last executing test programs:

48.091741121s ago: executing program 4 (id=5830):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced000000000a9f33c9f7b9e5", 0x0, 0xc698, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000a200000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000300000000002604fdffff02000016010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xd0}, 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

47.857041191s ago: executing program 4 (id=5833):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
listen(0xffffffffffffffff, 0x50)
socket$inet6(0xa, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1b00, 0x10022, 0x0)

47.457795893s ago: executing program 4 (id=5838):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xb, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000307040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e2}, 0x94)

47.308495472s ago: executing program 4 (id=5841):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000840)=ANY=[@ANYBLOB="0180c2000001bbbbbbbbbbbb86dd6a00000000481100fe8000000000000000000000000000aafe8000000000000000000000000000aa4e1d4efad74890780300000000000000dc521c259b538a2bf2a113dc2eeec0a072edf20b6d59029631718ba08997d3b2edde7c9ad6678fce7884907e0c7fd774601b051834b05b5a21e38013be9a54dadb930afd071b02d1b0f1271bc0ab17e257e72e627ed0c76e2800"/174], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000fdffffff000000000400000085000000bc0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000200000085000000170000009500000000000000f566e18218dc2b95db03f4b8ef4465e63f9fe210f75b3e26ab48e443cab7673bad47ea0174a8aff4018a05921901ca8aa45ce9f051749a27d89c17d8268d71ae"], 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r1, 0x5, 0xe, 0x0, &(0x7f00000001c0)="0101000871a7832e6b7303c3cd59", 0x0, 0x3, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x6d, &(0x7f0000000780)=ANY=[@ANYBLOB="ffffffffffff00000000000088a82900810045000800470d0057006700000521907864010102ac1e010144088f20000100014e204e2004219078d278628207a3e81296f37038292b754b867cf6601b5d1e64953607bce1a48d65de101298a4b367aed0613fd688c750ac27154dfcbb9388cedb5d6d1bb47f983eb481980212ae0d26d30991f66c0031"], 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r3, 0x10c, 0x5, &(0x7f0000000140), &(0x7f0000000080)=0x4)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x9)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffff02800800"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="08002abd7000fedbdf251d0000000c00990009000000180000000c002380050011000000000008000300", @ANYRES32=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x404c844}, 0x4000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'veth0_to_bridge\x00', 0x1000})
sendmmsg(r4, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000480)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="30ee227342733aea000000", @ANYRES16=r8, @ANYBLOB="01002cbd7000ffdbdf250400000004000180080003000600000005000500cd0000000800030003000000"], 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

47.101368657s ago: executing program 4 (id=5843):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000006f5c000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/44}, 0x20)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000001e00), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001e40)={<r3=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fedbdf2501000000100007800c00018008000100", @ANYRES32=r3, @ANYBLOB="0c0005004fc31bfd000000000c0002"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000008c0)=ANY=[@ANYBLOB="180000000c1401030000000000000000040001"], 0x18}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r6)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000680)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEV(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r8, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000001c0)={'wpan3\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEV(r6, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x24, r7, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000200)={'wpan0\x00'})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40855}, 0x4)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0x1}, 0x4)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xa, 0x101, 0x7ffc, 0xcc}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000000b3d0800020000000288fdff08000000185900000f0000000000000000000000bf91000000000000b7020000147958288500000084000000b7000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0xb, 0x0, 0x0, 0xc1000, 0x7c, '\x00', 0x0, 0x0, r10, 0xc, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x8}, 0x94)

40.590808881s ago: executing program 4 (id=5847):
bind$netlink(0xffffffffffffffff, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x89e3, 0x0)
socket$inet(0x2, 0x2, 0x1)
r1 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x38, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x38}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a80)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x7, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x64, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd2}, @IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20028044}, 0x0)

40.187884834s ago: executing program 32 (id=5847):
bind$netlink(0xffffffffffffffff, &(0x7f00000016c0)={0x10, 0x0, 0x25dfdbfb, 0x40000044}, 0xc)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x89e3, 0x0)
socket$inet(0x2, 0x2, 0x1)
r1 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x38, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x38}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a80)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x7, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x64, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd2}, @IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20028044}, 0x0)

