last executing test programs:

3.106711801s ago: executing program 1 (id=7080):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x200, 0x70bd2d, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x41)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r2, 0x215eb000)
r3 = socket(0x14, 0x2, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x61d0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={0x34, r5, 0x2799f5eec7981083, 0x70bd28, 0x259fdbfc, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000)
recvmsg$kcm(r3, &(0x7f0000001d80)={0x0, 0x0, 0x0}, 0x20)

2.015790481s ago: executing program 1 (id=7097):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000000060a0b040000000000000010020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000046c0001800a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)

1.80160272s ago: executing program 1 (id=7102):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x4100, 0x40000}, 0x8004)

1.49587858s ago: executing program 1 (id=7107):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000002c0), 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4)
sendto$inet(r0, &(0x7f0000000200)="2177a56ba999434c653ee719b9ee9323eb3daf2335025863e28db5eacf407ae9148d8489ce3a54b62be626865b", 0x2d, 0x10, &(0x7f0000000300)={0x2, 0x4e24, @loopback}, 0x10)

1.161803915s ago: executing program 2 (id=7115):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000004b00)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x25dfdc00, {0x0, 0x0, 0x0, r1, {0x5, 0xfff3}, {0x0, 0xffe0}, {0x0, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1002040}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, r2, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket(0x2a, 0x2, 0x0) (async)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async)
getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000004b00)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x25dfdc00, {0x0, 0x0, 0x0, r1, {0x5, 0xfff3}, {0x0, 0xffe0}, {0x0, 0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) (async)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1002040}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, r2, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)

1.103995063s ago: executing program 0 (id=7117):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x8)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c01000019000100000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000fffd000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000fdffc591ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000b86b6e00000000000000000084000500ac0714aa000000000000000000000000000000002b00000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000ac1414aa0000000000000000000a0000004000"/244], 0x13c}, 0x1, 0x0, 0x0, 0x9}, 0x4040000)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000119afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'veth0\x00', 0x800})
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0xffffff, 0xffffffff, 0x10000}, 0x10)
r3 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000080)={0x7ff, 0x10, 0x8, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0xc99, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r5=>0x0})
close(r1)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$packet(r4, &(0x7f0000000280)="0b031260feffffff02005400f6a13bb1000000086086dd480300", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x86dd, r5}, 0x50)
write(0xffffffffffffffff, &(0x7f00000000c0)="240000005f005f03a9f9f4ba0a1f0000000000000000ecffffffffffffff0000000000", 0x23)
close(0x3)

935.873869ms ago: executing program 3 (id=7120):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=ANY=[@ANYBLOB="5c010000101a130700000000ffdbdf25e0000001000000000000000000000000ff020000000000000000000000000001000400004e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc020000000000000000000000000001000004d632000000fc020000000000000000000000000000050000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000100000000000001000000000000000000000000000000000000002cbd7000053500000a000400500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000080000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r2], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014)

915.921815ms ago: executing program 0 (id=7121):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="02030003120000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a000000000000000000000000000000000000001d000001020000000000000002000100000000000000070c0000000005000500000000000a00000000000003fc01000000000000000000000000001307000000000000000100140007"], 0x90}, 0x1, 0x7}, 0x0)

900.195154ms ago: executing program 4 (id=7122):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000004b40)=[{{&(0x7f0000001140)={0xa, 0x4e23, 0x10, @private2, 0x8}, 0x1c, &(0x7f00000013c0)=[{&(0x7f00000016c0)="99", 0x1}], 0x1}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x9b5d, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80}, 0x1c, &(0x7f00000015c0)=[{&(0x7f0000001700)="92", 0x1}], 0x1}}], 0x2, 0x4000090)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x5, @any, 0x0, 0x1}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000180)={r2, r2, 0x3, 0x4, &(0x7f0000000240)="b4c8da94", 0x9, 0xb, 0x10cf, 0x4, 0xc336, 0x1, 0xf, 'syz1\x00'})
shutdown(r0, 0x1)

839.614491ms ago: executing program 2 (id=7123):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="fcffffff2500100028bd0f4e0000000000003fd7"], 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000180)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x30, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xab}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
listen(r3, 0xf)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000000000000000000000000000000000000300000006"], 0x34c}, 0x1, 0x0, 0x0, 0xf9612d57cd99e519}, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r2, 0x9}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000300)={<r5=>r2, 0x5}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000380)={r5, @in6={{0xa, 0x4e23, 0x8, @local, 0x4}}, 0x5c, 0x2}, 0x90)
r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8)
recvmsg$can_bcm(r6, &(0x7f0000000700)={&(0x7f00000004c0)=@llc, 0x80, &(0x7f0000000680)=[{0xfffffffffffffffc}, {&(0x7f0000000580)=""/200, 0xc8}], 0x2, &(0x7f00000006c0)=""/49, 0x31}, 0x80000100)

830.820339ms ago: executing program 3 (id=7124):
socket(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r1}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

735.008493ms ago: executing program 0 (id=7125):
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4) (async)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r0, 0x215eb000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r0, 0x215eb000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001ec0)={0x6, 0x4, &(0x7f0000001c00)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x0, 0xa, 0xfe00}]}, &(0x7f0000001c40)='syzkaller\x00', 0xf}, 0x90)
r1 = socket(0x14, 0x2, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wpan4\x00'})
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x400261f3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="05000020000000007311390000000000c95cd25e0d00000000000000060000008500000076000000eeffffff9500a505000000007e78335f0764bce60d1b13ff8f6393317577a7353a6af1561e1e3451e39a1f1d89e2168d5374b6725c470c950948dbf16b072fed18b2064dc9d9057abd7c0299b1e4b9662b6a9dd657fec2bdb41bd2301475c04541bbe2e2dd283e723055bb32164fce087c1b7edcbd0e97a7dba8dde81e30ef5197a54698d903437245b0c705dd1ac8f404971dccf4453bae90cfc80ee3fdb7cac1173ff7"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

734.62593ms ago: executing program 3 (id=7126):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000000060a0b040000000000000024020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000046c0001800a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a32"], 0xc0}}, 0x0)

