last executing test programs:

3.220695242s ago: executing program 3 (id=3958):
unshare(0x62040200)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x10008095, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x17, 0x0, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x2400ed80, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400a0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x80)

2.956063195s ago: executing program 0 (id=3962):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket(0x2, 0x80805, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f00000000c0), &(0x7f0000000140)=0x4)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001700)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001080)=@newqdisc={0x60, 0x24, 0x3fe3aa0262d8c783, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x0, 0x16747c6d2baaace}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x1}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x1, 0x1ff, 0x7, 0x4, 0x5bd}, {0xc, 0x1, 0x0, 0xab, 0x9}, 0x7, 0x7, 0x10fc}}]}}]}, 0x60}}, 0x4000)
sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=@ipv6_getaddr={0x2c, 0x16, 0x1, 0x70bd2a, 0x25dfdbfb, {0xa, 0x1f, 0x1, 0xc8, r3}, [@IFA_CACHEINFO={0x14, 0x6, {0xfffffffd, 0x7, 0x6, 0xff}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48815)
socket(0x2a, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x14, 0x453, 0x4, 0x70bd2d, 0x25dfdbff, '1'}, 0x14}}, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_TIOCOUTQ(r6, 0x5411, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.727508993s ago: executing program 0 (id=3965):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0xb, [@typedef={0x3, 0x0, 0x0, 0x8, 0x2}, @fwd={0x2}, @const={0x9, 0x0, 0x0, 0xa, 0x2}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x1, 0x2}]}, @volatile={0x7, 0x0, 0x0, 0x9, 0x1}, @volatile={0xd, 0x0, 0x0, 0x9, 0x5}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0xf, 0x0, 0x31, 0x2}]}, {0x0, [0x5f, 0x0, 0x2e, 0x5f, 0x2e, 0x30, 0x5f, 0x2e, 0x0]}}, &(0x7f0000000ac0)=""/143, 0x83, 0x8f, 0x1, 0x9, 0x10000, @value}, 0x28)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r2, 0x0, 0x4ffe6, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x16, 0xc, &(0x7f00000009c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x60ff, 0x0, &(0x7f0000000000), 0x0, 0x5043, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r6, 0x1, 0x0, 0x0, {0x53}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6}}]}, 0x44}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r7, 0x4)
sendmsg$nl_xfrm(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000160039030000000000000000e000000100000000000000000000000000000008000000000000ffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x002'], 0xf8}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000080)={'syzkaller0\x00', &(0x7f0000000b80)=@ethtool_rxnfc={0x30, 0x4, 0x9, {0x9, @esp_ip6_spec={@remote, @ipv4={'\x00', '\xff\xff', @local}, 0xfa, 0x66}, {0x0, @multicast, 0x6, 0x5, [0x40005, 0x1]}, @tcp_ip4_spec={@local, @private=0xa010100, 0x4e23, 0x4e21, 0x82}, {0x0, @broadcast, 0x8, 0xf800, [0x6dd, 0x4]}, 0x3, 0x100}, 0x1, [0x7]}})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@local, 0x0, 0x5, 0x0, 0xb7, 0x0, 0x0, 0x80000001}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f0000000280)=<r11=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={<r12=>0x0}, &(0x7f0000000400)=0xc)
sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f00000008c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1800}, 0xc, &(0x7f0000000880)={&(0x7f00000009c0)=ANY=[@ANYBLOB="bdbd0f86f9bc010000000000", @ANYRES16=r10, @ANYBLOB="000825bd7000fedbdf25250000000e0001006e657464657673696d0000000f0002006e657464", @ANYRES32=r11, @ANYBLOB="0e0001006e657464657673696d0000000f0002006e657464657673", @ANYRES32=r12, @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x8880}, 0x0)

2.652271257s ago: executing program 3 (id=3967):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000400000005600000025000000190004000400000007fd17e5ffff0800040000000000030000", 0x39}], 0x1)

2.287904223s ago: executing program 0 (id=3972):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
socket$packet(0x11, 0x3, 0x300)
socket(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
sendmmsg$inet(r0, &(0x7f0000002c00)=[{{&(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000380)="25e83a637602dbdd2ab8610da87d2e562cd6bedd13ddaaa21bc887b85ea53d0a950eb895b62a614c4b105dfd577b26ee9d9884c6dd6e1183386ff70f59f7f47581d7d0a38f7a0e83dab2f8832ff4bb1b919bc688d21fc3e7ecc86a6ba68449b6470812ec76f65ca1aaeae2b232a119614a3aad8217aae162f62cff9491d84de3ec4824433dc12276e21b020a91f768771ede95e619504c433a45abaa56a96e86f9557fd374fbcf87a79af5", 0xab}, {&(0x7f0000000440)="6c2b3308780d705842496527f736cb18b94de44253bf51b7e6df739e4a42a65d3d231dea5de683e7dbe9543a3acd10672c1f2b718038895408fac5912be15aee544f698e76afaaf8bdf27cef0e31cc44f87ddac5a564a7cdf0c37c81a0032f0d0d1715d33c5cc3ee909e92e249007c8c7f2b401d1f228c0a335fff03dfbf", 0x7e}], 0x2, &(0x7f0000000300)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}], 0x18}}, {{&(0x7f0000000500)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000780)=[{&(0x7f0000000540)="7ec55b5020ab6674ea93b6efc516fc", 0xf}, {&(0x7f0000000580)="e0f73bf1c7f9c427b91352a4161e1b15a3f83f6286c11c0f9e934d2f834eed51c0e51ae144909f96caf95f20105dc7ee72e14376e0ac34a9a198391ee880", 0x3e}, {&(0x7f0000000680)="ae1d02e19bd9314f738cf36a36de3850ee4a4bbfed39a991e3f633902c9eef56f1c3917a7d38a03a59d502a212d53e884f8587c8da55ded20b4b9606ba68985cc4f6a981c696f4dc45bc", 0x4a}, {&(0x7f0000000700)="d4b00c78dd2e60c3b577cfce52e6b824021637ad7136897bf190a510338c9d", 0x1f}], 0x4}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000f80)="3b6d98ee4d55ccf0470111099fbd2b8816d812dc21af8b5f08cbff56bc082489b9679a438d34fc0e57671dd37d71a6dbbb8345af294b22e2d4d925d40972d971f7025288d2ed30f1277698fa672436d118fc2ce93be8937d219ba432e3ec738b9a8ce9a71435eba06036", 0x6a}], 0x1}}, {{0x0, 0x0, &(0x7f0000001300)}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f00000014c0)="9833ffc319197cce5d1b5ea20f757372a4f918448c29e64b9965f89b591f598680397bde310e86f00a11425ea485391f014663d0284e1730d885d8e12ed69d8beb366cbb1f7d", 0x46}], 0x1, &(0x7f00000027c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_retopts={{0x14, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0xfa}, @end]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010100, @empty}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x3b}, @multicast2}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x88}}], 0x6, 0x40)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r3)

2.283576725s ago: executing program 3 (id=3973):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000100006a0a00fe00000000850000001a000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r0)
sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000f40)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000225bd7000fcdbdf2511000000bb00be008ba3ddf2795be3ccbfc8a4a2b9797187a063e4a08eca8452c40cfb11d67358579ba413256a5c2166d182f5efcf773ae1c98302cfa3caa6b078e91509e6cbea548c6b00e5f468b2b4ee09248eaee7819be3c73f5227257027e3f80fb1e9267ea214a7c5a74a44ba5151d71439577e276da55606d0905001390398dbc298ddc338b8e26de9f191c69bfb2ff9fa3795322df7e05d4f9d672b9c2c6d71b133cf52a02f1fe3bfaf57dfc26c2b7ac659523d6fa36ba70b1e760000050029000c000000"], 0xd8}, 0x1, 0x0, 0x0, 0x4000805}, 0x800)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x9b11, r4, 0x10, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24}]}, 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan4\x00'})
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r6, 0x10f, 0x81, &(0x7f0000000080), 0x4)
sendmmsg$inet(r6, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r7)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c1000000000000000", 0x56}], 0x1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x18, 0x24, 0x301, 0x0, 0x80, {0x11}, [@nested={0x4, 0x12f}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="796100000000000000007e00000033000300", @ANYRES32=0x0, @ANYBLOB="a739dfe54ad99ffa18c27526b51001fb4f778791377c"], 0x1c}}, 0x4000054)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.765581676s ago: executing program 3 (id=3983):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000150033fa7df73b33e1cb0800114000000000b61bfb55b547767b38e66e26726e0500010006000000050004dd000000000900020033797a30000000630030e0c7ec6e5d597270526383ef88286374e0be85865814da3ca1431d969fa35bb3f7898994b4281f529174009d90701bdf173e7f54b1f1c5e3a22123c35c3bf813dd000000000000000000000097e4d110df5a649ea8ddf0bb6af5af50f0883b64aec7af8b9b5c50217aa299cf5be6e1ecff5171"], 0x4c}}, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x3c, r2, 0x1, 0x70bd2d, 0x0, {0x36}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x73}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYRES64=r0, @ANYRES16=r0], 0x4c}}, 0x4000804)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x44, r6, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x7ff, 0x6d}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x480c0}, 0x24044884)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa8}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x40, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xe}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0xd}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x243}, @NL80211_ATTR_MAC={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x8814}, 0x4000000)
sendmsg$NL80211_CMD_START_NAN(r3, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="00001e92cd104f216543888b6a5cbe7fc26a3e3b899e234350138a38c23ec1619fd6fa3fdd6c377ea8531f76d3c641cc17d24888e54a4ef8c1e7e72a58494f3844d0ad5712e1e2006dd3316a88b653443c3dc09f297a96a9f0f4defb7d8eea6cd840d44ef92073c2199f07d399fa755ed1b1e85848d4b8da873e06c69a17f88415b9357bc478438a5fe7a7e4c1753b0cf948c75df3f3a71b439dc4fdd301552089d9707bc199666314a692af66c36442db7f22674c290abc30b06c4431c82816caaf161b83006ace952844fb614a20086f7ca096b0ea5475264d6a6b", @ANYRES16=r6, @ANYBLOB="02002dbd7000fddbdf257300000008000300", @ANYRES32=r12, @ANYBLOB="0c00990006000000530000000800ef00060000000800ef0002000000"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

1.649437073s ago: executing program 3 (id=3986):
pipe(&(0x7f0000000040))
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x2, 0x300)
socket$rds(0x15, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x6a, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0xfffc, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@rand_addr=0x64010102, 0x10000}, {@empty}, {@dev}, {@remote}]}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x18)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda9880ffe0ffe2800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)

1.615159178s ago: executing program 1 (id=3987):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000033bc0e0000000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe})
ioctl(r1, 0x8b22, 0x0)

1.532223787s ago: executing program 1 (id=3989):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000a40)={0xa, 0x4e02, 0x7ffe, @remote, 0x9}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x80fe, &(0x7f0000000100)=[{&(0x7f0000000000)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.425701556s ago: executing program 1 (id=3991):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mmap(&(0x7f0000ce2000/0x4000)=nil, 0x4000, 0x2000006, 0x12, r0, 0x913e0000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000c16000/0x4000)=nil, 0x4000, 0x2000003, 0x28011, r2, 0xac9d4000)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
sendmsg$nl_route(r4, &(0x7f000000e0c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000030000004c00018038000400200001000a004e2200000002fe8000000000000000000000000000bb090000001400020002000000ffffffff0073797a3200000000925fd79990f2c0fba7a558e9b8573b48be7d0cb3894c86caea00b6364e308bf933056dd33a8492c041f3c794b9e4f6b1db954b19e0"], 0x60}}, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x40000)

1.422543277s ago: executing program 3 (id=3992):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
unshare(0x6a040080)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x10000c00)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
socket(0x10, 0x80003, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], &(0x7f0000000080)='GPL\x00', 0x1, 0xfffffffffffffe7f, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, 0x0, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[], 0x40}}, 0x400c010)
sendmsg$DCCPDIAG_GETSOCK(r5, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0400000008000000090080000800000004000100"], 0x50}, 0x1, 0x0, 0x0, 0x10}, 0xc855)
mmap(&(0x7f0000176000/0x3000)=nil, 0x3000, 0x4, 0x3032, r0, 0x1db4e000)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000a0000050015000300000005000500ff0fc00005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)

1.361560616s ago: executing program 0 (id=3993):
pipe(&(0x7f0000000040))
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
socket$rds(0x15, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x18)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x2100, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda9880ffe0ffe2800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)

1.29202637s ago: executing program 2 (id=3994):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7", 0x56}], 0x2}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd50d36f3c028c27ba00"/84, 0x54}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000024100d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe08c33a33b275787892f61fbb621794716f96031931b55af30fa01d72aa5a53ee4c07ab7c96a4a9ed93f4d20269982ab6feb22d8e77afb7b861622ab963b07f0026fd6424082bcd0864a854e542aacc3201fff776fe1c000000000000000000000000000000002da46e8a95bcea", 0xe2}], 0x2}}], 0x2, 0xc0)

1.288035061s ago: executing program 1 (id=3995):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (async, rerun: 32)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="090300000000000000001f"], 0x14}}, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f00000000c0)=0x9, 0x4) (async, rerun: 32)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0) (rerun: 32)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.22168445s ago: executing program 4 (id=3996):
r0 = socket$netlink(0x10, 0x3, 0x7)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc)
close(r0)

1.139964726s ago: executing program 2 (id=3997):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x3, 0x2ffffffff}, 0xc)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=ANY=[@ANYBLOB="4400000010003b15000800000000000000410000", @ANYRES32=0x0, @ANYBLOB="0000000000b401001c00128009000100626f6e64000000000c000280050001000600000008000a00", @ANYRES32=r3], 0x44}}, 0x0)

1.091413627s ago: executing program 1 (id=3998):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x80}, [@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}]}, 0x0, 0x6, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'caif0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000004"], 0x50)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001000390400"/20, @ANYRES32=r5, @ANYBLOB="8106010000000000140012800b00010062726964676500000400028008001b00080000000800356f277075ab3d9a210006000000"], 0x4c}}, 0x20044002)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0)
r9 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r10}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009"], 0x48}}, 0x0)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)
setsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000100), 0x4)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1.04752896s ago: executing program 4 (id=3999):
syz_emit_ethernet(0x177, &(0x7f0000000780)={@empty, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "000080", 0x141, 0x11, 0x0, @remote, @mcast2, {[@routing={0x3b, 0x8, 0x0, 0x9, 0x0, [@mcast1, @private0, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}], {0x0, 0x4e22, 0xf9, 0x0, @gue={{0x2, 0x0, 0x1, 0x3, 0x100, @val=0x80}, "3868e1d6ab8a1292b52656c6f758946232cb08deda50a010ccf3096f75762436ee8e05d32871f99563eaad5e3e2cbf3cedf77dace7527895f01e4ce3f08c0e0b6f223b222b8a2e76f49b80f108a9de51ea466ac8cda102ab68e9dbf7057393a5c6e23c79f83a746672b6e277faa080efd5e7dae525a1093aedb84f23d2bc749738d8eb77ecf9783d469e35efad217aa12673627ae8daca15c302ff35f40a66e6b2d2155bc094b6f7e544aa2069ae495d0fbe5ef3c05354d5b4f4590d6722bbef3dc4329a76b66a86d3986d2a8d1539613e4573e29b9f60761a9102a6cbe285eb38e3370a8b750aa6ac"}}}}}}}, 0x0)
r0 = epoll_create1(0x80000)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
epoll_create(0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f000000040000000800"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000006cf86a6406912049660b0d8557c03d88b0000000000000000000519500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYRES16=r2], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r5 = accept4$alg(r4, 0x0, 0x0, 0x0)
sendmmsg$sock(r5, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
socket(0x2a, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x40000040, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x60, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r9, &(0x7f00000000c0)={0x2, 0x0, @rand_addr, 0x1}, 0x10)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="2309fefffffffcffffff0100000005000700000000000800090000000000060002000100000008000a000400010008001700", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)

971.900929ms ago: executing program 0 (id=4000):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a3100000000090001007379"], 0xf0}}, 0x0)
r1 = socket(0x11, 0x4, 0x9)
unshare(0x22020400)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000ed0301000000000000e9bc63be27719190000000ed03010000000000000000000000000a"], 0x28}}, 0x0)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x40, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008040}, 0x20000000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r4}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x840)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x800}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000000000203000000000000000000000d00"/54], &(0x7f0000000140)=""/240, 0x56, 0xf0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128-aesni)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000240)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r7, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0)
accept4$ax25(r1, &(0x7f00000000c0)={{0x3, @rose}, [@rose, @default, @bcast, @rose, @remote, @null, @bcast, @netrom]}, &(0x7f0000000140)=0x48, 0x0)

890.989693ms ago: executing program 2 (id=4001):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x4000190, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0xb, [@typedef={0x3, 0x0, 0x0, 0x8, 0x2}, @fwd={0x2}, @const={0x9, 0x0, 0x0, 0xa, 0x2}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x1, 0x2}]}, @volatile={0x7, 0x0, 0x0, 0x9, 0x1}, @volatile={0xd, 0x0, 0x0, 0x9, 0x5}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0xf, 0x0, 0x31, 0x2}]}, {0x0, [0x5f, 0x0, 0x2e, 0x5f, 0x2e, 0x30, 0x5f, 0x2e, 0x0]}}, &(0x7f0000000ac0)=""/143, 0x83, 0x8f, 0x1, 0x9, 0x10000, @value}, 0x28)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r2, 0x0, 0x4ffe6, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x16, 0xc, &(0x7f00000009c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x60ff, 0x0, &(0x7f0000000000), 0x0, 0x5043, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r6, 0x1, 0x0, 0x0, {0x53}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6}}]}, 0x44}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000140)=r7, 0x4)
sendmsg$nl_xfrm(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000160039030000000000000000e000000100000000000000000000000000000010000000000000ffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x002'], 0xf8}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000080)={'syzkaller0\x00', &(0x7f0000000b80)=@ethtool_rxnfc={0x30, 0x4, 0x9, {0x9, @esp_ip6_spec={@remote, @ipv4={'\x00', '\xff\xff', @local}, 0xfa, 0x66}, {0x0, @multicast, 0x6, 0x5, [0x40005, 0x1]}, @tcp_ip4_spec={@local, @private=0xa010100, 0x4e23, 0x4e21, 0x82}, {0x0, @broadcast, 0x8, 0xf800, [0x6dd, 0x4]}, 0x3, 0x100}, 0x1, [0x7]}})
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@local, 0x0, 0x5, 0x0, 0xb7, 0x0, 0x0, 0x80000001}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f0000000280)=<r11=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={<r12=>0x0}, &(0x7f0000000400)=0xc)
sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f00000008c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1800}, 0xc, &(0x7f0000000880)={&(0x7f00000009c0)=ANY=[@ANYBLOB="bdbd0f86f9bc010000000000", @ANYRES16=r10, @ANYBLOB="000825bd7000fedbdf25250000000e0001006e657464657673696d0000000f0002006e657464", @ANYRES32=r11, @ANYBLOB="0e0001006e657464657673696d0000000f0002006e657464657673", @ANYRES32=r12, @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x8880}, 0x0)

