last executing test programs:

3.655212764s ago: executing program 3 (id=3646):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="30000000030801020000000000000000000000201400048008000140000000010800024000000007050003344c15ddfa7eb7005145bf21"], 0x30}}, 0x4000800)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000400)={0xfffffffc, 0x4, 0x5, 0x81, 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x11, 0x2, 0x5)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffff9, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffe}}}]}, 0x38}}, 0x0)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x48, 0x2c, 0xf3f, 0x70bd2b, 0x25dfdbbd, {0x0, 0x0, 0x0, r3, {0xffe0, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0x1c, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'veth0_macvtap\x00'}, @TCA_FW_ACT={0x4}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20041090}, 0x48000)
r4 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
sendmmsg(r5, &(0x7f0000001c00), 0x400000000000159, 0x40840)
write(r4, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, 0x0, 0x40d0)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x6, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40022}, 0x2000400c)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), r6)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000006c0)={'ip_vti0\x00', &(0x7f0000000600)={'tunl0\x00', 0x0, 0x80, 0x20, 0x5, 0xf27f, {{0x14, 0x4, 0x3, 0x9, 0x50, 0x64, 0x0, 0x1, 0x2f, 0x0, @multicast1, @remote, {[@cipso={0x86, 0x3a, 0x3, [{0x5, 0x8, "49a3dc0d37b8"}, {0x6, 0x7, "4b2cab4194"}, {0x0, 0xb, "3db90a5344d783906c"}, {0x7, 0x3, "13"}, {0x0, 0x5, "a3f7b2"}, {0x2, 0xfffffffffffffc4d, "2e7b2c80cb71c195086536df"}, {0x0, 0x4, "f054"}]}]}}}}})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000078000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000002f34001280200001800e000100636f6e6e6c696d69740000000c00028008000140000007ff10000000000001006c6173740000000008000340000001"], 0xc0}}, 0x20050800)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r9, 0x84, 0xc, &(0x7f00000000c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000200)={0x1, [<r10=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r9, 0x84, 0x6c, &(0x7f0000000540)={r10, 0x10, "17c81137706e86156394b028c295ee90"}, &(0x7f0000000280)=0x18)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={r10, 0x3}, &(0x7f0000000080)=0x8)
ioctl$XFS_IOC_FSGEOMETRY(r4, 0x8100587e, &(0x7f0000000440))

2.767412575s ago: executing program 0 (id=3656):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b0f, &(0x7f0000000040)={'wlan1\x00', @random="f300"})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x28020, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4020000000000256111730000000000850000001d0000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x5, 0xff92, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x36c, 0x10, &(0x7f0000000000), 0x26}, 0x48)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x4000, 0x800, 0x0, 0x3}, 0x20)
sendmmsg(r2, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000480)="68b6e51cc8a07c5a6b5f9ed58772b9f9055435f22427c237a4a56713a481809dcf81d9ba68f52aad53a82e0178c229f2d9fc3d06663026a49837ea0838864dfeb887efe006c1904532f3b00195a8d722069739ebd1fc220ac2e86879be8dc4aab9ef2ba8f63fe78dda762f64eaef0b47e6861792da7e84a43e7e7a8d93653b939892249035a4f1291b75d852a17eb0305c99a462aa122765d1df0cbd27954e18cb63", 0xa2}, {&(0x7f0000000580)="2f5fbde32d6069d0ab0021ca08726bdb3303075aba743a8ce6ab7b", 0x1b}], 0x2, &(0x7f0000000640)=[{0xe8, 0x1, 0x3, "261788755d9e2379e2289bdf02bdf861bbf6abeb322802d616799c78c59ce526ae6899a5d2ebe208cad2ce36f23827212ec1d284b6b5b3b96e7a793265c0eb01dde4fcc9ca24506ba8b04a95b8f955a689ff75c7b4f912ab7456055cb779eec9c8ead71f221ab87f87e0ce2f685b13dd4c0d5e2d9bb2a202365918a82c7ab11bd5cdcd93afbd1fa51d48125165b0ccfc161147845266c5ebab5df89a31ab6cc70007aeb2a08d2010b635a9412bcd40ab79539351c9e127acae4da1c58486026900065c3161a34b64280c38f9f84a2a3a2b26"}], 0xe8}}], 0x1, 0x900)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
connect$bt_rfcomm(r4, &(0x7f0000000400)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xf}, 0xa)

2.755818368s ago: executing program 4 (id=3658):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="d8000000100081044e81f782db44b96d001d006a0f000000050000002900150006000e2603600e120900040044000000a80016000a0001400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de643ec0dd6e4edef76874fbe0f32b1608621e9e0", 0xd8}], 0x1}, 0x20000080)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000000)=0x3, 0x4)

2.575533671s ago: executing program 4 (id=3660):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddb, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x60800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = socket(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r6, @ANYRESOCT=r5], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x64, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1, 0xd}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xfffffc02, 0x81, 0xfffffffc, 0x4}}]}]}}}]}, 0x64}}, 0x0)
sendto$packet(r3, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x12, 0x830, &(0x7f0000000440)={0x11, 0x0, r6, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)
bind$xdp(r2, &(0x7f0000000040)={0x2c, 0x0, r6, 0x2, r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x15, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_FLOW={0x8, 0xb, 0x7}]}, 0x24}}, 0x0)

2.518375763s ago: executing program 4 (id=3661):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'ip6tnl0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

2.412696785s ago: executing program 4 (id=3664):
socket(0x200000000000011, 0x2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0), 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x14, &(0x7f0000000100)={0xa, 0x4e23, 0x3f89, @loopback}, 0x1c)

2.199577233s ago: executing program 0 (id=3667):
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c4004"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100032000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

2.192587509s ago: executing program 3 (id=3668):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfffa}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000280)={<r6=>0xffffffffffffffff})
accept4$tipc(r6, &(0x7f00000002c0)=@id, &(0x7f0000000300)=0x10, 0x80000)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000200)=0x7f, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=@newqdisc={0x98, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0x11, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x8, [0xb, 0x3, 0xad1e, 0xa002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x108, 0x1, 0x2, 0x0, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x6}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x1004205c}, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18)

2.109940959s ago: executing program 0 (id=3669):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x10042, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0xffffffffffffffff, &(0x7f0000000a80), 0x0}, 0x20)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(0xffffffffffffffff, 0xffffffff)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000580)={0x300, 0x1, 0x10001, 0x5, <r2=>0x0}, &(0x7f0000000780)=0x10)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES16=r2, @ANYBLOB="7c529f1687e5a691933c9d06643c454c6dcec5101e0de2ae6e640713457783da1622d7eac9cda148cfd6b1629739952807f2105faea6", @ANYRES16, @ANYRESOCT=r2, @ANYRES32, @ANYRES32], 0x50)
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0xff, 0x6}, 0xfe}, 0x18)
sendmmsg(r4, &(0x7f0000003b40)=[{{&(0x7f0000000400)=@can, 0x80, 0x0}}], 0x1, 0x40045)
write(r3, &(0x7f0000000000)="2e000000010002", 0x7)

2.069202558s ago: executing program 0 (id=3670):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x19, 0x4, 0x8, 0x5}, 0x50)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x6, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3ff, 0x1, 0x0, 0x2, 0x7, 0x87f, 0x8, 0x5, 0x1}}}}]}, 0x58}}, 0xc884)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000040)=0xc)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080)=r3, 0x12)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="020000003600"})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x104, 0x2c, 0xd2f, 0x70bd2d, 0x25dfdffd, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0xd4, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x2, 0xc}}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xf, 0x1}}, @TCA_BASIC_EMATCHES={0xfffffffffffffcad}, @TCA_BASIC_EMATCHES={0xbc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb0, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x8000, 0x7, 0x8}, {{0x1, 0x0, 0x1}, {0x3, 0x0, 0x1}}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x3, 0x0, 0x7}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x401, 0x3, 0x8001}, {0x4, 0x4, 0x8, 0x81}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x1577, 0x1, 0xfff8}, {0x4e3b238, 0x7, 0xf566, 0x4, 0x5, 0x1, 0x1}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x4, 0x7, 0x1}, {{0x2, 0x1, 0x0, 0x1}, {0x1, 0x0, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x6, 0x8, 0x7fff}, {0xffff, 0x5, 0x1}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x4, 0x1, 0x7}, {0xe1d, 0xd, 0x0, 0x1, 0x9, 0x1, 0x2}}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x6, 0x2, 0xa}, {0xfff, 0x9, 0x1, "abc00e12181f79fbda"}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8a}}]}]}}]}, 0x104}}, 0x2000c800)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket$inet(0x2, 0xa, 0x400)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x10, 0x1}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000bd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.007120332s ago: executing program 2 (id=3671):
r0 = socket$pppoe(0x18, 0x1, 0x0)
pread64(r0, &(0x7f0000000000)=""/63, 0x3f, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x101, 0x25dfdbfe, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0xc810) (async)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000040)={'b', ' *:* ', 'r\x00'}, 0x8)

1.998038386s ago: executing program 1 (id=3672):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x40000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x13, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, 0x0, 0x17000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.922635906s ago: executing program 0 (id=3673):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf655c00000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x44001}, 0xc800)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0, 0x11c}, 0x1, 0x0, 0x0, 0x40}, 0x8800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={0x0, 0x0, 0x43}, 0x28)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r6, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r7, {0x0, 0x6}, {0xfff1, 0xffff}, {0xd, 0x3f}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x10}, 0x50)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})

1.875609612s ago: executing program 2 (id=3674):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000007000000000a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x10)

1.875186762s ago: executing program 1 (id=3675):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001540)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r1, @ANYBLOB="050000000000000100000f00000008000300", @ANYRES32=r2, @ANYBLOB="42000e0080000000ffffffffffffffffffffffff080211000000000200000000000000000200010003010606020100050304ab0725030099012a01073c0400810a03000045000f00013fb0ce3eb7dcbbc42513bc9511df75646f725dded3afe0879f9b48b16cc5e489db1d95029fd6d8a410ae0a5339400000000000000024ba8946b2e6e0eff6967b000000080026006c09000008000c006400000008000d"], 0xc0}}, 0x0)

1.874788171s ago: executing program 3 (id=3676):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
recvmmsg(r0, &(0x7f0000006b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r1, 0x0, 0xe, 0xffffffffffffff65, &(0x7f0000000180)="e0b9540700000000000400b55467", 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket(0x1d, 0x2, 0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
recvfrom(r3, 0x0, 0x0, 0x32, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
unshare(0x22020400)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x1, 0x84)
pselect6(0x40, &(0x7f00000001c0)={0x3, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0xfffffffffffffffc, 0x0, 0x6}, 0x0, 0x0)
bind$can_j1939(r4, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x6a, 0x4, 0xffffffff, 0x4)
sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000114a73a"], 0x5c}}, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000d00)=0x205a, 0x4)
recvfrom$packet(r6, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

1.805526098s ago: executing program 1 (id=3677):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000280)={0x2e, @loopback, 0x4e21, 0x0, 'sh\x00', 0x1, 0x9, 0x42}, 0x2c)
unshare(0x20400)
r1 = socket$inet6(0xa, 0x2, 0x0)
pwritev(r1, 0x0, 0x0, 0x3f, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@ipv6_newroute={0x2c, 0x18, 0x111, 0x1, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8}, [@RTA_PRIORITY={0x8, 0x6, 0x7fffffff}, @RTA_EXPIRES={0x8, 0x17, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4805}, 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r2, 0x7, 0x8, 0x9})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000080)=ANY=[], &(0x7f00000002c0)=""/4105, 0x8a, 0x1009}, 0x28)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x14, 0x14, 0x603, 0x0, 0x0, {0x11}}, 0x14}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

1.792349576s ago: executing program 2 (id=3678):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000021c0)=ANY=[@ANYBLOB="b70200001000b15cbfa300000000000007030000f8ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b252a37ff7e0d45728fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73bf1bca1cbec7614c8c3c76411e61fef6a93da8914490b50bd837d068e9bf8f3348794a44115d163b5ff85629b0a3ad4023448140770de2e5f262b9a50afcc210b8d8ea24b6dd7d068b356f53afaf89acae30935ec92657e37bf0821cbe612ac2aa7baf4d21ab373ea4fea57d0d9ac418862e791df3d1d85bb780fbfa401e09e3745d70174dd9ab52cdcadfd3454916408810090a19fa1cf0df6aa714fbcffbb7d6c7f45237df3296867725fd2bdbcd2f7ab10fea0fe85ce1137e775e4c01a136aed7f1d0d192a95be64bab53144ff3efd87fcb6421483e6a1690408712913dfb10a88201340c96dfd745a84dc177dd7a598ec015daa56eb0924e01df353a9ad69d0a59e40203018c82e74f39f8c4cb8823f0bfdfe170549e305628625f50"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0xfeff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.695044381s ago: executing program 0 (id=3679):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0x64, 0xd99d}}]}]}}}]}, 0x70}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r4, &(0x7f0000000180)=[{&(0x7f0000000100)="89e7ee0c7cda99b4b47380c988ca51bcec89636e29b904baa1d253e500435bf164c2f79a5af0", 0x140}], 0x1)
sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x12, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$packet(0x11, 0x2, 0x300)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40241, 0x0)
ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r12 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r12, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r11, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @broadcast}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x7, 0xb, 0x0, 0x0, 0x0, 0x2018, {[@window={0xe, 0x3}, @timestamp={0x5, 0xa, 0x40000000}, @generic={0x0, 0x8, "d588dc050391"}]}}}}}}, 0x4e)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c80)={{r8}, &(0x7f0000000c00), &(0x7f0000000c40)=r9}, 0x20)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f0000000180)=r13, 0x4)
syz_genetlink_get_family_id$l2tp(&(0x7f0000001c40), 0xffffffffffffffff)

1.662903397s ago: executing program 1 (id=3680):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x10042, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0xffffffffffffffff, &(0x7f0000000a80), 0x0}, 0x20)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(0xffffffffffffffff, 0xffffffff)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000580)={0x300, 0x1, 0x10001, 0x5}, &(0x7f0000000780)=0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r4=>0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0xff, 0x6}, 0xfe}, 0x18)
sendmmsg(r3, &(0x7f0000003b40)=[{{&(0x7f0000000400)=@can={0x1d, r4}, 0x80, 0x0}}], 0x1, 0x40045)
write(r2, &(0x7f0000000000)="2e000000010002", 0x7)

1.658029497s ago: executing program 2 (id=3681):
r0 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20008811)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448"], &(0x7f0000000140)='GPL\x00'}, 0x94)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r0, r2})
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x89e1, &(0x7f0000000300)={r1})

1.444530274s ago: executing program 1 (id=3682):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x62a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000100000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0)
write$tun(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000004fd0900008400000005010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000040000000000000000000000000400000004000000"], 0x50)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x68, 0x3, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x7}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1002}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4c392ea2}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}, @CTA_SEQ_ADJ_ORIG={0x14, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x97}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xffff}]}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x9ad}]}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1004}]}, 0x68}}, 0xf371cc2a4cc195fb)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, @none={0x0, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}, 0x7, 0x0, 0x0, 0x20000010}, 0x4090)
bind$llc(r4, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
ioctl$int_in(r6, 0x5421, &(0x7f00000000c0)=0x9732)
listen(r6, 0xec)
accept4$bt_l2cap(r6, 0x0, 0x0, 0x800)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x3d)
write(r7, &(0x7f0000000000)="41000200010001", 0x7)

1.0308442s ago: executing program 4 (id=3683):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, 0x0, 0xee, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000001840)="b9ff0307683a268cb8091a99888e", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) (fail_nth: 25)

514.487042ms ago: executing program 4 (id=3684):
socket(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
getsockname$packet(r0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r1, 0x107, 0x18, 0x0, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x50)
ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000500)="5c00000013006bcc9e3be35c6e17aa31076b876c1c0000007ea60864160af36514001ac0080002008100020006a101c00364683b9dad7aa21240d69a6a818cf6c551ae60fc91b169edb1b175732b9f597fe3b6c5a3d77cc766307de2", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4044)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x64, r5, 0x1, 0x70bd2b, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x122}, @NBD_ATTR_BACKEND_IDENTIFIER={0xd, 0xa, 'list:set\x00'}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}]}, 0x64}}, 0x400400c)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0xc000, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x66)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd8}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x20044040}, 0x40800)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a08000640000000250900010073797a30"], 0xd8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
syz_emit_ethernet(0x25c, &(0x7f0000000440)={@local, @multicast, @void, {@ipv4={0x800, @gre={{0x24, 0x4, 0x1, 0x3d, 0x24e, 0x67, 0x0, 0x6, 0x2f, 0x0, @empty, @local, {[@lsrr={0x83, 0x1b, 0xdb, [@rand_addr=0x64010102, @remote, @loopback, @loopback, @dev={0xac, 0x14, 0x14, 0x30}, @private=0xa010101]}, @end, @generic={0x83, 0xb, "1e3ca8a4995b594cdf"}, @timestamp_addr={0x44, 0x54, 0xd0, 0x1, 0x3, [{@private=0xa010100}, {@broadcast, 0x227b}, {@broadcast, 0x6}, {@empty, 0x83}, {@broadcast, 0x1000}, {@remote, 0x2}, {@empty, 0x3}, {@dev={0xac, 0x14, 0x14, 0x15}}, {@multicast1, 0x4}, {@broadcast, 0x6}]}, @noop]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xf, 0x0, [0x5], "e7a44483df056ac08a8706e840c5d9"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x8, 0x0], "c8e7eaf7b9a5943373e2732493247790fb10c3823bbd42d8ec5f566454f653901fec40b330038c784783d430fb3ade97261e40283a9a828094fb0143a6b73b69a7"}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "444508cd8458502c6ad1d84224a8ebee11b0ae838678dcbc10a83187c0fbcc0b4f295c6393b3aa00b5575e4e996c9e273d251b82249102dfd4b45928386e0c355d7914ee1cdead9546f7b6f5324b7ce9f4fed8cd82c040b620833e1e4350d08f42cfc7fa106b7007b9bee75aae58d2ff92432345a162a90ff3502ee563375378e97f55962b1d9df9340a2127cfe43616aaad858eac7da8bd58bf71f63bd2ecd0743650d34b04a771dd1c36669cbceced323240082092fc330b"}, {0x8, 0x88be, 0x3, {{0xd, 0x1, 0x1, 0x0, 0x1, 0x3, 0x4, 0x36}}}, {0x8, 0x22eb, 0x2, {{0xb, 0x2, 0x7, 0x0, 0x1, 0x1, 0x5, 0xca}, 0x2, {0x400, 0x0, 0x1, 0x1e, 0x0, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x0, "9134b9261548e95e753b5eb96c1084292bea5ff3c828d77a9d9db0e7878dd7dcca4bac3d37c5fca08ca00e84132b7cdd1f3cfcd3888bf259ade3aa09407737b5c1cd4a1c1fa285c8cd9804d49e25a7ba48cabe6e060bcecd6e0f9fb80f6fe2335afa7222568583d6ffc092"}}}}}}, 0x0)