15.894989348s ago: executing program 3 (id=6082):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000011c0), 0xffffffffffffffff)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f0000000000)="c5", 0x1, 0x40080, &(0x7f0000000040)={0xa, 0x4e24, 0x59, @local, 0x13}, 0x1c)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r7 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000200), r5)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r5, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x200, r7, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x5c, 0x8, 0x0, 0x1, [{0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x34abe62b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3c3d6059}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3497bb15}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xff}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x32}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x23}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd69d63f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x27}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x50, 0xc, 0x0, 0x1, [{0x4c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41630453}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xefbf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9ac4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeda0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x29a0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xae2c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf4e1}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a4acc4b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7d81fa9a}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf9}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x10c, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x65e2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1aadc5b3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7bc8c975}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5c2d6afb}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x53d3c5e3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4b900cc9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5f86}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfee9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8ecacc9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x19aea973}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4a4ee709}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7833abb3}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x66d7a99c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1b62}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43d2168c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa344}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x18d845c9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x290a266b}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x913}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x971}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4085}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa942}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2327}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x36aedc5}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc06c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68fb}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x99e9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x35d42fea}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x631d0dd7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2bad6e2d}]}]}]}, 0x200}, 0x1, 0x0, 0x0, 0xe525cf886f2e679e}, 0x5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
r8 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_netdev_private(r8, 0x89f3, &(0x7f0000000700)="aabb08444bca05768c56c4512ba9ab4dc4fd48c81ab97ebfffc5f0ae7d287030607b6dcf17a3eea79dd17a51e70f448bade41eac84d0f4123666e21325d2ed87c3f83e1a533b16797ef9e5c4f5e7cdca1b43dd6e5cb7ea6d1a0101d11bad6921e81cd02dd92d0896e8d62edf6b8ae64d48ff32e509ba25d204502075e2571f5de82848cf96c27fea")
pwritev(r2, &(0x7f0000000400)=[{&(0x7f0000000340)="577a29be4c834fe105e3399e08de3d945090b935490a65b37419c3391c7a68c302f06f897abc0381c27dd32f", 0x2c}], 0x1, 0x48, 0x3)
write$nci(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="500401f7c038e1"], 0x7)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400a6627535ff04000000000000000000000006", @ANYRES32=0x0, @ANYBLOB="00000000060000000a00030008e7eebc872f0000180012800e00010077697265677561726400000004000280"], 0x44}}, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000000)=ANY=[@ANYBLOB="f43ddc0bc2ecfdbaac2720bb7fd217df5f14cfba94a1f17d3653ad219cf7b1ec6c06af1d3a71c69fe2e106dc73a83778d0c0fa399bd993851a2e51aac4681a8940bbd23a2614b868abafcee0e2b4cebdbb0ee5da6ec0c6b156fe5bc1ee65e565a4ad353610068dfebf896019d2f6be86a89c6cf859d35a9ac705fb7f725f31", @ANYRES16=r1, @ANYBLOB="210f2dbd7000fddbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x8010)

6.144975029s ago: executing program 0 (id=6147):
socket$rds(0x15, 0x5, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16=r1], 0x4c}, 0x1, 0x0, 0x0, 0x20040080}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xb, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf100, 0x0, 0x0, 0x0, 0x2000}, [@printk={@p, {0x3, 0x3, 0x6}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000400)='GPL\x00', 0x1, 0xe0, &(0x7f0000000440)=""/224}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000680), &(0x7f0000000840)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$key(0xf, 0x3, 0x2)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f00000040c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40088d5}], 0x1, 0x40)
recvmmsg(r7, 0x0, 0x0, 0x10000, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r8}, 0x38)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r9, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1, 0xfffffffffffffffe}}], 0x48}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)

5.759358575s ago: executing program 0 (id=6149):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$tun(r3, &(0x7f0000000000)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x208)
r5 = accept4(r4, 0x0, 0x0, 0x80000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x2, 0xb8}, 0x90)
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x64, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x34, 0x2, [@TCA_FLOW_EMATCHES={0x30, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x20, 0x1, 0x0, 0x0, {{0xfffa, 0x7, 0x8001}, {{0x2, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x8, 0x0, 0xe}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0)

5.55030843s ago: executing program 0 (id=6152):
r0 = socket$inet(0x2b, 0x801, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xffffff41}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="000048ff00"/14, 0x0, 0x2000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x1e)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000c80)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300000000101010100000000000000000a0000930c00198008000200080001"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4044004)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000040)={r6, 0xb}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={r6, 0xa0, &(0x7f0000000000)=[@in={0x2, 0x4e23, @private=0xa010102}, @in={0x2, 0x4e22, @rand_addr=0x64010100}, @in6={0xa, 0x4e20, 0x2, @remote, 0x4}, @in6={0xa, 0x4e21, 0x2, @local, 0x6}, @in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x4e21, 0x10000, @private2, 0x80}, @in6={0xa, 0x4e24, 0x1ad5, @rand_addr=' \x01\x00', 0x9}]}, &(0x7f0000000140)=0x10)
connect$inet(r0, &(0x7f0000000340)={0x2, 0xfffb, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r8, 0x0, 0xd}, 0x18)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x8)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={r8, 0x20, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/13, 0xd}}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {0x7, 0x0, 0x0, r11, 0x7048, 0x77218}, [@IFLA_MASTER={0x8, 0xa, r11}]}, 0x28}}, 0x400c110)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000700062562dbbbd0000004000000000000040800030000"], 0x0, 0x2b, 0x0, 0x1, 0xfffffff1}, 0x28)
recvfrom$inet(r0, &(0x7f0000000180)=""/42, 0x2a, 0x0, &(0x7f00000001c0)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000000c0)=0x100000001, 0x4)