795.112644ms ago: executing program 4 (id=4002):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x4c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x35, 0x11, 0x0, 0x1, [@generic="9e15c00619065e963eba3ef94d765eb501e2e4bea6b8d14b16632741a5bb965fe09b7844e4b103706a1038bc955454ed2f"]}]}, 0x4c}], 0x1}, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4b8b4dfa4a645212}, 0x48041)
r2 = socket(0x1, 0x803, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockname$packet(r2, 0x0, &(0x7f00000002c0))
sendmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, 0x4000000)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffe6d, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x34, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x41400}}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x10, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x4}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x5, 0xbe5, 0xfffffffc}}]}]}]}, 0x40}}, 0x20014080)
bind$bt_hci(r3, &(0x7f0000000200)={0x27, 0x200, 0x3}, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x6, &(0x7f00000000c0)=ANY=[@ANYBLOB="180800000000000000000000004b0000000600000000000000000000d36400000001000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000080}, 0x20000000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r7, &(0x7f0000000440)=ANY=[@ANYBLOB="0800080007000000000014000000466f006500660000401190780a010102ac14141a44041c604e204e22004d90780400000002000000080000000000000007771ac366586e56f446dcd22ec94c672f1cd650b4e9142373a300245d0bea516a2fbeddd0cb5cffbac1852e0cfe302d00000000000a0c56790706cd2d66c8c6130226fb663aed7ae92daf88a690bd1914d311dcf6c41b796a1e5dc8780b8f492a94354f7367fc14ef6b023ff4e59614c89bc993efcd6c1256766956ebb7a7f78538d6aadc2447fc86a2a2d07535fa8921e9e0c0bfa2e2bc"], 0x73)

692.155033ms ago: executing program 1 (id=4003):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
socket$packet(0x11, 0x3, 0x300)
socket(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
sendmmsg$inet(r0, &(0x7f0000002c00)=[{{&(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000380)="25e83a637602dbdd2ab8610da87d2e562cd6bedd13ddaaa21bc887b85ea53d0a950eb895b62a614c4b105dfd577b26ee9d9884c6dd6e1183386ff70f59f7f47581d7d0a38f7a0e83dab2f8832ff4bb1b919bc688d21fc3e7ecc86a6ba68449b6470812ec76f65ca1aaeae2b232a119614a3aad8217aae162f62cff9491d84de3ec4824433dc12276e21b020a91f768771ede95e619504c433a45abaa56a96e86f9557fd374fbcf87a79af5", 0xab}, {&(0x7f0000000440)="6c2b3308780d705842496527f736cb18b94de44253bf51b7e6df739e4a42a65d3d231dea5de683e7dbe9543a3acd10672c1f2b718038895408fac5912be15aee544f698e76afaaf8bdf27cef0e31cc44f87ddac5a564a7cdf0c37c81a0032f0d0d1715d33c5cc3ee909e92e249007c8c7f2b401d1f228c0a335fff03dfbf", 0x7e}], 0x2, &(0x7f0000000300)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}], 0x18}}, {{&(0x7f0000000500)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000780)=[{&(0x7f0000000540)="7ec55b5020ab6674ea93b6efc516fc", 0xf}, {&(0x7f0000000580)="e0f73bf1c7f9c427b91352a4161e1b15a3f83f6286c11c0f9e934d2f834eed51c0e51ae144909f96caf95f20105dc7ee72e14376e0ac34a9a198391ee880", 0x3e}, {&(0x7f0000000680)="ae1d02e19bd9314f738cf36a36de3850ee4a4bbfed39a991e3f633902c9eef56f1c3917a7d38a03a59d502a212d53e884f8587c8da55ded20b4b9606ba68985cc4f6a981c696f4dc45bc", 0x4a}, {&(0x7f0000000700)="d4b00c78dd2e60c3b577cfce52e6b824021637ad7136897bf190a510338c9d", 0x1f}], 0x4}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000f80)="3b6d98ee4d55ccf0470111099fbd2b8816d812dc21af8b5f08cbff56bc082489b9679a438d34fc0e57671dd37d71a6dbbb8345af294b22e2d4d925d40972d971f7025288d2ed30f1277698fa672436d118fc2ce93be8937d219ba432e3ec738b9a8ce9a71435eba06036", 0x6a}], 0x1}}, {{0x0, 0x0, &(0x7f0000001300)}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f00000014c0)="9833ffc319197cce5d1b5ea20f757372a4f918448c29e64b9965f89b591f598680397bde310e86f00a11425ea485391f014663d0284e1730d885d8e12ed69d8beb366cbb1f7d", 0x46}, {0x0}], 0x2, &(0x7f00000027c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_retopts={{0x14, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0xfa}, @end]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010100, @empty}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x3b}, @multicast2}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x88}}], 0x6, 0x40)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r3)

508.089784ms ago: executing program 2 (id=4004):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000)
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast1}, 0xfe}, 0x5c)

365.44198ms ago: executing program 0 (id=4005):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socket(0x400000000010, 0x3, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'ipvlan1\x00', &(0x7f0000000100)=@ethtool_ringparam={0x1, 0x5, 0x1c4b8fec, 0x0, 0x5, 0x7, 0x7ff, 0x7f, 0x3}})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}, 0x700}], 0x600, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xc5)

353.107772ms ago: executing program 2 (id=4006):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000340)='g', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
shutdown(r0, 0x1)
r1 = epoll_create(0x9)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x6000201c})

296.038581ms ago: executing program 4 (id=4007):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8102}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0xfffffffd}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)=""/178, 0xb2}, {&(0x7f0000000cc0)=""/261, 0x105}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/223, 0xdf}], 0x4}}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0, 0xe9c}, 0x9}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000500)=""/130, 0x82}, {&(0x7f0000000940)=""/238, 0xee}, {&(0x7f0000005080)=""/4096, 0x1000}, {&(0x7f0000003e40)=""/4111, 0x100f}, {&(0x7f00000003c0)=""/101, 0x65}], 0x5}, 0x1452}, {{0x0, 0x0, 0x0}, 0x6}], 0x8, 0x22, 0x0)

156.850754ms ago: executing program 4 (id=4008):
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1200000005000000080000000900000000000000", @ANYRES32, @ANYBLOB="0000000000000000005c6a1c33a43ecb0000000000000000001800", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

145.080687ms ago: executing program 2 (id=4009):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000150033fa7df73b33e1cb0800114000000000b61bfb55b547767b38e66e26726e0500010006000000050004dd000000000900020033797a30000000630030e0c7ec6e5d597270526383ef88286374e0be85865814da3ca1431d969fa35bb3f7898994b4281f529174009d90701bdf173e7f54b1f1c5e3a22123c35c3bf813dd000000000000000000000097e4d110df5a649ea8ddf0bb6af5af50f0883b64aec7af"], 0x4c}}, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYRES64=r0, @ANYRES16=r0], 0x4c}}, 0x4000804)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f406", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 4 (id=4010):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000007c0)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000800)=ANY=[@ANYBLOB="0208", @ANYRES16=r1, @ANYBLOB="010025bd7000fddbdf250600000014000180080003000600000008000100", @ANYRES32=r2, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4090)
r3 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
shutdown(r0, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xd0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x18}]}]}]}}, @TCA_STAB={0x2c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x16, 0x5, 0x1, 0x5, 0x0, 0xffffffff, 0x7fffffff, 0x3}}, {0xa, 0x2, [0x8000, 0x0, 0x0]}}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

kernel console output (not intermixed with test programs):

