last executing test programs:

3m0.982953643s ago: executing program 2 (id=3039):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
syz_emit_ethernet(0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="0580c20000000180c20049f243aa6e320000080045000060ff000000002f905f000000000000000024806558000000001000080010000002000086dd0006ffff080088be00000000feb100000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={@mcast2, @private1, @loopback, 0x1, 0x2, 0xc, 0xd00, 0xe, 0xc80032, r1})
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)=0x10000000)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000800000000000000000000000000950000000000100056204e09f30d2b0be1c22e7ad9c1270bc6e613f32d9d5025c8f2032a02146f13eb3ce91615cff6e20bfd6815d7e5a5ab51f54b1bc41345cae09e997c85194fbc498db7549177d16f5d030e1f60e98d79f6b4ed71a80d74851adfa1c2722d300344ade753f11128454ed80ea8cd2132eb5ba7ff8572ff2cc946c45b61e4502e1c6495bf1083ac951c161cf7209ee8873e1c37c6ce271c0141f246b044d1e99ec30397814f171af798e689a4d98c4d76b18327a53369662cc1349e332aac21f25b18677871d1bb6a694890aac74d477036819bd5245b04532f176cfd1128dbe2e60c"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r4}, 0x18)
r5 = openat$cgroup_type(r3, &(0x7f0000000280), 0x2, 0x0)
read(r5, 0x0, 0x0)

3m0.863248956s ago: executing program 2 (id=3041):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb0100180000000000fdff2b000000044dec7c0ad4fd71745b32ca40042c00000002000000000000000000000b00000000000000000100000d00b0f5c9ad6f3ef7e00000000000000000000009030000000000a813127850969b8797fd05fc7337975c463d655413c60c2f1ab0efc0f50f58db4aa3dd417fea6c913b067df1811482ecaa7fa79f355eda4157d380d331e856b30189c5a9edd171a72a711f11c541f80ddf0f02658d099f75c01cfe76d9b64b81ce8627497d2ffafe102691d8c7a3247910253840a3308e237e21ce522bf3947a920d13"], &(0x7f0000001b80)=""/4090, 0x46, 0xffa, 0xa}, 0x20)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000200)={r4, 0x1, 0x6, @multicast}, 0x10)
shutdown(r0, 0x1)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@getchain={0x6c, 0x66, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x9, 0xa}, {0xc}, {0x5, 0xe}}, [{0x8, 0xb, 0x6}, {0x8, 0xb, 0x200}, {0x8, 0xb, 0x4}, {0x8}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x6}, {0x8}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xe9}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000893}, 0x0)
r13 = socket$inet6_sctp(0xa, 0x5, 0x84)
r14 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r15 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r3, @ANYRESHEX=r1, @ANYRESDEC, @ANYRESDEC, @ANYRES32=r8, @ANYRESHEX=r10, @ANYRES16=r7, @ANYRES16=r12], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x7fffffff, r15}, 0x38)
bind$bt_hci(r14, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4)
write$bt_hci(r14, &(0x7f0000000000)=ANY=[], 0xa)
setsockopt(r13, 0x84, 0x14, &(0x7f00000002c0)="1a00000002000000", 0x8)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

2m58.916310028s ago: executing program 2 (id=3052):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00005be4bd8000", @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf2509000000050007000700000008000100010000000500080012000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)

2m58.798013746s ago: executing program 2 (id=3054):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000000107010200000000000001000500000514000783080001400000ec5e080002400000007fec1dda874d70a8b6cdc133279c37f6da8a70dd07bb1f1553d1f1e5c40c3a9089bec0537c8de966d1b6017bf24573a30ec702568430c4d87f2bfd6bbf2eaf8940fa8963f813bd762f5318784b1feec2ce67a8557bc6dd7df18437defbc3e25b00a2b513851b6c7d509c114a7cd9cd3656ba33e031812c800ccfd7a35e507c7705008be2ea2a6f35446182b31f3176d814a3c9f99bfaac6425159dc45b2d239928fb53047a78072c5a"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x200080c4)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071123d00000000009500030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$rxrpc(0x21, 0x2, 0xa)
poll(0x0, 0x0, 0x7)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r2, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)}], 0x1}}, {{&(0x7f0000000b80)={0xa, 0x4e20, 0x0, @empty, 0x9}, 0x1c, &(0x7f0000000d40)=[{&(0x7f0000000bc0)="dad0dd2d6709a2d9f349f2a8ce25a15143178bc10cf0299b673a05d16156a61abd03b046af4b646bd81376e0587afe4989a8834221fe6f2bf982fc28126e9e18c8ee9f0e97d6d3141b6971a4ff5c6aaea809f1f08019fad897c5ba993c5c2822eb9f36a942d4c89d612f57f532ed6d1ad14e1509e06c40511c1b1e1833bbf6328ded26659fc54dbbf2dbc4d888116a19a46339", 0x93}, {0x0}], 0x2, &(0x7f0000000d80)=[@hopopts_2292={{0xb8, 0x29, 0x36, {0x32, 0x13, '\x00', [@calipso={0x7, 0x50, {0x3, 0x12, 0x1, 0x0, [0x100, 0x613a, 0x3, 0xfffffffffffff801, 0x2eb761c0, 0x8, 0xffffffff80000001, 0x4, 0x14]}}, @jumbo={0xc2, 0x4, 0x2}, @calipso={0x7, 0x28, {0x0, 0x8, 0xf7, 0x47c, [0x5, 0xae5, 0x4, 0xed7a]}}, @ra={0x5, 0x2, 0x100}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @ra={0x5, 0x2, 0x2}]}}}, @hopopts={{0x60, 0x29, 0x36, {0x3a, 0x8, '\x00', [@generic={0x1, 0x3a, "6474d3651736c92deb3523a9b856250505c9d5d97fcbeb6e75224e3507b37acde862483d8ab4ebf4cb515a8fc25f126267ddafb6c8e9cf28c546"}, @pad1, @pad1]}}}, @hopopts={{0x100, 0x29, 0x36, {0x3c, 0x1c, '\x00', [@ra={0x5, 0x2, 0x6}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x9, 0xac, "8546635a8b7d9247514ac009e58bd3dab259c762e9a4271fb320e2cefb0c836913d4661de0e45bab206127d0421761531eef9a46bf95dac18d23b3092da3505e601a68765564541a101200de00aef196432180e5739e77a55daec8a33976bd02229d80fe4e8485dbb23b412ee986a9d7bf8aa13d187dba55ac9b4f8e953e7d1868c32a1a3328c195748ee0fb4c8b52b2e6f50409147a3f974a1c18a693475d86c4bd15f5106e997160744da4"}, @ra={0x5, 0x2, 0x4}, @calipso={0x7, 0x20, {0x1, 0x6, 0x3, 0xfffc, [0x8, 0x7fffffffffffffff, 0x2]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @rthdr_2292={{0xa8, 0x29, 0x39, {0x3c, 0x12, 0x1, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @loopback}, @local, @dev={0xfe, 0x80, '\x00', 0x39}]}}}, @hopopts_2292={{0x40, 0x29, 0x36, {0x16, 0x4, '\x00', [@calipso={0x7, 0x18, {0x0, 0x4, 0x1, 0x1, [0x2, 0x3]}}, @pad1, @jumbo={0xc2, 0x4, 0x6}]}}}, @hopopts_2292={{0xc0, 0x29, 0x36, {0x33, 0x14, '\x00', [@hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x41}}, @generic={0x7f, 0x80, "a5acb86f57a880ffcd222e5ceb945be7751bfafa93041a5937ad2da2b6b93b6c00347888efa388b20e3e8fcf2c56ed25313bb7686485db533292a75744b154697cd77dee38d18a3c9c1f28cd60908f09d9807361a4cce6e15348fd979812177dc30e65157694e5af74006100886a101c5526e8fcd0863d307e8ef0df2cc42c63"}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}}}], 0x3c0}}], 0x2, 0x4040005)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0d1}, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r1, 0x1ad72f7)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000580)={{0x2, 0x4e22, @broadcast}, {0x6, @remote}, 0x18, {0x2, 0x4e24, @remote}, 'macsec0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000061000000b70000004000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48)
accept4$netrom(r1, 0x0, 0x0, 0x80000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000000705000008004ef02d3501000000000095000000000000006916000000000000bf67000000000000350605000fff07206706000004000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9d0cc7d3b4814261bdb94a050000a28a404be266df76965947c73c00c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e567238809000000000000000ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a5573336004088000000000000000fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca8710d5c617df01f82a73f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c631012175d5d474bef818bdf8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000004000bc16b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35da9fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a519007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d37"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x37de6c8a68769c38}, 0x48)

2m57.539232681s ago: executing program 2 (id=3063):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r3=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000003c0)={r3, 0x4, 0x6, 0xffffffc0}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000002100210100000000000000000a00000000000001000000000c001800", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="104dcd7af824c02aa5fdb902ec3193f73b786fc29bc5df906100c964fb23edcc4514e66054d3e5aa228b35253395f06ef786738cfcb89918308df2e5faf812e2738a37ddca47549b413fd4838fb02d60f0653169a378d64e1c031145fbd961f129adda2dfa8e7b62086736fe4ab7a5527eb2d7007594117176fccfb8bbeaab8542286f51d340b7ca322637c5de10e97c858c16c0dbc804091fe022e8a9cf572dedd054acd911767dc8ecc1d0d22c6801900e75d5230e538d03435057a994989366409a4db7f400df140d07477ad5933f27893c580143a82d4adc50ed54c4341a16d9ee"], 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000000000000000040000008510000003000000180000000000000000000000000000009500000000000000bfa000000000000095"], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r4, 0x0, 0x1, &(0x7f0000000000)=0x3, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r5, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x130, r7, 0x1, 0x70bd27, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x9, 0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x5}}, {0x8, 0x9, 0x7}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x8}}]}, 0x130}, 0x1, 0x0, 0x0, 0x20008050}, 0x440c1)

2m56.753438148s ago: executing program 2 (id=3067):
socket$packet(0x11, 0x2, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2000007, 0x12, r0, 0x12574000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r4, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r4], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)
r6 = socket(0x10, 0x3, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@deltclass={0x0, 0x29, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x4, 0x2}, {0x10, 0x5}, {0xffff, 0xa}}, [@TCA_RATE={0x0, 0x5, {0x8, 0x6}}, @TCA_RATE={0x0, 0x5, {0x9, 0xf}}, @TCA_RATE={0x0, 0x5, {0xd}}, @TCA_RATE={0x0, 0x5, {0x7, 0x1}}, @TCA_RATE={0x0, 0x5, {0x4, 0x5}}, @TCA_RATE={0x0, 0x5, {0x7, 0xf1}}]}, 0x6c}}, 0x800)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0xfffffffffffffdbb, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000000002000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1807000000000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="00000f0400000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r9}, 0x18)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0x1}}}, 0x24}}, 0x10)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r10, 0x0)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004d18110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r13, 0x2000300, 0xe, 0x0, &(0x7f0000000180)="74fa40b249c0d585699ce70fac7b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m41.609941053s ago: executing program 32 (id=3067):
socket$packet(0x11, 0x2, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2000007, 0x12, r0, 0x12574000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000400)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r4, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r4], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)
r6 = socket(0x10, 0x3, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@deltclass={0x0, 0x29, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x4, 0x2}, {0x10, 0x5}, {0xffff, 0xa}}, [@TCA_RATE={0x0, 0x5, {0x8, 0x6}}, @TCA_RATE={0x0, 0x5, {0x9, 0xf}}, @TCA_RATE={0x0, 0x5, {0xd}}, @TCA_RATE={0x0, 0x5, {0x7, 0x1}}, @TCA_RATE={0x0, 0x5, {0x4, 0x5}}, @TCA_RATE={0x0, 0x5, {0x7, 0xf1}}]}, 0x6c}}, 0x800)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0xfffffffffffffdbb, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000000002000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1807000000000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="00000f0400000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r9}, 0x18)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0x1}}}, 0x24}}, 0x10)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r10, 0x0)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000060000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004d18110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r13, 0x2000300, 0xe, 0x0, &(0x7f0000000180)="74fa40b249c0d585699ce70fac7b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.890992121s ago: executing program 3 (id=4305):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffbc, 0x10}, [@ldst={0x7, 0xff05, 0x0, 0x0, 0xa}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)
close(r0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x20, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x68, r4, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xf}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x844}, 0x20000000)

3.80097852s ago: executing program 3 (id=4307):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff00008200"], 0x0, 0x4, 0xfa, &(0x7f00000007c0)=""/250}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0x14, 0x30, 0x25}, 0x14}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x5, 0x6, 0x8, 0x8, 0x0, 0x2, 0x0, 0x8}, &(0x7f0000000180)={0x9, 0x2, 0x7fff, 0x22c, 0x5, 0x0, 0xa9e, 0x7}, &(0x7f00000001c0)={0x7fffffff, 0x9, 0x81, 0xa1, 0x3, 0xff, 0x1, 0xffff}, &(0x7f0000000200)={0x77359400}, &(0x7f00000004c0)={&(0x7f0000000240)={[0xc6]}, 0x8})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe8000000000"], 0xfdef)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001e80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f00000000c0)={0x0, 0xe1}, 0x8)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="050000000000080000000001fcffff00", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x5, 0x3, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "9dfc47318ccc3455"}}, 0x48}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274000000ff5b3b87675a"], 0x4c}}, 0x2)
r7 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c000280080001"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200), 0xffffffc1)
r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r9, 0x10c, 0x0, &(0x7f0000000100), &(0x7f0000000140)=0x4)

2.02631736s ago: executing program 5 (id=4321):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
socket$rds(0x15, 0x5, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
getsockopt(r0, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, 0x0)

1.878732571s ago: executing program 5 (id=4322):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x2, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0x4}, {0x6, 0x60}]})
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000340)=0x3)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000008c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xc}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x44}}, 0x0)
write$ppp(r0, &(0x7f0000000200)="3fa30c", 0x3)

1.592173595s ago: executing program 0 (id=4324):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @empty=0xe0000001}, {0x1, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x5, 0x12a}}}}}}, 0x0)

1.522699425s ago: executing program 3 (id=4325):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe00}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r2, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180080001"], 0x8c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), r4)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000001080)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, @in6={0xa, 0x4e21, 0x4, @local, 0x7}, @in6={0xa, 0x4e21, 0xfffffffb, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7f}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}], 0x58)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000080ff0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000077000000bca90000000000003509020000d44affe5000d0000000000b702000000000000739af0ff00000000c509040004100000c3aaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007060000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x13}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000380)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000005c0)={'wpan0\x00'})
r9 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r9, 0x0, 0xc8, &(0x7f0000000180), 0x4)
setsockopt$MRT_ADD_MFC_PROXY(r9, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "0d5011f02b7fab96e0aa834d3a9e7cfc12178ac0ab1e6227c2b6ddaa5effda90", 0x5, 0x16, 0xfffffffe, 0x1}, 0x3c)
r10 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r10, 0x400448c9, &(0x7f0000000140)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x7})
r11 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r11, 0x0, 0xd2, &(0x7f0000000000)={@broadcast, @dev={0xac, 0x14, 0x14, 0x2f}, 0x0, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85ee73daab4158e8", 0x2, 0x6, 0x4, 0x4}, 0x3c)
setsockopt$MRT_FLUSH(r11, 0x0, 0xd4, &(0x7f0000000100)=0xe, 0x4)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010025bd7000fbeddf250700000008002a00070100005cae942c4b3e66605ed0e5c5039fb9f3fd2207b3e2be3317d5c1854dd91ba6289914c1e2b9834e9040b6a0b44be1fd770b668576db786c33eba9f9cf3c23c376733f467638c594bf6daab5a60f0fb6daf14aed0faebb116f94278e1b9adc9aa1d043f2fa0d4f3c4d70c76cd0db8de48da5eb94a2dfdd0f92b9d359418b5265e15989af703e94db43730b59d945795c252c56408ddf905b8bdb2d3ef919959a79a4a8d80aebf4f2d351e9710dfdfad3af6ea1b23a82565fd909ea5304f9191a14ce571de089fe4b3c21da79074050a569cbc5bea4d58a5527aa85513635bd3ab07e087339d82d922be830e878e852c92f9b6fc939801aa1894b3360"], 0x1c}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000)
r12 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r3)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000ac0)={@ifindex, 0xffffffffffffffff, 0x31, 0x11}, 0x20)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b00171b"], 0x58}}, 0x0)

1.395429891s ago: executing program 0 (id=4328):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x10, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@jmp={0x5, 0x1, 0x1, 0xa, 0xa}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0xd}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000080)={r3, 0x1, 0x10, 0xfff, 0x55b}, &(0x7f00000000c0)=0x18)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', <r4=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x58, 0x58, 0x9, [@float={0x7, 0x0, 0x0, 0x10, 0x4}, @func_proto={0x0, 0x8, 0x0, 0xd, 0x0, [{0x1, 0x5}, {0x2, 0x3}, {0x3, 0x3}, {0x2, 0x5}, {0x1, 0x3}, {0x2, 0x5}, {0xc, 0x4}, {0x2, 0x2}]}]}, {0x0, [0x30, 0x30, 0x2e, 0x30, 0x0, 0x61, 0x30]}}, &(0x7f00000001c0)=""/189, 0x79, 0xbd, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x5, 0x3, &(0x7f0000000a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000a40)='syzkaller\x00', 0x8, 0x85, &(0x7f0000000a80)=""/133, 0x41100, 0x65, '\x00', r4, @fallback=0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000b40)={0x2, 0x1, 0xe, 0x3}, 0x10, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5, 0x0, 0x4}, 0x18)
unshare(0x2a020400)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r6}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x1df3, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(0xffffffffffffffff, &(0x7f0000003500)=[{0x0}, {0x0}, {0x0}], 0x3)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{}, 0x0, &(0x7f0000000580)='%pK    \x00'}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x64000041}, 0x44885)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$AUDIT_SIGNAL_INFO(r7, &(0x7f00000009c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000008c0)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x4048000)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r9, 0x9c3fa077fa966179, 0x70bd29, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054)

1.2270992s ago: executing program 1 (id=4329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[], 0x1874}, 0x1, 0x0, 0x0, 0x800}, 0x1)

1.226977919s ago: executing program 4 (id=4330):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000e40)={0x48, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2002}]}, 0x48}}, 0x0)

1.159522627s ago: executing program 5 (id=4331):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000040), &(0x7f0000000080)=r2}, 0x20)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, 0x0, 0x0)
getpeername(r3, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
writev(r4, 0x0, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0xfffffffffffffffd, &(0x7f0000000480)=0xa4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000000000)=0x4, 0x4)
pselect6(0x40, &(0x7f00000000c0)={0x8, 0x4, 0x1, 0x3, 0x0, 0xf94, 0x6}, &(0x7f0000000100)={0x8, 0x7, 0x6, 0x100000001, 0x4, 0x100000001, 0x4, 0x6}, &(0x7f0000000140)={0x1, 0x7fffffff, 0x8000000000000000, 0x6, 0x2, 0x2, 0x3, 0x400}, &(0x7f0000000180), 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x8000, '\x00', 0x0, 0x0}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x7d}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r7}, 0xc)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r9, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x20, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)