5.317330208s ago: executing program 0 (id=6154):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000012000000240000000800000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

5.019883439s ago: executing program 0 (id=6157):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
r4 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f0000000380)=[{{&(0x7f0000000300)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, &(0x7f0000000500)=""/201, 0xc9}, 0x6}], 0x1, 0x10102, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000000)={0xa0000001})
epoll_wait(r7, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESHEX=r6, @ANYRES32=r7, @ANYRES32=r6, @ANYRESDEC=r0, @ANYRES32], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000006c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xffffffffc}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000000}, 0x10000}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980)}}], 0x1, 0x4000000)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x24048045)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000200000000050005"], 0x80}}, 0x0)
sendmmsg(r9, &(0x7f0000000180), 0x400008a, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)

3.4078884s ago: executing program 0 (id=6170):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
socket(0x1d, 0x2, 0x6)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
connect$rose(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f0000000000000000ffffffff", 0x1c)

3.091520423s ago: executing program 5 (id=6172):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000003c000701fcffffff00000000017c0000100036800c00020008000000007000000c"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRESHEX=r1], 0x80}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r2)
sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x110, r3, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_DOMAIN={0xc9, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xbc\xdb\x7f\x9a\xf2\xb7\xc5\xb7|\xca\x85\xfd\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x00\x00\x00od\xe6,\xd3@I\xd9\\\xbf\\s0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93U6\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~<\x93/\xaf\x89\x06+\x96]\xb5+\xf1\xff8^D*\xdb\xb8\xd8t\x80\xd4\x8f'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private0}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x110}}, 0x4904)
sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002bbd7000fbdbdf250700000006000b000200000008000c000100000014000500fc02000000000000000000000000000006000b002b000000e8ff0700ac1e0101080008000a01010214000600fe8020000000100000000000000000bba6fa9727962ccd0860a92449b69d68e0ad3fcfdf9c5fc49305a0d64f"], 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$ppp(r4, &(0x7f00000005c0), 0x0)
pipe(&(0x7f00000000c0))
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x3c, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

3.086214774s ago: executing program 1 (id=6173):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
close(0xffffffffffffffff)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYRES64=r1], 0x0, 0x56, 0x0, 0x0, 0x4}, 0x28)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000880)="b9ff030768449a8cb89e14f07c33", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$alg(r4, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0xfffffd7c)
r7 = accept$alg(r4, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRESHEX, @ANYRES64=r0, @ANYRES8=r6, @ANYRESDEC=r3, @ANYRES8, @ANYRESHEX=r5, @ANYRESOCT=r2, @ANYRESOCT=r4, @ANYRES64=r7, @ANYRES64=r2, @ANYRES32=r0, @ANYRES32=r7], 0x48)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_DISCONNECT(r8, 0x0, 0x10)
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, 0x0, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x2b89b5ce0cd7a440)
getpeername$packet(r10, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r9, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x5865, r12}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)='O', 0x1}], 0x1}}], 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socket$kcm(0x2, 0x5, 0x84)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000500)={0x0, <r14=>0x0, <r15=>0x0}, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000440)=@abs={0x1, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="fc0f074f6f4900000000000000000000dd5e4415f1be01f58ad5f107d67beffdb0fcc575a51ecb194a68872e8da29ce7bd2512a510a73c789caa02acc51aac3e79666221634c0aa581c322e4e98ba98c48733d43e0f5c23bb8e7dfb9892f482a9bd595d3dc998e4280828874f4807e001d7c985c5a6673a5e04ae617a93922fc333b9a17dbc80bf4469d548fcd5d6f2d030de9e62a22de1b3623", @ANYRES32=0x0, @ANYRES64=r12, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESDEC=r4, @ANYRES8=0x0, @ANYRES32, @ANYRES32], 0x58, 0x4015}, 0x4000)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000600)={0x0, r14, r15}, 0xc)
r16 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffe, 0x8000, 0x20000000000000}, 0x0, &(0x7f0000000400)={0x3ff, 0x0, 0xfffffffffffffffe, 0x8000009, 0x2, 0x4c, 0x7fffffff, 0x3}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r16}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2.860732023s ago: executing program 2 (id=6175):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001f8ff008500000014000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.856864253s ago: executing program 5 (id=6176):
r0 = socket$inet(0x2b, 0x801, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xffffff41}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="000048ff00"/14, 0x0, 0x2000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x1e)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000c80)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300000000101010100000000000000000a0000930c00198008000200080001"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4044004)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000040)={r6, 0xb}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={r6, 0xa0, &(0x7f0000000000)=[@in={0x2, 0x4e23, @private=0xa010102}, @in={0x2, 0x4e22, @rand_addr=0x64010100}, @in6={0xa, 0x4e20, 0x2, @remote, 0x4}, @in6={0xa, 0x4e21, 0x2, @local, 0x6}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e21, 0x10000, @private2, 0x80}, @in6={0xa, 0x4e24, 0x1ad5, @rand_addr=' \x01\x00', 0x9}]}, &(0x7f0000000140)=0x10)
connect$inet(r0, &(0x7f0000000340)={0x2, 0xfffb, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r8, 0x0, 0xd}, 0x18)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x8)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={r8, 0x20, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/13, 0xd}}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {0x7, 0x0, 0x0, r11, 0x7048, 0x77218}, [@IFLA_MASTER={0x8, 0xa, r11}]}, 0x28}}, 0x400c110)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000700062562dbbbd0000004000000000000040800030000"], 0x0, 0x2b, 0x0, 0x1, 0xfffffff1}, 0x28)
recvfrom$inet(r0, &(0x7f0000000180)=""/42, 0x2a, 0x0, &(0x7f00000001c0)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000000c0)=0x100000001, 0x4)