mmand tx timeout
[  356.633002][   T36] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  356.642257][   T36] batadv0: left promiscuous mode
[  356.649223][   T36] bond0 (unregistering): Released all slaves
[  356.755004][   T36] bond1 (unregistering): Released all slaves
[  356.859003][   T36] bond2 (unregistering): Released all slaves
[  356.967481][   T36] bond3 (unregistering): Released all slaves
[  357.018549][T14483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.051974][T14540] wg1 speed is unknown, defaulting to 1000
[  357.209558][T14483] team0: Port device team_slave_0 added
[  357.244294][   T36] tipc: Disabling bearer <eth:syzkaller0>
[  357.258621][   T36] tipc: Left network mode
[  357.265999][T14483] team0: Port device team_slave_1 added
[  357.503875][T14483] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.517227][T14483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.552747][T14483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.685479][T14573] netlink: 'syz.2.2935': attribute type 10 has an invalid length.
[  357.735633][T14483] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.751848][T14483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.826971][T14483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.925783][T14581] FAULT_INJECTION: forcing a failure.
[  357.925783][T14581] name failslab, interval 1, probability 0, space 0, times 0
[  357.956045][T14581] CPU: 0 UID: 0 PID: 14581 Comm: syz.4.2937 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  357.956074][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.956086][T14581] Call Trace:
[  357.956093][T14581]  <TASK>
[  357.956101][T14581]  dump_stack_lvl+0x189/0x250
[  357.956130][T14581]  ? __pfx____ratelimit+0x10/0x10
[  357.956148][T14581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.956171][T14581]  ? __pfx__printk+0x10/0x10
[  357.956194][T14581]  ? __pfx___might_resched+0x10/0x10
[  357.956216][T14581]  ? fs_reclaim_acquire+0x7d/0x100
[  357.956240][T14581]  should_fail_ex+0x414/0x560
[  357.956266][T14581]  should_failslab+0xa8/0x100
[  357.956286][T14581]  __kmalloc_cache_noprof+0x70/0x3d0
[  357.956303][T14581]  ? rtnl_newlink+0xed/0x1c70
[  357.956321][T14581]  ? kasan_save_free_info+0x46/0x50
[  357.956345][T14581]  rtnl_newlink+0xed/0x1c70
[  357.956363][T14581]  ? netlink_sendmsg+0x805/0xb30
[  357.956384][T14581]  ? __sock_sendmsg+0x21c/0x270
[  357.956397][T14581]  ? ____sys_sendmsg+0x505/0x830
[  357.956415][T14581]  ? ___sys_sendmsg+0x21f/0x2a0
[  357.956432][T14581]  ? __x64_sys_sendmsg+0x19b/0x260
[  357.956451][T14581]  ? do_syscall_64+0xfa/0x3b0
[  357.956468][T14581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.956499][T14581]  ? __pfx_rtnl_newlink+0x10/0x10
[  357.956542][T14581]  ? kasan_quarantine_put+0xdd/0x220
[  357.956564][T14581]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.956587][T14581]  ? nlmon_xmit+0xb0/0x100
[  357.956601][T14581]  ? kmem_cache_free+0x18f/0x400
[  357.956625][T14581]  ? __local_bh_enable_ip+0x12d/0x1c0
[  357.956647][T14581]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.956664][T14581]  ? __local_bh_enable_ip+0x12d/0x1c0
[  357.956686][T14581]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  357.956711][T14581]  ? __dev_queue_xmit+0x27e/0x3a70
[  357.956740][T14581]  ? __lock_acquire+0xab9/0xd20
[  357.956787][T14581]  ? __pfx_rtnl_newlink+0x10/0x10
[  357.956804][T14581]  rtnetlink_rcv_msg+0x7cf/0xb70
[  357.956826][T14581]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  357.956845][T14581]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  357.956862][T14581]  ? ref_tracker_free+0x63a/0x7d0
[  357.956881][T14581]  ? __copy_skb_header+0xa7/0x550
[  357.956904][T14581]  ? __pfx_ref_tracker_free+0x10/0x10
[  357.956924][T14581]  ? __skb_clone+0x63/0x7a0
[  357.956954][T14581]  netlink_rcv_skb+0x205/0x470
[  357.956973][T14581]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  357.956993][T14581]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.957024][T14581]  ? netlink_deliver_tap+0x2e/0x1b0
[  357.957042][T14581]  ? netlink_deliver_tap+0x2e/0x1b0
[  357.957066][T14581]  netlink_unicast+0x758/0x8d0
[  357.957093][T14581]  netlink_sendmsg+0x805/0xb30
[  357.957120][T14581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.957142][T14581]  ? aa_sock_msg_perm+0x94/0x160
[  357.957163][T14581]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  357.957182][T14581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.957199][T14581]  __sock_sendmsg+0x21c/0x270
[  357.957220][T14581]  ____sys_sendmsg+0x505/0x830
[  357.957248][T14581]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.957280][T14581]  ? import_iovec+0x74/0xa0
[  357.957301][T14581]  ___sys_sendmsg+0x21f/0x2a0
[  357.957325][T14581]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.957384][T14581]  ? __fget_files+0x2a/0x420
[  357.957402][T14581]  ? __fget_files+0x3a0/0x420
[  357.957430][T14581]  __x64_sys_sendmsg+0x19b/0x260
[  357.957456][T14581]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  357.957494][T14581]  ? __pfx_ksys_write+0x10/0x10
[  357.957508][T14581]  ? rcu_is_watching+0x15/0xb0
[  357.957536][T14581]  ? do_syscall_64+0xbe/0x3b0
[  357.957557][T14581]  do_syscall_64+0xfa/0x3b0
[  357.957573][T14581]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.957588][T14581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.957605][T14581]  ? clear_bhb_loop+0x60/0xb0
[  357.957625][T14581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.957641][T14581] RIP: 0033:0x7f3fcf78e929
[  357.957657][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.957671][T14581] RSP: 002b:00007f3fd0618038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.957690][T14581] RAX: ffffffffffffffda RBX: 00007f3fcf9b5fa0 RCX: 00007f3fcf78e929
[  357.957703][T14581] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  357.957713][T14581] RBP: 00007f3fd0618090 R08: 0000000000000000 R09: 0000000000000000
[  357.957723][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.957733][T14581] R13: 0000000000000000 R14: 00007f3fcf9b5fa0 R15: 00007ffd840af698
[  357.957760][T14581]  </TASK>
[  358.496657][ T5842] Bluetooth: hci0: command tx timeout
[  358.683984][T14587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2938'.
[  358.725063][T14483] hsr_slave_0: entered promiscuous mode
[  358.737852][T14483] hsr_slave_1: entered promiscuous mode
[  358.744350][T14483] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  358.752551][T14483] Cannot create hsr debugfs directory
[  359.055978][   T36] hsr_slave_0: left promiscuous mode
[  359.108237][   T36] hsr_slave_1: left promiscuous mode
[  359.192238][T14607] FAULT_INJECTION: forcing a failure.
[  359.192238][T14607] name failslab, interval 1, probability 0, space 0, times 0
[  359.205175][T14607] CPU: 0 UID: 0 PID: 14607 Comm: syz.2.2943 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  359.205202][T14607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.205213][T14607] Call Trace:
[  359.205221][T14607]  <TASK>
[  359.205228][T14607]  dump_stack_lvl+0x189/0x250
[  359.205256][T14607]  ? __pfx____ratelimit+0x10/0x10
[  359.205274][T14607]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.205304][T14607]  ? __pfx__printk+0x10/0x10
[  359.205320][T14607]  ? __siphash_unaligned+0x263/0x3b0
[  359.205342][T14607]  ? __lock_acquire+0xab9/0xd20
[  359.205369][T14607]  should_fail_ex+0x414/0x560
[  359.205395][T14607]  should_failslab+0xa8/0x100
[  359.205414][T14607]  kmem_cache_alloc_noprof+0x73/0x3c0
[  359.205438][T14607]  ? skb_clone+0x212/0x3a0
[  359.205452][T14607]  ? run_filter+0x23/0x270
[  359.205477][T14607]  skb_clone+0x212/0x3a0
[  359.205492][T14607]  ? packet_rcv+0x567/0x1590
[  359.205515][T14607]  packet_rcv+0x6d6/0x1590
[  359.205541][T14607]  ? __pfx_packet_rcv_fanout+0x10/0x10
[  359.205560][T14607]  __netif_receive_skb_core+0x3135/0x4180
[  359.205593][T14607]  ? __kernel_text_address+0xd/0x40
[  359.205613][T14607]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  359.205631][T14607]  ? arch_stack_walk+0xfc/0x150
[  359.205652][T14607]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  359.205675][T14607]  ? stack_trace_save+0x9c/0xe0
[  359.205708][T14607]  ? kasan_save_track+0x4f/0x80
[  359.205729][T14607]  ? kasan_save_track+0x3e/0x80
[  359.205747][T14607]  ? __kasan_slab_alloc+0x6c/0x80
[  359.205761][T14607]  ? bpf_test_run_xdp_live+0x15f1/0x1b10
[  359.205786][T14607]  __netif_receive_skb_list_core+0x23f/0x800
[  359.205816][T14607]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  359.205844][T14607]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  359.205860][T14607]  netif_receive_skb_list_internal+0x975/0xcc0
[  359.205879][T14607]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  359.205900][T14607]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  359.205920][T14607]  ? __phys_addr+0xd3/0x180
[  359.205937][T14607]  ? build_skb_around+0x133/0x280
[  359.205960][T14607]  ? __xdp_build_skb_from_frame+0x34b/0x740
[  359.205987][T14607]  netif_receive_skb_list+0x54/0x450
[  359.206008][T14607]  bpf_test_run_xdp_live+0x1786/0x1b10
[  359.206038][T14607]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  359.206069][T14607]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  359.206087][T14607]  ? 0xffffffffa02057c0
[  359.206103][T14607]  ? 0xffffffffa02057c0
[  359.206165][T14607]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  359.206194][T14607]  ? _copy_from_user+0x94/0xb0
[  359.206210][T14607]  ? bpf_test_init+0x133/0x170
[  359.206226][T14607]  ? xdp_convert_md_to_buff+0x5b/0x330
[  359.206248][T14607]  bpf_prog_test_run_xdp+0x713/0x1000
[  359.206295][T14607]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  359.206321][T14607]  ? __fget_files+0x2a/0x420
[  359.206344][T14607]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  359.206365][T14607]  bpf_prog_test_run+0x2c4/0x340
[  359.206397][T14607]  __sys_bpf+0x4a4/0x860
[  359.206417][T14607]  ? __pfx___sys_bpf+0x10/0x10
[  359.206448][T14607]  ? ksys_write+0x22a/0x250
[  359.206464][T14607]  ? __pfx_ksys_write+0x10/0x10
[  359.206475][T14607]  ? rcu_is_watching+0x15/0xb0
[  359.206502][T14607]  __x64_sys_bpf+0x7c/0x90
[  359.206521][T14607]  do_syscall_64+0xfa/0x3b0
[  359.206537][T14607]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.206552][T14607]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.206566][T14607]  ? clear_bhb_loop+0x60/0xb0
[  359.206585][T14607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.206599][T14607] RIP: 0033:0x7f08f198e929
[  359.206614][T14607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.206627][T14607] RSP: 002b:00007f08f28ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  359.206644][T14607] RAX: ffffffffffffffda RBX: 00007f08f1bb5fa0 RCX: 00007f08f198e929
[  359.206655][T14607] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  359.206665][T14607] RBP: 00007f08f28ba090 R08: 0000000000000000 R09: 0000000000000000
[  359.206674][T14607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  359.206683][T14607] R13: 0000000000000000 R14: 00007f08f1bb5fa0 R15: 00007ffc5077c7c8
[  359.206710][T14607]  </TASK>
[  359.924411][   T36] veth1_macvtap: left promiscuous mode
[  359.930364][   T36] veth0_macvtap: left promiscuous mode
[  359.936088][   T36] veth1_vlan: left promiscuous mode
[  359.941696][   T36] veth0_vlan: left promiscuous mode
[  360.526692][ T5842] Bluetooth: hci0: command tx timeout
[  361.676893][T14625] !
: renamed from dummy0
[  361.703877][T14644] lo: entered allmulticast mode
[  361.791417][T14649] lo: left allmulticast mode
[  361.859590][T14635] wg1 speed is unknown, defaulting to 1000
[  362.089635][T14678] lo: entered allmulticast mode
[  362.115249][T14677] lo: left allmulticast mode
[  362.307076][T14685] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2955'.
[  362.325153][T14685] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2955'.
[  362.364990][T14693] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2956'.
[  362.381394][T14693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2956'.
[  362.608941][ T5842] Bluetooth: hci0: command tx timeout
[  362.691458][T14706] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2958'.
[  362.898070][   T36] IPVS: stop unused estimator thread 0...
[  363.552944][T14483] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  363.568070][T14483] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  363.594448][T14483] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  363.626180][T14483] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  363.673775][T14742] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2968'.
[  363.698660][T14742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2968'.
[  363.831162][T14755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2970'.
[  364.060050][T14483] 8021q: adding VLAN 0 to HW filter on device bond0
[  364.071546][T14763] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2971'.
[  364.092305][T14763] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2971'.
[  364.105912][T14483] 8021q: adding VLAN 0 to HW filter on device team0
[  364.128847][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.136036][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.203336][T13454] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.210559][T13454] bridge0: port 2(bridge_slave_1) entered forwarding state
[  364.355304][T14483] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  364.370853][T14777] netlink: 'syz.4.2974': attribute type 3 has an invalid length.
[  364.390350][T14776] netlink: 'syz.3.2975': attribute type 10 has an invalid length.
[  364.420867][T14483] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  364.613021][T14788] pim6reg1: entered promiscuous mode
[  364.618571][T14788] pim6reg1: entered allmulticast mode
[  365.129254][T14810] netlink: 'syz.2.2985': attribute type 1 has an invalid length.
[  365.144516][T14483] 8021q: adding VLAN 0 to HW filter on device batadv0
[  365.257174][T14812] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  365.310988][T14483] veth0_vlan: entered promiscuous mode
[  365.371255][T14483] veth1_vlan: entered promiscuous mode
[  365.508667][T14483] veth0_macvtap: entered promiscuous mode
[  365.599601][T14483] veth1_macvtap: entered promiscuous mode
[  365.670975][T14483] batman_adv: batadv0: Interface activated: batadv_slave_0
[  365.730028][T14483] batman_adv: batadv0: Interface activated: batadv_slave_1
[  365.814999][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.844065][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.865806][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.915981][   T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.193128][ T3944] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.231413][ T3944] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.323757][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.368288][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.380806][T14848] netlink: 'syz.3.2995': attribute type 10 has an invalid length.
[  367.442423][T14889] __nla_validate_parse: 11 callbacks suppressed
[  367.442442][T14889] netlink: 324 bytes leftover after parsing attributes in process `syz.0.3006'.
[  367.659694][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  367.680288][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  367.692158][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  367.702670][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  367.712489][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  367.753913][T14899] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3010'.
[  367.773135][T14899] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3010'.
[  367.785958][T14900] wg1 speed is unknown, defaulting to 1000
[  368.008408][T14913] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3012'.
[  368.228074][T14922] block nbd4: NBD_DISCONNECT
[  368.236016][T14922] block nbd4: Disconnected due to user request.
[  368.265949][T14922] block nbd4: shutting down sockets
[  368.521207][T14932] netlink: 'syz.1.3016': attribute type 1 has an invalid length.
[  368.555882][T14932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3016'.
[  368.710438][T14940] netlink: 'syz.3.3018': attribute type 10 has an invalid length.
[  368.730603][T14934] 8021q: adding VLAN 0 to HW filter on device bond1
[  368.740957][T14934] team0: Port device bond1 added
[  368.844180][T14951] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3021'.
[  368.943433][T14900] chnl_net:caif_netlink_parms(): no params data found
[  368.999988][T14953] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3022'.
[  369.053121][T14953] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3022'.
[  369.499062][T14900] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.507111][T14900] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.541030][T14900] bridge_slave_0: entered allmulticast mode
[  369.558784][T14900] bridge_slave_0: entered promiscuous mode
[  369.588118][   T13] team0: left allmulticast mode
[  369.593134][   T13] team_slave_0: left allmulticast mode
[  369.619321][   T13] team_slave_1: left allmulticast mode
[  369.635080][   T13] bond1: left allmulticast mode
[  369.641349][   T13] bond3: left allmulticast mode
[  369.646331][   T13] bond4: left allmulticast mode
[  369.653031][   T13] bond5: left allmulticast mode
[  369.658862][   T13] bond6: left allmulticast mode
[  369.663980][   T13] team0: left promiscuous mode
[  369.719260][   T13] team_slave_0: left promiscuous mode
[  369.740637][   T13] team_slave_1: left promiscuous mode
[  369.761942][   T13] bond1: left promiscuous mode
[  369.775339][   T13] bond3: left promiscuous mode
[  369.786958][   T13] bond4: left promiscuous mode
[  369.803518][   T13] bond5: left promiscuous mode
[  369.815235][   T13] bond6: left promiscuous mode
[  369.817180][ T5842] Bluetooth: hci2: command tx timeout
[  369.863148][   T13] bridge0: port 3(team0) entered disabled state
[  369.941234][   T13] bridge_slave_1: left allmulticast mode
[  369.971451][   T13] bridge_slave_1: left promiscuous mode
[  369.994778][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.019256][   T13] bridge_slave_0: left allmulticast mode
[  370.029424][   T13] bridge_slave_0: left promiscuous mode
[  370.039752][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.226063][T15002] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3032'.
[  370.287670][   T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  370.789373][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.799227][   T13] bond_slave_0: left promiscuous mode
[  370.805874][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.815378][   T13] bond_slave_1: left promiscuous mode
[  370.822336][   T13] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  370.832157][   T13] batadv0: left promiscuous mode
[  370.838470][   T13] bond0 (unregistering): Released all slaves
[  371.003314][   T13] team0: Port device bond1 removed
[  371.010985][   T13] bond1 (unregistering): Released all slaves
[  371.024575][   T13] bond2 (unregistering): Released all slaves
[  371.145945][   T13] team0: Port device bond3 removed
[  371.152512][   T13] bond3 (unregistering): Released all slaves
[  371.275744][   T13] team0: Port device bond4 removed
[  371.282872][   T13] bond4 (unregistering): Released all slaves
[  371.400841][   T13] team0: Port device bond5 removed
[  371.407457][   T13] bond5 (unregistering): Released all slaves
[  371.511916][   T13] team0: Port device bond6 removed
[  371.518804][   T13] bond6 (unregistering): Released all slaves
[  371.531449][T14900] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.538955][T14900] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.546268][T14900] bridge_slave_1: entered allmulticast mode
[  371.554161][T14900] bridge_slave_1: entered promiscuous mode
[  371.733946][T14900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.759340][   T13] tipc: Left network mode
[  371.770943][T14900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  371.887482][ T5842] Bluetooth: hci2: command tx timeout
[  371.983361][T14900] team0: Port device team_slave_0 added
[  372.052706][T15021] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3036'.
[  372.100647][T14900] team0: Port device team_slave_1 added
[  372.120583][T15031] netlink: 'syz.4.3037': attribute type 10 has an invalid length.
[  372.238157][T15035] FAULT_INJECTION: forcing a failure.
[  372.238157][T15035] name failslab, interval 1, probability 0, space 0, times 0
[  372.250889][T15035] CPU: 0 UID: 0 PID: 15035 Comm: syz.3.3038 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  372.250915][T15035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.250926][T15035] Call Trace:
[  372.250933][T15035]  <TASK>
[  372.250941][T15035]  dump_stack_lvl+0x189/0x250
[  372.250970][T15035]  ? __pfx____ratelimit+0x10/0x10
[  372.250989][T15035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.251012][T15035]  ? __pfx__printk+0x10/0x10
[  372.251035][T15035]  ? __lock_acquire+0xab9/0xd20
[  372.251063][T15035]  should_fail_ex+0x414/0x560
[  372.251089][T15035]  should_failslab+0xa8/0x100
[  372.251109][T15035]  kmem_cache_alloc_noprof+0x73/0x3c0
[  372.251132][T15035]  ? skb_clone+0x212/0x3a0
[  372.251146][T15035]  ? run_filter+0x23/0x270