1.08361779s ago: executing program 4 (id=4332):
r0 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000140)={'ip_vti0\x00', <r4=>0x0, 0x8000, 0x7800, 0xce3, 0x4, {{0x27, 0x4, 0x0, 0x3a, 0x9c, 0x68, 0x0, 0x5, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x20}, @broadcast, {[@ssrr={0x89, 0x7, 0xd1, [@dev={0xac, 0x14, 0x14, 0x1b}]}, @timestamp={0x44, 0x8, 0xe6, 0x0, 0xa, [0xda]}, @timestamp={0x44, 0x2c, 0x66, 0x0, 0x9, [0x3b, 0x3, 0xbb, 0x8, 0x81, 0x10000, 0x5, 0x7ff, 0x5, 0xff]}, @timestamp={0x44, 0x10, 0xd5, 0x0, 0xe, [0xfffffff9, 0x0, 0xc5]}, @timestamp_addr={0x44, 0xc, 0xa8, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x10001}]}, @cipso={0x86, 0x23, 0x0, [{0x0, 0x6, 'u!]?'}, {0x7, 0xa, "82bb9b132ac2ef9c"}, {0x6, 0xd, "38522e728d0ba83d3e2112"}]}, @timestamp_addr={0x44, 0xc, 0xba, 0x1, 0x3, [{@broadcast, 0xe}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip_vti0\x00', &(0x7f0000000240)={'ip_vti0\x00', <r5=>0x0, 0x1, 0x8000, 0x7, 0x1, {{0x39, 0x4, 0x0, 0x35, 0xe4, 0x66, 0x0, 0xf, 0x29, 0x0, @rand_addr=0x64010100, @broadcast, {[@noop, @timestamp={0x44, 0xc, 0xd2, 0x0, 0x4, [0x2, 0x7fff]}, @cipso={0x86, 0x2a, 0xffffffffffffffff, [{0x2, 0x2}, {0x2, 0x12, "cbc951301a6a2b9c48e8a9ab6db77656"}, {0x5, 0x3, 's'}, {0x5, 0xd, "e80b408f38fc70dfb0153f"}]}, @noop, @cipso={0x86, 0xd, 0x0, [{0x7, 0x5, "2dc8c6"}, {0x6, 0x2}]}, @cipso={0x86, 0x53, 0x3, [{0x2, 0x4, "d6b4"}, {0x0, 0xd, "4f0cd4b7d8a362cb8e8ebc"}, {0x5, 0x7, "2147e96499"}, {0x6, 0x7, "45402eb602"}, {0xd395f0968a091d7a, 0x5, "0168db"}, {0x5, 0x3, '5'}, {0x5, 0xc, "a634870fdb9426b5ea38"}, {0x6, 0xa, "500a90a082dc5923"}, {0x0, 0x10, "8ec17d4959d8ac4d34bea1bfb5d7"}]}, @lsrr={0x83, 0xb, 0x66, [@private=0xa010102, @broadcast]}, @timestamp_addr={0x44, 0x14, 0x9, 0x1, 0x0, [{@local, 0x9}, {@private=0xa010101, 0xdb3}]}, @ssrr={0x89, 0x7, 0xc5, [@empty]}, @timestamp={0x44, 0x10, 0x27, 0x0, 0x9, [0xfff, 0x9, 0xb63]}]}}}}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000003c0)={<r6=>0x0, @dev, @remote}, &(0x7f0000000400)=0xc)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000440)={0x32c, r0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x168, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x20000000}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb84}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x282f}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x8, 0x7f, 0x0, 0x5}, {0x0, 0x7, 0x9, 0x8}, {0xc51, 0x43, 0x9, 0x3}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x8383}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r2}, {0x1a0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}]}, 0x32c}}, 0x4004850)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_int(r7, 0x0, 0x14, &(0x7f0000000800), &(0x7f0000000840)=0x4)
r8 = socket$rxrpc(0x21, 0x2, 0x2)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r8, 0xf507, 0x0)
r9 = syz_genetlink_get_family_id$gtp(&(0x7f00000008c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x40, r9, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, r2}, @GTPA_PEER_ADDR6={0x14, 0xb, @private0}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008000}, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r10, &(0x7f00000009c0)={0x11, 0xf6, r4, 0x1, 0x4, 0x6, @link_local}, 0x14)
recvmsg(r10, &(0x7f0000000d00)={&(0x7f0000000a00)=@pppol2tp={0x18, 0x1, {0x0, <r11=>0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000a80)=""/183, 0xb7}, {&(0x7f0000000b40)=""/101, 0x65}], 0x2, &(0x7f0000000c00)=""/252, 0xfc}, 0x100)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=@bloom_filter={0x1e, 0x3, 0x9, 0x400, 0x3, 0x1, 0x1, '\x00', r1, 0xffffffffffffffff, 0x1, 0x1, 0x5, 0xd}, 0x50)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000dc0)={0x2, 0x4, 0x8, 0x1, 0x80, r12, 0x6, '\x00', r5, 0xffffffffffffffff, 0x4, 0x1, 0x3}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000e80)={'wlan1\x00', <r14=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r11, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x8140201}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x3c, 0x0, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r14}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x18}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x16}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8080001}, 0x48000)
socket$netlink(0x10, 0x3, 0x1)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r13, 0x84009422, &(0x7f0000000f80)={0x0, 0x0, {0x0, @struct}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
bind$netlink(r11, &(0x7f0000001380)={0x10, 0x0, 0x25dfdbff, 0x20000}, 0xc)
connect$inet(r11, &(0x7f00000013c0)={0x2, 0x4e22, @multicast2}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r15 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001400)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r15, &(0x7f0000001440)='cpuacct.usage_all\x00', 0x0, 0x0)
bind$inet(r7, &(0x7f0000001480)={0x2, 0x4e21, @private=0xa010101}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000014c0))

1.002933213s ago: executing program 0 (id=4333):
r0 = socket(0x400000000010, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x4, [@func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x7}, {0xf, 0x5}, {0xd, 0x5}, {0xe, 0x4}, {0xf, 0x5}, {0x6, 0x4}]}, @typedef={0x6, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x5f, 0x5f]}}, &(0x7f0000000180)=""/44, 0x64, 0x2c, 0x1, 0x5}, 0x28)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x11}}, 0x98}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x24, 0x2c, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x9, 0xfff3}, {0x10, 0x4}, {0x3, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x20000850)
sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x48}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

1.002629787s ago: executing program 1 (id=4334):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa4, 0x24, 0x400, 0x70bd27, 0x25dfdbfe, {0x2}, [@generic="9885efe36ef35bb0a6a70c3575b219a2c0053cab5736714b6b83f3a9732f96a1213114beb44ccbb03a382a3d38cabca6c73b6a0483d2611ad57c6b1a1bcb5f11c3cd0a08f47b497c3167662c225ac0dde7cacc65d8f7a3491c49737def289411c004f96d9bb548f0d2f93805f9ba0d2c11b7419d355ce06febcbef0968cb946f879dc4d6a8", @typed={0x8, 0x3d, 0x0, 0x0, @u32=0x9}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4004880)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000a00851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000020b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)
socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa4, 0x24, 0x400, 0x70bd27, 0x25dfdbfe, {0x2}, [@generic="9885efe36ef35bb0a6a70c3575b219a2c0053cab5736714b6b83f3a9732f96a1213114beb44ccbb03a382a3d38cabca6c73b6a0483d2611ad57c6b1a1bcb5f11c3cd0a08f47b497c3167662c225ac0dde7cacc65d8f7a3491c49737def289411c004f96d9bb548f0d2f93805f9ba0d2c11b7419d355ce06febcbef0968cb946f879dc4d6a8", @typed={0x8, 0x3d, 0x0, 0x0, @u32=0x9}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x4004880) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000a00851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000020b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) (async)

877.138755ms ago: executing program 1 (id=4335):
r0 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write(r0, &(0x7f00000000c0)="727d1cc6a71e3458abdaed21c2a23d7d8b4780f6ada4a9e954107ed8ddfe0ac0aac019df968602ab1c690945839ec9a2e3f29c2cd48cbb17003267fa5bece8a423e88bd6cd367e2807d75ca09d654711909c2ce45c0955ff19ae92047a58e0b5a4c41c84b8812c2f66485b08872c3b4dfca2b14f0637e586", 0x78)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @loopback={0xff00}}]}}}, @IFLA_TXQLEN={0x8, 0xd, 0x20000006}]}, 0x54}}, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async)
write(r0, &(0x7f00000000c0)="727d1cc6a71e3458abdaed21c2a23d7d8b4780f6ada4a9e954107ed8ddfe0ac0aac019df968602ab1c690945839ec9a2e3f29c2cd48cbb17003267fa5bece8a423e88bd6cd367e2807d75ca09d654711909c2ce45c0955ff19ae92047a58e0b5a4c41c84b8812c2f66485b08872c3b4dfca2b14f0637e586", 0x78) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @loopback={0xff00}}]}}}, @IFLA_TXQLEN={0x8, 0xd, 0x20000006}]}, 0x54}}, 0x0) (async)

735.249725ms ago: executing program 0 (id=4336):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000380), 0x10)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r2, 0x0)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r3=>0x0})
connect$can_j1939(r2, &(0x7f0000000300)={0x1d, r3, 0x2, {0x1, 0xf0, 0x4}, 0x2}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, &(0x7f0000000400), &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf", 0x0, 0x8000}, 0x50)
r4 = socket(0x10, 0x803, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r4)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r5, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, '\x00', 0x13}, 0x4}, 0x1c)
getsockname$packet(r4, &(0x7f0000000380)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf1d, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@gettclass={0x24, 0x2a, 0x129, 0x870bd2c, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x3}, {}, {0x0, 0xe}}}, 0x24}}, 0x40004)
r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_ext={0x1c, 0x7, &(0x7f00000003c0)=@raw=[@map_idx_val={0x18, 0x6, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}], &(0x7f0000000400)='syzkaller\x00', 0xffff, 0x34, &(0x7f0000000480)=""/52, 0x41000, 0x78, '\x00', r3, 0x0, r2, 0x8, &(0x7f00000004c0)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x0, 0x7, 0x7}, 0x10, 0x274ce, r2, 0x7, &(0x7f0000000540)=[r7, r2, r7, r2], &(0x7f0000000580)=[{0x5, 0x3, 0xa, 0x6}, {0x5, 0x1, 0x8, 0x5}, {0x0, 0x4, 0x7, 0x5}, {0x3, 0x2, 0xf, 0x1}, {0x0, 0x3, 0x0, 0x7}, {0x5, 0x2, 0x9, 0xa}, {0x1, 0x4, 0x10, 0x4}], 0x10, 0x394}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081020100bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030200000000001d440000000000006b0a20fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x9}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x2}, 0x10, 0x0, r9}, 0x94)

650.882111ms ago: executing program 4 (id=4337):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x0, 0xa84, @remote, 0x9}]}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7}, 0x1c)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@getqdisc={0x3c, 0x26, 0x400, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf, 0xc}, {0x8, 0xffe0}, {0x0, 0x9352ab689ccdaf05}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x3c}}, 0x0)

573.565514ms ago: executing program 3 (id=4338):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000940), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x300, 0x4}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)="27031c00160014000000002f1eafacf706e105000000894f00030001ee0b80558ddbba9b37242d29a50ed004484890af0755b798a0aa74c3", 0x38}], 0x1}, 0x0)

562.605605ms ago: executing program 1 (id=4339):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000040)={r2, @in={{0x2, 0x4e23, @empty}}, 0x7, 0x7}, &(0x7f0000000100)=0x90)

479.016728ms ago: executing program 5 (id=4340):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x14002, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)

435.642767ms ago: executing program 4 (id=4341):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000000000db040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

421.445134ms ago: executing program 1 (id=4342):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x2}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0xe, 0xd, 0x3, 0x9}]})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair(0x6, 0x3, 0x7, &(0x7f0000000080))
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newsa={0xfc, 0x1a, 0x7, 0x70bd25, 0x0, {{@in6=@mcast2, @in6=@mcast1, 0xffff, 0xa, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x20, 0x3c}, @in6=@empty, {0x0, 0x0, 0x2, 0x31, 0x0, 0x2}, {0x0, 0x200000, 0x7, 0xffffffffffffffff}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x70}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x8}}]}, 0xfc}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="54000000020605000000000000000000070000000c00078008000800000000420900020073797a32000000000500040003000000050005000a00000005000100060000000d007f65e5bddd03006c6973743a7365"], 0x54}, 0x1, 0x0, 0x0, 0x2000c004}, 0x20040442)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r0, &(0x7f00000002c0), 0x2)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%pB    \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r3, &(0x7f0000000340)="8328a8c32f2c4b22b28a"}, 0x20)

385.707499ms ago: executing program 3 (id=4343):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf13000000000000850000002a000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xff80, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x700}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

279.010471ms ago: executing program 0 (id=4344):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x30020000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

272.615314ms ago: executing program 5 (id=4345):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r1, &(0x7f0000000680)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xc}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4820}, 0x20048010)
write(r1, &(0x7f0000000a40)="fc0000", 0x3)
close(r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x17, 0x4, 0x8, 0x401, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x0, 0x0, 0xf4, &(0x7f0000000200), &(0x7f0000000380)=""/244, 0x9, 0x0, 0x78, 0x81, &(0x7f0000000240)="a3027088fd2fa98ea280a227ea47a9a25810e2e2ea83866ed86ebfab63a1c81ca72bbdc060847362ae24270de9d7b747d26623c563dfda515451622e3bb56ac6d58eb4a7385300aa0e27a9d51582098c2ec58a06a3bf15039f319dcf79799655feec7ad6eafa945e770bf692b792f56d00f09e411b67390b", &(0x7f0000000480)="098a848f981dd1f874e0a1a9f901178b180d0c6f4d794f31169c88c65c562bc0d2956eb2dd8b463f5eabdc1767198d32c02dcddf53a24e563cfead221f34277a8b0ee9a83ae7bb18ae8ab0654f770005171dcc5d6455fd42e82db6644695b0af925116d29ebfde4e25796f4079a254e116da9f4e969db37c1dd842ea87f8a96a6e", 0x0, 0x0, 0xfc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000004000000000000009aaa000018150000", @ANYRES32=r2, @ANYBLOB="0000002000002000b7082788c1b8ab159990f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005e0000009500000000000000"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f00000000c0))

269.429244ms ago: executing program 4 (id=4346):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@getstats={0x1c, 0x5e, 0x201, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x44010)

90.855303ms ago: executing program 0 (id=4347):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000001080)=ANY=[@ANYBLOB="18000000fcffffff00000000000000009700000000000000a3bedb6b7eaaa96ac6647fcb9fcbeb738c1cce9c361778229e8c406aa4661a711415de4dd38855b5658657ef47b0da68bdb6dd5f64c14f", @ANYRESHEX, @ANYRES8], &(0x7f0000000300)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000"], 0x14}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f000000c140), r1)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), r1)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
recvmmsg(r5, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x100, 0x0)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYRES16=r3, @ANYRES16=r4, @ANYBLOB="0103000000000000000005"], 0x34}}, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r6, 0x84, 0x4, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0500000005000000020000000700000000000000", @ANYRES32=0x1, @ANYBLOB="00000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000010000000007fd93b069f06c7aef8565707678ba93552bcbf9f23ab4cb3ebc1c4cffafe415f68823b6257757e0048886d6cb5216330b02b27cee0d339a05c12f6e88e33d1e08c50f76ca1a63213d8669230c375a1d5218aaa56db91c9a2ac414b60e94afca57fb780f5dfa2af2449da97723ba8e13469e1638de0cfb2b404604d03640c"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180), &(0x7f00000001c0), 0x75, r7}, 0x38)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0x14, &(0x7f00000005c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r7, @ANYRES8=r2], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001100)={&(0x7f00000001c0)='ext4_fallocate_exit\x00', r8, 0x0, 0x40001000}, 0x18)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000), 0x300000, 0x800, 0x6, 0x3}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r9, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r9, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r9, &(0x7f00000002c0)={0x2c, 0x4, r11}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000080)=0x9, 0x4)
r12 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r12, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)

90.70869ms ago: executing program 1 (id=4348):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000940), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x300, 0x4}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000000)="27031c00160014000000002f1eafacf706e105000000894f00030001ee0b80558ddbba9b37242d29a50ed004484890af0755b798a0aa74c3", 0x38}], 0x1}, 0x0) (fail_nth: 3)

89.949547ms ago: executing program 4 (id=4349):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="1802000003000000000000000000000085000000a0000000850000005000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))

89.517441ms ago: executing program 5 (id=4350):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x14, 0x14, 0x1, 0x0, 0x0, "", [@nested={0x3}]}, 0x14}], 0x1}, 0x0)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200fffff1"], 0x50) (async)
r2 = socket$kcm(0x2d, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r3, 0x0, 0x9}, 0x18)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
close(r5) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000240)={r2})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0) (async)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e3, &(0x7f0000000180)={r2, r6}) (async)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x7, @mcast2, 0x1}, 0x1c) (async)
writev(r7, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000080)=ANY=[], 0x10448) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$NBD_CMD_RECONFIGURE(r9, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r10, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0x8080}, 0x4004) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0) (async)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, '\x00', 0x13}, 0x4}, 0x1c)