2.67418744s ago: executing program 2 (id=6177):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xffff}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x89b1, &(0x7f0000000900)={'macvlan1\x00', @random})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="d50a0000000000006111780000000000180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x80)

2.635243124s ago: executing program 5 (id=6178):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced000000000a9f33c9f7b9e5", 0x0, 0xc698, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000a200000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000300000000002604fdffff02000016010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x6000}, 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

2.524175569s ago: executing program 2 (id=6179):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0x1000, &(0x7f0000001cc0)=""/4096, 0x41100, 0xd}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000000224e0000", 0x58}], 0x1)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x8)
setsockopt$ax25_int(r4, 0x101, 0x4, &(0x7f0000000040)=0x4, 0x4)
accept(r3, 0x0, &(0x7f0000000000))
ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000480)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

2.411486725s ago: executing program 5 (id=6180):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000300)=@pppol2tpv3={0x18, 0x3f, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @local}, 0x1, 0x0, 0x2}}, 0x2e)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x4, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="70000000100003042abd70009da1d2b900000004", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800b0001006272696467650000400002800800050000000000050029000100000006002700040000000c00220006000000000000000c0021"], 0x70}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004180)=@newtaction={0x94, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x80, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x64, 0x7, 0x8, 0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r5}]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000a00), 0xffffffffffffffff)
sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)={0x14, 0x0, 0x4, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000100)='wg0\x00', 0x4)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x1}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
socket(0x1e, 0x2, 0xb5)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'sit0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x2}}, @NHA_OIF={0x8, 0x5, r8}]}, 0x34}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @rand_addr=0x4, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1=0xe0000089}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)

2.392982516s ago: executing program 2 (id=6181):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000008500000005"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2.255133165s ago: executing program 2 (id=6182):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x800000000000002, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4)
sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r2], 0x30}}, 0x0)
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000011c0), 0xffffffffffffffff)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000003000)={0x2, 0xba}, 0x2)
getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x14, r3, 0xf21, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x8010)

2.075475452s ago: executing program 1 (id=6183):
socket$inet_udplite(0x2, 0x2, 0x88)
unshare(0x62040200) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=@newtfilter={0x48, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'ip6tnl0\x00'}]}}]}, 0x48}}, 0x0) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) (async)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000)
setsockopt(0xffffffffffffffff, 0x1c0000, 0x4, 0x0, 0xfffffffffffffefd) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x2002}, {r4, 0x61e3}, {r4, 0x5204}, {0xffffffffffffffff, 0x607}], 0x4, &(0x7f0000000080)={0x77359400}, &(0x7f0000000180)={[0x5a6]}, 0x8) (async)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10) (async)
listen(r5, 0x6d5) (async)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) (async)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r7, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f00000001c0)={'team0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={@private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @empty, 0x1, 0xa, 0xae, 0x100, 0x5, 0x2000008, r9}) (async)
connect$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)

