb_put+0x11b/0x210
[  742.923415][ T3891]  netlink_sendmsg+0x805/0xb30
[  742.923454][ T3891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  742.923486][ T3891]  ? aa_sock_msg_perm+0xf1/0x1b0
[  742.923516][ T3891]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  742.923536][ T3891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  742.923565][ T3891]  __sock_sendmsg+0x21c/0x270
[  742.923600][ T3891]  sock_sendmsg+0x158/0x230
[  742.923634][ T3891]  ? __pfx_sock_sendmsg+0x10/0x10
[  742.923680][ T3891]  ? __asan_memset+0x22/0x50
[  742.923699][ T3891]  ? iov_iter_bvec+0xb8/0x180
[  742.923726][ T3891]  splice_to_socket+0x8f5/0xf00
[  742.923781][ T3891]  ? __pfx_splice_to_socket+0x10/0x10
[  742.923836][ T3891]  ? get_pid_task+0x20/0x1f0
[  742.923882][ T3891]  ? bpf_lsm_file_permission+0x9/0x20
[  742.923903][ T3891]  ? security_file_permission+0x75/0x290
[  742.923926][ T3891]  ? rw_verify_area+0x255/0x4d0
[  742.923948][ T3891]  ? __pfx_splice_to_socket+0x10/0x10
[  742.923975][ T3891]  do_splice+0xc79/0x1660
[  742.924032][ T3891]  ? __pfx_do_splice+0x10/0x10
[  742.924073][ T3891]  __se_sys_splice+0x2e1/0x460
[  742.924115][ T3891]  ? __pfx___se_sys_splice+0x10/0x10
[  742.924148][ T3891]  ? __x64_sys_splice+0x21/0xf0
[  742.924180][ T3891]  do_syscall_64+0xfa/0xf80
[  742.924203][ T3891]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.924224][ T3891]  ? clear_bhb_loop+0x60/0xb0
[  742.924250][ T3891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.924270][ T3891] RIP: 0033:0x7fc1fa98f749
[  742.924289][ T3891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.924307][ T3891] RSP: 002b:00007fc1fb7ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  742.924330][ T3891] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98f749
[  742.924345][ T3891] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  742.924358][ T3891] RBP: 00007fc1fb7ef090 R08: 0000000000010d00 R09: 0000000000000005
[  742.924372][ T3891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.924384][ T3891] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  742.924421][ T3891]  </TASK>
[  743.507008][ T3897] syzkaller0: entered promiscuous mode
[  743.514408][ T3897] syzkaller0: entered allmulticast mode
[  743.608141][ T3903] FAULT_INJECTION: forcing a failure.
[  743.608141][ T3903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.621729][ T3903] CPU: 1 UID: 0 PID: 3903 Comm: syz.2.13175 Not tainted syzkaller #0 PREEMPT(full) 
[  743.621757][ T3903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  743.621770][ T3903] Call Trace:
[  743.621778][ T3903]  <TASK>
[  743.621786][ T3903]  dump_stack_lvl+0x189/0x250
[  743.621816][ T3903]  ? __pfx____ratelimit+0x10/0x10
[  743.621842][ T3903]  ? __pfx_dump_stack_lvl+0x10/0x10
[  743.621867][ T3903]  ? __pfx__printk+0x10/0x10
[  743.621912][ T3903]  should_fail_ex+0x414/0x560
[  743.621950][ T3903]  _copy_to_user+0x31/0xb0
[  743.621978][ T3903]  simple_read_from_buffer+0xe1/0x170
[  743.622008][ T3903]  proc_fail_nth_read+0x1b3/0x220
[  743.622035][ T3903]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  743.622061][ T3903]  ? rw_verify_area+0x2a6/0x4d0
[  743.622080][ T3903]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  743.622104][ T3903]  vfs_read+0x200/0xa30
[  743.622122][ T3903]  ? fdget_pos+0x247/0x320
[  743.622153][ T3903]  ? __pfx___mutex_lock+0x10/0x10
[  743.622177][ T3903]  ? __pfx_vfs_read+0x10/0x10
[  743.622199][ T3903]  ? __fget_files+0x2a/0x420
[  743.622230][ T3903]  ? __fget_files+0x3a0/0x420
[  743.622254][ T3903]  ? __fget_files+0x2a/0x420
[  743.622290][ T3903]  ksys_read+0x145/0x250
[  743.622319][ T3903]  ? __pfx_ksys_read+0x10/0x10
[  743.622343][ T3903]  ? do_syscall_64+0xbe/0xf80
[  743.622370][ T3903]  do_syscall_64+0xfa/0xf80
[  743.622392][ T3903]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.622413][ T3903]  ? clear_bhb_loop+0x60/0xb0
[  743.622438][ T3903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.622457][ T3903] RIP: 0033:0x7fc1fa98e15c
[  743.622476][ T3903] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  743.622493][ T3903] RSP: 002b:00007fc1fb7ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  743.622515][ T3903] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98e15c
[  743.622530][ T3903] RDX: 000000000000000f RSI: 00007fc1fb7ef0a0 RDI: 0000000000000004
[  743.622542][ T3903] RBP: 00007fc1fb7ef090 R08: 0000000000000000 R09: 0000000000000000
[  743.622554][ T3903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  743.622566][ T3903] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  743.622601][ T3903]  </TASK>
[  743.939462][ T3905] netlink: 'syz.5.13177': attribute type 1 has an invalid length.
[  743.965755][ T3905] netlink: 224 bytes leftover after parsing attributes in process `syz.5.13177'.
[  744.138011][ T3910] siw: device registration error -23
[  744.211594][ T3913] lo: entered promiscuous mode
[  744.233874][ T3913] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  744.260352][ T5900] lo speed is unknown, defaulting to 1000
[  744.279327][ T5900] syz2: Port: 1 Link DOWN
[  744.505125][ T3938] FAULT_INJECTION: forcing a failure.
[  744.505125][ T3938] name failslab, interval 1, probability 0, space 0, times 0
[  744.519049][ T3938] CPU: 1 UID: 0 PID: 3938 Comm: syz.3.13189 Not tainted syzkaller #0 PREEMPT(full) 
[  744.519078][ T3938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  744.519091][ T3938] Call Trace:
[  744.519100][ T3938]  <TASK>
[  744.519109][ T3938]  dump_stack_lvl+0x189/0x250
[  744.519140][ T3938]  ? __pfx____ratelimit+0x10/0x10
[  744.519161][ T3938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.519186][ T3938]  ? __pfx__printk+0x10/0x10
[  744.519217][ T3938]  ? __pfx___might_resched+0x10/0x10
[  744.519241][ T3938]  ? fs_reclaim_acquire+0x7d/0x100
[  744.519269][ T3938]  should_fail_ex+0x414/0x560
[  744.519306][ T3938]  should_failslab+0xa8/0x100
[  744.519334][ T3938]  kmem_cache_alloc_noprof+0x88/0x710
[  744.519368][ T3938]  ? vm_area_alloc+0x24/0x140
[  744.519393][ T3938]  vm_area_alloc+0x24/0x140
[  744.519414][ T3938]  mmap_region+0xdea/0x1d10
[  744.519463][ T3938]  ? __pfx_mmap_region+0x10/0x10
[  744.519587][ T3938]  ? __lock_acquire+0x6b6/0x2cf0
[  744.519609][ T3938]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  744.519651][ T3938]  ? bpf_lsm_mmap_addr+0x9/0x20
[  744.519672][ T3938]  ? security_mmap_addr+0x71/0x270
[  744.519697][ T3938]  ? shmem_mapping+0xd/0x50
[  744.519720][ T3938]  ? memfd_check_seals_mmap+0xc5/0x200
[  744.519752][ T3938]  do_mmap+0xc45/0x10d0
[  744.519796][ T3938]  ? __pfx_do_mmap+0x10/0x10
[  744.519822][ T3938]  ? down_write_killable+0x178/0x230
[  744.519857][ T3938]  ? __pfx_down_write_killable+0x10/0x10
[  744.519881][ T3938]  ? common_file_perm+0x1b5/0x220
[  744.519916][ T3938]  vm_mmap_pgoff+0x2a6/0x4d0
[  744.519970][ T3938]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  744.519997][ T3938]  ? __fget_files+0x2a/0x420
[  744.520027][ T3938]  ? __fget_files+0x2a/0x420
[  744.520054][ T3938]  ? __fget_files+0x2a/0x420
[  744.520085][ T3938]  ksys_mmap_pgoff+0x51f/0x760
[  744.520124][ T3938]  do_syscall_64+0xfa/0xf80
[  744.520147][ T3938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.520168][ T3938]  ? clear_bhb_loop+0x60/0xb0
[  744.520193][ T3938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.520213][ T3938] RIP: 0033:0x7f056878f749
[  744.520232][ T3938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.520250][ T3938] RSP: 002b:00007f0569648038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  744.520271][ T3938] RAX: ffffffffffffffda RBX: 00007f05689e5fa0 RCX: 00007f056878f749
[  744.520287][ T3938] RDX: 000000000300000c RSI: 0000000000003000 RDI: 0000200000ffb000
[  744.520301][ T3938] RBP: 00007f0569648090 R08: 0000000000000003 R09: 0000000100000000
[  744.520315][ T3938] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  744.520328][ T3938] R13: 00007f05689e6038 R14: 00007f05689e5fa0 R15: 00007ffde0dddf68
[  744.520364][ T3938]  </TASK>
[  744.648859][ T3940] x_tables: duplicate underflow at hook 1
[  744.911376][ T3949] gretap0: mtu less than device minimum
[  744.949424][ T3951] macvlan0: entered promiscuous mode
[  744.960965][ T3948] syzkaller0: entered promiscuous mode
[  744.968549][ T3948] syzkaller0: entered allmulticast mode
[  745.089800][ T3958] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13196'.
[  745.164810][ T3962] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13198'.
[  745.350411][ T3977] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.13199'.
[  745.656661][ T3986] siw: device registration error -23
[  745.724512][ T4000] net veth1_virt_wifi .: renamed from virt_wifi0
[  745.747816][ T3997] syzkaller0: entered promiscuous mode
[  745.773122][ T3997] syzkaller0: entered allmulticast mode
[  745.863370][ T4002] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  746.203641][ T3999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13213'.
[  746.215570][ T4020] syzkaller0: entered promiscuous mode
[  746.221440][ T4020] syzkaller0: entered allmulticast mode
[  746.238107][ T3999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13213'.
[  746.253591][ T4020] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  746.312410][ T4023] lo: Caught tx_queue_len zero misconfig
[  746.614435][ T4041] syzkaller0: entered promiscuous mode
[  746.627277][ T4041] syzkaller0: entered allmulticast mode
[  746.976762][ T4065] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  746.986281][ T4065] syzkaller0: entered promiscuous mode
[  746.991809][ T4065] syzkaller0: entered allmulticast mode
[  747.004367][ T4059] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13234'.
[  747.016272][ T4065] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  747.025461][ T4071] x_tables: duplicate underflow at hook 1
[  747.156471][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.168493][ T4079] netlink: 56 bytes leftover after parsing attributes in process `syz.1.13240'.
[  747.179955][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.220349][ T4061] siw: device registration error -23
[  747.245941][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.284251][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.325088][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.327227][ T4086] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.13241'.
[  747.351271][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.374308][ T4075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13239'.
[  747.389552][ T4088] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  747.399807][ T4088] syzkaller0: entered promiscuous mode
[  747.405589][ T4088] syzkaller0: entered allmulticast mode
[  747.417250][ T4088] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  747.653999][ T4098] 8021q: adding VLAN 0 to HW filter on device bond10
[  747.729269][ T4108] hsr_slave_0: left promiscuous mode
[  748.131373][ T4134] x_tables: duplicate underflow at hook 3
[  748.235965][ T4139] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  748.273482][ T4139] syzkaller0: entered promiscuous mode
[  748.297675][ T4139] syzkaller0: entered allmulticast mode
[  748.339357][ T4139] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  748.600388][ T4152] siw: device registration error -23
[  749.160450][ T4195] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  749.194275][ T4195] syzkaller0: entered promiscuous mode
[  749.224308][ T4195] syzkaller0: entered allmulticast mode
[  749.256160][ T4195] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  749.290465][ T4205] FAULT_INJECTION: forcing a failure.