0s ago: executing program 3 (id=4351):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001a0001000000000000000000819a00000000000800000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
unshare(0x2a020400)
r1 = socket(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, &(0x7f0000000200)}, 0x20)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
connect$netlink(r1, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
bind$unix(r3, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x200, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg$unix(r3, &(0x7f0000000f40)=[{{&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000540)=[{&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000200)=""/15, 0xf}, {&(0x7f0000000280)=""/48, 0x30}, {&(0x7f00000003c0)=""/96, 0x60}, {&(0x7f0000000440)=""/86, 0x56}, {&(0x7f00000004c0)=""/113, 0x71}], 0x6, &(0x7f0000000600)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe8}}, {{&(0x7f0000000780)=@abs, 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000700)=""/62, 0x3e}, {&(0x7f0000000800)=""/102, 0x66}, {&(0x7f0000000880)=""/23, 0x17}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000000980)=""/42, 0x2a}, {&(0x7f00000009c0)=""/119, 0x77}], 0x7, &(0x7f0000000ac0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x110}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000c00)=""/198, 0xc6}], 0x1, &(0x7f0000000d40)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000d80)=""/18, 0x12}, {&(0x7f0000000dc0)=""/53, 0x35}], 0x2, &(0x7f0000000e40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}], 0x4, 0x100, &(0x7f0000001040)={0x77359400})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="250300000000140001800d"], 0x28}}, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
connect$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r8)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r10 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r10, 0x8002f515, &(0x7f0000000380))
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)

kernel console output (not intermixed with test programs):