1.478236705s ago: executing program 5 (id=6184):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
connect$netlink(r0, &(0x7f00000025c0)=@unspec, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000068000100030010f0fdffff7f00000000000000000c00020001000000150000000c000c8005000100d23f0000060003000100000028e1ecf4659027a44dd3128eebb50eb9798a1defa17d8dc03ff9be3c6027f58877842b1e3c9a02cb2c3bc9cee6cd3b11a5b6d687a5bed34238c74f77"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
socket$l2tp6(0xa, 0x2, 0x73)
r2 = socket(0x1, 0x803, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r4, @ANYBLOB="14000200ff02000000000000000000000000000108000800028d"], 0x34}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000020c0)={'syztnl2\x00', &(0x7f0000002040)={'ip6_vti0\x00', 0x0, 0x4, 0x6, 0x7f, 0x0, 0x48, @empty, @mcast2, 0x20, 0x10, 0x26, 0x6e8e}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r6, @ANYBLOB="080004000001"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000540)={'bond_slave_1\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {0x0, 0xa}, {0x0, 0xa}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r11)
getsockname$packet(r11, &(0x7f0000000380)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@gettfilter={0x34, 0x2e, 0x100, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0x0, 0xfff3}, {0xc, 0xe}, {0x1, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000004)
sendmsg$nl_route_sched(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@gettclass={0x24, 0x2a, 0x129, 0x870bd2c, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0x3}, {}, {0x0, 0xe}}}, 0x24}}, 0x40004)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000004dc0)=0x14)
r13 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r14=>0x0})
sendmsg$nl_route(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="280000001c00010029bd7000ffdbdf251e000000951294fb281f8fc01b6cf5bef17aaf99a2863a33d3db7bff895dc1fb3ba537be22b393c35c3dab83cb9ad984d7560bf7fdd4962fef3726873ebb43976590d983dcd4063a9180b1610fd0eaa5ecc85901369e0a0eec3cc5523f66e41225b419cbabf073448dc7d4de6d454e261aa988eed1b98361bce179309bb8269c503e842be82e4cb63c57c961d92ffbb6207b3f49b9ddc2ad054d18a0385598460c53738c13d7053c4ea736134b11d047a11bedf6a63b8b6c4b519c9c005e05cb14d41da37d5231f0512621fa99201a", @ANYRES32=r14, @ANYBLOB="80007f0a0a0002000180c20000030000"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040004)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000006300)={'sit0\x00', &(0x7f0000000740)={'ip_vti0\x00', 0x0, 0x20, 0x10, 0x547ea6a0, 0x8, {{0x18, 0x4, 0x3, 0x2c, 0x60, 0x66, 0x0, 0x2, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x36}, @broadcast, {[@ssrr={0x89, 0x3, 0x8c}, @lsrr={0x83, 0xf, 0x22, [@multicast1, @dev={0xac, 0x14, 0x14, 0x19}, @rand_addr=0x64010102]}, @cipso={0x86, 0x38, 0x3, [{0x1, 0x10, "e5313a51f1f5cf7650568f71f7e9"}, {0x6, 0x5, "0abd68"}, {0x5, 0xd, "57a95d7c0df4a72faecbd2"}, {0x5, 0xe, "dd3d9b756f0ad1b3898c547d"}, {0x1, 0x2}]}]}}}}})

1.424902416s ago: executing program 2 (id=6185):
unshare(0x6a040000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a31000000002c000000030a010300000000000000000500ffff0900010073797a31000000000900030073797a32000000002c000000060a01040000000000000000050000070900020073797a32000000000900010073797a310000000020000000000a010800002042ca569a298237e560528993dc000000000000020000030900010073797a3100000000140000001100010000000000000000000200000a8cc243241c45268657d87da33f36c79fa535c7d510e54c086afaada5cd12b457f44ba252d3fe7bf846f53336086ca32ba144bde6ae8bc977421372f2032a8f9c618fde84cba7604a729bf345f201551f0c4ba349c73e23bf8bd45ddf4048d4fbf09ba608a370ce4fcac39248d5a5dfbb74e8e7869734e45671836ae82d07a960a2449800"/347], 0xc0}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a0300000000000000000002000900010073797a300000000014000000020a0302000010000000000002000003140000001100010000000000000000000000000aea2edcee96f992ca8c47d33bad1629ab361d453bfc4a8f5f134d96d2f326194393f179263dc2c3f17477c29163c4860e76498869e9486b525d7cded61842aa5dd0232cb2424dcb578bfa7b3b5df7e97723ff3c9f447e0eba43fbdf0ff930961e62e15ebaaf45e76dc20fde6a65650e5bac5a0eac4d18bcf834b57dcc"], 0x68}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000330e46420000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400000000bca900000000000300000000000000009500000000000000bf98000000000000560800b7000000000000009500"/81], &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000400)=0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r3 = socket(0x11, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1ef", 0x23}], 0x1, 0x0, 0x0, 0x4000000}], 0x1, 0x40800)
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001146000002f0600ac141430e0000003808a8972bd0b72e410"], 0xdd12}], 0x1}, 0x10)
sendto$inet6(r2, &(0x7f0000000f40)="583bfbd1841f73bc31d86887732d694bfd7d3b4496b9e4d0cd210906f62998e1532a87b4fa50ad73ab9e0947f1b48b71e2d19eb26cca9bb6d34f46516a7d59577d84de1e4af53269eea6cc13be0e1515e1e7ba95beea09d7fd52a8d156199f3a94f93d15386682b7725e98044a290cc1fc3449b72fd8313be9df3cb98916b3021e49870d8d5201d6d71c3f5c076866113646b9b16f74cda2d55543dbc26172997037d6c7e9221ea5bbc2de30010de53797e9da5ee62e910519922de65b0380e67ca0ae0651fe8afed8b76bc28665b045f168e22d8bb8512d025807", 0xdb, 0x0, &(0x7f0000000100)={0xa, 0x4e27, 0x696c, @loopback, 0x1}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}], 0x1}}], 0x2, 0x4048884)
getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x8c41, 0x4005, 0x200, 0x1, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0xf946, 0x7}}, &(0x7f0000000280)=0xb0)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x6, @mcast2}, 0x1c)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="60eb0000020605000000000000000000070000001400078008001142000000000800124000000c8f0500010006000000050005000200000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c697000"], 0x60}}, 0x20004000)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})