[  749.290465][ T4205] name failslab, interval 1, probability 0, space 0, times 0
[  749.311703][ T4205] CPU: 0 UID: 0 PID: 4205 Comm: syz.5.13282 Not tainted syzkaller #0 PREEMPT(full) 
[  749.311732][ T4205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  749.311745][ T4205] Call Trace:
[  749.311754][ T4205]  <TASK>
[  749.311763][ T4205]  dump_stack_lvl+0x189/0x250
[  749.311794][ T4205]  ? __pfx____ratelimit+0x10/0x10
[  749.311821][ T4205]  ? __pfx_dump_stack_lvl+0x10/0x10
[  749.311851][ T4205]  ? __pfx__printk+0x10/0x10
[  749.311883][ T4205]  ? __pfx___might_resched+0x10/0x10
[  749.311906][ T4205]  ? fs_reclaim_acquire+0x7d/0x100
[  749.311934][ T4205]  should_fail_ex+0x414/0x560
[  749.311971][ T4205]  should_failslab+0xa8/0x100
[  749.311996][ T4205]  __kmalloc_cache_noprof+0x84/0x700
[  749.312019][ T4205]  ? nf_tables_newchain+0xfe5/0x2750
[  749.312057][ T4205]  nf_tables_newchain+0xfe5/0x2750
[  749.312108][ T4205]  ? __pfx_nf_tables_newchain+0x10/0x10
[  749.312169][ T4205]  ? nft_trans_table_add+0x230/0x430
[  749.312199][ T4205]  ? nfnl_pernet+0x23/0x240
[  749.312234][ T4205]  ? __nla_parse+0x40/0x60
[  749.312262][ T4205]  nfnetlink_rcv+0x11d9/0x2590
[  749.312327][ T4205]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  749.312370][ T4205]  ? ref_tracker_free+0x63a/0x7d0
[  749.312424][ T4205]  ? __netlink_deliver_tap+0x807/0x850
[  749.312450][ T4205]  ? netlink_deliver_tap+0x2e/0x1b0
[  749.312497][ T4205]  netlink_unicast+0x82f/0x9e0
[  749.312532][ T4205]  ? __pfx_netlink_unicast+0x10/0x10
[  749.312558][ T4205]  ? netlink_sendmsg+0x642/0xb30
[  749.312583][ T4205]  ? skb_put+0x11b/0x210
[  749.312609][ T4205]  netlink_sendmsg+0x805/0xb30
[  749.312647][ T4205]  ? __pfx_netlink_sendmsg+0x10/0x10
[  749.312684][ T4205]  ? aa_sock_msg_perm+0xf1/0x1b0
[  749.312714][ T4205]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  749.312734][ T4205]  ? __pfx_netlink_sendmsg+0x10/0x10
[  749.312762][ T4205]  __sock_sendmsg+0x21c/0x270
[  749.312797][ T4205]  ____sys_sendmsg+0x505/0x820
[  749.312830][ T4205]  ? __pfx_____sys_sendmsg+0x10/0x10
[  749.312866][ T4205]  ? import_iovec+0x74/0xa0
[  749.312896][ T4205]  ___sys_sendmsg+0x21f/0x2a0
[  749.312923][ T4205]  ? __pfx____sys_sendmsg+0x10/0x10
[  749.312958][ T4205]  ? rcu_read_lock_any_held+0xb3/0x120
[  749.313017][ T4205]  ? __fget_files+0x2a/0x420
[  749.313043][ T4205]  ? __fget_files+0x3a0/0x420
[  749.313081][ T4205]  __x64_sys_sendmsg+0x19b/0x260
[  749.313110][ T4205]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  749.313146][ T4205]  ? __pfx_ksys_write+0x10/0x10
[  749.313170][ T4205]  ? do_syscall_64+0xbe/0xf80
[  749.313198][ T4205]  do_syscall_64+0xfa/0xf80
[  749.313220][ T4205]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.313242][ T4205]  ? clear_bhb_loop+0x60/0xb0
[  749.313267][ T4205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.313286][ T4205] RIP: 0033:0x7f473a38f749
[  749.313306][ T4205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.313323][ T4205] RSP: 002b:00007f473b150038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  749.313346][ T4205] RAX: ffffffffffffffda RBX: 00007f473a5e5fa0 RCX: 00007f473a38f749
[  749.313361][ T4205] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  749.313374][ T4205] RBP: 00007f473b150090 R08: 0000000000000000 R09: 0000000000000000
[  749.313387][ T4205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  749.313400][ T4205] R13: 00007f473a5e6038 R14: 00007f473a5e5fa0 R15: 00007ffd288f4df8
[  749.313436][ T4205]  </TASK>
[  750.014033][ T4226] netlink: 'syz.1.13289': attribute type 13 has an invalid length.
[  750.194782][ T5900] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  750.423454][ T4244] Cannot find set identified by id 1 to match
[  750.471672][ T4250] FAULT_INJECTION: forcing a failure.
[  750.471672][ T4250] name failslab, interval 1, probability 0, space 0, times 0
[  750.484753][ T4250] CPU: 1 UID: 0 PID: 4250 Comm: syz.2.13296 Not tainted syzkaller #0 PREEMPT(full) 
[  750.484784][ T4250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  750.484798][ T4250] Call Trace:
[  750.484807][ T4250]  <TASK>
[  750.484816][ T4250]  dump_stack_lvl+0x189/0x250
[  750.484850][ T4250]  ? __pfx____ratelimit+0x10/0x10
[  750.484872][ T4250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  750.484899][ T4250]  ? __pfx__printk+0x10/0x10
[  750.484938][ T4250]  ? __pfx___might_resched+0x10/0x10
[  750.484961][ T4250]  ? fs_reclaim_acquire+0x7d/0x100
[  750.484991][ T4250]  should_fail_ex+0x414/0x560
[  750.485030][ T4250]  should_failslab+0xa8/0x100
[  750.485059][ T4250]  __kvmalloc_node_noprof+0x175/0x920
[  750.485084][ T4250]  ? nf_tables_newchain+0x1b68/0x2750
[  750.485126][ T4250]  nf_tables_newchain+0x1b68/0x2750
[  750.485178][ T4250]  ? __pfx_nf_tables_newchain+0x10/0x10
[  750.485240][ T4250]  ? nft_trans_table_add+0x230/0x430
[  750.485270][ T4250]  ? nfnl_pernet+0x23/0x240
[  750.485304][ T4250]  ? __nla_parse+0x40/0x60
[  750.485332][ T4250]  nfnetlink_rcv+0x11d9/0x2590
[  750.485416][ T4250]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  750.485461][ T4250]  ? ref_tracker_free+0x63a/0x7d0
[  750.485515][ T4250]  ? __netlink_deliver_tap+0x807/0x850
[  750.485543][ T4250]  ? netlink_deliver_tap+0x2e/0x1b0
[  750.485596][ T4250]  netlink_unicast+0x82f/0x9e0
[  750.485631][ T4250]  ? __pfx_netlink_unicast+0x10/0x10
[  750.485658][ T4250]  ? netlink_sendmsg+0x642/0xb30
[  750.485683][ T4250]  ? skb_put+0x11b/0x210
[  750.485711][ T4250]  netlink_sendmsg+0x805/0xb30
[  750.485750][ T4250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.485782][ T4250]  ? aa_sock_msg_perm+0xf1/0x1b0
[  750.485811][ T4250]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  750.485831][ T4250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  750.485860][ T4250]  __sock_sendmsg+0x21c/0x270
[  750.485895][ T4250]  ____sys_sendmsg+0x505/0x820
[  750.485927][ T4250]  ? __pfx_____sys_sendmsg+0x10/0x10
[  750.485964][ T4250]  ? import_iovec+0x74/0xa0
[  750.485993][ T4250]  ___sys_sendmsg+0x21f/0x2a0
[  750.486022][ T4250]  ? __pfx____sys_sendmsg+0x10/0x10
[  750.486056][ T4250]  ? rcu_read_lock_any_held+0xb3/0x120
[  750.486114][ T4250]  ? __fget_files+0x2a/0x420
[  750.486140][ T4250]  ? __fget_files+0x3a0/0x420
[  750.486179][ T4250]  __x64_sys_sendmsg+0x19b/0x260
[  750.486208][ T4250]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  750.486245][ T4250]  ? __pfx_ksys_write+0x10/0x10
[  750.486271][ T4250]  ? do_syscall_64+0xbe/0xf80
[  750.486298][ T4250]  do_syscall_64+0xfa/0xf80
[  750.486321][ T4250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.486342][ T4250]  ? clear_bhb_loop+0x60/0xb0
[  750.486367][ T4250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.486387][ T4250] RIP: 0033:0x7fc1fa98f749
[  750.486406][ T4250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.486425][ T4250] RSP: 002b:00007fc1fb7ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  750.486449][ T4250] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98f749
[  750.486464][ T4250] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  750.486477][ T4250] RBP: 00007fc1fb7ef090 R08: 0000000000000000 R09: 0000000000000000
[  750.486490][ T4250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  750.486503][ T4250] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  750.486540][ T4250]  </TASK>
[  750.829541][ T4252] FAULT_INJECTION: forcing a failure.