d: batadv_slave_1
[  540.450245][ T9528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.460845][T17717] netlink: 'syz.3.3088': attribute type 6 has an invalid length.
[  540.470848][ T9528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.482569][T17717] IPv6: NLM_F_CREATE should be specified when creating new route
[  540.562513][ T9528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.573045][ T9528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.852652][T17730] netlink: 'syz.0.3089': attribute type 10 has an invalid length.
[  540.884553][T17728] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3090'.
[  540.929951][T17729] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3090'.
[  540.957199][T10346] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.995896][T10346] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.150869][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  541.204313][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.618573][T17747] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3093'.
[  541.671384][T17748] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3093'.
[  541.912536][T17754] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3095'.
[  543.459420][T17784] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  543.459506][T17783] IPVS: stopping backup sync thread 17784 ...
[  543.474694][T17782] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3100'.
[  543.556007][T17782] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3100'.
[  543.595879][T17782] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3100'.
[  543.808017][T17735] lo speed is unknown, defaulting to 1000
[  544.298898][T17801] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode
[  544.633295][T17802] team0: Port device vlan0 removed
[  544.742042][   T60] tipc: Resetting bearer <eth:team0>
[  545.021005][T17812] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3108'.
[  546.020884][T17735] lo speed is unknown, defaulting to 1000
[  546.088369][T17835] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3113'.
[  546.180273][T17835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3113'.
[  546.215179][T17835] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3113'.
[  546.313447][T17835] gretap1: entered promiscuous mode
[  546.943473][T17853] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  547.004902][T17853] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  547.675957][T17867] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3122'.
[  548.729985][T17872] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  548.882972][T17887] lo speed is unknown, defaulting to 1000
[  548.948151][T17894] FAULT_INJECTION: forcing a failure.
[  548.948151][T17894] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  549.013954][T17894] CPU: 0 UID: 0 PID: 17894 Comm: syz.1.3128 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  549.013991][T17894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.014006][T17894] Call Trace:
[  549.014016][T17894]  <TASK>
[  549.014027][T17894]  dump_stack_lvl+0x189/0x250
[  549.014057][T17894]  ? __pfx____ratelimit+0x10/0x10
[  549.014089][T17894]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.014112][T17894]  ? __pfx__printk+0x10/0x10
[  549.014139][T17894]  ? fs_reclaim_acquire+0x7d/0x100
[  549.014190][T17894]  should_fail_ex+0x414/0x560
[  549.014233][T17894]  prepare_alloc_pages+0x213/0x610
[  549.014267][T17894]  __alloc_frozen_pages_noprof+0x123/0x370
[  549.014298][T17894]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  549.014336][T17894]  ? policy_nodemask+0x27c/0x720
[  549.014636][T17894]  alloc_pages_mpol+0x232/0x4a0
[  549.014681][T17894]  vma_alloc_folio_noprof+0xe4/0x200
[  549.014723][T17894]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  549.014775][T17894]  folio_prealloc+0x30/0x180
[  549.014815][T17894]  do_wp_page+0x1231/0x5800
[  549.014873][T17894]  ? __pfx_do_wp_page+0x10/0x10
[  549.014907][T17894]  ? do_raw_spin_lock+0x121/0x290
[  549.014944][T17894]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  549.014985][T17894]  __handle_mm_fault+0x1144/0x5620
[  549.015038][T17894]  ? __pfx___handle_mm_fault+0x10/0x10
[  549.015106][T17894]  ? follow_page_pte+0xe7e/0x14b0
[  549.015149][T17894]  handle_mm_fault+0x40a/0x8e0
[  549.015200][T17894]  __get_user_pages+0x1af4/0x30b0
[  549.015277][T17894]  ? __pfx___get_user_pages+0x10/0x10
[  549.015309][T17894]  ? __gup_longterm_locked+0xbf7/0x15b0
[  549.015341][T17894]  ? down_read_killable+0x1d1/0x350
[  549.015373][T17894]  __gup_longterm_locked+0xd66/0x15b0
[  549.015429][T17894]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  549.015462][T17894]  ? gup_fast_fallback+0x1afc/0x2260
[  549.015503][T17894]  gup_fast_fallback+0x1cd4/0x2260
[  549.015550][T17894]  ? __kernel_text_address+0xd/0x40
[  549.015633][T17894]  ? __pfx_gup_fast_fallback+0x10/0x10
[  549.015666][T17894]  ? kasan_save_track+0x4f/0x80
[  549.015695][T17894]  ? kasan_save_track+0x3e/0x80
[  549.015721][T17894]  ? __kasan_kmalloc+0x93/0xb0
[  549.015753][T17894]  ? sock_kmalloc+0xd6/0x160
[  549.015776][T17894]  ? af_alg_get_rsgl+0x236/0x810
[  549.015805][T17894]  ? skcipher_recvmsg+0x3c0/0x11c0
[  549.015825][T17894]  ? ____sys_recvmsg+0x1c9/0x460
[  549.015846][T17894]  ? ___sys_recvmsg+0x1b5/0x510
[  549.015867][T17894]  ? __x64_sys_recvmsg+0x198/0x260
[  549.015896][T17894]  ? pin_user_pages_fast+0x4d/0xb0
[  549.015929][T17894]  iov_iter_extract_pages+0x35a/0x5e0
[  549.015974][T17894]  extract_iter_to_sg+0xe46/0x24e0
[  549.016032][T17894]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  549.016067][T17894]  ? rcu_is_watching+0x15/0xb0
[  549.016103][T17894]  ? trace_kmalloc+0x1f/0xd0
[  549.016133][T17894]  ? __kmalloc_noprof+0x29b/0x4f0
[  549.016172][T17894]  ? __asan_memset+0x22/0x50
[  549.016204][T17894]  af_alg_get_rsgl+0x436/0x810
[  549.016261][T17894]  skcipher_recvmsg+0x3c0/0x11c0
[  549.016289][T17894]  ? aa_sk_perm+0x81e/0x950
[  549.016332][T17894]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  549.016358][T17894]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  549.016403][T17894]  ? security_socket_recvmsg+0x7e/0x2e0
[  549.016433][T17894]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  549.016457][T17894]  sock_recvmsg+0x229/0x270
[  549.016493][T17894]  ____sys_recvmsg+0x1c9/0x460
[  549.016529][T17894]  ? __pfx_____sys_recvmsg+0x10/0x10
[  549.016573][T17894]  ? import_iovec+0x74/0xa0
[  549.016609][T17894]  ___sys_recvmsg+0x1b5/0x510
[  549.016641][T17894]  ? __pfx____sys_recvmsg+0x10/0x10
[  549.016698][T17894]  ? __fget_files+0x3a0/0x420
[  549.016733][T17894]  __x64_sys_recvmsg+0x198/0x260
[  549.016763][T17894]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  549.016801][T17894]  ? __pfx_ksys_write+0x10/0x10
[  549.016830][T17894]  ? rcu_is_watching+0x15/0xb0
[  549.016870][T17894]  ? do_syscall_64+0xbe/0x3b0
[  549.016923][T17894]  do_syscall_64+0xfa/0x3b0
[  549.016955][T17894]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.016986][T17894]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.017009][T17894]  ? clear_bhb_loop+0x60/0xb0
[  549.017036][T17894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.017059][T17894] RIP: 0033:0x7fe38738eb69
[  549.017101][T17894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.017122][T17894] RSP: 002b:00007fe38822b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  549.017148][T17894] RAX: ffffffffffffffda RBX: 00007fe3875b5fa0 RCX: 00007fe38738eb69
[  549.017165][T17894] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  549.017180][T17894] RBP: 00007fe38822b090 R08: 0000000000000000 R09: 0000000000000000
[  549.017194][T17894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  549.017208][T17894] R13: 0000000000000000 R14: 00007fe3875b5fa0 R15: 00007fffcc1070f8
[  549.017245][T17894]  </TASK>
[  549.763758][T17887] lo speed is unknown, defaulting to 1000
[  550.133943][T17900] netlink: 'syz.1.3131': attribute type 4 has an invalid length.
[  550.239043][T17902] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3132'.
[  550.969507][T17917] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3135'.
[  551.022127][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  551.034733][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  551.044996][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  551.057139][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  551.075411][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  551.219918][T17918] lo speed is unknown, defaulting to 1000
[  551.379276][T17927] tipc: Started in network mode
[  551.398091][T17927] tipc: Node identity a617df28619f, cluster identity 4711
[  551.439758][T17927] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  551.481575][T17934] syzkaller0: entered promiscuous mode
[  551.515366][T17934] syzkaller0: entered allmulticast mode
[  551.575122][    C0] syzkaller0: tun_net_xmit 90
[  551.581832][T10346] syzkaller0: tun_net_xmit 70
[  551.622458][T17927] tipc: Resetting bearer <eth:syzkaller0>
[  551.689920][T17927] syzkaller0: tun_net_xmit 90
[  551.813959][T17926] tipc: Resetting bearer <eth:syzkaller0>
[  551.927064][T17940] FAULT_INJECTION: forcing a failure.
[  551.927064][T17940] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  551.956408][T17926] tipc: Disabling bearer <eth:syzkaller0>
[  551.963901][T17940] CPU: 0 UID: 0 PID: 17940 Comm: syz.3.3139 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  551.963939][T17940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  551.963954][T17940] Call Trace:
[  551.963965][T17940]  <TASK>
[  551.963975][T17940]  dump_stack_lvl+0x189/0x250
[  551.964009][T17940]  ? __pfx____ratelimit+0x10/0x10
[  551.964043][T17940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.964067][T17940]  ? __pfx__printk+0x10/0x10
[  551.964098][T17940]  ? fs_reclaim_acquire+0x7d/0x100
[  551.964227][T17940]  should_fail_ex+0x414/0x560
[  551.964269][T17940]  prepare_alloc_pages+0x213/0x610
[  551.964298][T17940]  __alloc_frozen_pages_noprof+0x123/0x370
[  551.964331][T17940]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  551.964368][T17940]  ? policy_nodemask+0x27c/0x720
[  551.964408][T17940]  alloc_pages_mpol+0x232/0x4a0
[  551.964450][T17940]  vma_alloc_folio_noprof+0xe4/0x200
[  551.964489][T17940]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  551.964539][T17940]  folio_prealloc+0x30/0x180
[  551.964578][T17940]  do_wp_page+0x1231/0x5800
[  551.964635][T17940]  ? __pfx_do_wp_page+0x10/0x10
[  551.964684][T17940]  ? do_raw_spin_lock+0x121/0x290
[  551.964713][T17940]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  551.964752][T17940]  __handle_mm_fault+0x1144/0x5620
[  551.964808][T17940]  ? __pfx___handle_mm_fault+0x10/0x10
[  551.964857][T17940]  ? follow_page_pte+0xe7e/0x14b0
[  551.964900][T17940]  handle_mm_fault+0x40a/0x8e0
[  551.964957][T17940]  __get_user_pages+0x1af4/0x30b0
[  551.965031][T17940]  ? __pfx___get_user_pages+0x10/0x10
[  551.965057][T17940]  ? __gup_longterm_locked+0xbf7/0x15b0
[  551.965086][T17940]  ? down_read_killable+0x1d1/0x350
[  551.965113][T17940]  __gup_longterm_locked+0xd66/0x15b0
[  551.965156][T17940]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  551.965187][T17940]  ? gup_fast_fallback+0x1afc/0x2260
[  551.965219][T17940]  gup_fast_fallback+0x1cd4/0x2260
[  551.965247][T17940]  ? __kernel_text_address+0xd/0x40
[  551.965316][T17940]  ? __pfx_gup_fast_fallback+0x10/0x10
[  551.965345][T17940]  ? kasan_save_track+0x4f/0x80
[  551.965375][T17940]  ? kasan_save_track+0x3e/0x80
[  551.965401][T17940]  ? __kasan_kmalloc+0x93/0xb0
[  551.965441][T17940]  ? sock_kmalloc+0xd6/0x160
[  551.965465][T17940]  ? af_alg_get_rsgl+0x236/0x810
[  551.965503][T17940]  ? skcipher_recvmsg+0x3c0/0x11c0
[  551.965523][T17940]  ? ____sys_recvmsg+0x1c9/0x460
[  551.965546][T17940]  ? ___sys_recvmsg+0x1b5/0x510
[  551.965567][T17940]  ? __x64_sys_recvmsg+0x198/0x260
[  551.965596][T17940]  ? pin_user_pages_fast+0x4d/0xb0
[  551.965630][T17940]  iov_iter_extract_pages+0x35a/0x5e0
[  551.965671][T17940]  extract_iter_to_sg+0xe46/0x24e0
[  551.965723][T17940]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  551.965754][T17940]  ? rcu_is_watching+0x15/0xb0
[  551.965789][T17940]  ? trace_kmalloc+0x1f/0xd0
[  551.965818][T17940]  ? __kmalloc_noprof+0x29b/0x4f0
[  551.965858][T17940]  ? __asan_memset+0x22/0x50
[  551.965889][T17940]  af_alg_get_rsgl+0x436/0x810
[  551.965966][T17940]  skcipher_recvmsg+0x3c0/0x11c0
[  551.965993][T17940]  ? aa_sk_perm+0x81e/0x950
[  551.966036][T17940]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  551.966063][T17940]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  551.966089][T17940]  ? security_socket_recvmsg+0x7e/0x2e0
[  551.966112][T17940]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  551.966134][T17940]  sock_recvmsg+0x229/0x270
[  551.966170][T17940]  ____sys_recvmsg+0x1c9/0x460
[  551.966207][T17940]  ? __pfx_____sys_recvmsg+0x10/0x10
[  551.966251][T17940]  ? import_iovec+0x74/0xa0
[  551.966287][T17940]  ___sys_recvmsg+0x1b5/0x510
[  551.966320][T17940]  ? __pfx____sys_recvmsg+0x10/0x10
[  551.966375][T17940]  ? __fget_files+0x3a0/0x420
[  551.966412][T17940]  __x64_sys_recvmsg+0x198/0x260
[  551.966441][T17940]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  551.966476][T17940]  ? __pfx_ksys_write+0x10/0x10
[  551.966506][T17940]  ? rcu_is_watching+0x15/0xb0
[  551.966546][T17940]  ? do_syscall_64+0xbe/0x3b0
[  551.966583][T17940]  do_syscall_64+0xfa/0x3b0
[  551.966615][T17940]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.966646][T17940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.966670][T17940]  ? clear_bhb_loop+0x60/0xb0
[  551.966697][T17940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.966718][T17940] RIP: 0033:0x7f204cd8eb69
[  551.966740][T17940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.966760][T17940] RSP: 002b:00007f204dc9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  551.966785][T17940] RAX: ffffffffffffffda RBX: 00007f204cfb5fa0 RCX: 00007f204cd8eb69
[  551.966801][T17940] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  551.966815][T17940] RBP: 00007f204dc9b090 R08: 0000000000000000 R09: 0000000000000000
[  551.966828][T17940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  551.966840][T17940] R13: 0000000000000000 R14: 00007f204cfb5fa0 R15: 00007ffd5a686838
[  551.966875][T17940]  </TASK>
[  552.638682][T17918] lo speed is unknown, defaulting to 1000
[  552.795993][  T923] tipc: Node number set to 3347636008
[  553.071988][T17951] syz.0.3142: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  553.155320][ T5843] Bluetooth: hci0: command tx timeout
[  553.215626][T17951] CPU: 0 UID: 0 PID: 17951 Comm: syz.0.3142 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  553.215661][T17951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  553.215675][T17951] Call Trace:
[  553.215685][T17951]  <TASK>
[  553.215696][T17951]  dump_stack_lvl+0x189/0x250
[  553.215730][T17951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  553.215754][T17951]  ? __pfx__printk+0x10/0x10
[  553.215784][T17951]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  553.215810][T17951]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  553.215838][T17951]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  553.215867][T17951]  warn_alloc+0x214/0x310
[  553.215898][T17951]  ? __pfx_warn_alloc+0x10/0x10
[  553.215932][T17951]  ? __get_vm_area_node+0x28f/0x300
[  553.215969][T17951]  ? xskq_create+0xbf/0x170
[  553.216005][T17951]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  553.216063][T17951]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  553.216094][T17951]  ? __kasan_kmalloc+0x93/0xb0
[  553.216131][T17951]  vmalloc_user_noprof+0xad/0xf0
[  553.216162][T17951]  ? xskq_create+0xbf/0x170
[  553.216194][T17951]  xskq_create+0xbf/0x170
[  553.216229][T17951]  xsk_init_queue+0xb0/0x110
[  553.216262][T17951]  xsk_setsockopt+0x57b/0x8d0
[  553.216295][T17951]  ? __pfx_xsk_setsockopt+0x10/0x10
[  553.216324][T17951]  ? __pfx_aa_sk_perm+0x10/0x10
[  553.216355][T17951]  ? __fget_files+0x2a/0x420
[  553.216377][T17951]  ? aa_sock_opt_perm+0x74/0x110
[  553.216409][T17951]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  553.216434][T17951]  ? __pfx_xsk_setsockopt+0x10/0x10
[  553.216465][T17951]  do_sock_setsockopt+0x17c/0x1b0
[  553.216495][T17951]  __x64_sys_setsockopt+0x13f/0x1b0
[  553.216524][T17951]  do_syscall_64+0xfa/0x3b0
[  553.216557][T17951]  ? lockdep_hardirqs_on+0x9c/0x150
[  553.216588][T17951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.216610][T17951]  ? clear_bhb_loop+0x60/0xb0
[  553.216638][T17951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  553.216661][T17951] RIP: 0033:0x7f838938eb69
[  553.216681][T17951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  553.216701][T17951] RSP: 002b:00007f838a1d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  553.216727][T17951] RAX: ffffffffffffffda RBX: 00007f83895b6080 RCX: 00007f838938eb69
[  553.216745][T17951] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000003
[  553.216759][T17951] RBP: 00007f8389411df1 R08: 0000000000000004 R09: 0000000000000000
[  553.216773][T17951] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[  553.216787][T17951] R13: 0000000000000000 R14: 00007f83895b6080 R15: 00007ffe8e4385d8
[  553.216823][T17951]  </TASK>
[  553.216845][T17951] Mem-Info:
[  553.568948][T17960] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3145'.
[  553.576972][T17951] active_anon:4131 inactive_anon:0 isolated_anon:0
[  553.576972][T17951]  active_file:1911 inactive_file:40013 isolated_file:0
[  553.576972][T17951]  unevictable:775 dirty:161 writeback:0
[  553.576972][T17951]  slab_reclaimable:12136 slab_unreclaimable:140809
[  553.576972][T17951]  mapped:32513 shmem:1370 pagetables:1235
[  553.576972][T17951]  sec_pagetables:0 bounce:0
[  553.576972][T17951]  kernel_misc_reclaimable:0
[  553.576972][T17951]  free:1137188 free_pcp:18447 free_cma:0
[  553.632539][T17951] Node 0 active_anon:16524kB inactive_anon:0kB active_file:7644kB inactive_file:159848kB unevictable:1564kB isolated(anon):0kB isolated(file):0kB mapped:130052kB dirty:644kB writeback:0kB shmem:3944kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13512kB pagetables:4776kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  553.671052][T17951] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  553.720849][T17951] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  553.762408][T17951] lowmem_reserve[]: 0 2500 2502 2502 2502
[  553.768771][T17951] Node 0 DMA32 free:636412kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16476kB inactive_anon:0kB active_file:7644kB inactive_file:158020kB unevictable:1564kB writepending:640kB present:3129332kB managed:2560292kB mlocked:28kB bounce:0kB free_pcp:49112kB local_pcp:31860kB free_cma:0kB
[  553.805459][T17951] lowmem_reserve[]: 0 0 1 1 1
[  553.811132][T17951] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  553.842859][T17951] lowmem_reserve[]: 0 0 0 0 0