500.52455ms ago: executing program 2 (id=3685):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000300000085005b2186f722a8b74415ea60ce1e0f2900001300000085"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce22000000000000000000000000000000007fc5f603ff"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x10, 0x1}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000c40)=@nat={'nat\x00', 0x19, 0x3, 0x57a, [0x2000000006c0, 0x0, 0x0, 0x200000000a64, 0x200000000a94], 0x0, &(0x7f0000000080), &(0x7f00000006c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{0x11, 0x39, 0x88a2, '\x00', 'tunl0\x00', 'veth1_to_bond\x00', 'macvlan1\x00', @empty, [0x0, 0xff, 0xff, 0xff], @broadcast, [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], 0x12e, 0x166, 0x19e, [@arp={{'arp\x00', 0x0, 0x38}, {{0x201, 0x6003, 0xa, @remote, 0xff, @broadcast, 0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0x0, 0xff, 0xff, 0x7f, 0xff], @empty, [0x0, 0xff, 0x0, 0xff, 0xff], 0x0, 0x4}}}, @arp={{'arp\x00', 0x0, 0x38}, {{0x307, 0x4, 0xeff032512c8b53e2, @private=0xa010102, 0xffffff00, @multicast2, 0xff, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0xff, 0x0, 0xff, 0xff, 0xff], @random="2eb8607224f1", [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0x4, 0x20}}}], [@arpreply={'arpreply\x00', 0x10, {{@random="e91c4262998a"}}}], @arpreply={'arpreply\x00', 0x10, {{@remote, 0xfffffffffffffffe}}}}, {0x9, 0x48, 0x8863, 'syzkaller0\x00', 'vlan1\x00', 'xfrm0\x00', 'pimreg0\x00', @random="44f8f978961f", [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], @broadcast, [0x0, 0xff, 0xff], 0x126, 0x19e, 0x1d6, [@physdev={{'physdev\x00', 0x0, 0x48}, {{'geneve0\x00', {0xff}, 'sit0\x00', {0xff}, 0x2, 0x1}}}, @limit={{'limit\x00', 0x0, 0x20}, {{0x80000000, 0x5d2d, 0xfff, 0xff, 0x291e, 0x95c3}}}], [@common=@nflog={'nflog\x00', 0x50, {{0x8, 0x2, 0xa858, 0x0, 0x0, "c1bb8666fd5676f659874e72832ee71faa8c6806c03f6253a5086b7a25d88d21e3db7d8ec8b915b89a22f1e487d2cf0f7c5d38aa9b145bad1845a3d012db52a4"}}}], @arpreply={'arpreply\x00', 0x10, {{@empty, 0xfffffffffffffffd}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc}, {0x0, '\x00', 0x2, 0x0, 0x1, [{0x5, 0x1c, 0x6004, 'ip6erspan0\x00', 'syz_tun\x00', 'ip6gretap0\x00', 'ip6_vti0\x00', @link_local, [0xff, 0xff, 0xff, 0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, [0xff], 0xce, 0x13e, 0x176, [@cpu={{'cpu\x00', 0x0, 0x8}, {{0x9}}}, @pkttype={{'pkttype\x00', 0x0, 0x8}, {{0x2a}}}], [@snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffd}}}, @snat={'snat\x00', 0x10, {{@multicast}}}], @arpreply={'arpreply\x00', 0x10, {{@local, 0xfffffffffffffffd}}}}]}]}, 0x5f2)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000200)='yeah', 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb88, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (fail_nth: 56)

361.485595ms ago: executing program 2 (id=3686):
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f0000000140)=@kern={0x10, 0x0, 0x0, 0x220f8b31a3b4f020}, 0xc)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000500)=0x1aa6, 0x4)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e6400"], 0x3c}}, 0x40000)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000005c0)={&(0x7f00000002c0)={0x20c, r5, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x84, 0x8, 0x0, 0x1, [{0x4}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x33b562cc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e4bda42}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x59}]}, {0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x39}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4909835c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5ab90cd3}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xb46ecb4}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdc}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x81}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6638c642}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7ce495ee}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5}, {0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x38e11918}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x175d3fec}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x98f5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd1e1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4ff14ba0}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x10888875}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x875f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeaa}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x69a3e62a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdb21}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xde56}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3dadd250}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSCATLST={0xc0, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x430b8ba0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8628}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x36ad854f}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe37d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c944e64}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74f06d7d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9a0b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3e409b3d}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x440ddacf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5b8e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x23b8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf7d8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x625278a8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x15cd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x503f1c0}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x161f99ec}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x48ee}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7def}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xab86}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfd4c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xde8c}]}]}]}, 0x20c}, 0x1, 0x0, 0x0, 0x1}, 0x90)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x401c5820, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
socket$kcm(0x21, 0x2, 0xa)
sendmsg$nl_route_sched(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newtaction={0x128, 0x1e, 0x109, 0x70bd26, 0x25dfdbfc, {}, [{0x114, 0x1, [@m_mirred={0x110, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0xe4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x81, 0x2, 0x10000, 0x6}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2, 0x3, 0x6, 0x80000000}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7fffffff, 0x401, 0x0, 0x80000000, 0x5}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x45, 0x100, 0x1, 0x6, 0xfffffffa}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10001, 0xfffffff9, 0x1, 0x5, 0x5}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x81, 0xfffffffa, 0x20000000, 0x9, 0xb4}, 0xa}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x100, 0x5, 0x9f5b}, 0x4}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x128}, 0x1, 0x2b1e, 0x0, 0x20044000}, 0x2000c000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000006380000240012800b00010069703667726500001400028006000f0008000000080004000200000008000a00", @ANYRES32=r3, @ANYBLOB], 0x4c}}, 0x0)

306.93568ms ago: executing program 3 (id=3687):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000003800), 0x1, 0x0)
writev(r1, &(0x7f0000003880)=[{&(0x7f0000003840)="4ad1", 0x2}], 0x1)
ppoll(&(0x7f00000038c0)=[{r1, 0x10}], 0x1, &(0x7f0000003900), 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@ipv4_newroute={0xb4, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x90, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x8c, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0x88, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_DATA={0x84, 0x3, "fde83a6d787c1ce4149d9520453bc3272236bd65f3eb2020701dec1fc8d5a3cea8cc55bb6256f0190c94ba260be06bd64d8a69af13b8e37e29f465dcdd014e5de0575c101431f55189a5c07a6fc064fab76e0291a81fdd9554e7e111c7222e5ae762c7219915fcd6aaedaa869cf74c0034b9baa3d31100"/128}}}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x841}, 0x0)

196.508288ms ago: executing program 3 (id=3688):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
close(0x3)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
socket$alg(0x26, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f00000002c0), 0x8)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x21, &(0x7f00006dbffc), 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10)
sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000004c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb2d94ae3ac4cb94c12da07d3bceae3a03adc690049e5ac1ec24deaba6fb08f165386aff710d042de332fc1062b0e9306ea7639c0e30d94ceaf76afb36ec8e373ae26899025043ab655ec699608b7e8d844ae5774ca70584a7e9e7", 0x90}], 0x2, 0x0, 0x0, 0x10}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1bf7ff02000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(0x3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x6a2e4e0ed11fabf6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000010000000800000002"], 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000000c0)=r8, 0x4)
sendmsg$unix(r7, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40)

17.975936ms ago: executing program 3 (id=3689):
r0 = socket$kcm(0x29, 0x0, 0x0)
ioctl$NILFS_IOCTL_GET_BDESCS(r0, 0xc0186e87, &(0x7f0000000140)={&(0x7f0000000080)=[{0x9, 0x68, 0x4, 0x101, 0xa90c9966}, {0x7fffffffffffffff, 0xd, 0x0, 0xe05, 0xfffffffd}, {0x7844, 0x7, 0xff, 0x200, 0x9}, {0x2df2, 0x7, 0x6, 0x2, 0x1}], 0x4, 0x28, 0x7, 0x1})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x400, 0x2, 0x2000005}, 0x1c)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000540)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x6558, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x40000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x13, r5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
accept4$inet6(r5, 0x0, &(0x7f0000000200), 0x800)

0s ago: executing program 1 (id=3690):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000100)=0xf, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10)
recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfecc}, 0x40000002)
setsockopt(r0, 0x3e5, 0xe, &(0x7f0000000040)="020000000980ffff", 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x1c, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20008005)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000000)=0x80, 0x4)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x40010, r0, 0xc8d3d000)

kernel console output (not intermixed with test programs):