[  750.829541][ T4252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  750.842734][ T4252] CPU: 1 UID: 0 PID: 4252 Comm: syz.5.13295 Not tainted syzkaller #0 PREEMPT(full) 
[  750.842764][ T4252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  750.842777][ T4252] Call Trace:
[  750.842787][ T4252]  <TASK>
[  750.842797][ T4252]  dump_stack_lvl+0x189/0x250
[  750.842828][ T4252]  ? __pfx____ratelimit+0x10/0x10
[  750.842850][ T4252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  750.842875][ T4252]  ? __pfx__printk+0x10/0x10
[  750.842920][ T4252]  should_fail_ex+0x414/0x560
[  750.842959][ T4252]  _copy_to_user+0x31/0xb0
[  750.842987][ T4252]  simple_read_from_buffer+0xe1/0x170
[  750.843019][ T4252]  proc_fail_nth_read+0x1b3/0x220
[  750.843046][ T4252]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  750.843072][ T4252]  ? rw_verify_area+0x2a6/0x4d0
[  750.843092][ T4252]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  750.843117][ T4252]  vfs_read+0x200/0xa30
[  750.843135][ T4252]  ? fdget_pos+0x247/0x320
[  750.843167][ T4252]  ? __pfx___mutex_lock+0x10/0x10
[  750.843191][ T4252]  ? __pfx_vfs_read+0x10/0x10
[  750.843213][ T4252]  ? __fget_files+0x2a/0x420
[  750.843244][ T4252]  ? __fget_files+0x3a0/0x420
[  750.843269][ T4252]  ? __fget_files+0x2a/0x420
[  750.843306][ T4252]  ksys_read+0x145/0x250
[  750.843329][ T4252]  ? __pfx_ksys_read+0x10/0x10
[  750.843353][ T4252]  ? do_syscall_64+0xbe/0xf80
[  750.843380][ T4252]  do_syscall_64+0xfa/0xf80
[  750.843404][ T4252]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.843425][ T4252]  ? clear_bhb_loop+0x60/0xb0
[  750.843450][ T4252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.843470][ T4252] RIP: 0033:0x7f473a38e15c
[  750.843490][ T4252] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  750.843515][ T4252] RSP: 002b:00007f47385d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  750.843536][ T4252] RAX: ffffffffffffffda RBX: 00007f473a5e6180 RCX: 00007f473a38e15c
[  750.843552][ T4252] RDX: 000000000000000f RSI: 00007f47385d50a0 RDI: 0000000000000006
[  750.843565][ T4252] RBP: 00007f47385d5090 R08: 0000000000000000 R09: 0000000100000000
[  750.843578][ T4252] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002
[  750.843591][ T4252] R13: 00007f473a5e6218 R14: 00007f473a5e6180 R15: 00007ffd288f4df8
[  750.843627][ T4252]  </TASK>
[  751.122919][ T4254] syz.3.13298: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  751.124080][ T5900] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  751.166081][ T4254] CPU: 0 UID: 0 PID: 4254 Comm: syz.3.13298 Not tainted syzkaller #0 PREEMPT(full) 
[  751.166115][ T4254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  751.166129][ T4254] Call Trace:
[  751.166138][ T4254]  <TASK>
[  751.166153][ T4254]  dump_stack_lvl+0x189/0x250
[  751.166195][ T4254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  751.166221][ T4254]  ? __pfx__printk+0x10/0x10
[  751.166253][ T4254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  751.166277][ T4254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  751.166304][ T4254]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  751.166330][ T4254]  warn_alloc+0x214/0x310
[  751.166354][ T4254]  ? stack_trace_save+0x9c/0xe0
[  751.166388][ T4254]  ? __pfx_warn_alloc+0x10/0x10
[  751.166419][ T4254]  ? kasan_save_track+0x4f/0x80
[  751.166438][ T4254]  ? kasan_save_track+0x3e/0x80
[  751.166456][ T4254]  ? __kasan_kmalloc+0x93/0xb0
[  751.166477][ T4254]  ? __kmalloc_cache_noprof+0x3e2/0x700
[  751.166496][ T4254]  ? xskq_create+0x56/0x170
[  751.166527][ T4254]  ? xsk_setsockopt+0x4dc/0x8d0
[  751.166553][ T4254]  ? do_sock_setsockopt+0x17c/0x1b0
[  751.166575][ T4254]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  751.166597][ T4254]  ? do_syscall_64+0xfa/0xf80
[  751.166623][ T4254]  __vmalloc_node_range_noprof+0x134/0x16a0
[  751.166689][ T4254]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  751.166719][ T4254]  ? __kasan_kmalloc+0x93/0xb0
[  751.166756][ T4254]  vmalloc_user_noprof+0xad/0xf0
[  751.166777][ T4254]  ? xskq_create+0xbf/0x170
[  751.166817][ T4254]  xskq_create+0xbf/0x170
[  751.166854][ T4254]  xsk_init_queue+0xb0/0x110
[  751.166888][ T4254]  xsk_setsockopt+0x4dc/0x8d0
[  751.166922][ T4254]  ? __pfx_xsk_setsockopt+0x10/0x10
[  751.166966][ T4254]  ? __pfx_aa_sk_perm+0x10/0x10
[  751.166995][ T4254]  ? aa_sock_opt_perm+0xff/0x1a0
[  751.167026][ T4254]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  751.167046][ T4254]  ? __pfx_xsk_setsockopt+0x10/0x10
[  751.167078][ T4254]  do_sock_setsockopt+0x17c/0x1b0
[  751.167108][ T4254]  __x64_sys_setsockopt+0x13f/0x1b0
[  751.167139][ T4254]  do_syscall_64+0xfa/0xf80
[  751.167162][ T4254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.167183][ T4254]  ? clear_bhb_loop+0x60/0xb0
[  751.167210][ T4254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.167230][ T4254] RIP: 0033:0x7f056878f749
[  751.167250][ T4254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  751.167268][ T4254] RSP: 002b:00007f0569648038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  751.167292][ T4254] RAX: ffffffffffffffda RBX: 00007f05689e5fa0 RCX: 00007f056878f749
[  751.167308][ T4254] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  751.167321][ T4254] RBP: 00007f0568813f91 R08: 0000000000000004 R09: 0000000000000000
[  751.167335][ T4254] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  751.167348][ T4254] R13: 00007f05689e6038 R14: 00007f05689e5fa0 R15: 00007ffde0dddf68
[  751.167385][ T4254]  </TASK>
[  751.167396][ T4254] Mem-Info:
[  751.539774][ T4254] active_anon:4695 inactive_anon:6 isolated_anon:0
[  751.539774][ T4254]  active_file:2956 inactive_file:40596 isolated_file:0
[  751.539774][ T4254]  unevictable:768 dirty:159 writeback:0
[  751.539774][ T4254]  slab_reclaimable:12480 slab_unreclaimable:164210
[  751.539774][ T4254]  mapped:30248 shmem:1358 pagetables:1406
[  751.539774][ T4254]  sec_pagetables:0 bounce:0
[  751.539774][ T4254]  kernel_misc_reclaimable:0
[  751.539774][ T4254]  free:1257307 free_pcp:14845 free_cma:0
[  751.617113][ T4254] Node 0 active_anon:18780kB inactive_anon:24kB active_file:11824kB inactive_file:162180kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120992kB dirty:636kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14220kB pagetables:5576kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  751.680940][ T4254] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  751.739774][ T4254] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  751.847812][ T4254] lowmem_reserve[]: 0 2499 2501 2501 2501
[  751.853820][ T4254] Node 0 DMA32 free:1129568kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18380kB inactive_anon:24kB active_file:11824kB inactive_file:162180kB unevictable:1536kB writepending:636kB zspages:0kB present:3129332kB managed:2559356kB mlocked:0kB bounce:0kB free_pcp:39612kB local_pcp:20584kB free_cma:0kB
[  751.929109][ T4254] lowmem_reserve[]: 0 0 1 1 1
[  751.944120][ T4254] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  751.991553][ T4254] lowmem_reserve[]: 0 0 0 0 0
[  751.998461][ T4254] Node 1 Normal free:3884300kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19924kB local_pcp:8740kB free_cma:0kB
[  752.007996][ T4287] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  752.068085][ T4254] lowmem_reserve[]: 0 0 0 0 0
[  752.091981][ T4254] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  752.122034][ T4254] Node 0 DMA32: 5315*4kB (UME) 4607*8kB (UME) 2564*16kB (UM) 358*32kB (UM) 188*64kB (UME) 667*128kB (UME) 529*256kB (UME) 377*512kB (UME) 213*1024kB (UM) 59*2048kB (UM) 62*4096kB (M) = 1129348kB
[  752.156684][ T4254] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  752.215505][ T4254] Node 1 Normal: 193*4kB (UE) 51*8kB (UME) 47*16kB (UME) 100*32kB (UME) 28*64kB (UME) 10*128kB (UME) 5*256kB (UME) 2*512kB (M) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3884300kB
[  752.248482][ T4254] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  752.264182][ T4254] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  752.274648][ T4254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  752.307352][ T4254] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  752.317613][ T4254] 44906 total pagecache pages
[  752.323232][ T4254] 0 pages in swap cache
[  752.327796][ T4254] Free swap  = 124996kB
[  752.332611][ T4254] Total swap = 124996kB
[  752.336805][ T4254] 2097051 pages RAM
[  752.340736][ T4254] 0 pages HighMem/MovableOnly
[  752.349307][ T4254] 425122 pages reserved
[  752.356591][ T4254] 0 pages cma reserved
[  752.544098][ T4310] syzkaller0: entered promiscuous mode
[  752.549649][ T4310] syzkaller0: entered allmulticast mode
[  752.561287][ T4310] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  752.676572][ T4318] __nla_validate_parse: 68 callbacks suppressed
[  752.676595][ T4318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13319'.
[  752.746217][ T4321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.796414][ T4321] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13318'.
[  752.900455][ T4316] syzkaller0: entered promiscuous mode
[  752.963832][ T4316] syzkaller0: entered allmulticast mode
[  753.018690][ T4338] sctp: [Deprecated]: syz.2.13323 (pid 4338) Use of struct sctp_assoc_value in delayed_ack socket option.
[  753.018690][ T4338] Use struct sctp_sack_info instead
[  753.140396][ T4343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13324'.
[  753.328855][ T4350] netlink: 'syz.2.13327': attribute type 25 has an invalid length.
[  753.494599][ T4353] Unsupported ieee802154 address type: 0
[  753.509605][ T4353] RDS: rds_bind could not find a transport for ::ffff:172.30.0.4, load rds_tcp or rds_rdma?
[  754.737052][ T4351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13325'.
[  754.838643][ T4358] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  754.908230][ T4364] netlink: 16 bytes leftover after parsing attributes in process `syz.4.13330'.
[  754.942264][ T4364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13330'.
[  754.961768][ T4362] netlink: 16 bytes leftover after parsing attributes in process `syz.4.13330'.
[  755.017078][ T4369] syzkaller0: entered promiscuous mode
[  755.023040][ T4369] syzkaller0: entered allmulticast mode
[  755.031321][ T4362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13330'.
[  755.047253][ T4369] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  755.176711][ T4379] netlink: 3756 bytes leftover after parsing attributes in process `syz.5.13335'.
[  755.438211][ T4390] syzkaller0: entered promiscuous mode
[  755.445234][ T4390] syzkaller0: entered allmulticast mode
[  755.931672][ T4419] netlink: 'syz.5.13347': attribute type 10 has an invalid length.
[  755.940872][ T4419] netlink: 228 bytes leftover after parsing attributes in process `syz.5.13347'.
[  756.020787][ T4424] FAULT_INJECTION: forcing a failure.
[  756.020787][ T4424] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  756.053117][ T4424] CPU: 0 UID: 0 PID: 4424 Comm: syz.3.13349 Not tainted syzkaller #0 PREEMPT(full) 
[  756.053143][ T4424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  756.053165][ T4424] Call Trace:
[  756.053173][ T4424]  <TASK>
[  756.053180][ T4424]  dump_stack_lvl+0x189/0x250
[  756.053208][ T4424]  ? __pfx____ratelimit+0x10/0x10
[  756.053226][ T4424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.053247][ T4424]  ? __pfx__printk+0x10/0x10
[  756.053284][ T4424]  should_fail_ex+0x414/0x560
[  756.053318][ T4424]  _copy_to_user+0x31/0xb0
[  756.053342][ T4424]  simple_read_from_buffer+0xe1/0x170
[  756.053369][ T4424]  proc_fail_nth_read+0x1b3/0x220
[  756.053396][ T4424]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.053422][ T4424]  ? rw_verify_area+0x2a6/0x4d0
[  756.053442][ T4424]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.053467][ T4424]  vfs_read+0x200/0xa30
[  756.053484][ T4424]  ? fdget_pos+0x247/0x320
[  756.053509][ T4424]  ? __pfx___mutex_lock+0x10/0x10
[  756.053529][ T4424]  ? __pfx_vfs_read+0x10/0x10
[  756.053545][ T4424]  ? __fget_files+0x2a/0x420
[  756.053574][ T4424]  ? __fget_files+0x3a0/0x420
[  756.053598][ T4424]  ? __fget_files+0x2a/0x420
[  756.053634][ T4424]  ksys_read+0x145/0x250
[  756.053657][ T4424]  ? __pfx_ksys_read+0x10/0x10
[  756.053681][ T4424]  ? do_syscall_64+0xbe/0xf80
[  756.053707][ T4424]  do_syscall_64+0xfa/0xf80
[  756.053730][ T4424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.053751][ T4424]  ? clear_bhb_loop+0x60/0xb0
[  756.053777][ T4424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.053796][ T4424] RIP: 0033:0x7f056878e15c
[  756.053816][ T4424] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  756.053834][ T4424] RSP: 002b:00007f0569648030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  756.053856][ T4424] RAX: ffffffffffffffda RBX: 00007f05689e5fa0 RCX: 00007f056878e15c
[  756.053872][ T4424] RDX: 000000000000000f RSI: 00007f05696480a0 RDI: 0000000000000004
[  756.053884][ T4424] RBP: 00007f0569648090 R08: 0000000000000000 R09: 0000000000000000
[  756.053897][ T4424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  756.053909][ T4424] R13: 00007f05689e6038 R14: 00007f05689e5fa0 R15: 00007ffde0dddf68
[  756.053946][ T4424]  </TASK>
[  756.056772][ T4425] syzkaller0: entered promiscuous mode
[  756.306573][ T4425] syzkaller0: entered allmulticast mode
[  756.316300][ T4426] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  756.568279][ T4432] netlink: 'syz.3.13351': attribute type 13 has an invalid length.
[  757.237891][ T4477] syzkaller0: entered promiscuous mode
[  757.252550][ T4477] syzkaller0: entered allmulticast mode
[  757.286495][ T4477] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  757.518831][ T4444] lo speed is unknown, defaulting to 1000
[  757.565543][ T4444] wlan0 speed is unknown, defaulting to 1000
[  757.755228][ T4498] º
: renamed from veth1_vlan (while UP)
[  757.950113][ T4505] __nla_validate_parse: 2 callbacks suppressed
[  757.950134][ T4505] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13374'.