674.746299ms ago: executing program 4 (id=7127):
ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000480)={<r0=>0xffffffffffffffff, &(0x7f00000000c0)='\x00', 0x444041, &(0x7f00000003c0)={@_ha_fsid={[0x7, 0x3]}, {0x5, 0x5, 0xfffffff1, 0x53}}, 0x6, &(0x7f0000000400)={@_ha_fsid}, &(0x7f0000000440)=0xa})
write$tun(r0, &(0x7f00000032c0)={@void, @void, @ipv6=@gre_packet={0x9, 0x6, "ba6006", 0x38b, 0x2f, 0xff, @loopback, @private0, {[@srh={0x6, 0x14, 0x4, 0xa, 0x1f, 0x30, 0xf800, [@private0, @loopback, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, @dev={0xfe, 0x80, '\x00', 0xa}]}, @fragment={0x2b, 0x0, 0x8, 0x1, 0x0, 0x6, 0x67}, @routing={0x6c, 0xe, 0x2, 0x4e, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @dev={0xfe, 0x80, '\x00', 0x28}, @empty, @empty, @private1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x62, 0x1, [0x3ff], "a47e4e042c36a393c5920334981511e336a9e2f83bd12a68ca4d5c78f96f4cd0149a2321285ba5c9092d2d34a5c85db0446e0175afae59b35465bef7e6274f077162f2f43b157d5be6ba889543be4813f621ce9a60a4b61d082ab43deaa9c02e3e3d"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x7, 0x6, 0x7], "26ffc87f08905b989bf35f771140e4b0b102b0f498bffa24a8568f3ac552dfc6f270e81d7652e180984add6bdd870a4b4c04f7bb68a04a3250c6c5fc72321cfa3e70abbcf57efaae08b22c0a05ac194e60b62b4bdccfc4572f87b6972a63f7e261fe06c3b4f233971fda0a364540bbdbe192b1eb5f40be33486b692513fe5acfb4b9ef1a68d723f5b08b255f63513f8cd51e134507ce3e43d29476dedbbb27f1b71e759bf709d8d961"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x1c00], "adc05d1992ae912f8c50134cdb0e5eea7c6a82d0af07679ce77eb61b9b52e14560060ed77d62bdfcda280f3c466aae2442d9b300b22a72294c225f6a1d42417fb209fafcea06e6ce3e04fa1e60e160cee24a742a177cac2ed01d77954284e37be6d91e3bfeb56274653b312c9a459fb65906d4c79432b772a58950cbed4b553abee3591c5eb29f18886985af85d7739280c5b77d53d9d7ee6a84b3c702f9f8ab402b5adbac141a589b34a8b3b642c1fff524bfedad6b5aecae6d331db2c222000f83dd72423d68"}, {0x8, 0x88be, 0x4, {{0x1, 0x1, 0x8, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x0, {{0x5, 0x2, 0xd, 0x0, 0x0, 0x1, 0x3, 0x73}, 0x2, {0x2ce4, 0x7fff, 0x3, 0x17, 0x0, 0x0, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x0, "b72e6062ad5050c5ddb466540190c3d3540af8c8d010d20441718f658b8b63537ddc8b8f3b43296a9f5e0ffb606bd884d2c5e4689b9fcafa973882c5ecaecef28b4ec7"}}}}}, 0x3b3)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
write(r1, &(0x7f0000000e80)="ed6be97322139836a33887f007fce57d5fd560f8f84cfcc730b946f8736549bc2cc233aef3a2c041400746444dc658270abd5ea8cc8f31cbf357ae2c1f0c916f5fa90751ad5284361a33a1c1930caf1001a7e2570d824198606dd70e8dfefcfd08a866857344b0cabd15d4c80c9ebfbf810e554370b51b0b91d636add4f3873698e7635c8d4fd8ead2fc84a5c3d7da274550ffda7a481bb0fcf9b15a5d820ad99af2cf78a483797337a018220f18d8567140ba2df7e4192578954fa255b2c8a3fffbef3b2b1f7be9879fa11b5849b25f773172bb735667671c726bdb2a6583696180c73aa3b4dc6754c6b91cec90952d11ba0be1c55d9c968183a481748e81bb60e5eb50bf151fd040c1bd47ebb7a90ee7ae66715986ed4192a9dcf8ec66c0c567e01c9d6bdc6a2904a9855d7e63c0f0fb9b01acdffaa6cff40a2763e5f7fadffef54e5f75aef680648ce62c16be454312363747a59982e4d7d986ed263cd65c61c0e22fd07428d82ecd52268e904507067e47d3381ab5cb5960bebed4d0020b9b4d29f4b925df79d06bd24fed53568c9157fbda223bccb05c4df43c7ea74dbaee2da94543e886c0eeeca6979fd701e45b8719d74fd0dda965d1d842f84bf5ca14124adbd45c55aac7e1e7ea17153d90f81ec63392b3dcba6b4069bf7a55bd81b3da99c1146d663ee08d52cd6a625d7c6dfff102c9db5d4d18fe8c528e23499e84f7aa9b41a3c82a7b041c361321080b72f9683e1d6c0e94c26607db254a8bdd18f6a9feb551a14b33e706052969c79558d253fefb5367a1863d835a35fc07b3b441c7e53bb9263689b82d7ff478bc3f01e6aa35e169b1a0813cd7a2f9cd4c32affba9595a3ed0261c5fca8dea0bba3532c2b8da7ccd3c599275c5c58bd74d72c9392c3a76f85cf5d3a0a50c842df80cc9f9f5f684eaf0d3d17e98f15c7fc3b63599a9a82da672e7e4fe0f87482eb84e62d084b6c78480e72ec6fb34959cd40a8cc10d8c1bff9b9bbf3999e4e1b70a77d96956ba91ef68e781fe8fbbde9f4bd6775b7b54836a9eaeb6f0e52c97557d02d1b2b51409301e623792e8b04f753cf76e3d779686424e95ed30219b6b6779bbdf3e24a1805bc940bfcba671e9dbc507066235945d9955963363825f24d8aa020f8bb21c541cb9bebd9ec2306aadd22915200df7b2d8babc673f5970eaca2a186dbf228d43d74fa8ba2d39a20d75331c25ec37694b013af2623f84c259a3dc33e1166c03e0487f62d0f857b7f3aad121154f5f24b7e6f6410217d244294cc8490dcbe60c351dc75000fa048a037f0df60118596ba47a6a555fb7abafafa1c3d5ec6de04e42af8a4ac16aeb35c41f8b1a0e44ff552bf05cafb480ec89c5dba3db89d49545a6d1cbf5fb7ef86eb5e3c3a6c4035d0fe070693852534e7d0f352bdd2d72369d90501bfafcab2c64d4e40f6b2f7af8f8fc90f10c4fde298887515a977e8814c76764ebb466c67319e660318dcd291af8fdd5069122a6b6be86276bbd26cd96c7473a53c1d79d23fcb5e1595edda94dc78aba5a994c0f6c2d92c82940290623d6d21025d3bbf392e8943469ae10185a64300b02caacd6644dc31580a6168d2a54d65a95fc596a1aaa0ce480f52a8a1422558193b249d6fe8020bb3f29f4694d5b771f877c7e8671074130ff7d8bd5b121c55b5450082e7af803bfbf0eddac4d3bd5561bec923659a47cfbd373d196c63a8c12d5a6a98cf7d6417e54bddcc71f7c226749ee247a467760124d6d15b60f0b3d03c79f96a08a7d9badf08c9fb9fae1f9d0433ab7eb44aafdd3eb6176d71b63440238fff90b3375938d33723bb431c07c7d771fd24a12bf245c5ce6588b1430c60200aaee00aa55d1f1d70bf623e4abe865bc878fb262945dd2fde319a2211932e6e909b2bdcabb5232e42a1192bd56f7a81d922c34bfbca3cfbf987da19da91821a61303dc8efd4f0def48ed34b9dabffa4cc19553484e28881c87084b2188ee2bf0c960dbc93f82b6e79080dca7683e0e4051510c06692ef3e4554a0160003332dbeebcd7f75cd26b496d3cad62f4f915040e7e42d0876e36dce4fa1416993c0f497e2b16f9b348592fb5893e99a7830c75a59f0143eb8012a06a0c3bebd66318a84b06f7be6fc3295b5b38fbc244280553c7999a2b8dfca8a4f2a4f9259f5c6426a3f2629af44bc0a8d8ce56255d12cf4df969e441f7941ea742b63b095cb0d92c2ca0bed4d79ac738e5bbeed0bb0292f7fc29e76f5f3994979c0e5432c41b519e0fdadd2f72c989af2b564f3fb16a4de0e6b5df219f9f619d13a5098abae7e9b46d7155bd470dfd663e209268040e04d50cd977f6745e819bbd72072db7b0c58b6f684b11cf75944643549e1269c341edc76684d87f20dc14c439cda4312399a88c60be39993157330d5b6dd83210590596e14fc08b913c19598597129300fbe0b0e5e38f949cefddf2722569ecf3d10ba2e846c00597c94e59409d60ee2816bfbe7c9e8264a7c03c95d3599762f5ea9527d277ff009fc3a6e630ea1d889f7d565cf614922e4cbbb7819ef235faf57750b8d94c0717f01f337a6e9591b270e876f78561ba8276e9dc8409d6b72bc4f9c851a6e73634eae8344d9bcaf90ebec9318e9db3640a0d2921375608362c955f8c56fa1f882d46b5ea260371b384b4a24dd9f1e855b52cd3d3d9c8d6c907385f0886b88314e1a469e4bfc935c32f070eafc40d84cdc766368c92e156b2151d6c4d1a21cbe06fa1737860e575b8444fac4ba085303f2ab105062556f7249cd9412bd4c1207adc68f0f0b1aef917f054b76d0972704c0f988084078d3f72d28d4dbd75032d31b71db976e63d94ae5718e39a6b7eb28543bc7f59cf36e7069ffd696710cb8207b0578b158697345acb95d0d952fec9d3d26be931e39493df169ea38bd49ec69b016528a0b296b48b71093ff57ccfd2ff507020d5bdb8083c14bfe58e15f8c94d3b951753e8bff4ac1a446d45cf486556fa5d46436d485e0e22131291cb28c84060b3b11bc5307ba79291bc027eb89514d3edee8eb97c29cfc653019bb7be33dfe9d3d3158a14d13279e1658ba9458c5bafa8dc4f9fad9af0c5c1ff0bd8ab7ce3065cfdd29be6141bce67bb7b28f8513daaf8519fceb0252723913092007fa6cfdf8c4f18ac2fe1b20c858dae9c2a7e6888dacf2e104317fd25f42ac3468169e5aa90343ef60ebaf6229818bc25c115fda74c63fdca8550fe719905ab01f05631a61fd143929cda192939a6f5c8cf051c38088a9971f36f676b249a67bba1bf54650e8542b77aa727df127e5470b82e5b37f0431b13d7ffa07e4314e2ddc290d89719bf7a155a18f7652b7ea40ab37a2df4fcd1ac27425757a105d99417464765f6be042d745765e7ae9f696f87dfbbf78d1c6b33bab865759d09e274dccbc0ad05f32169fd4f0edb3faec9f8211879b556d3af571f60ccfcf773aab631907cc04698dd2aeb69a7a9af8ef28da88b0f87f12f7d3428a41c40b12df3117648807e8360e277a34063a9dbc5df0a84e8d45cfcb26028e082f9e9ea6b8d1466203e5f0cf1be8ef84606460434a4eed1cb4e304be11dc61f4dc0d0138fe533def0a2849e1bc4c4e2403e944d1ee5a530322f81e3ab26f7998ac177f26a647ab6e949e28428f83b486a0a5fbb2291a4da2bedceede5928ccff6ed79b42dcff4589eeae678f1672a58a88557b862de80608f48d39516738eb1fd60b8f5cf938e6f8dbb2b85801157435b9c22ec72df2b93e11a19d1e0efe7c208367c85512b3e0d4e7abc5db6bd1dc96e43d77eddff5e44aeca101e25c8de21058c239a253ddff1eb66b54b6d269817140de74064b979ff97e7761e8cdb4a724978cabdc120bdb571cc703ba24b4365a44baed16d3072ca0c5c546c72ee9cf4cc0f29fddd6196c8b8c8be2fd0c8ea3db2b573ca50f7375af27cee08e9415d3c9336cb07033f7c994daf548c48b3b8ad33688e37cf0b0d2c2f2e4c7cf0bb9374086861267eb1e525d7010f0d32c4d2277b3ccefc801901a43552d1bc5357097f5f683054e5e5d8254311985f2123899a8aed1011cde9f4b66d9b9132dbee32afa8a6f7f1be0edf70b7c1eef36759062b8c168af19bc45c5d74a9f333101a834bb3c2074787da9bcc52357f285722a662692f168e04a69bf73ca9b2ada1d1d0f5c90fc21b93bfdd21d487622adda0dd393afdf24f19c948936b185ab11c1a4dda6f6bafed1af8d1c046fcde3523ba50a2d831266a2730a89d7069598da6d506fbcb19e9b8b3e20c3d8bb962478edbeceb02a84fd8c7d683ae426e1f91df27e84b09aeace6750629c7d6b3c386e5132cc7e43ce55afa90e708a9d5a0840a7ddc5cca7319bc2be18155acaeb2ad5f685ed3d7b24427058836cefa33fec26d5ba5542064273989957f22e3945fc37ae2504f85a56d64f8d3b7a373745c797de843d65b5b01a0f701c8e558f23aadf7a0d173ed3df316d6643e11a038a499195ff390ec0309f556167b46a7562e1c2c4c62ee56137d29d92bb4c7ba212365bbe3f29d4fe2e4435ef8fe3ae12221a414cb29787b21c824f9131f6d69a81d789d6b51db9af2f2c1e3a739d54e979edbc3745ea977915821cc458bb2da60cebe250a7c59d955b77896653ef7172dc60f4ac39f753ea397c7b81226bb089cd7880f6cfdf17826427415a6c76e15f7b98cb8773ffc59f1ef11a0ee05c0af4dd250623086763faff9a77bb84659d41a1042d04de281a8794587ec9dac8db2001a259bfb5c2ae300af21899b51ee97b863ce8b5898570a932e7730c1f0729fd29c4804d81ee38651ad71a4756d0452c701a42d3596763fe992d0ab042df813a56f2a688a14d9db4f6372c7bc891613b046d65deb866ecdbaff8a0e58bbb0987813827436cbc2568667620fb150f8d853804489447e7c8a60f4b12d53ae6cd57354fd92467ad21e72128633d984d62e589b85d2a396ddf124e48e853f05ae7f41caaef547bf116b7ed9dffb6812dde85a8925e0cb6ce589efe4bb1e325d7aa1cada67e01bb9698401be2b869533fb426ac6b428eda637ef6a755c3e5d3a33876fa9d5a60652ae6808de090971ae4cbd8d82f50ab3d25fa7651920d72355b7c22da7b718d648ad9a9231f969f8db37471448a90187e75fd232d876f80c4a935cb64a42f673a4a205b77aa47e5988c7256258825c319f03206baca7018b7d16daf24c0b210a9260ea59a6beb22d5adaa6c652ce93c75eec8b1f7669fafd8a83491272b4310240a6d3f4f489208e7a9f45f73c8d64c4855167c4eb6036c655c46c34ccfe2dcc1bdad88b00ebb2f538075f0f204c9d63b9680f1288e8eb71eb250fd2f1b4e4c63383e0fb1a3aa40186ad05ad5ef6fa57351624e9a8b20ab02fcdfe0bbf4409d269bcc86d3342b31d6c3e9dc36eef320a94348a4d26b73ea5029da360e3642079c8402ae12b5803783388ca254a6d4a05afc940c029ab4f952489ad8b4ba7ff860cabb45eddaf86161b6de4883df27bb74b87503259ea0c8fb3e3d31e9d5815fe795f8515a7ee1dc07b5f8b154303ba3570fd94f5c81a92831a3714f8b2bbb2e2a7dfb21a12275f48e55131ea351c59048b3bd930e0925c5ebb0cdac1ebeecaeff142ed3b41ff054bec223cade0fe0dca5a4b3a026c254a10001a71e240406583a80ca315358fd6a3cba88c6dd8fa33c3425ac46b5cacf0e0ed4cacce3a89d7b23d95b7738450a47488ffd556a94fa06a35003edf8528925fb21e25182fd22cc6198c9c8c4bb7645ba807207f504988874ff3", 0x1000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000140)={0x0, ""/256, 0x0, 0x0, <r4=>0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r3, 0xc4089434, &(0x7f0000001e80)={<r5=>0x0, 0x100, 0x1, [0x3, 0x8466, 0x5, 0xfa, 0x7], [0x9, 0x5, 0xb5, 0x8001, 0x2, 0x5, 0x6f9c9dcd, 0xfffffffffffffff1, 0x1, 0x3, 0x2, 0x80000001, 0x1, 0x7, 0x7, 0x10000, 0x8, 0x1, 0xa71, 0x80000000, 0xfffffffffffffff9, 0x2, 0xb, 0x8000000000000001, 0x6, 0x46, 0x80000001, 0xc, 0x7f, 0x712, 0x4d5, 0x6, 0x6, 0x68b6, 0x7de200000000000, 0x100000000, 0x719, 0x7fffffffffffffff, 0x5, 0x10000, 0x2, 0x1, 0xe, 0x8001, 0x101, 0x2, 0xb5, 0x7fffffff, 0x8, 0x6, 0x81, 0x35, 0x6, 0x9, 0x4, 0x1, 0x8, 0x10000, 0x2, 0x8, 0x7ff8000000000, 0x3c, 0x3, 0x7d, 0x2, 0x0, 0xc35, 0x3fc, 0x7, 0x6, 0x7fff, 0x9, 0xfd67, 0x7, 0x401, 0x2, 0x5, 0x16c7, 0x7, 0xfffffffffffffff9, 0x3, 0x7, 0xffff, 0x2, 0xc000000000, 0x7, 0x0, 0x4, 0x7, 0x9, 0x81, 0x929, 0x7fff, 0x100000000, 0x1, 0x5, 0x8000000000000001, 0xe5b0, 0x7, 0x80, 0x9, 0x2, 0x2, 0x9, 0x1000, 0x3, 0x2, 0x1, 0x7, 0x8000, 0x9, 0x7fff, 0x4, 0xecb0, 0x8000000000000000, 0x1, 0x0, 0x2, 0x7fffffffffffffff, 0xd89, 0x100]})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f00000022c0)={{r2}, r4, 0x0, @inherit={0x50, &(0x7f0000000340)={0x1, 0x1, 0xffffffffffffffff, 0x3, {0x10, 0x323, 0x2a7, 0x1, 0x8000000000000000}, [0xffffffff]}}, @devid=r5})
bind$bt_sco(r3, &(0x7f0000000000)={0x1f, @fixed}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000100)=0x1, 0x4)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000d80)=@newsa={0xf8, 0x1a, 0x1, 0x0, 0x25dfdbfd, {{@in=@local, @in6=@empty, 0x4000, 0x0, 0x3, 0x3}, {@in=@broadcast, 0x0, 0x33}, @in6=@mcast2, {0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0x1}, [@tfcpad={0x8, 0x23, 0xd19}]}, 0xf8}}, 0x20000000)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @val=@tcx={@void, @value=r3}}, 0x1c)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
r8 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r6}, 0x8)
ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000480)={0xffffffffffffffff, &(0x7f00000000c0)='\x00', 0x444041, &(0x7f00000003c0)={@_ha_fsid={[0x7, 0x3]}, {0x5, 0x5, 0xfffffff1, 0x53}}, 0x6, &(0x7f0000000400)={@_ha_fsid}, &(0x7f0000000440)=0xa}) (async)
write$tun(r0, &(0x7f00000032c0)={@void, @void, @ipv6=@gre_packet={0x9, 0x6, "ba6006", 0x38b, 0x2f, 0xff, @loopback, @private0, {[@srh={0x6, 0x14, 0x4, 0xa, 0x1f, 0x30, 0xf800, [@private0, @loopback, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, @dev={0xfe, 0x80, '\x00', 0xa}]}, @fragment={0x2b, 0x0, 0x8, 0x1, 0x0, 0x6, 0x67}, @routing={0x6c, 0xe, 0x2, 0x4e, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @dev={0xfe, 0x80, '\x00', 0x28}, @empty, @empty, @private1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x62, 0x1, [0x3ff], "a47e4e042c36a393c5920334981511e336a9e2f83bd12a68ca4d5c78f96f4cd0149a2321285ba5c9092d2d34a5c85db0446e0175afae59b35465bef7e6274f077162f2f43b157d5be6ba889543be4813f621ce9a60a4b61d082ab43deaa9c02e3e3d"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x7, 0x6, 0x7], "26ffc87f08905b989bf35f771140e4b0b102b0f498bffa24a8568f3ac552dfc6f270e81d7652e180984add6bdd870a4b4c04f7bb68a04a3250c6c5fc72321cfa3e70abbcf57efaae08b22c0a05ac194e60b62b4bdccfc4572f87b6972a63f7e261fe06c3b4f233971fda0a364540bbdbe192b1eb5f40be33486b692513fe5acfb4b9ef1a68d723f5b08b255f63513f8cd51e134507ce3e43d29476dedbbb27f1b71e759bf709d8d961"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x1c00], "adc05d1992ae912f8c50134cdb0e5eea7c6a82d0af07679ce77eb61b9b52e14560060ed77d62bdfcda280f3c466aae2442d9b300b22a72294c225f6a1d42417fb209fafcea06e6ce3e04fa1e60e160cee24a742a177cac2ed01d77954284e37be6d91e3bfeb56274653b312c9a459fb65906d4c79432b772a58950cbed4b553abee3591c5eb29f18886985af85d7739280c5b77d53d9d7ee6a84b3c702f9f8ab402b5adbac141a589b34a8b3b642c1fff524bfedad6b5aecae6d331db2c222000f83dd72423d68"}, {0x8, 0x88be, 0x4, {{0x1, 0x1, 0x8, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x0, {{0x5, 0x2, 0xd, 0x0, 0x0, 0x1, 0x3, 0x73}, 0x2, {0x2ce4, 0x7fff, 0x3, 0x17, 0x0, 0x0, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x0, "b72e6062ad5050c5ddb466540190c3d3540af8c8d010d20441718f658b8b63537ddc8b8f3b43296a9f5e0ffb606bd884d2c5e4689b9fcafa973882c5ecaecef28b4ec7"}}}}}, 0x3b3) (async)
socket$qrtr(0x2a, 0x2, 0x0) (async)
write(r1, &(0x7f0000000e80)="ed6be97322139836a33887f007fce57d5fd560f8f84cfcc730b946f8736549bc2cc233aef3a2c041400746444dc658270abd5ea8cc8f31cbf357ae2c1f0c916f5fa90751ad5284361a33a1c1930caf1001a7e2570d824198606dd70e8dfefcfd08a866857344b0cabd15d4c80c9ebfbf810e554370b51b0b91d636add4f3873698e7635c8d4fd8ead2fc84a5c3d7da274550ffda7a481bb0fcf9b15a5d820ad99af2cf78a483797337a018220f18d8567140ba2df7e4192578954fa255b2c8a3fffbef3b2b1f7be9879fa11b5849b25f773172bb735667671c726bdb2a6583696180c73aa3b4dc6754c6b91cec90952d11ba0be1c55d9c968183a481748e81bb60e5eb50bf151fd040c1bd47ebb7a90ee7ae66715986ed4192a9dcf8ec66c0c567e01c9d6bdc6a2904a9855d7e63c0f0fb9b01acdffaa6cff40a2763e5f7fadffef54e5f75aef680648ce62c16be454312363747a59982e4d7d986ed263cd65c61c0e22fd07428d82ecd52268e904507067e47d3381ab5cb5960bebed4d0020b9b4d29f4b925df79d06bd24fed53568c9157fbda223bccb05c4df43c7ea74dbaee2da94543e886c0eeeca6979fd701e45b8719d74fd0dda965d1d842f84bf5ca14124adbd45c55aac7e1e7ea17153d90f81ec63392b3dcba6b4069bf7a55bd81b3da99c1146d663ee08d52cd6a625d7c6dfff102c9db5d4d18fe8c528e23499e84f7aa9b41a3c82a7b041c361321080b72f9683e1d6c0e94c26607db254a8bdd18f6a9feb551a14b33e706052969c79558d253fefb5367a1863d835a35fc07b3b441c7e53bb9263689b82d7ff478bc3f01e6aa35e169b1a0813cd7a2f9cd4c32affba9595a3ed0261c5fca8dea0bba3532c2b8da7ccd3c599275c5c58bd74d72c9392c3a76f85cf5d3a0a50c842df80cc9f9f5f684eaf0d3d17e98f15c7fc3b63599a9a82da672e7e4fe0f87482eb84e62d084b6c78480e72ec6fb34959cd40a8cc10d8c1bff9b9bbf3999e4e1b70a77d96956ba91ef68e781fe8fbbde9f4bd6775b7b54836a9eaeb6f0e52c97557d02d1b2b51409301e623792e8b04f753cf76e3d779686424e95ed30219b6b6779bbdf3e24a1805bc940bfcba671e9dbc507066235945d9955963363825f24d8aa020f8bb21c541cb9bebd9ec2306aadd22915200df7b2d8babc673f5970eaca2a186dbf228d43d74fa8ba2d39a20d75331c25ec37694b013af2623f84c259a3dc33e1166c03e0487f62d0f857b7f3aad121154f5f24b7e6f6410217d244294cc8490dcbe60c351dc75000fa048a037f0df60118596ba47a6a555fb7abafafa1c3d5ec6de04e42af8a4ac16aeb35c41f8b1a0e44ff552bf05cafb480ec89c5dba3db89d49545a6d1cbf5fb7ef86eb5e3c3a6c4035d0fe070693852534e7d0f352bdd2d72369d90501bfafcab2c64d4e40f6b2f7af8f8fc90f10c4fde298887515a977e8814c76764ebb466c67319e660318dcd291af8fdd5069122a6b6be86276bbd26cd96c7473a53c1d79d23fcb5e1595edda94dc78aba5a994c0f6c2d92c82940290623d6d21025d3bbf392e8943469ae10185a64300b02caacd6644dc31580a6168d2a54d65a95fc596a1aaa0ce480f52a8a1422558193b249d6fe8020bb3f29f4694d5b771f877c7e8671074130ff7d8bd5b121c55b5450082e7af803bfbf0eddac4d3bd5561bec923659a47cfbd373d196c63a8c12d5a6a98cf7d6417e54bddcc71f7c226749ee247a467760124d6d15b60f0b3d03c79f96a08a7d9badf08c9fb9fae1f9d0433ab7eb44aafdd3eb6176d71b63440238fff90b3375938d33723bb431c07c7d771fd24a12bf245c5ce6588b1430c60200aaee00aa55d1f1d70bf623e4abe865bc878fb262945dd2fde319a2211932e6e909b2bdcabb5232e42a1192bd56f7a81d922c34bfbca3cfbf987da19da91821a61303dc8efd4f0def48ed34b9dabffa4cc19553484e28881c87084b2188ee2bf0c960dbc93f82b6e79080dca7683e0e4051510c06692ef3e4554a0160003332dbeebcd7f75cd26b496d3cad62f4f915040e7e42d0876e36dce4fa1416993c0f497e2b16f9b348592fb5893e99a7830c75a59f0143eb8012a06a0c3bebd66318a84b06f7be6fc3295b5b38fbc244280553c7999a2b8dfca8a4f2a4f9259f5c6426a3f2629af44bc0a8d8ce56255d12cf4df969e441f7941ea742b63b095cb0d92c2ca0bed4d79ac738e5bbeed0bb0292f7fc29e76f5f3994979c0e5432c41b519e0fdadd2f72c989af2b564f3fb16a4de0e6b5df219f9f619d13a5098abae7e9b46d7155bd470dfd663e209268040e04d50cd977f6745e819bbd72072db7b0c58b6f684b11cf75944643549e1269c341edc76684d87f20dc14c439cda4312399a88c60be39993157330d5b6dd83210590596e14fc08b913c19598597129300fbe0b0e5e38f949cefddf2722569ecf3d10ba2e846c00597c94e59409d60ee2816bfbe7c9e8264a7c03c95d3599762f5ea9527d277ff009fc3a6e630ea1d889f7d565cf614922e4cbbb7819ef235faf57750b8d94c0717f01f337a6e9591b270e876f78561ba8276e9dc8409d6b72bc4f9c851a6e73634eae8344d9bcaf90ebec9318e9db3640a0d2921375608362c955f8c56fa1f882d46b5ea260371b384b4a24dd9f1e855b52cd3d3d9c8d6c907385f0886b88314e1a469e4bfc935c32f070eafc40d84cdc766368c92e156b2151d6c4d1a21cbe06fa1737860e575b8444fac4ba085303f2ab105062556f7249cd9412bd4c1207adc68f0f0b1aef917f054b76d0972704c0f988084078d3f72d28d4dbd75032d31b71db976e63d94ae5718e39a6b7eb28543bc7f59cf36e7069ffd696710cb8207b0578b158697345acb95d0d952fec9d3d26be931e39493df169ea38bd49ec69b016528a0b296b48b71093ff57ccfd2ff507020d5bdb8083c14bfe58e15f8c94d3b951753e8bff4ac1a446d45cf486556fa5d46436d485e0e22131291cb28c84060b3b11bc5307ba79291bc027eb89514d3edee8eb97c29cfc653019bb7be33dfe9d3d3158a14d13279e1658ba9458c5bafa8dc4f9fad9af0c5c1ff0bd8ab7ce3065cfdd29be6141bce67bb7b28f8513daaf8519fceb0252723913092007fa6cfdf8c4f18ac2fe1b20c858dae9c2a7e6888dacf2e104317fd25f42ac3468169e5aa90343ef60ebaf6229818bc25c115fda74c63fdca8550fe719905ab01f05631a61fd143929cda192939a6f5c8cf051c38088a9971f36f676b249a67bba1bf54650e8542b77aa727df127e5470b82e5b37f0431b13d7ffa07e4314e2ddc290d89719bf7a155a18f7652b7ea40ab37a2df4fcd1ac27425757a105d99417464765f6be042d745765e7ae9f696f87dfbbf78d1c6b33bab865759d09e274dccbc0ad05f32169fd4f0edb3faec9f8211879b556d3af571f60ccfcf773aab631907cc04698dd2aeb69a7a9af8ef28da88b0f87f12f7d3428a41c40b12df3117648807e8360e277a34063a9dbc5df0a84e8d45cfcb26028e082f9e9ea6b8d1466203e5f0cf1be8ef84606460434a4eed1cb4e304be11dc61f4dc0d0138fe533def0a2849e1bc4c4e2403e944d1ee5a530322f81e3ab26f7998ac177f26a647ab6e949e28428f83b486a0a5fbb2291a4da2bedceede5928ccff6ed79b42dcff4589eeae678f1672a58a88557b862de80608f48d39516738eb1fd60b8f5cf938e6f8dbb2b85801157435b9c22ec72df2b93e11a19d1e0efe7c208367c85512b3e0d4e7abc5db6bd1dc96e43d77eddff5e44aeca101e25c8de21058c239a253ddff1eb66b54b6d269817140de74064b979ff97e7761e8cdb4a724978cabdc120bdb571cc703ba24b4365a44baed16d3072ca0c5c546c72ee9cf4cc0f29fddd6196c8b8c8be2fd0c8ea3db2b573ca50f7375af27cee08e9415d3c9336cb07033f7c994daf548c48b3b8ad33688e37cf0b0d2c2f2e4c7cf0bb9374086861267eb1e525d7010f0d32c4d2277b3ccefc801901a43552d1bc5357097f5f683054e5e5d8254311985f2123899a8aed1011cde9f4b66d9b9132dbee32afa8a6f7f1be0edf70b7c1eef36759062b8c168af19bc45c5d74a9f333101a834bb3c2074787da9bcc52357f285722a662692f168e04a69bf73ca9b2ada1d1d0f5c90fc21b93bfdd21d487622adda0dd393afdf24f19c948936b185ab11c1a4dda6f6bafed1af8d1c046fcde3523ba50a2d831266a2730a89d7069598da6d506fbcb19e9b8b3e20c3d8bb962478edbeceb02a84fd8c7d683ae426e1f91df27e84b09aeace6750629c7d6b3c386e5132cc7e43ce55afa90e708a9d5a0840a7ddc5cca7319bc2be18155acaeb2ad5f685ed3d7b24427058836cefa33fec26d5ba5542064273989957f22e3945fc37ae2504f85a56d64f8d3b7a373745c797de843d65b5b01a0f701c8e558f23aadf7a0d173ed3df316d6643e11a038a499195ff390ec0309f556167b46a7562e1c2c4c62ee56137d29d92bb4c7ba212365bbe3f29d4fe2e4435ef8fe3ae12221a414cb29787b21c824f9131f6d69a81d789d6b51db9af2f2c1e3a739d54e979edbc3745ea977915821cc458bb2da60cebe250a7c59d955b77896653ef7172dc60f4ac39f753ea397c7b81226bb089cd7880f6cfdf17826427415a6c76e15f7b98cb8773ffc59f1ef11a0ee05c0af4dd250623086763faff9a77bb84659d41a1042d04de281a8794587ec9dac8db2001a259bfb5c2ae300af21899b51ee97b863ce8b5898570a932e7730c1f0729fd29c4804d81ee38651ad71a4756d0452c701a42d3596763fe992d0ab042df813a56f2a688a14d9db4f6372c7bc891613b046d65deb866ecdbaff8a0e58bbb0987813827436cbc2568667620fb150f8d853804489447e7c8a60f4b12d53ae6cd57354fd92467ad21e72128633d984d62e589b85d2a396ddf124e48e853f05ae7f41caaef547bf116b7ed9dffb6812dde85a8925e0cb6ce589efe4bb1e325d7aa1cada67e01bb9698401be2b869533fb426ac6b428eda637ef6a755c3e5d3a33876fa9d5a60652ae6808de090971ae4cbd8d82f50ab3d25fa7651920d72355b7c22da7b718d648ad9a9231f969f8db37471448a90187e75fd232d876f80c4a935cb64a42f673a4a205b77aa47e5988c7256258825c319f03206baca7018b7d16daf24c0b210a9260ea59a6beb22d5adaa6c652ce93c75eec8b1f7669fafd8a83491272b4310240a6d3f4f489208e7a9f45f73c8d64c4855167c4eb6036c655c46c34ccfe2dcc1bdad88b00ebb2f538075f0f204c9d63b9680f1288e8eb71eb250fd2f1b4e4c63383e0fb1a3aa40186ad05ad5ef6fa57351624e9a8b20ab02fcdfe0bbf4409d269bcc86d3342b31d6c3e9dc36eef320a94348a4d26b73ea5029da360e3642079c8402ae12b5803783388ca254a6d4a05afc940c029ab4f952489ad8b4ba7ff860cabb45eddaf86161b6de4883df27bb74b87503259ea0c8fb3e3d31e9d5815fe795f8515a7ee1dc07b5f8b154303ba3570fd94f5c81a92831a3714f8b2bbb2e2a7dfb21a12275f48e55131ea351c59048b3bd930e0925c5ebb0cdac1ebeecaeff142ed3b41ff054bec223cade0fe0dca5a4b3a026c254a10001a71e240406583a80ca315358fd6a3cba88c6dd8fa33c3425ac46b5cacf0e0ed4cacce3a89d7b23d95b7738450a47488ffd556a94fa06a35003edf8528925fb21e25182fd22cc6198c9c8c4bb7645ba807207f504988874ff3", 0x1000) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000140)) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(r3, 0xc4089434, &(0x7f0000001e80)={0x0, 0x100, 0x1, [0x3, 0x8466, 0x5, 0xfa, 0x7], [0x9, 0x5, 0xb5, 0x8001, 0x2, 0x5, 0x6f9c9dcd, 0xfffffffffffffff1, 0x1, 0x3, 0x2, 0x80000001, 0x1, 0x7, 0x7, 0x10000, 0x8, 0x1, 0xa71, 0x80000000, 0xfffffffffffffff9, 0x2, 0xb, 0x8000000000000001, 0x6, 0x46, 0x80000001, 0xc, 0x7f, 0x712, 0x4d5, 0x6, 0x6, 0x68b6, 0x7de200000000000, 0x100000000, 0x719, 0x7fffffffffffffff, 0x5, 0x10000, 0x2, 0x1, 0xe, 0x8001, 0x101, 0x2, 0xb5, 0x7fffffff, 0x8, 0x6, 0x81, 0x35, 0x6, 0x9, 0x4, 0x1, 0x8, 0x10000, 0x2, 0x8, 0x7ff8000000000, 0x3c, 0x3, 0x7d, 0x2, 0x0, 0xc35, 0x3fc, 0x7, 0x6, 0x7fff, 0x9, 0xfd67, 0x7, 0x401, 0x2, 0x5, 0x16c7, 0x7, 0xfffffffffffffff9, 0x3, 0x7, 0xffff, 0x2, 0xc000000000, 0x7, 0x0, 0x4, 0x7, 0x9, 0x81, 0x929, 0x7fff, 0x100000000, 0x1, 0x5, 0x8000000000000001, 0xe5b0, 0x7, 0x80, 0x9, 0x2, 0x2, 0x9, 0x1000, 0x3, 0x2, 0x1, 0x7, 0x8000, 0x9, 0x7fff, 0x4, 0xecb0, 0x8000000000000000, 0x1, 0x0, 0x2, 0x7fffffffffffffff, 0xd89, 0x100]}) (async)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f00000022c0)={{r2}, r4, 0x0, @inherit={0x50, &(0x7f0000000340)={0x1, 0x1, 0xffffffffffffffff, 0x3, {0x10, 0x323, 0x2a7, 0x1, 0x8000000000000000}, [0xffffffff]}}, @devid=r5}) (async)
bind$bt_sco(r3, &(0x7f0000000000)={0x1f, @fixed}, 0x8) (async)
setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000100)=0x1, 0x4) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000d80)=@newsa={0xf8, 0x1a, 0x1, 0x0, 0x25dfdbfd, {{@in=@local, @in6=@empty, 0x4000, 0x0, 0x3, 0x3}, {@in=@broadcast, 0x0, 0x33}, @in6=@mcast2, {0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0x1}, [@tfcpad={0x8, 0x23, 0xd19}]}, 0xf8}}, 0x20000000) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @val=@tcx={@void, @value=r3}}, 0x1c) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async)
bpf$ITER_CREATE(0x21, &(0x7f0000000080)={r6}, 0x8) (async)