'syz.0.3026': attribute type 8 has an invalid length.
[  384.334020][T16338] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3026'.
[  384.523609][T16260] virt_wifi0 speed is unknown, defaulting to 1000
[  384.845098][ T5632] Bluetooth: hci0: command tx timeout
[  384.874172][T16361] netlink: 'syz.0.3034': attribute type 16 has an invalid length.
[  384.882085][T16361] netlink: 'syz.0.3034': attribute type 17 has an invalid length.
[  384.995073][T16361] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.026773][T16361] 8021q: adding VLAN 0 to HW filter on device team0
[  385.127586][T16361] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.203930][T16361] bridge_slave_1: left allmulticast mode
[  385.253414][T16361] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  385.264508][T16361] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  385.295428][T16361] veth1_vlan: left promiscuous mode
[  385.321344][T16361] veth0_vlan: left promiscuous mode
[  385.337655][T16361] veth0_vlan: entered promiscuous mode
[  385.347417][ T1692] block nbd4: Possible stuck request ffff888027645080: control (read@0,1024B). Runtime 270 seconds
[  385.358170][ T1692] block nbd4: Possible stuck request ffff888027645240: control (read@1024,1024B). Runtime 270 seconds
[  385.369502][ T1692] block nbd4: Possible stuck request ffff888027645400: control (read@2048,1024B). Runtime 270 seconds
[  385.380467][ T1692] block nbd4: Possible stuck request ffff8880276455c0: control (read@3072,1024B). Runtime 270 seconds
[  385.409735][T16361] veth1_vlan: entered promiscuous mode
[  385.421881][T16361] veth1_macvtap: left promiscuous mode
[  385.428690][T16361] veth0_macvtap: left promiscuous mode
[  385.435440][T16361] veth0_macvtap: entered promiscuous mode
[  385.442484][T16361] veth1_macvtap: entered promiscuous mode
[  385.449840][T16361] geneve0: left promiscuous mode
[  385.457206][T16361] geneve0: entered promiscuous mode
[  385.478511][T16361] 8021q: adding VLAN 0 to HW filter on device eth0
[  385.486407][T16361] 8021q: adding VLAN 0 to HW filter on device eth1
[  385.494276][T16361] 8021q: adding VLAN 0 to HW filter on device eth2
[  385.502092][T16361] 8021q: adding VLAN 0 to HW filter on device eth3
[  385.546113][T16361] geneve2: left promiscuous mode
[  385.570214][T16361] mac80211_hwsim hwsim32 wlan0: left promiscuous mode
[  385.578054][T16361] mac80211_hwsim hwsim32 wlan0: left allmulticast mode
[  385.586117][T16361] batadv1: left promiscuous mode
[  385.592303][T16361] batadv1: left allmulticast mode
[  385.597834][T16361] 8021q: adding VLAN 0 to HW filter on device batadv1
[  385.608625][T16361] bond1: left promiscuous mode
[  385.613734][T16361] ip6gre1: left promiscuous mode
[  385.619327][T16361] 8021q: adding VLAN 0 to HW filter on device bond1
[  385.650670][T16361] 8021q: adding VLAN 0 to HW filter on device bond2
[  385.661163][T16361] gtp1: left promiscuous mode
[  385.666559][T16361] gtp1: left allmulticast mode
[  385.680254][T16361] batadv2: left promiscuous mode
[  385.685451][T16361] batadv2: left allmulticast mode
[  385.691513][T16361] 8021q: adding VLAN 0 to HW filter on device batadv2
[  385.702097][T16361] bridge0: port 1(vlan3) entered blocking state
[  385.708604][T16361] bridge0: port 1(vlan3) entered listening state
[  385.726240][T16361] ipip0: left promiscuous mode
[  385.737283][T16361] bond3: left promiscuous mode
[  385.742730][T16361] bond3: left allmulticast mode
[  385.748650][T16361] 8021q: adding VLAN 0 to HW filter on device bond3
[  385.757137][T16361] geneve3: left promiscuous mode
[  385.762558][T16361] geneve3: left allmulticast mode
[  385.772925][T16361] 8021q: adding VLAN 0 to HW filter on device bond4
[  385.785194][T16361] 8021q: adding VLAN 0 to HW filter on device bond5
[  385.795451][T16361] 8021q: adding VLAN 0 to HW filter on device bond6
[  385.803695][T16361] bond7: left promiscuous mode
[  385.808534][T16361] team_slave_1: left promiscuous mode
[  385.814782][T16361] bond7: left allmulticast mode
[  385.820214][T16361] team_slave_1: left allmulticast mode
[  385.826276][T16361] 8021q: adding VLAN 0 to HW filter on device bond7
[  385.956330][  T808] uyz0: Port: 1 Link ACTIVE
[  385.961847][ T6593] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  385.973333][ T6593] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.001321][T16370] batman_adv: batadv0: Adding interface: dummy0
[  386.007872][T16370] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  386.062980][T16370] batman_adv: batadv0: Interface activated: dummy0
[  386.084775][ T6593] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.137205][ T6593] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.334398][T16371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3037'.
[  386.422866][T16388] FAULT_INJECTION: forcing a failure.
[  386.422866][T16388] name failslab, interval 1, probability 0, space 0, times 0
[  386.461172][T16388] CPU: 0 UID: 0 PID: 16388 Comm: syz.4.3041 Not tainted syzkaller #0 PREEMPT(full) 
[  386.461198][T16388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  386.461210][T16388] Call Trace:
[  386.461217][T16388]  <TASK>
[  386.461226][T16388]  dump_stack_lvl+0xe8/0x150
[  386.461251][T16388]  should_fail_ex+0x40c/0x560
[  386.461284][T16388]  should_failslab+0xa8/0x100
[  386.461304][T16388]  __kmalloc_cache_noprof+0x88/0x660
[  386.461328][T16388]  ? sctp_copy_local_addr_list+0xa3/0x4e0
[  386.461354][T16388]  ? sctp_add_bind_addr+0x8c/0x370
[  386.461385][T16388]  sctp_add_bind_addr+0x8c/0x370
[  386.461418][T16388]  sctp_copy_local_addr_list+0x31a/0x4e0
[  386.461447][T16388]  ? sctp_copy_local_addr_list+0xa3/0x4e0
[  386.461474][T16388]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  386.461503][T16388]  ? sctp_v6_is_any+0x64/0x80
[  386.461523][T16388]  ? sctp_copy_one_addr+0x93/0x360
[  386.461552][T16388]  sctp_bind_addr_copy+0xb3/0x3c0
[  386.461580][T16388]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  386.461607][T16388]  sctp_connect_new_asoc+0x2ff/0x6b0
[  386.461632][T16388]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  386.461654][T16388]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  386.461676][T16388]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  386.461696][T16388]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  386.461718][T16388]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  386.461742][T16388]  ? security_sctp_bind_connect+0x7e/0x2c0
[  386.461768][T16388]  sctp_sendmsg+0x159b/0x2d00
[  386.461804][T16388]  ? __pfx_sctp_sendmsg+0x10/0x10
[  386.461828][T16388]  ? aa_sk_perm+0x6d5/0x900
[  386.461860][T16388]  ? __pfx_aa_sk_perm+0x10/0x10
[  386.461887][T16388]  ? sock_rps_record_flow+0x19/0x350
[  386.461915][T16388]  ? inet_sendmsg+0x298/0x320
[  386.461939][T16388]  ? __pfx_inet_sendmsg+0x10/0x10
[  386.461969][T16388]  ____sys_sendmsg+0x853/0xa20
[  386.461999][T16388]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.462028][T16388]  ? import_iovec+0x73/0xa0
[  386.462052][T16388]  ___sys_sendmsg+0x2a5/0x360
[  386.462070][T16388]  ? __lock_acquire+0x683/0x2cd0
[  386.462094][T16388]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.462119][T16388]  ? kstrtouint+0x6e/0xe0
[  386.462177][T16388]  ? __fget_files+0x2a/0x420
[  386.462198][T16388]  ? __fget_files+0x3a2/0x420
[  386.462230][T16388]  __sys_sendmmsg+0x27c/0x4e0
[  386.462255][T16388]  ? __pfx___sys_sendmmsg+0x10/0x10
[  386.462273][T16388]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  386.462321][T16388]  ? ksys_write+0x242/0x270
[  386.462348][T16388]  ? __pfx_ksys_write+0x10/0x10
[  386.462380][T16388]  __x64_sys_sendmmsg+0xa0/0xc0
[  386.462399][T16388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.462418][T16388]  do_syscall_64+0x174/0x580
[  386.462438][T16388]  ? trace_irq_disable+0x3b/0x140
[  386.462464][T16388]  ? clear_bhb_loop+0x40/0x90
[  386.462487][T16388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.462505][T16388] RIP: 0033:0x7fa85a59ce59
[  386.462524][T16388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  386.462539][T16388] RSP: 002b:00007fa85b4b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  386.462559][T16388] RAX: ffffffffffffffda RBX: 00007fa85a815fa0 RCX: 00007fa85a59ce59
[  386.462573][T16388] RDX: 0000000000000001 RSI: 0000200000000540 RDI: 0000000000000003
[  386.462585][T16388] RBP: 00007fa85b4b9090 R08: 0000000000000000 R09: 0000000000000000
[  386.462596][T16388] R10: 00000000000c88c4 R11: 0000000000000246 R12: 0000000000000002
[  386.462607][T16388] R13: 00007fa85a816038 R14: 00007fa85a815fa0 R15: 00007ffff83ffdc8
[  386.462639][T16388]  </TASK>
[  386.986478][ T5632] Bluetooth: hci0: command tx timeout
[  387.470331][ T3339] net_ratelimit: 35 callbacks suppressed
[  387.470353][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  387.549016][T16394] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3043'.
[  387.586103][T16394] netlink: 'syz.0.3043': attribute type 7 has an invalid length.
[  387.594725][T16260] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.611636][T16260] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.621646][T16394] netlink: 'syz.0.3043': attribute type 8 has an invalid length.
[  387.656269][T16260] bridge_slave_0: entered allmulticast mode
[  387.664029][T16260] bridge_slave_0: entered promiscuous mode
[  387.676189][T16260] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.679863][T16394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3043'.
[  387.683447][T16260] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.699422][T16260] bridge_slave_1: entered allmulticast mode
[  387.707215][T16260] bridge_slave_1: entered promiscuous mode
[  387.818019][T16260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.844112][T16260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.912358][T16260] team0: Port device team_slave_0 added
[  387.921100][T16260] team0: Port device team_slave_1 added
[  388.059192][T16260] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.066420][T16260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  388.101617][T16260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.142908][T16260] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.155885][T16260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  388.183149][T16260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.266231][T16260] hsr_slave_0: entered promiscuous mode
[  388.273482][T16260] hsr_slave_1: entered promiscuous mode
[  388.296010][T16260] debugfs: 'hsr0' already exists in 'hsr'
[  388.313757][T16260] Cannot create hsr debugfs directory
[  388.573336][T16344] Set syz1 is full, maxelem 65536 reached
[  388.833951][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  388.849787][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  389.041479][ T5632] Bluetooth: hci0: command tx timeout
[  389.050304][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  389.075925][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  389.163926][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  389.191909][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  389.279950][   T88] bond0: (slave geneve2): failed to get link speed/duplex
[  389.311995][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  389.446552][ T5632] block nbd9: Receive control failed (result -32)
[  389.456367][ T5635] block nbd9: Receive control failed (result -32)
[  389.513501][T16457] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3055'.
[  389.627690][T16260] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  389.671331][T16260] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  389.702608][T16260] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  389.755507][T16260] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  389.767663][T16260] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  389.781958][T16260] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  389.858549][T16260] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  389.873397][T16260] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  389.988580][T16483] bridge3: entered allmulticast mode
[  390.027991][T16486] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3062'.
[  390.151560][T16260] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.208005][T16491] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3064'.
[  390.306139][T16260] 8021q: adding VLAN 0 to HW filter on device team0
[  390.411868][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.419178][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.452159][  T179] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.459365][  T179] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.477755][T16500] syzkaller1: entered promiscuous mode
[  390.484113][T16500] syzkaller1: entered allmulticast mode
[  390.895900][T16519] geneve0: left promiscuous mode
[  390.918265][T16515] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3073'.
[  391.080035][ T5635] Bluetooth: hci0: command tx timeout
[  391.249145][T16260] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.290406][T16260] veth0_vlan: entered promiscuous mode
[  391.304462][T16260] veth1_vlan: entered promiscuous mode
[  391.375606][T16260] veth0_macvtap: entered promiscuous mode
[  391.437422][T16260] veth1_macvtap: entered promiscuous mode
[  391.450003][T16538] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3078'.
[  391.494856][T16260] batman_adv: batadv0: Interface activated: batadv_slave_0
[  391.538833][T16260] batman_adv: batadv0: Interface activated: batadv_slave_1
[  391.578812][ T6603] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.597357][ T6603] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.616069][ T6603] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.636928][ T6603] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.876076][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.883932][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.997337][ T6603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.005190][ T6603] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.147714][T16571] Bluetooth: MGMT ver 1.23
[  392.175612][T16572] syzkaller1: entered promiscuous mode
[  392.205459][T16572] syzkaller1: entered allmulticast mode
[  392.291742][T16578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3007'.
[  392.400963][T16585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3007'.
[  392.569867][ T6603] net_ratelimit: 26 callbacks suppressed
[  392.569888][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  392.588720][T16588] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  392.605602][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  392.709675][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  392.740127][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  392.803416][ T5632] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  392.818238][ T5632] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  392.827038][ T5632] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  392.836151][ T5632] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  392.847229][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  392.853458][ T5632] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  392.891138][T16597] ip6erspan0: entered allmulticast mode
[  392.896964][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  393.061516][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  393.124269][T16605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3100'.
[  393.144807][T16606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3100'.
[  393.216188][T16607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3098'.
[  393.405798][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  393.413542][ T6593] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  393.565694][T16619] netlink: 'syz.2.3102': attribute type 7 has an invalid length.
[  393.588760][T16619] netlink: 'syz.2.3102': attribute type 8 has an invalid length.
[  393.671616][T16619] ip6gretap0: entered promiscuous mode
[  393.703129][T16619] syz_tun: entered promiscuous mode
[  393.727257][T16619] ip6gretap0: left promiscuous mode
[  393.738628][T16619] syz_tun: left promiscuous mode
[  393.976384][T16634] netlink: 'syz.3.3107': attribute type 11 has an invalid length.
[  394.032725][T16641] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:20002
[  394.060600][T16641] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20004
[  394.575437][T16594] virt_wifi0 speed is unknown, defaulting to 1000
[  394.636178][T16654] __nla_validate_parse: 6 callbacks suppressed
[  394.636197][T16654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3114'.
[  394.924346][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.931605][    C1] bridge0: topology change detected, propagating
[  394.938557][    C1] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.945792][    C1] bridge0: topology change detected, propagating
[  394.952334][    C1] bridge0: port 3(team0) entered forwarding state
[  394.958768][    C1] bridge0: topology change detected, propagating
[  395.005778][ T5632] Bluetooth: hci2: command tx timeout
[  395.372392][T16594] bridge0: port 1(bridge_slave_0) entered blocking state
[  395.379656][T16594] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.386943][T16594] bridge_slave_0: entered allmulticast mode
[  395.394642][T16594] bridge_slave_0: entered promiscuous mode
[  395.403196][T16594] bridge0: port 2(bridge_slave_1) entered blocking state
[  395.410511][T16594] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.417769][T16594] bridge_slave_1: entered allmulticast mode
[  395.425501][T16594] bridge_slave_1: entered promiscuous mode
[  395.494460][T16594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  395.556664][T16594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  395.670108][T16594] team0: Port device team_slave_0 added
[  395.691025][T16594] team0: Port device team_slave_1 added
[  395.730119][T16594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  395.737207][T16594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  395.763346][T16594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  395.846341][T16594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  395.861639][T16594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  395.897457][T16594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  395.989672][T16594] hsr_slave_0: entered promiscuous mode
[  396.024968][T16594] hsr_slave_1: entered promiscuous mode
[  396.031564][T16594] debugfs: 'hsr0' already exists in 'hsr'
[  396.037326][T16594] Cannot create hsr debugfs directory
[  396.745301][T16720] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3130'.
[  397.079595][ T5632] Bluetooth: hci2: command tx timeout
[  397.090884][T16594] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  397.102851][T16594] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.285653][T16594] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  397.295585][T16594] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.408373][T16749] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  397.453236][T16749] bond8: option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[  397.496528][T16749] bond8 (unregistering): Released all slaves
[  397.500745][T16754] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3140'.
[  397.523621][T16594] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  397.533685][T16594] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.552007][T16754] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3140'.
[  397.573689][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3137'.
[  397.694311][T16757] netlink: 'syz.3.3140': attribute type 1 has an invalid length.
[  397.835093][T16755] bridge0: port 1(vlan3) entered disabled state
[  399.159782][ T5632] Bluetooth: hci2: command tx timeout
[  399.545634][ T5780] uyz0: Port: 1 Link DOWN
[  399.560154][ T6601] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.632237][T16594] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  399.643198][T16594] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.691145][ T6601] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.715348][ T6601] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.723782][ T6601] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  399.759569][ T6601] net_ratelimit: 3352 callbacks suppressed
[  399.759587][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  399.779549][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  399.946652][T16805] xt_hashlimit: size too large, truncated to 1048576
[  399.973354][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  400.083425][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  400.134960][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  400.241778][   T88] bond0: (slave geneve2): failed to get link speed/duplex
[  400.269583][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  400.370472][   T88] bond0: (slave geneve2): failed to get link speed/duplex
[  400.395314][T16821] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  400.402849][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  400.484153][T16827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3158'.
[  400.631341][T16821] bond8: option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[  400.676552][T16834] block nbd3: must specify backend
[  400.702758][T16834] netlink: 15990 bytes leftover after parsing attributes in process `syz.3.3160'.
[  400.720349][T16821] bond8 (unregistering): Released all slaves
[  400.816519][T16841] pim6reg99999999: entered allmulticast mode
[  400.872228][   T88] bond0: (slave geneve2): failed to get link speed/duplex
[  400.953931][T16594] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  401.014302][T16594] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  401.059319][T16594] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  401.094236][T16594] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  401.099894][T16850] xt_CT: You must specify a L4 protocol and not use inversions on it
[  401.116304][T16857] netlink: 'syz.1.3165': attribute type 11 has an invalid length.
[  401.149501][T16594] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  401.166055][T16594] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  401.174486][T16594] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  401.222969][T16594] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  401.239758][ T5632] Bluetooth: hci2: command tx timeout