[  758.327861][ T4522] syzkaller0: entered promiscuous mode
[  758.333740][ T4522] syzkaller0: entered allmulticast mode
[  758.502162][ T4522] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  758.583209][ T4532] netlink: 'syz.3.13387': attribute type 13 has an invalid length.
[  758.736222][ T4541] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  759.296711][ T4571] Bluetooth: MGMT ver 1.23
[  759.489375][ T4577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  759.511049][ T4577] syzkaller0: entered promiscuous mode
[  759.517255][ T4580] netlink: 'syz.4.13402': attribute type 25 has an invalid length.
[  759.530666][ T4577] syzkaller0: entered allmulticast mode
[  759.592512][ T4577] tipc: Resetting bearer <eth:syzkaller0>
[  759.609715][ T4576] tipc: Resetting bearer <eth:syzkaller0>
[  759.664288][ T4576] tipc: Disabling bearer <eth:syzkaller0>
[  759.675212][ T4587] netlink: 'syz.4.13405': attribute type 13 has an invalid length.
[  759.862675][ T4601] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  759.977221][ T4610] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  759.989696][ T4611] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  760.025692][ T4609] netlink: 'syz.1.13411': attribute type 30 has an invalid length.
[  760.066136][ T4601] tipc: Resetting bearer <eth:syzkaller0>
[  760.084221][ T4609] workqueue: Failed to create a rescuer kthread for wq "bond11": -EINTR
[  760.138305][ T4600] tipc: Disabling bearer <eth:syzkaller0>
[  760.328517][ T4632] netlink: 'syz.4.13417': attribute type 1 has an invalid length.
[  760.345918][ T4630] netlink: 'syz.2.13415': attribute type 25 has an invalid length.
[  760.425905][ T4632] 8021q: adding VLAN 0 to HW filter on device bond0
[  760.870938][ T4658] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13417'.
[  761.249611][ T4664] netlink: 'syz.1.13424': attribute type 13 has an invalid length.
[  762.371794][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0
[  762.379086][ T4640] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  762.392237][ T4640] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  762.469784][ T4632] veth9: entered promiscuous mode
[  762.478943][ T4632] bond0: (slave veth9): Enslaving as an active interface with a down link
[  762.498896][ T4658] 8021q: adding VLAN 0 to HW filter on device bond0
[  762.550861][ T4677] netlink: 52 bytes leftover after parsing attributes in process `syz.5.13426'.
[  762.644764][ T4673] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  762.654570][ T5948] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  762.668755][ T4684] netlink: 76 bytes leftover after parsing attributes in process `syz.5.13426'.
[  762.715337][ T4677] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.722805][ T4677] bridge0: port 1(bridge_slave_0) entered disabled state
[  762.778556][ T4684] bridge0: entered promiscuous mode
[  762.800020][ T4690] netlink: 'syz.3.13430': attribute type 25 has an invalid length.
[  762.805181][ T4684] netlink: 52 bytes leftover after parsing attributes in process `syz.5.13426'.
[  762.828963][ T4689] syzkaller0: entered promiscuous mode
[  762.834765][ T4689] syzkaller0: entered allmulticast mode
[  762.866140][ T4689] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  762.975108][ T4694] syzkaller0: entered promiscuous mode
[  762.981619][ T4694] syzkaller0: entered allmulticast mode
[  763.213176][ T4709] netlink: 'syz.4.13436': attribute type 1 has an invalid length.
[  763.353800][ T4716] netlink: 'syz.1.13438': attribute type 4 has an invalid length.
[  763.386912][ T4718] netlink: 'syz.3.13440': attribute type 1 has an invalid length.
[  763.615523][ T4711] lo speed is unknown, defaulting to 1000
[  763.623685][ T4711] wlan0 speed is unknown, defaulting to 1000
[  763.634981][ T4727] netlink: 'syz.4.13444': attribute type 25 has an invalid length.
[  763.644989][ T4726] syzkaller0: entered promiscuous mode
[  763.655767][ T5948] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  763.663327][ T4726] syzkaller0: entered allmulticast mode
[  763.706777][ T4726] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  763.813908][ T4729] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13443'.
[  763.826895][ T4729] netlink: 'syz.3.13443': attribute type 1 has an invalid length.
[  763.855202][ T4729] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13443'.
[  763.878306][ T4735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13448'.
[  763.894263][ T4735] netlink: 'syz.2.13448': attribute type 10 has an invalid length.
[  763.902624][ T4735] netlink: 40 bytes leftover after parsing attributes in process `syz.2.13448'.
[  764.182299][ T4751] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13453'.
[  764.245947][ T4749] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  764.342827][ T4757] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13455'.
[  764.382127][ T4757] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13455'.
[  764.423085][ T4757] netlink: 'syz.5.13455': attribute type 1 has an invalid length.
[  764.525433][ T4759] netlink: 'syz.3.13456': attribute type 13 has an invalid length.
[  764.637638][ T4763] bond6: (slave gretap3): making interface the new active one
[  764.650794][ T4763] bond6: (slave gretap3): Enslaving as an active interface with an up link
[  765.335946][ T4781] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13461'.
[  765.388823][ T4781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13461'.
[  765.417842][ T4781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13461'.
[  765.449192][ T4784] syzkaller0: entered promiscuous mode
[  765.455122][ T4784] syzkaller0: entered allmulticast mode
[  765.499271][ T4784] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  765.933947][ T4816] bond0: Caught tx_queue_len zero misconfig
[  766.297988][ T4842] bond10 (unregistering): Released all slaves
[  766.364564][ T4848] syzkaller0: entered promiscuous mode
[  766.370142][ T4848] syzkaller0: entered allmulticast mode
[  766.400042][ T4848] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  766.713014][ T4872] validate_nla: 2 callbacks suppressed
[  766.713035][ T4872] netlink: 'syz.3.13491': attribute type 4 has an invalid length.
[  766.908174][ T4882] syzkaller0: entered promiscuous mode
[  766.922016][ T4882] syzkaller0: entered allmulticast mode
[  766.929218][ T4880] lo: Caught tx_queue_len zero misconfig
[  766.967891][ T4882] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  767.259657][ T4896] syzkaller0: entered promiscuous mode
[  767.286683][ T4896] syzkaller0: entered allmulticast mode
[  767.328293][ T4896] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  767.737165][ T4946] syzkaller0: entered promiscuous mode
[  767.747307][ T4946] syzkaller0: entered allmulticast mode
[  767.758028][ T4946] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  768.052249][ T4963] tipc: Resetting bearer <ib:gretap0>
[  768.254201][ T4973] syzkaller0: entered promiscuous mode
[  768.259752][ T4973] syzkaller0: entered allmulticast mode
[  768.310084][ T4973] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  768.785363][ T4991] netlink: 'syz.2.13537': attribute type 13 has an invalid length.
[  768.950712][ T4994] syzkaller0: entered promiscuous mode
[  768.956694][ T4994] syzkaller0: entered allmulticast mode
[  769.116024][ T4991] tipc: Resetting bearer <eth:macvlan1>
[  769.206411][ T4999] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  769.381582][ T5014] __nla_validate_parse: 10 callbacks suppressed
[  769.381604][ T5014] netlink: 40 bytes leftover after parsing attributes in process `syz.2.13541'.
[  769.474061][ T5023] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  769.949162][ T5014] lo speed is unknown, defaulting to 1000
[  769.957354][ T5014] wlan0 speed is unknown, defaulting to 1000
[  770.180756][ T5031] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  770.206185][ T5031] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  770.236889][ T5057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13552'.
[  770.247923][ T5055] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13551'.
[  770.324953][ T5062] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13551'.
[  770.351547][ T5062] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13551'.
[  770.374496][ T5060] syzkaller0: entered promiscuous mode
[  770.397001][ T5060] syzkaller0: entered allmulticast mode
[  770.407934][ T5060] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  771.308305][ T5094] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13564'.
[  771.352564][ T5094] netlink: 48 bytes leftover after parsing attributes in process `syz.4.13564'.
[  771.607085][ T5121] netlink: 'syz.2.13569': attribute type 2 has an invalid length.
[  771.639343][ T5121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13569'.
[  771.667815][ T5125] netlink: 'syz.4.13570': attribute type 1 has an invalid length.
[  771.967047][ T5107] syzkaller0: entered promiscuous mode
[  771.972804][ T5107] syzkaller0: entered allmulticast mode
[  772.073334][ T5142] bond10: (slave bridge0): Enslaving as an active interface with an up link
[  772.174135][ T5155] netlink: 'syz.1.13575': attribute type 2 has an invalid length.
[  772.182352][ T5155] netlink: 'syz.1.13575': attribute type 1 has an invalid length.
[  773.913921][ T5140] macvlan2: entered promiscuous mode
[  773.919284][ T5140] macvlan2: entered allmulticast mode
[  773.926593][ T5140] bond10: entered promiscuous mode
[  773.932432][ T5140] bridge0: entered promiscuous mode
[  773.938450][ T5140] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  773.947298][ T5140] bond10: left promiscuous mode
[  773.953043][ T5140] bridge0: left promiscuous mode
[  773.998144][ T5158] syzkaller0: entered promiscuous mode
[  774.007622][ T5158] syzkaller0: entered allmulticast mode
[  774.119578][ T5192] netlink: 68 bytes leftover after parsing attributes in process `syz.1.13581'.
[  774.706117][ T5226] syzkaller0: entered promiscuous mode
[  774.711656][ T5226] syzkaller0: entered allmulticast mode
[  774.733828][ T5231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13590'.
[  774.814995][ T5231] vlan2: entered allmulticast mode
[  774.820235][ T5231] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode
[  774.954806][ T5237] syzkaller0: entered promiscuous mode
[  774.962920][ T5237] syzkaller0: entered allmulticast mode
[  774.989874][ T5237] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  775.099344][ T5250] netlink: 'syz.4.13598': attribute type 23 has an invalid length.
[  775.924385][ T5285] syzkaller0: entered promiscuous mode
[  775.932892][ T5285] syzkaller0: entered allmulticast mode
[  775.960811][ T5290] syzkaller0: entered promiscuous mode
[  775.979399][ T5290] syzkaller0: entered allmulticast mode
[  776.063968][ T5298] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  776.628951][ T5332] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13627'.
[  776.672819][ T5331] syzkaller0: entered promiscuous mode
[  776.678364][ T5331] syzkaller0: entered allmulticast mode
[  776.856320][ T5341] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  776.874138][ T5341] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  776.919645][ T5341] tipc: Resetting bearer <eth:syzkaller0>
[  776.953915][ T5340] tipc: Disabling bearer <eth:syzkaller0>
[  777.146515][ T5360] netlink: 4552 bytes leftover after parsing attributes in process `syz.5.13638'.
[  777.156391][ T5360] netlink: 4552 bytes leftover after parsing attributes in process `syz.5.13638'.
[  777.219462][ T5363] netlink: 'syz.3.13640': attribute type 10 has an invalid length.
[  777.229599][ T5363] 8021q: adding VLAN 0 to HW filter on device team0
[  777.258665][ T5363] bond0: (slave team0): Enslaving as an active interface with a down link
[  777.397773][ T5373] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  777.405971][ T5373] syzkaller0: entered promiscuous mode
[  777.411816][ T5373] syzkaller0: entered allmulticast mode
[  777.446311][ T5373] tipc: Resetting bearer <eth:syzkaller0>
[  777.467000][ T5371] tipc: Resetting bearer <eth:syzkaller0>
[  777.503155][ T5379] netlink: 'syz.3.13646': attribute type 1 has an invalid length.