[  553.848688][T17951] Node 1 Normal free:3890864kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24048kB local_pcp:14320kB free_cma:0kB
[  553.899313][T17951] lowmem_reserve[]: 0 0 0 0 0
[  553.904726][T17951] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  553.928806][T17951] Node 0 DMA32: 2*4kB (ME) 1*8kB (U) 2*16kB (ME) 3*32kB (UME) 51*64kB (ME) 16*128kB (UM) 3*256kB (UM) 8*512kB (UM) 8*1024kB (UME) 3*2048kB (ME) 148*4096kB (UM) = 630864kB
[  553.960377][T17951] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  553.985386][T17951] Node 1 Normal: 228*4kB (UE) 48*8kB (UM) 30*16kB (UME) 84*32kB (UME) 27*64kB (UME) 7*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3890864kB
[  554.030116][T17951] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  554.085708][T17951] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  554.142742][T17951] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  554.192736][T17918] chnl_net:caif_netlink_parms(): no params data found
[  554.210491][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  554.224822][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  554.234601][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  554.250071][T17951] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  554.272263][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  554.281291][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  554.312332][T17951] 43291 total pagecache pages
[  554.327999][T17951] 0 pages in swap cache
[  554.355210][T17951] Free swap  = 124996kB
[  554.355727][T17969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3148'.
[  554.360157][T17951] Total swap = 124996kB
[  554.417601][T17951] 2097051 pages RAM
[  554.422423][T17951] 0 pages HighMem/MovableOnly
[  554.429968][T17974] FAULT_INJECTION: forcing a failure.
[  554.429968][T17974] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  554.443614][T17951] 424872 pages reserved
[  554.446579][T17974] CPU: 1 UID: 0 PID: 17974 Comm: syz.1.3149 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  554.446618][T17974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  554.446635][T17974] Call Trace:
[  554.446647][T17974]  <TASK>
[  554.446659][T17974]  dump_stack_lvl+0x189/0x250
[  554.446694][T17974]  ? __pfx____ratelimit+0x10/0x10
[  554.446732][T17974]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.446757][T17974]  ? __pfx__printk+0x10/0x10
[  554.446792][T17974]  ? fs_reclaim_acquire+0x7d/0x100
[  554.446832][T17974]  should_fail_ex+0x414/0x560
[  554.446880][T17974]  prepare_alloc_pages+0x213/0x610
[  554.446919][T17974]  __alloc_frozen_pages_noprof+0x123/0x370
[  554.446955][T17974]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  554.446996][T17974]  ? policy_nodemask+0x27c/0x720
[  554.447051][T17974]  alloc_pages_mpol+0x232/0x4a0
[  554.447098][T17974]  vma_alloc_folio_noprof+0xe4/0x200
[  554.447142][T17974]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  554.447198][T17974]  folio_prealloc+0x30/0x180
[  554.447240][T17974]  do_wp_page+0x1231/0x5800
[  554.447304][T17974]  ? __pfx_do_wp_page+0x10/0x10
[  554.447334][T17974]  ? do_raw_spin_lock+0x121/0x290
[  554.447369][T17974]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  554.447413][T17974]  __handle_mm_fault+0x1144/0x5620
[  554.447494][T17974]  ? __pfx___handle_mm_fault+0x10/0x10
[  554.447549][T17974]  ? follow_page_pte+0xe7e/0x14b0
[  554.447599][T17974]  handle_mm_fault+0x40a/0x8e0
[  554.447648][T17974]  __get_user_pages+0x1af4/0x30b0
[  554.447726][T17974]  ? __pfx___get_user_pages+0x10/0x10
[  554.447758][T17974]  ? __gup_longterm_locked+0xbf7/0x15b0
[  554.447789][T17974]  ? down_read_killable+0x1d1/0x350
[  554.447812][T17974]  __gup_longterm_locked+0xd66/0x15b0
[  554.447849][T17974]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  554.447876][T17974]  ? gup_fast_fallback+0x1afc/0x2260
[  554.447905][T17974]  gup_fast_fallback+0x1cd4/0x2260
[  554.447930][T17974]  ? __kernel_text_address+0xd/0x40
[  554.447987][T17974]  ? __pfx_gup_fast_fallback+0x10/0x10
[  554.448014][T17974]  ? kasan_save_track+0x4f/0x80
[  554.448058][T17974]  ? kasan_save_track+0x3e/0x80
[  554.448089][T17974]  ? __kasan_kmalloc+0x93/0xb0
[  554.448124][T17974]  ? sock_kmalloc+0xd6/0x160
[  554.448150][T17974]  ? af_alg_get_rsgl+0x236/0x810
[  554.448185][T17974]  ? skcipher_recvmsg+0x3c0/0x11c0
[  554.448208][T17974]  ? ____sys_recvmsg+0x1c9/0x460
[  554.448235][T17974]  ? ___sys_recvmsg+0x1b5/0x510
[  554.448258][T17974]  ? __x64_sys_recvmsg+0x198/0x260
[  554.448292][T17974]  ? pin_user_pages_fast+0x4d/0xb0
[  554.448329][T17974]  iov_iter_extract_pages+0x35a/0x5e0
[  554.448380][T17974]  extract_iter_to_sg+0xe46/0x24e0
[  554.448430][T17974]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  554.448468][T17974]  ? rcu_is_watching+0x15/0xb0
[  554.448508][T17974]  ? trace_kmalloc+0x1f/0xd0
[  554.448540][T17974]  ? __kmalloc_noprof+0x29b/0x4f0
[  554.448584][T17974]  ? __asan_memset+0x22/0x50
[  554.448617][T17974]  af_alg_get_rsgl+0x436/0x810
[  554.448680][T17974]  skcipher_recvmsg+0x3c0/0x11c0
[  554.448710][T17974]  ? aa_sk_perm+0x81e/0x950
[  554.448757][T17974]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  554.448786][T17974]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  554.448814][T17974]  ? security_socket_recvmsg+0x7e/0x2e0
[  554.448841][T17974]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  554.448865][T17974]  sock_recvmsg+0x229/0x270
[  554.448906][T17974]  ____sys_recvmsg+0x1c9/0x460
[  554.448945][T17974]  ? __pfx_____sys_recvmsg+0x10/0x10
[  554.448995][T17974]  ? import_iovec+0x74/0xa0
[  554.449040][T17974]  ___sys_recvmsg+0x1b5/0x510
[  554.449075][T17974]  ? __pfx____sys_recvmsg+0x10/0x10
[  554.449138][T17974]  ? __fget_files+0x3a0/0x420
[  554.449177][T17974]  __x64_sys_recvmsg+0x198/0x260
[  554.449208][T17974]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  554.449250][T17974]  ? __pfx_ksys_write+0x10/0x10
[  554.449282][T17974]  ? rcu_is_watching+0x15/0xb0
[  554.449328][T17974]  ? do_syscall_64+0xbe/0x3b0
[  554.449373][T17974]  do_syscall_64+0xfa/0x3b0
[  554.449411][T17974]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.449436][T17974]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  554.449462][T17974]  ? clear_bhb_loop+0x60/0xb0
[  554.449493][T17974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.449514][T17974] RIP: 0033:0x7fe38738eb69
[  554.449538][T17974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.449560][T17974] RSP: 002b:00007fe38822b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  554.449584][T17974] RAX: ffffffffffffffda RBX: 00007fe3875b5fa0 RCX: 00007fe38738eb69
[  554.449604][T17974] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  554.449620][T17974] RBP: 00007fe38822b090 R08: 0000000000000000 R09: 0000000000000000
[  554.449637][T17974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  554.449654][T17974] R13: 0000000000000000 R14: 00007fe3875b5fa0 R15: 00007fffcc1070f8
[  554.449695][T17974]  </TASK>
[  555.075106][T17951] 0 pages cma reserved
[  555.113457][T17918] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.126141][T17918] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.151204][T17918] bridge_slave_0: entered allmulticast mode
[  555.198923][T17918] bridge_slave_0: entered promiscuous mode
[  555.216725][T17965] lo speed is unknown, defaulting to 1000
[  555.217354][T17918] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.231361][ T5848] Bluetooth: hci0: command tx timeout
[  555.285500][T17918] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.354421][T17918] bridge_slave_1: entered allmulticast mode
[  555.399868][T17918] bridge_slave_1: entered promiscuous mode
[  555.610398][T17918] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.677945][T17918] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.812734][T17918] team0: Port device team_slave_0 added
[  555.834757][T17998] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  555.844395][T18001] syzkaller0: entered allmulticast mode
[  555.873373][T17918] team0: Port device team_slave_1 added
[  556.025739][T18000] IPVS: Error connecting to the multicast addr
[  556.057207][T18008] netlink: 'syz.1.3156': attribute type 2 has an invalid length.
[  556.088222][T17918] batman_adv: batadv0: Adding interface: batadv_slave_0
[  556.115497][T17918] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.125170][T18008] netlink: 'syz.1.3156': attribute type 7 has an invalid length.
[  556.179237][T18014] Bluetooth: MGMT ver 1.23
[  556.212298][T17918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  556.300689][T18016] FAULT_INJECTION: forcing a failure.
[  556.300689][T18016] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  556.350161][T18016] CPU: 1 UID: 0 PID: 18016 Comm: syz.3.3158 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  556.350196][T18016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.350211][T18016] Call Trace:
[  556.350220][T18016]  <TASK>
[  556.350247][T18016]  dump_stack_lvl+0x189/0x250
[  556.350276][T18016]  ? __pfx____ratelimit+0x10/0x10
[  556.350308][T18016]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.350332][T18016]  ? __pfx__printk+0x10/0x10
[  556.350362][T18016]  ? fs_reclaim_acquire+0x7d/0x100
[  556.350396][T18016]  should_fail_ex+0x414/0x560
[  556.350438][T18016]  prepare_alloc_pages+0x213/0x610
[  556.350472][T18016]  __alloc_frozen_pages_noprof+0x123/0x370
[  556.350503][T18016]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  556.350540][T18016]  ? policy_nodemask+0x27c/0x720
[  556.350581][T18016]  alloc_pages_mpol+0x232/0x4a0
[  556.350621][T18016]  vma_alloc_folio_noprof+0xe4/0x200
[  556.350660][T18016]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  556.350709][T18016]  folio_prealloc+0x30/0x180
[  556.350745][T18016]  do_wp_page+0x1231/0x5800
[  556.350802][T18016]  ? __pfx_do_wp_page+0x10/0x10
[  556.350829][T18016]  ? do_raw_spin_lock+0x121/0x290
[  556.350858][T18016]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  556.350896][T18016]  __handle_mm_fault+0x1144/0x5620
[  556.350951][T18016]  ? __pfx___handle_mm_fault+0x10/0x10
[  556.351011][T18016]  ? follow_page_pte+0xe7e/0x14b0
[  556.351054][T18016]  handle_mm_fault+0x40a/0x8e0
[  556.351098][T18016]  __get_user_pages+0x1af4/0x30b0
[  556.351173][T18016]  ? __pfx___get_user_pages+0x10/0x10
[  556.351201][T18016]  ? __gup_longterm_locked+0xbf7/0x15b0
[  556.351232][T18016]  ? down_read_killable+0x1d1/0x350
[  556.351260][T18016]  __gup_longterm_locked+0xd66/0x15b0
[  556.351305][T18016]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  556.351337][T18016]  ? gup_fast_fallback+0x1afc/0x2260
[  556.351371][T18016]  gup_fast_fallback+0x1cd4/0x2260
[  556.351401][T18016]  ? __kernel_text_address+0xd/0x40
[  556.351474][T18016]  ? __pfx_gup_fast_fallback+0x10/0x10
[  556.351504][T18016]  ? kasan_save_track+0x4f/0x80
[  556.351537][T18016]  ? kasan_save_track+0x3e/0x80
[  556.351565][T18016]  ? __kasan_kmalloc+0x93/0xb0
[  556.351594][T18016]  ? sock_kmalloc+0xd6/0x160
[  556.351617][T18016]  ? af_alg_get_rsgl+0x236/0x810
[  556.351646][T18016]  ? skcipher_recvmsg+0x3c0/0x11c0
[  556.351667][T18016]  ? ____sys_recvmsg+0x1c9/0x460
[  556.351688][T18016]  ? ___sys_recvmsg+0x1b5/0x510
[  556.351708][T18016]  ? __x64_sys_recvmsg+0x198/0x260
[  556.351736][T18016]  ? pin_user_pages_fast+0x4d/0xb0
[  556.351769][T18016]  iov_iter_extract_pages+0x35a/0x5e0
[  556.351812][T18016]  extract_iter_to_sg+0xe46/0x24e0
[  556.351857][T18016]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  556.351890][T18016]  ? rcu_is_watching+0x15/0xb0
[  556.351925][T18016]  ? trace_kmalloc+0x1f/0xd0
[  556.351954][T18016]  ? __kmalloc_noprof+0x29b/0x4f0
[  556.351999][T18016]  ? __asan_memset+0x22/0x50
[  556.352030][T18016]  af_alg_get_rsgl+0x436/0x810
[  556.352085][T18016]  skcipher_recvmsg+0x3c0/0x11c0
[  556.352111][T18016]  ? aa_sk_perm+0x81e/0x950
[  556.352152][T18016]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  556.352179][T18016]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  556.352203][T18016]  ? security_socket_recvmsg+0x7e/0x2e0
[  556.352242][T18016]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  556.352264][T18016]  sock_recvmsg+0x229/0x270
[  556.352299][T18016]  ____sys_recvmsg+0x1c9/0x460
[  556.352335][T18016]  ? __pfx_____sys_recvmsg+0x10/0x10
[  556.352378][T18016]  ? import_iovec+0x74/0xa0
[  556.352413][T18016]  ___sys_recvmsg+0x1b5/0x510
[  556.352444][T18016]  ? __pfx____sys_recvmsg+0x10/0x10
[  556.352499][T18016]  ? __fget_files+0x3a0/0x420
[  556.352533][T18016]  __x64_sys_recvmsg+0x198/0x260
[  556.352561][T18016]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  556.352597][T18016]  ? __pfx_ksys_write+0x10/0x10
[  556.352625][T18016]  ? rcu_is_watching+0x15/0xb0
[  556.352665][T18016]  ? do_syscall_64+0xbe/0x3b0
[  556.352703][T18016]  do_syscall_64+0xfa/0x3b0
[  556.352734][T18016]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.352764][T18016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.352787][T18016]  ? clear_bhb_loop+0x60/0xb0
[  556.352814][T18016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.352853][T18016] RIP: 0033:0x7f204cd8eb69
[  556.352873][T18016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.352893][T18016] RSP: 002b:00007f204dc9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  556.352919][T18016] RAX: ffffffffffffffda RBX: 00007f204cfb5fa0 RCX: 00007f204cd8eb69
[  556.352935][T18016] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  556.352950][T18016] RBP: 00007f204dc9b090 R08: 0000000000000000 R09: 0000000000000000
[  556.352977][T18016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  556.352990][T18016] R13: 0000000000000000 R14: 00007f204cfb5fa0 R15: 00007ffd5a686838
[  556.353022][T18016]  </TASK>
[  556.353023][ T5848] Bluetooth: hci5: command tx timeout
[  556.637161][T18026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3159'.
[  556.967257][T18028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3160'.
[  557.158769][T18008] : entered promiscuous mode
[  557.215160][T17965] lo speed is unknown, defaulting to 1000
[  557.234909][T17918] batman_adv: batadv0: Adding interface: batadv_slave_1
[  557.321891][T17918] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  557.327301][ T5848] Bluetooth: hci0: command tx timeout
[  557.544517][T17918] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  557.948757][T18043] netlink: 'syz.0.3162': attribute type 29 has an invalid length.
[  558.020438][T17918] hsr_slave_0: entered promiscuous mode
[  558.050915][T17918] hsr_slave_1: entered promiscuous mode
[  558.084469][T17918] debugfs: 'hsr0' already exists in 'hsr'
[  558.125388][T17918] Cannot create hsr debugfs directory
[  558.666802][ T5848] Bluetooth: hci5: command tx timeout
[  558.676404][T18065] FAULT_INJECTION: forcing a failure.
[  558.676404][T18065] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  558.735359][T18065] CPU: 1 UID: 0 PID: 18065 Comm: syz.1.3168 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  558.735395][T18065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  558.735410][T18065] Call Trace:
[  558.735420][T18065]  <TASK>
[  558.735431][T18065]  dump_stack_lvl+0x189/0x250
[  558.735461][T18065]  ? __pfx____ratelimit+0x10/0x10
[  558.735493][T18065]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.735517][T18065]  ? __pfx__printk+0x10/0x10
[  558.735723][T18065]  ? fs_reclaim_acquire+0x7d/0x100
[  558.735759][T18065]  should_fail_ex+0x414/0x560
[  558.735802][T18065]  prepare_alloc_pages+0x213/0x610
[  558.735836][T18065]  __alloc_frozen_pages_noprof+0x123/0x370
[  558.735868][T18065]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  558.735906][T18065]  ? policy_nodemask+0x27c/0x720
[  558.735947][T18065]  alloc_pages_mpol+0x232/0x4a0
[  558.735988][T18065]  vma_alloc_folio_noprof+0xe4/0x200
[  558.736027][T18065]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  558.736078][T18065]  folio_prealloc+0x30/0x180
[  558.736114][T18065]  do_wp_page+0x1231/0x5800
[  558.736185][T18065]  ? __pfx_do_wp_page+0x10/0x10
[  558.736211][T18065]  ? do_raw_spin_lock+0x121/0x290
[  558.736242][T18065]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  558.736281][T18065]  __handle_mm_fault+0x1144/0x5620
[  558.736336][T18065]  ? __pfx___handle_mm_fault+0x10/0x10
[  558.736388][T18065]  ? follow_page_pte+0xe7e/0x14b0
[  558.736431][T18065]  handle_mm_fault+0x40a/0x8e0
[  558.736476][T18065]  __get_user_pages+0x1af4/0x30b0
[  558.736558][T18065]  ? __pfx___get_user_pages+0x10/0x10
[  558.736600][T18065]  __gup_longterm_locked+0xd66/0x15b0
[  558.736645][T18065]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  558.736678][T18065]  ? gup_fast_fallback+0x1afc/0x2260
[  558.736713][T18065]  gup_fast_fallback+0x1cd4/0x2260
[  558.736743][T18065]  ? __kernel_text_address+0xd/0x40
[  558.736812][T18065]  ? __pfx_gup_fast_fallback+0x10/0x10
[  558.736842][T18065]  ? kasan_save_track+0x4f/0x80
[  558.736871][T18065]  ? kasan_save_track+0x3e/0x80
[  558.736899][T18065]  ? __kasan_kmalloc+0x93/0xb0
[  558.736930][T18065]  ? sock_kmalloc+0xd6/0x160
[  558.736953][T18065]  ? af_alg_get_rsgl+0x236/0x810
[  558.736983][T18065]  ? skcipher_recvmsg+0x3c0/0x11c0
[  558.737004][T18065]  ? ____sys_recvmsg+0x1c9/0x460
[  558.737026][T18065]  ? ___sys_recvmsg+0x1b5/0x510
[  558.737046][T18065]  ? __x64_sys_recvmsg+0x198/0x260
[  558.737075][T18065]  ? pin_user_pages_fast+0x4d/0xb0
[  558.737109][T18065]  iov_iter_extract_pages+0x35a/0x5e0
[  558.737152][T18065]  extract_iter_to_sg+0xe46/0x24e0
[  558.737197][T18065]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  558.737230][T18065]  ? rcu_is_watching+0x15/0xb0
[  558.737266][T18065]  ? trace_kmalloc+0x1f/0xd0
[  558.737295][T18065]  ? __kmalloc_noprof+0x29b/0x4f0
[  558.737335][T18065]  ? __asan_memset+0x22/0x50
[  558.737366][T18065]  af_alg_get_rsgl+0x436/0x810
[  558.737422][T18065]  skcipher_recvmsg+0x3c0/0x11c0
[  558.737450][T18065]  ? aa_sk_perm+0x81e/0x950
[  558.737491][T18065]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  558.737518][T18065]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  558.737576][T18065]  ? security_socket_recvmsg+0x7e/0x2e0
[  558.737598][T18065]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  558.737621][T18065]  sock_recvmsg+0x229/0x270
[  558.737656][T18065]  ____sys_recvmsg+0x1c9/0x460
[  558.737692][T18065]  ? __pfx_____sys_recvmsg+0x10/0x10
[  558.737736][T18065]  ? import_iovec+0x74/0xa0
[  558.737772][T18065]  ___sys_recvmsg+0x1b5/0x510
[  558.737804][T18065]  ? __pfx____sys_recvmsg+0x10/0x10
[  558.737860][T18065]  ? __fget_files+0x3a0/0x420
[  558.737895][T18065]  __x64_sys_recvmsg+0x198/0x260
[  558.737923][T18065]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  558.737959][T18065]  ? __pfx_ksys_write+0x10/0x10
[  558.737989][T18065]  ? rcu_is_watching+0x15/0xb0
[  558.738028][T18065]  ? do_syscall_64+0xbe/0x3b0
[  558.738068][T18065]  do_syscall_64+0xfa/0x3b0
[  558.738100][T18065]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.738131][T18065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.738154][T18065]  ? clear_bhb_loop+0x60/0xb0