[  372.251172][T15035]  skb_clone+0x212/0x3a0
[  372.251185][T15035]  ? packet_rcv+0x567/0x1590
[  372.251209][T15035]  packet_rcv+0x6d6/0x1590
[  372.251236][T15035]  ? __pfx_packet_rcv+0x10/0x10
[  372.251258][T15035]  __netif_receive_skb_core+0x3135/0x4180
[  372.251299][T15035]  ? __kernel_text_address+0xd/0x40
[  372.251320][T15035]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  372.251338][T15035]  ? arch_stack_walk+0xfc/0x150
[  372.251359][T15035]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  372.251380][T15035]  ? stack_trace_save+0x9c/0xe0
[  372.251411][T15035]  ? kasan_save_track+0x4f/0x80
[  372.251430][T15035]  ? kasan_save_track+0x3e/0x80
[  372.251449][T15035]  ? __kasan_slab_alloc+0x6c/0x80
[  372.251463][T15035]  ? bpf_test_run_xdp_live+0x15f1/0x1b10
[  372.251488][T15035]  __netif_receive_skb_list_core+0x23f/0x800
[  372.251520][T15035]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
[  372.251547][T15035]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  372.251565][T15035]  netif_receive_skb_list_internal+0x975/0xcc0
[  372.251588][T15035]  ? netif_receive_skb_list_internal+0x4fd/0xcc0
[  372.251610][T15035]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
[  372.251630][T15035]  ? __phys_addr+0xd3/0x180
[  372.251647][T15035]  ? build_skb_around+0x133/0x280
[  372.251670][T15035]  ? __xdp_build_skb_from_frame+0x34b/0x740
[  372.251699][T15035]  netif_receive_skb_list+0x54/0x450
[  372.251720][T15035]  bpf_test_run_xdp_live+0x1786/0x1b10
[  372.251752][T15035]  ? bpf_test_run_xdp_live+0x38e/0x1b10
[  372.251784][T15035]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  372.251802][T15035]  ? 0xffffffffa02057c0
[  372.251819][T15035]  ? 0xffffffffa02057c0
[  372.251882][T15035]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  372.251910][T15035]  ? _copy_from_user+0x94/0xb0
[  372.251927][T15035]  ? bpf_test_init+0x133/0x170
[  372.251944][T15035]  ? xdp_convert_md_to_buff+0x5b/0x330
[  372.251966][T15035]  bpf_prog_test_run_xdp+0x713/0x1000
[  372.252002][T15035]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  372.252028][T15035]  ? __fget_files+0x2a/0x420
[  372.252051][T15035]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  372.252072][T15035]  bpf_prog_test_run+0x2c4/0x340
[  372.252098][T15035]  __sys_bpf+0x4a4/0x860
[  372.252121][T15035]  ? __pfx___sys_bpf+0x10/0x10
[  372.252155][T15035]  ? ksys_write+0x22a/0x250
[  372.252173][T15035]  ? __pfx_ksys_write+0x10/0x10
[  372.252186][T15035]  ? rcu_is_watching+0x15/0xb0
[  372.252216][T15035]  __x64_sys_bpf+0x7c/0x90
[  372.252236][T15035]  do_syscall_64+0xfa/0x3b0
[  372.252253][T15035]  ? lockdep_hardirqs_on+0x9c/0x150
[  372.252269][T15035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.252292][T15035]  ? clear_bhb_loop+0x60/0xb0
[  372.252313][T15035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.252328][T15035] RIP: 0033:0x7fbdf458e929
[  372.252344][T15035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.252358][T15035] RSP: 002b:00007fbdf541a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  372.252377][T15035] RAX: ffffffffffffffda RBX: 00007fbdf47b5fa0 RCX: 00007fbdf458e929
[  372.252389][T15035] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  372.252401][T15035] RBP: 00007fbdf541a090 R08: 0000000000000000 R09: 0000000000000000
[  372.252412][T15035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  372.252422][T15035] R13: 0000000000000000 R14: 00007fbdf47b5fa0 R15: 00007ffe61115f58
[  372.252449][T15035]  </TASK>
[  372.785480][T14900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  372.793310][T14900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.821975][T14900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  372.905706][T14900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  372.918312][T14900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  372.945042][T14900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  373.035600][T15053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3044'.
[  373.179303][T14900] hsr_slave_0: entered promiscuous mode
[  373.198130][T14900] hsr_slave_1: entered promiscuous mode
[  373.554226][T15075] hsr0: entered promiscuous mode
[  373.571202][T15075] hsr0: left promiscuous mode
[  373.688013][   T13] hsr_slave_0: left promiscuous mode
[  373.707538][   T13] hsr_slave_1: left promiscuous mode
[  373.886042][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  373.900404][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.925391][   T13] macsec0: left allmulticast mode
[  373.957473][T15092] netlink: 'syz.3.3055': attribute type 10 has an invalid length.
[  373.967116][ T5842] Bluetooth: hci2: command tx timeout
[  374.141459][T15095] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3057'.
[  374.158281][T15095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3057'.
[  374.682294][   T13] team0 (unregistering): Port device team_slave_1 removed
[  374.741107][   T13] team0 (unregistering): Port device team_slave_0 removed
[  376.047489][ T5842] Bluetooth: hci2: command tx timeout
[  376.284374][T15126] gretap0: left promiscuous mode
[  376.294654][T15132] netlink: 'syz.3.3069': attribute type 10 has an invalid length.
[  376.319872][T15126] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  376.355645][T15126] hsr0: left allmulticast mode
[  376.361215][T15126] hsr_slave_0: left allmulticast mode
[  376.371642][T15126] hsr_slave_1: left allmulticast mode
[  376.378711][T15126] hsr0: left promiscuous mode
[  376.383907][T15126] macvlan2: left promiscuous mode
[  376.394229][T15126] macvlan2: left allmulticast mode
[  376.408999][T15134] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3070'.
[  376.418405][T15134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3070'.
[  376.438007][T15126] gre1: left promiscuous mode
[  376.442720][T15126] gre1: left allmulticast mode
[  376.912966][T14900] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  377.020479][T15145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3071'.
[  377.067842][T14900] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  377.387231][T15155] ieee802154 phy0 wpan0: encryption failed: -22
[  377.396564][T15154] ieee802154 phy0 wpan0: encryption failed: -22
[  377.397306][T15155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3075'.
[  377.433130][T14900] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  377.480549][T15155] vlan3: entered promiscuous mode
[  377.545456][T14900] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  377.569469][T15160] netlink: 'syz.1.3076': attribute type 1 has an invalid length.
[  377.577838][T15160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3076'.
[  377.924470][T15172] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3079'.
[  377.938040][T14900] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.970557][T14900] 8021q: adding VLAN 0 to HW filter on device team0
[  377.992856][T13452] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.000147][T13452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  378.032926][T13454] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.040137][T13454] bridge0: port 2(bridge_slave_1) entered forwarding state
[  378.163668][T15178] hsr0: entered promiscuous mode
[  378.182077][T15178] hsr0: left promiscuous mode
[  378.514453][T14900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  378.562883][T15201] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3086'.
[  378.611376][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.642207][T14900] veth0_vlan: entered promiscuous mode
[  378.662406][T14900] veth1_vlan: entered promiscuous mode
[  378.744440][T14900] veth0_macvtap: entered promiscuous mode
[  378.761934][T14900] veth1_macvtap: entered promiscuous mode
[  378.800644][T14900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  378.823886][T14900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  378.858180][T13452] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  378.861385][T15209] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3089'.
[  378.884251][T13454] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.893877][T13454] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.947578][T13454] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.999119][T15212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3091'.
[  379.031487][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.068762][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.140110][T13452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.170549][T13452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.221950][T15221] netlink: 'syz.1.3094': attribute type 1 has an invalid length.
[  379.230085][T15221] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3094'.
[  379.580107][T15240] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.3100'.
[  379.688333][T15245] FAULT_INJECTION: forcing a failure.
[  379.688333][T15245] name failslab, interval 1, probability 0, space 0, times 0
[  379.701039][T15245] CPU: 0 UID: 0 PID: 15245 Comm: syz.0.3102 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  379.701065][T15245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  379.701075][T15245] Call Trace:
[  379.701082][T15245]  <TASK>
[  379.701090][T15245]  dump_stack_lvl+0x189/0x250
[  379.701118][T15245]  ? __pfx____ratelimit+0x10/0x10
[  379.701136][T15245]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.701159][T15245]  ? __pfx__printk+0x10/0x10
[  379.701180][T15245]  ? rcu_is_watching+0x15/0xb0
[  379.701213][T15245]  should_fail_ex+0x414/0x560
[  379.701238][T15245]  should_failslab+0xa8/0x100
[  379.701258][T15245]  kmem_cache_alloc_noprof+0x73/0x3c0
[  379.701281][T15245]  ? skb_clone+0x212/0x3a0
[  379.701302][T15245]  skb_clone+0x212/0x3a0
[  379.701320][T15245]  bpf_clone_redirect+0xad/0x3d0
[  379.701345][T15245]  bpf_prog_c9d58f5b8698340d+0x5f/0x68
[  379.701366][T15245]  ? preempt_schedule+0xae/0xc0
[  379.701387][T15245]  ? bpf_test_run+0x205/0x830
[  379.701406][T15245]  ? preempt_schedule_common+0x83/0xd0
[  379.701428][T15245]  ? preempt_schedule+0xae/0xc0
[  379.701448][T15245]  ? __pfx_preempt_schedule+0x10/0x10
[  379.701468][T15245]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  379.701489][T15245]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  379.701519][T15245]  ? __local_bh_disable_ip+0xf1/0x190
[  379.701542][T15245]  ? __pfx___cant_migrate+0x10/0x10
[  379.701563][T15245]  ? __local_bh_enable_ip+0x12d/0x1c0
[  379.701584][T15245]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  379.701616][T15245]  ? bpf_test_timer_continue+0x136/0x350
[  379.701640][T15245]  bpf_test_run+0x38e/0x830
[  379.701670][T15245]  ? bpf_test_run+0x205/0x830
[  379.701696][T15245]  ? __pfx_bpf_test_run+0x10/0x10
[  379.701740][T15245]  ? slab_build_skb+0x273/0x3e0
[  379.701761][T15245]  ? convert___skb_to_skb+0x3d/0x590
[  379.701783][T15245]  bpf_prog_test_run_skb+0xb30/0x1560
[  379.701819][T15245]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  379.701839][T15245]  bpf_prog_test_run+0x2c4/0x340
[  379.701865][T15245]  __sys_bpf+0x4a4/0x860
[  379.701888][T15245]  ? __pfx___sys_bpf+0x10/0x10
[  379.701921][T15245]  ? ksys_write+0x22a/0x250
[  379.701940][T15245]  ? __pfx_ksys_write+0x10/0x10
[  379.701953][T15245]  ? rcu_is_watching+0x15/0xb0
[  379.701983][T15245]  __x64_sys_bpf+0x7c/0x90
[  379.702003][T15245]  do_syscall_64+0xfa/0x3b0
[  379.702019][T15245]  ? lockdep_hardirqs_on+0x9c/0x150
[  379.702034][T15245]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.702051][T15245]  ? clear_bhb_loop+0x60/0xb0
[  379.702071][T15245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.702086][T15245] RIP: 0033:0x7fdf7398e929
[  379.702102][T15245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.702116][T15245] RSP: 002b:00007fdf74899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  379.702134][T15245] RAX: ffffffffffffffda RBX: 00007fdf73bb5fa0 RCX: 00007fdf7398e929
[  379.702147][T15245] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a
[  379.702158][T15245] RBP: 00007fdf74899090 R08: 0000000000000000 R09: 0000000000000000
[  379.702168][T15245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  379.702179][T15245] R13: 0000000000000000 R14: 00007fdf73bb5fa0 R15: 00007ffcbbe61aa8
[  379.702206][T15245]  </TASK>
[  380.418261][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  380.427722][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  380.438914][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  380.449932][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  380.459081][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  380.795444][T13454] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.944645][T13454] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.123194][T13454] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.320684][T13454] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.449395][T15298] tipc: Started in network mode
[  381.480635][T15298] tipc: Node identity 7e0deeca041, cluster identity 4711
[  381.526987][T15298] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  381.741308][T15301] syzkaller0: entered promiscuous mode
[  381.756633][T15301] syzkaller0: entered allmulticast mode
[  381.773126][T15301] tipc: Resetting bearer <eth:syzkaller0>
[  381.808067][T15312] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3117'.
[  381.908144][T13452] tipc: Resetting bearer <eth:syzkaller0>
[  381.990219][T15298] tipc: Resetting bearer <eth:syzkaller0>
[  382.365079][T15324] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3122'.
[  382.421752][T15325] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3122'.
[  382.532377][ T5842] Bluetooth: hci5: command tx timeout
[  382.608983][ T5892] tipc: Node number set to 2048782026
[  383.610578][T15298] tipc: Disabling bearer <eth:syzkaller0>
[  383.641054][T15318] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  383.692534][T15255] chnl_net:caif_netlink_parms(): no params data found
[  383.798314][T15327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3123'.
[  383.834547][T15327] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3123'.
[  384.298504][T15346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3128'.
[  384.578472][T15351] netlink: 'syz.1.3132': attribute type 10 has an invalid length.
[  384.608320][ T5842] Bluetooth: hci5: command tx timeout
[  385.438807][T13454] dvmrp0 (unregistering): left allmulticast mode
[  385.623550][T13454] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  385.635214][T13454] batadv0: left promiscuous mode
[  385.643503][T13454] bond0 (unregistering): Released all slaves
[  385.748004][T13454] bond1 (unregistering): Released all slaves
[  385.840619][T13454] bond2 (unregistering): Released all slaves
[  385.854768][T13454] bond3 (unregistering): Released all slaves
[  385.956279][T13454] bond4 (unregistering): (slave batadv1): Releasing active interface
[  385.966872][T13454] bond4 (unregistering): Released all slaves
[  386.068084][T13454] team0: Port device bond5 removed
[  386.074315][T13454] bond5 (unregistering): Released all slaves
[  386.172194][T13454] team0: Port device bond6 removed
[  386.178667][T13454] bond6 (unregistering): Released all slaves
[  386.193384][T13454] bond7 (unregistering): Released all slaves
[  386.304905][T13454] team0: Port device bond8 removed
[  386.311137][T13454] bond8 (unregistering): Released all slaves
[  386.458076][T15358] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3133'.
[  386.497099][T13454] tipc: Disabling bearer <udp:syz2>
[  386.504070][T15255] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.504439][T15358] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3133'.
[  386.525271][T13454] tipc: Left network mode
[  386.533524][T15255] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.562185][T15255] bridge_slave_0: entered allmulticast mode
[  386.577864][T15255] bridge_slave_0: entered promiscuous mode
[  386.607804][T15360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3134'.
[  386.623079][T15255] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.635834][T15255] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.643919][T15255] bridge_slave_1: entered allmulticast mode
[  386.651726][T15255] bridge_slave_1: entered promiscuous mode
[  386.687504][ T5842] Bluetooth: hci5: command tx timeout
[  386.864981][T15255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  386.889749][T15370] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3137'.
[  386.911859][T15374] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3139'.
[  386.946840][T15255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.002177][T13454] hsr_slave_0: left promiscuous mode
[  387.016152][T13454] hsr_slave_1: left promiscuous mode
[  387.056404][T13454] veth0_macvtap: left promiscuous mode
[  387.088940][T13454] veth1_vlan: left promiscuous mode
[  387.094320][T13454] veth0_vlan: left promiscuous mode
[  387.181258][T15384] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3143'.
[  388.257285][T15255] team0: Port device team_slave_0 added
[  388.282321][T15255] team0: Port device team_slave_1 added
[  388.378806][T15255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  388.379741][T15397] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.3147'.
[  388.385957][T15255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.423714][T15255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.480539][T15401] gretap1: entered allmulticast mode
[  388.488082][T15255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.495031][T15255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.556933][T15255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.767860][   T51] Bluetooth: hci5: command tx timeout
[  388.924800][T15255] hsr_slave_0: entered promiscuous mode
[  388.938089][T15255] hsr_slave_1: entered promiscuous mode
[  388.944719][T15255] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  388.953400][T15255] Cannot create hsr debugfs directory
[  389.086221][T13454] IPVS: stop unused estimator thread 0...
[  389.458410][T15435] smc: net device bond0 applied user defined pnetid SYZ2
[  389.473075][T15431] smc: net device bond0 erased user defined pnetid SYZ2
[  389.561585][T15442] netlink: 'syz.0.3159': attribute type 4 has an invalid length.
[  389.632230][T15442] veth1_macvtap: left promiscuous mode
[  389.834757][T15449] __nla_validate_parse: 1 callbacks suppressed
[  389.834775][T15449] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3161'.
[  389.884406][T15453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3162'.
[  390.125033][T15460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  390.225047][T15460] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  390.324802][T15255] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  390.381117][T15255] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  390.396142][T15458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  390.427109][T15255] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  390.446314][T15255] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  390.522362][T15477] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3170'.
[  390.535241][T15477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3170'.
[  390.554326][T15477] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3170'.
[  390.575153][T15479] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3169'.
[  390.585986][T15477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3170'.
[  390.595077][T15479] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3169'.
[  390.709881][T15255] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.753357][T15487] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3173'.
[  390.810295][T15255] 8021q: adding VLAN 0 to HW filter on device team0
[  390.850468][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[  390.853340][T13454] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.863624][T13454] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.893766][T13454] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.900967][T13454] bridge0: port 2(bridge_slave_1) entered forwarding state
[  391.125896][T15500] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3179'.
[  391.577471][T15255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.840561][T15532] xt_hashlimit: max too large, truncated to 1048576
[  391.851354][T15532] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  392.063097][T15255] veth0_vlan: entered promiscuous mode
[  392.077671][T15255] veth1_vlan: entered promiscuous mode
[  392.093556][T15545] netlink: 'syz.1.3191': attribute type 10 has an invalid length.
[  392.165631][T15255] veth0_macvtap: entered promiscuous mode
[  392.185478][T15255] veth1_macvtap: entered promiscuous mode
[  392.231762][T15547] macvtap1: entered promiscuous mode
[  392.273550][T15547] hsr0: entered promiscuous mode
[  392.279238][T15547] macvtap1: entered allmulticast mode
[  392.284777][T15547] hsr0: entered allmulticast mode
[  392.290094][T15547] hsr_slave_0: entered allmulticast mode
[  392.295903][T15547] hsr_slave_1: entered allmulticast mode
[  392.316962][T15547] hsr0: left allmulticast mode
[  392.324591][T15547] hsr_slave_0: left allmulticast mode
[  392.334000][T15547] hsr_slave_1: left allmulticast mode
[  392.342983][T15547] hsr0: left promiscuous mode