[  777.523565][ T5371] tipc: Disabling bearer <eth:syzkaller0>
[  777.596471][ T5379] bond12: (slave bridge16): Enslaving as an active interface with an up link
[  777.689844][ T5379] bond12: (slave gretap2): Enslaving as an active interface with an up link
[  777.722820][ T5383] macvlan6: entered promiscuous mode
[  777.728202][ T5383] macvlan6: entered allmulticast mode
[  777.748176][ T5383] bond12: entered promiscuous mode
[  777.754303][ T5383] bridge16: entered promiscuous mode
[  777.759908][ T5383] gretap2: entered promiscuous mode
[  777.769087][ T5383] 8021q: adding VLAN 0 to HW filter on device macvlan6
[  777.794879][ T5383] bond12: left promiscuous mode
[  777.812406][ T5383] bridge16: left promiscuous mode
[  777.818057][ T5383] gretap2: left promiscuous mode
[  777.977993][ T5392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  778.035965][ T5385] tipc: Resetting bearer <eth:syzkaller0>
[  778.172918][ T5384] tipc: Disabling bearer <eth:syzkaller0>
[  778.255613][ T5421] netlink: 'syz.3.13654': attribute type 2 has an invalid length.
[  778.532880][ T5433] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  778.542802][ T5433] syzkaller0: entered promiscuous mode
[  778.548372][ T5433] syzkaller0: entered allmulticast mode
[  778.563481][ T5435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13661'.
[  778.602148][ T5433] tipc: Resetting bearer <eth:syzkaller0>
[  778.631596][ T5430] tipc: Resetting bearer <eth:syzkaller0>
[  778.685927][ T5443] IPVS: length: 130 != 8
[  778.736132][ T5430] tipc: Disabling bearer <eth:syzkaller0>
[  778.911694][ T5457] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13664'.
[  779.186330][ T5472] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13671'.
[  779.217073][ T5476] FAULT_INJECTION: forcing a failure.
[  779.217073][ T5476] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  779.247454][ T5476] CPU: 0 UID: 0 PID: 5476 Comm: syz.5.13670 Not tainted syzkaller #0 PREEMPT(full) 
[  779.247483][ T5476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  779.247496][ T5476] Call Trace:
[  779.247505][ T5476]  <TASK>
[  779.247514][ T5476]  dump_stack_lvl+0x189/0x250
[  779.247546][ T5476]  ? __pfx____ratelimit+0x10/0x10
[  779.247569][ T5476]  ? __pfx_dump_stack_lvl+0x10/0x10
[  779.247595][ T5476]  ? __pfx__printk+0x10/0x10
[  779.247642][ T5476]  should_fail_ex+0x414/0x560
[  779.247681][ T5476]  _copy_to_user+0x31/0xb0
[  779.247710][ T5476]  simple_read_from_buffer+0xe1/0x170
[  779.247743][ T5476]  proc_fail_nth_read+0x1b3/0x220
[  779.247771][ T5476]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  779.247806][ T5476]  ? rw_verify_area+0x2a6/0x4d0
[  779.247826][ T5476]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  779.247851][ T5476]  vfs_read+0x200/0xa30
[  779.247870][ T5476]  ? fdget_pos+0x247/0x320
[  779.247902][ T5476]  ? __pfx___mutex_lock+0x10/0x10
[  779.247927][ T5476]  ? __pfx_vfs_read+0x10/0x10
[  779.247950][ T5476]  ? __fget_files+0x2a/0x420
[  779.247982][ T5476]  ? __fget_files+0x3a0/0x420
[  779.248008][ T5476]  ? __fget_files+0x2a/0x420
[  779.248045][ T5476]  ksys_read+0x145/0x250
[  779.248069][ T5476]  ? __pfx_ksys_read+0x10/0x10
[  779.248095][ T5476]  ? do_syscall_64+0xbe/0xf80
[  779.248123][ T5476]  do_syscall_64+0xfa/0xf80
[  779.248147][ T5476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.248168][ T5476]  ? clear_bhb_loop+0x60/0xb0
[  779.248194][ T5476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.248215][ T5476] RIP: 0033:0x7f473a38e15c
[  779.248235][ T5476] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  779.248253][ T5476] RSP: 002b:00007f47385f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  779.248275][ T5476] RAX: ffffffffffffffda RBX: 00007f473a5e6090 RCX: 00007f473a38e15c
[  779.248291][ T5476] RDX: 000000000000000f RSI: 00007f47385f60a0 RDI: 0000000000000005
[  779.248305][ T5476] RBP: 00007f47385f6090 R08: 0000000000000000 R09: 0000000000000000
[  779.248319][ T5476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  779.248332][ T5476] R13: 00007f473a5e6128 R14: 00007f473a5e6090 R15: 00007ffd288f4df8
[  779.248371][ T5476]  </TASK>
[  779.646147][ T5486] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  779.675197][ T5486] syzkaller0: entered promiscuous mode
[  779.680822][ T5486] syzkaller0: entered allmulticast mode
[  779.698008][ T5486] tipc: Resetting bearer <eth:syzkaller0>
[  779.722424][ T5485] tipc: Resetting bearer <eth:syzkaller0>
[  779.766416][ T5485] tipc: Disabling bearer <eth:syzkaller0>
[  779.835179][ T5498] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13679'.
[  779.872245][ T5498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13679'.
[  779.893665][ T5504] syzkaller0: entered promiscuous mode
[  779.899210][ T5504] syzkaller0: entered allmulticast mode
[  779.923698][ T5509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13681'.
[  779.954808][ T5498] TC_ACT_REPEAT abuse ?
[  780.447950][ T5537] netlink: 'syz.4.13690': attribute type 13 has an invalid length.
[  781.129478][ T5595] netem: change failed
[  781.334369][ T5602] bridge0: left allmulticast mode
[  781.409607][ T5606] netlink: 'syz.2.13709': attribute type 13 has an invalid length.
[  781.451354][ T5606] tipc: Resetting bearer <eth:macvlan1>
[  782.038855][ T5653] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  782.207203][ T5662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13725'.
[  782.221680][ T5666] netlink: 224 bytes leftover after parsing attributes in process `syz.5.13724'.
[  782.247046][ T5662] tipc: Resetting bearer <eth:macvlan1>
[  782.256694][ T5657] netlink: 'syz.3.13726': attribute type 13 has an invalid length.
[  782.267056][ T5662] veth1_vlan: left promiscuous mode
[  782.346217][ T5662] tipc: Disabling bearer <eth:macvlan1>
[  782.418556][ T5673] netlink: 'syz.4.13731': attribute type 29 has an invalid length.
[  782.450543][ T5673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13731'.
[  782.583651][ T5683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13734'.
[  782.597983][ T5683] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13734'.
[  782.943472][ T5705] netlink: 'syz.1.13743': attribute type 11 has an invalid length.
[  782.951571][ T5705] netlink: 64 bytes leftover after parsing attributes in process `syz.1.13743'.
[  783.079963][ T5706] netlink: 'syz.3.13742': attribute type 13 has an invalid length.
[  783.138635][ T5716] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  783.605288][ T5746] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  783.636733][ T5746] syzkaller0: entered promiscuous mode
[  783.652054][ T5746] syzkaller0: entered allmulticast mode
[  783.736089][ T5746] tipc: Resetting bearer <eth:syzkaller0>
[  783.754690][ T5745] tipc: Resetting bearer <eth:syzkaller0>
[  783.825889][ T5745] tipc: Disabling bearer <eth:syzkaller0>
[  784.007305][ T5765] sit0: Caught tx_queue_len zero misconfig
[  784.033306][ T5765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13760'.
[  784.110828][ T5773] netlink: 'syz.5.13763': attribute type 1 has an invalid length.
[  784.230324][ T5773] 8021q: adding VLAN 0 to HW filter on device bond7
[  784.279230][ T5776] bond7: (slave geneve2): making interface the new active one
[  784.288738][ T5776] bond7: (slave geneve2): Enslaving as an active interface with an up link
[  784.298628][ T5780] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  785.010024][ T5839] lo: Caught tx_queue_len zero misconfig
[  785.257516][ T5864] netlink: 'syz.3.13780': attribute type 1 has an invalid length.
[  785.272647][ T5867] ip6gre1: entered allmulticast mode
[  785.339027][ T5873] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  785.367053][ T5883] __nla_validate_parse: 3 callbacks suppressed
[  785.367073][ T5883] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13783'.
[  785.857149][ T5939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13789'.
[  785.874419][ T5940] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  786.055253][ T5951] netlink: 'syz.3.13795': attribute type 1 has an invalid length.
[  786.147867][ T5959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13798'.
[  786.365465][ T5973] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13804'.
[  786.405506][ T5974] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  786.464583][ T5980] veth0: entered promiscuous mode
[  786.475119][ T5980] veth0: left promiscuous mode
[  786.612465][ T5989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.13808'.
[  786.698140][ T5997] netlink: 'syz.1.13810': attribute type 1 has an invalid length.
[  786.865089][ T5993] netlink: 'syz.5.13807': attribute type 13 has an invalid length.
[  787.058516][ T6019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13817'.
[  787.200489][ T6027] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13819'.
[  787.242323][ T6027] netlink: 80 bytes leftover after parsing attributes in process `syz.3.13819'.
[  787.254983][ T6027] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13819'.
[  787.390704][ T6037] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13823'.
[  787.428980][ T6041] netlink: 'syz.4.13825': attribute type 1 has an invalid length.
[  787.434515][ T6042] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  788.336365][ T6098] vlan0: entered promiscuous mode
[  788.344948][ T6098] vlan0: entered allmulticast mode
[  788.350259][ T6098] veth0_vlan: entered allmulticast mode
[  788.471924][ T6110] vlan1: entered allmulticast mode
[  788.533717][ T6113] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  790.087230][ T6198] netlink: 'syz.2.13871': attribute type 1 has an invalid length.
[  790.308921][ T6212] syzkaller0: entered promiscuous mode
[  790.331963][ T6212] syzkaller0: entered allmulticast mode
[  790.597837][ T6226] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  790.755551][ T6211] tipc: Resetting bearer <eth:syzkaller0>
[  790.769959][ T6232] __nla_validate_parse: 5 callbacks suppressed
[  790.769976][ T6232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.13878'.
[  790.854088][ T6211] tipc: Disabling bearer <eth:syzkaller0>
[  790.873177][ T6232] netlink: 44 bytes leftover after parsing attributes in process `syz.4.13878'.
[  791.091114][ T6252] netlink: 'syz.3.13885': attribute type 11 has an invalid length.
[  791.108100][ T6252] netlink: 224 bytes leftover after parsing attributes in process `syz.3.13885'.
[  791.119028][ T6252] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13885'.
[  791.140166][ T6253] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  791.265659][ T6252] bond15 (unregistering): Released all slaves
[  791.566536][ T6281] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13893'.
[  791.680181][ T6289] netlink: 'syz.3.13894': attribute type 1 has an invalid length.
[  791.710268][ T6286] netlink: 'syz.5.13895': attribute type 30 has an invalid length.
[  791.854010][ T6295] netlink: 'syz.4.13898': attribute type 1 has an invalid length.
[  791.943034][ T6309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13903'.
[  791.995201][ T6302] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13900'.
[  792.064248][ T6316] bond11: (slave bridge12): Enslaving as an active interface with an up link
[  792.103516][ T6309] macvlan1: entered promiscuous mode
[  792.109104][ T6309] macvlan1: entered allmulticast mode
[  792.115570][ T6309] bond11: entered promiscuous mode
[  792.120900][ T6309] bridge12: entered promiscuous mode
[  792.127348][ T6309] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  792.154479][ T6309] bond11: left promiscuous mode
[  792.159681][ T6309] bridge12: left promiscuous mode
[  792.413449][ T6330] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13908'.
[  792.636296][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.5.13914'.
[  793.064990][ T6372] syzkaller0: entered promiscuous mode
[  793.089868][ T6372] syzkaller0: entered allmulticast mode
[  793.226812][ T6387] xt_CONNSECMARK: invalid mode: 0
[  793.762117][    C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[  793.805605][ T6418] FAULT_INJECTION: forcing a failure.