[  558.738182][T18065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.738205][T18065] RIP: 0033:0x7fe38738eb69
[  558.738227][T18065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.738247][T18065] RSP: 002b:00007fe38822b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  558.738272][T18065] RAX: ffffffffffffffda RBX: 00007fe3875b5fa0 RCX: 00007fe38738eb69
[  558.738290][T18065] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  558.738304][T18065] RBP: 00007fe38822b090 R08: 0000000000000000 R09: 0000000000000000
[  558.738319][T18065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  558.738333][T18065] R13: 0000000000000000 R14: 00007fe3875b5fa0 R15: 00007fffcc1070f8
[  558.738369][T18065]  </TASK>
[  559.444181][ T5848] Bluetooth: hci0: command tx timeout
[  559.503283][T18068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3169'.
[  559.721507][   T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.828258][T18068] bridge0: entered promiscuous mode
[  559.834885][T18068] bridge0: entered allmulticast mode
[  560.011263][   T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.051930][T18085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3172'.
[  560.131202][T18070] lo speed is unknown, defaulting to 1000
[  560.210863][   T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.359501][   T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.746080][ T5848] Bluetooth: hci5: command tx timeout
[  560.805240][T18070] lo speed is unknown, defaulting to 1000
[  560.864961][T17965] chnl_net:caif_netlink_parms(): no params data found
[  561.495729][T18109] netlink: 'syz.0.3177': attribute type 1 has an invalid length.
[  561.554663][T18109] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3177'.
[  561.572826][T18109] nbd: couldn't find a device at index 393224
[  561.582500][T18112] FAULT_INJECTION: forcing a failure.
[  561.582500][T18112] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  561.644762][T18112] CPU: 1 UID: 0 PID: 18112 Comm: syz.1.3178 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  561.644798][T18112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  561.644813][T18112] Call Trace:
[  561.644823][T18112]  <TASK>
[  561.644835][T18112]  dump_stack_lvl+0x189/0x250
[  561.644864][T18112]  ? __pfx____ratelimit+0x10/0x10
[  561.644898][T18112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  561.644923][T18112]  ? __pfx__printk+0x10/0x10
[  561.644954][T18112]  ? fs_reclaim_acquire+0x7d/0x100
[  561.644989][T18112]  should_fail_ex+0x414/0x560
[  561.645035][T18112]  prepare_alloc_pages+0x213/0x610
[  561.645070][T18112]  __alloc_frozen_pages_noprof+0x123/0x370
[  561.645101][T18112]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  561.645137][T18112]  ? policy_nodemask+0x27c/0x720
[  561.645178][T18112]  alloc_pages_mpol+0x232/0x4a0
[  561.645220][T18112]  vma_alloc_folio_noprof+0xe4/0x200
[  561.645259][T18112]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  561.645310][T18112]  folio_prealloc+0x30/0x180
[  561.645357][T18112]  do_wp_page+0x1231/0x5800
[  561.645415][T18112]  ? __pfx_do_wp_page+0x10/0x10
[  561.645442][T18112]  ? do_raw_spin_lock+0x121/0x290
[  561.645473][T18112]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  561.645512][T18112]  __handle_mm_fault+0x1144/0x5620
[  561.645568][T18112]  ? __pfx___handle_mm_fault+0x10/0x10
[  561.645617][T18112]  ? follow_page_pte+0xe7e/0x14b0
[  561.645660][T18112]  handle_mm_fault+0x40a/0x8e0
[  561.645704][T18112]  __get_user_pages+0x1af4/0x30b0
[  561.645775][T18112]  ? __pfx___get_user_pages+0x10/0x10
[  561.645805][T18112]  ? __gup_longterm_locked+0xbf7/0x15b0
[  561.645836][T18112]  ? down_read_killable+0x1d1/0x350
[  561.645865][T18112]  __gup_longterm_locked+0xd66/0x15b0
[  561.645910][T18112]  ? sanity_check_pinned_pages+0x11cf/0x12c0
[  561.645948][T18112]  ? gup_fast_fallback+0x1afc/0x2260
[  561.645992][T18112]  gup_fast_fallback+0x1cd4/0x2260
[  561.646022][T18112]  ? __kernel_text_address+0xd/0x40
[  561.646092][T18112]  ? __pfx_gup_fast_fallback+0x10/0x10
[  561.646122][T18112]  ? kasan_save_track+0x4f/0x80
[  561.646150][T18112]  ? kasan_save_track+0x3e/0x80
[  561.646177][T18112]  ? __kasan_kmalloc+0x93/0xb0
[  561.646208][T18112]  ? sock_kmalloc+0xd6/0x160
[  561.646230][T18112]  ? af_alg_get_rsgl+0x236/0x810
[  561.646260][T18112]  ? skcipher_recvmsg+0x3c0/0x11c0
[  561.646281][T18112]  ? ____sys_recvmsg+0x1c9/0x460
[  561.646303][T18112]  ? ___sys_recvmsg+0x1b5/0x510
[  561.646324][T18112]  ? __x64_sys_recvmsg+0x198/0x260
[  561.646361][T18112]  ? pin_user_pages_fast+0x4d/0xb0
[  561.646395][T18112]  iov_iter_extract_pages+0x35a/0x5e0
[  561.646438][T18112]  extract_iter_to_sg+0xe46/0x24e0
[  561.646484][T18112]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  561.646512][T18112]  ? sock_kmalloc+0xd6/0x160
[  561.646539][T18112]  ? rcu_is_watching+0x15/0xb0
[  561.646575][T18112]  ? trace_kmalloc+0x1f/0xd0
[  561.646605][T18112]  ? __kmalloc_noprof+0x29b/0x4f0
[  561.646645][T18112]  ? __asan_memset+0x22/0x50
[  561.646676][T18112]  af_alg_get_rsgl+0x436/0x810
[  561.646731][T18112]  skcipher_recvmsg+0x3c0/0x11c0
[  561.646758][T18112]  ? aa_sk_perm+0x81e/0x950
[  561.646799][T18112]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  561.646825][T18112]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  561.646851][T18112]  ? security_socket_recvmsg+0x7e/0x2e0
[  561.646874][T18112]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  561.646896][T18112]  sock_recvmsg+0x229/0x270
[  561.646939][T18112]  ____sys_recvmsg+0x1c9/0x460
[  561.646979][T18112]  ? __pfx_____sys_recvmsg+0x10/0x10
[  561.647029][T18112]  ? import_iovec+0x74/0xa0
[  561.647065][T18112]  ___sys_recvmsg+0x1b5/0x510
[  561.647098][T18112]  ? __pfx____sys_recvmsg+0x10/0x10
[  561.647153][T18112]  ? __fget_files+0x3a0/0x420
[  561.647189][T18112]  __x64_sys_recvmsg+0x198/0x260
[  561.647217][T18112]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  561.647254][T18112]  ? __pfx_ksys_write+0x10/0x10
[  561.647284][T18112]  ? rcu_is_watching+0x15/0xb0
[  561.647325][T18112]  ? do_syscall_64+0xbe/0x3b0
[  561.647372][T18112]  do_syscall_64+0xfa/0x3b0
[  561.647404][T18112]  ? lockdep_hardirqs_on+0x9c/0x150
[  561.647435][T18112]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.647457][T18112]  ? clear_bhb_loop+0x60/0xb0
[  561.647485][T18112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  561.647508][T18112] RIP: 0033:0x7fe38738eb69
[  561.647529][T18112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  561.647549][T18112] RSP: 002b:00007fe38822b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  561.647575][T18112] RAX: ffffffffffffffda RBX: 00007fe3875b5fa0 RCX: 00007fe38738eb69
[  561.647592][T18112] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  561.647667][T18112] RBP: 00007fe38822b090 R08: 0000000000000000 R09: 0000000000000000
[  561.647680][T18112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  561.647691][T18112] R13: 0000000000000000 R14: 00007fe3875b5fa0 R15: 00007fffcc1070f8
[  561.647727][T18112]  </TASK>
[  562.351688][T17965] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.363055][T17965] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.371185][T17965] bridge_slave_0: entered allmulticast mode
[  562.382842][T17965] bridge_slave_0: entered promiscuous mode
[  562.393541][T17965] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.402656][T17965] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.411103][T17965] bridge_slave_1: entered allmulticast mode
[  562.419918][T17965] bridge_slave_1: entered promiscuous mode
[  562.833467][ T5848] Bluetooth: hci5: command tx timeout
[  563.119959][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  563.145988][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  563.173362][   T36] bond0 (unregistering): Released all slaves
[  563.502097][T18127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3182'.
[  563.559270][T17965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  563.576842][T17965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  563.783782][T17965] team0: Port device team_slave_0 added
[  563.827166][T17918] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  564.002032][T17965] team0: Port device team_slave_1 added
[  564.024132][T17918] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  564.267346][T17918] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  564.314824][T17918] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  564.402494][T17965] batman_adv: batadv0: Adding interface: batadv_slave_0
[  564.422172][T17965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.489321][T17965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.532145][  T923] IPVS: starting estimator thread 0...
[  564.575430][T18152] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  564.583480][T18148] syzkaller0: entered promiscuous mode
[  564.619614][T18148] syzkaller0: entered allmulticast mode
[  564.634262][T18161] IPVS: using max 30 ests per chain, 72000 per kthread
[  564.807914][T17965] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.818868][T17965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.855640][T17965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.897577][T18148] tipc: Resetting bearer <eth:syzkaller0>
[  564.924319][T18147] tipc: Resetting bearer <eth:syzkaller0>
[  564.960519][T18147] tipc: Disabling bearer <eth:syzkaller0>
[  564.990445][   T36] hsr_slave_0: left promiscuous mode
[  565.000858][   T36] hsr_slave_1: left promiscuous mode
[  565.010897][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  565.053408][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.078552][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  565.091914][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  565.212920][   T36] veth1_macvtap: left promiscuous mode
[  565.246375][   T36] veth0_macvtap: left promiscuous mode
[  565.274725][   T36] veth1_vlan: left promiscuous mode
[  565.298454][   T36] veth0_vlan: left promiscuous mode
[  566.266838][   T36] team0 (unregistering): Port device team_slave_1 removed
[  566.331463][   T36] team0 (unregistering): Port device team_slave_0 removed
[  567.049333][T18185] netlink: 'syz.3.3190': attribute type 30 has an invalid length.
[  567.299430][T17965] hsr_slave_0: entered promiscuous mode
[  567.320674][T17965] hsr_slave_1: entered promiscuous mode
[  567.331673][T17965] debugfs: 'hsr0' already exists in 'hsr'
[  567.341408][T17965] Cannot create hsr debugfs directory
[  567.798208][T18204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3195'.
[  567.938052][T18206] syzkaller0: left allmulticast mode
[  568.073689][T17918] 8021q: adding VLAN 0 to HW filter on device bond0
[  568.331377][T17918] 8021q: adding VLAN 0 to HW filter on device team0
[  568.408676][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.420327][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  568.481669][T18221] netlink: 'syz.0.3198': attribute type 9 has an invalid length.
[  568.584028][T10346] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.592839][T10346] bridge0: port 2(bridge_slave_1) entered forwarding state
[  568.671032][T17965] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  568.780800][T17965] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  568.816435][T17965] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  568.829260][T18231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3199'.
[  568.884006][T17965] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  569.004013][T17918] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  569.257054][T18248] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3202'.
[  569.295227][T18248] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3202'.
[  569.330408][T18248] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3202'.
[  569.354869][T17965] 8021q: adding VLAN 0 to HW filter on device bond0
[  569.364069][T18248] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3202'.
[  569.444771][T17965] 8021q: adding VLAN 0 to HW filter on device team0
[  569.500019][T18255] netlink: 'syz.0.3204': attribute type 4 has an invalid length.
[  569.521056][T18144] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.529596][T18144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  569.563943][T18255] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3204'.
[  569.587047][T18254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3192'.
[  569.633844][ T9528] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.642980][ T9528] bridge0: port 2(bridge_slave_1) entered forwarding state
[  569.793039][T17918] 8021q: adding VLAN 0 to HW filter on device batadv0
[  569.848377][T17965] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  570.297229][T18272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3208'.
[  570.643586][T17965] 8021q: adding VLAN 0 to HW filter on device batadv0
[  570.654440][T18288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3210'.
[  570.932106][T17918] veth0_vlan: entered promiscuous mode
[  570.959402][T17918] veth1_vlan: entered promiscuous mode
[  571.048150][T18297] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3211'.
[  571.134154][T17918] veth0_macvtap: entered promiscuous mode
[  571.208583][T17918] veth1_macvtap: entered promiscuous mode
[  571.307205][T17918] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.386806][T17918] batman_adv: batadv0: Interface activated: batadv_slave_1
[  571.470070][   T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.504032][   T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.569481][   T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.615171][   T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.688291][T18324] _ÐZ`Ô€@ÿÿ: entered promiscuous mode
[  571.826186][T18326] syzkaller0: entered promiscuous mode
[  571.832772][T18326] syzkaller0: entered allmulticast mode
[  574.641647][ T9534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  574.652749][ T9534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  574.787944][T18360] __nla_validate_parse: 2 callbacks suppressed
[  574.787968][T18360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3222'.
[  574.797717][T10346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  574.807603][T17965] veth0_vlan: entered promiscuous mode
[  574.853601][T10346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  574.865367][T18358] lo speed is unknown, defaulting to 1000
[  574.882696][T17965] veth1_vlan: entered promiscuous mode
[  575.170297][T17965] veth0_macvtap: entered promiscuous mode
[  575.197094][T17965] veth1_macvtap: entered promiscuous mode
[  575.217753][T18358] lo speed is unknown, defaulting to 1000
[  575.264974][T17965] batman_adv: batadv0: Interface activated: batadv_slave_0
[  575.319656][T17965] batman_adv: batadv0: Interface activated: batadv_slave_1
[  575.373013][T18374] netlink: 'syz.1.3226': attribute type 1 has an invalid length.
[  575.390851][T18144] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  575.401569][T18374] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3226'.
[  575.411805][T18374] netlink: 'syz.1.3226': attribute type 2 has an invalid length.
[  575.426824][T18144] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  575.437642][T18374] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3226'.
[  575.591561][T18144] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  575.623376][T18144] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  575.758716][T18380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3227'.
[  575.821969][T18380] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3227'.
[  576.107825][ T9534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  576.155185][ T9534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  576.388986][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  576.412919][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.537703][T18415] netlink: 'syz.1.3240': attribute type 1 has an invalid length.
[  577.575387][T18415] netlink: 180 bytes leftover after parsing attributes in process `syz.1.3240'.
[  577.622542][T18418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3241'.
[  577.903323][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  577.937792][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  577.967576][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  577.987694][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  577.999168][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  578.267781][T18423] lo speed is unknown, defaulting to 1000
[  580.111593][ T5848] Bluetooth: hci1: command tx timeout
[  581.316005][T18423] lo speed is unknown, defaulting to 1000
[  581.542468][T18473] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3256'.
[  581.606089][ T9534] tipc: Resetting bearer <eth:syzkaller0>
[  582.185249][ T5848] Bluetooth: hci1: command tx timeout
[  582.527273][T18508] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3262'.
[  582.894829][ T9534] tipc: Disabling bearer <eth:syzkaller0>
[  582.951569][ T9534] bond1 (unregistering): Released all slaves
[  583.106728][ T9534] bond2 (unregistering): (slave wireguard0): Releasing backup interface
[  583.117250][ T9534] bond2 (unregistering): Released all slaves
[  583.270087][ T9534] bond3 (unregistering): Released all slaves
[  583.431182][ T9534] bond4 (unregistering): Released all slaves
[  583.592620][ T9534] bond5 (unregistering): Released all slaves
[  583.625337][ T9534] smc: removing net device bond0 with user defined pnetid SYZ2
[  583.634375][ T9534] bond0 (unregistering): Released all slaves
[  583.799745][ T9534] bond6 (unregistering): Released all slaves
[  583.816110][ T9534] bond7 (unregistering): Released all slaves
[  584.081577][ T9534] _ÐZ`Ô€@ÿÿ: left promiscuous mode
[  584.265164][ T5848] Bluetooth: hci1: command tx timeout
[  584.386539][ T9534] tipc: Left network mode
[  584.420858][T18527] netlink: 'syz.5.3268': attribute type 29 has an invalid length.
[  584.430763][T18527] netlink: 'syz.5.3268': attribute type 29 has an invalid length.
[  584.457175][T18529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3266'.
[  584.497695][T18423] chnl_net:caif_netlink_parms(): no params data found
[  584.845803][T18540] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3273'.
[  585.543631][T18423] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.589292][T18423] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.635871][T18423] bridge_slave_0: entered allmulticast mode
[  585.664676][T18423] bridge_slave_0: entered promiscuous mode
[  585.824374][T18423] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.839859][T18423] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.863264][T18423] bridge_slave_1: entered allmulticast mode
[  585.897875][T18423] bridge_slave_1: entered promiscuous mode
[  586.312904][T18588] netlink: 'syz.3.3281': attribute type 1 has an invalid length.
[  586.373984][ T5848] Bluetooth: hci1: command tx timeout
[  586.650841][ T9534] hsr_slave_0: left promiscuous mode
[  586.660360][ T9534] hsr_slave_1: left promiscuous mode
[  586.676317][ T9534] batman_adv: batadv0: Removing interface: 
0!