[  401.252452][T16857] ip6gretap0: left promiscuous mode
[  401.347554][T16857] 8021q: adding VLAN 0 to HW filter on device bond0
[  401.357121][T16857] 8021q: adding VLAN 0 to HW filter on device team0
[  401.369371][T16857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.414479][T16867] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3164'.
[  401.426281][T16867] netlink: 'syz.0.3164': attribute type 7 has an invalid length.
[  401.436060][T16867] netlink: 'syz.0.3164': attribute type 8 has an invalid length.
[  401.442826][T16857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  401.445115][T16867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3164'.
[  401.456010][T16857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  401.470677][T16857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  401.484279][T16857] veth1_vlan: left promiscuous mode
[  401.490618][T16857] veth0_vlan: left promiscuous mode
[  401.496473][T16857] veth0_vlan: entered promiscuous mode
[  401.504285][T16857] veth1_vlan: entered promiscuous mode
[  401.512975][T16857] tipc: Resetting bearer <eth:ipvlan0>
[  401.520676][T16857] veth1_macvtap: left promiscuous mode
[  401.529252][T16857] veth0_macvtap: left promiscuous mode
[  401.536467][T16857] veth0_macvtap: entered promiscuous mode
[  401.543970][T16857] veth1_macvtap: entered promiscuous mode
[  401.554387][T16857] bridge0: port 3(vlan2) entered blocking state
[  401.560901][T16857] bridge0: port 3(vlan2) entered listening state
[  401.573283][T16857] 8021q: adding VLAN 0 to HW filter on device 
��
[  401.581895][T16857] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  401.590383][T16857] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  401.598784][T16857] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  401.608799][T16857] ip6gretap0: entered promiscuous mode
[  401.620141][T16857] 8021q: adding VLAN 0 to HW filter on device bond1
[  401.691727][T16859] mac80211_hwsim hwsim61 wlan0: entered promiscuous mode
[  401.698854][T16859] mac80211_hwsim hwsim61 wlan0: entered allmulticast mode
[  401.716998][ T3339] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.724184][ T3339] bridge0: port 1(bridge_slave_0) entered listening state
[  401.752348][ T3339] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.759585][ T3339] bridge0: port 2(bridge_slave_1) entered listening state
[  401.790872][T16846] virt_wifi0 speed is unknown, defaulting to 1000
[  401.804268][   T62] netdevsim netdevsim1 
��: set [1, 0] type 2 family 0 port 6081 - 0
[  401.812458][   T62] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  401.821316][   T62] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  401.867361][   T62] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.919541][    C0] Dropped outbound packet type=88ca
[  401.980980][ T5779] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  402.232374][T16883] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3170'.
[  402.333418][ T5780] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  402.376584][T16890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3173'.
[  402.449842][    C0] Dropped outbound packet type=88ca
[  402.508015][T16594] 8021q: adding VLAN 0 to HW filter on device bond0
[  402.552837][T16895] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  402.585409][T16594] 8021q: adding VLAN 0 to HW filter on device team0
[  402.613258][   T62] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  402.647452][T16898] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3174'.
[  402.804651][T16906] FAULT_INJECTION: forcing a failure.
[  402.804651][T16906] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  402.818533][T16906] CPU: 0 UID: 0 PID: 16906 Comm: syz.3.3179 Not tainted syzkaller #0 PREEMPT(full) 
[  402.818559][T16906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  402.818570][T16906] Call Trace:
[  402.818578][T16906]  <TASK>
[  402.818586][T16906]  dump_stack_lvl+0xe8/0x150
[  402.818614][T16906]  should_fail_ex+0x40c/0x560
[  402.818647][T16906]  prepare_alloc_pages+0x230/0x650
[  402.818682][T16906]  __alloc_frozen_pages_noprof+0x12f/0x380
[  402.818712][T16906]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  402.818752][T16906]  ? __pfx_policy_nodemask+0x10/0x10
[  402.818778][T16906]  ? __folio_batch_add_and_move+0x11a/0xc50
[  402.818803][T16906]  ? lock_acquire+0x106/0x350
[  402.818830][T16906]  alloc_pages_mpol+0x212/0x380
[  402.818854][T16906]  folio_alloc_mpol_noprof+0x39/0x160
[  402.818883][T16906]  vma_alloc_folio_noprof+0xe1/0x1e0
[  402.818904][T16906]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  402.818933][T16906]  do_wp_page+0x1163/0x4c70
[  402.818972][T16906]  ? __pfx_do_wp_page+0x10/0x10
[  402.818991][T16906]  ? do_raw_spin_lock+0x12b/0x2f0
[  402.819017][T16906]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  402.819052][T16906]  handle_mm_fault+0x1492/0x3080
[  402.819087][T16906]  ? handle_mm_fault+0xec/0x3080
[  402.819118][T16906]  ? __pfx_handle_mm_fault+0x10/0x10
[  402.819140][T16906]  ? follow_page_pte+0xbd0/0xe70
[  402.819172][T16906]  ? __pfx_follow_page_pte+0x10/0x10
[  402.819205][T16906]  __get_user_pages+0x1678/0x2720
[  402.819259][T16906]  __gup_longterm_locked+0xd52/0x15c0
[  402.819293][T16906]  ? sanity_check_pinned_pages+0x817/0x8d0
[  402.819322][T16906]  gup_fast_fallback+0x1d82/0x20d0
[  402.819367][T16906]  ? __pfx_stack_trace_save+0x10/0x10
[  402.819412][T16906]  ? __pfx_gup_fast_fallback+0x10/0x10
[  402.819431][T16906]  ? __x64_sys_recvmsg+0x1ba/0x2a0
[  402.819450][T16906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.819473][T16906]  ? pin_user_pages_fast+0x4d/0xb0
[  402.819496][T16906]  iov_iter_extract_pages+0x369/0x5f0
[  402.819525][T16906]  extract_iter_to_sg+0xee0/0x25f0
[  402.819565][T16906]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  402.819596][T16906]  ? trace_kmalloc+0x2a/0xf0
[  402.819622][T16906]  ? __kmalloc_noprof+0x379/0x750
[  402.819645][T16906]  ? sock_kmalloc+0xd6/0x160
[  402.819662][T16906]  ? __kmalloc_noprof+0x1b4/0x750
[  402.819689][T16906]  ? __asan_memset+0x22/0x50
[  402.819713][T16906]  af_alg_get_rsgl+0x493/0x8d0
[  402.819755][T16906]  skcipher_recvmsg+0x3a0/0x1270
[  402.819780][T16906]  ? aa_sk_perm+0x6d5/0x900
[  402.819819][T16906]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  402.819837][T16906]  ? __lock_acquire+0x683/0x2cd0
[  402.819854][T16906]  ? aa_sock_msg_perm+0xf1/0x1b0
[  402.819881][T16906]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  402.819903][T16906]  ? security_socket_recvmsg+0x7e/0x2c0
[  402.819923][T16906]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  402.819943][T16906]  sock_recvmsg+0x172/0x1b0
[  402.819970][T16906]  ____sys_recvmsg+0x1e6/0x4a0
[  402.819999][T16906]  ? __pfx_____sys_recvmsg+0x10/0x10
[  402.820035][T16906]  ? import_iovec+0x73/0xa0
[  402.820059][T16906]  ___sys_recvmsg+0x213/0x590
[  402.820078][T16906]  ? get_pid_task+0x20/0x1f0
[  402.820098][T16906]  ? get_pid_task+0x20/0x1f0
[  402.820124][T16906]  ? __pfx____sys_recvmsg+0x10/0x10
[  402.820149][T16906]  ? __fget_files+0x2a/0x420
[  402.820189][T16906]  ? __fget_files+0x3a2/0x420
[  402.820222][T16906]  __x64_sys_recvmsg+0x1ba/0x2a0
[  402.820245][T16906]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  402.820275][T16906]  ? __pfx_ksys_write+0x10/0x10
[  402.820309][T16906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.820330][T16906]  do_syscall_64+0x174/0x580
[  402.820350][T16906]  ? trace_irq_disable+0x3b/0x140
[  402.820375][T16906]  ? clear_bhb_loop+0x40/0x90
[  402.820398][T16906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.820416][T16906] RIP: 0033:0x7f99d7d9ce59
[  402.820434][T16906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  402.820450][T16906] RSP: 002b:00007f99d8ce3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  402.820470][T16906] RAX: ffffffffffffffda RBX: 00007f99d8015fa0 RCX: 00007f99d7d9ce59
[  402.820483][T16906] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  402.820495][T16906] RBP: 00007f99d8ce3090 R08: 0000000000000000 R09: 0000000000000000
[  402.820507][T16906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  402.820518][T16906] R13: 00007f99d8016038 R14: 00007f99d8015fa0 R15: 00007ffd953ed348
[  402.820550][T16906]  </TASK>
[  402.848126][T16895] bond8: option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[  402.911112][T16909] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20001
[  403.292001][T16895] bond8 (unregistering): Released all slaves
[  403.409276][T16898] bridge0: port 3(vlan2) entered disabled state
[  403.416416][T16898] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.423835][T16898] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.479550][    C0] Dropped outbound packet type=88ca
[  403.487220][T16898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  403.514468][T16898] tipc: Resetting bearer <eth:ipvlan0>
[  403.677210][ T6601] netdevsim netdevsim1 
��: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.693771][ T6606] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.701016][ T6606] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.733424][ T6601] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.742650][ T6601] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  403.785089][ T6606] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.792336][ T6606] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.828189][ T6601] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  404.063851][T16925] geneve2: entered promiscuous mode
[  404.137971][T16934] xt_hashlimit: size too large, truncated to 1048576
[  404.150862][T16935] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3186'.
[  404.341281][T16944] syzkaller0: entered promiscuous mode
[  404.347061][T16944] syzkaller0: entered allmulticast mode
[  404.502876][T16947] netlink: 'syz.1.3189': attribute type 11 has an invalid length.
[  404.757412][T16594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.857422][  T179] net_ratelimit: 17 callbacks suppressed
[  404.857442][  T179] bond0: (slave geneve2): failed to get link speed/duplex
[  404.889576][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  405.048898][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  405.086687][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  405.175735][T16594] veth0_vlan: entered promiscuous mode
[  405.248558][T16594] veth1_vlan: entered promiscuous mode
[  405.321684][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  405.336758][T16594] veth0_macvtap: entered promiscuous mode
[  405.346979][T16594] veth1_macvtap: entered promiscuous mode
[  405.366053][T16594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  405.377433][T16594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  405.475407][ T3339] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.518271][ T3339] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.568871][ T3339] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.601394][ T3339] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.748593][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  405.756062][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  405.818088][ T6606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.825952][ T6606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.894698][ T3339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.902741][ T3339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.961579][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  406.089576][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  406.187690][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  406.542135][T17018] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3207'.
[  406.696385][ T5635] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  406.717469][ T5635] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  406.735413][ T5635] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  406.754524][ T5635] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  406.763358][ T5635] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  407.276662][T17013] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  407.279001][T17040] debugfs: '1��^!�Y������
[  407.279001][T17040] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  407.351959][T17052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3211'.
[  407.382101][T17042] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3211'.
[  407.444766][T17054] sysfs: cannot create duplicate filename '/class/ieee80211/1��^!�Y������
[  407.444766][T17054] 3�UH�5r�Bn���\'
[  407.469711][T17054] CPU: 0 UID: 0 PID: 17054 Comm: syz.1.3212 Not tainted syzkaller #0 PREEMPT(full) 
[  407.469743][T17054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  407.469756][T17054] Call Trace:
[  407.469764][T17054]  <TASK>
[  407.469774][T17054]  dump_stack_lvl+0xe8/0x150
[  407.469805][T17054]  sysfs_warn_dup+0x8e/0xa0
[  407.469833][T17054]  sysfs_do_create_link_sd+0xc0/0x110
[  407.469864][T17054]  device_add_class_symlinks+0x1cf/0x240
[  407.469902][T17054]  device_add+0x467/0xb90
[  407.469935][T17054]  wiphy_register+0x1fc8/0x2ff0
[  407.469974][T17054]  ? __pfx_wiphy_register+0x10/0x10
[  407.469995][T17054]  ? __pfx_netdev_run_todo+0x10/0x10
[  407.470020][T17054]  ? minstrel_ht_alloc+0x6e0/0x7e0
[  407.470056][T17054]  ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0
[  407.470084][T17054]  ieee80211_register_hw+0x3d3d/0x4a50
[  407.470123][T17054]  ? ieee80211_register_hw+0x19c1/0x4a50
[  407.470174][T17054]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  407.470201][T17054]  ? __asan_memset+0x22/0x50
[  407.470228][T17054]  ? __hrtimer_setup+0x1b7/0x260
[  407.470254][T17054]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  407.470280][T17054]  mac80211_hwsim_new_radio+0x3238/0x5680
[  407.470333][T17054]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  407.470353][T17054]  ? kstrndup+0xbd/0x160
[  407.470379][T17054]  ? kstrndup+0xbd/0x160
[  407.470401][T17054]  hwsim_new_radio_nl+0xd8b/0xf90
[  407.470451][T17054]  genl_family_rcv_msg_doit+0x233/0x340
[  407.470488][T17054]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  407.470530][T17054]  ? bpf_lsm_capable+0x9/0x20
[  407.470551][T17054]  ? security_capable+0x7e/0x2c0
[  407.470587][T17054]  genl_rcv_msg+0x614/0x7a0
[  407.470621][T17054]  ? __pfx_genl_rcv_msg+0x10/0x10
[  407.470648][T17054]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  407.470703][T17054]  netlink_rcv_skb+0x226/0x4a0
[  407.470734][T17054]  ? __pfx_genl_rcv_msg+0x10/0x10
[  407.470764][T17054]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  407.470804][T17054]  ? down_read+0x270/0x2e0
[  407.470830][T17054]  ? genl_rcv+0xd/0x40
[  407.470859][T17054]  genl_rcv+0x28/0x40
[  407.470885][T17054]  netlink_unicast+0x7bb/0x940
[  407.470930][T17054]  netlink_sendmsg+0x813/0xb40
[  407.470962][T17054]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.470987][T17054]  ? __se_sys_ioctl+0x47/0x170
[  407.471016][T17054]  ? do_syscall_64+0x174/0x580
[  407.471039][T17054]  ? aa_sock_msg_perm+0xf1/0x1b0
[  407.471071][T17054]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  407.471097][T17054]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.471123][T17054]  ____sys_sendmsg+0x9b9/0xa20
[  407.471149][T17054]  ? __might_fault+0xaf/0x130
[  407.471183][T17054]  ? __pfx_____sys_sendmsg+0x10/0x10
[  407.471228][T17054]  ? import_iovec+0x73/0xa0
[  407.471258][T17054]  ___sys_sendmsg+0x2a5/0x360
[  407.471279][T17054]  ? __lock_acquire+0x683/0x2cd0
[  407.471305][T17054]  ? __pfx____sys_sendmsg+0x10/0x10
[  407.471336][T17054]  ? tomoyo_path_number_perm+0x219/0x5f0
[  407.471392][T17054]  ? __fget_files+0x2a/0x420
[  407.471417][T17054]  ? __fget_files+0x3a2/0x420
[  407.471454][T17054]  __x64_sys_sendmsg+0x1bd/0x2a0
[  407.471480][T17054]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  407.471500][T17054]  ? rcu_is_watching+0x15/0xb0
[  407.471536][T17054]  ? __pfx_kcov_ioctl+0x10/0x10
[  407.471572][T17054]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.471596][T17054]  do_syscall_64+0x174/0x580
[  407.471618][T17054]  ? trace_irq_disable+0x3b/0x140
[  407.471648][T17054]  ? clear_bhb_loop+0x40/0x90
[  407.471675][T17054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.471703][T17054] RIP: 0033:0x7f1249d9ce59
[  407.471725][T17054] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.471743][T17054] RSP: 002b:00007f124ad04028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.471765][T17054] RAX: ffffffffffffffda RBX: 00007f124a016090 RCX: 00007f1249d9ce59
[  407.471782][T17054] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  407.471796][T17054] RBP: 00007f1249e32d6f R08: 0000000000000000 R09: 0000000000000000
[  407.471809][T17054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  407.471822][T17054] R13: 00007f124a016128 R14: 00007f124a016090 R15: 00007fff22bf7988
[  407.471858][T17054]  </TASK>
[  408.149724][T17061] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3214'.
[  408.166214][T17021] virt_wifi0 speed is unknown, defaulting to 1000
[  408.223785][T17061] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3214'.
[  408.645104][T17021] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.653149][T17021] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.660744][T17021] bridge_slave_0: entered allmulticast mode
[  408.674906][T17021] bridge_slave_0: entered promiscuous mode
[  408.693441][T17021] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.710989][T17021] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.727981][T17021] bridge_slave_1: entered allmulticast mode
[  408.746545][T17082] netlink: 'syz.2.3219': attribute type 1 has an invalid length.
[  408.755480][T17021] bridge_slave_1: entered promiscuous mode
[  408.767960][T17086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3217'.
[  408.786245][T17086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3217'.
[  408.786367][ T7699] IPVS: starting estimator thread 0...
[  408.813304][T17085] xt_hashlimit: size too large, truncated to 1048576
[  408.813923][T17082] 8021q: adding VLAN 0 to HW filter on device bond1
[  408.871410][T17091] netlink: 'syz.4.3218': attribute type 1 has an invalid length.
[  408.895760][T17091] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3218'.
[  408.905210][T17088] IPVS: using max 33 ests per chain, 79200 per kthread
[  408.939798][T17086] ip6gretap0: entered promiscuous mode
[  408.941018][ T5632] Bluetooth: hci4: command tx timeout
[  408.965800][T17086] syz_tun: entered promiscuous mode
[  409.007804][T17021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  409.025619][T17089] netlink: 'syz.2.3219': attribute type 1 has an invalid length.
[  409.057570][T17021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  409.183432][T17021] team0: Port device team_slave_0 added
[  409.196964][T17021] team0: Port device team_slave_1 added
[  409.232160][T17021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  409.239144][T17021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  409.276040][T17021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  409.357465][T17021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  409.364624][T17021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  409.453146][T17021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  409.681327][T17021] hsr_slave_0: entered promiscuous mode
[  409.695988][T17021] hsr_slave_1: entered promiscuous mode
[  409.710462][T17021] debugfs: 'hsr0' already exists in 'hsr'
[  409.725699][T17021] Cannot create hsr debugfs directory
[  410.120829][T17125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3231'.
[  410.132000][T17125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3231'.
[  410.233950][T17125] ip6gretap0: entered promiscuous mode
[  410.245710][T17125] syz_tun: entered promiscuous mode
[  410.261502][T17138] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  410.266623][T17125] debugfs: 'hsr1' already exists in 'hsr'
[  410.287945][T17125] Cannot create hsr debugfs directory
[  410.313265][T17138] bond2: option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[  410.327344][T17138] bond2 (unregistering): Released all slaves
[  410.601400][T17140] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.609056][T17140] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.980324][T17140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.001438][ T5632] Bluetooth: hci4: command tx timeout
[  411.114095][T17140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  411.728859][   T62] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  411.761531][   T62] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  411.780234][ T6593] net_ratelimit: 24 callbacks suppressed
[  411.780254][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  411.927611][   T62] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.006445][T17156] Cannot find add_set index 0 as target
[  412.013946][   T62] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.024224][T17156] __nla_validate_parse: 3 callbacks suppressed
[  412.024242][T17156] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3241'.
[  412.028985][T17154] FAULT_INJECTION: forcing a failure.
[  412.028985][T17154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.056217][T17153] nbd: socks must be embedded in a SOCK_ITEM attr
[  412.065055][  T179] bond0: (slave geneve2): failed to get link speed/duplex
[  412.072258][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  412.091534][T17154] CPU: 1 UID: 0 PID: 17154 Comm: syz.2.3240 Not tainted syzkaller #0 PREEMPT(full) 
[  412.091559][T17154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  412.091570][T17154] Call Trace:
[  412.091577][T17154]  <TASK>
[  412.091585][T17154]  dump_stack_lvl+0xe8/0x150
[  412.091611][T17154]  should_fail_ex+0x40c/0x560
[  412.091640][T17154]  _copy_to_user+0x31/0xb0
[  412.091660][T17154]  simple_read_from_buffer+0xe1/0x170
[  412.091684][T17154]  proc_fail_nth_read+0x1bb/0x230
[  412.091706][T17154]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.091731][T17154]  ? rw_verify_area+0x24a/0x4c0
[  412.091755][T17154]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.091774][T17154]  vfs_read+0x213/0xa80
[  412.091801][T17154]  ? __pfx___mutex_lock+0x10/0x10
[  412.091822][T17154]  ? __pfx_vfs_read+0x10/0x10
[  412.091844][T17154]  ? __fget_files+0x2a/0x420