657.599216ms ago: executing program 2 (id=7128):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x7ffffffe, 'syz0\x00', @bcast, 0x1, 0x0, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null]})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, 0x0, 0x0)
unshare(0x100)
r2 = socket$inet6(0xa, 0x80002, 0x88)
sendmmsg$inet(r2, &(0x7f0000000b00)=[{{&(0x7f0000000100)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000000)="c1", 0xfcf6}], 0x1}}], 0x1, 0xfffe)
syz_emit_ethernet(0x7e, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd6000000000483a0020010000000000000000000000000001ff020000000000000000000000000001010490787f00000060e1f588000700ffff020000000000000000000000000001ff0200000000000000000000000000012f000f0065000000be000000000000007bf354107478e63e"], 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000007b80), r5)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000007c40)={&(0x7f0000007bc0)={0x34, r6, 0xa5c59466aaff822d, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x48805}, 0x64040)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000000c0)="f8ffffff", 0x4)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000002c0)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x0, &(0x7f0000000440)})
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000140)=0xb9)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000000)={r10, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000001c0)={r8, @in={{0x2, 0x4e24, @empty}}, 0xfffe, 0x9a8}, 0x90)
r11 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r11, &(0x7f0000000000), 0x10)

617.388754ms ago: executing program 3 (id=7129):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES8=r0, @ANYBLOB="0000000000000000200012800e0001006970366772657461700000000c00028008000100", @ANYRES32=r0, @ANYBLOB="0800f2"], 0x48}}, 0x0) (async)
r1 = socket(0x2b, 0x80801, 0x1)
ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000200)='veth0\x00')

531.347741ms ago: executing program 1 (id=7130):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x50}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r6 = epoll_create1(0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000050c0)={&(0x7f0000000040)=@can_delroute={0x154, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0x2}}, @CGW_CS_CRC8={0x11e, 0x6, {0x2, 0x0, 0x0, 0x0, 0x0, "c87b656e285d281181111413f0081ddc21c51ffc7e9526ed8503c2aa9a5e0a96d01a3ad6c30d6baa1bdf0f6c4db0f4286fccba8944cee7e579a8dc8b3cde07b51c0a437334c8c52b2cc9301fdc5a473aaf13fbd5536aa0c719f9e37963f8e40ae29ee94ccd6deef4750b5d9d6e8dc3967a4a5190ce4bc0dc8fac276a4270ec73d98334dbb9a2c0797698e4386e2c1872d2a04e6904ccd29d2a7b59082689da3602b982a9a619fa91f33a33723f92930f8a430d10ca1d979db27615a77556811503f3e6f300770b42f29d54f7f5f2fbe93144d1ee8a63e74d5f84c61acf20e8931d09f7c29048edbaff2ea4b29242fd9eec8082002947c4fa12d0fbffe2c4befd", 0x0, "5bf6ad242712a12236ec1625ac06613fc5f12f67"}}, @CGW_MOD_SET={0x15, 0x4, {{{}, 0xfc, 0x0, 0x0, 0x0, "2d2fd7ac2612dea2"}, 0x1}}]}, 0x154}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r2, &(0x7f00000003c0)={0x40002010})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000000)={0x1, @bcast, @bpq0, 0x9, 'syz0\x00', @default, 0x1, 0x0, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null]})
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575963f8864", 0x12}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000a80)="683f0057954e8374745129caea99bc671e3d", 0x12}, {&(0x7f0000000580)="a492e95857d9dad0c70b72425db11aaf3ffd93dad70350", 0x17}, {&(0x7f0000000400)="9f5214", 0x3}], 0x5)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r9, @ANYBLOB="0c00990000000000000000000800a102ffff0000080026008d03000008009f"], 0x40}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x10, 0x3, 0x0)
getsockopt$netlink(r10, 0x10e, 0x8, &(0x7f0000000180)=""/129, &(0x7f0000000040)=0x81)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000002c0)={'erspan0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x40, 0x7, 0x0, 0x40, {{0x7, 0x4, 0x0, 0x25, 0x1c, 0x66, 0x0, 0x2, 0x4, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x3}, {[@timestamp={0x44, 0x8, 0xfb, 0x0, 0x6, [0x1]}]}}}}})

479.691305ms ago: executing program 0 (id=7131):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = socket(0x10, 0x803, 0x0)
bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfd3fd, 0x400}, 0xc)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@ipv4_newrule={0x0, 0x20, 0x400, 0x70bd25, 0x25dfdbfc, {0x2, 0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2}, [@FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0x6}, @FRA_DST={0x0, 0x1, @local}, @FRA_SRC={0x0, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FRA_FLOW={0x0, 0xb, 0x8001}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x0, 0xe, 0x90}, @FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x0, 0x18, {0x4e24, 0x4e22}}, @FRA_GENERIC_POLICY=@FRA_OIFNAME={0x0, 0x11, 'pimreg1\x00'}, @FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0x2}, @FRA_DST={0x0, 0x1, @multicast2}]}, 0x44}, 0x1, 0x0, 0x0, 0x44000}, 0x8000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, 0x0, &(0x7f0000000100))
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x0, 0x35}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x20000094)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r1, @ANYBLOB="18005e800800060000000000040009"], 0x34}}, 0x0)

465.720281ms ago: executing program 2 (id=7132):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}, 0x1, 0x11}, 0x4008054)
write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="5001", @ANYRES8=r1, @ANYRES16], 0x14)

384.34389ms ago: executing program 3 (id=7133):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000600)="27031600160014000000002f1eafacf706e105000000894f00050005ee0b80558ddbba9b37242d37a518fc9c5be50eaf07c3650596", 0x35}], 0x1}, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, @IFLA_BR_GROUP_FWD_MASK={0x6}]}}}]}, 0x48}}, 0x0)

370.205812ms ago: executing program 0 (id=7134):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x8)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c01000019000100000000000000000000000000000000000000000000000000ac1414bb0000000000000000000000000000fffd000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000fdffc591ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000b86b6e00000000000000000084000500ac0714aa000000000000000000000000000000002b00000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000ac1414aa0000000000000000000a0000004000"/244], 0x13c}, 0x1, 0x0, 0x0, 0x9}, 0x4040000)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000889afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'veth0\x00', 0x800})
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0xffffff, 0xffffffff, 0x10000}, 0x10)
r3 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000080)={0x7ff, 0x10, 0x8, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0xc99, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r5=>0x0})
close(r1)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$packet(r4, &(0x7f0000000280)="0b031260feffffff02005400f6a13bb1000000086086dd480300", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x86dd, r5}, 0x50)
write(0xffffffffffffffff, &(0x7f00000000c0)="240000005f005f03a9f9f4ba0a1f0000000000000000ecffffffffffffff0000000000", 0x23)
close(0x3)

326.902362ms ago: executing program 4 (id=7135):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair(0x9, 0x1, 0x9, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r2, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3}, &(0x7f0000000340), &(0x7f0000000140)=r1}, 0x20)
getsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000080)=0x2, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @bcast, @bpq0, 0x9, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, 0x2, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null]})

266.682006ms ago: executing program 4 (id=7136):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4b6ff00000040000000000001000000000000800000000095000000f88b7d3eabb7e12854eb585465b2a7ad7aef4c313424cda9bc798a3e5eb56c5ef8f8c7f56c1874db0644d13a98387668aa58f4b6f2f526d0dbe636c5110a91d7e8d7b1d5e862378562"], &(0x7f0000000040)='GPL\x00', 0x6, 0xe1, &(0x7f0000000100)=""/225, 0x0, 0x11, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94)

155.858146ms ago: executing program 2 (id=7137):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="02030003120000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a00000000000000000000000000000000ffffff80000001020000000000000002000100000000000000070c0000000005000500000000000a00000000000003fc01000000000000000000000000001307000000000000000100140007"], 0x90}, 0x1, 0x7}, 0x0)

155.181953ms ago: executing program 0 (id=7138):
syz_emit_ethernet(0x76, &(0x7f0000000240)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x40, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, {[], @dest_unreach={0x1, 0x3, 0x0, 0x7f, '\x00', {0x0, 0x6, "e1f588", 0x7, 0x0, 0xff, @mcast2, @mcast2, [@hopopts={0xbe}], "7bf354a4d44f873e"}}}}}}}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000120003474cbb65e1c3e4ffff81ff0d0001000000070000002500000004003d000c0014000000001f000006060400180000008cdb25", 0x39}], 0x1)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r7 = epoll_create(0x4)
epoll_pwait(r7, &(0x7f0000000740)=[{}], 0x1, 0x0, 0x0, 0x0)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioctl$XFS_IOC_ERROR_CLEARALL(r5, 0x40085875)
r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x55, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x78}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xc6ae35}]}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
openat$cgroup_procs(r8, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
openat$cgroup_devices(r8, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
r10 = socket(0x10, 0x3, 0x0)
sendto$inet6(r10, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549935ade4a460c20b6ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x0, 0x0, 0xf)
preadv(r9, &(0x7f0000000480)=[{&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000400)=""/108, 0x6c}], 0x2, 0xa2de, 0xc)
ioctl$XFS_IOC_FSBULKSTAT(r6, 0xc0205865, &(0x7f0000000740)={&(0x7f0000000140)=0xffffffffffffffff, 0xff, &(0x7f00000004c0)=[{}, {}, {}], &(0x7f0000000700)})

154.987119ms ago: executing program 3 (id=7139):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0xa6ff, 0x40000}, 0x8004)

148.727579ms ago: executing program 4 (id=7140):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000370000000000ddff970001001000000095"], &(0x7f0000000000)='GPL\x00', 0x7}, 0x94)

84.619596ms ago: executing program 4 (id=7141):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, r1, 0x5, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, r1, 0x5, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
socket(0x10, 0x3, 0x0) (async)
r3 = socket(0x10, 0x3, 0x0)
getsockopt$sock_linger(r3, 0x1, 0x38, 0x0, &(0x7f0000000240))
socket$inet6_udp(0xa, 0x2, 0x0) (async)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)=@ipv6_newnexthop={0xd8, 0x68, 0x300, 0x70bd25, 0x25dfdbfc, {0xa, 0x0, 0x2, 0x0, 0x10}, [@NHA_GROUP={0x44, 0x2, [{0x0, 0x3}, {0x1, 0x8}, {0x2, 0x7}, {0x1, 0x9}, {0x0, 0x1}, {0x2, 0xc5}, {0x1, 0x40}, {0x2, 0x7}]}, @NHA_GROUP={0x44, 0x2, [{0x1, 0x9}, {0x0, 0xf9}, {0x2, 0x6b}, {0x1, 0x5}, {0x0, 0x49}, {0x2, 0x7}, {0x2, 0x2}, {0x2, 0x8}]}, @NHA_BLACKHOLE={0x4}, @NHA_OIF={0x8, 0x5, r5}, @NHA_RES_GROUP={0x24, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0xfffffff9}, @NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x3ec926d1}, @NHA_RES_GROUP_BUCKETS={0x6}, @NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4008000}, 0x800)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x0, 0x20}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0xc004)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000042000000b700000000000010950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836801ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d09a0a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a504a0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffaf, 0x10, &(0x7f0000000040)}, 0x3c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r7, 0x0, 0xe, 0x0, &(0x7f00000002c0)="69d387051eaf71a0486e5c660000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r7, 0x0, 0xe, 0x0, &(0x7f00000002c0)="69d387051eaf71a0486e5c660000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

27.981344ms ago: executing program 2 (id=7142):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0xfffffff2, 0x80, 0x7, 0x10, 0x5, 0x3, 0xfffffffa, 0x3, 0x100, 0x7, 0x9, 0x1f, 0x1f, 0x5, 0x3ff, 0x3}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008881}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @bcast, @bpq0, 0x7ffffffe, 'syz0\x00', @bcast, 0x1, 0x0, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null]})