[  392.435504][T15255] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.463746][T15255] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.506102][ T3944] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.533079][ T3944] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.558477][ T3944] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.577936][ T3944] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.771389][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.793861][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.862755][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.887424][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.395203][T15584] netlink: 'syz.0.3204': attribute type 1 has an invalid length.
[  393.413958][T15586] FAULT_INJECTION: forcing a failure.
[  393.413958][T15586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.427980][T15586] CPU: 0 UID: 0 PID: 15586 Comm: syz.3.3206 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  393.428005][T15586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  393.428015][T15586] Call Trace:
[  393.428022][T15586]  <TASK>
[  393.428039][T15586]  dump_stack_lvl+0x189/0x250
[  393.428068][T15586]  ? __pfx____ratelimit+0x10/0x10
[  393.428087][T15586]  ? __pfx_dump_stack_lvl+0x10/0x10
[  393.428109][T15586]  ? __pfx__printk+0x10/0x10
[  393.428139][T15586]  should_fail_ex+0x414/0x560
[  393.428165][T15586]  _copy_to_user+0x31/0xb0
[  393.428185][T15586]  simple_read_from_buffer+0xe1/0x170
[  393.428207][T15586]  proc_fail_nth_read+0x1df/0x250
[  393.428229][T15586]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.428251][T15586]  ? rw_verify_area+0x258/0x650
[  393.428271][T15586]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.428288][T15586]  vfs_read+0x1fd/0x980
[  393.428314][T15586]  ? __pfx___mutex_lock+0x10/0x10
[  393.428329][T15586]  ? __pfx_vfs_read+0x10/0x10
[  393.428352][T15586]  ? __fget_files+0x2a/0x420
[  393.428372][T15586]  ? __fget_files+0x3a0/0x420
[  393.428388][T15586]  ? __fget_files+0x2a/0x420
[  393.428415][T15586]  ksys_read+0x145/0x250
[  393.428429][T15586]  ? __fget_files+0x2a/0x420
[  393.428449][T15586]  ? __pfx_ksys_read+0x10/0x10
[  393.428477][T15586]  ? do_syscall_64+0xbe/0x3b0
[  393.428499][T15586]  do_syscall_64+0xfa/0x3b0
[  393.428514][T15586]  ? lockdep_hardirqs_on+0x9c/0x150
[  393.428530][T15586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.428547][T15586]  ? clear_bhb_loop+0x60/0xb0
[  393.428567][T15586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.428583][T15586] RIP: 0033:0x7fbdf458d33c
[  393.428597][T15586] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  393.428611][T15586] RSP: 002b:00007fbdf541a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  393.428629][T15586] RAX: ffffffffffffffda RBX: 00007fbdf47b5fa0 RCX: 00007fbdf458d33c
[  393.428641][T15586] RDX: 000000000000000f RSI: 00007fbdf541a0a0 RDI: 0000000000000003
[  393.428652][T15586] RBP: 00007fbdf541a090 R08: 0000000000000000 R09: 0000000000000000
[  393.428662][T15586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.428672][T15586] R13: 0000000000000000 R14: 00007fbdf47b5fa0 R15: 00007ffe61115f58
[  393.428701][T15586]  </TASK>
[  394.428755][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  394.457158][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  394.469850][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  394.494108][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  394.507575][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  394.720935][   T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  394.752524][   T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.843886][T15632] hsr0: entered promiscuous mode
[  394.886161][   T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  394.908583][   T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.932831][T15632] hsr0: left promiscuous mode
[  395.062487][   T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  395.073043][   T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.109351][T15641] netlink: 'syz.2.3226': attribute type 1 has an invalid length.
[  395.121275][T15641] __nla_validate_parse: 98 callbacks suppressed
[  395.121293][T15641] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3226'.
[  395.122589][T15643] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3228'.
[  395.170319][   T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  395.180891][   T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.318139][T15651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3231'.
[  395.355755][T15654] vlan2: entered promiscuous mode
[  395.361021][T15654] bond0: entered promiscuous mode
[  395.366129][T15654] bond_slave_0: entered promiscuous mode
[  395.372143][T15654] bond_slave_1: entered promiscuous mode
[  395.383666][T15656] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3232'.
[  395.407247][T15614] chnl_net:caif_netlink_parms(): no params data found
[  395.635562][   T36] vlan1: left allmulticast mode
[  395.643062][   T36] bond0: left allmulticast mode
[  395.652451][   T36] batadv0: left allmulticast mode
[  395.657765][   T36] vxlan0: left allmulticast mode
[  395.662899][   T36] vlan1: left promiscuous mode
[  395.669156][   T36] bridge0: port 1(vlan1) entered disabled state
[  396.070211][   T36] bond0 (unregistering): (slave vxlan0): Releasing backup interface
[  396.079542][   T36] vxlan0 (unregistering): left promiscuous mode
[  396.332973][   T36] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  396.342550][   T36] bond0 (unregistering): Released all slaves
[  396.447838][   T36] bond1 (unregistering): (slave veth3): Releasing active interface
[  396.457777][   T36] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  396.467731][   T36] bond1 (unregistering): Released all slaves
[  396.570931][   T36] team0: Port device bond2 removed
[  396.578069][   T36] bond2 (unregistering): Released all slaves
[  396.618851][ T5842] Bluetooth: hci1: command tx timeout
[  396.687853][   T36] team0: Port device bond3 removed
[  396.695317][   T36] bond3 (unregistering): Released all slaves
[  396.795533][   T36] bond4 (unregistering): Released all slaves
[  396.894514][   T36] team0: Port device bond5 removed
[  396.901497][   T36] bond5 (unregistering): Released all slaves
[  396.922314][T15662] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3235'.
[  396.933190][T15673] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3237'.
[  396.970410][T15673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3237'.
[  397.088400][T15683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3240'.
[  397.185941][T15614] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.205414][T15614] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.226122][T15614] bridge_slave_0: entered allmulticast mode
[  397.235359][T15687] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3241'.
[  397.264145][T15614] bridge_slave_0: entered promiscuous mode
[  397.287529][   T36] tipc: Disabling bearer <udp:syz2>
[  397.293453][   T36] tipc: Left network mode
[  397.304107][T15614] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.326575][T15614] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.334212][T15614] bridge_slave_1: entered allmulticast mode
[  397.342263][T15614] bridge_slave_1: entered promiscuous mode
[  397.387395][   T36] IPVS: stopping backup sync thread 5988 ...
[  397.443435][T15696] FAULT_INJECTION: forcing a failure.
[  397.443435][T15696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.458172][T15696] CPU: 1 UID: 0 PID: 15696 Comm: syz.0.3244 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  397.458199][T15696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.458209][T15696] Call Trace:
[  397.458216][T15696]  <TASK>
[  397.458224][T15696]  dump_stack_lvl+0x189/0x250
[  397.458252][T15696]  ? __pfx____ratelimit+0x10/0x10
[  397.458270][T15696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.458293][T15696]  ? __pfx__printk+0x10/0x10
[  397.458312][T15696]  ? __might_fault+0xb0/0x130
[  397.458340][T15696]  should_fail_ex+0x414/0x560
[  397.458365][T15696]  _copy_from_iter+0x1db/0x16f0
[  397.458392][T15696]  ? rcu_is_watching+0x15/0xb0
[  397.458417][T15696]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  397.458436][T15696]  ? __pfx__copy_from_iter+0x10/0x10
[  397.458460][T15696]  ? __build_skb_around+0x257/0x3e0
[  397.458485][T15696]  ? netlink_sendmsg+0x642/0xb30
[  397.458504][T15696]  ? skb_put+0x11b/0x210
[  397.458529][T15696]  netlink_sendmsg+0x6b2/0xb30
[  397.458567][T15696]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.458590][T15696]  ? aa_sock_msg_perm+0x94/0x160
[  397.458613][T15696]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  397.458633][T15696]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.458654][T15696]  __sock_sendmsg+0x21c/0x270
[  397.458676][T15696]  sock_write_iter+0x258/0x330
[  397.458696][T15696]  ? __pfx_sock_write_iter+0x10/0x10
[  397.458726][T15696]  ? __pfx_aa_file_perm+0x10/0x10
[  397.458753][T15696]  do_iter_readv_writev+0x56e/0x7f0
[  397.458774][T15696]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  397.458795][T15696]  ? bpf_lsm_file_permission+0x9/0x20
[  397.458816][T15696]  ? security_file_permission+0x75/0x290
[  397.458835][T15696]  ? rw_verify_area+0x258/0x650
[  397.458862][T15696]  vfs_writev+0x31a/0x960
[  397.458885][T15696]  ? __lock_acquire+0xab9/0xd20
[  397.458908][T15696]  ? __pfx_vfs_writev+0x10/0x10
[  397.458943][T15696]  ? __fget_files+0x2a/0x420
[  397.458964][T15696]  ? __fget_files+0x3a0/0x420
[  397.458981][T15696]  ? __fget_files+0x2a/0x420
[  397.459007][T15696]  do_writev+0x14d/0x2d0
[  397.459028][T15696]  ? __pfx_do_writev+0x10/0x10
[  397.459044][T15696]  ? rcu_is_watching+0x15/0xb0
[  397.459072][T15696]  ? do_syscall_64+0xbe/0x3b0
[  397.459093][T15696]  do_syscall_64+0xfa/0x3b0
[  397.459109][T15696]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.459126][T15696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.459143][T15696]  ? clear_bhb_loop+0x60/0xb0
[  397.459163][T15696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.459179][T15696] RIP: 0033:0x7fdf7398e929
[  397.459195][T15696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.459209][T15696] RSP: 002b:00007fdf74899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  397.459228][T15696] RAX: ffffffffffffffda RBX: 00007fdf73bb5fa0 RCX: 00007fdf7398e929
[  397.459241][T15696] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  397.459251][T15696] RBP: 00007fdf74899090 R08: 0000000000000000 R09: 0000000000000000
[  397.459262][T15696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.459273][T15696] R13: 0000000000000000 R14: 00007fdf73bb5fa0 R15: 00007ffcbbe61aa8
[  397.459301][T15696]  </TASK>
[  397.788351][T15694] syz_tun: entered promiscuous mode
[  397.793706][T15694] vlan2: entered promiscuous mode
[  397.873121][T15702] netlink: 'syz.4.3247': attribute type 4 has an invalid length.
[  397.912166][T15614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  397.931729][T15702] veth1_macvtap: left promiscuous mode
[  397.979461][T15614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  398.146876][T15713] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3254'.
[  398.150234][T15614] team0: Port device team_slave_0 added
[  398.220332][   T36] hsr_slave_0: left promiscuous mode
[  398.233366][   T36] hsr_slave_1: left promiscuous mode
[  398.696559][ T5842] Bluetooth: hci1: command tx timeout
[  398.954981][T15614] team0: Port device team_slave_1 added
[  399.101709][T15721] syzkaller0: entered promiscuous mode
[  399.110062][T15721] syzkaller0: entered allmulticast mode
[  400.723468][T15614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  400.750202][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.777222][ T5842] Bluetooth: hci1: command tx timeout
[  400.824745][T15614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  400.849708][T15614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  400.856910][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.888220][T15614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  400.943512][T15749] hsr0: entered promiscuous mode
[  400.956152][T15749] hsr0: left promiscuous mode
[  401.075952][T15758] netlink: 'syz.0.3268': attribute type 10 has an invalid length.
[  401.186310][T15758] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.203383][T15758] batadv0: entered promiscuous mode
[  401.253950][T15758] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  401.335136][T15614] hsr_slave_0: entered promiscuous mode
[  401.354014][T15614] hsr_slave_1: entered promiscuous mode
[  401.371045][T15614] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.381100][T15614] Cannot create hsr debugfs directory
[  401.554409][   T36] IPVS: stop unused estimator thread 0...
[  401.913693][T15785] vlan2: entered promiscuous mode
[  402.267325][T15802] IPv6: addrconf: prefix option has invalid lifetime
[  402.502388][T15812] netlink: 'syz.4.3287': attribute type 10 has an invalid length.
[  402.631271][T15812] 8021q: adding VLAN 0 to HW filter on device batadv0
[  402.675439][T15812] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  402.847831][   T51] Bluetooth: hci1: command tx timeout
[  402.950656][T15824] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.3292'.
[  403.198123][T15828] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3293'.
[  403.269171][T15614] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  403.330438][T15614] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  403.449624][T15614] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  403.467504][T15614] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  403.790720][T15614] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.891366][T15859] hsr0: entered promiscuous mode
[  403.898034][T15859] hsr0: left promiscuous mode
[  403.910321][T15614] 8021q: adding VLAN 0 to HW filter on device team0
[  403.951179][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.958417][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  404.036475][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.043706][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.134270][T15614] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  404.166436][T15614] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  404.174327][T15870] netlink: 'syz.1.3305': attribute type 10 has an invalid length.
[  404.616240][T15614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.835963][T15614] veth0_vlan: entered promiscuous mode
[  404.873473][T15614] veth1_vlan: entered promiscuous mode
[  404.914356][T15881] FAULT_INJECTION: forcing a failure.
[  404.914356][T15881] name failslab, interval 1, probability 0, space 0, times 0
[  404.937134][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  404.956871][T15614] veth0_macvtap: entered promiscuous mode
[  404.971186][T15881] CPU: 0 UID: 0 PID: 15881 Comm: syz.2.3308 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  404.971214][T15881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.971225][T15881] Call Trace:
[  404.971232][T15881]  <TASK>
[  404.971240][T15881]  dump_stack_lvl+0x189/0x250
[  404.971269][T15881]  ? __pfx____ratelimit+0x10/0x10
[  404.971287][T15881]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.971310][T15881]  ? __pfx__printk+0x10/0x10
[  404.971335][T15881]  ? __pfx___might_resched+0x10/0x10
[  404.971357][T15881]  ? fs_reclaim_acquire+0x7d/0x100
[  404.971380][T15881]  should_fail_ex+0x414/0x560
[  404.971407][T15881]  should_failslab+0xa8/0x100
[  404.971428][T15881]  __kmalloc_cache_noprof+0x70/0x3d0
[  404.971445][T15881]  ? tcp_sendmsg_fastopen+0x1de/0x5e0
[  404.971469][T15881]  tcp_sendmsg_fastopen+0x1de/0x5e0
[  404.971496][T15881]  tcp_sendmsg_locked+0x4d29/0x5630
[  404.971517][T15881]  ? tcp_sendmsg_locked+0x321/0x5630
[  404.971537][T15881]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  404.971589][T15881]  ? __lock_acquire+0xab9/0xd20
[  404.971625][T15881]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  404.971641][T15881]  ? __local_bh_enable_ip+0x12d/0x1c0
[  404.971669][T15881]  ? __local_bh_enable_ip+0x12d/0x1c0
[  404.971706][T15881]  tcp_sendmsg+0x2f/0x50
[  404.971724][T15881]  __sock_sendmsg+0xe5/0x270
[  404.971747][T15881]  __sys_sendto+0x3bd/0x520
[  404.971771][T15881]  ? __pfx___sys_sendto+0x10/0x10
[  404.971790][T15881]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  404.971822][T15881]  ? __fget_files+0x3a0/0x420
[  404.971852][T15881]  ? ksys_write+0x22a/0x250
[  404.971870][T15881]  ? __pfx_ksys_write+0x10/0x10
[  404.971884][T15881]  ? rcu_is_watching+0x15/0xb0
[  404.971913][T15881]  __x64_sys_sendto+0xde/0x100
[  404.971939][T15881]  do_syscall_64+0xfa/0x3b0
[  404.971956][T15881]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.971972][T15881]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.971990][T15881]  ? clear_bhb_loop+0x60/0xb0
[  404.972011][T15881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.972027][T15881] RIP: 0033:0x7f0c6f38e929
[  404.972043][T15881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.972057][T15881] RSP: 002b:00007f0c7026d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  404.972080][T15881] RAX: ffffffffffffffda RBX: 00007f0c6f5b5fa0 RCX: 00007f0c6f38e929
[  404.972093][T15881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  404.972103][T15881] RBP: 00007f0c7026d090 R08: 00002000000001c0 R09: 000000000000001c
[  404.972115][T15881] R10: 0000000020008045 R11: 0000000000000246 R12: 0000000000000001
[  404.972125][T15881] R13: 0000000000000000 R14: 00007f0c6f5b5fa0 R15: 00007ffd7cf12288
[  404.972159][T15881]  </TASK>
[  405.128135][T15614] veth1_macvtap: entered promiscuous mode
[  405.451822][T15614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  405.492120][T15614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  405.555076][   T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.575881][   T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.598754][T13452] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.610596][T13452] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.644654][T15893] xt_CT: You must specify a L4 protocol and not use inversions on it
[  405.683652][T15893] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3314'.
[  405.804878][T15902] Bluetooth: hci0: Opcode 0x080f failed: -22
[  405.841603][T13452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.894912][T13452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.091721][T13452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.112012][T13452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  407.084003][T15932] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3327'.
[  407.148934][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  407.159807][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  407.182402][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  407.193758][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  407.202670][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  407.341499][T15944] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3330'.
[  407.742776][T15961] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3336'.
[  407.757603][T15961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3336'.
[  407.806701][ T5842] Bluetooth: hci0: command tx timeout
[  407.917862][ T3541] team0: left allmulticast mode
[  407.937581][ T3541] C: left allmulticast mode
[  407.950691][ T3541] team_slave_1: left allmulticast mode
[  407.966591][ T3541] bond1: left allmulticast mode
[  407.971644][ T3541] bond0: left allmulticast mode
[  407.976665][ T3541] team0: left promiscuous mode
[  407.981508][ T3541] C: left promiscuous mode
[  407.987427][ T3541] team_slave_1: left promiscuous mode
[  407.993077][ T3541] bond1: left promiscuous mode
[  407.999196][ T3541] bond0: left promiscuous mode
[  408.005364][ T3541] bridge0: port 3(team0) entered disabled state
[  408.023640][ T3541] bridge_slave_1: left allmulticast mode
[  408.029642][ T3541] bridge_slave_1: left promiscuous mode
[  408.035784][ T3541] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.048967][ T3541] bridge_slave_0: left allmulticast mode
[  408.054751][ T3541] bridge_slave_0: left promiscuous mode
[  408.062216][ T3541] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.123372][T15973] netlink: 'syz.4.3340': attribute type 1 has an invalid length.
[  408.394185][T15983] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3343'.
[  408.419716][ T3541] dvmrp1 (unregistering): left allmulticast mode
[  408.664989][ T3541] team0: Port device bond1 removed
[  408.671236][ T3541] bond1 (unregistering): Released all slaves
[  408.784906][ T3541] bond2 (unregistering): Released all slaves
[  408.889626][ T3541] team0: Port device bond0 removed
[  408.907103][ T3541] bond0 (unregistering): Released all slaves
[  409.033077][T15978] gretap1: entered promiscuous mode
[  409.080795][T15935] chnl_net:caif_netlink_parms(): no params data found
[  409.095786][ T3541] tipc: Left network mode
[  409.328463][ T5842] Bluetooth: hci4: command tx timeout
[  409.604358][T16009] hsr0: entered promiscuous mode
[  409.609702][T16009] hsr0: left promiscuous mode