[  793.805605][ T6418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  793.845905][ T6418] CPU: 0 UID: 0 PID: 6418 Comm: syz.2.13939 Not tainted syzkaller #0 PREEMPT(full) 
[  793.845950][ T6418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  793.845968][ T6418] Call Trace:
[  793.845977][ T6418]  <TASK>
[  793.845986][ T6418]  dump_stack_lvl+0x189/0x250
[  793.846018][ T6418]  ? __pfx____ratelimit+0x10/0x10
[  793.846040][ T6418]  ? __pfx_dump_stack_lvl+0x10/0x10
[  793.846065][ T6418]  ? __pfx__printk+0x10/0x10
[  793.846097][ T6418]  ? __might_fault+0xb0/0x130
[  793.846142][ T6418]  should_fail_ex+0x414/0x560
[  793.846181][ T6418]  _copy_from_iter+0x1cd/0x1630
[  793.846209][ T6418]  ? __build_skb_around+0x22d/0x3c0
[  793.846238][ T6418]  ? __pfx__copy_from_iter+0x10/0x10
[  793.846258][ T6418]  ? __alloc_skb+0x2f1/0x430
[  793.846283][ T6418]  ? __pfx___alloc_skb+0x10/0x10
[  793.846308][ T6418]  ? netlink_sendmsg+0x642/0xb30
[  793.846333][ T6418]  ? skb_put+0x11b/0x210
[  793.846360][ T6418]  netlink_sendmsg+0x6b2/0xb30
[  793.846399][ T6418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  793.846437][ T6418]  ? aa_sock_msg_perm+0xf1/0x1b0
[  793.846467][ T6418]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  793.846487][ T6418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  793.846516][ T6418]  __sock_sendmsg+0x21c/0x270
[  793.846551][ T6418]  ____sys_sendmsg+0x505/0x820
[  793.846584][ T6418]  ? __pfx_____sys_sendmsg+0x10/0x10
[  793.846620][ T6418]  ? import_iovec+0x74/0xa0
[  793.846649][ T6418]  ___sys_sendmsg+0x21f/0x2a0
[  793.846677][ T6418]  ? __pfx____sys_sendmsg+0x10/0x10
[  793.846712][ T6418]  ? rcu_read_lock_any_held+0xb3/0x120
[  793.846772][ T6418]  ? __fget_files+0x2a/0x420
[  793.846797][ T6418]  ? __fget_files+0x3a0/0x420
[  793.846836][ T6418]  __x64_sys_sendmsg+0x19b/0x260
[  793.846865][ T6418]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  793.846902][ T6418]  ? __pfx_ksys_write+0x10/0x10
[  793.846928][ T6418]  ? do_syscall_64+0xbe/0xf80
[  793.846955][ T6418]  do_syscall_64+0xfa/0xf80
[  793.846978][ T6418]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.846999][ T6418]  ? clear_bhb_loop+0x60/0xb0
[  793.847024][ T6418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.847045][ T6418] RIP: 0033:0x7fc1fa98f749
[  793.847063][ T6418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  793.847081][ T6418] RSP: 002b:00007fc1fb7ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  793.847104][ T6418] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98f749
[  793.847120][ T6418] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[  793.847133][ T6418] RBP: 00007fc1fb7ef090 R08: 0000000000000000 R09: 0000000000000000
[  793.847146][ T6418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  793.847158][ T6418] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  793.847194][ T6418]  </TASK>
[  794.194384][ T6427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  794.224951][ T6427] syzkaller0: entered promiscuous mode
[  794.230502][ T6427] syzkaller0: entered allmulticast mode
[  794.260183][ T6425] netlink: 56 bytes leftover after parsing attributes in process `syz.5.13942'.
[  794.278027][ T6427] tipc: Resetting bearer <eth:syzkaller0>
[  794.334108][ T6426] tipc: Resetting bearer <eth:syzkaller0>
[  794.385387][ T6426] tipc: Disabling bearer <eth:syzkaller0>
[  794.423723][ T6433] syzkaller0: entered promiscuous mode
[  794.435066][ T6433] syzkaller0: entered allmulticast mode
[  794.987358][ T6471] FAULT_INJECTION: forcing a failure.
[  794.987358][ T6471] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  795.010409][ T6471] CPU: 0 UID: 0 PID: 6471 Comm: syz.2.13956 Not tainted syzkaller #0 PREEMPT(full) 
[  795.010439][ T6471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  795.010452][ T6471] Call Trace:
[  795.010461][ T6471]  <TASK>
[  795.010470][ T6471]  dump_stack_lvl+0x189/0x250
[  795.010503][ T6471]  ? __pfx____ratelimit+0x10/0x10
[  795.010524][ T6471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  795.010550][ T6471]  ? __pfx__printk+0x10/0x10
[  795.010589][ T6471]  ? __might_fault+0xb0/0x130
[  795.010634][ T6471]  should_fail_ex+0x414/0x560
[  795.010672][ T6471]  _copy_from_user+0x2d/0xb0
[  795.010697][ T6471]  rfkill_fop_write+0x136/0x570
[  795.010725][ T6471]  ? __pfx_rfkill_fop_write+0x10/0x10
[  795.010747][ T6471]  ? security_kernfs_init_security+0x220/0x290
[  795.010770][ T6471]  ? rw_verify_area+0x255/0x4d0
[  795.010790][ T6471]  ? __pfx_rfkill_fop_write+0x10/0x10
[  795.010814][ T6471]  vfs_write+0x27e/0xb30
[  795.010844][ T6471]  ? __pfx_vfs_write+0x10/0x10
[  795.010867][ T6471]  ? __fget_files+0x2a/0x420
[  795.010897][ T6471]  ? __fget_files+0x2a/0x420
[  795.010927][ T6471]  ? __fget_files+0x3a0/0x420
[  795.010951][ T6471]  ? __fget_files+0x2a/0x420
[  795.010987][ T6471]  ksys_write+0x145/0x250
[  795.011011][ T6471]  ? __pfx_ksys_write+0x10/0x10
[  795.011035][ T6471]  ? do_syscall_64+0xbe/0xf80
[  795.011060][ T6471]  do_syscall_64+0xfa/0xf80
[  795.011082][ T6471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.011103][ T6471]  ? clear_bhb_loop+0x60/0xb0
[  795.011129][ T6471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  795.011148][ T6471] RIP: 0033:0x7fc1fa98f749
[  795.011167][ T6471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  795.011186][ T6471] RSP: 002b:00007fc1fb7ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  795.011207][ T6471] RAX: ffffffffffffffda RBX: 00007fc1fabe5fa0 RCX: 00007fc1fa98f749
[  795.011221][ T6471] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003
[  795.011234][ T6471] RBP: 00007fc1fb7ef090 R08: 0000000000000000 R09: 0000000000000000
[  795.011246][ T6471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  795.011258][ T6471] R13: 00007fc1fabe6038 R14: 00007fc1fabe5fa0 R15: 00007ffce6e28558
[  795.011293][ T6471]  </TASK>
[  795.343706][ T6467] team0 (unregistering): Port device geneve0 removed
[  795.353188][ T6467] team0 (unregistering): Port device bridge3 removed
[  795.436796][ T6477] netlink: 'syz.1.13958': attribute type 21 has an invalid length.
[  795.529079][ T6481] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  795.537576][ T6481] syzkaller0: entered promiscuous mode
[  795.544294][ T6481] syzkaller0: entered allmulticast mode
[  795.556667][ T6481] tipc: Resetting bearer <eth:syzkaller0>
[  795.564950][ T6480] tipc: Resetting bearer <eth:syzkaller0>
[  795.591323][ T6480] tipc: Disabling bearer <eth:syzkaller0>
[  795.609448][ T6483] syzkaller1: entered promiscuous mode
[  795.615436][ T6483] syzkaller1: entered allmulticast mode
[  795.696693][ T6485] syzkaller0: entered promiscuous mode
[  795.703016][ T6485] syzkaller0: entered allmulticast mode
[  796.050475][ T6500] __nla_validate_parse: 1 callbacks suppressed
[  796.050490][ T6500] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13966'.
[  797.308603][ T6521] FAULT_INJECTION: forcing a failure.
[  797.308603][ T6521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.322166][ T6521] CPU: 1 UID: 0 PID: 6521 Comm: syz.4.13974 Not tainted syzkaller #0 PREEMPT(full) 
[  797.322187][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  797.322197][ T6521] Call Trace:
[  797.322203][ T6521]  <TASK>
[  797.322210][ T6521]  dump_stack_lvl+0x189/0x250
[  797.322232][ T6521]  ? __pfx____ratelimit+0x10/0x10
[  797.322254][ T6521]  ? __pfx_dump_stack_lvl+0x10/0x10
[  797.322272][ T6521]  ? __pfx__printk+0x10/0x10
[  797.322295][ T6521]  ? __might_fault+0xb0/0x130
[  797.322327][ T6521]  should_fail_ex+0x414/0x560
[  797.322354][ T6521]  _copy_from_user+0x2d/0xb0
[  797.322373][ T6521]  kstrtouint_from_user+0xc4/0x170
[  797.322390][ T6521]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  797.322419][ T6521]  proc_fail_nth_write+0x88/0x200
[  797.322435][ T6521]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  797.322456][ T6521]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  797.322474][ T6521]  vfs_write+0x27e/0xb30
[  797.322496][ T6521]  ? __pfx_vfs_write+0x10/0x10
[  797.322514][ T6521]  ? __fget_files+0x2a/0x420
[  797.322536][ T6521]  ? __fget_files+0x3a0/0x420
[  797.322554][ T6521]  ? __fget_files+0x2a/0x420
[  797.322580][ T6521]  ksys_write+0x145/0x250
[  797.322596][ T6521]  ? __pfx_ksys_write+0x10/0x10
[  797.322614][ T6521]  ? do_syscall_64+0xbe/0xf80
[  797.322633][ T6521]  do_syscall_64+0xfa/0xf80
[  797.322649][ T6521]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.322664][ T6521]  ? clear_bhb_loop+0x60/0xb0
[  797.322682][ T6521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.322696][ T6521] RIP: 0033:0x7f240698e1ff
[  797.322710][ T6521] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  797.322723][ T6521] RSP: 002b:00007f240783a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  797.322739][ T6521] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f240698e1ff
[  797.322749][ T6521] RDX: 0000000000000001 RSI: 00007f240783a0a0 RDI: 0000000000000004
[  797.322758][ T6521] RBP: 00007f240783a090 R08: 0000000000000000 R09: 0000000000000000
[  797.322767][ T6521] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  797.322776][ T6521] R13: 00007f2406be6038 R14: 00007f2406be5fa0 R15: 00007ffc9d7203a8
[  797.322802][ T6521]  </TASK>
[  797.754142][ T6527] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  797.766485][ T6527] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13975'.
[  951.842305][   T31] INFO: task kworker/1:2:130 blocked for more than 143 seconds.
[  951.850013][   T31]       Not tainted syzkaller #0
[  951.855362][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  951.864248][   T31] task:kworker/1:2     state:D stack:21144 pid:130   tgid:130   ppid:2      task_flags:0x4208060 flags:0x00080000
[  951.876587][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  951.883811][   T31] Call Trace:
[  951.887129][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  951.890074][   T31]  __schedule+0x14bc/0x5000
[  951.894706][   T31]  ? __pfx___schedule+0x10/0x10
[  951.899656][   T31]  ? schedule+0x91/0x360
[  951.904097][   T31]  schedule+0x165/0x360
[  951.908305][   T31]  schedule_preempt_disabled+0x13/0x30
[  951.914589][   T31]  __mutex_lock+0x7e6/0x1350
[  951.919328][   T31]  ? __mutex_lock+0x5bb/0x1350
[  951.924599][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  951.930900][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  951.936439][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  951.942805][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  951.948580][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  951.955066][   T31]  ? process_scheduled_works+0x9ef/0x1770
[  951.961834][   T31]  process_scheduled_works+0xad1/0x1770
[  951.967485][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  952.001673][   T31]  worker_thread+0x8a0/0xda0
[  952.021932][   T31]  kthread+0x711/0x8a0
[  952.026138][   T31]  ? __pfx_worker_thread+0x10/0x10
[  952.031297][   T31]  ? __pfx_kthread+0x10/0x10
[  952.040854][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  952.046744][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  952.052187][   T31]  ? __pfx_kthread+0x10/0x10
[  952.056830][   T31]  ret_from_fork+0x599/0xb30
[  952.061463][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  952.067429][   T31]  ? __switch_to_asm+0x39/0x70
[  952.072472][   T31]  ? __switch_to_asm+0x33/0x70
[  952.077292][   T31]  ? __pfx_kthread+0x10/0x10
[  952.082280][   T31]  ret_from_fork_asm+0x1a/0x30
[  952.087134][   T31]  </TASK>
[  952.090419][   T31] INFO: task syz.5.13948:6439 blocked for more than 143 seconds.