[  412.091868][T17154]  ? __fget_files+0x3a2/0x420
[  412.091887][T17154]  ? __fget_files+0x2a/0x420
[  412.091914][T17154]  ksys_read+0x150/0x270
[  412.091937][T17154]  ? __pfx_ksys_read+0x10/0x10
[  412.091969][T17154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.091988][T17154]  do_syscall_64+0x174/0x580
[  412.092007][T17154]  ? trace_irq_disable+0x3b/0x140
[  412.092033][T17154]  ? clear_bhb_loop+0x40/0x90
[  412.092054][T17154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.092071][T17154] RIP: 0033:0x7fbc80f5d68e
[  412.092087][T17154] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  412.092101][T17154] RSP: 002b:00007fbc81ef5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  412.092119][T17154] RAX: ffffffffffffffda RBX: 00007fbc81ef66c0 RCX: 00007fbc80f5d68e
[  412.092131][T17154] RDX: 000000000000000f RSI: 00007fbc81ef60a0 RDI: 0000000000000004
[  412.092142][T17154] RBP: 00007fbc81ef6090 R08: 0000000000000000 R09: 0000000000000000
[  412.092152][T17154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  412.092161][T17154] R13: 00007fbc81216038 R14: 00007fbc81215fa0 R15: 00007ffd6226a7b8
[  412.092196][T17154]  </TASK>
[  412.381497][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  412.409740][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  412.474258][T17166] netlink: 'syz.3.3244': attribute type 4 has an invalid length.
[  412.493673][T17166] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3244'.
[  412.499935][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  412.571392][T17166] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes.
[  412.579585][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  412.581151][T17166] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3244'.
[  412.650948][T17172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3245'.
[  412.653099][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  412.660088][T17172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3245'.
[  412.723051][T17172] ip6gretap0: entered promiscuous mode
[  412.729374][T17172] syz_tun: entered promiscuous mode
[  412.735252][T17172] debugfs: 'hsr1' already exists in 'hsr'
[  412.772036][T17172] Cannot create hsr debugfs directory
[  412.777733][T17172] hsr1: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  412.788264][T17172] hsr1: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network
[  412.803017][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  413.167182][ T5632] Bluetooth: hci4: command tx timeout
[  413.710299][T17176] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  413.716954][T17176] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  414.003214][T17176] tipc: Resetting bearer <eth:syzkaller0>
[  414.184578][T17021] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  414.206242][T17021] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  414.344736][T17021] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  414.415553][T17021] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  414.473119][T17021] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  414.493115][T17021] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  414.510835][T17021] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  414.533478][T17021] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  414.859400][T17259] FAULT_INJECTION: forcing a failure.
[  414.859400][T17259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.891319][T17259] CPU: 1 UID: 0 PID: 17259 Comm: syz.1.3260 Not tainted syzkaller #0 PREEMPT(full) 
[  414.891344][T17259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  414.891354][T17259] Call Trace:
[  414.891361][T17259]  <TASK>
[  414.891369][T17259]  dump_stack_lvl+0xe8/0x150
[  414.891396][T17259]  should_fail_ex+0x40c/0x560
[  414.891427][T17259]  _copy_from_iter+0x1d3/0x1660
[  414.891449][T17259]  ? rcu_is_watching+0x15/0xb0
[  414.891475][T17259]  ? __pfx__copy_from_iter+0x10/0x10
[  414.891492][T17259]  ? kmem_cache_alloc_node_noprof+0x3ca/0x680
[  414.891524][T17259]  ? netlink_sendmsg+0x650/0xb40
[  414.891544][T17259]  ? skb_put+0x112/0x210
[  414.891564][T17259]  netlink_sendmsg+0x6c0/0xb40
[  414.891601][T17259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.891624][T17259]  ? aa_sock_msg_perm+0xf1/0x1b0
[  414.891650][T17259]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  414.891671][T17259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  414.891692][T17259]  ____sys_sendmsg+0x9b9/0xa20
[  414.891711][T17259]  ? __might_fault+0xaf/0x130
[  414.891739][T17259]  ? __pfx_____sys_sendmsg+0x10/0x10
[  414.891767][T17259]  ? import_iovec+0x73/0xa0
[  414.891790][T17259]  ___sys_sendmsg+0x2a5/0x360
[  414.891808][T17259]  ? __lock_acquire+0x683/0x2cd0
[  414.891831][T17259]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.891882][T17259]  ? __fget_files+0x2a/0x420
[  414.891903][T17259]  ? __fget_files+0x3a2/0x420
[  414.891933][T17259]  __x64_sys_sendmsg+0x1bd/0x2a0
[  414.891960][T17259]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  414.891988][T17259]  ? __pfx_ksys_write+0x10/0x10
[  414.892021][T17259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.892041][T17259]  do_syscall_64+0x174/0x580
[  414.892061][T17259]  ? trace_irq_disable+0x3b/0x140
[  414.892085][T17259]  ? clear_bhb_loop+0x40/0x90
[  414.892107][T17259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.892124][T17259] RIP: 0033:0x7f1249d9ce59
[  414.892142][T17259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  414.892157][T17259] RSP: 002b:00007f124ad25028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.892176][T17259] RAX: ffffffffffffffda RBX: 00007f124a015fa0 RCX: 00007f1249d9ce59
[  414.892190][T17259] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003
[  414.892202][T17259] RBP: 00007f124ad25090 R08: 0000000000000000 R09: 0000000000000000
[  414.892213][T17259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.892224][T17259] R13: 00007f124a016038 R14: 00007f124a015fa0 R15: 00007fff22bf7988
[  414.892253][T17259]  </TASK>
[  415.264267][T17267] atomic_op ffff888031ce5198 conn xmit_atomic 0000000000000000
[  415.283164][ T5632] Bluetooth: hci4: command tx timeout
[  415.914304][T17176] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  415.920255][T17176] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  415.991230][T17021] 8021q: adding VLAN 0 to HW filter on device bond0
[  416.066134][ T1692] block nbd4: Possible stuck request ffff888027645080: control (read@0,1024B). Runtime 300 seconds
[  416.078839][ T1692] block nbd4: Possible stuck request ffff888027645240: control (read@1024,1024B). Runtime 300 seconds
[  416.089921][ T1692] block nbd4: Possible stuck request ffff888027645400: control (read@2048,1024B). Runtime 300 seconds
[  416.100948][ T1692] block nbd4: Possible stuck request ffff8880276455c0: control (read@3072,1024B). Runtime 300 seconds
[  416.162524][T17021] 8021q: adding VLAN 0 to HW filter on device team0
[  416.206604][T17176] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  416.216722][T17176] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  416.256655][   T88] bridge0: port 1(bridge_slave_0) entered blocking state
[  416.264012][   T88] bridge0: port 1(bridge_slave_0) entered forwarding state
[  416.300192][ T6603] bridge0: port 2(bridge_slave_1) entered blocking state
[  416.307430][ T6603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  416.619554][T17176] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  416.639695][T17176] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  416.832286][  T179] net_ratelimit: 26 callbacks suppressed
[  416.832304][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  416.890431][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  416.960487][T17321] syzkaller0: entered promiscuous mode
[  416.966000][T17321] syzkaller0: entered allmulticast mode
[  417.147871][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  417.189703][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  417.222831][T17326] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3267'.
[  417.290155][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  417.329708][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  417.363685][T17021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  417.413217][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  417.500822][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  417.543765][T17021] veth0_vlan: entered promiscuous mode
[  417.586779][T17021] veth1_vlan: entered promiscuous mode
[  417.597563][T17353] tc_dump_action: action bad kind
[  417.615825][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  417.632920][T17346] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3271'.
[  417.660323][  T179] bond0: (slave geneve2): failed to get link speed/duplex
[  417.677671][T17346] netlink: 'syz.4.3271': attribute type 7 has an invalid length.
[  417.712704][T17346] netlink: 'syz.4.3271': attribute type 8 has an invalid length.
[  417.750388][T17346] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3271'.
[  417.771688][T17021] veth0_macvtap: entered promiscuous mode
[  417.846481][T17021] veth1_macvtap: entered promiscuous mode
[  417.901112][T17021] batman_adv: batadv0: Interface activated: batadv_slave_0
[  417.912088][T17366] sctp: [Deprecated]: syz.3.3274 (pid 17366) Use of int in max_burst socket option deprecated.
[  417.912088][T17366] Use struct sctp_assoc_value instead
[  417.979763][T17021] batman_adv: batadv0: Interface activated: batadv_slave_1
[  418.024957][  T179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.060278][  T179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.194941][  T179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.224817][  T179] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.404138][T17362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3275'.
[  418.640948][ T6606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.648817][ T6606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.888736][T17386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3277'.
[  418.913570][ T6601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.921515][ T6601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  419.203828][T17395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3279'.
[  419.219003][T17395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3279'.
[  419.490379][T17407] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3282'.
[  419.514862][T17407] FAULT_INJECTION: forcing a failure.
[  419.514862][T17407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.535901][T17407] CPU: 1 UID: 0 PID: 17407 Comm: syz.2.3282 Not tainted syzkaller #0 PREEMPT(full) 
[  419.535926][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  419.535937][T17407] Call Trace:
[  419.535944][T17407]  <TASK>
[  419.535953][T17407]  dump_stack_lvl+0xe8/0x150
[  419.535979][T17407]  should_fail_ex+0x40c/0x560
[  419.536011][T17407]  _copy_from_user+0x2d/0xb0
[  419.536032][T17407]  generic_map_update_batch+0x651/0x9a0
[  419.536065][T17407]  ? __pfx_generic_map_update_batch+0x10/0x10
[  419.536086][T17407]  ? __fget_files+0x2a/0x420
[  419.536115][T17407]  ? __pfx_generic_map_update_batch+0x10/0x10
[  419.536136][T17407]  bpf_map_do_batch+0x391/0x630
[  419.536156][T17407]  __sys_bpf+0x7c1/0x950
[  419.536181][T17407]  ? __pfx___sys_bpf+0x10/0x10
[  419.536220][T17407]  ? ksys_write+0x242/0x270
[  419.536244][T17407]  ? __pfx_ksys_write+0x10/0x10
[  419.536270][T17407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.536287][T17407]  __x64_sys_bpf+0x7c/0x90
[  419.536307][T17407]  do_syscall_64+0x174/0x580
[  419.536323][T17407]  ? trace_irq_disable+0x3b/0x140
[  419.536343][T17407]  ? clear_bhb_loop+0x40/0x90
[  419.536360][T17407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.536373][T17407] RIP: 0033:0x7fbc80f9ce59
[  419.536387][T17407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  419.536399][T17407] RSP: 002b:00007fbc81ef6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  419.536415][T17407] RAX: ffffffffffffffda RBX: 00007fbc81215fa0 RCX: 00007fbc80f9ce59
[  419.536425][T17407] RDX: 0000000000000038 RSI: 0000200000000900 RDI: 000000000000001a
[  419.536435][T17407] RBP: 00007fbc81ef6090 R08: 0000000000000000 R09: 0000000000000000
[  419.536445][T17407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  419.536456][T17407] R13: 00007fbc81216038 R14: 00007fbc81215fa0 R15: 00007ffd6226a7b8
[  419.536480][T17407]  </TASK>
[  419.553194][ T5635] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  419.786032][T17415] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3285'.
[  419.809899][ T5635] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  419.828810][ T5635] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  419.841072][ T5635] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  419.854900][ T5635] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  420.087058][ T5629] syz_tun (unregistering): left allmulticast mode
[  420.264809][T17431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3288'.
[  420.489123][T17443] netlink: 'syz.4.3290': attribute type 7 has an invalid length.
[  420.518904][T17443] netlink: 'syz.4.3290': attribute type 8 has an invalid length.
[  421.047152][T17411] virt_wifi0 speed is unknown, defaulting to 1000
[  421.887267][T17496] sctp: [Deprecated]: syz.0.3305 (pid 17496) Use of int in maxseg socket option.
[  421.887267][T17496] Use struct sctp_assoc_value instead
[  421.887719][T17411] bridge0: port 1(bridge_slave_0) entered blocking state
[  421.914465][T17411] bridge0: port 1(bridge_slave_0) entered disabled state
[  421.937414][T17411] bridge_slave_0: entered allmulticast mode
[  421.946453][T17411] bridge_slave_0: entered promiscuous mode
[  421.964339][ T5632] Bluetooth: hci3: command tx timeout
[  421.965236][T17411] bridge0: port 2(bridge_slave_1) entered blocking state
[  422.047378][T17411] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.054685][T17411] bridge_slave_1: entered allmulticast mode
[  422.066581][T17411] bridge_slave_1: entered promiscuous mode
[  422.158116][T17411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  422.171340][T17411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  422.185054][T17508] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  422.229530][ T6606] net_ratelimit: 45 callbacks suppressed
[  422.229549][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  422.286742][T17411] team0: Port device team_slave_0 added
[  422.296265][T17411] team0: Port device team_slave_1 added
[  422.396570][T17411] batman_adv: batadv0: Adding interface: batadv_slave_0
[  422.411623][T17411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  422.494545][T17411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  422.507825][T17411] batman_adv: batadv0: Adding interface: batadv_slave_1
[  422.514804][T17411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  422.541040][T17411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  422.565681][T17529] __nla_validate_parse: 8 callbacks suppressed
[  422.565711][T17529] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3313'.
[  422.587032][T17525] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3311'.
[  422.596351][T17525] bridge_slave_0: default FDB implementation only supports local addresses
[  422.685209][T17526] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3313'.
[  422.860169][T17531] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.871688][T17531] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.021205][T17547] FAULT_INJECTION: forcing a failure.
[  423.021205][T17547] name failslab, interval 1, probability 0, space 0, times 0
[  423.049157][T17547] CPU: 1 UID: 0 PID: 17547 Comm: syz.4.3318 Not tainted syzkaller #0 PREEMPT(full) 
[  423.049182][T17547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  423.049192][T17547] Call Trace:
[  423.049199][T17547]  <TASK>
[  423.049208][T17547]  dump_stack_lvl+0xe8/0x150
[  423.049233][T17547]  should_fail_ex+0x40c/0x560
[  423.049265][T17547]  should_failslab+0xa8/0x100
[  423.049285][T17547]  kmem_cache_alloc_node_noprof+0x8f/0x680
[  423.049311][T17547]  ? __alloc_skb+0x1d7/0x7a0
[  423.049336][T17547]  ? __local_bh_enable_ip+0xd0/0x130
[  423.049358][T17547]  __alloc_skb+0x1d7/0x7a0
[  423.049387][T17547]  netlink_ack+0x136/0xb30
[  423.049403][T17547]  ? __pfx_genl_rcv_msg+0x10/0x10
[  423.049439][T17547]  netlink_rcv_skb+0x2a4/0x4a0
[  423.049458][T17547]  ? __pfx_genl_rcv_msg+0x10/0x10
[  423.049482][T17547]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  423.049516][T17547]  ? down_read+0x270/0x2e0
[  423.049536][T17547]  ? genl_rcv+0xd/0x40
[  423.049559][T17547]  genl_rcv+0x28/0x40
[  423.049579][T17547]  netlink_unicast+0x7bb/0x940
[  423.049615][T17547]  netlink_sendmsg+0x813/0xb40
[  423.049643][T17547]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.049664][T17547]  ? aa_sock_msg_perm+0xf1/0x1b0
[  423.049690][T17547]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  423.049709][T17547]  ? __pfx_netlink_sendmsg+0x10/0x10
[  423.049726][T17547]  ____sys_sendmsg+0x9b9/0xa20
[  423.049741][T17547]  ? __might_fault+0xaf/0x130
[  423.049767][T17547]  ? __pfx_____sys_sendmsg+0x10/0x10
[  423.049793][T17547]  ? import_iovec+0x73/0xa0
[  423.049817][T17547]  ___sys_sendmsg+0x2a5/0x360
[  423.049834][T17547]  ? __lock_acquire+0x683/0x2cd0
[  423.049856][T17547]  ? __pfx____sys_sendmsg+0x10/0x10
[  423.049919][T17547]  ? __fget_files+0x2a/0x420
[  423.049941][T17547]  ? __fget_files+0x3a2/0x420
[  423.049970][T17547]  __x64_sys_sendmsg+0x1bd/0x2a0
[  423.049990][T17547]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  423.050014][T17547]  ? __pfx_ksys_write+0x10/0x10
[  423.050044][T17547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.050063][T17547]  do_syscall_64+0x174/0x580
[  423.050083][T17547]  ? trace_irq_disable+0x3b/0x140
[  423.050106][T17547]  ? clear_bhb_loop+0x40/0x90
[  423.050128][T17547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.050146][T17547] RIP: 0033:0x7f52cdf9ce59
[  423.050164][T17547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  423.050179][T17547] RSP: 002b:00007f52ced81028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  423.050198][T17547] RAX: ffffffffffffffda RBX: 00007f52ce216090 RCX: 00007f52cdf9ce59
[  423.050211][T17547] RDX: 0000000020008090 RSI: 0000200000000540 RDI: 0000000000000004
[  423.050223][T17547] RBP: 00007f52ced81090 R08: 0000000000000000 R09: 0000000000000000
[  423.050234][T17547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.050244][T17547] R13: 00007f52ce216128 R14: 00007f52ce216090 R15: 00007ffdeae660b8
[  423.050275][T17547]  </TASK>
[  423.055020][T17531] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.082802][T17545] smbdirect: ib_dev[syz1] removed
[  423.211453][T17531] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  423.517074][T17553] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3319'.
[  423.526650][T17553] netlink: 'syz.4.3319': attribute type 7 has an invalid length.
[  423.541890][T17553] netlink: 'syz.4.3319': attribute type 8 has an invalid length.
[  423.550508][T17553] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3319'.
[  423.624773][T17524] syzkaller1: entered promiscuous mode
[  423.630506][T17524] syzkaller1: entered allmulticast mode
[  423.667918][T17411] hsr_slave_0: entered promiscuous mode
[  423.675130][T17411] hsr_slave_1: entered promiscuous mode
[  423.682644][T17411] debugfs: 'hsr0' already exists in 'hsr'
[  423.688537][T17411] Cannot create hsr debugfs directory
[  423.765037][  T179] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.792464][  T179] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.802692][  T179] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.829219][  T179] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  423.980815][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  423.995575][T17563] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3322'.
[  424.040017][ T5632] Bluetooth: hci3: command tx timeout
[  424.062275][T17565] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3323'.
[  424.091612][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  424.119707][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  424.259781][T17571] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3325'.
[  424.279790][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  424.309769][  T179] bond0: (slave geneve2): failed to get link speed/duplex
[  424.369497][ T7699] IPVS: starting estimator thread 0...
[  424.399743][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  424.449550][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  424.509331][T17586] xt_hashlimit: size too large, truncated to 1048576
[  424.520614][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  424.645161][T17578] IPVS: using max 39 ests per chain, 93600 per kthread
[  424.660322][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  424.972849][T17604] tipc: Started in network mode
[  424.978014][T17604] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  424.989071][T17604] tipc: New replicast peer: fc01:0000:0000:0000:0000:0000:0000:0000
[  424.998717][T17604] tipc: Enabled bearer <udp:syz0>, priority 10
[  425.031978][T17604] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  425.447949][T17618] netlink: 2736 bytes leftover after parsing attributes in process `syz.4.3340'.
[  425.461179][T17411] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  425.489150][T17411] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  425.498164][T17411] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  425.509317][T17411] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  425.539521][T17411] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  425.563651][T17411] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  425.610671][T17627] debugfs: '1��^!�Y������
[  425.610671][T17627] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  425.673202][T17411] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  425.685901][T17411] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  426.051183][T17411] 8021q: adding VLAN 0 to HW filter on device bond0
[  426.100091][T17411] 8021q: adding VLAN 0 to HW filter on device team0
[  426.119692][ T5632] Bluetooth: hci3: command tx timeout
[  426.161402][ T7689] tipc: Node number set to 1