910.127171ms ago: executing program 3 (id=6089):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000004200000040000000400000000200000000000000000000090400000000000000000000010500000008000000000000000000000300000000020000000200000012000000000000000000000b"], 0x0, 0x5a}, 0x28)

779.74299ms ago: executing program 3 (id=6186):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010014008500000014000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

662.259362ms ago: executing program 3 (id=6188):
r0 = socket$inet(0x2b, 0x801, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xffffff41}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="000048ff00"/14, 0x0, 0x2000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x1e)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000c80)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300000000101010100000000000000000a0000930c00198008000200080001"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4044004)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000040)={r6, 0xb}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000100)={r6, 0xa0, &(0x7f0000000000)=[@in={0x2, 0x4e23, @private=0xa010102}, @in={0x2, 0x4e22, @rand_addr=0x64010100}, @in6={0xa, 0x4e20, 0x2, @remote, 0x4}, @in6={0xa, 0x4e21, 0x2, @local, 0x6}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e21, 0x10000, @private2, 0x80}, @in6={0xa, 0x4e24, 0x1ad5, @rand_addr=' \x01\x00', 0x9}]}, &(0x7f0000000140)=0x10)
connect$inet(r0, &(0x7f0000000340)={0x2, 0xfffb, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r8, 0x0, 0xd}, 0x18)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x8)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={r8, 0x20, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/13, 0xd}}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {0x7, 0x0, 0x0, r11, 0x7048, 0x77218}, [@IFLA_MASTER={0x8, 0xa, r11}]}, 0x28}}, 0x400c110)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000700062562dbbbd0000004000000000000040800030000"], 0x0, 0x2b, 0x0, 0x1, 0xfffffff1}, 0x28)
recvfrom$inet(r0, &(0x7f0000000180)=""/42, 0x2a, 0x0, &(0x7f00000001c0)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000000c0)=0x100000001, 0x4)

616.651969ms ago: executing program 1 (id=6189):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000080851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000002bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)

375.644164ms ago: executing program 1 (id=6190):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced000000000a9f33c9f7b9e5", 0x0, 0xc698, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000a200000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000300000000002604fdffff02000016010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x7000}, 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

320.237213ms ago: executing program 3 (id=6191):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

229.884625ms ago: executing program 1 (id=6192):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000000c0)=0x5c0a, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r2=>0x0})
sendmsg$can_raw(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r2}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@can={{0x0, 0x0, 0x1}, 0x4, 0x2, 0x0, 0x0, "0004c500"}, 0x10}, 0x1, 0x0, 0x0, 0x20004000}, 0x91)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, &(0x7f0000000040))
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff04, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4004000}, 0xc0)

43.401619ms ago: executing program 1 (id=6193):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000700)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x7}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0xc}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x4, 0x0, 0xd, 0xa, [{0xe, 0x9}, {0x4}, {0xe, 0x1}, {0x3, 0x5}]}]}}, &(0x7f0000000f40)=""/4089, 0x46, 0xff9, 0x1}, 0x28)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4080}, 0x40004)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x84)
sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="ec00000021000100fcffffff000000000a010101000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00001000000000009c00110000000000000000000000ffffac1414aaff0100000000000000000000000000010a010102000000000000000000000000fc0200000000000000000000000000003c000a1b37"], 0xec}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'})
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000018c0)={'vcan0\x00'})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001980)={'sit0\x00', &(0x7f0000001a80)={'tunl0\x00', 0x0, 0x8, 0x700, 0x5, 0x0, {{0x1a, 0x4, 0x3, 0x13, 0x68, 0x67, 0x0, 0x7, 0x2f, 0x0, @remote, @rand_addr=0x9, {[@noop, @lsrr={0x83, 0x17, 0xf9, [@rand_addr=0x64010100, @broadcast, @dev={0xac, 0x14, 0x14, 0x16}, @remote, @local]}, @rr={0x7, 0x17, 0x34, [@broadcast, @local, @broadcast, @multicast1, @remote]}, @ssrr={0x89, 0x7, 0xe1, [@private=0xa010100]}, @rr={0x7, 0x1b, 0xae, [@loopback, @multicast1, @private=0xa010101, @multicast1, @loopback, @broadcast]}, @generic={0x83, 0x2}]}}}}})
sendmmsg$inet(r6, &(0x7f00000031c0), 0x0, 0x40)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x7, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @default]})
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_netrom_SIOCADDRT(r6, 0x890b, &(0x7f0000000440)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}}, 0x0)