[  586.678076][T18597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3283'.
[  587.087352][T18608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3288'.
[  588.437757][T18423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.496990][T18423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.664139][T18628] netlink: 'syz.4.3291': attribute type 21 has an invalid length.
[  588.789490][T18639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3291'.
[  588.809220][T18423] team0: Port device team_slave_0 added
[  588.836977][T18628] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3291'.
[  588.867647][T18423] team0: Port device team_slave_1 added
[  588.902841][T18641] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3295'.
[  589.053529][T18423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.080689][T18423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.128317][T18423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.197500][T18647] tipc: Started in network mode
[  589.202892][T18647] tipc: Node identity baa1af748ef1, cluster identity 4711
[  589.215468][T18647] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  589.230300][T18423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.258941][T18423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.373196][T18423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.446025][T18647] syzkaller0: entered promiscuous mode
[  589.483229][T18647] syzkaller0: entered allmulticast mode
[  589.506863][T18655] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  589.625799][T18659] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3297'.
[  589.684407][T18661] tipc: Resetting bearer <eth:syzkaller0>
[  589.860924][T18667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3301'.
[  589.894216][T18646] tipc: Resetting bearer <eth:syzkaller0>
[  589.922546][T18646] tipc: Disabling bearer <eth:syzkaller0>
[  589.941987][T18423] hsr_slave_0: entered promiscuous mode
[  589.952670][T18423] hsr_slave_1: entered promiscuous mode
[  589.976908][ T9534] IPVS: stop unused estimator thread 0...
[  590.582863][T18693] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  590.590798][T18693] IPv6: NLM_F_CREATE should be set when creating new route
[  590.598768][T18693] IPv6: NLM_F_CREATE should be set when creating new route
[  590.855858][T18700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  591.204578][T18715] !
: renamed from dummy0 (while UP)
[  591.353167][T18423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  591.394437][T18423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  591.426998][T18423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  591.505289][T18423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  591.518623][T18730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3319'.
[  591.654541][T18746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3319'.
[  591.664803][T18746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3319'.
[  591.709980][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.720525][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.724030][T18732] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  591.757946][T18747] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3322'.
[  591.807005][T18747] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3322'.
[  592.029958][T18423] 8021q: adding VLAN 0 to HW filter on device bond0
[  592.130705][T18423] 8021q: adding VLAN 0 to HW filter on device team0
[  592.179751][ T9530] bridge0: port 1(bridge_slave_0) entered blocking state
[  592.187982][ T9530] bridge0: port 1(bridge_slave_0) entered forwarding state
[  592.250439][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  592.258055][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  592.300490][T18764] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  593.035654][T18778] block nbd3: server does not support multiple connections per device.
[  593.073015][T18778] block nbd3: shutting down sockets
[  593.098900][T18781] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  593.196079][T18423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  593.237219][T18777] block nbd3: server does not support multiple connections per device.
[  593.273010][T18777] block nbd3: shutting down sockets
[  593.396472][T18769] raw_sendmsg: syz.5.3328 forgot to set AF_INET. Fix it!
[  593.407629][T18423] veth0_vlan: entered promiscuous mode
[  593.489563][T18423] veth1_vlan: entered promiscuous mode
[  593.632039][T18423] veth0_macvtap: entered promiscuous mode
[  593.707583][T18423] veth1_macvtap: entered promiscuous mode
[  593.828191][T18423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  593.876950][T18423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  593.923149][T18805] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3337'.
[  593.960034][T10346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  594.055805][T18812] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3337'.
[  594.067116][   T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  594.083098][T18812] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3337'.
[  594.113002][   T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  594.254520][   T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  594.298848][T18808] lo speed is unknown, defaulting to 1000
[  594.617062][T10340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  594.655163][T10340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  594.794945][T10340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  594.855755][T10340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.115841][T18845] batadv_slave_1: entered promiscuous mode
[  595.133252][T18842] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3348'.
[  595.173918][T18845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3231'.
[  595.184086][T18845] bridge_slave_1: left allmulticast mode
[  595.191134][T18845] bridge_slave_1: left promiscuous mode
[  595.198909][T18845] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.213808][T18845] bridge_slave_0: left allmulticast mode
[  595.226310][T18845] bridge_slave_0: left promiscuous mode
[  595.244189][T18845] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.341270][T18844] lo speed is unknown, defaulting to 1000
[  595.343561][T18808] lo speed is unknown, defaulting to 1000
[  595.523480][T18840] batadv_slave_1: left promiscuous mode
[  595.674348][T18849] syzkaller1: entered promiscuous mode
[  595.685353][T18849] syzkaller1: entered allmulticast mode
[  596.008569][T18844] lo speed is unknown, defaulting to 1000
[  596.059240][T18858] netlink: 'syz.3.3354': attribute type 1 has an invalid length.
[  596.095756][T18858] netlink: 184 bytes leftover after parsing attributes in process `syz.3.3354'.
[  596.131363][T18858] netlink: 'syz.3.3354': attribute type 1 has an invalid length.
[  596.184295][T18863] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3355'.
[  596.373738][T18869] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3355'.
[  597.987569][T18915] Bluetooth: MGMT ver 1.23
[  598.374876][T18929] __nla_validate_parse: 1 callbacks suppressed
[  598.374899][T18929] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3372'.
[  598.432374][T18933] netlink: 47 bytes leftover after parsing attributes in process `syz.5.3374'.
[  599.051841][T18963] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3382'.
[  599.267910][T18969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3384'.
[  599.277384][T18969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3384'.
[  599.295145][T18969] netlink: 'syz.0.3384': attribute type 18 has an invalid length.
[  599.351438][T18969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3384'.
[  599.362643][T18144] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  599.382979][T18969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3384'.
[  599.407912][ T9530] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  599.417658][ T9530] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  599.431731][T18969] netlink: 'syz.0.3384': attribute type 18 has an invalid length.
[  599.448112][ T9530] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  599.505358][T18976] netlink: 'syz.4.3386': attribute type 13 has an invalid length.
[  599.640475][T18983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3389'.
[  599.859162][T18989] pimreg: entered allmulticast mode
[  599.914807][T18989] pimreg: left allmulticast mode
[  600.284229][T19000] atomic_op ffff88804d8bd998 conn xmit_atomic 0000000000000000
[  600.415692][T19005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3396'.
[  600.750752][T19019] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3400'.
[  600.794830][T19023] netlink: 'syz.5.3399': attribute type 2 has an invalid length.
[  601.371360][T19019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  601.398881][T19019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  601.427940][T19019] bond0 (unregistering): Released all slaves
[  601.804069][ T5906] hid-generic 0005:0000:0002.0003: unknown main item tag 0x0
[  601.826702][ T5906] hid-generic 0005:0000:0002.0003: unknown main item tag 0x0
[  601.869180][ T5906] hid-generic 0005:0000:0002.0003: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  602.198442][T19069] netlink: 'syz.0.3409': attribute type 1 has an invalid length.
[  602.261368][T19075] IPVS: set_ctl: invalid protocol: 8 172.30.0.1:20002
[  602.326275][T19072] tipc: Started in network mode
[  602.355324][T19072] tipc: Node identity f6f8c01c356a, cluster identity 4711
[  602.387136][T19072] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  602.442307][T19078] syzkaller0: entered promiscuous mode
[  602.456369][T19078] syzkaller0: entered allmulticast mode
[  602.587335][T19072] tipc: Resetting bearer <eth:syzkaller0>
[  602.710968][T19071] tipc: Resetting bearer <eth:syzkaller0>
[  602.830004][T19071] tipc: Disabling bearer <eth:syzkaller0>
[  602.979861][T19100] netlink: 'syz.5.3416': attribute type 12 has an invalid length.
[  603.021100][T19100] netlink: 'syz.5.3416': attribute type 29 has an invalid length.
[  603.047808][T19101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  603.192422][T19107] ip6gretap0: entered promiscuous mode
[  603.212865][T19107] vlan2: entered promiscuous mode
[  603.290194][ T5957] IPVS: starting estimator thread 0...
[  603.405503][T19115] IPVS: using max 26 ests per chain, 62400 per kthread
[  603.432871][T19119] __nla_validate_parse: 5 callbacks suppressed
[  603.432894][T19119] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3423'.
[  603.466141][T19119] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3423'.
[  603.885239][ T7543] IPVS: starting estimator thread 0...
[  604.005685][T19135] IPVS: using max 30 ests per chain, 72000 per kthread
[  605.003740][T19160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3433'.
[  605.318968][T19175] veth3: entered promiscuous mode
[  605.349617][T19175] bond0: (slave veth3): Enslaving as an active interface with an up link
[  605.428557][T19180] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3438'.
[  606.418174][T19224] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3449'.
[  606.728112][T19234] netlink: 'syz.0.3451': attribute type 1 has an invalid length.
[  606.824010][T19237] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3452'.
[  606.859481][T19234] 8021q: adding VLAN 0 to HW filter on device bond1
[  607.182325][T19250] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  607.477483][T19260] netlink: 'syz.0.3456': attribute type 1 has an invalid length.
[  607.571843][T19258] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3456'.
[  607.979415][T19284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3462'.
[  608.048122][T19290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3465'.
[  608.055309][T19284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3462'.
[  608.236512][T19291] netlink: 'syz.3.3466': attribute type 8 has an invalid length.
[  608.304571][T19296] openvswitch: netlink: IPv4 tun info is not correct
[  608.474667][T19295] 8021q: adding VLAN 0 to HW filter on device bond1
[  608.502898][T19295] bond0: (slave bond1): Enslaving as an active interface with an up link
[  608.614367][T19313] __nla_validate_parse: 1 callbacks suppressed
[  608.614388][T19313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3471'.
[  608.713904][T19303] netlink: 'syz.4.3469': attribute type 29 has an invalid length.
[  608.791533][T19311] netlink: 'syz.4.3469': attribute type 29 has an invalid length.
[  608.809666][T19307] lo speed is unknown, defaulting to 1000
[  609.002247][T19323] 8021q: adding VLAN 0 to HW filter on device bond1
[  609.067055][T19323] bond0: (slave bond1): Enslaving as an active interface with an up link
[  609.576811][T19339] syzkaller1: entered promiscuous mode
[  609.583091][T19339] syzkaller1: entered allmulticast mode
[  609.632086][T19307] lo speed is unknown, defaulting to 1000
[  609.671565][T19350] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3479'.
[  609.703513][T19350] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3479'.
[  609.750476][T19350] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3479'.
[  609.780258][T19355] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3482'.
[  609.924859][T19361] netlink: 'syz.1.3484': attribute type 7 has an invalid length.
[  609.934373][T19361] netlink: 'syz.1.3484': attribute type 8 has an invalid length.
[  610.279630][T19374] netlink: 'syz.1.3489': attribute type 1 has an invalid length.
[  610.315598][T19374] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.3489'.
[  610.374206][T19374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3489'.
[  610.412778][T19377] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3490'.
[  610.666566][T19385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3492'.
[  610.856700][T19399] netlink: 'syz.1.3496': attribute type 1 has an invalid length.
[  610.952544][T19391] bridge0: entered allmulticast mode
[  611.054725][T19399] bond0: (slave gretap2): making interface the new active one
[  611.068159][T19399] bond0: (slave gretap2): Enslaving as an active interface with an up link
[  611.114585][T19403] vlan2: entered allmulticast mode
[  611.129867][T19403] bond0: entered allmulticast mode
[  611.139237][T19403] gretap2: entered allmulticast mode
[  611.153840][T19403] bond0: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  611.416126][T19420] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  611.644782][T19429] netlink: 'syz.1.3504': attribute type 39 has an invalid length.
[  611.702652][T19434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3506'.
[  611.972657][T19446] lo speed is unknown, defaulting to 1000
[  612.436450][T19460] syzkaller1: entered promiscuous mode
[  612.466601][T19460] syzkaller1: entered allmulticast mode
[  612.584944][T19468] geneve1: entered promiscuous mode
[  612.594472][T19468] geneve1: entered allmulticast mode
[  612.900440][T19478] netlink: 'syz.5.3517': attribute type 30 has an invalid length.
[  613.279343][T19482] !
: renamed from dummy0 (while UP)
[  613.283376][T19478] netlink: 'syz.5.3517': attribute type 30 has an invalid length.
[  613.346357][ T9528] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  613.370392][ T9528] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  613.395492][ T9528] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  613.395500][T19446] lo speed is unknown, defaulting to 1000
[  613.414429][T19475] rdma_rxe: rxe_newlink: failed to add lo
[  613.528832][ T9528] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  613.786541][T19514] sctp: [Deprecated]: syz.1.3523 (pid 19514) Use of struct sctp_assoc_value in delayed_ack socket option.
[  613.786541][T19514] Use struct sctp_sack_info instead
[  614.343334][T19530] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  614.463641][T19534] __nla_validate_parse: 5 callbacks suppressed
[  614.463664][T19534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3527'.
[  614.714935][T19540] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  614.840175][T19549] syzkaller1: entered promiscuous mode
[  614.856731][T19549] syzkaller1: entered allmulticast mode
[  614.933021][T19554] netlink: 'syz.5.3532': attribute type 1 has an invalid length.
[  615.004805][T19558] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3532'.
[  615.090105][T19561] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3532'.
[  615.230030][T19554] 8021q: adding VLAN 0 to HW filter on device bond2
[  615.462531][T19569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  615.647891][T19581] netlink: 'syz.3.3537': attribute type 39 has an invalid length.
[  615.936441][T19592] rdma_rxe: rxe_newlink: failed to add veth1_to_bond
[  616.179736][T19596] siw: device registration error -23
[  616.203114][T19599] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3543'.
[  616.218315][T19599] veth1: entered promiscuous mode
[  616.245924][T19599] netlink: 'syz.5.3543': attribute type 1 has an invalid length.
[  616.282697][T19599] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3543'.
[  616.345719][T19599] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  616.447491][T19601] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  616.860913][T19619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3546'.
[  617.039003][T19629] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3552'.
[  617.114376][T19629] netlink: 'syz.1.3552': attribute type 3 has an invalid length.
[  617.293461][T19641] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  617.354436][T19646] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3557'.
[  617.372393][T19647] syzkaller0: entered promiscuous mode
[  617.387609][T19647] syzkaller0: entered allmulticast mode
[  617.447562][T19641] tipc: Resetting bearer <eth:syzkaller0>
[  617.504818][T19640] tipc: Resetting bearer <eth:syzkaller0>
[  617.587976][T19640] tipc: Disabling bearer <eth:syzkaller0>
[  617.594435][T19654] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3558'.
[  617.830331][T19664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3560'.
[  618.054573][T19670] batadv_slave_1: entered promiscuous mode
[  618.230103][T19668] batadv_slave_1: left promiscuous mode
[  619.931870][T19731] __nla_validate_parse: 7 callbacks suppressed
[  619.931896][T19731] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3578'.
[  620.320457][T19754] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3583'.
[  620.353978][T19756] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3582'.
[  620.505292][T19766] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  620.627663][T19766] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3585'.
[  620.903783][T19779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3589'.
[  620.948454][T19782] netlink: 248 bytes leftover after parsing attributes in process `syz.3.3590'.
[  620.963258][T19783] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3591'.
[  621.349655][T19782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  621.573173][T19805] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3594'.
[  621.622234][T19805] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.631644][T19805] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.799448][T19811] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3596'.
[  621.830469][T19811] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3596'.
[  621.869611][ T5843] Bluetooth: hci3: command 0x0406 tx timeout
[  622.370417][T19833] syzkaller1: entered promiscuous mode
[  622.404378][T19833] syzkaller1: entered allmulticast mode
[  623.146466][T19879] netlink: 'syz.1.3613': attribute type 15 has an invalid length.
[  623.522945][T19897] netlink: zone id is out of range
[  623.549187][T19897] netlink: zone id is out of range
[  623.565725][T19897] netlink: zone id is out of range
[  623.576707][T19897] netlink: zone id is out of range
[  623.584380][T19897] netlink: zone id is out of range
[  623.594918][T19897] netlink: zone id is out of range
[  623.637811][T19897] netlink: zone id is out of range
[  623.648813][T19897] netlink: zone id is out of range
[  623.683622][T19897] netlink: zone id is out of range
[  623.986423][T19921] netlink: 'syz.0.3627': attribute type 21 has an invalid length.
[  624.367941][T19931] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  624.412115][T19931] syzkaller0: entered promiscuous mode
[  624.432461][T19931] syzkaller0: entered allmulticast mode
[  624.684067][T19938] tipc: Resetting bearer <eth:syzkaller0>
[  624.708172][T19930] tipc: Resetting bearer <eth:syzkaller0>
[  624.767617][T19930] tipc: Disabling bearer <eth:syzkaller0>
[  624.789971][T19946] netlink: 'syz.3.3631': attribute type 15 has an invalid length.
[  627.467963][T19945] netlink: 'syz.4.3632': attribute type 41 has an invalid length.
[  627.863423][T19978] lo speed is unknown, defaulting to 1000
[  628.075077][T19988] __nla_validate_parse: 13 callbacks suppressed
[  628.075100][T19988] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3643'.
[  628.075507][T19990] netlink: 'syz.5.3642': attribute type 4 has an invalid length.
[  628.165684][T19990] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3642'.
[  628.227514][T19990] Ã: renamed from bond0 (while UP)
[  629.023202][T20020] netlink: 'syz.4.3649': attribute type 29 has an invalid length.
[  630.043496][T19978] lo speed is unknown, defaulting to 1000
[  630.074427][T20046] lo speed is unknown, defaulting to 1000
[  631.019258][T20046] lo speed is unknown, defaulting to 1000
[  631.040874][T20075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3660'.
[  631.066151][ T5848] Bluetooth: hci1: command tx timeout
[  631.148451][T20078] netlink: 5636 bytes leftover after parsing attributes in process `syz.4.3661'.
[  631.225796][T20079] bridge1: entered promiscuous mode
[  631.232154][T20079] bridge1: entered allmulticast mode
[  631.585916][T20089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3663'.
[  632.051699][T20107] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3666'.
[  632.224917][T20116] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3668'.
[  632.252568][T20109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3667'.
[  632.439061][T20119] netlink: 'syz.4.3669': attribute type 22 has an invalid length.
[  632.477294][T20119] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3669'.
[  632.552127][T20119] lo speed is unknown, defaulting to 1000
[  632.988161][T20132] block nbd3: server does not support multiple connections per device.
[  633.023819][T20132] block nbd3: shutting down sockets
[  633.092124][T20148] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3678'.
[  633.291253][T20119] lo speed is unknown, defaulting to 1000
[  633.378594][T20154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3679'.
[  634.022035][T20177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3686'.
[  634.174360][T20177] dummy0: entered promiscuous mode
[  634.181445][T20177] macvtap1: entered promiscuous mode
[  634.188192][T20177] macvtap1: entered allmulticast mode
[  634.204437][T20177] dummy0: entered allmulticast mode
[  634.302099][T20182] dummy0: left allmulticast mode
[  634.320160][T20182] dummy0: left promiscuous mode
[  635.559706][T20249] unknown channel width for channel at 909000KHz?
[  635.580435][T20250] net_ratelimit: 29 callbacks suppressed
[  635.580459][T20250] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  635.748361][T20261] tipc: Started in network mode
[  635.754264][T20261] tipc: Node identity c, cluster identity 4711
[  635.761939][T20261] tipc: Node number set to 12
[  635.915391][T20255] lo speed is unknown, defaulting to 1000
[  635.921039][T20267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3710'.
[  635.971920][T20267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3710'.
[  635.993748][T20263] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3709'.
[  636.021749][T20267] erspan0: entered promiscuous mode
[  636.060777][T20267] erspan0: left promiscuous mode
[  636.263983][T20280] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.272849][T20280] bridge0: port 2(bridge_slave_1) entered listening state
[  636.281808][T20280] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.291108][T20280] bridge0: port 1(bridge_slave_0) entered listening state
[  636.342322][T20280] 8021q: adding VLAN 0 to HW filter on device Ã
[  636.379066][T20280] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  636.682893][T20255] lo speed is unknown, defaulting to 1000
[  636.688773][T20296] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3719'.
[  636.824336][T20296] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  636.834323][T20302] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  636.885808][T20303] syzkaller0: entered promiscuous mode
[  636.892222][T20303] syzkaller0: entered allmulticast mode
[  637.060722][T20315] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3723'.
[  637.089282][T20296] tipc: Resetting bearer <eth:syzkaller0>
[  637.187144][T20293] tipc: Resetting bearer <eth:syzkaller0>
[  637.320954][T20293] tipc: Disabling bearer <eth:syzkaller0>
[  637.358112][T20322] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3726'.
[  637.424231][T20325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3727'.
[  637.469978][T20325] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  637.529964][T20325] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7)
[  638.129072][T20340] __nla_validate_parse: 2 callbacks suppressed
[  638.129098][T20340] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3732'.
[  638.385511][T20345] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3732'.
[  638.573851][T20347] netlink: 'syz.1.3735': attribute type 7 has an invalid length.
[  638.616537][T20347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3735'.
[  638.738943][T20349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3734'.
[  639.318396][T20374] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3741'.
[  639.340631][T20353] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3736'.
[  639.353403][T20374] gretap0: entered promiscuous mode
[  639.375379][T20383] netlink: 'syz.5.3742': attribute type 1 has an invalid length.
[  639.375387][T20373] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3741'.
[  639.392322][T20373] 0ªî{X¹¦: renamed from gretap0
[  639.422730][T20353] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3736'.
[  639.424445][T20373] 0ªî{X¹¦: left promiscuous mode
[  639.432099][T20383] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3742'.
[  639.459943][T20383] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3742'.
[  639.481083][T20373] 0ªî{X¹¦: entered allmulticast mode
[  639.512698][T20373] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  639.541022][T20385] bridge0: port 1(gretap0) entered blocking state
[  639.551239][T20385] bridge0: port 1(gretap0) entered disabled state
[  639.578386][T20385] gretap0: entered allmulticast mode
[  639.589667][T20385] gretap0: entered promiscuous mode
[  639.599218][T20385] bridge0: port 1(gretap0) entered blocking state
[  639.606234][T20385] bridge0: port 1(gretap0) entered forwarding state
[  639.736157][T10340] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  639.768141][T10340] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  639.805422][T10340] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  639.853968][T10340] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  640.225956][T20415] netlink: 'syz.3.3752': attribute type 1 has an invalid length.
[  640.322282][T20419] sctp: [Deprecated]: syz.4.3753 (pid 20419) Use of int in max_burst socket option.
[  640.322282][T20419] Use struct sctp_assoc_value instead
[  640.656522][T20429] can: request_module (can-proto-5) failed.
[  640.955323][T20446] netlink: 'syz.0.3762': attribute type 10 has an invalid length.
[  640.994875][T20446] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  641.008509][T20445] mac80211_hwsim hwsim24 wlan1: left allmulticast mode
[  641.011179][T20444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  641.194197][T20461] pim6reg1: entered promiscuous mode
[  641.230381][T20461] pim6reg1: entered allmulticast mode
[  642.690235][T20524] netlink: 'syz.5.3787': attribute type 1 has an invalid length.
[  642.757296][T20524] netlink: 'syz.5.3787': attribute type 1 has an invalid length.
[  642.989964][T20534] netlink: 'syz.0.3788': attribute type 3 has an invalid length.
[  643.029550][T20534] netlink: 'syz.0.3788': attribute type 3 has an invalid length.
[  643.352191][T20546] __nla_validate_parse: 6 callbacks suppressed
[  643.352212][T20546] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3793'.
[  643.724675][T20556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3796'.
[  644.371046][T20569] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3801'.
[  644.527621][T20577] netlink: 'syz.0.3803': attribute type 1 has an invalid length.
[  644.726796][T20581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3804'.
[  644.764931][T20583] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3803'.
[  644.866854][T20580] 8021q: adding VLAN 0 to HW filter on device bond3
[  644.916356][T20580] bond2: (slave bond3): making interface the new active one
[  644.968338][T20580] bond2: (slave bond3): Enslaving as an active interface with an up link
[  645.090294][T20577] bond2: (slave gretap1): Enslaving as a backup interface with an up link
[  645.164672][T20583] 8021q: adding VLAN 0 to HW filter on device bond2
[  645.317305][T20601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3808'.
[  645.344094][T20601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3808'.
[  645.382108][T20601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3808'.
[  645.407605][ T5843] Bluetooth: hci1: command 0x0405 tx timeout
[  645.428788][T20602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3808'.
[  645.575597][T20604] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3809'.
[  645.849431][T20615] batadv1: entered promiscuous mode
[  645.882342][T20615] batadv1: entered allmulticast mode
[  646.002767][T20620] syzkaller1: tun_chr_ioctl cmd 1074025673
[  646.884553][T20636] IPVS: Error connecting to the multicast addr
[  648.116878][T20680] netlink: 'syz.5.3828': attribute type 1 has an invalid length.
[  648.439903][T20680] 8021q: adding VLAN 0 to HW filter on device bond0
[  649.429444][T20726] __nla_validate_parse: 4 callbacks suppressed
[  649.429468][T20726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3838'.
[  650.743401][T20760] macsec1: entered promiscuous mode
[  650.833313][T20761] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.3844'.
[  650.872198][T20765] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3848'.
[  650.904520][ T5848] Bluetooth: hci1: link tx timeout
[  650.912893][ T5848] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  650.924817][ T5848] Bluetooth: hci1: link tx timeout
[  650.930972][ T5848] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  650.942426][ T5848] Bluetooth: hci1: link tx timeout
[  650.950380][ T5848] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  650.959339][ T5848] Bluetooth: hci1: link tx timeout
[  650.966188][ T5848] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  651.034540][T20774] netlink: 'syz.3.3849': attribute type 1 has an invalid length.
[  651.191708][T20774] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  651.383102][T20782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3851'.
[  651.421699][T20780] lo speed is unknown, defaulting to 1000
[  652.080692][T20813] bridge_slave_0: mtu less than device minimum
[  652.992295][ T5848] Bluetooth: hci1: command 0x0405 tx timeout
[  652.996942][T20836] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3863'.
[  653.087178][T20836] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3863'.
[  653.090789][T20794] lo speed is unknown, defaulting to 1000
[  653.182776][T20780] lo speed is unknown, defaulting to 1000
[  653.561874][T20854] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  653.581006][T20850] syzkaller0: entered promiscuous mode
[  653.590350][T20850] syzkaller0: entered allmulticast mode
[  653.681872][T20850] tipc: Resetting bearer <eth:syzkaller0>
[  653.725560][T20794] lo speed is unknown, defaulting to 1000
[  653.734045][T20857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3870'.
[  653.754848][T20848] tipc: Resetting bearer <eth:syzkaller0>
[  653.832789][T20848] tipc: Disabling bearer <eth:syzkaller0>
[  653.903434][T20861] netlink: 'syz.5.3871': attribute type 1 has an invalid length.
[  654.153046][T20872] netlink: 'syz.5.3871': attribute type 11 has an invalid length.
[  654.310461][T20861] 8021q: adding VLAN 0 to HW filter on device bond3
[  654.472535][T20865] veth3: entered promiscuous mode
[  654.499245][T20865] bond3: (slave veth3): Enslaving as an active interface with a down link
[  654.761594][T20885] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3874'.
[  654.886485][T20891] netlink: 'syz.4.3874': attribute type 2 has an invalid length.
[  655.271030][T20896] lo speed is unknown, defaulting to 1000