[  426.175942][  T179] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.183173][  T179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  426.508381][T17654] FAULT_INJECTION: forcing a failure.
[  426.508381][T17654] name failslab, interval 1, probability 0, space 0, times 0
[  426.522724][T17654] CPU: 0 UID: 0 PID: 17654 Comm: syz.3.3349 Not tainted syzkaller #0 PREEMPT(full) 
[  426.522753][T17654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  426.522764][T17654] Call Trace:
[  426.522772][T17654]  <TASK>
[  426.522780][T17654]  dump_stack_lvl+0xe8/0x150
[  426.522806][T17654]  should_fail_ex+0x40c/0x560
[  426.522840][T17654]  should_failslab+0xa8/0x100
[  426.522863][T17654]  __kmalloc_cache_noprof+0x88/0x660
[  426.522889][T17654]  ? __sctp_v6_cmp_addr+0x1dd/0x4f0
[  426.522909][T17654]  ? sctp_add_bind_addr+0x8c/0x370
[  426.522941][T17654]  sctp_add_bind_addr+0x8c/0x370
[  426.522972][T17654]  sctp_copy_local_addr_list+0x31a/0x4e0
[  426.523003][T17654]  ? sctp_copy_local_addr_list+0xa3/0x4e0
[  426.523032][T17654]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  426.523062][T17654]  ? sctp_v6_is_any+0x64/0x80
[  426.523083][T17654]  ? sctp_copy_one_addr+0x93/0x360
[  426.523113][T17654]  sctp_bind_addr_copy+0xb3/0x3c0
[  426.523142][T17654]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  426.523172][T17654]  sctp_connect_new_asoc+0x2ff/0x6b0
[  426.523197][T17654]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  426.523227][T17654]  ? __local_bh_enable_ip+0xd0/0x130
[  426.523245][T17654]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  426.523269][T17654]  ? security_sctp_bind_connect+0x7e/0x2c0
[  426.523296][T17654]  sctp_sendmsg+0x159b/0x2d00
[  426.523333][T17654]  ? __pfx_sctp_sendmsg+0x10/0x10
[  426.523359][T17654]  ? aa_sk_perm+0x6d5/0x900
[  426.523391][T17654]  ? __pfx_aa_sk_perm+0x10/0x10
[  426.523419][T17654]  ? sock_rps_record_flow+0x19/0x350
[  426.523453][T17654]  ? inet_sendmsg+0x298/0x320
[  426.523477][T17654]  ? __pfx_inet_sendmsg+0x10/0x10
[  426.523504][T17654]  ____sys_sendmsg+0x853/0xa20
[  426.523531][T17654]  ? __pfx_____sys_sendmsg+0x10/0x10
[  426.523559][T17654]  ? import_iovec+0x73/0xa0
[  426.523584][T17654]  ___sys_sendmsg+0x2a5/0x360
[  426.523601][T17654]  ? __lock_acquire+0x683/0x2cd0
[  426.523626][T17654]  ? __pfx____sys_sendmsg+0x10/0x10
[  426.523649][T17654]  ? kstrtouint+0x6e/0xe0
[  426.523700][T17654]  ? __fget_files+0x2a/0x420
[  426.523722][T17654]  ? __fget_files+0x3a2/0x420
[  426.523755][T17654]  __sys_sendmmsg+0x27c/0x4e0
[  426.523781][T17654]  ? __pfx___sys_sendmmsg+0x10/0x10
[  426.523799][T17654]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  426.523852][T17654]  ? rcu_is_watching+0x15/0xb0
[  426.523882][T17654]  __x64_sys_sendmmsg+0xa0/0xc0
[  426.523903][T17654]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.523923][T17654]  do_syscall_64+0x174/0x580
[  426.523943][T17654]  ? trace_irq_disable+0x3b/0x140
[  426.523969][T17654]  ? clear_bhb_loop+0x40/0x90
[  426.523992][T17654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.524012][T17654] RIP: 0033:0x7f99d7d9ce59
[  426.524030][T17654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  426.524046][T17654] RSP: 002b:00007f99d8ce3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  426.524067][T17654] RAX: ffffffffffffffda RBX: 00007f99d8015fa0 RCX: 00007f99d7d9ce59
[  426.524081][T17654] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003
[  426.524094][T17654] RBP: 00007f99d8ce3090 R08: 0000000000000000 R09: 0000000000000000
[  426.524106][T17654] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002
[  426.524118][T17654] R13: 00007f99d8016038 R14: 00007f99d8015fa0 R15: 00007ffd953ed348
[  426.524151][T17654]  </TASK>
[  426.954887][T17656] netlink: 'syz.3.3350': attribute type 1 has an invalid length.
[  428.207580][ T5632] Bluetooth: hci3: command tx timeout
[  429.427640][T17656] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  429.452779][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.468367][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.580875][  T179] net_ratelimit: 15 callbacks suppressed
[  429.580923][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  429.669843][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  429.769981][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  429.827249][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  429.909744][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  429.971019][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  430.029599][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  430.099588][  T179] bond0: (slave geneve2): failed to get link speed/duplex
[  430.161526][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  430.264200][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  430.582038][T17696] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3361'.
[  430.796225][T17704] IPVS: length: 164 != 24
[  431.024341][T17708] debugfs: '1��^!�Y������
[  431.024341][T17708] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  432.325436][T17728] netlink: 'syz.3.3369': attribute type 3 has an invalid length.
[  433.107867][T17743] netlink: 'syz.0.3373': attribute type 1 has an invalid length.
[  433.127777][T17743] netlink: 'syz.0.3373': attribute type 2 has an invalid length.
[  433.137441][T17743] netlink: 'syz.0.3373': attribute type 3 has an invalid length.
[  435.346511][T17411] 8021q: adding VLAN 0 to HW filter on device batadv0
[  435.430139][   T62] net_ratelimit: 13 callbacks suppressed
[  435.430158][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  435.534161][T17411] veth0_vlan: entered promiscuous mode
[  435.595133][T17411] veth1_vlan: entered promiscuous mode
[  435.659714][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  435.705336][T17411] veth0_macvtap: entered promiscuous mode
[  435.731238][T17756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3376'.
[  435.747597][T17411] veth1_macvtap: entered promiscuous mode
[  435.769927][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  435.827114][T17411] batman_adv: batadv0: Interface activated: batadv_slave_0
[  435.870911][  T179] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  435.903001][T17411] batman_adv: batadv0: Interface activated: batadv_slave_1
[  435.942905][ T6606] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  435.974386][ T6606] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  436.023175][ T6606] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  436.040577][ T6606] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  436.154687][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  436.231503][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  436.369787][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  436.401269][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  436.411257][T17776] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3384'.
[  436.431507][T17776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3384'.
[  436.464436][ T3339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.474918][ T3339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.510549][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  436.622129][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  436.633510][T17786] FAULT_INJECTION: forcing a failure.
[  436.633510][T17786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  436.650958][T17786] CPU: 0 UID: 0 PID: 17786 Comm: syz.0.3387 Not tainted syzkaller #0 PREEMPT(full) 
[  436.650985][T17786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  436.650996][T17786] Call Trace:
[  436.651004][T17786]  <TASK>
[  436.651012][T17786]  dump_stack_lvl+0xe8/0x150
[  436.651038][T17786]  should_fail_ex+0x40c/0x560
[  436.651071][T17786]  _copy_from_user+0x2d/0xb0
[  436.651092][T17786]  do_tcp_getsockopt+0x221/0x2980
[  436.651118][T17786]  ? 0xffffffff81000000
[  436.651139][T17786]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  436.651160][T17786]  ? sock_recv_errqueue+0x5b0/0x5e0
[  436.651185][T17786]  ? aa_file_perm+0x18b/0x15f0
[  436.651207][T17786]  ? aa_label_sk_perm+0x532/0x6e0
[  436.651239][T17786]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  436.651266][T17786]  ? _parse_integer_limit+0x1ae/0x1f0
[  436.651298][T17786]  ? __lock_acquire+0x683/0x2cd0
[  436.651319][T17786]  ? kstrtouint+0x6e/0xe0
[  436.651361][T17786]  ? __might_fault+0xaf/0x130
[  436.651386][T17786]  ? __might_fault+0xaf/0x130
[  436.651413][T17786]  ? 0xffffffff81000000
[  436.651427][T17786]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  436.651452][T17786]  tcp_getsockopt+0x83/0x130
[  436.651474][T17786]  ? sock_recv_errqueue+0x5b0/0x5e0
[  436.651497][T17786]  ? sock_recv_errqueue+0x5b0/0x5e0
[  436.651521][T17786]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  436.651545][T17786]  do_sock_getsockopt+0x51d/0x7e0
[  436.651566][T17786]  ? 0xffffffff81000000
[  436.651583][T17786]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  436.651618][T17786]  ? __fget_files+0x3a2/0x420
[  436.651639][T17786]  ? __fget_files+0x2a/0x420
[  436.651674][T17786]  __x64_sys_getsockopt+0x1a4/0x240
[  436.651694][T17786]  ? 0xffffffff81000000
[  436.651712][T17786]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.651731][T17786]  do_syscall_64+0x174/0x580
[  436.651752][T17786]  ? trace_irq_disable+0x3b/0x140
[  436.651777][T17786]  ? clear_bhb_loop+0x40/0x90
[  436.651800][T17786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.651817][T17786] RIP: 0033:0x7f6609f9ce59
[  436.651834][T17786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  436.651849][T17786] RSP: 002b:00007f660adcf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  436.651869][T17786] RAX: ffffffffffffffda RBX: 00007f660a215fa0 RCX: 00007f6609f9ce59
[  436.651882][T17786] RDX: 000000000000001d RSI: 0000000000000006 RDI: 0000000000000003
[  436.651893][T17786] RBP: 00007f660adcf090 R08: 0000200000001d80 R09: 0000000000000000
[  436.651905][T17786] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000001
[  436.651917][T17786] R13: 00007f660a216038 R14: 00007f660a215fa0 R15: 00007ffdd58f29b8
[  436.651935][T17786]  ? 0xffffffff81000000
[  436.651961][T17786]  </TASK>
[  436.670213][ T3339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.967335][ T3339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.149964][T17795] batman_adv: batadv0: Adding interface: dummy0
[  437.156297][T17795] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  437.195218][T17797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3280'.
[  437.215252][T17797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3280'.
[  437.236664][T17797] netlink: 'syz.1.3280': attribute type 3 has an invalid length.
[  437.259707][T17795] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  437.579049][T17812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3391'.
[  437.588422][T17813] netlink: 'syz.4.3397': attribute type 11 has an invalid length.
[  437.701946][T17818] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3396'.
[  437.923448][T17827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3403'.
[  437.933563][T17827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3403'.
[  437.947066][T17827] netlink: 'syz.3.3403': attribute type 3 has an invalid length.
[  438.106761][T17828] C: renamed from veth1_to_team (while UP)
[  438.119044][T17828] netlink: 'syz.1.3402': attribute type 2 has an invalid length.
[  438.126837][T17828] netlink: 116 bytes leftover after parsing attributes in process `syz.1.3402'.
[  438.387640][T17842] ipt_REJECT: TCP_RESET invalid for non-tcp
[  438.423489][T17842] syzkaller1: tun_chr_ioctl cmd 1074025677
[  438.443205][T17842] syzkaller1: Linktype set failed because interface is up
[  438.543147][T17848] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  438.697867][T17857] netlink: 'syz.1.3414': attribute type 3 has an invalid length.
[  438.995068][T17848] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.002836][T17848] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.132490][T17848] batman_adv: batadv0: Interface deactivated: dummy0
[  439.133583][T17818] syz.2.3396 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  439.150654][T17818] CPU: 1 UID: 0 PID: 17818 Comm: syz.2.3396 Not tainted syzkaller #0 PREEMPT(full) 
[  439.150684][T17818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  439.150698][T17818] Call Trace:
[  439.150708][T17818]  <TASK>
[  439.150717][T17818]  dump_stack_lvl+0xe8/0x150
[  439.150747][T17818]  dump_header+0xd3/0x4b0
[  439.150783][T17818]  oom_kill_process+0x3ab/0x970
[  439.150816][T17818]  out_of_memory+0x1064/0x1480
[  439.150842][T17818]  ? try_charge_memcg+0xbca/0x1590
[  439.150886][T17818]  ? __pfx_out_of_memory+0x10/0x10
[  439.150911][T17818]  ? do_raw_spin_unlock+0xf5/0x210
[  439.150962][T17818]  try_charge_memcg+0xc74/0x1590
[  439.150995][T17818]  ? __lock_acquire+0x683/0x2cd0
[  439.151029][T17818]  ? __pfx_try_charge_memcg+0x10/0x10
[  439.151079][T17818]  ? charge_memcg+0x20/0x2b0
[  439.151112][T17818]  charge_memcg+0x19c/0x2b0
[  439.151142][T17818]  ? mem_cgroup_swapin_charge_folio+0x33/0x390
[  439.151171][T17818]  mem_cgroup_swapin_charge_folio+0x262/0x390
[  439.151205][T17818]  __swap_cache_prepare_and_add+0xdd/0x700
[  439.151237][T17818]  ? page_rmappable_folio+0x9a/0x170
[  439.151266][T17818]  swap_cache_alloc_folio+0xf1/0x240
[  439.151295][T17818]  swap_cluster_readahead+0x355/0x670
[  439.151324][T17818]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  439.151360][T17818]  ? get_vma_policy+0x27b/0x3c0
[  439.151392][T17818]  swapin_readahead+0x196/0xc50
[  439.151416][T17818]  ? __lock_acquire+0x683/0x2cd0
[  439.151439][T17818]  ? swap_table_get+0x1e/0x260
[  439.151468][T17818]  ? __pfx_swapin_readahead+0x10/0x10
[  439.151496][T17818]  ? swap_table_get+0x1e/0x260
[  439.151518][T17818]  ? swap_table_get+0x1e/0x260
[  439.151538][T17818]  ? swap_table_get+0x1e/0x260
[  439.151562][T17818]  ? swap_table_get+0x216/0x260
[  439.151586][T17818]  ? swap_cache_get_folio+0x2ea/0x2f0
[  439.151618][T17818]  do_swap_page+0x545/0x5340
[  439.151647][T17818]  ? __pte_offset_map+0x29/0x240
[  439.151687][T17818]  ? do_swap_page+0x128/0x5340
[  439.151711][T17818]  ? __pfx_do_swap_page+0x10/0x10
[  439.151733][T17818]  ? __pte_offset_map+0x1ae/0x240
[  439.151762][T17818]  ? pte_offset_map_rw_nolock+0xea/0x160
[  439.151791][T17818]  handle_mm_fault+0x124e/0x3080
[  439.151832][T17818]  ? handle_mm_fault+0xec/0x3080
[  439.151866][T17818]  ? __pfx_handle_mm_fault+0x10/0x10
[  439.151889][T17818]  ? lock_vma_under_rcu+0x45a/0x500
[  439.151952][T17818]  do_user_addr_fault+0xa4d/0x1340
[  439.151985][T17818]  ? trace_page_fault_user+0x84/0x1e0
[  439.152011][T17818]  exc_page_fault+0x6a/0xc0
[  439.152035][T17818]  asm_exc_page_fault+0x26/0x30
[  439.152054][T17818] RIP: 0033:0x7fbc80f9ce6b
[  439.152073][T17818] Code: 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 <64> 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41
[  439.152089][T17818] RSP: 002b:00007fbc81ed5028 EFLAGS: 00010217
[  439.152106][T17818] RAX: 000000000000000c RBX: 00007fbc81216090 RCX: ffffffffffffffe8
[  439.152120][T17818] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 0000000000000000
[  439.152131][T17818] RBP: 00007fbc81032d6f R08: 0000000000000000 R09: 0000000000000000
[  439.152142][T17818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  439.152152][T17818] R13: 00007fbc81216128 R14: 00007fbc81216090 R15: 00007ffd6226a7b8
[  439.152181][T17818]  </TASK>
[  439.152188][T17818] memory: usage 307200kB, limit 307200kB, failcnt 543
[  439.183297][ T7692] syzkaller1: tun_net_xmit 90
[  439.308525][T17818] memory+swap: usage 307452kB, limit 9007199254740988kB, failcnt 0
[  439.530335][T17818] kmem: usage 307084kB, limit 9007199254740988kB, failcnt 0
[  439.567875][T17818] Memory cgroup stats for /syz2:
[  439.568114][T17818] cache 0
[  439.589670][T17818] rss 0
[  439.595796][T17818] rss_huge 0
[  439.637364][T17818] shmem 0
[  439.640358][T17818] mapped_file 0
[  439.643843][T17818] dirty 0
[  439.646802][T17818] writeback 0
[  439.650104][T17818] workingset_refault_anon 2
[  439.654622][T17818] workingset_refault_file 0
[  439.669706][T17862] netlink: 'syz.0.3416': attribute type 1 has an invalid length.
[  439.699673][T17818] swap 258048
[  439.703152][T17818] swapcached 344064
[  439.706985][T17818] pgpgin 89187
[  439.714280][T17818] pgpgout 89168
[  439.727729][T17818] pgfault 166384
[  439.739541][T17818] pgmajfault 4
[  439.749635][T17818] inactive_anon 0
[  439.753340][T17818] active_anon 77824
[  439.767537][T17818] inactive_file 0
[  439.771981][T17818] active_file 0
[  439.781593][T17818] unevictable 0
[  439.794737][T17818] hierarchical_memory_limit 314572800
[  439.806700][T17818] hierarchical_memsw_limit 9223372036854771712
[  439.821773][T17818] total_cache 0
[  439.829924][T17818] total_rss 0
[  439.845519][T17818] total_rss_huge 0
[  439.859540][T17818] total_shmem 0
[  439.863279][T17818] total_mapped_file 0
[  439.875515][T17818] total_dirty 0
[  439.883349][T17818] total_writeback 0
[  439.902975][T17818] total_workingset_refault_anon 2
[  439.914582][T17818] total_workingset_refault_file 0
[  439.929610][T17818] total_swap 258048
[  439.933843][T17818] total_swapcached 344064
[  439.944278][T17818] total_pgpgin 89187
[  439.980245][T17818] total_pgpgout 89168
[  439.992632][T17818] total_pgfault 166384
[  440.004222][T17818] total_pgmajfault 4
[  440.015102][T17818] total_inactive_anon 0
[  440.029675][T17818] total_active_anon 77824
[  440.034220][T17818] total_inactive_file 0
[  440.044401][T17818] total_active_file 0
[  440.050146][T17818] total_unevictable 0
[  440.059997][T17818] anon_cost 0
[  440.070794][T17818] file_cost 0
[  440.077315][T17818] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.3396,pid=17808,uid=0
[  440.114892][T17818] Memory cgroup out of memory: Killed process 17808 (syz.2.3396) total-vm:106660kB, anon-rss:1248kB, file-rss:27340kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  440.211568][T17848] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  440.263265][T17848] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.007464][T17862] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  441.035038][   T62] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.052309][   T62] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.061288][   T62] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.084474][T17866] macsec1: entered promiscuous mode
[  441.179646][ T6603] net_ratelimit: 28 callbacks suppressed
[  441.179666][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  441.193429][   T62] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.202704][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  441.309627][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  441.318527][T17877] netlink: 'syz.2.3420': attribute type 1 has an invalid length.
[  441.538216][T17880] bond2: (slave gretap1): making interface the new active one
[  441.547506][T17880] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  441.637936][T17882] bond2: (slave bridge1): Enslaving as an active interface with a down link
[  441.690294][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  441.709515][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  441.780546][T17898] __nla_validate_parse: 6 callbacks suppressed
[  441.781202][T17898] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3425'.
[  441.797881][T17898] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3425'.
[  441.810473][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  441.822579][T17898] netlink: 'syz.3.3425': attribute type 3 has an invalid length.
[  441.912406][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  441.929848][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  442.069514][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  442.126939][T17909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  442.139821][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  442.336264][T17917] hmac(sha224): entered promiscuous mode
[  442.393276][T17922] netlink: 'syz.3.3436': attribute type 4 has an invalid length.
[  442.404778][T17922] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3436'.
[  442.427040][T17922] 8021q: adding VLAN 0 to HW filter on device bond0
[  442.435588][T17919] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3431'.
[  442.485834][T17926] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3437'.
[  442.583277][T17933] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3439'.
[  442.744061][T17933] nbd11: detected capacity change from 0 to 2
[  442.967096][T17933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3439'.
[  443.034302][T17953] xt_bpf: check failed: parse error
[  443.098347][ T5632] block nbd11: Receive control failed (result -104)
[  444.663657][T18002] block nbd12: server does not support multiple connections per device.
[  444.685806][T18002] block nbd12: shutting down sockets
[  444.764020][T18024] FAULT_INJECTION: forcing a failure.
[  444.764020][T18024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  444.784461][T18024] CPU: 0 UID: 0 PID: 18024 Comm: syz.3.3471 Not tainted syzkaller #0 PREEMPT(full) 
[  444.784486][T18024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  444.784496][T18024] Call Trace:
[  444.784503][T18024]  <TASK>
[  444.784510][T18024]  dump_stack_lvl+0xe8/0x150
[  444.784536][T18024]  should_fail_ex+0x40c/0x560
[  444.784566][T18024]  _copy_from_user+0x2d/0xb0
[  444.784587][T18024]  bpf_prog_test_run_skb+0x17c2/0x2230
[  444.784632][T18024]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  444.784652][T18024]  bpf_prog_test_run+0x2c5/0x340
[  444.784673][T18024]  __sys_bpf+0x643/0x950
[  444.784697][T18024]  ? __pfx___sys_bpf+0x10/0x10
[  444.784735][T18024]  ? ksys_write+0x242/0x270
[  444.784772][T18024]  ? __pfx_ksys_write+0x10/0x10
[  444.784798][T18024]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.784816][T18024]  __x64_sys_bpf+0x7c/0x90
[  444.784839][T18024]  do_syscall_64+0x174/0x580
[  444.784858][T18024]  ? trace_irq_disable+0x3b/0x140
[  444.784882][T18024]  ? clear_bhb_loop+0x40/0x90
[  444.784902][T18024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.784919][T18024] RIP: 0033:0x7f99d7d9ce59
[  444.784935][T18024] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  444.784948][T18024] RSP: 002b:00007f99d8ce3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  444.784967][T18024] RAX: ffffffffffffffda RBX: 00007f99d8015fa0 RCX: 00007f99d7d9ce59