27.846563ms ago: executing program 3 (id=6194):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000300)=@pppol2tpv3={0x18, 0x3f, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @local}, 0x1, 0x0, 0x2}}, 0x2e)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x4, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="70000000100003042abd70009da1d2b900000004", @ANYRES32=0x0, @ANYBLOB="0000000000000000500012800b0001006272696467650000400002800800050000000000050029000100000006002700040000000c00220006000000000000000c0021"], 0x70}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004180)=@newtaction={0x94, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x80, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x64, 0x7, 0x8, 0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r5}]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000a00), 0xffffffffffffffff)
sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000c80)={0x14, 0x0, 0x4, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000100)='wg0\x00', 0x4)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x1}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
socket(0x1e, 0x2, 0xb5)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'sit0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x5}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x2}}, @NHA_OIF={0x8, 0x5, r8}]}, 0x34}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @rand_addr=0x4, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@multicast1=0xe0000089}, {@private}, {@local}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)

0s ago: executing program 5 (id=6195):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="210f2dbd70000400000002000000"], 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x8010)

kernel console output (not intermixed with test programs):

126][T25732] netlink: 'syz.4.5187': attribute type 2 has an invalid length.
[  759.766462][T21332] block nbd62: Receive control failed (result -32)
[  759.833592][T25708] 8021q: adding VLAN 0 to HW filter on device bond0
[  759.861609][T25708] 8021q: adding VLAN 0 to HW filter on device team0
[  759.874938][T25708] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  759.906466][T25728] þ`Ì: entered promiscuous mode
[  759.920630][T25732] þ`Ì: entered promiscuous mode
[  759.975449][T25707] lo speed is unknown, defaulting to 1000
[  760.131216][T25752] netlink: 'syz.1.5190': attribute type 1 has an invalid length.
[  760.167927][T25753] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5191'.
[  760.955752][T21332] block nbd64: Receive control failed (result -32)
[  761.166719][T25788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5198'.
[  761.168349][T25789] netlink: 84 bytes leftover after parsing attributes in process `syz.3.5198'.
[  761.209429][T25784] lo speed is unknown, defaulting to 1000
[  761.239951][T25795] batadv_slave_1: entered promiscuous mode
[  761.846135][T25784] lo speed is unknown, defaulting to 1000
[  761.964108][T25817] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5206'.
[  761.999989][T25820] FAULT_INJECTION: forcing a failure.
[  761.999989][T25820] name failslab, interval 1, probability 0, space 0, times 0
[  762.014560][T25820] CPU: 1 UID: 0 PID: 25820 Comm: syz.1.5207 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  762.014598][T25820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  762.014612][T25820] Call Trace:
[  762.014622][T25820]  <TASK>
[  762.014632][T25820]  dump_stack_lvl+0x189/0x250
[  762.014664][T25820]  ? __pfx____ratelimit+0x10/0x10
[  762.014695][T25820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  762.014721][T25820]  ? __pfx__printk+0x10/0x10
[  762.014758][T25820]  ? __pfx___might_resched+0x10/0x10
[  762.014778][T25820]  ? fs_reclaim_acquire+0x7d/0x100
[  762.014816][T25820]  should_fail_ex+0x414/0x560
[  762.014849][T25820]  should_failslab+0xa8/0x100
[  762.014882][T25820]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  762.014910][T25820]  ? __alloc_skb+0x112/0x2d0
[  762.014946][T25820]  __alloc_skb+0x112/0x2d0
[  762.014981][T25820]  netlink_ack+0x146/0xa50
[  762.015011][T25820]  ? is_bpf_text_address+0x26/0x2b0
[  762.015066][T25820]  netlink_rcv_skb+0x28c/0x470
[  762.015097][T25820]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  762.015137][T25820]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  762.015176][T25820]  ? bpf_lsm_capable+0x9/0x20
[  762.015201][T25820]  ? security_capable+0x7e/0x2e0
[  762.015235][T25820]  nfnetlink_rcv+0x26a/0x2520
[  762.015259][T25820]  ? is_bpf_text_address+0x26/0x2b0
[  762.015289][T25820]  ? kernel_text_address+0xa5/0xe0