[  952.099011][   T31]       Not tainted syzkaller #0
[  952.104340][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  952.115932][   T31] task:syz.5.13948     state:D stack:25400 pid:6439  tgid:6439  ppid:30135  task_flags:0x400040 flags:0x00080002
[  952.128489][   T31] Call Trace:
[  952.132336][   T31]  <TASK>
[  952.135311][   T31]  __schedule+0x14bc/0x5000
[  952.139844][   T31]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[  952.146118][   T31]  ? irqentry_exit+0x5dd/0x660
[  952.150958][   T31]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  952.157315][   T31]  ? __pfx___schedule+0x10/0x10
[  952.162529][   T31]  ? schedule+0x91/0x360
[  952.166794][   T31]  schedule+0x165/0x360
[  952.170970][   T31]  schedule_preempt_disabled+0x13/0x30
[  952.176543][   T31]  __mutex_lock+0x7e6/0x1350
[  952.181174][   T31]  ? __mutex_lock+0x5bb/0x1350
[  952.186101][   T31]  ? rfkill_unregister+0xc8/0x220
[  952.191197][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  952.196596][   T31]  ? __pfx_device_del+0x10/0x10
[  952.201470][   T31]  ? __cancel_work_sync+0x5c/0x110
[  952.206757][   T31]  rfkill_unregister+0xc8/0x220
[  952.211644][   T31]  nfc_unregister_device+0x96/0x300
[  952.217024][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  952.223129][   T31]  virtual_ncidev_close+0x56/0x90
[  952.228201][   T31]  __fput+0x44c/0xa70
[  952.232345][   T31]  task_work_run+0x1d4/0x260
[  952.236997][   T31]  ? __pfx_task_work_run+0x10/0x10
[  952.242349][   T31]  ? __se_sys_close_range+0x4ed/0x650
[  952.247779][   T31]  ? exit_to_user_mode_loop+0x55/0x4f0
[  952.253649][   T31]  exit_to_user_mode_loop+0xff/0x4f0
[  952.258965][   T31]  ? rcu_is_watching+0x15/0xb0
[  952.263854][   T31]  do_syscall_64+0x2d0/0xf80
[  952.268482][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.274646][   T31]  ? clear_bhb_loop+0x60/0xb0
[  952.279379][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.285632][   T31] RIP: 0033:0x7f473a38f749
[  952.290062][   T31] RSP: 002b:00007ffd288f4f58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  952.298613][   T31] RAX: 0000000000000000 RBX: 00007f473a5e7da0 RCX: 00007f473a38f749
[  952.306652][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  952.315017][   T31] RBP: 00007f473a5e7da0 R08: 0000000000000edc R09: 00000013288f524f
[  952.323234][   T31] R10: 00007f473a5e7cb0 R11: 0000000000000246 R12: 00000000000c2269
[  952.331256][   T31] R13: 00007f473a5e6090 R14: ffffffffffffffff R15: 00007ffd288f5070
[  952.339352][   T31]  </TASK>
[  952.342687][   T31] INFO: task syz.2.13956:6469 blocked for more than 143 seconds.
[  952.350657][   T31]       Not tainted syzkaller #0
[  952.355679][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  952.364417][   T31] task:syz.2.13956     state:D stack:26792 pid:6469  tgid:6469  ppid:5829   task_flags:0x400040 flags:0x00080002
[  952.377141][   T31] Call Trace:
[  952.380463][   T31]  <TASK>
[  952.383483][   T31]  __schedule+0x14bc/0x5000
[  952.388076][   T31]  ? __pfx___schedule+0x10/0x10
[  952.393035][   T31]  ? schedule+0x91/0x360
[  952.397315][   T31]  schedule+0x165/0x360
[  952.401546][   T31]  schedule_preempt_disabled+0x13/0x30
[  952.407453][   T31]  __mutex_lock+0x7e6/0x1350
[  952.412796][   T31]  ? __mutex_lock+0x5bb/0x1350
[  952.417609][   T31]  ? rfkill_fop_release+0x4b/0x220
[  952.423202][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  952.428277][   T31]  ? __pfx_rfkill_fop_release+0x10/0x10
[  952.434393][   T31]  rfkill_fop_release+0x4b/0x220
[  952.439351][   T31]  ? __pfx_rfkill_fop_release+0x10/0x10
[  952.445045][   T31]  __fput+0x44c/0xa70
[  952.449095][   T31]  task_work_run+0x1d4/0x260
[  952.453828][   T31]  ? __pfx_task_work_run+0x10/0x10
[  952.458982][   T31]  ? __se_sys_close_range+0x4ed/0x650
[  952.464727][   T31]  ? exit_to_user_mode_loop+0x55/0x4f0
[  952.470204][   T31]  exit_to_user_mode_loop+0xff/0x4f0
[  952.475556][   T31]  ? rcu_is_watching+0x15/0xb0
[  952.480369][   T31]  do_syscall_64+0x2d0/0xf80
[  952.491723][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.498238][   T31]  ? clear_bhb_loop+0x60/0xb0
[  952.503040][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.509089][   T31] RIP: 0033:0x7fc1fa98f749
[  952.513595][   T31] RSP: 002b:00007ffce6e286b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  952.522452][   T31] RAX: 0000000000000000 RBX: 00007fc1fabe7da0 RCX: 00007fc1fa98f749
[  952.530465][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  952.538722][   T31] RBP: 00007fc1fabe7da0 R08: 0000000000000000 R09: 00000002e6e289af
[  952.546828][   T31] R10: 000000000003fdd0 R11: 0000000000000246 R12: 00000000000c246a
[  952.555543][   T31] R13: 00007ffce6e287b0 R14: ffffffffffffffff R15: 00007ffce6e287d0
[  952.563824][   T31]  </TASK>
[  952.566919][   T31] INFO: task syz.3.13955:6472 blocked for more than 144 seconds.
[  952.574852][   T31]       Not tainted syzkaller #0
[  952.579993][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  952.589174][   T31] task:syz.3.13955     state:D stack:27048 pid:6472  tgid:6470  ppid:5830   task_flags:0x400040 flags:0x00080002
[  952.601442][   T31] Call Trace:
[  952.605017][   T31]  <TASK>
[  952.608005][   T31]  __schedule+0x14bc/0x5000
[  952.613072][   T31]  ? __pfx___schedule+0x10/0x10
[  952.617991][   T31]  ? schedule+0x91/0x360
[  952.622341][   T31]  schedule+0x165/0x360
[  952.626699][   T31]  schedule_preempt_disabled+0x13/0x30
[  952.632284][   T31]  __mutex_lock+0x7e6/0x1350
[  952.637045][   T31]  ? __mutex_lock+0x5bb/0x1350
[  952.642373][   T31]  ? nfc_dev_down+0x3b/0x290
[  952.647012][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  952.652214][   T31]  ? do_raw_spin_lock+0x121/0x290
[  952.657466][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  952.663680][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  952.668942][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  952.675267][   T31]  nfc_dev_down+0x3b/0x290
[  952.679739][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  952.685655][   T31]  nfc_rfkill_set_block+0x2d/0x100
[  952.691022][   T31]  rfkill_set_block+0x1d2/0x440
[  952.696094][   T31]  rfkill_fop_write+0x44b/0x570
[  952.700995][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  952.707183][   T31]  ? security_kernfs_init_security+0x220/0x290
[  952.713497][   T31]  ? rw_verify_area+0x255/0x4d0
[  952.718522][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  952.724437][   T31]  vfs_write+0x27e/0xb30
[  952.728747][   T31]  ? __pfx_vfs_write+0x10/0x10
[  952.734062][   T31]  ? __fget_files+0x2a/0x420
[  952.738722][   T31]  ? __fget_files+0x2a/0x420
[  952.743412][   T31]  ? __fget_files+0x3a0/0x420
[  952.748296][   T31]  ? __fget_files+0x2a/0x420
[  952.753038][   T31]  ksys_write+0x145/0x250
[  952.757555][   T31]  ? __pfx_ksys_write+0x10/0x10
[  952.763023][   T31]  ? do_syscall_64+0xbe/0xf80
[  952.767758][   T31]  do_syscall_64+0xfa/0xf80
[  952.772597][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.778711][   T31]  ? clear_bhb_loop+0x60/0xb0
[  952.783484][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.789578][   T31] RIP: 0033:0x7f056878f749
[  952.794597][   T31] RSP: 002b:00007f0569648038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  952.803422][   T31] RAX: ffffffffffffffda RBX: 00007f05689e5fa0 RCX: 00007f056878f749
[  952.811447][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003
[  952.819967][   T31] RBP: 00007f0568813f91 R08: 0000000000000000 R09: 0000000000000000
[  952.828422][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  952.836578][   T31] R13: 00007f05689e6038 R14: 00007f05689e5fa0 R15: 00007ffde0dddf68
[  952.844834][   T31]  </TASK>
[  952.847905][   T31] INFO: task syz.1.13965:6492 blocked for more than 144 seconds.
[  952.856245][   T31]       Not tainted syzkaller #0
[  952.861232][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  952.870133][   T31] task:syz.1.13965     state:D stack:24120 pid:6492  tgid:6491  ppid:5832   task_flags:0x400140 flags:0x00080002
[  952.882889][   T31] Call Trace:
[  952.886219][   T31]  <TASK>
[  952.889186][   T31]  __schedule+0x14bc/0x5000
[  952.893865][   T31]  ? __pfx___schedule+0x10/0x10
[  952.899018][   T31]  ? schedule+0x91/0x360
[  952.903403][   T31]  schedule+0x165/0x360
[  952.907754][   T31]  schedule_preempt_disabled+0x13/0x30
[  952.913743][   T31]  __mutex_lock+0x7e6/0x1350
[  952.918393][   T31]  ? __mutex_lock+0x5bb/0x1350
[  952.923487][   T31]  ? rfkill_fop_open+0x12d/0x820
[  952.928676][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  952.934046][   T31]  ? rfkill_fop_open+0x5a/0x820
[  952.938961][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  952.944758][   T31]  ? __init_waitqueue_head+0xa9/0x150
[  952.950190][   T31]  rfkill_fop_open+0x12d/0x820
[  952.955099][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[  952.960592][   T31]  misc_open+0x2d5/0x350
[  952.964980][   T31]  chrdev_open+0x4cc/0x5e0
[  952.969596][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  952.975106][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  952.981500][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  952.986534][   T31]  do_dentry_open+0x7ce/0x1420
[  952.991520][   T31]  vfs_open+0x3b/0x340
[  952.995727][   T31]  ? path_openat+0x33f3/0x3dd0
[  953.000659][   T31]  path_openat+0x340e/0x3dd0
[  953.005759][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  953.014871][   T31]  ? stack_depot_save_flags+0x40/0x850
[  953.020421][   T31]  ? kmem_cache_alloc_noprof+0x37d/0x710
[  953.026221][   T31]  ? getname_flags+0xb8/0x540
[  953.031124][   T31]  ? __pfx_path_openat+0x10/0x10
[  953.036603][   T31]  ? __lock_acquire+0x6b6/0x2cf0
[  953.041608][   T31]  do_filp_open+0x1fa/0x410
[  953.047347][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  953.052706][   T31]  ? _raw_spin_unlock+0x28/0x50
[  953.057658][   T31]  ? alloc_fd+0x64c/0x6c0
[  953.062524][   T31]  do_sys_openat2+0x121/0x200
[  953.067266][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  953.072631][   T31]  ? rcu_is_watching+0x15/0xb0
[  953.077610][   T31]  __x64_sys_openat+0x138/0x170
[  953.082830][   T31]  do_syscall_64+0xfa/0xf80
[  953.087379][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.093958][   T31]  ? clear_bhb_loop+0x60/0xb0
[  953.098682][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.104791][   T31] RIP: 0033:0x7f16de38f749
[  953.109411][   T31] RSP: 002b:00007f16df257038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  953.117985][   T31] RAX: ffffffffffffffda RBX: 00007f16de5e5fa0 RCX: 00007f16de38f749
[  953.126532][   T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  953.134684][   T31] RBP: 00007f16de413f91 R08: 0000000000000000 R09: 0000000000000000
[  953.143447][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  953.151465][   T31] R13: 00007f16de5e6038 R14: 00007f16de5e5fa0 R15: 00007ffd42770af8
[  953.160003][   T31]  </TASK>
[  953.163418][   T31] INFO: task syz.4.13976:6533 blocked for more than 144 seconds.