[  444.784981][T18024] RDX: 0000000000000050 RSI: 0000200000001a00 RDI: 000000000000000a
[  444.784991][T18024] RBP: 00007f99d8ce3090 R08: 0000000000000000 R09: 0000000000000000
[  444.785003][T18024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  444.785014][T18024] R13: 00007f99d8016038 R14: 00007f99d8015fa0 R15: 00007ffd953ed348
[  444.785043][T18024]  </TASK>
[  445.055869][T18029] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3475'.
[  445.089278][T18032] xfrm0: entered allmulticast mode
[  445.119040][T18029] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3475'.
[  445.130799][T18027] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3470'.
[  445.277781][T18038] netlink: 'syz.0.3477': attribute type 3 has an invalid length.
[  445.361460][T18022] netlink: 'syz.2.3470': attribute type 1 has an invalid length.
[  445.840424][T18070] netlink: 'syz.4.3489': attribute type 3 has an invalid length.
[  446.126059][T18082] syzkaller0: entered allmulticast mode
[  446.389886][   T62] net_ratelimit: 41 callbacks suppressed
[  446.389931][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  446.419806][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  446.512436][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  446.529993][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  446.567333][T18109] netlink: 'syz.2.3501': attribute type 3 has an invalid length.
[  446.631102][ T3339] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  446.659721][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  446.681790][ T1692] block nbd4: Possible stuck request ffff888027645080: control (read@0,1024B). Runtime 330 seconds
[  446.694364][ T1692] block nbd4: Possible stuck request ffff888027645240: control (read@1024,1024B). Runtime 330 seconds
[  446.707270][ T1692] block nbd4: Possible stuck request ffff888027645400: control (read@2048,1024B). Runtime 330 seconds
[  446.718301][ T1692] block nbd4: Possible stuck request ffff8880276455c0: control (read@3072,1024B). Runtime 330 seconds
[  446.749537][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  446.770366][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  446.822643][T18118] __nla_validate_parse: 14 callbacks suppressed
[  446.822664][T18118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3505'.
[  446.840722][T18118] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3505'.
[  446.889564][ T3339] bond0: (slave geneve2): failed to get link speed/duplex
[  446.942555][T18127] syz_tun: entered allmulticast mode
[  446.970731][T18131] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  446.983205][T18130] IPVS: set_ctl: invalid protocol: 2 224.0.0.1:20002
[  446.995241][T18132] sctp: [Deprecated]: syz.0.3507 (pid 18132) Use of int in max_burst socket option.
[  446.995241][T18132] Use struct sctp_assoc_value instead
[  447.055722][T18125] syz_tun: left allmulticast mode
[  447.147789][T18137] pimreg: entered allmulticast mode
[  447.166348][T18135] xt_CT: You must specify a L4 protocol and not use inversions on it
[  447.354059][T18148] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3517'.
[  447.406365][T18144] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3517'.
[  447.609420][T18161] xt_hashlimit: size too large, truncated to 1048576
[  447.724368][T18169] netlink: 'syz.2.3525': attribute type 6 has an invalid length.
[  447.733156][T18165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3526'.
[  448.283988][  T997] IPVS: starting estimator thread 0...
[  448.290020][T18193] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20001
[  448.380073][T18202] IPVS: using max 31 ests per chain, 74400 per kthread
[  448.412171][T18205] 8021q: adding VLAN 0 to HW filter on device batadv0
[  448.530617][T18206] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3537'.
[  448.541890][T18205] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  448.703815][T18215] netlink: 'syz.0.3543': attribute type 32 has an invalid length.
[  448.803959][T18216] netlink: 'syz.1.3542': attribute type 10 has an invalid length.
[  448.812287][T18216] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3542'.
[  448.823425][T18216] team0: Device geneve1 is up. Set it down before adding it as a team port
[  449.388286][T18239] syzkaller1: entered promiscuous mode
[  449.393900][T18239] syzkaller1: entered allmulticast mode
[  449.508465][T18241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3555'.
[  449.520580][T18241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3555'.
[  449.534915][T18239] Bluetooth: MGMT ver 1.23
[  449.541266][T18241] netlink: 'syz.1.3555': attribute type 3 has an invalid length.
[  449.863921][T18254] bridge_slave_0: left allmulticast mode
[  449.945289][T18254] bridge_slave_0: left promiscuous mode
[  449.976569][T18254] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.031474][T18254] bridge_slave_1: left allmulticast mode
[  450.037832][T18254] bridge_slave_1: left promiscuous mode
[  450.066986][T18254] bridge0: port 2(bridge_slave_1) entered disabled state
[  450.335338][T18254] bond0: (slave bond_slave_0): Releasing backup interface
[  450.380386][T18254] bond0: (slave bond_slave_1): Releasing backup interface
[  450.423457][T18254] team0: Port device team_slave_0 removed
[  450.465001][T18254] team0: Port device team_slave_1 removed
[  450.490305][T18254] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  450.579634][T18254] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.589728][T18254] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  450.597154][T18254] batman_adv: batadv0: Removing interface: batadv_slave_1
[  451.163107][T18301] debugfs: '1��^!�Y������
[  451.163107][T18301] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  451.417285][T18312] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3574'.
[  451.441703][T18317] FAULT_INJECTION: forcing a failure.
[  451.441703][T18317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  451.458782][T18317] CPU: 0 UID: 0 PID: 18317 Comm: syz.2.3571 Not tainted syzkaller #0 PREEMPT(full) 
[  451.458806][T18317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  451.458816][T18317] Call Trace:
[  451.458823][T18317]  <TASK>
[  451.458830][T18317]  dump_stack_lvl+0xe8/0x150
[  451.458854][T18317]  should_fail_ex+0x40c/0x560
[  451.458887][T18317]  _copy_from_user+0x2d/0xb0
[  451.458908][T18317]  ___sys_sendmsg+0x1c6/0x360
[  451.458926][T18317]  ? __lock_acquire+0x683/0x2cd0
[  451.458948][T18317]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.458993][T18317]  ? __fget_files+0x2a/0x420
[  451.459014][T18317]  ? __fget_files+0x3a2/0x420
[  451.459044][T18317]  __x64_sys_sendmsg+0x1bd/0x2a0
[  451.459066][T18317]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  451.459095][T18317]  ? __pfx_ksys_write+0x10/0x10
[  451.459128][T18317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.459147][T18317]  do_syscall_64+0x174/0x580
[  451.459167][T18317]  ? trace_irq_disable+0x3b/0x140
[  451.459199][T18317]  ? clear_bhb_loop+0x40/0x90
[  451.459221][T18317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.459239][T18317] RIP: 0033:0x7fbc80f9ce59
[  451.459256][T18317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  451.459271][T18317] RSP: 002b:00007fbc81ef6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.459290][T18317] RAX: ffffffffffffffda RBX: 00007fbc81215fa0 RCX: 00007fbc80f9ce59
[  451.459304][T18317] RDX: 0000000004004000 RSI: 0000200000007800 RDI: 0000000000000003
[  451.459316][T18317] RBP: 00007fbc81ef6090 R08: 0000000000000000 R09: 0000000000000000
[  451.459328][T18317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.459338][T18317] R13: 00007fbc81216038 R14: 00007fbc81215fa0 R15: 00007ffd6226a7b8
[  451.459368][T18317]  </TASK>
[  451.655984][ T6606] net_ratelimit: 46 callbacks suppressed
[  451.656003][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  451.676675][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  451.861087][T18326] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  451.867614][T18326] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  452.047613][T18333] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3577'.
[  452.058941][T18333] netlink: 'syz.2.3577': attribute type 7 has an invalid length.
[  452.066709][T18333] netlink: 'syz.2.3577': attribute type 8 has an invalid length.
[  452.079683][T18333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3577'.
[  454.948899][T18320] tipc: Enabled bearer <eth:ipvlan0>, priority 0
[  454.992109][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  455.014048][T18344] batadv_slave_1: entered promiscuous mode
[  455.034104][T18344] batadv_slave_1: left promiscuous mode
[  455.059489][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  455.121036][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  455.199796][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  455.274434][T18349] ip6tnl1: entered allmulticast mode
[  455.310016][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  455.339992][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  455.576302][T18367] FAULT_INJECTION: forcing a failure.
[  455.576302][T18367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  455.606946][T18369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3584'.
[  455.617495][T18367] CPU: 1 UID: 0 PID: 18367 Comm: syz.0.3588 Not tainted syzkaller #0 PREEMPT(full) 
[  455.617520][T18367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  455.617530][T18367] Call Trace:
[  455.617538][T18367]  <TASK>
[  455.617546][T18367]  dump_stack_lvl+0xe8/0x150
[  455.617571][T18367]  should_fail_ex+0x40c/0x560
[  455.617601][T18367]  _copy_from_user+0x2d/0xb0
[  455.617623][T18367]  copy_from_sockptr_offset+0x66/0xa0
[  455.617648][T18367]  do_tcp_getsockopt+0xe6a/0x2980
[  455.617671][T18367]  ? 0xffffffff81000000
[  455.617690][T18367]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  455.617710][T18367]  ? sock_recv_errqueue+0x5b0/0x5e0
[  455.617735][T18367]  ? aa_file_perm+0x18b/0x15f0
[  455.617755][T18367]  ? aa_label_sk_perm+0x532/0x6e0
[  455.617787][T18367]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  455.617813][T18367]  ? _parse_integer_limit+0x1ae/0x1f0
[  455.617842][T18367]  ? __lock_acquire+0x683/0x2cd0
[  455.617863][T18367]  ? kstrtouint+0x6e/0xe0
[  455.617913][T18367]  ? __might_fault+0xaf/0x130
[  455.617936][T18367]  ? __might_fault+0xaf/0x130
[  455.617961][T18367]  ? 0xffffffff81000000
[  455.617975][T18367]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  455.617999][T18367]  tcp_getsockopt+0x83/0x130
[  455.618020][T18367]  ? sock_recv_errqueue+0x5b0/0x5e0
[  455.618043][T18367]  ? sock_recv_errqueue+0x5b0/0x5e0
[  455.618066][T18367]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  455.618090][T18367]  do_sock_getsockopt+0x51d/0x7e0
[  455.618111][T18367]  ? 0xffffffff81000000
[  455.618128][T18367]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  455.618158][T18367]  ? __fget_files+0x3a2/0x420
[  455.618177][T18367]  ? __fget_files+0x2a/0x420
[  455.618202][T18367]  __x64_sys_getsockopt+0x1a4/0x240
[  455.618222][T18367]  ? 0xffffffff81000000
[  455.618240][T18367]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.618261][T18367]  do_syscall_64+0x174/0x580
[  455.618284][T18367]  ? clear_bhb_loop+0x40/0x90
[  455.618305][T18367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.618322][T18367] RIP: 0033:0x7f6609f9ce59
[  455.618338][T18367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  455.618353][T18367] RSP: 002b:00007f660adcf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  455.618373][T18367] RAX: ffffffffffffffda RBX: 00007f660a215fa0 RCX: 00007f6609f9ce59
[  455.618386][T18367] RDX: 000000000000001d RSI: 0000000000000006 RDI: 0000000000000003
[  455.618396][T18367] RBP: 00007f660adcf090 R08: 0000200000001d80 R09: 0000000000000000
[  455.618407][T18367] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000001
[  455.618418][T18367] R13: 00007f660a216038 R14: 00007f660a215fa0 R15: 00007ffdd58f29b8
[  455.618435][T18367]  ? 0xffffffff81000000
[  455.618460][T18367]  </TASK>
[  455.665325][T18376] bond0: entered promiscuous mode
[  455.934457][T18377] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3590'.
[  455.938965][T18377] netlink: 91 bytes leftover after parsing attributes in process `syz.4.3590'.
[  455.991370][T18376] bond_slave_0: entered promiscuous mode
[  456.005660][T18376] bond_slave_1: entered promiscuous mode
[  456.013609][T18376] batadv_slave_0: entered promiscuous mode
[  456.019633][T18376] batadv_slave_0: left promiscuous mode
[  456.029249][T18376] bond0: left promiscuous mode
[  456.059917][T18376] bond_slave_0: left promiscuous mode
[  456.065556][T18376] bond_slave_1: left promiscuous mode
[  456.174557][T18379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3591'.
[  456.192878][T18379] netlink: 'syz.3.3591': attribute type 7 has an invalid length.
[  456.200784][T18379] netlink: 'syz.3.3591': attribute type 8 has an invalid length.
[  456.222722][T18379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3591'.
[  456.391412][T18397] FAULT_INJECTION: forcing a failure.
[  456.391412][T18397] name failslab, interval 1, probability 0, space 0, times 0
[  456.407903][T18397] CPU: 1 UID: 0 PID: 18397 Comm: syz.0.3596 Not tainted syzkaller #0 PREEMPT(full) 
[  456.407935][T18397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  456.407946][T18397] Call Trace:
[  456.407953][T18397]  <TASK>
[  456.407960][T18397]  dump_stack_lvl+0xe8/0x150
[  456.407987][T18397]  should_fail_ex+0x40c/0x560
[  456.408014][T18397]  should_failslab+0xa8/0x100
[  456.408033][T18397]  __kmalloc_cache_noprof+0x88/0x660
[  456.408058][T18397]  ? sctp_copy_local_addr_list+0xa3/0x4e0
[  456.408084][T18397]  ? sctp_add_bind_addr+0x8c/0x370
[  456.408115][T18397]  sctp_add_bind_addr+0x8c/0x370
[  456.408144][T18397]  sctp_copy_local_addr_list+0x31a/0x4e0
[  456.408172][T18397]  ? sctp_copy_local_addr_list+0xa3/0x4e0
[  456.408198][T18397]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  456.408223][T18397]  ? sctp_v6_is_any+0x64/0x80
[  456.408242][T18397]  ? sctp_copy_one_addr+0x93/0x360
[  456.408268][T18397]  sctp_bind_addr_copy+0x189/0x3c0
[  456.408309][T18397]  sctp_connect_new_asoc+0x2ff/0x6b0
[  456.408333][T18397]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  456.408359][T18397]  ? __local_bh_enable_ip+0xd0/0x130
[  456.408376][T18397]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  456.408399][T18397]  ? security_sctp_bind_connect+0x7e/0x2c0
[  456.408423][T18397]  sctp_sendmsg+0x159b/0x2d00
[  456.408459][T18397]  ? __pfx_sctp_sendmsg+0x10/0x10
[  456.408482][T18397]  ? aa_sk_perm+0x6d5/0x900
[  456.408504][T18397]  ? __might_fault+0xaf/0x130
[  456.408530][T18397]  ? __pfx_aa_sk_perm+0x10/0x10
[  456.408554][T18397]  ? sock_rps_record_flow+0x19/0x350
[  456.408577][T18397]  ? inet_sendmsg+0x298/0x320
[  456.408596][T18397]  ? __pfx_inet_sendmsg+0x10/0x10
[  456.408616][T18397]  ____sys_sendmsg+0x853/0xa20
[  456.408639][T18397]  ? __pfx_____sys_sendmsg+0x10/0x10
[  456.408660][T18397]  ? import_iovec+0x73/0xa0
[  456.408679][T18397]  ___sys_sendmsg+0x2a5/0x360
[  456.408693][T18397]  ? __lock_acquire+0x683/0x2cd0
[  456.408711][T18397]  ? __pfx____sys_sendmsg+0x10/0x10
[  456.408730][T18397]  ? kstrtouint+0x6e/0xe0
[  456.408779][T18397]  ? __fget_files+0x2a/0x420
[  456.408796][T18397]  ? __fget_files+0x3a2/0x420
[  456.408820][T18397]  __sys_sendmmsg+0x27c/0x4e0
[  456.408839][T18397]  ? __pfx___sys_sendmmsg+0x10/0x10
[  456.408853][T18397]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  456.408889][T18397]  ? ksys_write+0x242/0x270
[  456.408911][T18397]  ? __pfx_ksys_write+0x10/0x10
[  456.408935][T18397]  __x64_sys_sendmmsg+0xa0/0xc0
[  456.408950][T18397]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.408965][T18397]  do_syscall_64+0x174/0x580
[  456.408980][T18397]  ? trace_irq_disable+0x3b/0x140
[  456.409001][T18397]  ? clear_bhb_loop+0x40/0x90
[  456.409018][T18397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.409031][T18397] RIP: 0033:0x7f6609f9ce59
[  456.409046][T18397] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  456.409068][T18397] RSP: 002b:00007f660adcf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  456.409087][T18397] RAX: ffffffffffffffda RBX: 00007f660a215fa0 RCX: 00007f6609f9ce59
[  456.409103][T18397] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005
[  456.409112][T18397] RBP: 00007f660adcf090 R08: 0000000000000000 R09: 0000000000000000
[  456.409120][T18397] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000002
[  456.409129][T18397] R13: 00007f660a216038 R14: 00007f660a215fa0 R15: 00007ffdd58f29b8
[  456.409153][T18397]  </TASK>
[  456.852071][ T6593] net_ratelimit: 6 callbacks suppressed
[  456.852089][ T6593] bond0: (slave geneve2): failed to get link speed/duplex
[  456.864905][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  456.991000][T18403] debugfs: '1��^!�Y������
[  456.991000][T18403] 3�UH�5r�Bn���\' already exists in 'ieee80211'
[  457.049826][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  457.164636][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  457.233716][T18418] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3604'.
[  457.234176][T18420] netlink: 'syz.2.3605': attribute type 1 has an invalid length.
[  457.340729][T18420] 8021q: adding VLAN 0 to HW filter on device bond3
[  457.760565][T18437] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3609'.
[  457.770208][T18437] netlink: 'syz.3.3609': attribute type 7 has an invalid length.
[  457.778096][T18437] netlink: 'syz.3.3609': attribute type 8 has an invalid length.
[  457.787508][T18437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3609'.
[  458.439914][T18445] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3612'.
[  458.655969][ T5632] block nbd12: Receive control failed (result -1)
[  460.734901][T18420] bond3: (slave geneve2): making interface the new active one
[  460.744186][T18420] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  460.815476][ T6603] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  460.842510][ T6603] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  460.899067][ T6603] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  460.928229][ T6603] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  460.970116][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  460.982357][T18457] netlink: 'syz.0.3614': attribute type 4 has an invalid length.
[  460.993938][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  461.016155][T18461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3616'.
[  461.025804][T18457] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3614'.
[  461.084995][T18457] 8021q: adding VLAN 0 to HW filter on device bond0
[  461.130347][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  461.161184][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  461.251370][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  461.292364][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  461.462850][T18483] netlink: 'syz.1.3623': attribute type 1 has an invalid length.
[  461.564101][T18483] bond1: entered promiscuous mode
[  461.574473][T18483] bond1: entered allmulticast mode
[  461.581405][T18483] 8021q: adding VLAN 0 to HW filter on device bond1
[  461.742730][T18494] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3627'.
[  461.761204][T18494] netlink: 'syz.0.3627': attribute type 7 has an invalid length.
[  461.782148][T18494] netlink: 'syz.0.3627': attribute type 8 has an invalid length.
[  461.790568][T18494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3627'.
[  461.808485][T18494] syz_tun: entered promiscuous mode
[  461.815180][T18494] syz_tun: left promiscuous mode
[  461.869643][   T88] net_ratelimit: 4 callbacks suppressed
[  461.869665][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  461.951403][   T88] bond0: (slave geneve2): failed to get link speed/duplex
[  461.989495][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  462.079551][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  462.112826][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  462.176339][T18503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3631'.
[  462.208941][T18503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3631'.
[  462.209599][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  462.225714][T18503] netlink: 'syz.2.3631': attribute type 3 has an invalid length.
[  462.239748][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  462.329577][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  462.334491][T18510] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004
[  462.349579][   T88] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  462.425210][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880348ee800: rx timeout, send abort
[  462.486364][T18510] bond1: option packets_per_slave: mode dependency failed, not supported in mode balance-tlb(5)
[  462.534444][T18510] bond1 (unregistering): Released all slaves
[  462.619663][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  462.925317][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880348ee400: rx timeout, send abort
[  462.933943][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880348ee800: abort rx timeout. Force session deactivation
[  463.279292][T18555] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3649'.
[  463.295413][T18551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3646'.
[  463.433705][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880348ee400: abort rx timeout. Force session deactivation
[  463.489182][T18553] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  463.496917][T18553] batman_adv: batadv0: Removing interface: batadv_slave_0
[  463.506826][T18553] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  463.520122][T18553] batman_adv: batadv0: Removing interface: batadv_slave_1
[  463.654801][T18564] syzkaller0: entered promiscuous mode
[  463.660448][T18564] syzkaller0: entered allmulticast mode
[  463.993361][T18583] netlink: 'syz.4.3658': attribute type 4 has an invalid length.
[  464.001666][T18583] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3658'.
[  464.058008][T18586] netlink: 732 bytes leftover after parsing attributes in process `syz.1.3659'.