[  655.295220][T20906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3879'.
[  655.458986][T20908] IPv6: Can't replace route, no match found
[  655.479254][T20907] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3880'.
[  655.627423][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.736415][T20919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3884'.
[  656.151823][T20932] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.159905][T20932] bridge0: port 1(bridge_slave_0) entered forwarding state
[  656.239252][T20937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3886'.
[  656.356146][T20938] tipc: Enabled bearer <eth:macvtap0>, priority 10
[  656.398182][T20942] netlink: 'syz.4.3890': attribute type 21 has an invalid length.
[  656.412778][T20896] lo speed is unknown, defaulting to 1000
[  656.432924][T20942] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3890'.
[  656.900757][T20950] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3892'.
[  656.965341][T20950] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  657.074392][T20963] netlink: 35 bytes leftover after parsing attributes in process `syz.5.3895'.
[  657.218520][T20950] batman_adv: batadv0: Removing interface: batadv_slave_1
[  657.418017][T20971] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3896'.
[  657.707203][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  657.843821][T20975] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  657.965927][T20977] netlink: 140 bytes leftover after parsing attributes in process `syz.1.3898'.
[  658.089673][T20977] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  658.319227][T20984] syzkaller0: entered promiscuous mode
[  658.326717][T20984] syzkaller0: entered allmulticast mode
[  658.334430][T20984] tipc: Resetting bearer <eth:syzkaller0>
[  658.396210][T21003] netlink: 'syz.4.3904': attribute type 1 has an invalid length.
[  658.487887][T20976] tipc: Resetting bearer <eth:syzkaller0>
[  658.933060][T16686] IPVS: starting estimator thread 0...
[  659.085131][T21024] IPVS: using max 28 ests per chain, 67200 per kthread
[  662.063917][T20976] tipc: Disabling bearer <eth:syzkaller0>
[  662.100587][T21034] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  662.197675][T21021] lo speed is unknown, defaulting to 1000
[  662.726954][T21081] pim6reg: entered allmulticast mode
[  662.759209][T21085] pim6reg: left allmulticast mode
[  663.015709][T21021] lo speed is unknown, defaulting to 1000
[  663.150264][T21093] batadv_slave_1: entered promiscuous mode
[  663.205917][T21093] __nla_validate_parse: 3 callbacks suppressed
[  663.205941][T21093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3924'.
[  663.361903][T21093] bridge_slave_1: left allmulticast mode
[  663.370082][T21093] bridge_slave_1: left promiscuous mode
[  663.376716][T21093] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.408608][T21093] bridge_slave_0: left allmulticast mode
[  663.415716][T21093] bridge_slave_0: left promiscuous mode
[  663.421968][T21093] bridge0: port 1(bridge_slave_0) entered disabled state
[  663.573460][T21114] netlink: 'syz.0.3925': attribute type 5 has an invalid length.
[  663.787213][T21092] batadv_slave_1: left promiscuous mode
[  664.119920][T21127] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3932'.
[  664.147462][T21127] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3932'.
[  664.166959][T21127] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3932'.
[  664.178053][T21126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3930'.
[  664.217812][T21126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3930'.
[  665.183972][T21170] netlink: 'syz.0.3944': attribute type 20 has an invalid length.
[  665.603475][T21191] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  665.771531][T21199] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3956'.
[  665.803558][T21202] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3957'.
[  665.822080][T21202] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3957'.
[  665.840057][T21199] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3956'.
[  665.901442][T21207] macvlan2: entered promiscuous mode
[  665.916501][T21207] macvlan2: entered allmulticast mode
[  665.924575][T21207] bond3: (slave macvlan2): Opening slave failed
[  665.980126][T21199] bridge0: port 1(veth0_to_bond) entered blocking state
[  666.034131][T21199] bridge0: port 1(veth0_to_bond) entered disabled state
[  666.059746][T21199] veth0_to_bond: entered allmulticast mode
[  666.114505][T21199] veth0_to_bond: entered promiscuous mode
[  666.138017][T21208] vlan3: entered allmulticast mode
[  666.147910][T21208] veth1: entered allmulticast mode
[  667.130948][T21243] netlink: 'syz.1.3969': attribute type 10 has an invalid length.
[  667.167706][T21243] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  667.210423][T21243] netlink: 'syz.1.3969': attribute type 5 has an invalid length.
[  667.250980][T21243] netlink: 'syz.1.3969': attribute type 5 has an invalid length.
[  667.967467][T21260] netlink: 'syz.5.3975': attribute type 23 has an invalid length.
[  668.036640][T21264] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  668.154516][T21266] IPVS: set_ctl: invalid protocol: 135 172.20.20.187:20001
[  668.622633][T21287] __nla_validate_parse: 4 callbacks suppressed
[  668.622656][T21287] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3983'.
[  668.738169][T21290] lo speed is unknown, defaulting to 1000
[  669.109754][T21308] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3990'.
[  669.213128][T21315] netlink: 'syz.0.3991': attribute type 32 has an invalid length.
[  669.222193][T21311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3989'.
[  669.236714][T21315] IPv6: Can't replace route, no match found
[  669.274941][T21311] bridge_slave_1: left allmulticast mode
[  669.282364][T21311] bridge_slave_1: left promiscuous mode
[  669.309250][T21311] bridge0: port 2(bridge_slave_1) entered disabled state
[  669.446360][T21311] bridge_slave_0: left allmulticast mode
[  669.452168][T21311] bridge_slave_0: left promiscuous mode
[  669.474723][T21311] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.906554][T21332] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3996'.
[  670.102735][T21290] lo speed is unknown, defaulting to 1000
[  671.635396][T21338] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  672.198137][T21338] tipc: Resetting bearer <eth:macvtap0>
[  672.256697][T21338] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  672.321287][T21338] gretap1: left promiscuous mode
[  672.478132][   T36] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  672.517288][   T36] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  672.555194][   T36] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  672.607666][   T36] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  672.637377][T21381] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  672.872430][T21380] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4005'.
[  672.895666][T21380] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4005'.
[  672.909847][T21388] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4008'.
[  672.952544][T21388] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4008'.
[  672.970692][   T36] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  673.026135][   T36] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  673.049423][   T36] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  673.075379][   T36] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  673.106104][T21378] lo speed is unknown, defaulting to 1000
[  673.256470][T21398] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4010'.
[  673.275942][T21398] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4010'.
[  673.430342][T21400] netlink: 'syz.0.4012': attribute type 74 has an invalid length.
[  673.763405][T21391] lo speed is unknown, defaulting to 1000
[  673.854167][T21378] lo speed is unknown, defaulting to 1000
[  674.341529][T21391] lo speed is unknown, defaulting to 1000
[  674.866309][T21429] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4018'.
[  674.894336][T21428] netlink: 248 bytes leftover after parsing attributes in process `syz.3.4019'.
[  675.098929][T21438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4019'.
[  675.332629][T21429] lo speed is unknown, defaulting to 1000
[  675.753986][T21429] lo speed is unknown, defaulting to 1000
[  676.105964][T21462] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  676.915189][T21491] netlink: 'syz.1.4035': attribute type 11 has an invalid length.
[  677.429343][T21504] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4038'.
[  677.468493][T21504] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4038'.
[  677.575331][T21507] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  678.187893][T21463] Bluetooth: hci5: command 0x0406 tx timeout
[  678.924189][T21528] lo speed is unknown, defaulting to 1000
[  679.106459][T21538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4045'.
[  679.185686][T21542] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  679.198193][T21542] syzkaller0: entered promiscuous mode
[  679.204277][T21542] syzkaller0: entered allmulticast mode
[  679.247741][T21540] netlink: 212172 bytes leftover after parsing attributes in process `syz.0.4046'.
[  679.294205][T21542] tipc: Resetting bearer <eth:syzkaller0>
[  679.313976][T21541] tipc: Resetting bearer <eth:syzkaller0>
[  679.404876][T21541] tipc: Disabling bearer <eth:syzkaller0>
[  679.563873][T21528] lo speed is unknown, defaulting to 1000
[  679.892889][T21564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4052'.
[  679.903344][T21564] sch_tbf: burst 6 is lower than device team_slave_0 mtu (1514) !
[  680.166283][T21571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4055'.
[  680.282189][T21571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4055'.
[  680.459812][T21573] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4056'.
[  680.702602][T21583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4059'.
[  681.031833][T21594] netlink: 'syz.3.4062': attribute type 9 has an invalid length.
[  681.995483][T21616] netlink: 896 bytes leftover after parsing attributes in process `syz.1.4068'.
[  683.831205][T21675] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4083'.
[  683.849016][T21674] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4083'.
[  684.910926][T21698] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4088'.
[  685.093889][T21508] Set syz1 is full, maxelem 65536 reached
[  685.153837][T21713] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4092'.
[  685.230552][T21716] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4093'.
[  685.284078][T21719] netlink: 'syz.5.4094': attribute type 1 has an invalid length.
[  685.307317][T21719] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4094'.
[  685.348058][T21709] netlink: 'syz.4.4091': attribute type 1 has an invalid length.
[  685.635354][T21738] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4100'.
[  685.971744][T21746] netlink: 'syz.3.4102': attribute type 1 has an invalid length.
[  685.977924][T21747] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4102'.
[  686.828556][T18144] bond0 (unregistering): (slave gretap1): Releasing active interface
[  686.991988][T18144] smc: removing net device bond0 with user defined pnetid SYZ2
[  687.001927][T18144] bond0 (unregistering): Released all slaves
[  687.022519][T18144] bond1 (unregistering): Released all slaves
[  687.041907][T18144] bond2 (unregistering): Released all slaves
[  687.064552][T18144] bond3 (unregistering): Released all slaves
[  687.087500][T18144] bond4 (unregistering): Released all slaves
[  687.247921][T18144] bond5 (unregistering): Released all slaves
[  687.323396][T21765] pim6reg: entered allmulticast mode
[  687.410790][T21765] pim6reg: left allmulticast mode
[  687.567221][T18144] : left promiscuous mode
[  687.676180][T18144] tipc: Disabling bearer <udp:syz2>
[  687.706638][T18144] tipc: Left network mode
[  687.990674][T21791] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.4117'.
[  688.056256][T21796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4116'.
[  688.152401][T18144] batman_adv: batadv0: Removing interface: macvtap1
[  688.213882][T21808] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  688.224577][T21803] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4119'.
[  688.248981][T21803] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4119'.
[  688.875167][T18144] hsr_slave_0: left promiscuous mode
[  688.881502][T18144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  688.912665][T18144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  688.977611][T18144] pim6reg (unregistering): left allmulticast mode
[  689.033568][T21830] sctp: [Deprecated]: syz.1.4128 (pid 21830) Use of int in maxseg socket option.
[  689.033568][T21830] Use struct sctp_assoc_value instead
[  689.120277][T21830] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  690.392180][T18144] team0 (unregistering): Port device team_slave_1 removed
[  690.463616][T18144] team0 (unregistering): Port device team_slave_0 removed
[  690.720372][T21854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4134'.
[  691.005481][T21463] Bluetooth: hci1: command 0x0405 tx timeout
[  691.242928][T21825] netlink: 1 bytes leftover after parsing attributes in process `syz.3.4125'.
[  691.491501][T21872] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4136'.
[  691.699278][T21879] netlink: 'syz.0.4138': attribute type 33 has an invalid length.
[  691.738986][T21879] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4138'.
[  691.743392][T21882] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4141'.
[  691.767910][T21879] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0)
[  691.829385][ T9528] bond0: (slave wlan1): link status definitely down, disabling slave
[  692.093461][T21892] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  692.178341][T21891] tipc: Disabling bearer <eth:syzkaller0>
[  692.265084][T18144] IPVS: stop unused estimator thread 0...
[  692.489187][T21907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4148'.
[  692.536254][T21909] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4149'.
[  692.547021][T21909] netlink: 108 bytes leftover after parsing attributes in process `syz.5.4149'.
[  692.568006][T21909] netlink: 208 bytes leftover after parsing attributes in process `syz.5.4149'.
[  692.602098][T21912] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4147'.
[  692.609669][T21909] netlink: 'syz.5.4149': attribute type 1 has an invalid length.
[  692.853218][T21919] lo speed is unknown, defaulting to 1000
[  693.050334][T21934] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input6
[  693.649344][T21919] lo speed is unknown, defaulting to 1000
[  693.784819][T16669] IPVS: starting estimator thread 0...
[  693.875905][T21952] IPVS: using max 24 ests per chain, 57600 per kthread
[  694.107728][T21963] netlink: 'syz.0.4163': attribute type 11 has an invalid length.
[  694.118735][T21963] netlink: 'syz.0.4163': attribute type 11 has an invalid length.
[  694.484818][T21966] lo speed is unknown, defaulting to 1000
[  694.614549][T21970] bond0: option ad_select: unable to set because the bond device is up
[  695.181420][T21993] netlink: 'syz.1.4175': attribute type 1 has an invalid length.
[  695.298550][T21993] 8021q: adding VLAN 0 to HW filter on device bond1
[  695.332135][T21999] vlan2: entered allmulticast mode
[  695.340112][T21999] veth1: entered allmulticast mode
[  695.350388][T21999] bond1: (slave vlan2): Opening slave failed
[  695.412345][T21991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  695.430984][T22002] : entered promiscuous mode
[  695.583243][T21966] lo speed is unknown, defaulting to 1000
[  695.591721][T22005] syzkaller1: entered promiscuous mode
[  695.609104][T22005] syzkaller1: entered allmulticast mode
[  696.112205][T21966] bridge0: port 1(gretap0) entered disabled state
[  696.318131][T21966] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  698.072578][T22065] __nla_validate_parse: 6 callbacks suppressed
[  698.072678][T22065] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4193'.
[  698.104280][T22044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  698.133920][T22044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.160546][T22068] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4193'.
[  698.180641][T22034] lo speed is unknown, defaulting to 1000
[  698.245889][T22069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4194'.
[  698.950094][T22044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  698.980423][T22044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.043282][T22034] lo speed is unknown, defaulting to 1000
[  699.050420][T22075] 8021q: VLANs not supported on ip_vti0
[  699.162213][T22044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.184178][T22044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.203491][T22087] netlink: 304 bytes leftover after parsing attributes in process `syz.4.4197'.
[  699.373011][T22044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  699.387236][T22044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.674745][ T9528] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  699.705286][ T9528] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.753674][ T9528] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  699.786830][ T9528] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  699.898885][T10340] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  699.932438][T10340] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  700.071009][ T9528] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  700.083168][ T9528] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  700.361096][T22112] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4203'.
[  700.402334][T22112] sch_tbf: burst 240 is lower than device lo mtu (65550) !
[  700.523954][T22114] netlink: 'syz.0.4205': attribute type 4 has an invalid length.
[  700.537000][T22114] netlink: 152 bytes leftover after parsing attributes in process `syz.0.4205'.
[  700.585723][T22114] wlan1: mtu less than device minimum
[  700.694362][T22131] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4209'.
[  700.724568][T22124] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  700.879022][T22139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4212'.
[  700.900785][T22139] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4212'.
[  700.925148][T22139] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4212'.
[  701.346471][T22162] netlink: zone id is out of range
[  701.369086][T22162] netlink: zone id is out of range
[  701.386327][T22162] netlink: zone id is out of range
[  701.402311][T22162] netlink: zone id is out of range
[  701.431835][T22162] netlink: zone id is out of range
[  701.455414][T22162] netlink: zone id is out of range
[  701.461642][T22162] netlink: zone id is out of range
[  701.492102][T22169] netlink: 'syz.5.4219': attribute type 10 has an invalid length.
[  701.497398][T22162] netlink: zone id is out of range
[  701.624069][T22169] batman_adv: batadv0: Adding interface: netdevsim0
[  701.680686][T22162] netlink: zone id is out of range
[  701.751509][T22169] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.853493][T22169] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  701.865842][T22162] netlink: zone id is out of range
[  703.903207][T22225] netlink: 'syz.4.4234': attribute type 1 has an invalid length.
[  703.934139][T22224] __nla_validate_parse: 2 callbacks suppressed
[  703.934163][T22224] netlink: 168 bytes leftover after parsing attributes in process `syz.5.4236'.
[  703.957578][T22225] netlink: 'syz.4.4234': attribute type 1 has an invalid length.
[  704.024253][T22230] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4235'.
[  704.293508][T22248] tipc: Enabling of bearer <eth:ip6erspan0> rejected, failed to enable media
[  704.566086][T22255] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4245'.
[  704.576046][T22255] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4245'.
[  704.607975][T22255] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4245'.
[  704.623955][T22259] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4245'.
[  704.642389][T22259] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4245'.
[  704.686934][T22259] dummy0: entered promiscuous mode
[  704.707140][T22259] team0: entered promiscuous mode
[  704.732773][T22259] team_slave_0: entered promiscuous mode
[  704.758942][T22259] team_slave_1: entered promiscuous mode
[  704.990291][T22269] netlink: 'syz.1.4248': attribute type 12 has an invalid length.
[  705.020494][T22269] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.4248'.
[  705.512864][T22285] batadv_slave_1: entered promiscuous mode
[  705.560407][T22287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4255'.
[  705.625330][T22294] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4254'.
[  705.928248][T22283] batadv_slave_1: left promiscuous mode
[  706.835769][T22334] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  706.877207][T22334] syzkaller0: entered promiscuous mode
[  706.911287][T22334] syzkaller0: entered allmulticast mode
[  706.950697][T22335] netlink: 'syz.0.4264': attribute type 4 has an invalid length.
[  707.079485][T22327] tipc: Resetting bearer <eth:syzkaller0>
[  707.126983][T22326] tipc: Resetting bearer <eth:syzkaller0>
[  707.188010][T22326] tipc: Disabling bearer <eth:syzkaller0>
[  707.455226][T22348] batadv_slave_1: entered promiscuous mode
[  707.547849][T22348] bridge_slave_1: left allmulticast mode
[  707.554879][T22348] bridge_slave_1: left promiscuous mode
[  707.597294][T22348] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.716365][T22348] bridge_slave_0: left allmulticast mode
[  707.723963][T22348] bridge_slave_0: left promiscuous mode
[  707.744013][T22348] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.877688][T22348] bridge0 (unregistering): left allmulticast mode
[  707.897654][T22364] netlink: 'syz.0.4274': attribute type 39 has an invalid length.
[  708.151903][T22372] syzkaller1: entered promiscuous mode
[  708.159634][T22372] syzkaller1: entered allmulticast mode
[  708.180334][T22346] batadv_slave_1: left promiscuous mode
[  708.554879][T22389] netlink: 'syz.4.4282': attribute type 4 has an invalid length.
[  708.628453][T22389] Ã: renamed from bond0 (while UP)
[  709.021318][T22405] syzkaller1: entered promiscuous mode
[  709.028307][T22405] syzkaller1: entered allmulticast mode
[  709.115101][T22410] vlan0: entered promiscuous mode
[  709.212205][T22412] mac80211_hwsim hwsim33 wlan1: entered allmulticast mode
[  709.359212][T22412] veth0_to_bond: left allmulticast mode
[  709.375130][T22412] veth0_to_bond: left promiscuous mode
[  709.404613][T22412] bridge0: port 1(veth0_to_bond) entered disabled state
[  709.454294][T22428] netlink: 'syz.5.4290': attribute type 10 has an invalid length.
[  709.551718][T22412] Ã: (slave bond_slave_0): Releasing backup interface
[  709.624577][T22412] Ã: (slave bond_slave_1): Releasing backup interface
[  709.667552][T22412] team0: Port device team_slave_0 removed
[  709.683579][T22412] team0: Port device team_slave_1 removed
[  709.692682][T22412] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  709.714249][T22412] batman_adv: batadv0: Removing interface: batadv_slave_0
[  709.758135][T22412] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  709.775683][T22412] batman_adv: batadv0: Removing interface: batadv_slave_1
[  709.826505][T22439] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:20002
[  709.841194][T22412] batman_adv: batadv0: Removing interface: netdevsim0
[  709.913894][T22412] Ã: (slave bond1): Releasing backup interface
[  710.007357][T22442] sctp: [Deprecated]: syz.4.4298 (pid 22442) Use of int in maxseg socket option.
[  710.007357][T22442] Use struct sctp_assoc_value instead
[  710.043315][T22412] bond3: (slave veth3): Releasing active interface
[  710.088814][T22428] mac80211_hwsim hwsim33 wlan1: left allmulticast mode
[  710.110090][T22428] 8021q: adding VLAN 0 to HW filter on device Ã
[  710.120924][T22428] net_ratelimit: 105 callbacks suppressed
[  710.120948][T22428] wlan1: mtu less than device minimum
[  710.145920][T22428] Ã: (slave wlan1): Error -22 calling dev_set_mtu
[  710.172442][T22429] pimreg: entered allmulticast mode
[  710.244457][T22444] netlink: 'syz.4.4299': attribute type 1 has an invalid length.
[  710.262873][T22444] __nla_validate_parse: 14 callbacks suppressed
[  710.262898][T22444] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4299'.
[  710.298817][T22446] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4297'.
[  710.351471][T22447] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4299'.
[  710.361975][T22447] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4299'.
[  710.372029][T22447] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4299'.
[  710.835872][T22468] batadv_slave_0: entered promiscuous mode
[  710.967983][T22464] batadv_slave_0: left promiscuous mode
[  711.527515][T22503] siw: device registration error -23
[  711.578579][T22481] tipc: Resetting bearer <eth:team0>
[  712.670335][T22481] vlan0: left promiscuous mode
[  712.979500][T22481] macvtap1: left promiscuous mode
[  712.990713][T22481] macvtap1: left allmulticast mode
[  713.006126][T22488] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR
[  713.016029][T22514] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  713.109159][   T12] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.166713][T22529] mac80211_hwsim hwsim32 wlan0: entered promiscuous mode
[  713.205295][T22529] macsec1: entered promiscuous mode
[  713.258072][T22529] macsec1: entered allmulticast mode
[  713.264138][T22529] mac80211_hwsim hwsim32 wlan0: entered allmulticast mode
[  713.316292][   T12] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.345421][   T12] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.367471][T22538] netlink: 'syz.1.4326': attribute type 4 has an invalid length.
[  713.411082][   T12] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.795489][T22560] netlink: 'syz.3.4325': attribute type 27 has an invalid length.
[  714.058296][T22571] ip6gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue
[  714.725443][ T7538] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI
[  714.738364][ T7538] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
[  714.748306][ T7538] CPU: 0 UID: 0 PID: 7538 Comm: kworker/0:10 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  714.760933][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  714.771816][ T7538] Workqueue: mld mld_ifc_work
[  714.777057][ T7538] RIP: 0010:add_grec+0x79f/0x1740
[  714.782393][ T7538] Code: c6 e8 65 bf 90 f7 45 85 ff 0f 84 b1 00 00 00 e8 17 bb 90 f7 eb 05 e8 10 bb 90 f7 4c 89 e0 48 c1 e8 03 48 89 84 24 a0 00 00 00 <42> 80 3c 30 00 74 08 4c 89 e7 e8 e2 dd f3 f7 4d 8b 3c 24 48 8b 7c
[  714.803852][ T7538] RSP: 0018:ffffc9004563f8f8 EFLAGS: 00010206
[  714.810146][ T7538] RAX: 000000001fffe000 RBX: ffff888031d1d280 RCX: ffff888058469e00
[  714.818790][ T7538] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  714.828697][ T7538] RBP: 0000000000000000 R08: ffff888058469e00 R09: 0000000000000002
[  714.837219][ T7538] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000ffff0000
[  714.845963][ T7538] R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000001
[  714.855080][ T7538] FS:  0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[  714.864747][ T7538] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  714.872325][ T7538] CR2: 00007f899d974620 CR3: 000000005b464000 CR4: 00000000003526f0
[  714.880677][ T7538] Call Trace:
[  714.884329][ T7538]  <TASK>
[  714.887665][ T7538]  mld_ifc_work+0x676/0xd60
[  714.892710][ T7538]  ? _raw_spin_unlock_irq+0x23/0x50
[  714.898410][ T7538]  ? process_scheduled_works+0x9ef/0x17b0
[  714.905053][ T7538]  process_scheduled_works+0xae1/0x17b0
[  714.911279][ T7538]  ? __pfx_process_scheduled_works+0x10/0x10
[  714.918374][ T7538]  worker_thread+0x8a0/0xda0
[  714.923571][ T7538]  kthread+0x70e/0x8a0
[  714.928039][ T7538]  ? __pfx_worker_thread+0x10/0x10
[  714.933983][ T7538]  ? __pfx_kthread+0x10/0x10
[  714.939945][ T7538]  ? _raw_spin_unlock_irq+0x23/0x50
[  714.945347][ T7538]  ? lockdep_hardirqs_on+0x9c/0x150
[  714.951006][ T7538]  ? __pfx_kthread+0x10/0x10
[  714.955995][ T7538]  ret_from_fork+0x3fc/0x770
[  714.961221][ T7538]  ? __pfx_ret_from_fork+0x10/0x10
[  714.966704][ T7538]  ? __switch_to_asm+0x39/0x70
[  714.971675][ T7538]  ? __switch_to_asm+0x33/0x70
[  714.977228][ T7538]  ? __pfx_kthread+0x10/0x10
[  714.982586][ T7538]  ret_from_fork_asm+0x1a/0x30
[  714.988354][ T7538]  </TASK>
[  714.993222][ T7538] Modules linked in:
[  714.999830][ T7538] ---[ end trace 0000000000000000 ]---
[  715.002009][T22605] FAULT_INJECTION: forcing a failure.
[  715.002009][T22605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  715.021721][T22602] Ã: (slave bond_slave_0): Releasing backup interface
[  715.038990][T22605] CPU: 1 UID: 0 PID: 22605 Comm: syz.1.4348 Tainted: G      D             6.16.0-syzkaller-06574-gd9104cec3e8f #0 PREEMPT(full) 
[  715.039043][T22605] Tainted: [D]=DIE
[  715.039052][T22605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  715.039066][T22605] Call Trace:
[  715.039074][T22605]  <TASK>
[  715.039085][T22605]  dump_stack_lvl+0x189/0x250
[  715.039113][T22605]  ? __pfx____ratelimit+0x10/0x10
[  715.039144][T22605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  715.039166][T22605]  ? __pfx__printk+0x10/0x10
[  715.039196][T22605]  ? rcu_is_watching+0x15/0xb0
[  715.039233][T22605]  should_fail_ex+0x414/0x560
[  715.039274][T22605]  _copy_to_user+0x31/0xb0
[  715.039307][T22605]  simple_read_from_buffer+0xe1/0x170
[  715.039343][T22605]  proc_fail_nth_read+0x1b3/0x220
[  715.039368][T22605]  ? common_file_perm+0x199/0x200
[  715.039398][T22605]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  715.039425][T22605]  ? rw_verify_area+0x258/0x650
[  715.039456][T22605]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  715.039482][T22605]  vfs_read+0x1fd/0x980
[  715.039520][T22605]  ? fdget_pos+0x247/0x320
[  715.039542][T22605]  ? __fget_files+0x2a/0x420
[  715.039563][T22605]  ? __pfx___mutex_lock+0x10/0x10
[  715.039595][T22605]  ? __pfx_vfs_read+0x10/0x10
[  715.039630][T22605]  ? __fget_files+0x3a0/0x420
[  715.039650][T22605]  ? __fget_files+0x2a/0x420
[  715.039675][T22605]  ksys_read+0x145/0x250
[  715.039707][T22605]  ? __pfx_ksys_read+0x10/0x10
[  715.039734][T22605]  ? rcu_is_watching+0x15/0xb0
[  715.039770][T22605]  ? rcu_is_watching+0x15/0xb0
[  715.039805][T22605]  do_syscall_64+0xfa/0x3b0
[  715.039837][T22605]  ? lockdep_hardirqs_on+0x9c/0x150
[  715.039866][T22605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.039888][T22605]  ? clear_bhb_loop+0x60/0xb0
[  715.039913][T22605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.039935][T22605] RIP: 0033:0x7fe38738d57c
[  715.039954][T22605] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  715.039975][T22605] RSP: 002b:00007fe38822b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  715.040000][T22605] RAX: ffffffffffffffda RBX: 00007fe3875b5fa0 RCX: 00007fe38738d57c
[  715.040017][T22605] RDX: 000000000000000f RSI: 00007fe38822b0a0 RDI: 0000000000000004
[  715.040032][T22605] RBP: 00007fe38822b090 R08: 0000000000000000 R09: 0000000000000000
[  715.040046][T22605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  715.040060][T22605] R13: 0000000000000000 R14: 00007fe3875b5fa0 R15: 00007fffcc1070f8
[  715.040086][T22605]  </TASK>
[  715.117107][ T7538] RIP: 0010:add_grec+0x79f/0x1740
[  715.345429][ T7538] Code: c6 e8 65 bf 90 f7 45 85 ff 0f 84 b1 00 00 00 e8 17 bb 90 f7 eb 05 e8 10 bb 90 f7 4c 89 e0 48 c1 e8 03 48 89 84 24 a0 00 00 00 <42> 80 3c 30 00 74 08 4c 89 e7 e8 e2 dd f3 f7 4d 8b 3c 24 48 8b 7c
[  715.366960][ T7538] RSP: 0018:ffffc9004563f8f8 EFLAGS: 00010206
[  715.366966][T22602] Ã: (slave bond_slave_1): Releasing backup interface
[  715.381509][ T7538] 
[  715.384056][ T7538] RAX: 000000001fffe000 RBX: ffff888031d1d280 RCX: ffff888058469e00
[  715.394409][T22602] team_slave_0: left promiscuous mode
[  715.394802][ T7538] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  715.409926][ T7538] RBP: 0000000000000000 R08: ffff888058469e00 R09: 0000000000000002
[  715.418770][ T7538] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000ffff0000
[  715.422236][T22602] team0: Port device team_slave_0 removed
[  715.428035][ T7538] R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000001
[  715.428062][ T7538] FS:  0000000000000000(0000) GS:ffff888125c80000(0000) knlGS:0000000000000000
[  715.428083][ T7538] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  715.439145][T22602] team_slave_1: left promiscuous mode
[  715.443194][ T7538] CR2: 0000001b31a0fff8 CR3: 000000007d284000 CR4: 00000000003526f0
[  715.475097][ T7538] Kernel panic - not syncing: Fatal exception
[  715.519727][ T7538] Kernel Offset: disabled
[  715.524722][ T7538] Rebooting in 86400 seconds..