[  409.677706][T15935] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.709206][T15935] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.720215][T15935] bridge_slave_0: entered allmulticast mode
[  409.732271][T15935] bridge_slave_0: entered promiscuous mode
[  409.778470][T15935] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.791088][T15935] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.800167][T15935] bridge_slave_1: entered allmulticast mode
[  409.813481][T15935] bridge_slave_1: entered promiscuous mode
[  409.822147][T16022] netlink: 'syz.4.3355': attribute type 4 has an invalid length.
[  409.844622][ T3541] hsr_slave_0: left promiscuous mode
[  409.857923][ T3541] hsr_slave_1: left promiscuous mode
[  409.873577][ T3541] batman_adv: batadv0: Removing interface: batadv_slave_0
[  409.873612][T16025] netlink: 'syz.4.3355': attribute type 4 has an invalid length.
[  409.890268][ T3541] batman_adv: batadv0: Removing interface: batadv_slave_1
[  409.911206][ T3541] batman_adv: batadv0: Removing interface: virt_wifi0
[  410.510599][ T3541] team0 (unregistering): Port device team_slave_1 removed
[  410.564168][ T3541] team0 (unregistering): Port device C removed
[  410.899477][T16023] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3357'.
[  411.100334][T15935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.142114][T15935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.259259][T16037] vlan2: entered promiscuous mode
[  411.264322][T16037] bond0: entered promiscuous mode
[  411.272713][T16037] bond_slave_0: entered promiscuous mode
[  411.280577][T16037] bond_slave_1: entered promiscuous mode
[  411.306110][T15935] team0: Port device team_slave_0 added
[  411.330084][T15935] team0: Port device team_slave_1 added
[  411.417907][ T5842] Bluetooth: hci4: command tx timeout
[  411.525653][T15935] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.536633][T16044] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3364'.
[  411.537725][T15935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.571860][T15935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  411.610343][T15935] batman_adv: batadv0: Adding interface: batadv_slave_1
[  411.619497][T15935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.664488][T16046] FAULT_INJECTION: forcing a failure.
[  411.664488][T16046] name failslab, interval 1, probability 0, space 0, times 0
[  411.687734][T15935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  411.698327][T16046] CPU: 1 UID: 0 PID: 16046 Comm: syz.3.3365 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  411.698351][T16046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.698362][T16046] Call Trace:
[  411.698369][T16046]  <TASK>
[  411.698375][T16046]  dump_stack_lvl+0x189/0x250
[  411.698403][T16046]  ? __pfx____ratelimit+0x10/0x10
[  411.698419][T16046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.698437][T16046]  ? __pfx__printk+0x10/0x10
[  411.698466][T16046]  should_fail_ex+0x414/0x560
[  411.698486][T16046]  should_failslab+0xa8/0x100
[  411.698501][T16046]  kmem_cache_alloc_noprof+0x73/0x3c0
[  411.698526][T16046]  ? skb_clone+0x212/0x3a0
[  411.698542][T16046]  skb_clone+0x212/0x3a0
[  411.698556][T16046]  __netlink_deliver_tap+0x404/0x850
[  411.698582][T16046]  ? netlink_deliver_tap+0x2e/0x1b0
[  411.698599][T16046]  netlink_deliver_tap+0x19c/0x1b0
[  411.698615][T16046]  netlink_sendskb+0x68/0x140
[  411.698630][T16046]  netlink_rcv_skb+0x28c/0x470
[  411.698646][T16046]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  411.698664][T16046]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  411.698692][T16046]  ? netlink_deliver_tap+0x2e/0x1b0
[  411.698706][T16046]  ? netlink_deliver_tap+0x2e/0x1b0
[  411.698723][T16046]  xfrm_netlink_rcv+0x79/0x90
[  411.698739][T16046]  netlink_unicast+0x758/0x8d0
[  411.698762][T16046]  netlink_sendmsg+0x805/0xb30
[  411.698785][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.698803][T16046]  ? aa_sock_msg_perm+0x94/0x160
[  411.698820][T16046]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  411.698836][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.698852][T16046]  __sock_sendmsg+0x21c/0x270
[  411.698869][T16046]  ____sys_sendmsg+0x505/0x830
[  411.698891][T16046]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.698916][T16046]  ? import_iovec+0x74/0xa0
[  411.698932][T16046]  ___sys_sendmsg+0x21f/0x2a0
[  411.698951][T16046]  ? __pfx____sys_sendmsg+0x10/0x10
[  411.698996][T16046]  ? __fget_files+0x2a/0x420
[  411.699009][T16046]  ? __fget_files+0x3a0/0x420
[  411.699031][T16046]  __x64_sys_sendmsg+0x19b/0x260
[  411.699051][T16046]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  411.699076][T16046]  ? __pfx_ksys_write+0x10/0x10
[  411.699086][T16046]  ? rcu_is_watching+0x15/0xb0
[  411.699108][T16046]  ? do_syscall_64+0xbe/0x3b0
[  411.699124][T16046]  do_syscall_64+0xfa/0x3b0
[  411.699136][T16046]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.699148][T16046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.699160][T16046]  ? clear_bhb_loop+0x60/0xb0
[  411.699175][T16046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.699187][T16046] RIP: 0033:0x7fdc8698e929
[  411.699200][T16046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.699210][T16046] RSP: 002b:00007fdc8773c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  411.699224][T16046] RAX: ffffffffffffffda RBX: 00007fdc86bb5fa0 RCX: 00007fdc8698e929
[  411.699234][T16046] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  411.699242][T16046] RBP: 00007fdc8773c090 R08: 0000000000000000 R09: 0000000000000000
[  411.699249][T16046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.699257][T16046] R13: 0000000000000000 R14: 00007fdc86bb5fa0 R15: 00007fff74fa0f48
[  411.699279][T16046]  </TASK>
[  412.042080][T16050] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3367'.
[  412.183107][T15935] hsr_slave_0: entered promiscuous mode
[  412.193983][T15935] hsr_slave_1: entered promiscuous mode
[  412.206950][T15935] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  412.227629][T15935] Cannot create hsr debugfs directory
[  412.269954][T16054] trusted_key: syz.0.3368 sent an empty control message without MSG_MORE.
[  412.405211][T16062] netlink: 'syz.2.3371': attribute type 10 has an invalid length.
[  412.438366][T16057] : entered promiscuous mode
[  412.476470][T16062] 8021q: adding VLAN 0 to HW filter on device batadv0
[  412.510944][T16062] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  412.691392][T16069] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3376'.
[  412.729732][T16071] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3375'.
[  412.868976][T16074] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3377'.
[  413.084164][T16077] netlink: 'syz.4.3379': attribute type 13 has an invalid length.
[  413.105604][T16082] mac80211_hwsim hwsim19 wlan0: entered promiscuous mode
[  413.116449][T16077] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3379'.
[  413.148994][T16082] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  413.486494][ T5842] Bluetooth: hci4: command tx timeout
[  413.638311][T16104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3388'.
[  414.002862][T16118] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3394'.
[  414.134189][ T3541] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  414.199101][T15935] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  414.213071][ T3541] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  414.224448][T16120] openvswitch: netlink: Flow key attr not present in new flow.
[  414.232247][T15935] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  414.266695][T16120] netlink: 'syz.2.3393': attribute type 1 has an invalid length.
[  414.280811][ T3541] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  414.304437][ T3541] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  414.324737][T16130] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3396'.
[  414.341246][T16130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3396'.
[  414.384307][T16132] netlink: 'syz.4.3397': attribute type 5 has an invalid length.
[  414.404337][T15935] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  414.529356][T16140] FAULT_INJECTION: forcing a failure.
[  414.529356][T16140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.543585][T16140] CPU: 1 UID: 0 PID: 16140 Comm: syz.4.3400 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  414.543632][T16140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.543654][T16140] Call Trace:
[  414.543668][T16140]  <TASK>
[  414.543683][T16140]  dump_stack_lvl+0x189/0x250
[  414.543731][T16140]  ? __pfx____ratelimit+0x10/0x10
[  414.543754][T16140]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.543790][T16140]  ? __pfx__printk+0x10/0x10
[  414.543813][T16140]  ? __might_fault+0xb0/0x130
[  414.543855][T16140]  should_fail_ex+0x414/0x560
[  414.543879][T16140]  _copy_from_user+0x2d/0xb0
[  414.543897][T16140]  __sys_sendto+0x25c/0x520
[  414.543917][T16140]  ? __pfx___sys_sendto+0x10/0x10
[  414.543943][T16140]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  414.543971][T16140]  ? __fget_files+0x3a0/0x420
[  414.543997][T16140]  ? ksys_write+0x22a/0x250
[  414.544015][T16140]  ? __pfx_ksys_write+0x10/0x10
[  414.544027][T16140]  ? rcu_is_watching+0x15/0xb0
[  414.544055][T16140]  __x64_sys_sendto+0xde/0x100
[  414.544079][T16140]  do_syscall_64+0xfa/0x3b0
[  414.544094][T16140]  ? lockdep_hardirqs_on+0x9c/0x150
[  414.544111][T16140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.544126][T16140]  ? clear_bhb_loop+0x60/0xb0
[  414.544147][T16140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.544163][T16140] RIP: 0033:0x7f4c0cb8e929
[  414.544178][T16140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.544192][T16140] RSP: 002b:00007f4c0dac1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  414.544211][T16140] RAX: ffffffffffffffda RBX: 00007f4c0cdb5fa0 RCX: 00007f4c0cb8e929
[  414.544223][T16140] RDX: 0000000000000001 RSI: 0000200000000700 RDI: 0000000000000003
[  414.544234][T16140] RBP: 00007f4c0dac1090 R08: 0000200000000a80 R09: 000000000000001c
[  414.544246][T16140] R10: 00000000200088c5 R11: 0000000000000246 R12: 0000000000000001
[  414.544257][T16140] R13: 0000000000000000 R14: 00007f4c0cdb5fa0 R15: 00007ffc727edd58
[  414.544286][T16140]  </TASK>
[  414.555626][T15935] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  414.751924][T16149] netlink: 'syz.4.3402': attribute type 4 has an invalid length.
[  415.300694][T15935] 8021q: adding VLAN 0 to HW filter on device bond0
[  415.425740][T15935] 8021q: adding VLAN 0 to HW filter on device team0
[  415.468117][T13452] bridge0: port 1(bridge_slave_0) entered blocking state
[  415.475309][T13452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  415.523614][T13452] bridge0: port 2(bridge_slave_1) entered blocking state
[  415.530837][T13452] bridge0: port 2(bridge_slave_1) entered forwarding state
[  415.567386][ T5842] Bluetooth: hci4: command tx timeout
[  415.744210][T16191] vlan2: entered promiscuous mode
[  415.757723][T16158] sctp: [Deprecated]: syz.4.3405 (pid 16158) Use of struct sctp_assoc_value in delayed_ack socket option.
[  415.757723][T16158] Use struct sctp_sack_info instead
[  415.894466][T16197] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3415'.
[  415.956522][T16197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3415'.
[  416.140596][T15935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  416.387502][T16211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3420'.
[  416.578267][T15935] veth0_vlan: entered promiscuous mode
[  416.642244][T16223] netlink: 'syz.2.3423': attribute type 1 has an invalid length.
[  416.655785][T15935] veth1_vlan: entered promiscuous mode
[  416.660632][T16223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3423'.
[  416.791933][T15935] veth0_macvtap: entered promiscuous mode
[  416.823786][T15935] veth1_macvtap: entered promiscuous mode
[  416.903464][T15935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  416.954946][T15935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  417.085180][T13454] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  417.140109][T13454] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  417.161186][   T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  417.194541][   T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  417.371147][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  417.400632][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  417.481145][T13452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  417.490430][T16242] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3429'.
[  417.515183][T13452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  417.525874][T16242] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3429'.
[  417.946699][T16256] tipc: Started in network mode
[  417.951693][T16256] tipc: Node identity dea471e7de9f, cluster identity 4711
[  417.959231][T16256] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  418.489913][T16277] netlink: 'syz.2.3437': attribute type 7 has an invalid length.
[  418.964691][T16256] tipc: Disabling bearer <eth:syzkaller0>
[  419.243842][T16292] 8021q: adding VLAN 0 to HW filter on device bond1
[  419.256002][T16292] team0: Port device bond1 added
[  419.279448][T16292] __nla_validate_parse: 3 callbacks suppressed
[  419.279468][T16292] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3443'.
[  419.294882][T16292] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3443'.
[  419.305348][T16292] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3443'.
[  419.314584][T16292] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3443'.
[  419.519242][T16306] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3444'.
[  419.531820][T16306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3444'.
[  419.844087][T16323] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3451'.
[  419.854753][T16323] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3451'.
[  420.270094][T16334] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3456'.
[  420.296126][T16338] gre1: entered promiscuous mode
[  420.301744][T16338] gre1: entered allmulticast mode
[  420.362141][T16342] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.3457'.
[  420.590454][T16354] pim6reg: entered allmulticast mode
[  420.875997][T16362] pim6reg: left allmulticast mode
[  421.139346][T16374] tipc: Started in network mode
[  421.144339][T16374] tipc: Node identity ce4837e849b3, cluster identity 4711
[  421.162574][T16374] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  421.252444][T16364] tipc: Disabling bearer <eth:syzkaller0>
[  421.457321][T16385] netlink: 'syz.1.3476': attribute type 4 has an invalid length.
[  421.526289][T16385] veth1_macvtap: left promiscuous mode
[  421.806796][T16402] netlink: 'syz.0.3481': attribute type 1 has an invalid length.
[  422.069157][T16415] Bluetooth: MGMT ver 1.23
[  422.384335][T16434] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  422.398559][T16431] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7
[  422.674322][ T3083] IPVS: starting estimator thread 0...
[  422.769655][T16453] netlink: 'syz.1.3503': attribute type 10 has an invalid length.
[  422.789982][T16448] IPVS: using max 29 ests per chain, 69600 per kthread
[  422.836192][T16453] 8021q: adding VLAN 0 to HW filter on device batadv0
[  422.884930][T16453] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  423.182667][T16475] netlink: 'syz.4.3513': attribute type 1 has an invalid length.
[  423.244763][T16477] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  423.262758][T16474] netlink: 'syz.3.3514': attribute type 1 has an invalid length.
[  424.816238][T16522] netlink: 'syz.4.3536': attribute type 4 has an invalid length.
[  424.951807][T16531] netlink: 'syz.0.3537': attribute type 1 has an invalid length.
[  424.959833][T16531] __nla_validate_parse: 17 callbacks suppressed
[  424.959850][T16531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3537'.
[  425.083986][T16535] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3539'.
[  425.109782][T16538] FAULT_INJECTION: forcing a failure.
[  425.109782][T16538] name failslab, interval 1, probability 0, space 0, times 0
[  425.113669][T16535] 8021q: VLANs not supported on nlmon0
[  425.144842][T16538] CPU: 0 UID: 0 PID: 16538 Comm: syz.3.3540 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  425.144867][T16538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  425.144878][T16538] Call Trace:
[  425.144884][T16538]  <TASK>
[  425.144891][T16538]  dump_stack_lvl+0x189/0x250
[  425.144918][T16538]  ? __pfx____ratelimit+0x10/0x10
[  425.144935][T16538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.144956][T16538]  ? __pfx__printk+0x10/0x10
[  425.144978][T16538]  ? __pfx___might_resched+0x10/0x10
[  425.145003][T16538]  should_fail_ex+0x414/0x560
[  425.145028][T16538]  should_failslab+0xa8/0x100
[  425.145047][T16538]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  425.145064][T16538]  ? __alloc_skb+0x112/0x2d0
[  425.145085][T16538]  __alloc_skb+0x112/0x2d0
[  425.145106][T16538]  netlink_sendmsg+0x5c6/0xb30
[  425.145140][T16538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.145162][T16538]  ? aa_sock_msg_perm+0x94/0x160
[  425.145185][T16538]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  425.145204][T16538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.145225][T16538]  __sock_sendmsg+0x21c/0x270
[  425.145246][T16538]  ____sys_sendmsg+0x505/0x830
[  425.145274][T16538]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.145304][T16538]  ? import_iovec+0x74/0xa0
[  425.145325][T16538]  ___sys_sendmsg+0x21f/0x2a0
[  425.145350][T16538]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.145406][T16538]  ? __fget_files+0x2a/0x420
[  425.145422][T16538]  ? __fget_files+0x3a0/0x420
[  425.145449][T16538]  __x64_sys_sendmsg+0x19b/0x260
[  425.145474][T16538]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  425.145503][T16538]  ? __pfx_ksys_write+0x10/0x10
[  425.145515][T16538]  ? rcu_is_watching+0x15/0xb0
[  425.145543][T16538]  ? do_syscall_64+0xbe/0x3b0
[  425.145563][T16538]  do_syscall_64+0xfa/0x3b0
[  425.145581][T16538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.145596][T16538]  ? asm_sysvec_call_function_single+0x1a/0x20
[  425.145611][T16538]  ? clear_bhb_loop+0x60/0xb0
[  425.145630][T16538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.145646][T16538] RIP: 0033:0x7fdc8698e929
[  425.145661][T16538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.145674][T16538] RSP: 002b:00007fdc8773c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.145692][T16538] RAX: ffffffffffffffda RBX: 00007fdc86bb5fa0 RCX: 00007fdc8698e929
[  425.145703][T16538] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000012
[  425.145713][T16538] RBP: 00007fdc8773c090 R08: 0000000000000000 R09: 0000000000000000
[  425.145753][T16538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.145762][T16538] R13: 0000000000000000 R14: 00007fdc86bb5fa0 R15: 00007fff74fa0f48
[  425.145788][T16538]  </TASK>
[  425.552792][T16548] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3545'.
[  425.718479][T16559] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3547'.
[  425.743372][T16559] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3547'.
[  425.763963][T16562] netlink: 'syz.0.3550': attribute type 4 has an invalid length.
[  426.207369][T16580] syz_tun: entered promiscuous mode
[  426.222868][T16580] vlan2: entered promiscuous mode
[  426.294255][T16587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3562'.
[  426.330629][T16588] netlink: 'syz.2.3561': attribute type 1 has an invalid length.
[  426.355372][T16588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3561'.
[  426.787110][T16613] vlan2: entered promiscuous mode
[  426.949058][T16623] bond0: entered allmulticast mode
[  426.955182][T16623] bond_slave_0: entered allmulticast mode
[  426.962673][T16623] bond_slave_1: entered allmulticast mode
[  426.971642][T16623] batadv0: entered allmulticast mode
[  427.073009][T16629] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.3580'.
[  427.166661][T16634] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3582'.
[  427.360766][T16644] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3585'.
[  427.379293][T16646] netlink: 'syz.0.3586': attribute type 4 has an invalid length.
[  427.623008][T16653] sch_tbf: burst 8 is lower than device macvtap0 mtu (1514) !
[  427.761533][T16666] netlink: 'syz.2.3592': attribute type 1 has an invalid length.
[  427.859807][T16672] FAULT_INJECTION: forcing a failure.
[  427.859807][T16672] name failslab, interval 1, probability 0, space 0, times 0
[  427.876742][T16672] CPU: 1 UID: 0 PID: 16672 Comm: syz.0.3597 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  427.876768][T16672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  427.876783][T16672] Call Trace:
[  427.876790][T16672]  <TASK>
[  427.876797][T16672]  dump_stack_lvl+0x189/0x250
[  427.876825][T16672]  ? __pfx____ratelimit+0x10/0x10
[  427.876842][T16672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.876865][T16672]  ? __pfx__printk+0x10/0x10
[  427.876888][T16672]  ? __pfx___might_resched+0x10/0x10
[  427.876914][T16672]  should_fail_ex+0x414/0x560
[  427.876946][T16672]  should_failslab+0xa8/0x100