[  953.171172][   T31]       Not tainted syzkaller #0
[  953.176477][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  953.185618][   T31] task:syz.4.13976     state:D stack:27456 pid:6533  tgid:6530  ppid:5828   task_flags:0x400140 flags:0x00080002
[  953.197877][   T31] Call Trace:
[  953.201193][   T31]  <TASK>
[  953.204244][   T31]  __schedule+0x14bc/0x5000
[  953.208985][   T31]  ? __pfx___schedule+0x10/0x10
[  953.214577][   T31]  ? schedule+0x91/0x360
[  953.218879][   T31]  schedule+0x165/0x360
[  953.223121][   T31]  schedule_preempt_disabled+0x13/0x30
[  953.228822][   T31]  __mutex_lock+0x7e6/0x1350
[  953.233555][   T31]  ? __lock_acquire+0x6b6/0x2cf0
[  953.238663][   T31]  ? __mutex_lock+0x5bb/0x1350
[  953.244004][   T31]  ? misc_open+0x51/0x350
[  953.248393][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  953.254277][   T31]  misc_open+0x51/0x350
[  953.258495][   T31]  chrdev_open+0x4cc/0x5e0
[  953.263073][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  953.268259][   T31]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  953.275149][   T31]  ? __pfx_chrdev_open+0x10/0x10
[  953.280131][   T31]  do_dentry_open+0x7ce/0x1420
[  953.285064][   T31]  vfs_open+0x3b/0x340
[  953.289374][   T31]  ? path_openat+0x33f3/0x3dd0
[  953.294288][   T31]  path_openat+0x340e/0x3dd0
[  953.299053][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  953.305110][   T31]  ? stack_depot_save_flags+0x40/0x850
[  953.310650][   T31]  ? kmem_cache_alloc_noprof+0x37d/0x710
[  953.316418][   T31]  ? getname_flags+0xb8/0x540
[  953.321314][   T31]  ? __pfx_path_openat+0x10/0x10
[  953.326510][   T31]  ? __lock_acquire+0x6b6/0x2cf0
[  953.331509][   T31]  do_filp_open+0x1fa/0x410
[  953.336573][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  953.341673][   T31]  ? _raw_spin_unlock+0x28/0x50
[  953.346935][   T31]  ? alloc_fd+0x64c/0x6c0
[  953.351329][   T31]  do_sys_openat2+0x121/0x200
[  953.356368][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  953.361628][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[  953.368048][   T31]  __x64_sys_openat+0x138/0x170
[  953.373235][   T31]  do_syscall_64+0xfa/0xf80
[  953.377944][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.384277][   T31]  ? clear_bhb_loop+0x60/0xb0
[  953.389168][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.395573][   T31] RIP: 0033:0x7f240698f749
[  953.400050][   T31] RSP: 002b:00007f2407819038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  953.408599][   T31] RAX: ffffffffffffffda RBX: 00007f2406be6090 RCX: 00007f240698f749
[  953.417048][   T31] RDX: 00000000000a8442 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  953.425528][   T31] RBP: 00007f2406a13f91 R08: 0000000000000000 R09: 0000000000000000
[  953.433681][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  953.441937][   T31] R13: 00007f2406be6128 R14: 00007f2406be6090 R15: 00007ffc9d7203a8
[  953.449986][   T31]  </TASK>
[  953.453625][   T31] 
[  953.453625][   T31] Showing all locks held in the system:
[  953.461391][   T31] 1 lock held by khungtaskd/31:
[  953.466410][   T31]  #0: ffffffff8df41a20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  953.476810][   T31] 3 locks held by kworker/1:2/130:
[  953.482343][   T31]  #0: ffff88813ff15948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  953.493480][   T31]  #1: ffffc90002e87b80 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  953.507472][   T31]  #2: ffffffff8f5fd668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  953.519394][   T31] 2 locks held by getty/5588:
[  953.524726][   T31]  #0: ffff88814e54b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  953.534935][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460
[  953.545613][   T31] 2 locks held by syz.5.13948/6439:
[  953.550846][   T31]  #0: ffff88805c870100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x300
[  953.560962][   T31]  #1: ffffffff8f5fd668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  953.571272][   T31] 1 lock held by syz.2.13956/6469:
[  953.576676][   T31]  #0: ffffffff8f5fd668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_release+0x4b/0x220
[  953.587403][   T31] 2 locks held by syz.3.13955/6472:
[  953.592896][   T31]  #0: ffffffff8f5fd668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  953.603701][   T31]  #1: ffff88805c870100 (&dev->mutex){....}-{4:4}, at: nfc_dev_down+0x3b/0x290
[  953.613927][   T31] 2 locks held by syz.1.13965/6492:
[  953.619161][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.627923][   T31]  #1: ffffffff8f5fd668 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  953.638136][   T31] 1 lock held by syz.4.13976/6533:
[  953.643682][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.652379][   T31] 1 lock held by syz-executor/6536:
[  953.657607][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.666201][   T31] 1 lock held by syz-executor/6539:
[  953.671424][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.680265][   T31] 1 lock held by syz-executor/6540:
[  953.685714][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.694570][   T31] 1 lock held by syz-executor/6542:
[  953.699825][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.708833][   T31] 1 lock held by syz-executor/6544:
[  953.714250][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.722912][   T31] 1 lock held by syz-executor/6549:
[  953.728128][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.737056][   T31] 1 lock held by syz-executor/6553:
[  953.742367][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.750881][   T31] 1 lock held by syz-executor/6554:
[  953.756179][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.765187][   T31] 1 lock held by syz-executor/6555:
[  953.770431][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.779013][   T31] 1 lock held by syz-executor/6557:
[  953.784268][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.793095][   T31] 1 lock held by syz-executor/6562:
[  953.798301][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.806877][   T31] 1 lock held by syz-executor/6566:
[  953.812163][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.820684][   T31] 1 lock held by syz-executor/6567:
[  953.826323][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.834895][   T31] 1 lock held by syz-executor/6568:
[  953.840121][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.848753][   T31] 1 lock held by syz-executor/6570:
[  953.854312][   T31]  #0: ffffffff8e79fae8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[  953.862921][   T31] 
[  953.865279][   T31] =============================================
[  953.865279][   T31] 
[  953.874444][   T31] NMI backtrace for cpu 0
[  953.874458][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  953.874474][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  953.874483][   T31] Call Trace:
[  953.874489][   T31]  <TASK>
[  953.874495][   T31]  dump_stack_lvl+0x189/0x250
[  953.874520][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  953.874539][   T31]  ? __pfx__printk+0x10/0x10
[  953.874571][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  953.874595][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  953.874617][   T31]  ? __pfx__printk+0x10/0x10
[  953.874643][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  953.874668][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  953.874691][   T31]  sys_info+0x135/0x170
[  953.874708][   T31]  watchdog+0xf95/0xfe0
[  953.874734][   T31]  ? watchdog+0x20a/0xfe0
[  953.874760][   T31]  kthread+0x711/0x8a0
[  953.874782][   T31]  ? __pfx_watchdog+0x10/0x10
[  953.874801][   T31]  ? __pfx_kthread+0x10/0x10
[  953.874822][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  953.874845][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  953.874859][   T31]  ? __pfx_kthread+0x10/0x10
[  953.874879][   T31]  ret_from_fork+0x599/0xb30
[  953.874896][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  953.874918][   T31]  ? __switch_to_asm+0x39/0x70
[  953.874937][   T31]  ? __switch_to_asm+0x33/0x70
[  953.874955][   T31]  ? __pfx_kthread+0x10/0x10
[  953.874981][   T31]  ret_from_fork_asm+0x1a/0x30
[  953.875014][   T31]  </TASK>
[  953.875019][   T31] Sending NMI from CPU 0 to CPUs 1:
[  954.025566][    C1] NMI backtrace for cpu 1
[  954.025584][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  954.025604][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  954.025616][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  954.025639][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 90 0c 00 f3 0f 1e fa fb f4 <e9> c8 ed 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  954.025655][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  954.025671][    C1] RAX: b5be5358ba1ab600 RBX: ffffffff81978fda RCX: b5be5358ba1ab600
[  954.025684][    C1] RDX: 0000000000000001 RSI: ffffffff8d7925ee RDI: ffffffff8bc08360
[  954.025697][    C1] RBP: ffffc90000197f10 R08: ffff8880b87336db R09: 1ffff110170e66db
[  954.025710][    C1] R10: dffffc0000000000 R11: ffffed10170e66dc R12: ffffffff8f822070
[  954.025722][    C1] R13: 1ffff110038dcb70 R14: 0000000000000001 R15: 0000000000000001
[  954.025734][    C1] FS:  0000000000000000(0000) GS:ffff888125f35000(0000) knlGS:0000000000000000
[  954.025748][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  954.025760][    C1] CR2: 00005569c47ff000 CR3: 0000000031f90000 CR4: 00000000003526f0
[  954.025776][    C1] Call Trace:
[  954.025783][    C1]  <TASK>
[  954.025790][    C1]  default_idle+0x13/0x20
[  954.025811][    C1]  default_idle_call+0x73/0xb0
[  954.025833][    C1]  do_idle+0x1ea/0x520
[  954.025852][    C1]  ? irqentry_exit+0x5ba/0x660
[  954.025873][    C1]  ? __pfx_do_idle+0x10/0x10
[  954.025903][    C1]  cpu_startup_entry+0x44/0x60
[  954.025922][    C1]  start_secondary+0x101/0x110
[  954.025948][    C1]  common_startup_64+0x13e/0x147
[  954.025981][    C1]  </TASK>
[  954.193342][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  954.200192][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  954.209308][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  954.219552][   T31] Call Trace:
[  954.222841][   T31]  <TASK>
[  954.225776][   T31]  dump_stack_lvl+0x99/0x250
[  954.230371][   T31]  ? __asan_memcpy+0x40/0x70
[  954.234962][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.240175][   T31]  ? __pfx__printk+0x10/0x10
[  954.244784][   T31]  vpanic+0x237/0x6d0
[  954.248773][   T31]  ? __pfx_vpanic+0x10/0x10
[  954.253284][   T31]  ? preempt_schedule_common+0x83/0xd0
[  954.258754][   T31]  panic+0xb9/0xc0
[  954.262488][   T31]  ? __pfx_panic+0x10/0x10
[  954.266962][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  954.272362][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  954.278557][   T31]  watchdog+0xfdf/0xfe0
[  954.282745][   T31]  ? watchdog+0x20a/0xfe0
[  954.287112][   T31]  kthread+0x711/0x8a0
[  954.291206][   T31]  ? __pfx_watchdog+0x10/0x10
[  954.295906][   T31]  ? __pfx_kthread+0x10/0x10
[  954.300519][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  954.305775][   T31]  ? lockdep_hardirqs_on+0x98/0x140
[  954.310998][   T31]  ? __pfx_kthread+0x10/0x10
[  954.315623][   T31]  ret_from_fork+0x599/0xb30
[  954.320238][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  954.325377][   T31]  ? __switch_to_asm+0x39/0x70
[  954.330164][   T31]  ? __switch_to_asm+0x33/0x70
[  954.334952][   T31]  ? __pfx_kthread+0x10/0x10
[  954.339580][   T31]  ret_from_fork_asm+0x1a/0x30
[  954.344393][   T31]  </TASK>
[  954.348027][   T31] Kernel Offset: disabled
[  954.352359][   T31] Rebooting in 86400 seconds..