0s ago: executing program 1 (id=7143):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0, 0xc4}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r4, &(0x7f0000001680)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x1000, @mcast2}, 0x1c, 0x0}}], 0x1, 0x84)
setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, 0x0, 0x0)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r0, 0x215eb000)
r5 = socket(0x14, 0x2, 0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x10})
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='@@\x00\x00', @ANYRES16=r7, @ANYBLOB, @ANYRES32=r8, @ANYBLOB="24005a8020000180140003000000000020000800010000000000000004000200"], 0x40}}, 0x0)
sendmsg$NL80211_CMD_LEAVE_OCB(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="046c69e24e0d7f000000000000000005", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fddbdf256d00000008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x2004c8a1}, 0x8000)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r9, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[T23468] team0: Port device team_slave_0 added
[  532.394534][T23468] team0: Port device team_slave_1 added
[  532.462030][T23468] batman_adv: batadv0: Adding interface: batadv_slave_0
[  532.469597][T23468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  532.497220][T23468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  532.513530][T23468] batman_adv: batadv0: Adding interface: batadv_slave_1
[  532.520733][T23468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  532.548052][T23468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  532.569944][ T5144] Bluetooth: hci5: command tx timeout
[  532.603303][   T78] hsr_slave_0: left promiscuous mode
[  532.609284][   T78] hsr_slave_1: left promiscuous mode
[  532.910757][T23468] hsr_slave_0: entered promiscuous mode
[  532.926120][T23468] hsr_slave_1: entered promiscuous mode
[  532.934290][T23468] debugfs: 'hsr0' already exists in 'hsr'
[  532.941421][T23468] Cannot create hsr debugfs directory
[  533.157105][   T78] IPVS: stop unused estimator thread 0...
[  534.256903][T23498] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  534.314893][T23468] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  534.398488][T23468] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  534.406384][T23468] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  534.454248][T23546] __nla_validate_parse: 48 callbacks suppressed
[  534.454267][T23546] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5885'.
[  534.454660][T23468] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  534.529775][T23468] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  534.560510][T23468] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  534.584828][T23468] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  534.631306][T23468] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  534.661157][ T5144] Bluetooth: hci5: command tx timeout
[  534.774747][T23468] 8021q: adding VLAN 0 to HW filter on device bond0
[  534.802260][T23568] validate_nla: 1 callbacks suppressed
[  534.802279][T23568] netlink: 'syz.2.5891': attribute type 28 has an invalid length.
[  534.826833][T23468] 8021q: adding VLAN 0 to HW filter on device team0
[  534.865653][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.872880][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state
[  534.924198][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.931428][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  535.013756][T23576] ip6t_srh: unknown srh match flags  4000
[  535.508491][T23550] lec:lec_atm_close: lec0: Shut down!
[  535.601031][T23468] 8021q: adding VLAN 0 to HW filter on device batadv0
[  535.760897][T23610] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5900'.
[  535.769610][T23468] veth0_vlan: entered promiscuous mode
[  535.805986][T23468] veth1_vlan: entered promiscuous mode
[  535.921092][T23468] veth0_macvtap: entered promiscuous mode
[  535.984239][T23468] veth1_macvtap: entered promiscuous mode
[  536.033915][T23468] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.080804][T23624] smc: ib device syz2 ibport 1 applied user defined pnetid SYZ1
[  536.096073][T23468] batman_adv: batadv0: Interface activated: batadv_slave_1
[  536.154656][ T3000] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.164731][T23631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5907'.
[  536.175083][ T3000] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.180846][T23624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5905'.
[  536.193378][T23628] netlink: 'syz.3.5908': attribute type 10 has an invalid length.
[  536.199346][ T3000] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.208430][T23631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5907'.
[  536.250855][ T3000] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.468392][ T2967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.476258][ T2967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  536.559931][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.596414][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  536.712446][T23657] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5914'.
[  536.729484][ T5144] Bluetooth: hci5: command tx timeout
[  536.925044][T23667] netlink: 'syz.0.5917': attribute type 28 has an invalid length.
[  537.185628][T23695] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5928'.
[  537.282369][T23701] lo speed is unknown, defaulting to 1000
[  537.405984][T23707] vcan1: entered promiscuous mode
[  537.418491][T23707] vcan1: entered allmulticast mode
[  537.457623][T23708] vcan1: entered promiscuous mode
[  537.475938][T23708] vcan1: entered allmulticast mode
[  537.815515][T23724] Bluetooth: MGMT ver 1.23
[  537.821678][T23724] FAULT_INJECTION: forcing a failure.
[  537.821678][T23724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  537.835529][T23724] CPU: 0 UID: 0 PID: 23724 Comm: syz.1.5939 Not tainted syzkaller #0 PREEMPT(full) 
[  537.835553][T23724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  537.835565][T23724] Call Trace:
[  537.835573][T23724]  <TASK>
[  537.835581][T23724]  dump_stack_lvl+0xe8/0x150
[  537.835612][T23724]  should_fail_ex+0x412/0x560
[  537.835645][T23724]  _copy_from_user+0x2d/0xb0
[  537.835669][T23724]  kstrtouint_from_user+0xd6/0x180
[  537.835691][T23724]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  537.835726][T23724]  proc_fail_nth_write+0x8e/0x210
[  537.835753][T23724]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  537.835784][T23724]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  537.835812][T23724]  vfs_write+0x29a/0xb90
[  537.835850][T23724]  ? __pfx_vfs_write+0x10/0x10
[  537.835872][T23724]  ? __fget_files+0x2a/0x420
[  537.835895][T23724]  ? __fget_files+0x3a0/0x420
[  537.835912][T23724]  ? __fget_files+0x2a/0x420
[  537.835937][T23724]  ksys_write+0x150/0x270
[  537.835961][T23724]  ? __pfx_ksys_write+0x10/0x10
[  537.835993][T23724]  do_syscall_64+0x14d/0xf80
[  537.836017][T23724]  ? trace_irq_disable+0x3b/0x150
[  537.836035][T23724]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.836054][T23724]  ? clear_bhb_loop+0x40/0x90
[  537.836077][T23724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.836098][T23724] RIP: 0033:0x7ff10eb5d04e
[  537.836117][T23724] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  537.836133][T23724] RSP: 002b:00007ff10cdedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  537.836155][T23724] RAX: ffffffffffffffda RBX: 00007ff10cdee6c0 RCX: 00007ff10eb5d04e
[  537.836169][T23724] RDX: 0000000000000001 RSI: 00007ff10cdee0a0 RDI: 0000000000000003
[  537.836181][T23724] RBP: 00007ff10cdee090 R08: 0000000000000000 R09: 0000000000000000
[  537.836193][T23724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.836205][T23724] R13: 00007ff10ee16038 R14: 00007ff10ee15fa0 R15: 00007fffcbff3768
[  537.836237][T23724]  </TASK>
[  538.042646][T23725] netlink: 'syz.4.5938': attribute type 21 has an invalid length.
[  538.060583][T23727] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5940'.
[  538.186954][T23730] bond3: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  538.270397][T23730] bond3 (unregistering): Released all slaves
[  538.317765][T23746] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  538.808569][ T5144] Bluetooth: hci5: command tx timeout
[  538.845406][T23772] netlink: 168 bytes leftover after parsing attributes in process `syz.1.5955'.
[  538.987687][T23778] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5957'.
[  539.253096][T23792] netlink: 'syz.2.5964': attribute type 1 has an invalid length.
[  539.261108][T23792] netlink: 'syz.2.5964': attribute type 1 has an invalid length.
[  539.270664][T23792] netlink: 'syz.2.5964': attribute type 11 has an invalid length.
[  539.440495][T23806] netlink: 'syz.1.5967': attribute type 10 has an invalid length.
[  539.449402][T23806] dummy0: entered promiscuous mode
[  539.459754][T23806] bridge0: port 3(dummy0) entered blocking state
[  539.466528][T23806] bridge0: port 3(dummy0) entered disabled state
[  539.490604][T23806] dummy0: entered allmulticast mode
[  539.510907][T23806] bridge0: port 3(dummy0) entered blocking state
[  539.517476][T23806] bridge0: port 3(dummy0) entered forwarding state
[  540.114349][T23850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.291103][T23864] __nla_validate_parse: 1 callbacks suppressed
[  540.291124][T23864] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5980'.
[  540.394831][T23856] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5979'.
[  540.877502][T23897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5992'.
[  540.888451][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5380 ms
[  540.896551][    C0] lec:lec_tx_timeout: lec0
[  540.901933][    C0] lec:lec_start_xmit: lec0:No lecd attached
[  541.161761][T23918] syzkaller0: entered promiscuous mode
[  541.167811][T23918] syzkaller0: entered allmulticast mode
[  541.366513][T23925] netlink: 'syz.1.6002': attribute type 28 has an invalid length.
[  541.679572][T23949] sctp: [Deprecated]: syz.1.6011 (pid 23949) Use of struct sctp_assoc_value in delayed_ack socket option.
[  541.679572][T23949] Use struct sctp_sack_info instead
[  541.700896][T23950] Cannot find set identified by id 0 to match
[  541.717263][T23952] sctp: [Deprecated]: syz.1.6011 (pid 23952) Use of struct sctp_assoc_value in delayed_ack socket option.
[  541.717263][T23952] Use struct sctp_sack_info instead
[  541.859162][T23958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6013'.
[  541.940563][T23958] sctp: [Deprecated]: syz.2.6013 (pid 23958) Use of struct sctp_assoc_value in delayed_ack socket option.
[  541.940563][T23958] Use struct sctp_sack_info instead
[  541.964767][T23969] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6016'.
[  541.965941][T23964] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6016'.
[  542.015647][T23962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6016'.
[  542.052514][T23962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6016'.
[  542.202750][T23984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.271857][T23984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.315610][T23990] sctp: [Deprecated]: syz.2.6025 (pid 23990) Use of struct sctp_assoc_value in delayed_ack socket option.
[  542.315610][T23990] Use struct sctp_sack_info instead
[  542.344415][T23984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.361609][T23991] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6023'.
[  542.643232][T24002] netlink: 'syz.2.6029': attribute type 4 has an invalid length.
[  542.667088][T24004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6030'.
[  542.694462][T24005] netlink: 'syz.2.6029': attribute type 4 has an invalid length.
[  542.752341][T24008] sctp: [Deprecated]: syz.4.6030 (pid 24008) Use of struct sctp_assoc_value in delayed_ack socket option.
[  542.752341][T24008] Use struct sctp_sack_info instead
[  543.082422][T24023] netlink: 'syz.2.6038': attribute type 12 has an invalid length.
[  543.109690][T24023] netlink: 'syz.2.6038': attribute type 29 has an invalid length.
[  543.415119][T24045] bridge0: port 3(dummy0) entered disabled state
[  543.421754][T24045] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.429277][T24045] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.446934][T24041] sctp: [Deprecated]: syz.2.6045 (pid 24041) Use of struct sctp_assoc_value in delayed_ack socket option.
[  543.446934][T24041] Use struct sctp_sack_info instead
[  543.953650][T24062] syzkaller0: entered promiscuous mode
[  544.010116][T24062] syzkaller0: entered allmulticast mode
[  544.166200][T24088] sctp: [Deprecated]: syz.3.6061 (pid 24088) Use of struct sctp_assoc_value in delayed_ack socket option.
[  544.166200][T24088] Use struct sctp_sack_info instead
[  544.466339][T24103] set match dimension is over the limit!
[  544.914609][T24112] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  544.926393][T24112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  544.943951][T24112] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  544.963513][T24112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  544.983855][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  545.910100][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[  545.918186][    C0] lec:lec_tx_timeout: lec0
[  546.065095][T24111] lo speed is unknown, defaulting to 1000
[  546.065943][T24115] syzkaller1: entered promiscuous mode
[  546.089855][T24115] syzkaller1: entered allmulticast mode
[  546.587805][T24137] syzkaller1: entered promiscuous mode
[  546.593782][T24137] syzkaller1: entered allmulticast mode
[  546.649073][ T5144] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  547.051969][ T5144] Bluetooth: hci3: command tx timeout
[  548.077221][T24145] __nla_validate_parse: 4 callbacks suppressed
[  548.077241][T24145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6078'.
[  548.190866][T24149] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6080'.
[  548.271755][T24153] sctp: [Deprecated]: syz.1.6081 (pid 24153) Use of int in max_burst socket option deprecated.
[  548.271755][T24153] Use struct sctp_assoc_value instead
[  548.341522][T24155] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6084'.
[  548.410574][T24162] FAULT_INJECTION: forcing a failure.
[  548.410574][T24162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  548.483461][T24162] CPU: 1 UID: 0 PID: 24162 Comm: syz.1.6085 Not tainted syzkaller #0 PREEMPT(full) 
[  548.483490][T24162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  548.483501][T24162] Call Trace:
[  548.483509][T24162]  <TASK>
[  548.483518][T24162]  dump_stack_lvl+0xe8/0x150
[  548.483548][T24162]  should_fail_ex+0x412/0x560
[  548.483581][T24162]  _copy_from_iter+0x1d3/0x1670
[  548.483606][T24162]  ? rcu_is_watching+0x15/0xb0
[  548.483636][T24162]  ? __pfx__copy_from_iter+0x10/0x10
[  548.483664][T24162]  ? netlink_sendmsg+0x650/0xb40
[  548.483684][T24162]  ? skb_put+0x11b/0x210
[  548.483708][T24162]  netlink_sendmsg+0x6c0/0xb40
[  548.483738][T24162]  ? __pfx_netlink_sendmsg+0x10/0x10
[  548.483762][T24162]  ? aa_sock_msg_perm+0xf1/0x1b0
[  548.483790][T24162]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  548.483814][T24162]  ____sys_sendmsg+0x972/0x9f0
[  548.483846][T24162]  ? __pfx_____sys_sendmsg+0x10/0x10
[  548.483878][T24162]  ? import_iovec+0x73/0xa0
[  548.483903][T24162]  ___sys_sendmsg+0x2a5/0x360
[  548.483932][T24162]  ? __pfx____sys_sendmsg+0x10/0x10
[  548.483988][T24162]  ? __fget_files+0x2a/0x420
[  548.484013][T24162]  ? __fget_files+0x3a0/0x420
[  548.484040][T24162]  __x64_sys_sendmsg+0x1bd/0x2a0
[  548.484066][T24162]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  548.484098][T24162]  ? __pfx_ksys_write+0x10/0x10
[  548.484129][T24162]  do_syscall_64+0x14d/0xf80
[  548.484153][T24162]  ? trace_irq_disable+0x3b/0x150
[  548.484170][T24162]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.484193][T24162]  ? clear_bhb_loop+0x40/0x90
[  548.484215][T24162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.484234][T24162] RIP: 0033:0x7ff10eb9c819
[  548.484252][T24162] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  548.484269][T24162] RSP: 002b:00007ff10cdee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  548.484289][T24162] RAX: ffffffffffffffda RBX: 00007ff10ee15fa0 RCX: 00007ff10eb9c819
[  548.484303][T24162] RDX: 0000000000008000 RSI: 00002000000008c0 RDI: 0000000000000003
[  548.484316][T24162] RBP: 00007ff10cdee090 R08: 0000000000000000 R09: 0000000000000000
[  548.484328][T24162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.484339][T24162] R13: 00007ff10ee16038 R14: 00007ff10ee15fa0 R15: 00007fffcbff3768
[  548.484368][T24162]  </TASK>
[  548.763581][T24111] chnl_net:caif_netlink_parms(): no params data found
[  548.893298][T24111] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.900703][T24111] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.908227][T24111] bridge_slave_0: entered allmulticast mode
[  548.916636][T24111] bridge_slave_0: entered promiscuous mode
[  548.925565][T24111] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.933415][T24111] bridge0: port 2(bridge_slave_1) entered disabled state
[  548.941022][T24111] bridge_slave_1: entered allmulticast mode
[  548.949476][T24111] bridge_slave_1: entered promiscuous mode
[  548.985747][T24111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  549.002617][T24111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  549.047875][T24111] team0: Port device team_slave_0 added
[  549.063776][T24111] team0: Port device team_slave_1 added
[  549.128929][ T5144] Bluetooth: hci3: command tx timeout
[  549.135780][T24180] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6092'.
[  549.159189][T24111] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.166178][T24111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  549.169379][T24182] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6093'.
[  549.206942][T24185] netlink: 'syz.0.6092': attribute type 1 has an invalid length.
[  549.233172][T24111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.240309][T24185] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6092'.
[  549.245837][T24111] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.260186][T24111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  549.292548][T24182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6093'.
[  549.302501][T24182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6093'.
[  549.314596][T24111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  549.370824][T24191] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6095'.
[  549.438879][T24111] hsr_slave_0: entered promiscuous mode
[  549.445684][T24111] hsr_slave_1: entered promiscuous mode
[  549.469621][T24111] debugfs: 'hsr0' already exists in 'hsr'
[  549.475482][T24111] Cannot create hsr debugfs directory
[  549.545959][T24199] netlink: 1212 bytes leftover after parsing attributes in process `syz.3.6099'.
[  549.640214][T12063] IPVS: starting estimator thread 0...
[  549.738639][T24206] IPVS: using max 39 ests per chain, 93600 per kthread
[  549.987861][T24111] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.013452][T24111] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.156374][T24111] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.167228][T24111] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.261975][T24111] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.273687][T24111] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  550.356906][T24111] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  550.385330][T24111] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.208451][ T5144] Bluetooth: hci3: command tx timeout
[  552.694350][T24210] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  552.710886][T24111] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  552.781337][T24111] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  552.817314][T24111] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  552.862537][T24111] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  552.879508][T24111] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  553.061918][T24111] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  553.075726][T24111] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  553.106274][T24111] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  553.185032][T24293] syzkaller0: entered promiscuous mode
[  553.197670][T24293] syzkaller0: entered allmulticast mode
[  553.221130][T24295] __nla_validate_parse: 1 callbacks suppressed
[  553.221149][T24295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6130'.
[  553.299344][ T5144] Bluetooth: hci3: command tx timeout
[  553.353005][T24111] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.377204][T24111] 8021q: adding VLAN 0 to HW filter on device team0
[  553.390298][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.397493][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.421196][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.428423][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.582683][T24307] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0
[  553.599931][T24307] netlink: 'syz.1.6135': attribute type 10 has an invalid length.
[  553.631729][T24307] team0: Device vxcan1 is of different type
[  553.700858][T24312] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  553.762568][T24111] 8021q: adding VLAN 0 to HW filter on device batadv0
[  553.804241][T24318] ip6gre1: entered promiscuous mode
[  553.810289][T24318] ip6gre1: entered allmulticast mode
[  553.932693][T24325] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6140'.
[  554.008693][T24328] netlink: 'syz.0.6141': attribute type 4 has an invalid length.
[  554.031018][T24328] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6141'.
[  554.184426][T24343] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6146'.
[  554.246212][T24341] netlink: 'syz.1.6147': attribute type 28 has an invalid length.
[  554.376808][T24111] veth0_vlan: entered promiscuous mode
[  554.402214][T24111] veth1_vlan: entered promiscuous mode
[  554.466723][T24111] veth0_macvtap: entered promiscuous mode
[  554.472551][T24362] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  554.481978][T24111] veth1_macvtap: entered promiscuous mode
[  554.532388][T24111] batman_adv: batadv0: Interface activated: batadv_slave_0
[  554.563341][T24111] batman_adv: batadv0: Interface activated: batadv_slave_1
[  554.572665][T24366] netlink: 'syz.1.6155': attribute type 4 has an invalid length.
[  554.605237][T24366] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6155'.
[  554.608048][   T48] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  554.634120][   T48] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  554.644991][   T48] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  554.665204][T24366] .`: renamed from bond0 (while UP)
[  554.680754][   T48] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.843414][ T2967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.870024][ T2967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.897830][T24380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6162'.
[  554.925322][T24380] hsr0: entered promiscuous mode
[  554.931742][T24380] macvlan2: entered allmulticast mode
[  554.937565][T24380] hsr0: entered allmulticast mode
[  554.943122][T24380] hsr_slave_0: entered allmulticast mode
[  554.949268][T24380] hsr_slave_1: entered allmulticast mode
[  554.971368][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.994601][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.129349][T24391] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  555.139242][T24387] vlan2: entered promiscuous mode
[  555.144877][T24387] bridge0: entered promiscuous mode
[  555.223002][T24395] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  555.321007][T24399] FAULT_INJECTION: forcing a failure.
[  555.321007][T24399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  555.336980][T24401] netlink: 'syz.1.6170': attribute type 4 has an invalid length.
[  555.345567][T24399] CPU: 0 UID: 0 PID: 24399 Comm: syz.0.6169 Not tainted syzkaller #0 PREEMPT(full) 
[  555.345592][T24399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  555.345604][T24399] Call Trace:
[  555.345611][T24399]  <TASK>
[  555.345619][T24399]  dump_stack_lvl+0xe8/0x150
[  555.345648][T24399]  should_fail_ex+0x412/0x560
[  555.345681][T24399]  _copy_to_user+0x31/0xb0
[  555.345704][T24399]  simple_read_from_buffer+0xe1/0x170
[  555.345733][T24399]  proc_fail_nth_read+0x1bb/0x230
[  555.345762][T24399]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  555.345789][T24399]  ? rw_verify_area+0x2a6/0x4d0
[  555.345809][T24399]  ? tun_chr_write_iter+0x18a/0x200
[  555.345828][T24399]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  555.345854][T24399]  vfs_read+0x20c/0xa70
[  555.345872][T24399]  ? fdget_pos+0x246/0x320
[  555.345894][T24399]  ? __pfx___mutex_lock+0x10/0x10
[  555.345920][T24399]  ? __pfx_vfs_read+0x10/0x10
[  555.345941][T24399]  ? __fget_files+0x2a/0x420