[  427.876967][T16672]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  427.876985][T16672]  ? __get_vm_area_node+0x13f/0x300
[  427.877006][T16672]  __get_vm_area_node+0x13f/0x300
[  427.877030][T16672]  __vmalloc_node_range_noprof+0x301/0x12f0
[  427.877049][T16672]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  427.877073][T16672]  ? is_bpf_text_address+0x26/0x2b0
[  427.877120][T16672]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  427.877136][T16672]  ? __might_fault+0xb0/0x130
[  427.877152][T16672]  ? __pfx_aa_get_newest_label+0x10/0x10
[  427.877172][T16672]  ? _parse_integer_limit+0x1ae/0x1f0
[  427.877199][T16672]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  427.877219][T16672]  __vmalloc_noprof+0xb1/0xf0
[  427.877237][T16672]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  427.877262][T16672]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  427.877289][T16672]  bpf_prog_alloc+0x3c/0x1a0
[  427.877313][T16672]  bpf_prog_load+0x735/0x1930
[  427.877346][T16672]  ? __pfx_bpf_prog_load+0x10/0x10
[  427.877389][T16672]  ? bpf_lsm_bpf+0x9/0x20
[  427.877402][T16672]  ? security_bpf+0x7e/0x300
[  427.877424][T16672]  __sys_bpf+0x5f1/0x860
[  427.877446][T16672]  ? __pfx___sys_bpf+0x10/0x10
[  427.877480][T16672]  ? ksys_write+0x22a/0x250
[  427.877499][T16672]  ? __pfx_ksys_write+0x10/0x10
[  427.877522][T16672]  __x64_sys_bpf+0x7c/0x90
[  427.877543][T16672]  do_syscall_64+0xfa/0x3b0
[  427.877559][T16672]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.877575][T16672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.877590][T16672]  ? clear_bhb_loop+0x60/0xb0
[  427.877611][T16672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.877630][T16672] RIP: 0033:0x7fdf7398e929
[  427.877646][T16672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.877660][T16672] RSP: 002b:00007fdf74899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  427.877678][T16672] RAX: ffffffffffffffda RBX: 00007fdf73bb5fa0 RCX: 00007fdf7398e929
[  427.877690][T16672] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[  427.877700][T16672] RBP: 00007fdf74899090 R08: 0000000000000000 R09: 0000000000000000
[  427.877710][T16672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.877720][T16672] R13: 0000000000000000 R14: 00007fdf73bb5fa0 R15: 00007ffcbbe61aa8
[  427.877747][T16672]  </TASK>
[  427.881292][T16672] warn_alloc: 1 callbacks suppressed
[  427.881308][T16672] syz.0.3597: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  428.221219][T16672] CPU: 1 UID: 0 PID: 16672 Comm: syz.0.3597 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  428.221246][T16672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  428.221263][T16672] Call Trace:
[  428.221271][T16672]  <TASK>
[  428.221278][T16672]  dump_stack_lvl+0x189/0x250
[  428.221315][T16672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  428.221338][T16672]  ? __pfx__printk+0x10/0x10
[  428.221354][T16672]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  428.221372][T16672]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  428.221391][T16672]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  428.221412][T16672]  warn_alloc+0x214/0x310
[  428.221437][T16672]  ? __pfx_warn_alloc+0x10/0x10
[  428.221458][T16672]  ? __get_vm_area_node+0x13f/0x300
[  428.221487][T16672]  ? __get_vm_area_node+0x2b5/0x300
[  428.221515][T16672]  __vmalloc_node_range_noprof+0x326/0x12f0
[  428.221536][T16672]  ? is_bpf_text_address+0x26/0x2b0
[  428.221582][T16672]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  428.221604][T16672]  ? __might_fault+0xb0/0x130
[  428.221624][T16672]  ? __pfx_aa_get_newest_label+0x10/0x10
[  428.221645][T16672]  ? _parse_integer_limit+0x1ae/0x1f0
[  428.221672][T16672]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  428.221692][T16672]  __vmalloc_noprof+0xb1/0xf0
[  428.221710][T16672]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  428.221733][T16672]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  428.221758][T16672]  bpf_prog_alloc+0x3c/0x1a0
[  428.221780][T16672]  bpf_prog_load+0x735/0x1930
[  428.221811][T16672]  ? __pfx_bpf_prog_load+0x10/0x10
[  428.221848][T16672]  ? bpf_lsm_bpf+0x9/0x20
[  428.221874][T16672]  ? security_bpf+0x7e/0x300
[  428.221896][T16672]  __sys_bpf+0x5f1/0x860
[  428.221917][T16672]  ? __pfx___sys_bpf+0x10/0x10
[  428.221955][T16672]  ? ksys_write+0x22a/0x250
[  428.221979][T16672]  ? __pfx_ksys_write+0x10/0x10
[  428.222001][T16672]  __x64_sys_bpf+0x7c/0x90
[  428.222018][T16672]  do_syscall_64+0xfa/0x3b0
[  428.222033][T16672]  ? lockdep_hardirqs_on+0x9c/0x150
[  428.222053][T16672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.222068][T16672]  ? clear_bhb_loop+0x60/0xb0
[  428.222086][T16672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.222102][T16672] RIP: 0033:0x7fdf7398e929
[  428.222122][T16672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.222136][T16672] RSP: 002b:00007fdf74899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  428.222153][T16672] RAX: ffffffffffffffda RBX: 00007fdf73bb5fa0 RCX: 00007fdf7398e929
[  428.222165][T16672] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[  428.222176][T16672] RBP: 00007fdf74899090 R08: 0000000000000000 R09: 0000000000000000
[  428.222186][T16672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.222195][T16672] R13: 0000000000000000 R14: 00007fdf73bb5fa0 R15: 00007ffcbbe61aa8
[  428.222221][T16672]  </TASK>
[  428.222259][T16672] Mem-Info:
[  428.515060][T16672] active_anon:4618 inactive_anon:0 isolated_anon:0
[  428.515060][T16672]  active_file:2109 inactive_file:39978 isolated_file:0
[  428.515060][T16672]  unevictable:768 dirty:285 writeback:0
[  428.515060][T16672]  slab_reclaimable:11591 slab_unreclaimable:101200
[  428.515060][T16672]  mapped:29801 shmem:1369 pagetables:1092
[  428.515060][T16672]  sec_pagetables:0 bounce:0
[  428.515060][T16672]  kernel_misc_reclaimable:0
[  428.515060][T16672]  free:1327490 free_pcp:12958 free_cma:0
[  428.574752][T16672] Node 0 active_anon:18372kB inactive_anon:0kB active_file:8436kB inactive_file:159708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119204kB dirty:1136kB writeback:0kB shmem:3940kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11380kB pagetables:4224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  428.628920][T16680] mac80211_hwsim hwsim29 wlan0: entered promiscuous mode
[  428.640310][T16680] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  428.671714][T16672] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  428.737769][T16672] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  428.786504][T16672] lowmem_reserve[]: 0 2500 2502 2502 2502
[  428.801343][T16672] Node 0 DMA32 free:1384236kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18220kB inactive_anon:0kB active_file:8436kB inactive_file:157884kB unevictable:1536kB writepending:1232kB present:3129332kB managed:2561012kB mlocked:0kB bounce:0kB free_pcp:38664kB local_pcp:17848kB free_cma:0kB
[  428.843238][T16672] lowmem_reserve[]: 0 0 1 1 1
[  428.863567][T16672] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1824kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  428.896053][T16691] mac80211_hwsim hwsim25 wlan0: entered promiscuous mode
[  428.906222][T16691] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  428.924229][T16672] lowmem_reserve[]: 0 0 0 0 0
[  428.930644][T16672] Node 1 Normal free:3910092kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:13856kB local_pcp:11776kB free_cma:0kB
[  428.965176][T16672] lowmem_reserve[]: 0 0 0 0 0
[  428.970412][T16672] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  428.983202][T16672] Node 0 DMA32: 896*4kB (UM) 937*8kB (UME) 219*16kB (UME) 154*32kB (ME) 67*64kB (ME) 44*128kB (UME) 112*256kB (UM) 143*512kB (UME) 67*1024kB (UME) 10*2048kB (UME) 284*4096kB (UM) = 1383672kB
[  429.063645][T16672] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  429.123772][T16672] Node 1 Normal: 197*4kB (UME) 63*8kB (UME) 35*16kB (UME) 199*32kB (UME) 66*64kB (UME) 11*128kB (UME) 6*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 950*4096kB (ME) = 3910172kB
[  429.157920][T16672] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  429.193282][T16672] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  429.227335][T16672] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  429.248527][T16672] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  429.289006][T16672] 43453 total pagecache pages
[  429.294515][T16672] 0 pages in swap cache
[  429.343838][T16713] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  429.346456][T16672] Free swap  = 124996kB
[  429.361048][T16672] Total swap = 124996kB
[  429.374640][T16672] 2097051 pages RAM
[  429.392339][T16672] 0 pages HighMem/MovableOnly
[  429.412241][T16672] 424692 pages reserved
[  429.428316][T16672] 0 pages cma reserved
[  429.467670][T16718] netlink: 'syz.3.3615': attribute type 1 has an invalid length.
[  429.593620][T16722] netlink: 'syz.0.3619': attribute type 1 has an invalid length.
[  430.290977][T16757] __nla_validate_parse: 9 callbacks suppressed
[  430.290996][T16757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3631'.
[  430.376695][T16762] hsr0: entered promiscuous mode
[  430.395081][T16762] hsr0: left promiscuous mode
[  430.492737][T16767] netlink: 'syz.0.3636': attribute type 16 has an invalid length.
[  430.502944][T16767] netlink: 'syz.0.3636': attribute type 3 has an invalid length.
[  430.512027][T16767] netlink: 64066 bytes leftover after parsing attributes in process `syz.0.3636'.
[  431.192400][T16794] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  431.312041][T16796] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  431.347344][T16796] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  431.421004][T16802] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3650'.
[  431.549527][T16793] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3645'.
[  431.613371][T16814] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3653'.
[  431.632750][T16814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3653'.
[  431.674797][T16793] vlan0: entered promiscuous mode
[  431.740006][T16817] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3654'.
[  431.849321][T16823] openvswitch: netlink: IP tunnel dst address not specified
[  431.913335][T16823] netlink: 'syz.0.3656': attribute type 4 has an invalid length.
[  432.142753][T16840] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3660'.
[  432.218370][T16842] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  432.432935][T16847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3664'.
[  432.726827][T16864] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3673'.
[  432.803113][T16867] vlan2: entered promiscuous mode
[  433.102692][T16883] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  433.192687][T16890] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  433.431904][T16908] FAULT_INJECTION: forcing a failure.
[  433.431904][T16908] name failslab, interval 1, probability 0, space 0, times 0
[  433.480633][T16908] CPU: 1 UID: 0 PID: 16908 Comm: syz.4.3688 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  433.480660][T16908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  433.480671][T16908] Call Trace:
[  433.480679][T16908]  <TASK>
[  433.480686][T16908]  dump_stack_lvl+0x189/0x250
[  433.480716][T16908]  ? __pfx____ratelimit+0x10/0x10
[  433.480734][T16908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.480756][T16908]  ? __pfx__printk+0x10/0x10
[  433.480780][T16908]  ? __pfx___might_resched+0x10/0x10
[  433.480805][T16908]  should_fail_ex+0x414/0x560
[  433.480834][T16908]  should_failslab+0xa8/0x100
[  433.480853][T16908]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  433.480870][T16908]  ? __get_vm_area_node+0x13f/0x300
[  433.480889][T16908]  __get_vm_area_node+0x13f/0x300
[  433.480911][T16908]  __vmalloc_node_range_noprof+0x301/0x12f0
[  433.480928][T16908]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  433.480951][T16908]  ? is_bpf_text_address+0x26/0x2b0
[  433.480994][T16908]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  433.481011][T16908]  ? __might_fault+0xb0/0x130
[  433.481026][T16908]  ? __pfx_aa_get_newest_label+0x10/0x10
[  433.481045][T16908]  ? _parse_integer_limit+0x1ae/0x1f0
[  433.481072][T16908]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  433.481091][T16908]  __vmalloc_noprof+0xb1/0xf0
[  433.481106][T16908]  ? bpf_prog_alloc_no_stats+0x4a/0x4e0
[  433.481137][T16908]  bpf_prog_alloc_no_stats+0x4a/0x4e0
[  433.481161][T16908]  bpf_prog_alloc+0x3c/0x1a0
[  433.481184][T16908]  bpf_prog_load+0x735/0x1930
[  433.481217][T16908]  ? __pfx_bpf_prog_load+0x10/0x10
[  433.481258][T16908]  ? bpf_lsm_bpf+0x9/0x20
[  433.481270][T16908]  ? security_bpf+0x7e/0x300
[  433.481290][T16908]  __sys_bpf+0x5f1/0x860
[  433.481311][T16908]  ? __pfx___sys_bpf+0x10/0x10
[  433.481341][T16908]  ? ksys_write+0x22a/0x250
[  433.481359][T16908]  ? __pfx_ksys_write+0x10/0x10
[  433.481371][T16908]  ? rcu_is_watching+0x15/0xb0
[  433.481400][T16908]  __x64_sys_bpf+0x7c/0x90
[  433.481420][T16908]  do_syscall_64+0xfa/0x3b0
[  433.481437][T16908]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.481452][T16908]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.481468][T16908]  ? clear_bhb_loop+0x60/0xb0
[  433.481489][T16908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.481505][T16908] RIP: 0033:0x7f4c0cb8e929
[  433.481520][T16908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.481534][T16908] RSP: 002b:00007f4c0dac1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  433.481551][T16908] RAX: ffffffffffffffda RBX: 00007f4c0cdb5fa0 RCX: 00007f4c0cb8e929
[  433.481563][T16908] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[  433.481573][T16908] RBP: 00007f4c0dac1090 R08: 0000000000000000 R09: 0000000000000000
[  433.481584][T16908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.481594][T16908] R13: 0000000000000000 R14: 00007f4c0cdb5fa0 R15: 00007ffc727edd58
[  433.481622][T16908]  </TASK>
[  435.145018][T16973] batadv1: entered promiscuous mode
[  435.153938][T16973] batadv1: entered allmulticast mode
[  435.387186][T16981] __nla_validate_parse: 11 callbacks suppressed
[  435.387208][T16981] netlink: 188 bytes leftover after parsing attributes in process `syz.0.3717'.
[  435.506623][T16990] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3715'.
[  435.551501][T16993] netlink: 'syz.1.3720': attribute type 1 has an invalid length.
[  435.599791][T16993] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3720'.
[  435.665850][T16999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3723'.
[  435.808184][T17003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3725'.
[  435.842613][T17007] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3724'.
[  436.311082][T17023] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3733'.
[  436.538699][T17031] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  437.420403][T17069] netlink: 'syz.4.3754': attribute type 4 has an invalid length.
[  437.451924][T17071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3755'.
[  437.528532][T17071] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3755'.
[  437.628675][T17071] 0·: renamed from hsr0 (while UP)
[  437.653305][T17071] 0·: entered allmulticast mode
[  437.667650][T17071] hsr_slave_0: entered allmulticast mode
[  437.673336][T17071] hsr_slave_1: entered allmulticast mode
[  437.709177][T17071] A link change request failed with some changes committed already. Interface 
70· may have been left with an inconsistent configuration, please check.
[  437.742407][T17075] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.3757'.
[  437.945358][T17087] bond0: (slave batadv0): Releasing backup interface
[  437.987141][T17087] bridge_slave_0: left allmulticast mode
[  437.992854][T17087] bridge_slave_0: left promiscuous mode
[  438.002096][T17087] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.038724][T17087] bridge_slave_1: left allmulticast mode
[  438.044512][T17087] bridge_slave_1: left promiscuous mode
[  438.058754][T17087] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.076102][T17087] bond0: (slave bond_slave_0): Releasing backup interface
[  438.093675][T17087] bond0: (slave bond_slave_1): Releasing backup interface
[  438.163870][T17087] team0: Port device team_slave_0 removed
[  438.215481][T17087] team0: Port device team_slave_1 removed
[  438.245075][T17087] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  438.259950][T17087] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.272991][T17087] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  438.285417][T17087] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.531678][T17107] bridge0: port 1(vlan2) entered blocking state
[  438.538472][T17107] bridge0: port 1(vlan2) entered disabled state
[  438.546842][T17107] vlan2: entered allmulticast mode
[  438.555541][T17107] bond0: entered allmulticast mode
[  438.641762][T17111] netlink: 'syz.4.3767': attribute type 4 has an invalid length.
[  439.142725][T17132] netlink: 'syz.0.3776': attribute type 11 has an invalid length.
[  439.714506][T17168] netlink: 'syz.2.3786': attribute type 4 has an invalid length.
[  439.751783][T17168] veth1_macvtap: left promiscuous mode
[  439.800260][T17169] bridge1: entered promiscuous mode
[  439.805508][T17169] bridge1: entered allmulticast mode
[  439.832117][T17169] team0: Port device bridge1 added
[  440.050583][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.193399][T17185] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  440.223744][T17185] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  440.304036][T17191] 8021q: adding VLAN 0 to HW filter on device bond1
[  440.312657][T17191] team0: Port device bond1 added
[  440.333961][T17186] netlink: zone id is out of range
[  440.372104][T17186] netlink: zone id is out of range
[  440.382494][T17186] netlink: set zone limit has 4 unknown bytes
[  440.511800][T17197] IPVS: persistence engine module ip_vs_pe_ not found
[  440.551586][T17202] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  440.750049][T17208] syzkaller0: entered promiscuous mode
[  440.764736][T17208] syzkaller0: entered allmulticast mode
[  440.978570][T17220] sctp: [Deprecated]: syz.1.3804 (pid 17220) Use of struct sctp_assoc_value in delayed_ack socket option.
[  440.978570][T17220] Use struct sctp_sack_info instead
[  442.283338][T17220] __nla_validate_parse: 4 callbacks suppressed
[  442.283356][T17220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3804'.
[  442.566902][T17224] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3806'.
[  442.842424][T17236] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3809'.
[  443.364006][T17240] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3810'.
[  443.800104][    C0] vcan0: j1939_tp_rxtimer: 0xffff888034cd4400: rx timeout, send abort
[  443.808786][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888034cd4400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  444.428760][T17266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3817'.
[  444.666059][T17274] netlink: 'syz.2.3820': attribute type 1 has an invalid length.
[  444.680071][T17274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3820'.
[  444.749208][T17276] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3821'.
[  444.983063][T17284] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  445.342020][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057d47000: rx timeout, send abort
[  445.350347][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033d42800: rx timeout, send abort
[  445.358976][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057d47000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  445.373386][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888033d42800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  445.524970][T17303] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3832'.
[  445.575139][T17307] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3834'.
[  445.935299][T17322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3839'.
[  446.017469][T17323] netlink: 'syz.0.3839': attribute type 1 has an invalid length.
[  447.733236][T17322] vlan1: entered allmulticast mode
[  447.746829][T17322] veth0_vlan: entered allmulticast mode
[  448.117876][T17346] __nla_validate_parse: 2 callbacks suppressed
[  448.117896][T17346] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3847'.
[  448.163924][T17340] gre1: entered promiscuous mode
[  448.175224][T17340] gre1: entered allmulticast mode
[  448.252229][T17354] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3849'.
[  448.644865][T17366] vlan3: entered promiscuous mode
[  448.853887][T17379] FAULT_INJECTION: forcing a failure.
[  448.853887][T17379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.862633][T17364] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.874790][T17364] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.892563][T17379] CPU: 0 UID: 0 PID: 17379 Comm: syz.3.3860 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  448.892593][T17379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  448.892603][T17379] Call Trace:
[  448.892611][T17379]  <TASK>
[  448.892619][T17379]  dump_stack_lvl+0x189/0x250
[  448.892648][T17379]  ? __pfx____ratelimit+0x10/0x10