[  464.067151][T18586] netlink: 732 bytes leftover after parsing attributes in process `syz.1.3659'.
[  464.259230][T18592] syz_tun: entered allmulticast mode
[  464.363738][T18591] syz_tun: left allmulticast mode
[  464.376008][T18597] syzkaller0: entered promiscuous mode
[  464.381527][T18597] syzkaller0: entered allmulticast mode
[  464.484254][T18600] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3
[  464.501016][T18600] batman_adv: batadv0: Adding interface: gretap3
[  464.507390][T18600] batman_adv: batadv0: The MTU of interface gretap3 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  464.514755][T18602] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.3667'.
[  464.553303][T18600] batman_adv: batadv0: Interface activated: gretap3
[  464.575876][T18600] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3666'.
[  464.674488][T18609] tipc: Started in network mode
[  464.683016][T18609] tipc: Node identity ac14140f, cluster identity 4711
[  464.692452][T18609] tipc: New replicast peer: 255.255.255.255
[  464.706394][T18609] tipc: Enabled bearer <udp:syz1>, priority 10
[  464.885239][T18620] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3673'.
[  464.992212][T18627] IPVS: set_ctl: invalid protocol: 46 127.0.0.1:20001
[  465.001288][T18627] IPv6: NLM_F_REPLACE set, but no existing node found!
[  465.062716][T18630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3679'.
[  465.141953][T18630] tipc: Started in network mode
[  465.146866][T18630] tipc: Node identity 52e3c0aa5368, cluster identity 4711
[  465.154158][T18630] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  465.291568][T18637] syzkaller0: entered promiscuous mode
[  465.299020][T18637] syzkaller0: entered allmulticast mode
[  465.305859][T18637] tipc: Resetting bearer <eth:syzkaller0>
[  465.347384][T18640] syzkaller1: entered promiscuous mode
[  465.353745][T18640] syzkaller1: entered allmulticast mode
[  465.708301][T18643] FAULT_INJECTION: forcing a failure.
[  465.708301][T18643] name failslab, interval 1, probability 0, space 0, times 0
[  465.720918][T18643] CPU: 1 UID: 0 PID: 18643 Comm: syz.4.3683 Not tainted syzkaller #0 PREEMPT(full) 
[  465.720944][T18643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  465.720957][T18643] Call Trace:
[  465.721040][T18643]  <TASK>
[  465.721108][T18643]  dump_stack_lvl+0xe8/0x150
[  465.721223][T18643]  should_fail_ex+0x40c/0x560
[  465.721263][T18643]  should_failslab+0xa8/0x100
[  465.721292][T18643]  ? skb_clone+0x212/0x3a0
[  465.721388][T18643]  kmem_cache_alloc_noprof+0x87/0x650
[  465.721410][T18643]  skb_clone+0x212/0x3a0
[  465.721423][T18643]  bpf_clone_redirect+0x170/0x4b0
[  465.721469][T18643]  ? bpf_test_run+0x1d1/0x830
[  465.721511][T18643]  bpf_prog_1939c40fbf65037b+0x5f/0x68
[  465.721523][T18643]  ? __kernel_text_address+0xd/0x30
[  465.721554][T18643]  ? unwind_get_return_address+0x4d/0x90
[  465.721573][T18643]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  465.721597][T18643]  ? arch_stack_walk+0xfb/0x150
[  465.721622][T18643]  ? ktime_get+0x45/0x220
[  465.721639][T18643]  ? ktime_get+0x45/0x220
[  465.721653][T18643]  ? seqcount_lockdep_reader_access+0xa9/0x100
[  465.721667][T18643]  ? lockdep_hardirqs_on+0x7a/0x110
[  465.721729][T18643]  ? ktime_get+0x45/0x220
[  465.721741][T18643]  ? seqcount_lockdep_reader_access+0xea/0x100
[  465.721755][T18643]  ? bpf_test_run+0x1d1/0x830
[  465.721767][T18643]  ? bpf_test_timer_continue+0x10c/0x320
[  465.721780][T18643]  bpf_test_run+0x354/0x830
[  465.721801][T18643]  ? __pfx_bpf_test_run+0x10/0x10
[  465.721816][T18643]  ? trace_kmem_cache_alloc+0x29/0xe0
[  465.721828][T18643]  ? csum_partial+0x239/0x2c0
[  465.721846][T18643]  ? convert___skb_to_skb+0x3d/0x5b0
[  465.721858][T18643]  bpf_prog_test_run_skb+0xe35/0x2230
[  465.721878][T18643]  ? __fget_files+0x3a2/0x420
[  465.721901][T18643]  ? __fget_files+0x2a/0x420
[  465.721914][T18643]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  465.721925][T18643]  bpf_prog_test_run+0x2c5/0x340
[  465.721947][T18643]  __sys_bpf+0x643/0x950
[  465.721967][T18643]  ? __pfx___sys_bpf+0x10/0x10
[  465.721988][T18643]  ? ksys_write+0x242/0x270
[  465.722007][T18643]  ? __pfx_ksys_write+0x10/0x10
[  465.722028][T18643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.722074][T18643]  __x64_sys_bpf+0x7c/0x90
[  465.722088][T18643]  do_syscall_64+0x174/0x580
[  465.722123][T18643]  ? trace_irq_disable+0x3b/0x140
[  465.722142][T18643]  ? clear_bhb_loop+0x40/0x90
[  465.722154][T18643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.722164][T18643] RIP: 0033:0x7f52cdf9ce59
[  465.722200][T18643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  465.722235][T18643] RSP: 002b:00007f52ceda2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  465.722277][T18643] RAX: ffffffffffffffda RBX: 00007f52ce215fa0 RCX: 00007f52cdf9ce59
[  465.722285][T18643] RDX: 0000000000000050 RSI: 0000200000001a00 RDI: 000000000000000a
[  465.722292][T18643] RBP: 00007f52ceda2090 R08: 0000000000000000 R09: 0000000000000000
[  465.722298][T18643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  465.722304][T18643] R13: 00007f52ce216038 R14: 00007f52ce215fa0 R15: 00007ffdeae660b8
[  465.722320][T18643]  </TASK>
[  466.079087][ T5730] tipc: Node number set to 2886997007
[  466.237105][ T6593] tipc: Resetting bearer <eth:syzkaller0>
[  466.297207][T18629] tipc: Resetting bearer <eth:syzkaller0>
[  466.416390][T18649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3686'.
[  466.598957][T18658] netlink: 'syz.2.3686': attribute type 9 has an invalid length.
[  466.776515][T18651] 
[  466.778899][T18651] ======================================================
[  466.785962][T18651] WARNING: possible circular locking dependency detected
[  466.793127][T18651] syzkaller #0 Not tainted
[  466.797555][T18651] ------------------------------------------------------
[  466.804672][T18651] syz.4.3684/18651 is trying to acquire lock:
[  466.810714][T18651] ffff888027a63418 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x1af/0x480
[  466.820191][T18651] 
[  466.820191][T18651] but task is already holding lock:
[  466.827534][T18651] ffff888027a62ef0 (&q->q_usage_counter(io)#62){++++}-{0:0}, at: elevator_change+0x194/0x480
[  466.838013][T18651] 
[  466.838013][T18651] which lock already depends on the new lock.
[  466.838013][T18651] 
[  466.848418][T18651] 
[  466.848418][T18651] the existing dependency chain (in reverse order) is:
[  466.857426][T18651] 
[  466.857426][T18651] -> #6 (&q->q_usage_counter(io)#62){++++}-{0:0}:
[  466.866129][T18651]        blk_alloc_queue+0x544/0x690
[  466.871425][T18651]        __blk_mq_alloc_disk+0x194/0x390
[  466.877052][T18651]        nbd_dev_add+0x494/0xb60
[  466.882023][T18651]        nbd_init+0x15f/0x1e0
[  466.886802][T18651]        do_one_initcall+0x250/0x870
[  466.892086][T18651]        do_initcall_level+0x10a/0x1a0
[  466.897590][T18651]        do_initcalls+0x59/0xa0
[  466.902458][T18651]        kernel_init_freeable+0x29d/0x3e0
[  466.908170][T18651]        kernel_init+0x1d/0x1d0
[  466.913083][T18651]        ret_from_fork+0x514/0xb70
[  466.918186][T18651]        ret_from_fork_asm+0x1a/0x30
[  466.923496][T18651] 
[  466.923496][T18651] -> #5 (fs_reclaim){+.+.}-{0:0}:
[  466.930721][T18651]        fs_reclaim_acquire+0x71/0x100
[  466.936181][T18651]        kmem_cache_alloc_node_noprof+0x4a/0x680
[  466.942514][T18651]        __alloc_skb+0x1d7/0x7a0
[  466.947528][T18651]        __ip6_append_data+0x2ea3/0x4080
[  466.953626][T18651]        ip6_append_data+0x108/0x270
[  466.958904][T18651]        rawv6_sendmsg+0x1298/0x18c0
[  466.964274][T18651]        ____sys_sendmsg+0x853/0xa20
[  466.969589][T18651]        ___sys_sendmsg+0x2a5/0x360
[  466.974779][T18651]        __x64_sys_sendmsg+0x1bd/0x2a0
[  466.980226][T18651]        do_syscall_64+0x174/0x580
[  466.985329][T18651]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.991731][T18651] 
[  466.991731][T18651] -> #4 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  466.999466][T18651]        lock_sock_nested+0x41/0x100
[  467.004747][T18651]        inet_shutdown+0x6a/0x390
[  467.009868][T18651]        nbd_mark_nsock_dead+0x2cb/0x550
[  467.015497][T18651]        recv_work+0x1cef/0x1e10
[  467.020447][T18651]        process_scheduled_works+0xa8e/0x14e0
[  467.026589][T18651]        worker_thread+0xa47/0xfb0
[  467.031689][T18651]        kthread+0x389/0x470
[  467.036269][T18651]        ret_from_fork+0x514/0xb70
[  467.041367][T18651]        ret_from_fork_asm+0x1a/0x30
[  467.046641][T18651] 
[  467.046641][T18651] -> #3 (&nsock->tx_lock){+.+.}-{4:4}:
[  467.054367][T18651]        __mutex_lock+0x19d/0x1590
[  467.059497][T18651]        nbd_queue_rq+0x373/0x1150
[  467.064625][T18651]        blk_mq_dispatch_rq_list+0x499/0x1990
[  467.070737][T18651]        __blk_mq_sched_dispatch_requests+0xd36/0x1580
[  467.077591][T18651]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  467.084109][T18651]        blk_mq_run_hw_queue+0x348/0x4f0
[  467.089742][T18651]        blk_mq_dispatch_list+0xd11/0xe10
[  467.095474][T18651]        blk_mq_flush_plug_list+0x45f/0x540
[  467.101385][T18651]        __blk_flush_plug+0x3ed/0x4d0
[  467.106763][T18651]        __submit_bio+0x465/0x560
[  467.111790][T18651]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  467.117948][T18651]        block_read_full_folio+0x599/0x830
[  467.123783][T18651]        filemap_read_folio+0x12c/0x3a0
[  467.129362][T18651]        do_read_cache_folio+0x354/0x590
[  467.135012][T18651]        read_part_sector+0xb6/0x2b0
[  467.140314][T18651]        adfspart_check_ICS+0xb1/0x960
[  467.145792][T18651]        bdev_disk_changed+0x82b/0x1780
[  467.151369][T18651]        blkdev_get_whole+0x372/0x510
[  467.156737][T18651]        bdev_open+0x324/0xd70
[  467.161507][T18651]        blkdev_open+0x461/0x600
[  467.166448][T18651]        do_dentry_open+0x816/0x1380
[  467.171761][T18651]        vfs_open+0x3b/0x340
[  467.176346][T18651]        path_openat+0x2e3b/0x3890
[  467.181459][T18651]        do_file_open+0x23e/0x4a0
[  467.186572][T18651]        do_sys_openat2+0x113/0x200
[  467.191762][T18651]        __x64_sys_openat+0x138/0x170
[  467.197129][T18651]        do_syscall_64+0x174/0x580
[  467.202237][T18651]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.208643][T18651] 
[  467.208643][T18651] -> #2 (&cmd->lock){+.+.}-{4:4}:
[  467.215861][T18651]        __mutex_lock+0x19d/0x1590
[  467.221004][T18651]        nbd_queue_rq+0xc1/0x1150
[  467.226030][T18651]        blk_mq_dispatch_rq_list+0x499/0x1990
[  467.232094][T18651]        __blk_mq_sched_dispatch_requests+0xd36/0x1580
[  467.238955][T18651]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  467.245453][T18651]        blk_mq_run_hw_queue+0x348/0x4f0
[  467.251084][T18651]        blk_mq_dispatch_list+0xd11/0xe10
[  467.256801][T18651]        blk_mq_flush_plug_list+0x45f/0x540
[  467.262697][T18651]        __blk_flush_plug+0x3ed/0x4d0
[  467.268067][T18651]        __submit_bio+0x465/0x560
[  467.273085][T18651]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  467.279227][T18651]        block_read_full_folio+0x599/0x830
[  467.285029][T18651]        filemap_read_folio+0x12c/0x3a0
[  467.290572][T18651]        do_read_cache_folio+0x354/0x590
[  467.296205][T18651]        read_part_sector+0xb6/0x2b0
[  467.301490][T18651]        adfspart_check_ICS+0xb1/0x960
[  467.306950][T18651]        bdev_disk_changed+0x82b/0x1780
[  467.312486][T18651]        blkdev_get_whole+0x372/0x510
[  467.317939][T18651]        bdev_open+0x324/0xd70
[  467.322695][T18651]        blkdev_open+0x461/0x600
[  467.327630][T18651]        do_dentry_open+0x816/0x1380
[  467.332909][T18651]        vfs_open+0x3b/0x340
[  467.337496][T18651]        path_openat+0x2e3b/0x3890
[  467.342604][T18651]        do_file_open+0x23e/0x4a0
[  467.347626][T18651]        do_sys_openat2+0x113/0x200
[  467.352815][T18651]        __x64_sys_openat+0x138/0x170
[  467.358184][T18651]        do_syscall_64+0x174/0x580
[  467.363318][T18651]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.369729][T18651] 
[  467.369729][T18651] -> #1 (set->srcu){.+.+}-{0:0}:
[  467.376851][T18651]        __synchronize_srcu+0xc9/0x2f0
[  467.382311][T18651]        elevator_switch+0x1e8/0x7b0
[  467.387591][T18651]        elevator_change+0x2fa/0x480
[  467.392865][T18651]        elevator_set_default+0x375/0x440
[  467.398582][T18651]        blk_register_queue+0x3f3/0x4e0
[  467.404128][T18651]        __add_disk+0x6cb/0xe30
[  467.408979][T18651]        add_disk_fwnode+0xfb/0x4b0
[  467.414177][T18651]        nbd_dev_add+0x733/0xb60
[  467.419200][T18651]        nbd_init+0x15f/0x1e0
[  467.423883][T18651]        do_one_initcall+0x250/0x870
[  467.429247][T18651]        do_initcall_level+0x10a/0x1a0
[  467.434698][T18651]        do_initcalls+0x59/0xa0
[  467.439538][T18651]        kernel_init_freeable+0x29d/0x3e0
[  467.445252][T18651]        kernel_init+0x1d/0x1d0
[  467.450099][T18651]        ret_from_fork+0x514/0xb70
[  467.455200][T18651]        ret_from_fork_asm+0x1a/0x30
[  467.460481][T18651] 
[  467.460481][T18651] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  467.468300][T18651]        __lock_acquire+0x1520/0x2cd0
[  467.473700][T18651]        lock_acquire+0x106/0x350
[  467.478719][T18651]        __mutex_lock+0x19d/0x1590
[  467.483831][T18651]        elevator_change+0x1af/0x480
[  467.489112][T18651]        elevator_set_none+0xb5/0x140
[  467.494481][T18651]        blk_mq_update_nr_hw_queues+0x5ef/0x19f0
[  467.500811][T18651]        nbd_start_device+0x189/0xb30
[  467.506182][T18651]        nbd_genl_connect+0x1597/0x1c10
[  467.511726][T18651]        genl_family_rcv_msg_doit+0x233/0x340
[  467.517887][T18651]        genl_rcv_msg+0x614/0x7a0
[  467.522923][T18651]        netlink_rcv_skb+0x226/0x4a0
[  467.528201][T18651]        genl_rcv+0x28/0x40
[  467.532702][T18651]        netlink_unicast+0x7bb/0x940
[  467.537996][T18651]        netlink_sendmsg+0x813/0xb40
[  467.543369][T18651]        ____sys_sendmsg+0x9b9/0xa20
[  467.548652][T18651]        ___sys_sendmsg+0x2a5/0x360
[  467.553843][T18651]        __x64_sys_sendmsg+0x1bd/0x2a0
[  467.559306][T18651]        do_syscall_64+0x174/0x580
[  467.564439][T18651]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.570864][T18651] 
[  467.570864][T18651] other info that might help us debug this:
[  467.570864][T18651] 
[  467.581427][T18651] Chain exists of:
[  467.581427][T18651]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#62
[  467.581427][T18651] 
[  467.595250][T18651]  Possible unsafe locking scenario:
[  467.595250][T18651] 
[  467.602770][T18651]        CPU0                    CPU1
[  467.608174][T18651]        ----                    ----
[  467.613546][T18651]   lock(&q->q_usage_counter(io)#62);
[  467.619013][T18651]                                lock(fs_reclaim);
[  467.625513][T18651]                                lock(&q->q_usage_counter(io)#62);
[  467.633403][T18651]   lock(&q->elevator_lock);
[  467.638032][T18651] 
[  467.638032][T18651]  *** DEADLOCK ***
[  467.638032][T18651] 
[  467.646238][T18651] 6 locks held by syz.4.3684/18651:
[  467.651423][T18651]  #0: ffffffff8fe2d908 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  467.659640][T18651]  #1: ffffffff8fe2d740 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0
[  467.668637][T18651]  #2: ffff888027a341c0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0xab/0x19f0
[  467.680066][T18651]  #3: ffff888027a340d0 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xbe/0x19f0
[  467.691041][T18651]  #4: ffff888027a62ef0 (&q->q_usage_counter(io)#62){++++}-{0:0}, at: elevator_change+0x194/0x480
[  467.701680][T18651]  #5: ffff888027a62f28 (&q->q_usage_counter(queue)#46){+.+.}-{0:0}, at: elevator_change+0x194/0x480
[  467.712575][T18651] 
[  467.712575][T18651] stack backtrace:
[  467.718462][T18651] CPU: 0 UID: 0 PID: 18651 Comm: syz.4.3684 Not tainted syzkaller #0 PREEMPT(full) 
[  467.718484][T18651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  467.718495][T18651] Call Trace:
[  467.718504][T18651]  <TASK>
[  467.718514][T18651]  dump_stack_lvl+0xe8/0x150
[  467.718535][T18651]  print_circular_bug+0x2e1/0x300
[  467.718560][T18651]  check_noncircular+0x12e/0x150
[  467.718585][T18651]  __lock_acquire+0x1520/0x2cd0
[  467.718613][T18651]  ? elevator_change+0x1af/0x480
[  467.718629][T18651]  lock_acquire+0x106/0x350
[  467.718647][T18651]  ? elevator_change+0x1af/0x480
[  467.718669][T18651]  __mutex_lock+0x19d/0x1590
[  467.718689][T18651]  ? elevator_change+0x1af/0x480
[  467.718709][T18651]  ? rcu_is_watching+0x15/0xb0
[  467.718741][T18651]  ? elevator_change+0x1af/0x480
[  467.718764][T18651]  ? __pfx___mutex_lock+0x10/0x10
[  467.718784][T18651]  ? enable_work+0x17f/0x230
[  467.718804][T18651]  ? lockdep_hardirqs_on+0x7a/0x110
[  467.718825][T18651]  ? __cancel_work_sync+0xf7/0x110
[  467.718846][T18651]  ? blk_mq_cancel_work_sync+0xa5/0xe0
[  467.718867][T18651]  elevator_change+0x1af/0x480
[  467.718889][T18651]  elevator_set_none+0xb5/0x140
[  467.718908][T18651]  ? __pfx_elevator_set_none+0x10/0x10
[  467.718927][T18651]  ? xa_load+0x1db/0x210
[  467.718950][T18651]  blk_mq_update_nr_hw_queues+0x5ef/0x19f0
[  467.718979][T18651]  ? kernfs_add_one+0x480/0x5d0
[  467.719038][T18651]  ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10
[  467.719063][T18651]  ? sysfs_add_file_mode_ns+0x258/0x300
[  467.719085][T18651]  nbd_start_device+0x189/0xb30
[  467.719112][T18651]  ? device_create_file+0xf4/0x1b0
[  467.719150][T18651]  nbd_genl_connect+0x1597/0x1c10
[  467.719176][T18651]  ? __pfx_nbd_genl_connect+0x10/0x10
[  467.719201][T18651]  ? rcu_is_watching+0x15/0xb0
[  467.719217][T18651]  ? trace_kmalloc+0x2a/0xf0
[  467.719243][T18651]  ? __nla_parse+0x40/0x60
[  467.719265][T18651]  ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0
[  467.719288][T18651]  ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0
[  467.719315][T18651]  genl_family_rcv_msg_doit+0x233/0x340
[  467.719342][T18651]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  467.719370][T18651]  ? __lock_acquire+0x683/0x2cd0
[  467.719399][T18651]  genl_rcv_msg+0x614/0x7a0
[  467.719422][T18651]  ? __pfx_genl_rcv_msg+0x10/0x10
[  467.719443][T18651]  ? __pfx_nbd_genl_connect+0x10/0x10
[  467.719471][T18651]  netlink_rcv_skb+0x226/0x4a0
[  467.719488][T18651]  ? __pfx_genl_rcv_msg+0x10/0x10
[  467.719510][T18651]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  467.719534][T18651]  ? down_read+0x270/0x2e0
[  467.719552][T18651]  ? genl_rcv+0xd/0x40
[  467.719574][T18651]  genl_rcv+0x28/0x40
[  467.719595][T18651]  netlink_unicast+0x7bb/0x940
[  467.719623][T18651]  netlink_sendmsg+0x813/0xb40
[  467.719644][T18651]  ? __pfx_netlink_sendmsg+0x10/0x10
[  467.719665][T18651]  ? aa_sock_msg_perm+0xf1/0x1b0
[  467.719700][T18651]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  467.719727][T18651]  ? __pfx_netlink_sendmsg+0x10/0x10
[  467.719744][T18651]  ____sys_sendmsg+0x9b9/0xa20
[  467.719769][T18651]  ? __might_fault+0xaf/0x130
[  467.719798][T18651]  ? __pfx_____sys_sendmsg+0x10/0x10
[  467.719818][T18651]  ? import_iovec+0x73/0xa0
[  467.719843][T18651]  ___sys_sendmsg+0x2a5/0x360
[  467.719861][T18651]  ? __lock_acquire+0x683/0x2cd0
[  467.719877][T18651]  ? __pfx____sys_sendmsg+0x10/0x10
[  467.719898][T18651]  ? futex_wait+0x2a2/0x390
[  467.719937][T18651]  ? __fget_files+0x2a/0x420
[  467.719958][T18651]  ? __fget_files+0x3a2/0x420
[  467.719980][T18651]  __x64_sys_sendmsg+0x1bd/0x2a0
[  467.719999][T18651]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  467.720021][T18651]  ? rcu_is_watching+0x15/0xb0
[  467.720041][T18651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.720060][T18651]  do_syscall_64+0x174/0x580
[  467.720078][T18651]  ? trace_irq_disable+0x3b/0x140
[  467.720102][T18651]  ? clear_bhb_loop+0x40/0x90
[  467.720122][T18651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.720137][T18651] RIP: 0033:0x7f52cdf9ce59
[  467.720155][T18651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.720169][T18651] RSP: 002b:00007f52ced81028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  467.720189][T18651] RAX: ffffffffffffffda RBX: 00007f52ce216090 RCX: 00007f52cdf9ce59
[  467.720202][T18651] RDX: 000000000400400c RSI: 0000200000001ac0 RDI: 000000000000000b
[  467.720215][T18651] RBP: 00007f52ce032d6f R08: 0000000000000000 R09: 0000000000000000
[  467.720226][T18651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  467.720236][T18651] R13: 00007f52ce216128 R14: 00007f52ce216090 R15: 00007ffdeae660b8
[  467.720258][T18651]  </TASK>
[  468.273936][ T5632] block nbd13: Receive control failed (result -32)
[  468.280786][ T5632] block nbd13: Receive control failed (result -32)
[  470.742808][T18629] tipc: Disabling bearer <eth:syzkaller0>
[  470.751890][ T5730] tipc: Node number set to 25936042
[  470.779831][ T6601] net_ratelimit: 47 callbacks suppressed
[  470.779961][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  470.802055][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  470.909504][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  470.929761][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  471.019534][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  471.039582][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  471.129541][   T62] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  471.149535][   T62] bond0: (slave geneve2): failed to get link speed/duplex
[  471.239619][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  471.259567][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  472.927866][ T3175] block nbd11: Possible stuck request ffff8880279ce000: control (read@0,1024B). Runtime 30 seconds
[  475.819545][ T6601] net_ratelimit: 80 callbacks suppressed
[  475.819579][ T6601] bond0: (slave geneve2): failed to get link speed/duplex
[  475.859551][ T6601] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  475.939522][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  475.979509][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  476.049549][ T6603] bond0: (slave geneve2): failed to get link speed/duplex
[  476.089593][ T6603] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  476.159585][ T6611] bond0: (slave geneve2): failed to get link speed/duplex
[  476.199832][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex
[  476.279516][ T6606] bond0: (slave geneve2): failed to get link speed/duplex
[  476.309512][ T6606] bond1: (slave ip6gretap0): failed to get link speed/duplex