[  555.345961][T24399]  ? __fget_files+0x3a0/0x420
[  555.345977][T24399]  ? __fget_files+0x2a/0x420
[  555.346002][T24399]  ksys_read+0x150/0x270
[  555.346024][T24399]  ? __pfx_ksys_read+0x10/0x10
[  555.346056][T24399]  do_syscall_64+0x14d/0xf80
[  555.346080][T24399]  ? trace_irq_disable+0x3b/0x150
[  555.346096][T24399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.346114][T24399]  ? clear_bhb_loop+0x40/0x90
[  555.346135][T24399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.346154][T24399] RIP: 0033:0x7fc2f995d04e
[  555.346171][T24399] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  555.346186][T24399] RSP: 002b:00007fc2fa8b0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  555.346206][T24399] RAX: ffffffffffffffda RBX: 00007fc2fa8b16c0 RCX: 00007fc2f995d04e
[  555.346219][T24399] RDX: 000000000000000f RSI: 00007fc2fa8b10a0 RDI: 0000000000000006
[  555.346231][T24399] RBP: 00007fc2fa8b1090 R08: 0000000000000000 R09: 0000000000000000
[  555.346242][T24399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.346251][T24399] R13: 00007fc2f9c16038 R14: 00007fc2f9c15fa0 R15: 00007ffeb6b548f8
[  555.346279][T24399]  </TASK>
[  555.578482][T24401] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6170'.
[  556.007291][T24423] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6179'.
[  556.080506][T24424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6179'.
[  556.092802][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  556.097482][T24432] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6179'.
[  556.114180][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  556.123774][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  556.134905][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  556.143802][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  556.236550][T24423] xfrm1: entered promiscuous mode
[  556.258059][T24423] xfrm1: entered allmulticast mode
[  556.307776][T24436] netlink: 'syz.4.6182': attribute type 8 has an invalid length.
[  556.392578][  T151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  556.407828][  T151] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.433781][T24442] netlink: 'syz.0.6185': attribute type 32 has an invalid length.
[  556.491209][T24442] bond3: Setting coupled_control to off (0)
[  556.512706][T24426] lo speed is unknown, defaulting to 1000
[  556.540716][  T151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  556.573238][  T151] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.747118][  T151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  556.783455][  T151] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.976000][  T151] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  557.010752][  T151] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.072696][T24472] netlink: 'syz.2.6195': attribute type 3 has an invalid length.
[  557.411156][T24426] chnl_net:caif_netlink_parms(): no params data found
[  557.512055][  T151] team0: left allmulticast mode
[  557.521512][  T151] team_slave_0: left allmulticast mode
[  557.533760][  T151] team_slave_1: left allmulticast mode
[  557.547539][  T151] team0: left promiscuous mode
[  557.563596][  T151] team_slave_0: left promiscuous mode
[  557.584794][  T151] team_slave_1: left promiscuous mode
[  557.603161][  T151] bridge0: port 3(team0) entered disabled state
[  557.647656][  T151] bridge_slave_1: left allmulticast mode
[  557.676736][  T151] bridge_slave_1: left promiscuous mode
[  557.699622][  T151] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.981047][  T151] bond4 (unregistering): (slave geneve2): Releasing active interface
[  557.989573][  T151] geneve2 (unregistering): left allmulticast mode
[  558.132680][  T151] team0: Port device bridge2 removed
[  558.168654][ T5831] Bluetooth: hci0: command tx timeout
[  558.241999][  T151] team0: Port device bridge4 removed
[  558.275151][  T151] bond0 (unregistering): (slave veth3): Releasing backup interface
[  558.285311][  T151] bond0 (unregistering): (slave veth5): Releasing backup interface
[  558.295214][  T151] bond0 (unregistering): (slave veth7): Releasing backup interface
[  558.304129][  T151] bond0 (unregistering): Released all slaves
[  558.317920][  T151] bond1 (unregistering): Released all slaves
[  558.332961][  T151] bond2 (unregistering): Released all slaves
[  558.345600][  T151] bond3 (unregistering): Released all slaves
[  558.363209][  T151] bond4 (unregistering): Released all slaves
[  558.393412][  T151] bond5 (unregistering): Released all slaves
[  558.427503][ T5489] 8021q: adding VLAN 0 to HW filter on device eth1
[  558.663311][  T151] tipc: Disabling bearer <udp:syz2>
[  558.677328][  T151] tipc: Left network mode
[  558.716593][T24426] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.724290][T24426] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.732583][T24426] bridge_slave_0: entered allmulticast mode
[  558.741029][T24426] bridge_slave_0: entered promiscuous mode
[  558.755067][T24538] syzkaller0: entered promiscuous mode
[  558.763772][T24538] syzkaller0: entered allmulticast mode
[  558.791558][T24426] bridge0: port 2(bridge_slave_1) entered blocking state
[  558.807968][T24426] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.819597][T24426] bridge_slave_1: entered allmulticast mode
[  558.833616][T24426] bridge_slave_1: entered promiscuous mode
[  558.833870][T24535] netlink: 'syz.4.6208': attribute type 10 has an invalid length.
[  559.059290][T24535] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  559.095936][ T2967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.113912][ T2967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.124444][T24535] __nla_validate_parse: 1 callbacks suppressed
[  559.124462][T24535] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6208'.
[  559.143423][T24426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  559.175809][T24426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  559.339142][T24426] team0: Port device team_slave_0 added
[  559.357026][T24426] team0: Port device team_slave_1 added
[  559.514855][T24426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.540992][T24426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  559.570917][T24426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.585793][T24426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  559.593470][T24426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  559.623700][T24426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.906635][T24426] hsr_slave_0: entered promiscuous mode
[  559.944787][T24426] hsr_slave_1: entered promiscuous mode
[  559.966638][T24426] debugfs: 'hsr0' already exists in 'hsr'
[  560.028804][T24426] Cannot create hsr debugfs directory
[  560.099255][ T5489] 8021q: adding VLAN 0 to HW filter on device eth2
[  560.161389][  T151] hsr_slave_0: left promiscuous mode
[  560.167563][  T151] hsr_slave_1: left promiscuous mode
[  560.187880][  T151] batman_adv: batadv0: Removing interface: batadv_slave_0
[  560.205629][  T151] batman_adv: batadv0: Removing interface: batadv_slave_1
[  560.429420][  T151] team0 (unregistering): Port device team_slave_1 removed
[  560.458875][  T151] team0 (unregistering): Port device team_slave_0 removed
[  560.577455][  T151] vcan0 (unregistering): left allmulticast mode
[  560.618635][T24603] syzkaller0: entered promiscuous mode
[  560.624459][T24603] syzkaller0: entered allmulticast mode
[  561.004265][  T151] IPVS: stop unused estimator thread 0...
[  561.805116][T24543] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  561.935034][T24622] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6229'.
[  561.945474][T24625] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6229'.
[  561.954557][T24426] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  561.965549][T24426] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  561.984395][T24426] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  562.075230][T24426] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  562.115871][T24426] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  562.169472][T24426] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  562.177384][T24426] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  562.225590][T24426] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  562.228828][T24637] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6231'.
[  562.256024][T24631] netlink: 'syz.4.6230': attribute type 28 has an invalid length.
[  562.385686][T24648] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.6233'.
[  562.512237][T24652] bridge2: entered promiscuous mode
[  562.526534][T24652] bridge2: entered allmulticast mode
[  562.556903][T24652] team0: Port device bridge2 added
[  562.586426][T24657] bridge0: port 3(team0) entered blocking state
[  562.600466][T24657] bridge0: port 3(team0) entered disabled state
[  562.621461][T24657] team0: entered allmulticast mode
[  562.642374][T24657] team_slave_0: entered allmulticast mode
[  562.660366][T24657] team_slave_1: entered allmulticast mode
[  562.683413][T24657] team0: entered promiscuous mode
[  562.697489][T24657] team_slave_0: entered promiscuous mode
[  562.714969][T24657] team_slave_1: entered promiscuous mode
[  562.732621][T24657] bridge0: port 3(team0) entered blocking state
[  562.739866][T24657] bridge0: port 3(team0) entered forwarding state
[  562.766415][T24426] 8021q: adding VLAN 0 to HW filter on device bond0
[  562.812458][T24426] 8021q: adding VLAN 0 to HW filter on device team0
[  562.827592][  T151] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.834955][  T151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  562.856627][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.863815][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.892995][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  562.901662][ T1299] lec:lec_start_xmit: lec0:No lecd attached
[  563.093107][T24673] lo speed is unknown, defaulting to 1000
[  563.108218][T24678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6238'.
[  563.156543][T24678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6238'.
[  563.289032][T24426] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.436528][T24426] veth0_vlan: entered promiscuous mode
[  563.460032][T24688] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  563.483788][T24426] veth1_vlan: entered promiscuous mode
[  563.588713][T24426] veth0_macvtap: entered promiscuous mode
[  563.613574][T24426] veth1_macvtap: entered promiscuous mode
[  563.670555][T24426] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.730982][T24426] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.814946][ T7056] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  563.824137][T24697] netlink: 76 bytes leftover after parsing attributes in process `syz.0.6242'.
[  563.829793][T24699] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  563.841383][T24697] syzkaller0: entered promiscuous mode
[  563.841405][T24697] syzkaller0: entered allmulticast mode
[  563.866037][ T7056] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  563.886972][T24702] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.6244'.
[  563.889545][ T7056] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.951741][ T7056] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  564.305615][T24718] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6248'.
[  564.340915][T24718] FAULT_INJECTION: forcing a failure.
[  564.340915][T24718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.343715][ T7056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.385364][T24718] CPU: 0 UID: 0 PID: 24718 Comm: syz.0.6248 Not tainted syzkaller #0 PREEMPT(full) 
[  564.385393][T24718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  564.385405][T24718] Call Trace:
[  564.385413][T24718]  <TASK>
[  564.385422][T24718]  dump_stack_lvl+0xe8/0x150
[  564.385452][T24718]  should_fail_ex+0x412/0x560
[  564.385486][T24718]  _copy_to_user+0x31/0xb0
[  564.385511][T24718]  simple_read_from_buffer+0xe1/0x170
[  564.385542][T24718]  proc_fail_nth_read+0x1bb/0x230
[  564.385571][T24718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  564.385600][T24718]  ? rw_verify_area+0x2a6/0x4d0
[  564.385621][T24718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  564.385647][T24718]  vfs_read+0x20c/0xa70
[  564.385665][T24718]  ? fdget_pos+0x246/0x320
[  564.385687][T24718]  ? __pfx___mutex_lock+0x10/0x10
[  564.385714][T24718]  ? __pfx_vfs_read+0x10/0x10
[  564.385736][T24718]  ? __fget_files+0x2a/0x420
[  564.385758][T24718]  ? __fget_files+0x3a0/0x420
[  564.385774][T24718]  ? __fget_files+0x2a/0x420
[  564.385799][T24718]  ksys_read+0x150/0x270
[  564.385823][T24718]  ? __pfx_ksys_read+0x10/0x10
[  564.385854][T24718]  do_syscall_64+0x14d/0xf80
[  564.385879][T24718]  ? trace_irq_disable+0x3b/0x150
[  564.385902][T24718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.385922][T24718]  ? clear_bhb_loop+0x40/0x90
[  564.385945][T24718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.385964][T24718] RIP: 0033:0x7fc2f995d04e
[  564.385983][T24718] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  564.386000][T24718] RSP: 002b:00007fc2fa8b0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  564.386019][T24718] RAX: ffffffffffffffda RBX: 00007fc2fa8b16c0 RCX: 00007fc2f995d04e
[  564.386032][T24718] RDX: 000000000000000f RSI: 00007fc2fa8b10a0 RDI: 0000000000000004
[  564.386044][T24718] RBP: 00007fc2fa8b1090 R08: 0000000000000000 R09: 0000000000000000
[  564.386055][T24718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  564.386065][T24718] R13: 00007fc2f9c16038 R14: 00007fc2f9c15fa0 R15: 00007ffeb6b548f8
[  564.386098][T24718]  </TASK>
[  564.599350][ T7056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.935523][ T7056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.948383][ T7056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  565.222392][T24731] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6171'.
[  565.240438][T24734] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  565.421322][T24743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6252'.
[  565.570192][T24748] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6254'.
[  565.633529][T24757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6256'.
[  566.131689][ T5144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  566.142505][ T5144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  566.154392][ T5144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  566.162694][ T5144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  566.171483][ T5144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  566.275057][T24784] lo speed is unknown, defaulting to 1000
[  566.778983][T24812] xt_TPROXY: Can be used only with -p tcp or -p udp
[  566.962629][T24821] netlink: 'syz.4.6273': attribute type 6 has an invalid length.
[  566.973111][T24821] netlink: 'syz.4.6273': attribute type 21 has an invalid length.
[  566.988361][T24821] IPv6: NLM_F_CREATE should be specified when creating new route
[  567.141803][T24824] netlink: 'syz.2.6274': attribute type 28 has an invalid length.
[  567.427874][T24853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6283'.
[  567.437369][T24853] block nbd13: Unsupported socket: should be TCP or UNIX.
[  567.488917][T24853] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6283'.
[  567.543966][T24858] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6284'.
[  567.583434][T24784] chnl_net:caif_netlink_parms(): no params data found
[  567.621672][T24850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.664515][T24858] bond1: option min_links: invalid value (18446744073709551614)
[  567.673647][T24858] bond1: option min_links: allowed values 0 - 2147483647
[  567.683988][T24858] bond1 (unregistering): Released all slaves
[  567.742097][T24850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.816678][T24850] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  567.908603][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[  567.916906][    C0] lec:lec_tx_timeout: lec0
[  567.990080][T24784] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.043402][T24784] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.063826][T24784] bridge_slave_0: entered allmulticast mode
[  568.093839][T24784] bridge_slave_0: entered promiscuous mode
[  568.128587][T24784] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.135914][T24784] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.148583][T24784] bridge_slave_1: entered allmulticast mode
[  568.164859][T24784] bridge_slave_1: entered promiscuous mode
[  568.242349][T24889] can: request_module (can-proto-3) failed.
[  568.248742][ T5144] Bluetooth: hci1: command tx timeout
[  568.267337][T24784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  568.308139][T24784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  568.335658][T24900] pim6reg: entered allmulticast mode
[  568.392094][T24784] team0: Port device team_slave_0 added
[  568.430925][T24784] team0: Port device team_slave_1 added
[  568.501839][T24784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  568.512441][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  568.512520][T24904] Cannot find set identified by id 0 to match
[  568.538691][T24784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  568.540667][T24784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  568.578535][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  568.604840][T24784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  568.699173][T24784] hsr_slave_0: entered promiscuous mode
[  568.706403][T24784] hsr_slave_1: entered promiscuous mode
[  568.713288][T24784] debugfs: 'hsr0' already exists in 'hsr'
[  568.719549][T24784] Cannot create hsr debugfs directory
[  568.966995][T24784] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  568.983089][T24784] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  569.111443][T24929] Cannot find set identified by id 0 to match
[  569.130306][T24784] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  569.145163][T24784] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  569.349982][T24784] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  569.360639][T24784] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  569.381920][T24933] netlink: 'syz.1.6308': attribute type 29 has an invalid length.
[  569.391987][T24933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6308'.
[  569.417512][T24938] IPv6: sit1: Disabled Multicast RS
[  569.440007][T24938] sit1: entered allmulticast mode
[  569.538667][T24949] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6311'.
[  569.559727][T24784] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  569.588490][T24784] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  569.659387][T24960] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6314'.
[  569.680734][T24955] syzkaller0: entered promiscuous mode
[  569.697275][T24955] syzkaller0: entered allmulticast mode
[  569.808014][T24968] netlink: 'syz.4.6315': attribute type 3 has an invalid length.
[  569.962031][T24973] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6318'.
[  570.088200][T24976] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  570.114090][T24784] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  570.141945][T24784] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  570.157172][T24784] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  570.170455][T24784] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  570.178209][T24784] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  570.187515][T24784] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  570.196052][T24784] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  570.207169][T24784] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  570.216659][T24983] netlink: 284 bytes leftover after parsing attributes in process `syz.3.6321'.
[  570.328100][T24784] 8021q: adding VLAN 0 to HW filter on device bond0
[  570.338852][ T5144] Bluetooth: hci1: command tx timeout
[  570.369917][T24784] 8021q: adding VLAN 0 to HW filter on device team0
[  570.395243][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.402516][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.454642][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.461855][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.590343][T25002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6327'.
[  570.614094][T25008] lo speed is unknown, defaulting to 1000
[  571.181686][T24784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  571.351074][T25042] sctp: [Deprecated]: syz.3.6339 (pid 25042) Use of struct sctp_assoc_value in delayed_ack socket option.
[  571.351074][T25042] Use struct sctp_sack_info instead
[  571.413827][T25039] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6338'.
[  571.418730][T25034] bond1: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2)
[  571.444958][T25034] bond1 (unregistering): Released all slaves
[  571.593609][T25053] syzkaller0: entered promiscuous mode
[  571.613387][T25053] syzkaller0: entered allmulticast mode
[  571.647341][T24784] veth0_vlan: entered promiscuous mode
[  571.757142][T24784] veth1_vlan: entered promiscuous mode
[  571.993629][T24784] veth0_macvtap: entered promiscuous mode
[  572.022424][T24784] veth1_macvtap: entered promiscuous mode
[  572.074844][T24784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  572.104053][T24784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  572.143052][  T151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  572.171350][  T151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  572.224787][  T151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  572.257561][  T151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  572.402464][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  572.414503][T25077] Bluetooth: MGMT ver 1.23
[  572.420068][ T5144] Bluetooth: hci1: command tx timeout
[  572.430823][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.478278][T25079] sctp: [Deprecated]: syz.1.6350 (pid 25079) Use of struct sctp_assoc_value in delayed_ack socket option.
[  572.478278][T25079] Use struct sctp_sack_info instead
[  572.489042][ T2967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  572.498225][T25075] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6348'.
[  572.504533][ T2967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.550634][T25075] syzkaller0: entered promiscuous mode
[  572.556173][T25075] syzkaller0: entered allmulticast mode
[  572.715198][T25085] syzkaller1: entered promiscuous mode
[  572.728820][T25085] syzkaller1: entered allmulticast mode
[  572.761498][T25091] syzkaller0: entered promiscuous mode
[  572.781637][T25091] syzkaller0: entered allmulticast mode
[  572.958246][T25101] netlink: 'syz.3.6357': attribute type 4 has an invalid length.
[  572.968042][T25101] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6357'.
[  573.009462][T25101] .`: renamed from bond0 (while UP)
[  573.084011][T25109] sctp: [Deprecated]: syz.4.6361 (pid 25109) Use of struct sctp_assoc_value in delayed_ack socket option.
[  573.084011][T25109] Use struct sctp_sack_info instead
[  573.122599][T25111] FAULT_INJECTION: forcing a failure.
[  573.122599][T25111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  573.148395][T25111] CPU: 0 UID: 0 PID: 25111 Comm: syz.3.6362 Not tainted syzkaller #0 PREEMPT(full) 
[  573.148423][T25111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  573.148435][T25111] Call Trace:
[  573.148443][T25111]  <TASK>
[  573.148451][T25111]  dump_stack_lvl+0xe8/0x150
[  573.148481][T25111]  should_fail_ex+0x412/0x560
[  573.148514][T25111]  _copy_from_iter+0x1d3/0x1670
[  573.148537][T25111]  ? rcu_is_watching+0x15/0xb0
[  573.148566][T25111]  ? __pfx__copy_from_iter+0x10/0x10
[  573.148593][T25111]  ? netlink_sendmsg+0x650/0xb40
[  573.148614][T25111]  ? skb_put+0x11b/0x210
[  573.148639][T25111]  netlink_sendmsg+0x6c0/0xb40
[  573.148670][T25111]  ? __pfx_netlink_sendmsg+0x10/0x10
[  573.148693][T25111]  ? aa_sock_msg_perm+0xf1/0x1b0
[  573.148717][T25111]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  573.148739][T25111]  ____sys_sendmsg+0x972/0x9f0
[  573.148771][T25111]  ? __pfx_____sys_sendmsg+0x10/0x10
[  573.148803][T25111]  ? import_iovec+0x73/0xa0
[  573.148828][T25111]  ___sys_sendmsg+0x2a5/0x360
[  573.148857][T25111]  ? __pfx____sys_sendmsg+0x10/0x10
[  573.148914][T25111]  ? __fget_files+0x2a/0x420
[  573.148931][T25111]  ? __fget_files+0x3a0/0x420
[  573.148957][T25111]  __x64_sys_sendmsg+0x1bd/0x2a0
[  573.148983][T25111]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  573.149017][T25111]  ? __pfx_ksys_write+0x10/0x10
[  573.149047][T25111]  do_syscall_64+0x14d/0xf80
[  573.149077][T25111]  ? trace_irq_disable+0x3b/0x150
[  573.149093][T25111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.149109][T25111]  ? clear_bhb_loop+0x40/0x90
[  573.149130][T25111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.149148][T25111] RIP: 0033:0x7fbaf279c819