[  448.892667][T17379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.892691][T17379]  ? __pfx__printk+0x10/0x10
[  448.892710][T17379]  ? __might_fault+0xb0/0x130
[  448.892738][T17379]  should_fail_ex+0x414/0x560
[  448.892765][T17379]  _copy_from_iter+0x1db/0x16f0
[  448.892799][T17379]  ? __pfx__copy_from_iter+0x10/0x10
[  448.892832][T17379]  ? packet_cached_dev_get+0x1c/0x2b0
[  448.892849][T17379]  ? packet_cached_dev_get+0x1c/0x2b0
[  448.892873][T17379]  packet_sendmsg+0x333c/0x53f0
[  448.892908][T17379]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  448.892946][T17379]  ? __pfx___might_resched+0x10/0x10
[  448.892967][T17379]  ? __lock_acquire+0xab9/0xd20
[  448.893003][T17379]  ? __pfx_packet_sendmsg+0x10/0x10
[  448.893022][T17379]  ? aa_sk_perm+0x81e/0x950
[  448.893045][T17379]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  448.893071][T17379]  ? aa_sock_msg_perm+0x94/0x160
[  448.893093][T17379]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  448.893112][T17379]  ? __pfx_packet_sendmsg+0x10/0x10
[  448.893133][T17379]  __sock_sendmsg+0x21c/0x270
[  448.893157][T17379]  ____sys_sendmsg+0x505/0x830
[  448.893185][T17379]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.893217][T17379]  ? import_iovec+0x74/0xa0
[  448.893238][T17379]  ___sys_sendmsg+0x21f/0x2a0
[  448.893262][T17379]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.893320][T17379]  ? __fget_files+0x2a/0x420
[  448.893338][T17379]  ? __fget_files+0x3a0/0x420
[  448.893366][T17379]  __x64_sys_sendmsg+0x19b/0x260
[  448.893391][T17379]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  448.893423][T17379]  ? __pfx_ksys_write+0x10/0x10
[  448.893437][T17379]  ? rcu_is_watching+0x15/0xb0
[  448.893464][T17379]  ? do_syscall_64+0xbe/0x3b0
[  448.893486][T17379]  do_syscall_64+0xfa/0x3b0
[  448.893502][T17379]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.893519][T17379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.893535][T17379]  ? clear_bhb_loop+0x60/0xb0
[  448.893555][T17379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.893570][T17379] RIP: 0033:0x7fdc8698e929
[  448.893586][T17379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.893599][T17379] RSP: 002b:00007fdc8773c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.893618][T17379] RAX: ffffffffffffffda RBX: 00007fdc86bb5fa0 RCX: 00007fdc8698e929
[  448.893631][T17379] RDX: 0000000000000001 RSI: 0000200000002ac0 RDI: 0000000000000003
[  448.893643][T17379] RBP: 00007fdc8773c090 R08: 0000000000000000 R09: 0000000000000000
[  448.893654][T17379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.893666][T17379] R13: 0000000000000000 R14: 00007fdc86bb5fa0 R15: 00007fff74fa0f48
[  448.893694][T17379]  </TASK>
[  448.911558][T17381] IPv6: addrconf: prefix option has invalid lifetime
[  449.260739][T17388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3862'.
[  449.314221][T17364] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.358644][T17364] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  449.479233][T17364] mac80211_hwsim hwsim29 wlan0: left promiscuous mode
[  449.497239][T17364] bridge1: left promiscuous mode
[  449.502217][T17364] bridge1: left allmulticast mode
[  449.512228][T17364] gre1: left promiscuous mode
[  449.517006][T17364] gre1: left allmulticast mode
[  449.545825][T17392] netlink: 'syz.0.3863': attribute type 1 has an invalid length.
[  449.561433][T17392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3863'.
[  449.611701][ T3944] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  449.631131][ T3944] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  449.663630][ T3944] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  449.687959][ T3944] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  449.771159][T17402] netlink: 'syz.1.3864': attribute type 1 has an invalid length.
[  449.779460][T17402] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3864'.
[  450.698745][T17431] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3879'.
[  450.733077][T17431] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3879'.
[  451.069201][T17444] netlink: 'syz.0.3883': attribute type 1 has an invalid length.
[  451.129552][T17444] 8021q: adding VLAN 0 to HW filter on device bond2
[  451.273492][T17446] bond2: (slave veth3): Enslaving as an active interface with a down link
[  451.370875][T17444] vlan2: entered allmulticast mode
[  451.386526][T17444] bond2: entered allmulticast mode
[  451.397440][T17444] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  451.831434][T17476] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3891'.
[  451.945322][T17475] vlan2: entered promiscuous mode
[  451.950979][T17475] syz_tun: entered promiscuous mode
[  451.996560][T17477] hsr0: entered promiscuous mode
[  452.005269][T17477] hsr0: left promiscuous mode
[  452.302662][T17496] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3901'.
[  452.373946][T17506] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[  452.403391][T17505] netlink: 'syz.3.3905': attribute type 4 has an invalid length.
[  452.433515][T17505] veth1_macvtap: left promiscuous mode
[  452.499830][T17511] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3908'.
[  452.520058][T17511] netlink: 'syz.0.3908': attribute type 13 has an invalid length.
[  452.653750][T17511] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.662340][T17511] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.804075][T17511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  452.819781][T17511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  452.927055][ T3944] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  452.963975][ T3944] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  452.993498][ T3944] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  453.017818][ T3944] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  453.040788][ T3944] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  453.055932][ T3944] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  453.076492][ T3944] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  453.093971][ T3944] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  453.189431][T17539] __nla_validate_parse: 1 callbacks suppressed
[  453.189450][T17539] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3916'.
[  453.361246][T17548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3917'.
[  453.392200][T17549] netlink: 'syz.2.3920': attribute type 10 has an invalid length.
[  453.554156][T17549] team0: Device ipvlan1 failed to register rx_handler
[  454.446715][T17577] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3931'.
[  454.513067][T17585] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3934'.
[  454.559640][T17582] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3930'.
[  454.707724][T17577] syzkaller0: entered promiscuous mode
[  454.716567][T17577] syzkaller0: entered allmulticast mode
[  454.948001][T17600] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3939'.
[  456.741260][T17618] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3945'.
[  456.838673][T17623] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3947'.
[  457.092296][T17631] mac80211_hwsim hwsim23 wlan0: entered promiscuous mode
[  457.101473][T17631] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  457.412556][T17640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3953'.
[  457.466020][T17644] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3953'.
[  458.000873][T17663] sch_tbf: burst 1 is lower than device ip6tnl0 mtu (1452) !
[  458.050315][   T30] audit: type=1107 audit(1750520273.891:2): pid=17662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1'
[  458.246854][T17677] netlink: 'syz.3.3967': attribute type 4 has an invalid length.
[  458.273170][T17671] 8021q: adding VLAN 0 to HW filter on device bond2
[  458.289665][T17681] __nla_validate_parse: 2 callbacks suppressed
[  458.289684][T17681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3963'.
[  458.292443][T17671] team0: Port device bond2 added
[  458.295878][T17681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3963'.
[  458.768245][T17698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3974'.
[  458.896106][T17694] netlink: 'syz.3.3973': attribute type 303 has an invalid length.
[  458.948124][T17701] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3973'.
[  459.125389][T17710] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3980'.
[  459.265433][T17725] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3985'.
[  459.280583][T17728] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3986'.
[  459.393802][T17732] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3988'.
[  459.515414][T17736] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3990'.
[  459.539316][T17736] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3990'.
[  459.900141][T17755] 8021q: adding VLAN 0 to HW filter on device bond1
[  459.943299][T17755] team0: Port device bond1 added
[  460.032457][T17759] bridge3: entered allmulticast mode
[  460.252731][T17773] syzkaller1: entered promiscuous mode
[  460.271475][T17773] syzkaller1: entered allmulticast mode
[  565.956298][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  565.963301][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P17743/1:b..l
[  565.971673][    C1] rcu: 	(detected by 1, t=10506 jiffies, g=74961, q=228 ncpus=2)
[  565.979391][    C1] task:syz.3.3992      state:R  running task     stack:24224 pid:17743 tgid:17739 ppid:15614  task_flags:0x40054c flags:0x00004002
[  565.993510][    C1] Call Trace:
[  565.996795][    C1]  <TASK>
[  565.999728][    C1]  __schedule+0x16f5/0x4d00
[  566.004237][    C1]  ? __lock_acquire+0xab9/0xd20
[  566.009105][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  566.014413][    C1]  ? __pfx___schedule+0x10/0x10
[  566.019299][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  566.024607][    C1]  ? is_bpf_text_address+0x26/0x2b0
[  566.029816][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  566.035106][    C1]  preempt_schedule_irq+0xb5/0x150
[  566.040240][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  566.045994][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  566.051805][    C1]  irqentry_exit+0x6f/0x90
[  566.056215][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  566.062190][    C1] RIP: 0010:unwind_next_frame+0x12f6/0x2390
[  566.068083][    C1] Code: 43 06 00 00 49 89 d5 48 89 d5 48 89 d8 48 29 e8 48 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 <49> 01 ef 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6
[  566.087690][    C1] RSP: 0018:ffffc90010596d78 EFLAGS: 00000202
[  566.093756][    C1] RAX: 0000000000000008 RBX: ffffffff8fbe40dc RCX: 0000000000000008
[  566.101722][    C1] RDX: ffffffff8fbe40bc RSI: ffffffff903e57d6 RDI: ffffffff8be28b20
[  566.109697][    C1] RBP: ffffffff8fbe40bc R08: 0000000000000009 R09: ffffffff81729af5
[  566.117757][    C1] R10: ffffc90010596e98 R11: ffffffff81acf690 R12: ffffffff822d29d0
[  566.125727][    C1] R13: ffffffff8fbe40bc R14: ffffc90010596e48 R15: 0000000000000010
[  566.133697][    C1]  ? __reset_page_owner+0x70/0x1f0
[  566.138806][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  566.144968][    C1]  ? unwind_next_frame+0xa5/0x2390
[  566.150119][    C1]  ? unwind_next_frame+0xd4/0x2390
[  566.155241][    C1]  ? unwind_next_frame+0xa5/0x2390
[  566.160361][    C1]  ? __reset_page_owner+0x71/0x1f0
[  566.165478][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  566.171638][    C1]  arch_stack_walk+0x11c/0x150
[  566.176428][    C1]  ? __reset_page_owner+0x71/0x1f0
[  566.181559][    C1]  stack_trace_save+0x9c/0xe0
[  566.186241][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  566.191619][    C1]  save_stack+0xf5/0x1f0
[  566.195857][    C1]  ? __pfx_save_stack+0x10/0x10
[  566.200714][    C1]  ? page_ext_put+0x97/0xc0
[  566.205223][    C1]  __reset_page_owner+0x71/0x1f0
[  566.210173][    C1]  free_unref_folios+0xc66/0x14d0
[  566.215228][    C1]  folios_put_refs+0x559/0x640
[  566.220005][    C1]  ? __pfx_folios_put_refs+0x10/0x10
[  566.225299][    C1]  ? folio_batch_remove_exceptionals+0x18c/0x1f0
[  566.231634][    C1]  shmem_undo_range+0x49e/0x14b0
[  566.236594][    C1]  ? __pfx_shmem_undo_range+0x10/0x10
[  566.242001][    C1]  ? __lock_acquire+0xab9/0xd20
[  566.246905][    C1]  ? percpu_counter_add_batch+0xea/0x1e0
[  566.252561][    C1]  shmem_evict_inode+0x272/0xa70
[  566.257527][    C1]  ? inode_wait_for_writeback+0xf9/0x290
[  566.263174][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  566.268636][    C1]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  566.274713][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  566.279912][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  566.285366][    C1]  evict+0x501/0x9c0
[  566.289272][    C1]  ? __pfx_evict+0x10/0x10
[  566.293687][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  566.298887][    C1]  ? _raw_spin_unlock+0x28/0x50
[  566.303735][    C1]  ? iput+0x6d8/0x9d0
[  566.307724][    C1]  __dentry_kill+0x209/0x660
[  566.312317][    C1]  ? dput+0x37/0x2b0
[  566.316212][    C1]  dput+0x19f/0x2b0
[  566.320020][    C1]  __fput+0x68e/0xa70
[  566.324016][    C1]  task_work_run+0x1d1/0x260
[  566.328605][    C1]  ? __pfx_task_work_run+0x10/0x10
[  566.333735][    C1]  do_exit+0x6ad/0x22e0
[  566.337921][    C1]  ? do_raw_spin_lock+0x121/0x290
[  566.342955][    C1]  ? __pfx_do_exit+0x10/0x10
[  566.347575][    C1]  do_group_exit+0x21c/0x2d0
[  566.352167][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.357367][    C1]  get_signal+0x1286/0x1340
[  566.361894][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  566.367445][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  566.373610][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  566.379071][    C1]  exit_to_user_mode_loop+0x75/0x110
[  566.384354][    C1]  do_syscall_64+0x2bd/0x3b0
[  566.388937][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.394131][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.400190][    C1]  ? clear_bhb_loop+0x60/0xb0
[  566.404873][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  566.410760][    C1] RIP: 0033:0x7fdc8698e929
[  566.415171][    C1] RSP: 002b:00007fdc8771b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  566.423586][    C1] RAX: 0000000000005cef RBX: 00007fdc86bb6080 RCX: 00007fdc8698e929
[  566.431560][    C1] RDX: 03ffffffffffff67 RSI: 0000200000002440 RDI: 0000000000000006
[  566.439547][    C1] RBP: 00007fdc86a10b39 R08: 0000000000000000 R09: 0000000000000000
[  566.447533][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  566.455546][    C1] R13: 0000000000000000 R14: 00007fdc86bb6080 R15: 00007fff74fa0f48
[  566.463544][    C1]  </TASK>
[  566.466562][    C1] rcu: rcu_preempt kthread starved for 10504 jiffies! g74961 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  566.477753][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  566.487712][    C1] rcu: RCU grace-period kthread stack dump:
[  566.493587][    C1] task:rcu_preempt     state:R  running task     stack:26824 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  566.507061][    C1] Call Trace:
[  566.510331][    C1]  <TASK>
[  566.513258][    C1]  __schedule+0x16f5/0x4d00
[  566.517775][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  566.522975][    C1]  ? schedule+0x165/0x360
[  566.527306][    C1]  ? __lock_acquire+0xab9/0xd20
[  566.532155][    C1]  ? __pfx___schedule+0x10/0x10
[  566.537016][    C1]  ? schedule+0x91/0x360
[  566.541260][    C1]  schedule+0x165/0x360
[  566.545419][    C1]  schedule_timeout+0x12b/0x270
[  566.550265][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  566.555634][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  566.561523][    C1]  ? __pfx_process_timeout+0x10/0x10
[  566.566808][    C1]  ? prepare_to_swait_event+0x341/0x380
[  566.572356][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  566.577217][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.582403][    C1]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[  566.588296][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  566.593575][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  566.598778][    C1]  ? finish_swait+0xcd/0x1f0
[  566.603373][    C1]  rcu_gp_kthread+0x99/0x390
[  566.607969][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  566.613165][    C1]  ? __kthread_parkme+0x7b/0x200
[  566.618097][    C1]  ? __kthread_parkme+0x1a1/0x200
[  566.623132][    C1]  kthread+0x70e/0x8a0
[  566.627200][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  566.632393][    C1]  ? __pfx_kthread+0x10/0x10
[  566.636980][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  566.642179][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.647365][    C1]  ? __pfx_kthread+0x10/0x10
[  566.651963][    C1]  ret_from_fork+0x3f9/0x770
[  566.656556][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  566.661674][    C1]  ? __switch_to_asm+0x39/0x70
[  566.666433][    C1]  ? __switch_to_asm+0x33/0x70
[  566.671188][    C1]  ? __pfx_kthread+0x10/0x10
[  566.675773][    C1]  ret_from_fork_asm+0x1a/0x30
[  566.680546][    C1]  </TASK>
[  566.683556][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  566.689874][    C1] CPU: 1 UID: 0 PID: 17792 Comm: syz.2.4009 Not tainted 6.16.0-rc2-syzkaller-00592-g0289c51f889e #0 PREEMPT(full) 
[  566.701962][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  566.712005][    C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0
[  566.718681][    C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 70 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 1b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 00 74 0b
[  566.738274][    C1] RSP: 0018:ffffc900106474a0 EFLAGS: 00000293
[  566.744337][    C1] RAX: ffffffff81b4e850 RBX: ffff8880b873b1c0 RCX: ffff888055705a00
[  566.752300][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  566.760272][    C1] RBP: ffffc90010647600 R08: ffffffff8fa11ff7 R09: 1ffffffff1f423fe
[  566.768235][    C1] R10: dffffc0000000000 R11: fffffbfff1f423ff R12: 1ffff110170c8385
[  566.776202][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641c28
[  566.784173][    C1] FS:  0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[  566.793115][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  566.799691][    C1] CR2: 00007f4c0cb743e0 CR3: 0000000074a90000 CR4: 00000000003526f0
[  566.807659][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  566.815621][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  566.823581][    C1] Call Trace:
[  566.826854][    C1]  <TASK>
[  566.829792][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  566.836124][    C1]  ? free_pgd_range+0x144b/0x14c0
[  566.841157][    C1]  ? rcu_is_watching+0x15/0xb0
[  566.845924][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[  566.851639][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[  566.856752][    C1]  flush_tlb_mm_range+0x6b1/0x12c0
[  566.861870][    C1]  ? free_pgtables+0xa12/0xaf0
[  566.866633][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  566.872175][    C1]  ? __pfx_free_pgtables+0x10/0x10
[  566.877283][    C1]  tlb_flush_mmu+0x1a7/0x680
[  566.881871][    C1]  ? __pfx_down_write+0x10/0x10
[  566.886722][    C1]  tlb_finish_mmu+0xc3/0x1d0
[  566.891334][    C1]  exit_mmap+0x44c/0xb50
[  566.895567][    C1]  ? uprobe_clear_state+0x20f/0x290
[  566.900761][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  566.905516][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  566.911154][    C1]  ? __pfx_exit_aio+0x10/0x10
[  566.915838][    C1]  ? uprobe_clear_state+0x274/0x290
[  566.921040][    C1]  __mmput+0x118/0x420
[  566.925115][    C1]  exit_mm+0x1da/0x2c0
[  566.929181][    C1]  ? __pfx_exit_mm+0x10/0x10
[  566.933770][    C1]  ? rcu_is_watching+0x15/0xb0
[  566.938536][    C1]  do_exit+0x640/0x22e0
[  566.942691][    C1]  ? do_raw_spin_lock+0x121/0x290
[  566.947715][    C1]  ? __pfx_do_exit+0x10/0x10
[  566.952313][    C1]  do_group_exit+0x21c/0x2d0
[  566.956899][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.962095][    C1]  get_signal+0x1286/0x1340
[  566.966615][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  566.972165][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  566.978340][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  566.983827][    C1]  exit_to_user_mode_loop+0x75/0x110
[  566.989122][    C1]  do_syscall_64+0x2bd/0x3b0
[  566.993708][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  566.998898][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.004953][    C1]  ? clear_bhb_loop+0x60/0xb0
[  567.009625][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.015509][    C1] RIP: 0033:0x7f0c6f38e929
[  567.019916][    C1] Code: Unable to access opcode bytes at 0x7f0c6f38e8ff.
[  567.026918][    C1] RSP: 002b:00007f0c7026d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  567.035326][    C1] RAX: fffffffffffffe00 RBX: 00007f0c6f5b5fa8 RCX: 00007f0c6f38e929
[  567.043293][    C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0c6f5b5fa8
[  567.051257][    C1] RBP: 00007f0c6f5b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  567.059218][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c6f5b5fac
[  567.067190][    C1] R13: 0000000000000000 R14: 00007ffd7cf121a0 R15: 00007ffd7cf12288
[  567.075172][    C1]  </TASK>