[  573.149166][T25111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  573.149181][T25111] RSP: 002b:00007fbaf3652028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  573.149200][T25111] RAX: ffffffffffffffda RBX: 00007fbaf2a15fa0 RCX: 00007fbaf279c819
[  573.149213][T25111] RDX: 0000000004040050 RSI: 0000200000006540 RDI: 0000000000000004
[  573.149225][T25111] RBP: 00007fbaf3652090 R08: 0000000000000000 R09: 0000000000000000
[  573.149236][T25111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.149247][T25111] R13: 00007fbaf2a16038 R14: 00007fbaf2a15fa0 R15: 00007ffcf3e1af48
[  573.149274][T25111]  </TASK>
[  573.462389][T25117] netlink: 76 bytes leftover after parsing attributes in process `syz.2.6365'.
[  573.516002][T25117] syzkaller0: entered promiscuous mode
[  573.536807][T25117] syzkaller0: entered allmulticast mode
[  573.716065][T25142] vlan2: entered promiscuous mode
[  573.721750][T25142] bridge0: entered promiscuous mode
[  573.750755][T25144] syzkaller0: entered promiscuous mode
[  573.756267][T25144] syzkaller0: entered allmulticast mode
[  573.824795][T25147] netlink: 'syz.3.6374': attribute type 4 has an invalid length.
[  573.951614][T25156] sctp: [Deprecated]: syz.2.6377 (pid 25156) Use of struct sctp_assoc_value in delayed_ack socket option.
[  573.951614][T25156] Use struct sctp_sack_info instead
[  574.150077][T25164] can: request_module (can-proto-0) failed.
[  574.488440][ T5144] Bluetooth: hci1: command tx timeout
[  574.537735][T25191] sctp: [Deprecated]: syz.4.6390 (pid 25191) Use of struct sctp_assoc_value in delayed_ack socket option.
[  574.537735][T25191] Use struct sctp_sack_info instead
[  574.556601][T25192] __nla_validate_parse: 4 callbacks suppressed
[  574.556622][T25192] netlink: 108 bytes leftover after parsing attributes in process `syz.2.6389'.
[  574.731275][T25207] xt_SECMARK: invalid mode: 9
[  574.736995][T25204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.818224][T25204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.893760][T25204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  574.937416][T25220] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6398'.
[  574.995175][T25223] raw_sendmsg: syz.0.6400 forgot to set AF_INET. Fix it!
[  575.083661][T25229] sctp: [Deprecated]: syz.1.6402 (pid 25229) Use of struct sctp_assoc_value in delayed_ack socket option.
[  575.083661][T25229] Use struct sctp_sack_info instead
[  575.276621][T25239] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6405'.
[  575.548531][T25262] netlink: 'syz.1.6412': attribute type 1 has an invalid length.
[  575.593391][T25267] sctp: [Deprecated]: syz.0.6414 (pid 25267) Use of struct sctp_assoc_value in delayed_ack socket option.
[  575.593391][T25267] Use struct sctp_sack_info instead
[  575.603416][T25262] bond0: entered promiscuous mode
[  575.623651][T25262] 8021q: adding VLAN 0 to HW filter on device bond0
[  575.674620][T25270] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6415'.
[  575.691874][T25270] mac80211_hwsim hwsim44 ÿ
: renamed from wlan1 (while UP)
[  575.746385][T25262] bond0: (slave bridge4): making interface the new active one
[  575.797274][T25262] bridge4: entered promiscuous mode
[  575.803966][T25262] bond0: (slave bridge4): Enslaving as an active interface with an up link
[  575.846571][T25281] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6419'.
[  575.870738][T25276] openvswitch: netlink: IP tunnel dst address not specified
[  576.075305][T25301] sctp: [Deprecated]: syz.1.6427 (pid 25301) Use of struct sctp_assoc_value in delayed_ack socket option.
[  576.075305][T25301] Use struct sctp_sack_info instead
[  576.178025][ T5889] IPVS: starting estimator thread 0...
[  576.219598][T25309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6428'.
[  576.268421][T25306] IPVS: using max 42 ests per chain, 100800 per kthread
[  576.319977][T25313] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6433'.
[  576.535030][T25328] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6436'.
[  576.545176][T25328] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6436'.
[  576.583012][T25332] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6439'.
[  576.599232][T25330] sctp: [Deprecated]: syz.0.6438 (pid 25330) Use of struct sctp_assoc_value in delayed_ack socket option.
[  576.599232][T25330] Use struct sctp_sack_info instead
[  576.714395][T25339] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  577.146580][T25358] pimreg3: entered allmulticast mode
[  577.239258][T25362] syzkaller0: entered promiscuous mode
[  577.248922][T25362] syzkaller0: entered allmulticast mode
[  577.536008][T25378] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  577.716022][T25392] smc: ib device syz2 ibport 1 erased user defined pnetid SYZ1
[  577.741155][T25393] vlan2: entered promiscuous mode
[  577.756518][T25393] bridge0: entered promiscuous mode
[  577.972127][T25405] bond1: option fail_over_mac: invalid value (16)
[  577.994128][T25405] bond1 (unregistering): Released all slaves
[  578.060409][T25406] syzkaller0: entered promiscuous mode
[  578.065929][T25406] syzkaller0: entered allmulticast mode
[  578.137177][T25416] Cannot find set identified by id 0 to match
[  578.346699][T25427] netlink: 'syz.1.6480': attribute type 4 has an invalid length.
[  578.423216][T25431] vlan2: entered promiscuous mode
[  578.444773][T25431] bridge0: entered promiscuous mode
[  578.697332][T25437] syzkaller0: entered promiscuous mode
[  578.737707][T25437] syzkaller0: entered allmulticast mode
[  578.908941][T25448] lo speed is unknown, defaulting to 1000
[  579.434781][T25485] netlink: 'syz.1.6500': attribute type 8 has an invalid length.
[  579.443322][T25485] sch_fq: defrate 0 ignored.
[  579.702369][T25501] netlink: 'syz.4.6505': attribute type 4 has an invalid length.
[  579.728175][T25501] __nla_validate_parse: 10 callbacks suppressed
[  579.728196][T25501] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6505'.
[  579.749480][T25501] wlan1: mtu less than device minimum
[  579.912112][T25507] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  579.951484][T25504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6508'.
[  579.962840][T25504] dummy0: entered promiscuous mode
[  580.182401][T25513] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.190247][T25513] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.213209][T25523] netlink: 'syz.3.6517': attribute type 3 has an invalid length.
[  580.223412][T25523] netlink: 'syz.3.6517': attribute type 3 has an invalid length.
[  580.334125][T25528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6516'.
[  580.340300][T25513] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  580.362145][T25513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  580.653625][ T1151] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  580.669137][ T1151] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  580.709759][ T1151] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  580.753670][ T1151] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  580.816341][T25538] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6522'.
[  580.840883][T25541] Cannot find set identified by id 0 to match
[  581.235699][T25564] netlink: 'syz.2.6532': attribute type 1 has an invalid length.
[  581.244183][T25564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6532'.
[  581.254651][T25564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6532'.
[  581.294722][T25570] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6532'.
[  581.305385][T25570] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6532'.
[  581.415570][T25584] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6539'.
[  582.523639][T25646] netlink: 'syz.4.6562': attribute type 16 has an invalid length.
[  582.555012][T25626] lec:lec_atm_close: lec0: Shut down!
[  582.632155][T25652] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  582.898631][T25662] netlink: 1024 bytes leftover after parsing attributes in process `syz.4.6570'.
[  583.004874][T25664] netlink: 'syz.2.6569': attribute type 1 has an invalid length.
[  583.064994][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.087284][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.120368][T25669] netlink: 'syz.0.6572': attribute type 1 has an invalid length.
[  583.129043][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.137553][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.165072][T25669] 8021q: adding VLAN 0 to HW filter on device bond1
[  583.174042][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.185394][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.227480][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.237023][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.260226][T25677] bond1: (slave veth3): Enslaving as an active interface with a down link
[  583.277791][T25690] netlink: 'syz.0.6572': attribute type 1 has an invalid length.
[  583.283128][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.295563][T25680] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  583.323690][T25693] netlink: 'syz.4.6579': attribute type 1 has an invalid length.
[  583.345060][T25690] netlink: 'syz.0.6572': attribute type 2 has an invalid length.
[  583.399539][T25669] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  583.409828][T25693] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  583.588497][T25703] hsr_slave_0 (unregistering): left promiscuous mode
[  583.884519][T25722] Cannot find set identified by id 0 to match
[  583.890998][T25723] netlink: 'syz.2.6585': attribute type 1 has an invalid length.
[  584.025273][T25723] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  584.247659][T25706] lec:lec_atm_close: lec0: Shut down!
[  584.262816][T25738] xt_hashlimit: size too large, truncated to 1048576
[  584.938592][T25770] __nla_validate_parse: 7 callbacks suppressed
[  584.938611][T25770] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6600'.
[  585.000172][T25781] FAULT_INJECTION: forcing a failure.
[  585.000172][T25781] name failslab, interval 1, probability 0, space 0, times 0
[  585.012881][T25781] CPU: 1 UID: 0 PID: 25781 Comm: syz.0.6603 Not tainted syzkaller #0 PREEMPT(full) 
[  585.012905][T25781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  585.012917][T25781] Call Trace:
[  585.012924][T25781]  <TASK>
[  585.012931][T25781]  dump_stack_lvl+0xe8/0x150
[  585.012963][T25781]  should_fail_ex+0x412/0x560
[  585.012996][T25781]  should_failslab+0xa8/0x100
[  585.013022][T25781]  kmem_cache_alloc_bulk_noprof+0x8d/0x7e0
[  585.013044][T25781]  ? pfn_valid+0x125/0x4c0
[  585.013076][T25781]  bpf_test_run_xdp_live+0x179c/0x1cf0
[  585.013115][T25781]  ? bpf_test_run_xdp_live+0x438/0x1cf0
[  585.013145][T25781]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  585.013186][T25781]  ? 0xffffffffa02019d4
[  585.013227][T25781]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  585.013256][T25781]  ? _copy_from_user+0x94/0xb0
[  585.013279][T25781]  ? bpf_test_init+0x113/0x150
[  585.013295][T25781]  ? xdp_convert_md_to_buff+0x5b/0x330
[  585.013318][T25781]  bpf_prog_test_run_xdp+0x81c/0x1160
[  585.013362][T25781]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  585.013388][T25781]  ? __fget_files+0x2a/0x420
[  585.013426][T25781]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  585.013448][T25781]  bpf_prog_test_run+0x2c7/0x340
[  585.013472][T25781]  __sys_bpf+0x643/0x950
[  585.013492][T25781]  ? __pfx___sys_bpf+0x10/0x10
[  585.013525][T25781]  ? ksys_write+0x242/0x270
[  585.013548][T25781]  ? __pfx_ksys_write+0x10/0x10
[  585.013576][T25781]  __x64_sys_bpf+0x7c/0x90
[  585.013602][T25781]  do_syscall_64+0x14d/0xf80
[  585.013627][T25781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.013646][T25781]  ? clear_bhb_loop+0x40/0x90
[  585.013669][T25781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.013687][T25781] RIP: 0033:0x7f02bd79c819
[  585.013704][T25781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  585.013720][T25781] RSP: 002b:00007f02be5e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  585.013739][T25781] RAX: ffffffffffffffda RBX: 00007f02bda15fa0 RCX: 00007f02bd79c819
[  585.013753][T25781] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  585.013765][T25781] RBP: 00007f02be5e2090 R08: 0000000000000000 R09: 0000000000000000
[  585.013777][T25781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  585.013789][T25781] R13: 00007f02bda16038 R14: 00007f02bda15fa0 R15: 00007ffc698341e8
[  585.013819][T25781]  </TASK>
[  585.494841][T25805] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6608'.
[  585.786981][T17918] IPVS: starting estimator thread 0...
[  585.857014][T25829] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6617'.
[  585.908660][T25832] IPVS: using max 33 ests per chain, 79200 per kthread
[  586.029246][T25844] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6617'.
[  586.074574][T25844] nbd: device at index 64 is going down
[  586.244931][T25856] Cannot find set identified by id 0 to match
[  586.410824][T25862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6630'.
[  586.434065][T25873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6632'.
[  586.443314][T25871] netlink: 1024 bytes leftover after parsing attributes in process `syz.0.6631'.
[  586.667121][T25885] sctp: [Deprecated]: syz.4.6638 (pid 25885) Use of struct sctp_assoc_value in delayed_ack socket option.
[  586.667121][T25885] Use struct sctp_sack_info instead
[  586.681818][T25888] FAULT_INJECTION: forcing a failure.
[  586.681818][T25888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  586.726568][T25888] CPU: 0 UID: 0 PID: 25888 Comm: syz.2.6637 Not tainted syzkaller #0 PREEMPT(full) 
[  586.726596][T25888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  586.726607][T25888] Call Trace:
[  586.726615][T25888]  <TASK>
[  586.726623][T25888]  dump_stack_lvl+0xe8/0x150
[  586.726655][T25888]  should_fail_ex+0x412/0x560
[  586.726687][T25888]  _copy_from_user+0x2d/0xb0
[  586.726709][T25888]  do_sock_getsockopt+0x165/0x3f0
[  586.726736][T25888]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  586.726761][T25888]  ? __fget_files+0x3a0/0x420
[  586.726778][T25888]  ? __fget_files+0x2a/0x420
[  586.726801][T25888]  __x64_sys_getsockopt+0x1a4/0x240
[  586.726834][T25888]  do_syscall_64+0x14d/0xf80
[  586.726857][T25888]  ? trace_irq_disable+0x3b/0x150
[  586.726874][T25888]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.726893][T25888]  ? clear_bhb_loop+0x40/0x90
[  586.726916][T25888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.726943][T25888] RIP: 0033:0x7faac859c819
[  586.726961][T25888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  586.726977][T25888] RSP: 002b:00007faac93f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  586.726998][T25888] RAX: ffffffffffffffda RBX: 00007faac8815fa0 RCX: 00007faac859c819
[  586.727012][T25888] RDX: 0000000000000010 RSI: 0000000000000084 RDI: 0000000000000003
[  586.727023][T25888] RBP: 00007faac93f4090 R08: 0000200000000100 R09: 0000000000000000
[  586.727036][T25888] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  586.727048][T25888] R13: 00007faac8816038 R14: 00007faac8815fa0 R15: 00007fff8edf1fb8
[  586.727078][T25888]  </TASK>
[  586.727094][T25888] sctp: [Deprecated]: syz.2.6637 (pid 25888) Use of struct sctp_assoc_value in delayed_ack socket option.
[  586.727094][T25888] Use struct sctp_sack_info instead
[  587.010496][T25902] netlink: 1024 bytes leftover after parsing attributes in process `syz.0.6644'.
[  587.085694][T25910] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6645'.
[  587.115129][T25911] sctp: [Deprecated]: syz.4.6647 (pid 25911) Use of struct sctp_assoc_value in delayed_ack socket option.
[  587.115129][T25911] Use struct sctp_sack_info instead
[  587.139958][T25910] netlink: 164 bytes leftover after parsing attributes in process `syz.1.6645'.
[  587.428955][T25921] sctp: [Deprecated]: syz.0.6650 (pid 25921) Use of struct sctp_assoc_value in delayed_ack socket option.
[  587.428955][T25921] Use struct sctp_sack_info instead
[  587.429470][T25919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  587.569651][T25919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  587.590595][T25923] tipc: Started in network mode
[  587.595520][T25923] tipc: Node identity 0a5c3670c67f, cluster identity 4711
[  587.602890][T25923] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  587.610933][T25923] syzkaller0: entered promiscuous mode
[  587.616426][T25923] syzkaller0: entered allmulticast mode
[  587.642968][T25925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  587.703579][T25923] tipc: Resetting bearer <eth:syzkaller0>
[  587.811373][T25922] tipc: Resetting bearer <eth:syzkaller0>
[  587.861212][T25922] tipc: Disabling bearer <eth:syzkaller0>
[  588.122506][T25949] netlink: 'syz.2.6659': attribute type 4 has an invalid length.
[  588.198825][T25949] .`: renamed from bond0 (while UP)
[  588.199197][T25955] netlink: 'syz.0.6662': attribute type 72 has an invalid length.
[  588.347784][T25965] sctp: [Deprecated]: syz.2.6665 (pid 25965) Use of struct sctp_assoc_value in delayed_ack socket option.
[  588.347784][T25965] Use struct sctp_sack_info instead
[  588.410226][T25965] FAULT_INJECTION: forcing a failure.
[  588.410226][T25965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.466504][T25965] CPU: 0 UID: 0 PID: 25965 Comm: syz.2.6665 Not tainted syzkaller #0 PREEMPT(full) 
[  588.466542][T25965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  588.466554][T25965] Call Trace:
[  588.466562][T25965]  <TASK>
[  588.466570][T25965]  dump_stack_lvl+0xe8/0x150
[  588.466601][T25965]  should_fail_ex+0x412/0x560
[  588.466635][T25965]  _copy_to_user+0x31/0xb0
[  588.466660][T25965]  simple_read_from_buffer+0xe1/0x170
[  588.466690][T25965]  proc_fail_nth_read+0x1bb/0x230
[  588.466718][T25965]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  588.466747][T25965]  ? rw_verify_area+0x2a6/0x4d0
[  588.466767][T25965]  ? reacquire_held_locks+0x104/0x190
[  588.466792][T25965]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  588.466826][T25965]  vfs_read+0x20c/0xa70
[  588.466846][T25965]  ? fdget_pos+0x246/0x320
[  588.466867][T25965]  ? __pfx___mutex_lock+0x10/0x10
[  588.466894][T25965]  ? __pfx_vfs_read+0x10/0x10
[  588.466917][T25965]  ? __fget_files+0x2a/0x420
[  588.466938][T25965]  ? __fget_files+0x3a0/0x420
[  588.466954][T25965]  ? __fget_files+0x2a/0x420
[  588.466980][T25965]  ksys_read+0x150/0x270
[  588.467003][T25965]  ? __pfx_ksys_read+0x10/0x10
[  588.467035][T25965]  do_syscall_64+0x14d/0xf80
[  588.467058][T25965]  ? trace_irq_disable+0x3b/0x150
[  588.467073][T25965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.467092][T25965]  ? clear_bhb_loop+0x40/0x90
[  588.467115][T25965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.467133][T25965] RIP: 0033:0x7faac855d04e
[  588.467151][T25965] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  588.467167][T25965] RSP: 002b:00007faac93f3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  588.467187][T25965] RAX: ffffffffffffffda RBX: 00007faac93f46c0 RCX: 00007faac855d04e
[  588.467201][T25965] RDX: 000000000000000f RSI: 00007faac93f40a0 RDI: 0000000000000004
[  588.467214][T25965] RBP: 00007faac93f4090 R08: 0000000000000000 R09: 0000000000000000
[  588.467225][T25965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.467237][T25965] R13: 00007faac8816038 R14: 00007faac8815fa0 R15: 00007fff8edf1fb8
[  588.467269][T25965]  </TASK>
[  588.818205][T25979] net_ratelimit: 57 callbacks suppressed
[  588.818228][T25979] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  588.847113][T25981] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  588.855454][T25981] batman_adv: batadv0: Removing interface: batadv_slave_0
[  588.899931][T25981] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  588.907534][T25981] batman_adv: batadv0: Removing interface: batadv_slave_1
[  589.025677][T25991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.075969][T25992] syzkaller1: entered promiscuous mode
[  589.084381][T25992] syzkaller1: entered allmulticast mode
[  589.124870][T25988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.156289][T25996] set match dimension is over the limit!
[  589.205046][T25988] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  589.223767][T26000] netlink: 'syz.0.6678': attribute type 1 has an invalid length.
[  589.241482][T25998] netlink: 'syz.2.6677': attribute type 72 has an invalid length.
[  589.294793][T26000] bond2: entered promiscuous mode
[  589.306008][T26000] 8021q: adding VLAN 0 to HW filter on device bond2
[  589.347089][T26000] macvtap1: entered allmulticast mode
[  589.408207][T26000] bond2: (slave bridge1): making interface the new active one
[  589.417616][T26000] bridge1: entered promiscuous mode
[  589.424924][T26000] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  589.545708][T26016] netlink: 'syz.0.6683': attribute type 4 has an invalid length.
[  589.570718][T26016] .`: renamed from bond0
[  589.690590][T26025] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  589.760321][T26029] Cannot find set identified by id 0 to match
[  589.784060][T26031] FAULT_INJECTION: forcing a failure.
[  589.784060][T26031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  589.848631][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5610 ms
[  589.856757][    C0] lec:lec_tx_timeout: lec0
[  589.858438][T26031] CPU: 1 UID: 0 PID: 26031 Comm: syz.2.6688 Not tainted syzkaller #0 PREEMPT(full) 
[  589.858460][T26031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  589.858472][T26031] Call Trace:
[  589.858480][T26031]  <TASK>
[  589.858488][T26031]  dump_stack_lvl+0xe8/0x150
[  589.858518][T26031]  should_fail_ex+0x412/0x560
[  589.858549][T26031]  _copy_from_iter+0x1d3/0x1670
[  589.858571][T26031]  ? rcu_is_watching+0x15/0xb0
[  589.858601][T26031]  ? __pfx__copy_from_iter+0x10/0x10
[  589.858618][T26031]  ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0
[  589.858647][T26031]  ? netlink_sendmsg+0x650/0xb40
[  589.858665][T26031]  ? skb_put+0x11b/0x210
[  589.858690][T26031]  netlink_sendmsg+0x6c0/0xb40
[  589.858718][T26031]  ? __pfx_netlink_sendmsg+0x10/0x10
[  589.858747][T26031]  ? aa_sock_msg_perm+0xf1/0x1b0
[  589.858772][T26031]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  589.858794][T26031]  ____sys_sendmsg+0x972/0x9f0
[  589.858826][T26031]  ? __pfx_____sys_sendmsg+0x10/0x10
[  589.858857][T26031]  ? import_iovec+0x73/0xa0
[  589.858880][T26031]  ___sys_sendmsg+0x2a5/0x360
[  589.858908][T26031]  ? __pfx____sys_sendmsg+0x10/0x10
[  589.858961][T26031]  ? __fget_files+0x2a/0x420
[  589.858977][T26031]  ? __fget_files+0x3a0/0x420
[  589.859001][T26031]  __x64_sys_sendmsg+0x1bd/0x2a0
[  589.859026][T26031]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  589.859058][T26031]  ? __pfx_ksys_write+0x10/0x10
[  589.859087][T26031]  do_syscall_64+0x14d/0xf80
[  589.859111][T26031]  ? trace_irq_disable+0x3b/0x150
[  589.859126][T26031]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.859144][T26031]  ? clear_bhb_loop+0x40/0x90
[  589.859165][T26031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.859183][T26031] RIP: 0033:0x7faac859c819
[  589.859202][T26031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  589.859217][T26031] RSP: 002b:00007faac93f4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  589.859237][T26031] RAX: ffffffffffffffda RBX: 00007faac8815fa0 RCX: 00007faac859c819
[  589.859250][T26031] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  589.859261][T26031] RBP: 00007faac93f4090 R08: 0000000000000000 R09: 0000000000000000
[  589.859273][T26031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.859284][T26031] R13: 00007faac8816038 R14: 00007faac8815fa0 R15: 00007fff8edf1fb8
[  589.859312][T26031]  </TASK>
[  590.104807][T26037] __nla_validate_parse: 5 callbacks suppressed
[  590.104825][T26037] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6691'.
[  590.457255][T26067] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.6700'.
[  590.656539][T26073] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6701'.
[  590.751697][T26079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6698'.
[  590.875938][T26084] FAULT_INJECTION: forcing a failure.
[  590.875938][T26084] name failslab, interval 1, probability 0, space 0, times 0
[  590.880246][T26086] netlink: 1024 bytes leftover after parsing attributes in process `syz.1.6706'.
[  590.904351][T26088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6707'.
[  590.920574][T26084] CPU: 0 UID: 0 PID: 26084 Comm: syz.3.6705 Not tainted syzkaller #0 PREEMPT(full) 
[  590.920602][T26084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  590.920613][T26084] Call Trace:
[  590.920621][T26084]  <TASK>
[  590.920629][T26084]  dump_stack_lvl+0xe8/0x150
[  590.920659][T26084]  should_fail_ex+0x412/0x560
[  590.920688][T26084]  should_failslab+0xa8/0x100
[  590.920712][T26084]  __kmalloc_noprof+0xe8/0x760
[  590.920732][T26084]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  590.920763][T26084]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  590.920793][T26084]  genl_family_rcv_msg_doit+0xd9/0x330
[  590.920819][T26084]  ? __asan_memcpy+0x40/0x70
[  590.920838][T26084]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  590.920873][T26084]  ? __kernel_text_address+0xd/0x30
[  590.920895][T26084]  ? __pfx_genl_get_cmd+0x10/0x10
[  590.920917][T26084]  ? __pfx_ila_xlat_nl_cmd_get_mapping+0x10/0x10
[  590.920939][T26084]  ? __pfx_ila_xlat_nl_dump_start+0x10/0x10
[  590.920957][T26084]  ? __pfx_ila_xlat_nl_dump+0x10/0x10
[  590.920976][T26084]  ? __pfx_ila_xlat_nl_dump_done+0x10/0x10
[  590.921000][T26084]  ? __lock_acquire+0x6b5/0x2cf0
[  590.921030][T26084]  genl_rcv_msg+0x61c/0x7a0
[  590.921060][T26084]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.921084][T26084]  ? __pfx_ila_xlat_nl_cmd_get_mapping+0x10/0x10
[  590.921106][T26084]  ? __lock_acquire+0x6b5/0x2cf0
[  590.921137][T26084]  netlink_rcv_skb+0x232/0x4b0
[  590.921158][T26084]  ? __pfx_genl_rcv_msg+0x10/0x10
[  590.921184][T26084]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  590.921221][T26084]  ? down_read+0x272/0x2e0
[  590.921237][T26084]  ? genl_rcv+0xd/0x40
[  590.921263][T26084]  genl_rcv+0x28/0x40
[  590.921285][T26084]  netlink_unicast+0x80f/0x9b0
[  590.921313][T26084]  ? __pfx_netlink_unicast+0x10/0x10
[  590.921332][T26084]  ? netlink_sendmsg+0x650/0xb40
[  590.921351][T26084]  ? skb_put+0x11b/0x210
[  590.921378][T26084]  netlink_sendmsg+0x813/0xb40
[  590.921408][T26084]  ? __pfx_netlink_sendmsg+0x10/0x10
[  590.921433][T26084]  ? aa_sock_msg_perm+0xf1/0x1b0
[  590.921460][T26084]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  590.921483][T26084]  ____sys_sendmsg+0x972/0x9f0
[  590.921516][T26084]  ? __pfx_____sys_sendmsg+0x10/0x10
[  590.921549][T26084]  ? import_iovec+0x73/0xa0
[  590.921574][T26084]  ___sys_sendmsg+0x2a5/0x360
[  590.921604][T26084]  ? __pfx____sys_sendmsg+0x10/0x10
[  590.921661][T26084]  ? __fget_files+0x2a/0x420
[  590.921678][T26084]  ? __fget_files+0x3a0/0x420
[  590.921706][T26084]  __x64_sys_sendmsg+0x1bd/0x2a0
[  590.921733][T26084]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  590.921767][T26084]  ? __pfx_ksys_write+0x10/0x10
[  590.921799][T26084]  do_syscall_64+0x14d/0xf80
[  590.921823][T26084]  ? trace_irq_disable+0x3b/0x150
[  590.921839][T26084]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.921858][T26084]  ? clear_bhb_loop+0x40/0x90
[  590.921888][T26084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.921907][T26084] RIP: 0033:0x7fbaf279c819
[  590.921926][T26084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  590.921942][T26084] RSP: 002b:00007fbaf3652028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  590.921961][T26084] RAX: ffffffffffffffda RBX: 00007fbaf2a15fa0 RCX: 00007fbaf279c819
[  590.921976][T26084] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  590.921987][T26084] RBP: 00007fbaf3652090 R08: 0000000000000000 R09: 0000000000000000
[  590.922000][T26084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.922011][T26084] R13: 00007fbaf2a16038 R14: 00007fbaf2a15fa0 R15: 00007ffcf3e1af48
[  590.922041][T26084]  </TASK>
[  591.424454][T26101] Cannot find set identified by id 0 to match
[  591.465837][T26096] xt_hashlimit: size too large, truncated to 1048576
[  591.481916][T26099] FAULT_INJECTION: forcing a failure.
[  591.481916][T26099] name failslab, interval 1, probability 0, space 0, times 0
[  591.494651][T26099] CPU: 1 UID: 0 PID: 26099 Comm: syz.4.6712 Not tainted syzkaller #0 PREEMPT(full) 
[  591.494678][T26099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  591.494690][T26099] Call Trace:
[  591.494698][T26099]  <TASK>
[  591.494706][T26099]  dump_stack_lvl+0xe8/0x150
[  591.494738][T26099]  should_fail_ex+0x412/0x560
[  591.494771][T26099]  should_failslab+0xa8/0x100
[  591.494796][T26099]  kmem_cache_alloc_bulk_noprof+0x8d/0x7e0
[  591.494819][T26099]  ? pfn_valid+0x125/0x4c0
[  591.494851][T26099]  bpf_test_run_xdp_live+0x179c/0x1cf0
[  591.494896][T26099]  ? bpf_test_run_xdp_live+0x438/0x1cf0
[  591.494927][T26099]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  591.494970][T26099]  ? 0xffffffffa02019c8
[  591.495015][T26099]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  591.495047][T26099]  ? _copy_from_user+0x94/0xb0
[  591.495070][T26099]  ? bpf_test_init+0x113/0x150
[  591.495088][T26099]  ? xdp_convert_md_to_buff+0x5b/0x330
[  591.495111][T26099]  bpf_prog_test_run_xdp+0x81c/0x1160
[  591.495148][T26099]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  591.495175][T26099]  ? __fget_files+0x2a/0x420
[  591.495197][T26099]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  591.495219][T26099]  bpf_prog_test_run+0x2c7/0x340
[  591.495244][T26099]  __sys_bpf+0x643/0x950
[  591.495264][T26099]  ? __pfx___sys_bpf+0x10/0x10
[  591.495298][T26099]  ? ksys_write+0x242/0x270
[  591.495321][T26099]  ? __pfx_ksys_write+0x10/0x10
[  591.495350][T26099]  __x64_sys_bpf+0x7c/0x90
[  591.495375][T26099]  do_syscall_64+0x14d/0xf80
[  591.495399][T26099]  ? trace_irq_disable+0x3b/0x150
[  591.495416][T26099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.495435][T26099]  ? clear_bhb_loop+0x40/0x90
[  591.495458][T26099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  591.495477][T26099] RIP: 0033:0x7fa0f659c819
[  591.495495][T26099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  591.495512][T26099] RSP: 002b:00007fa0f73c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  591.495533][T26099] RAX: ffffffffffffffda RBX: 00007fa0f6815fa0 RCX: 00007fa0f659c819
[  591.495558][T26099] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  591.495570][T26099] RBP: 00007fa0f73c1090 R08: 0000000000000000 R09: 0000000000000000
[  591.495582][T26099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  591.495594][T26099] R13: 00007fa0f6816038 R14: 00007fa0f6815fa0 R15: 00007ffce7692af8
[  591.495626][T26099]  </TASK>
[  591.747275][T26104] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6714'.
[  591.762218][T26102] sctp: [Deprecated]: syz.2.6711 (pid 26102) Use of struct sctp_assoc_value in delayed_ack socket option.
[  591.762218][T26102] Use struct sctp_sack_info instead
[  591.808238][T26109] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6714'.
[  591.853834][T26106] netlink: 'syz.3.6715': attribute type 2 has an invalid length.
[  599.502535][ T8909] lec:lec_start_xmit: lec0:No lecd attached
[  604.888396][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5380 ms
[  604.896704][    C0] lec:lec_tx_timeout: lec0
[  624.330481][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  624.339901][ T1299] lec:lec_start_xmit: lec0:No lecd attached
[  629.848400][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5510 ms
[  629.856722][    C0] lec:lec_tx_timeout: lec0
[  646.899327][ T5144] Bluetooth: hci2: command 0x0406 tx timeout
[  648.287959][T26127] FAULT_INJECTION: forcing a failure.
[  648.287959][T26127] name failslab, interval 1, probability 0, space 0, times 0
[  648.301382][T26127] CPU: 1 UID: 0 PID: 26127 Comm: syz.3.6721 Not tainted syzkaller #0 PREEMPT(full) 
[  648.301415][T26127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  648.301426][T26127] Call Trace:
[  648.301434][T26127]  <TASK>
[  648.301441][T26127]  dump_stack_lvl+0xe8/0x150
[  648.301468][T26127]  should_fail_ex+0x412/0x560
[  648.301501][T26127]  should_failslab+0xa8/0x100
[  648.301526][T26127]  __kmalloc_noprof+0xe8/0x760
[  648.301548][T26127]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  648.301578][T26127]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  648.301609][T26127]  genl_family_rcv_msg_doit+0xd9/0x330
[  648.301633][T26127]  ? __asan_memcpy+0x40/0x70
[  648.301655][T26127]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  648.301680][T26127]  ? __kernel_text_address+0xd/0x30
[  648.301701][T26127]  ? __pfx_genl_get_cmd+0x10/0x10
[  648.301721][T26127]  ? __pfx_ila_xlat_nl_cmd_get_mapping+0x10/0x10
[  648.301742][T26127]  ? __pfx_ila_xlat_nl_dump_start+0x10/0x10
[  648.301762][T26127]  ? __pfx_ila_xlat_nl_dump+0x10/0x10
[  648.301782][T26127]  ? __pfx_ila_xlat_nl_dump_done+0x10/0x10
[  648.301807][T26127]  ? __lock_acquire+0x6b5/0x2cf0
[  648.301837][T26127]  genl_rcv_msg+0x61c/0x7a0
[  648.301866][T26127]  ? __pfx_genl_rcv_msg+0x10/0x10
[  648.301889][T26127]  ? __pfx_ila_xlat_nl_cmd_get_mapping+0x10/0x10
[  648.301911][T26127]  ? __lock_acquire+0x6b5/0x2cf0
[  648.301945][T26127]  netlink_rcv_skb+0x232/0x4b0
[  648.301967][T26127]  ? __pfx_genl_rcv_msg+0x10/0x10
[  648.301993][T26127]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  648.302031][T26127]  ? down_read+0x272/0x2e0
[  648.302047][T26127]  ? genl_rcv+0xd/0x40
[  648.302072][T26127]  genl_rcv+0x28/0x40
[  648.302094][T26127]  netlink_unicast+0x80f/0x9b0
[  648.302122][T26127]  ? __pfx_netlink_unicast+0x10/0x10
[  648.302142][T26127]  ? netlink_sendmsg+0x650/0xb40
[  648.302160][T26127]  ? skb_put+0x11b/0x210
[  648.302187][T26127]  netlink_sendmsg+0x813/0xb40
[  648.302218][T26127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  648.302242][T26127]  ? aa_sock_msg_perm+0xf1/0x1b0
[  648.302271][T26127]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  648.302295][T26127]  ____sys_sendmsg+0x972/0x9f0
[  648.302327][T26127]  ? __pfx_____sys_sendmsg+0x10/0x10
[  648.302359][T26127]  ? import_iovec+0x73/0xa0
[  648.302385][T26127]  ___sys_sendmsg+0x2a5/0x360
[  648.302423][T26127]  ? __pfx____sys_sendmsg+0x10/0x10
[  648.302481][T26127]  ? __fget_files+0x2a/0x420
[  648.302498][T26127]  ? __fget_files+0x3a0/0x420
[  648.302524][T26127]  __x64_sys_sendmsg+0x1bd/0x2a0
[  648.302551][T26127]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  648.302583][T26127]  ? __pfx_ksys_write+0x10/0x10
[  648.302616][T26127]  do_syscall_64+0x14d/0xf80
[  648.302638][T26127]  ? trace_irq_disable+0x3b/0x150
[  648.302654][T26127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.302673][T26127]  ? clear_bhb_loop+0x40/0x90
[  648.302695][T26127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.302713][T26127] RIP: 0033:0x7fbaf279c819
[  648.302732][T26127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  648.302746][T26127] RSP: 002b:00007fbaf3652028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  648.302767][T26127] RAX: ffffffffffffffda RBX: 00007fbaf2a15fa0 RCX: 00007fbaf279c819
[  648.302781][T26127] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  648.302793][T26127] RBP: 00007fbaf3652090 R08: 0000000000000000 R09: 0000000000000000
[  648.302805][T26127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.302817][T26127] R13: 00007fbaf2a16038 R14: 00007fbaf2a15fa0 R15: 00007ffcf3e1af48
[  648.302846][T26127]  </TASK>
[  648.302935][T26126] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6719'.
[  648.329203][T26130] netlink: 'syz.4.6722': attribute type 3 has an invalid length.
[  648.771677][T26129] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6718'.
[  648.790263][T26152] Cannot find set identified by id 0 to match
[  649.015256][T26160] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  649.196572][T26167] netlink: 'syz.3.6732': attribute type 1 has an invalid length.
[  649.206804][T26167] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6732'.
[  649.218709][T26170] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6734'.
[  649.354222][T26184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6736'.
[  649.385008][T26181] Cannot find set identified by id 0 to match
[  649.479752][T17918] IPVS: starting estimator thread 0...
[  649.530010][T26194] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6739'.
[  649.569732][T26188] IPVS: using max 31 ests per chain, 74400 per kthread
[  649.900778][T26217] netlink: 1024 bytes leftover after parsing attributes in process `syz.4.6749'.
[  649.950727][T26221] FAULT_INJECTION: forcing a failure.
[  649.950727][T26221] name failslab, interval 1, probability 0, space 0, times 0
[  649.963743][T26221] CPU: 0 UID: 0 PID: 26221 Comm: syz.3.6750 Not tainted syzkaller #0 PREEMPT(full) 
[  649.963769][T26221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  649.963781][T26221] Call Trace:
[  649.963789][T26221]  <TASK>
[  649.963798][T26221]  dump_stack_lvl+0xe8/0x150
[  649.963829][T26221]  should_fail_ex+0x412/0x560
[  649.963861][T26221]  should_failslab+0xa8/0x100
[  649.963886][T26221]  kmem_cache_alloc_bulk_noprof+0x8d/0x7e0
[  649.963909][T26221]  ? pfn_valid+0x125/0x4c0
[  649.963939][T26221]  bpf_test_run_xdp_live+0x179c/0x1cf0
[  649.963979][T26221]  ? bpf_test_run_xdp_live+0x438/0x1cf0
[  649.964008][T26221]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  649.964039][T26221]  ? 0xffffffffa02019d0
[  649.964083][T26221]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  649.964115][T26221]  ? _copy_from_user+0x94/0xb0
[  649.964137][T26221]  ? bpf_test_init+0x113/0x150
[  649.964155][T26221]  ? xdp_convert_md_to_buff+0x5b/0x330
[  649.964178][T26221]  bpf_prog_test_run_xdp+0x81c/0x1160
[  649.964214][T26221]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  649.964239][T26221]  ? __fget_files+0x2a/0x420
[  649.964270][T26221]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  649.964291][T26221]  bpf_prog_test_run+0x2c7/0x340
[  649.964314][T26221]  __sys_bpf+0x643/0x950
[  649.964332][T26221]  ? __pfx___sys_bpf+0x10/0x10
[  649.964362][T26221]  ? ksys_write+0x242/0x270
[  649.964382][T26221]  ? __pfx_ksys_write+0x10/0x10
[  649.964409][T26221]  __x64_sys_bpf+0x7c/0x90
[  649.964434][T26221]  do_syscall_64+0x14d/0xf80
[  649.964457][T26221]  ? trace_irq_disable+0x3b/0x150
[  649.964473][T26221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.964492][T26221]  ? clear_bhb_loop+0x40/0x90
[  649.964514][T26221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.964533][T26221] RIP: 0033:0x7fbaf279c819
[  649.964550][T26221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  649.964566][T26221] RSP: 002b:00007fbaf3652028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  649.964587][T26221] RAX: ffffffffffffffda RBX: 00007fbaf2a15fa0 RCX: 00007fbaf279c819
[  649.964601][T26221] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  649.964613][T26221] RBP: 00007fbaf3652090 R08: 0000000000000000 R09: 0000000000000000
[  649.964625][T26221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  649.964636][T26221] R13: 00007fbaf2a16038 R14: 00007fbaf2a15fa0 R15: 00007ffcf3e1af48
[  649.964667][T26221]  </TASK>
[  649.993493][T26223] set match dimension is over the limit!
[  650.054385][T26226] sctp: [Deprecated]: syz.4.6753 (pid 26226) Use of struct sctp_assoc_value in delayed_ack socket option.
[  650.054385][T26226] Use struct sctp_sack_info instead
[  650.183039][T26230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6751'.
[  650.313501][ T3000] tipc: Subscription rejected, illegal request
[  650.401117][T26239] netlink: 'syz.1.6758': attribute type 1 has an invalid length.
[  650.427441][T26241] netlink: 'syz.2.6755': attribute type 1 has an invalid length.
[  650.438698][T26239] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6758'.
[  650.478719][T26241] bond0: entered promiscuous mode
[  650.530584][T26241] 8021q: adding VLAN 0 to HW filter on device bond0
[  650.579693][T26241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6755'.
[  651.010954][T26282] syzkaller0: entered promiscuous mode
[  651.025204][T26282] syzkaller0: entered allmulticast mode
[  651.406330][T26306] Cannot find set identified by id 0 to match
[  651.426309][T26307] FAULT_INJECTION: forcing a failure.
[  651.426309][T26307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.458840][T26307] CPU: 1 UID: 0 PID: 26307 Comm: syz.2.6781 Not tainted syzkaller #0 PREEMPT(full) 
[  651.458868][T26307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  651.458881][T26307] Call Trace:
[  651.458889][T26307]  <TASK>
[  651.458897][T26307]  dump_stack_lvl+0xe8/0x150
[  651.458928][T26307]  should_fail_ex+0x412/0x560
[  651.458961][T26307]  _copy_from_user+0x2d/0xb0
[  651.458985][T26307]  kstrtouint_from_user+0xd6/0x180
[  651.459007][T26307]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  651.459041][T26307]  proc_fail_nth_write+0x8e/0x210
[  651.459068][T26307]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  651.459099][T26307]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  651.459126][T26307]  vfs_write+0x29a/0xb90
[  651.459166][T26307]  ? __pfx_vfs_write+0x10/0x10
[  651.459189][T26307]  ? __fget_files+0x2a/0x420
[  651.459210][T26307]  ? __fget_files+0x3a0/0x420
[  651.459226][T26307]  ? __fget_files+0x2a/0x420
[  651.459251][T26307]  ksys_write+0x150/0x270
[  651.459271][T26307]  ? __pfx_ksys_write+0x10/0x10
[  651.459303][T26307]  do_syscall_64+0x14d/0xf80
[  651.459326][T26307]  ? trace_irq_disable+0x3b/0x150
[  651.459342][T26307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.459359][T26307]  ? clear_bhb_loop+0x40/0x90
[  651.459382][T26307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.459399][T26307] RIP: 0033:0x7faac855d04e
[  651.459417][T26307] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  651.459433][T26307] RSP: 002b:00007faac93f3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  651.459452][T26307] RAX: ffffffffffffffda RBX: 00007faac93f46c0 RCX: 00007faac855d04e
[  651.459465][T26307] RDX: 0000000000000001 RSI: 00007faac93f40a0 RDI: 0000000000000007
[  651.459476][T26307] RBP: 00007faac93f4090 R08: 0000000000000000 R09: 0000000000000000
[  651.459487][T26307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  651.459497][T26307] R13: 00007faac8816038 R14: 00007faac8815fa0 R15: 00007fff8edf1fb8
[  651.459527][T26307]  </TASK>
[  651.767599][T26315] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  651.987695][T26328] FAULT_INJECTION: forcing a failure.
[  651.987695][T26328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  652.026668][T26328] CPU: 1 UID: 0 PID: 26328 Comm: syz.1.6790 Not tainted syzkaller #0 PREEMPT(full) 
[  652.026695][T26328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  652.026706][T26328] Call Trace:
[  652.026714][T26328]  <TASK>
[  652.026722][T26328]  dump_stack_lvl+0xe8/0x150
[  652.026752][T26328]  should_fail_ex+0x412/0x560
[  652.026784][T26328]  _copy_from_user+0x2d/0xb0
[  652.026806][T26328]  nr_rt_ioctl+0x966/0xf90
[  652.026839][T26328]  ? kasan_quarantine_put+0xbb/0x1f0
[  652.026860][T26328]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  652.026893][T26328]  ? apparmor_capable+0x126/0x170
[  652.026922][T26328]  ? capable+0x88/0xe0
[  652.026943][T26328]  ? nr_ioctl+0x1b1/0x3b0
[  652.026965][T26328]  sock_do_ioctl+0x101/0x320
[  652.026984][T26328]  ? __pfx_sock_do_ioctl+0x10/0x10
[  652.027000][T26328]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  652.027039][T26328]  sock_ioctl+0x5c6/0x7f0
[  652.027066][T26328]  ? __pfx_sock_ioctl+0x10/0x10
[  652.027093][T26328]  ? __fget_files+0x2a/0x420
[  652.027109][T26328]  ? __fget_files+0x3a0/0x420
[  652.027124][T26328]  ? __fget_files+0x2a/0x420
[  652.027150][T26328]  ? bpf_lsm_file_ioctl+0x9/0x20
[  652.027174][T26328]  ? __pfx_sock_ioctl+0x10/0x10
[  652.027199][T26328]  __se_sys_ioctl+0xfc/0x170
[  652.027221][T26328]  do_syscall_64+0x14d/0xf80
[  652.027244][T26328]  ? trace_irq_disable+0x3b/0x150
[  652.027259][T26328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.027277][T26328]  ? clear_bhb_loop+0x40/0x90
[  652.027299][T26328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.027317][T26328] RIP: 0033:0x7ff10eb9c819
[  652.027335][T26328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.027351][T26328] RSP: 002b:00007ff10cdee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  652.027372][T26328] RAX: ffffffffffffffda RBX: 00007ff10ee15fa0 RCX: 00007ff10eb9c819
[  652.027385][T26328] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  652.027397][T26328] RBP: 00007ff10cdee090 R08: 0000000000000000 R09: 0000000000000000
[  652.027408][T26328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.027419][T26328] R13: 00007ff10ee16038 R14: 00007ff10ee15fa0 R15: 00007fffcbff3768
[  652.027448][T26328]  </TASK>
[  652.490768][T26332] FAULT_INJECTION: forcing a failure.
[  652.490768][T26332] name failslab, interval 1, probability 0, space 0, times 0
[  652.503551][T26332] CPU: 1 UID: 0 PID: 26332 Comm: syz.0.6791 Not tainted syzkaller #0 PREEMPT(full) 
[  652.503575][T26332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  652.503584][T26332] Call Trace:
[  652.503591][T26332]  <TASK>
[  652.503597][T26332]  dump_stack_lvl+0xe8/0x150
[  652.503623][T26332]  should_fail_ex+0x412/0x560
[  652.503649][T26332]  should_failslab+0xa8/0x100
[  652.503669][T26332]  kmem_cache_alloc_bulk_noprof+0x8d/0x7e0
[  652.503687][T26332]  ? pfn_valid+0x125/0x4c0
[  652.503711][T26332]  bpf_test_run_xdp_live+0x179c/0x1cf0
[  652.503741][T26332]  ? bpf_test_run_xdp_live+0x438/0x1cf0
[  652.503764][T26332]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  652.503797][T26332]  ? 0xffffffffa02019dc
[  652.503829][T26332]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  652.503853][T26332]  ? _copy_from_user+0x94/0xb0
[  652.503870][T26332]  ? bpf_test_init+0x113/0x150
[  652.503884][T26332]  ? xdp_convert_md_to_buff+0x5b/0x330
[  652.503902][T26332]  bpf_prog_test_run_xdp+0x81c/0x1160
[  652.503929][T26332]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  652.503948][T26332]  ? __fget_files+0x2a/0x420
[  652.503965][T26332]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  652.503982][T26332]  bpf_prog_test_run+0x2c7/0x340
[  652.504000][T26332]  __sys_bpf+0x643/0x950
[  652.504015][T26332]  ? __pfx___sys_bpf+0x10/0x10
[  652.504075][T26332]  ? ksys_write+0x242/0x270
[  652.504092][T26332]  ? __pfx_ksys_write+0x10/0x10
[  652.504113][T26332]  __x64_sys_bpf+0x7c/0x90
[  652.504134][T26332]  do_syscall_64+0x14d/0xf80
[  652.504154][T26332]  ? trace_irq_disable+0x3b/0x150
[  652.504166][T26332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.504182][T26332]  ? clear_bhb_loop+0x40/0x90
[  652.504200][T26332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.504214][T26332] RIP: 0033:0x7f02bd79c819
[  652.504228][T26332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.504241][T26332] RSP: 002b:00007f02be5e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  652.504258][T26332] RAX: ffffffffffffffda RBX: 00007f02bda15fa0 RCX: 00007f02bd79c819
[  652.504269][T26332] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  652.504279][T26332] RBP: 00007f02be5e2090 R08: 0000000000000000 R09: 0000000000000000
[  652.504288][T26332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  652.504296][T26332] R13: 00007f02bda16038 R14: 00007f02bda15fa0 R15: 00007ffc698341e8
[  652.504319][T26332]  </TASK>
[  653.049917][T26355] x_tables: ip6_tables: ipcomp match: only valid for protocol 108
[  653.083302][T26358] FAULT_INJECTION: forcing a failure.
[  653.083302][T26358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.112597][T26358] CPU: 1 UID: 0 PID: 26358 Comm: syz.4.6803 Not tainted syzkaller #0 PREEMPT(full) 
[  653.112627][T26358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  653.112637][T26358] Call Trace:
[  653.112645][T26358]  <TASK>
[  653.112653][T26358]  dump_stack_lvl+0xe8/0x150
[  653.112683][T26358]  should_fail_ex+0x412/0x560
[  653.112714][T26358]  _copy_to_user+0x31/0xb0
[  653.112737][T26358]  simple_read_from_buffer+0xe1/0x170
[  653.112766][T26358]  proc_fail_nth_read+0x1bb/0x230
[  653.112795][T26358]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  653.112823][T26358]  ? rw_verify_area+0x2a6/0x4d0
[  653.112843][T26358]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  653.112869][T26358]  vfs_read+0x20c/0xa70
[  653.112889][T26358]  ? fdget_pos+0x246/0x320
[  653.112911][T26358]  ? __pfx___mutex_lock+0x10/0x10
[  653.112937][T26358]  ? __pfx_vfs_read+0x10/0x10
[  653.112959][T26358]  ? __fget_files+0x2a/0x420
[  653.112980][T26358]  ? __fget_files+0x3a0/0x420
[  653.112996][T26358]  ? __fget_files+0x2a/0x420
[  653.113027][T26358]  ksys_read+0x150/0x270
[  653.113050][T26358]  ? __pfx_ksys_read+0x10/0x10
[  653.113069][T26358]  ? __pfx_sock_ioctl+0x10/0x10
[  653.113104][T26358]  do_syscall_64+0x14d/0xf80
[  653.113127][T26358]  ? trace_irq_disable+0x3b/0x150
[  653.113144][T26358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.113162][T26358]  ? clear_bhb_loop+0x40/0x90
[  653.113185][T26358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.113203][T26358] RIP: 0033:0x7fa0f655d04e
[  653.113222][T26358] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  653.113238][T26358] RSP: 002b:00007fa0f73c0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  653.113259][T26358] RAX: ffffffffffffffda RBX: 00007fa0f73c16c0 RCX: 00007fa0f655d04e
[  653.113273][T26358] RDX: 000000000000000f RSI: 00007fa0f73c10a0 RDI: 0000000000000003
[  653.113285][T26358] RBP: 00007fa0f73c1090 R08: 0000000000000000 R09: 0000000000000000
[  653.113297][T26358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.113308][T26358] R13: 00007fa0f6816038 R14: 00007fa0f6815fa0 R15: 00007ffce7692af8
[  653.113338][T26358]  </TASK>
[  653.448184][T26370] set match dimension is over the limit!
[  653.522526][T26373] __nla_validate_parse: 5 callbacks suppressed
[  653.522546][T26373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6806'.
[  653.661742][T26380] syzkaller0: entered promiscuous mode
[  653.667406][T26380] syzkaller0: entered allmulticast mode
[  654.042072][T26403] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6819'.
[  654.096593][T26403] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6819'.
[  654.116655][T26411] Cannot find set identified by id 0 to match
[  654.175771][T26414] netlink: 'syz.0.6822': attribute type 8 has an invalid length.
[  654.676920][T26452] netlink: 'syz.3.6833': attribute type 1 has an invalid length.
[  654.822368][T26452] bond0: entered promiscuous mode
[  654.838167][T26452] 8021q: adding VLAN 0 to HW filter on device bond0
[  654.853584][T26464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6836'.
[  654.903074][T26465] bond0: (slave bridge2): making interface the new active one
[  654.940454][T26465] bridge2: entered promiscuous mode
[  654.952516][T26465] bond0: (slave bridge2): Enslaving as an active interface with an up link
[  655.057912][ T5831] Bluetooth: hci1: link tx timeout
[  655.064657][ T5831] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  655.128932][T26478] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6839'.
[  655.182697][ T5830] Bluetooth: hci1: link tx timeout
[  655.187942][ T5830] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  655.221564][ T5830] Bluetooth: hci1: link tx timeout
[  655.226865][ T5830] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  655.465174][T26498] Cannot find set identified by id 0 to match
[  655.594486][T26508] Cannot find del_set index 4 as target
[  655.846037][T26520] lo speed is unknown, defaulting to 1000
[  655.859960][ T5830] Bluetooth: hci1: link tx timeout
[  655.865242][ T5830] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  655.958096][T26515] 8021q: adding VLAN 0 to HW filter on device bond1
[  655.979307][T26525] netlink: 52 bytes leftover after parsing attributes in process `syz.4.6852'.
[  656.087899][T26523] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.6851'.
[  656.171826][ T5830] Bluetooth: hci1: link tx timeout
[  656.177134][ T5830] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  656.261318][ T5830] Bluetooth: hci1: link tx timeout
[  656.266493][ T5830] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  656.410599][T26548] syzkaller1: entered promiscuous mode
[  656.416901][T26548] syzkaller1: entered allmulticast mode
[  656.498140][T26550] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6858'.
[  656.922217][T26564] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6864'.
[  656.942112][T26564] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6864'.
[  657.141110][ T5830] Bluetooth: hci5: command 0x0406 tx timeout
[  657.148196][ T5830] Bluetooth: hci1: command 0x0406 tx timeout
[  657.325878][T26590] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  657.329492][T26598] netlink: 'syz.4.6873': attribute type 1 has an invalid length.
[  657.350159][T26596] nbd: must specify an index to disconnect
[  657.437070][T26601] netlink: 'syz.0.6874': attribute type 1 has an invalid length.
[  657.685391][T26624] syzkaller0: mtu less than device minimum
[  657.775178][T26631] FAULT_INJECTION: forcing a failure.
[  657.775178][T26631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.790031][T26631] CPU: 0 UID: 0 PID: 26631 Comm: syz.1.6884 Not tainted syzkaller #0 PREEMPT(full) 
[  657.790057][T26631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  657.790069][T26631] Call Trace:
[  657.790076][T26631]  <TASK>
[  657.790083][T26631]  dump_stack_lvl+0xe8/0x150
[  657.790109][T26631]  should_fail_ex+0x412/0x560
[  657.790135][T26631]  _copy_to_user+0x31/0xb0
[  657.790154][T26631]  simple_read_from_buffer+0xe1/0x170
[  657.790178][T26631]  proc_fail_nth_read+0x1bb/0x230
[  657.790200][T26631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.790223][T26631]  ? rw_verify_area+0x2a6/0x4d0
[  657.790238][T26631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.790259][T26631]  vfs_read+0x20c/0xa70
[  657.790272][T26631]  ? fdget_pos+0x246/0x320
[  657.790289][T26631]  ? __pfx___mutex_lock+0x10/0x10
[  657.790309][T26631]  ? __pfx_vfs_read+0x10/0x10
[  657.790325][T26631]  ? __fget_files+0x2a/0x420
[  657.790342][T26631]  ? __fget_files+0x3a0/0x420
[  657.790353][T26631]  ? __fget_files+0x2a/0x420
[  657.790373][T26631]  ksys_read+0x150/0x270
[  657.790391][T26631]  ? __pfx_ksys_read+0x10/0x10
[  657.790405][T26631]  ? __pfx_sock_ioctl+0x10/0x10
[  657.790434][T26631]  do_syscall_64+0x14d/0xf80
[  657.790452][T26631]  ? trace_irq_disable+0x3b/0x150
[  657.790465][T26631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.790479][T26631]  ? clear_bhb_loop+0x40/0x90
[  657.790501][T26631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.790515][T26631] RIP: 0033:0x7ff10eb5d04e
[  657.790530][T26631] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  657.790543][T26631] RSP: 002b:00007ff10cdedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  657.790560][T26631] RAX: ffffffffffffffda RBX: 00007ff10cdee6c0 RCX: 00007ff10eb5d04e
[  657.790570][T26631] RDX: 000000000000000f RSI: 00007ff10cdee0a0 RDI: 0000000000000003
[  657.790579][T26631] RBP: 00007ff10cdee090 R08: 0000000000000000 R09: 0000000000000000
[  657.790587][T26631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.790595][T26631] R13: 00007ff10ee16038 R14: 00007ff10ee15fa0 R15: 00007fffcbff3768
[  657.790619][T26631]  </TASK>
[  658.378201][T26648] netlink: 'syz.4.6887': attribute type 21 has an invalid length.
[  658.412825][T26634] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  658.605320][T26657] set match dimension is over the limit!
[  658.967800][T26684] __nla_validate_parse: 1 callbacks suppressed
[  658.967819][T26684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6898'.
[  659.034527][T26686] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6899'.
[  659.586115][T26706] netlink: 'syz.3.6903': attribute type 1 has an invalid length.
[  659.630578][T26706] netlink: 'syz.3.6903': attribute type 3 has an invalid length.
[  659.641290][T26706] netlink: 172 bytes leftover after parsing attributes in process `syz.3.6903'.
[  659.660455][T26706] NCSI netlink: No device for ifindex 813332851
[  659.713025][T26712] netlink: 'syz.2.6906': attribute type 4 has an invalid length.
[  659.721295][T26712] netlink: 17 bytes leftover after parsing attributes in process `syz.2.6906'.
[  659.773400][T26714] lo speed is unknown, defaulting to 1000
[  659.785853][T26721] syzkaller0: entered promiscuous mode
[  659.792657][T26721] syzkaller0: entered allmulticast mode
[  660.013119][T26727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6911'.
[  660.294251][T26742] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6919'.
[  660.434164][T26751] syzkaller0: entered promiscuous mode
[  660.454651][T26751] syzkaller0: entered allmulticast mode
[  660.587506][T26765] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6926'.
[  661.552230][T26817] sctp: [Deprecated]: syz.2.6944 (pid 26817) Use of struct sctp_assoc_value in delayed_ack socket option.
[  661.552230][T26817] Use struct sctp_sack_info instead
[  662.065251][T26850] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6958'.
[  662.087645][T26850] sctp: [Deprecated]: syz.0.6958 (pid 26850) Use of int in max_burst socket option.
[  662.087645][T26850] Use struct sctp_assoc_value instead
[  662.323776][T26866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6964'.
[  662.396224][T26874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6966'.
[  662.475428][T26874] macvtap2: entered promiscuous mode
[  662.488903][T26874] vlan0: entered promiscuous mode
[  662.499502][T26874] macvtap2: entered allmulticast mode
[  662.516218][T26874] vlan0: entered allmulticast mode
[  662.541276][T26874] veth0_vlan: entered allmulticast mode
[  662.620291][T26884] pim6reg1: entered promiscuous mode
[  662.625641][T26884] pim6reg1: entered allmulticast mode
[  662.697923][T26892] netlink: 'syz.0.6972': attribute type 11 has an invalid length.
[  662.722355][ T3000] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  662.723676][T26892] netlink: 'syz.0.6972': attribute type 11 has an invalid length.
[  662.746858][ T3000] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  662.788890][ T3000] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  662.870820][T26889] bridge1: entered promiscuous mode
[  662.886366][T26889] bridge1: entered allmulticast mode
[  662.897513][T26903] Cannot find set identified by id 0 to match
[  662.905772][T26889] team0: Port device bridge1 added
[  662.913195][T26896] bridge0: port 3(team0) entered blocking state
[  662.930675][T26896] bridge0: port 3(team0) entered disabled state
[  662.938945][T26896] team0: entered allmulticast mode
[  662.951418][T26896] team_slave_0: entered allmulticast mode
[  662.958909][T26896] team_slave_1: entered allmulticast mode
[  662.982672][T26896] team0: entered promiscuous mode
[  662.987761][T26896] team_slave_0: entered promiscuous mode
[  662.993673][T26909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.011026][T26896] team_slave_1: entered promiscuous mode
[  663.017712][T26896] bridge0: port 3(team0) entered blocking state
[  663.024138][T26896] bridge0: port 3(team0) entered forwarding state
[  663.040884][ T3000] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  663.074207][T26899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.160520][T26899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.176155][T26919] bridge2: entered promiscuous mode
[  663.183399][T26919] bridge2: entered allmulticast mode
[  663.261190][T26932] xt_TPROXY: Can be used only with -p tcp or -p udp
[  663.364867][T26941] set match dimension is over the limit!
[  663.580804][T26949] bridge3: entered promiscuous mode
[  663.586321][T26949] bridge3: entered allmulticast mode
[  663.595610][T26949] team0: Port device bridge3 added
[  663.895794][T26964] netlink: 'syz.4.6998': attribute type 14 has an invalid length.
[  663.923066][T26964] netlink: 'syz.4.6998': attribute type 13 has an invalid length.
[  663.951796][T26917] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  663.959007][T26917] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  664.001665][T26973] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  664.011288][T26917] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  664.017224][T26917] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  664.085508][T26917] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  664.108601][T26917] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  664.143879][T26917] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  664.166476][T26917] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  664.377743][T26993] bridge5: entered promiscuous mode
[  664.396320][T26993] bridge5: entered allmulticast mode
[  664.416027][T26993] team0: Port device bridge5 added
[  664.433838][T26998] bridge0: port 4(team0) entered blocking state
[  664.456786][T26998] bridge0: port 4(team0) entered disabled state
[  664.483912][T26998] team0: entered allmulticast mode
[  664.500913][T27004] __nla_validate_parse: 7 callbacks suppressed
[  664.500933][T27004] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7008'.
[  664.508385][T26998] team_slave_0: entered allmulticast mode
[  664.552810][T26998] team_slave_1: entered allmulticast mode
[  664.564016][T26998] team0: entered promiscuous mode
[  664.569522][T26998] team_slave_0: entered promiscuous mode
[  664.575681][T26998] team_slave_1: entered promiscuous mode
[  665.300138][T27051] IPv6: NLM_F_CREATE should be specified when creating new route
[  665.479715][T27060] netlink: 64 bytes leftover after parsing attributes in process `syz.2.7021'.
[  665.668484][T27069] IPVS: set_ctl: invalid protocol: 0 100.1.1.4:20000
[  665.733322][T27075] netlink: 'syz.4.7025': attribute type 1 has an invalid length.
[  665.841072][T27048] vlan3: entered promiscuous mode
[  665.846168][T27048] geneve1: entered promiscuous mode
[  665.855945][T27048] vlan3: entered allmulticast mode
[  665.866521][T27048] geneve1: entered allmulticast mode
[  666.360249][T27104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7035'.
[  666.373995][T27106] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7034'.
[  666.426795][T27111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7034'.
[  666.503104][T27116] netlink: 272 bytes leftover after parsing attributes in process `syz.1.7037'.
[  666.575555][T27120] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  666.602791][ T8909] lec:lec_start_xmit: lec0:No lecd attached
[  666.986883][T27142] FAULT_INJECTION: forcing a failure.
[  666.986883][T27142] name failslab, interval 1, probability 0, space 0, times 0
[  666.999639][T27142] CPU: 1 UID: 0 PID: 27142 Comm: syz.1.7041 Not tainted syzkaller #0 PREEMPT(full) 
[  666.999665][T27142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  666.999677][T27142] Call Trace:
[  666.999685][T27142]  <TASK>
[  666.999693][T27142]  dump_stack_lvl+0xe8/0x150
[  666.999724][T27142]  should_fail_ex+0x412/0x560
[  666.999758][T27142]  should_failslab+0xa8/0x100
[  666.999783][T27142]  kmem_cache_alloc_bulk_noprof+0x8d/0x7e0
[  666.999807][T27142]  ? pfn_valid+0x125/0x4c0
[  666.999838][T27142]  bpf_test_run_xdp_live+0x179c/0x1cf0
[  666.999886][T27142]  ? bpf_test_run_xdp_live+0x438/0x1cf0
[  666.999916][T27142]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  666.999958][T27142]  ? 0xffffffffa02019d8
[  667.000001][T27142]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  667.000034][T27142]  ? _copy_from_user+0x94/0xb0
[  667.000056][T27142]  ? bpf_test_init+0x113/0x150
[  667.000074][T27142]  ? xdp_convert_md_to_buff+0x5b/0x330
[  667.000098][T27142]  bpf_prog_test_run_xdp+0x81c/0x1160
[  667.000134][T27142]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  667.000160][T27142]  ? __fget_files+0x2a/0x420
[  667.000183][T27142]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  667.000204][T27142]  bpf_prog_test_run+0x2c7/0x340
[  667.000228][T27142]  __sys_bpf+0x643/0x950
[  667.000248][T27142]  ? __pfx___sys_bpf+0x10/0x10
[  667.000281][T27142]  ? ksys_write+0x242/0x270
[  667.000305][T27142]  ? __pfx_ksys_write+0x10/0x10
[  667.000333][T27142]  __x64_sys_bpf+0x7c/0x90
[  667.000358][T27142]  do_syscall_64+0x14d/0xf80
[  667.000383][T27142]  ? trace_irq_disable+0x3b/0x150
[  667.000399][T27142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.000418][T27142]  ? clear_bhb_loop+0x40/0x90
[  667.000436][T27142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.000450][T27142] RIP: 0033:0x7ff10eb9c819
[  667.000469][T27142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  667.000486][T27142] RSP: 002b:00007ff10cdee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  667.000506][T27142] RAX: ffffffffffffffda RBX: 00007ff10ee15fa0 RCX: 00007ff10eb9c819
[  667.000520][T27142] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  667.000532][T27142] RBP: 00007ff10cdee090 R08: 0000000000000000 R09: 0000000000000000
[  667.000544][T27142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  667.000556][T27142] R13: 00007ff10ee16038 R14: 00007ff10ee15fa0 R15: 00007fffcbff3768
[  667.000587][T27142]  </TASK>
[  667.490690][T27150] geneve2: entered promiscuous mode
[  667.517574][T27150] geneve2: entered allmulticast mode
[  667.633134][T27169] netlink: 'syz.0.7051': attribute type 15 has an invalid length.
[  667.680520][T27171] netlink: 328 bytes leftover after parsing attributes in process `syz.1.7053'.
[  667.800368][T27178] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  667.930504][T27184] syzkaller0: entered promiscuous mode
[  667.936132][T27184] syzkaller0: entered allmulticast mode
[  668.473556][T27214] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7062'.
[  668.657837][T27222] netlink: 'syz.0.7067': attribute type 15 has an invalid length.
[  668.694705][T27222] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7067'.
[  668.747776][T27226] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543
[  668.790764][T27222] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7067'.
[  669.489222][T27270] syzkaller0: entered allmulticast mode
[  670.103602][T27299] sctp: [Deprecated]: syz.4.7088 (pid 27299) Use of struct sctp_assoc_value in delayed_ack socket option.
[  670.103602][T27299] Use struct sctp_sack_info instead
[  670.168908][T27274] lec:lec_atm_close: lec0: Shut down!
[  670.239737][T27306] __nla_validate_parse: 2 callbacks suppressed
[  670.239757][T27306] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7090'.
[  670.311334][T27309] netlink: 4552 bytes leftover after parsing attributes in process `syz.2.7091'.
[  670.376695][T27309] netlink: 4552 bytes leftover after parsing attributes in process `syz.2.7091'.
[  670.547747][T27327] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7095'.
[  671.160964][T27360] Cannot find set identified by id 0 to match
[  671.499720][T27378] lo: Caught tx_queue_len zero misconfig
[  671.767529][T27324] udevd[27324]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory
[  671.814009][T27402] netlink: 'syz.2.7123': attribute type 29 has an invalid length.
[  671.826242][T27402] netlink: 'syz.2.7123': attribute type 29 has an invalid length.
[  671.838152][T27402] netlink: 500 bytes leftover after parsing attributes in process `syz.2.7123'.
[  671.865301][T27402] unsupported nla_type 58
[  671.876907][T27402] sctp: [Deprecated]: syz.2.7123 (pid 27402) Use of struct sctp_assoc_value in delayed_ack socket option.
[  671.876907][T27402] Use struct sctp_sack_info instead
[  672.068767][T27422] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7129'.
[  672.148709][T27424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7130'.
[  672.579435][T27457] netlink: 'syz.0.7138': attribute type 15 has an invalid length.
[  672.591445][T27457] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7138'.
[  672.591457][T27455] veth0: Caught tx_queue_len zero misconfig
[  672.594227][T27460] 
[  672.608726][T27460] ======================================================
[  672.615756][T27460] WARNING: possible circular locking dependency detected
[  672.622793][T27460] syzkaller #0 Not tainted
[  672.627256][T27460] ------------------------------------------------------
[  672.634466][T27460] syz.2.7142/27460 is trying to acquire lock:
[  672.640639][T27460] ffffffff8fd4e0d8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0
[  672.650045][T27460] 
[  672.650045][T27460] but task is already holding lock:
[  672.657396][T27460] ffff888035e06b70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x1039/0x2630
[  672.666845][T27460] 
[  672.666845][T27460] which lock already depends on the new lock.
[  672.666845][T27460] 
[  672.677513][T27460] 
[  672.677513][T27460] the existing dependency chain (in reverse order) is:
[  672.686534][T27460] 
[  672.686534][T27460] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  672.694532][T27460]        _raw_spin_lock_bh+0x36/0x50
[  672.699824][T27460]        nr_rt_device_down+0x153/0x860
[  672.705284][T27460]        nr_device_event+0x137/0x150
[  672.710611][T27460]        notifier_call_chain+0x1be/0x400
[  672.716260][T27460]        __dev_notify_flags+0x16d/0x310
[  672.721821][T27460]        netif_change_flags+0xe8/0x1a0
[  672.727273][T27460]        dev_change_flags+0x130/0x260
[  672.732636][T27460]        dev_ioctl+0x7b4/0x1150
[  672.737478][T27460]        sock_do_ioctl+0x23e/0x320
[  672.742576][T27460]        sock_ioctl+0x5c6/0x7f0
[  672.747605][T27460]        __se_sys_ioctl+0xfc/0x170
[  672.752726][T27460]        do_syscall_64+0x14d/0xf80
[  672.757947][T27460]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.764348][T27460] 
[  672.764348][T27460] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  672.772158][T27460]        _raw_spin_lock_bh+0x36/0x50
[  672.777461][T27460]        nr_rt_device_down+0xbe/0x860
[  672.782826][T27460]        nr_device_event+0x137/0x150
[  672.788105][T27460]        notifier_call_chain+0x1be/0x400
[  672.793736][T27460]        __dev_notify_flags+0x16d/0x310
[  672.799281][T27460]        netif_change_flags+0xe8/0x1a0
[  672.804732][T27460]        dev_change_flags+0x130/0x260
[  672.810093][T27460]        dev_ioctl+0x7b4/0x1150
[  672.814940][T27460]        sock_do_ioctl+0x23e/0x320
[  672.820038][T27460]        sock_ioctl+0x5c6/0x7f0
[  672.825060][T27460]        __se_sys_ioctl+0xfc/0x170
[  672.830162][T27460]        do_syscall_64+0x14d/0xf80
[  672.835269][T27460]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.841679][T27460] 
[  672.841679][T27460] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  672.849577][T27460]        __lock_acquire+0x15a5/0x2cf0
[  672.854942][T27460]        lock_acquire+0xf0/0x2e0
[  672.859871][T27460]        _raw_spin_lock_bh+0x36/0x50
[  672.865143][T27460]        nr_remove_neigh+0x25/0xe0
[  672.870248][T27460]        nr_add_node+0x1e41/0x2630
[  672.875361][T27460]        nr_rt_ioctl+0xe59/0xf90
[  672.880381][T27460]        sock_do_ioctl+0x101/0x320
[  672.885490][T27460]        sock_ioctl+0x5c6/0x7f0
[  672.890333][T27460]        __se_sys_ioctl+0xfc/0x170
[  672.895439][T27460]        do_syscall_64+0x14d/0xf80
[  672.900631][T27460]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.907038][T27460] 
[  672.907038][T27460] other info that might help us debug this:
[  672.907038][T27460] 
[  672.917341][T27460] Chain exists of:
[  672.917341][T27460]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  672.917341][T27460] 
[  672.931334][T27460]  Possible unsafe locking scenario:
[  672.931334][T27460] 
[  672.938876][T27460]        CPU0                    CPU1
[  672.944234][T27460]        ----                    ----
[  672.949582][T27460]   lock(&nr_node->node_lock);
[  672.954334][T27460]                                lock(nr_node_list_lock);
[  672.961437][T27460]                                lock(&nr_node->node_lock);
[  672.968716][T27460]   lock(nr_neigh_list_lock);
[  672.973499][T27460] 
[  672.973499][T27460]  *** DEADLOCK ***
[  672.973499][T27460] 
[  672.981639][T27460] 1 lock held by syz.2.7142/27460:
[  672.986761][T27460]  #0: ffff888035e06b70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x1039/0x2630
[  672.996775][T27460] 
[  672.996775][T27460] stack backtrace:
[  673.002662][T27460] CPU: 0 UID: 0 PID: 27460 Comm: syz.2.7142 Not tainted syzkaller #0 PREEMPT(full) 
[  673.002682][T27460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  673.002693][T27460] Call Trace:
[  673.002702][T27460]  <TASK>
[  673.002710][T27460]  dump_stack_lvl+0xe8/0x150
[  673.002737][T27460]  print_circular_bug+0x2e1/0x300
[  673.002762][T27460]  check_noncircular+0x12e/0x150
[  673.002787][T27460]  __lock_acquire+0x15a5/0x2cf0
[  673.002813][T27460]  ? __lock_acquire+0x6b5/0x2cf0
[  673.002834][T27460]  lock_acquire+0xf0/0x2e0
[  673.002853][T27460]  ? nr_remove_neigh+0x25/0xe0
[  673.002877][T27460]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  673.002893][T27460]  ? nr_remove_neigh+0x25/0xe0
[  673.002915][T27460]  _raw_spin_lock_bh+0x36/0x50
[  673.002935][T27460]  ? nr_remove_neigh+0x25/0xe0
[  673.002956][T27460]  nr_remove_neigh+0x25/0xe0
[  673.002979][T27460]  nr_add_node+0x1e41/0x2630
[  673.003002][T27460]  ? dev_get_by_name+0x21/0x200
[  673.003024][T27460]  ? dev_get_by_name+0x21/0x200
[  673.003045][T27460]  ? nr_call_to_digi+0x136/0x1b0
[  673.003067][T27460]  nr_rt_ioctl+0xe59/0xf90
[  673.003090][T27460]  ? kasan_quarantine_put+0xbb/0x1f0
[  673.003108][T27460]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  673.003132][T27460]  ? apparmor_capable+0x126/0x170
[  673.003153][T27460]  ? capable+0x88/0xe0
[  673.003173][T27460]  ? nr_ioctl+0x1b1/0x3b0
[  673.003192][T27460]  sock_do_ioctl+0x101/0x320
[  673.003208][T27460]  ? __pfx_sock_do_ioctl+0x10/0x10
[  673.003227][T27460]  sock_ioctl+0x5c6/0x7f0
[  673.003251][T27460]  ? __pfx_sock_ioctl+0x10/0x10
[  673.003272][T27460]  ? __fget_files+0x2a/0x420
[  673.003286][T27460]  ? __fget_files+0x3a0/0x420
[  673.003299][T27460]  ? __fget_files+0x2a/0x420
[  673.003313][T27460]  ? bpf_lsm_file_ioctl+0x9/0x20
[  673.003334][T27460]  ? __pfx_sock_ioctl+0x10/0x10
[  673.003356][T27460]  __se_sys_ioctl+0xfc/0x170
[  673.003374][T27460]  do_syscall_64+0x14d/0xf80
[  673.003409][T27460]  ? trace_irq_disable+0x3b/0x150
[  673.003428][T27460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  673.003450][T27460]  ? clear_bhb_loop+0x40/0x90
[  673.003467][T27460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  673.003483][T27460] RIP: 0033:0x7faac859c819
[  673.003498][T27460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  673.003513][T27460] RSP: 002b:00007faac93d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  673.003531][T27460] RAX: ffffffffffffffda RBX: 00007faac8816090 RCX: 00007faac859c819
[  673.003543][T27460] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000004
[  673.003554][T27460] RBP: 00007faac8632c91 R08: 0000000000000000 R09: 0000000000000000
[  673.003564][T27460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  673.003574][T27460] R13: 00007faac8816128 R14: 00007faac8816090 R15: 00007fff8edf1fb8
[  673.003591][T27460]  </TASK>
[  673.043321][T27462] netlink: 68 bytes leftover after parsing attributes in process `syz.1.7143'.
[  675.848316][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5680 ms
[  675.856448][    C0] lec:lec_tx_timeout: lec0