[  762.015317][T25820]  ? __kernel_text_address+0xd/0x40
[  762.015342][T25820]  ? unwind_get_return_address+0x4d/0x90
[  762.015364][T25820]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  762.015388][T25820]  ? arch_stack_walk+0xfc/0x150
[  762.015426][T25820]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  762.015470][T25820]  ? stack_depot_save_flags+0x40/0x860
[  762.015501][T25820]  ? __lock_acquire+0xab9/0xd20
[  762.015548][T25820]  ? __lock_acquire+0xab9/0xd20
[  762.015589][T25820]  ? netlink_deliver_tap+0x2e/0x1b0
[  762.015622][T25820]  ? netlink_deliver_tap+0x2e/0x1b0
[  762.015657][T25820]  netlink_unicast+0x82c/0x9e0
[  762.015689][T25820]  ? __pfx_netlink_unicast+0x10/0x10
[  762.015716][T25820]  ? netlink_sendmsg+0x642/0xb30
[  762.015740][T25820]  ? skb_put+0x11b/0x210
[  762.015761][T25820]  netlink_sendmsg+0x805/0xb30
[  762.015801][T25820]  ? __pfx_netlink_sendmsg+0x10/0x10
[  762.015833][T25820]  ? aa_sock_msg_perm+0xf1/0x1d0
[  762.015866][T25820]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  762.015887][T25820]  ? __pfx_netlink_sendmsg+0x10/0x10
[  762.015918][T25820]  __sock_sendmsg+0x219/0x270
[  762.015947][T25820]  ____sys_sendmsg+0x505/0x830
[  762.015974][T25820]  ? __pfx_____sys_sendmsg+0x10/0x10
[  762.016005][T25820]  ? import_iovec+0x74/0xa0
[  762.016032][T25820]  ___sys_sendmsg+0x21f/0x2a0
[  762.016055][T25820]  ? __pfx____sys_sendmsg+0x10/0x10
[  762.016116][T25820]  ? __fget_files+0x2a/0x420
[  762.016132][T25820]  ? __fget_files+0x3a0/0x420
[  762.016162][T25820]  __x64_sys_sendmsg+0x19b/0x260
[  762.016187][T25820]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  762.016216][T25820]  ? __pfx_ksys_write+0x10/0x10
[  762.016240][T25820]  ? rcu_is_watching+0x15/0xb0
[  762.016266][T25820]  ? do_syscall_64+0xbe/0x3b0
[  762.016300][T25820]  do_syscall_64+0xfa/0x3b0
[  762.016326][T25820]  ? lockdep_hardirqs_on+0x9c/0x150
[  762.016354][T25820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.016375][T25820]  ? clear_bhb_loop+0x60/0xb0
[  762.016400][T25820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.016419][T25820] RIP: 0033:0x7f070bb8ebe9
[  762.016439][T25820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  762.016457][T25820] RSP: 002b:00007f070c994038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  762.016480][T25820] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8ebe9
[  762.016495][T25820] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[  762.016508][T25820] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  762.016520][T25820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  762.016532][T25820] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  762.016564][T25820]  </TASK>
[  762.509182][T25825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5209'.
[  762.787633][T25817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  762.801199][T25817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  762.814125][T25817] bond0 (unregistering): Released all slaves
[  762.853236][T25825] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5209'.
[  762.961457][T25835] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5211'.
[  763.001629][T25835] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5211'.
[  763.067685][T25835] batadv0: entered promiscuous mode
[  763.082633][T25835] batadv0: left promiscuous mode
[  763.112210][T25832] lo speed is unknown, defaulting to 1000
[  763.346646][T25849] validate_nla: 1 callbacks suppressed
[  763.346667][T25849] netlink: 'syz.0.5215': attribute type 1 has an invalid length.
[  763.449684][T25832] lo speed is unknown, defaulting to 1000
[  763.913873][T25867] netlink: 'syz.1.5220': attribute type 32 has an invalid length.
[  763.946826][T25867] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5220'.
[  764.075681][T21332] block nbd65: Receive control failed (result -32)
[  764.582824][T25881] lo speed is unknown, defaulting to 1000
[  764.764699][T25892] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5227'.
[  765.119348][T25910] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5231'.
[  765.192631][T25915] netlink: 'syz.4.5233': attribute type 2 has an invalid length.
[  765.399043][T25881] lo speed is unknown, defaulting to 1000
[  765.444583][T25927] FAULT_INJECTION: forcing a failure.
[  765.444583][T25927] name failslab, interval 1, probability 0, space 0, times 0
[  765.459180][T25927] CPU: 0 UID: 0 PID: 25927 Comm: syz.4.5235 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  765.459209][T25927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  765.459223][T25927] Call Trace:
[  765.459231][T25927]  <TASK>
[  765.459240][T25927]  dump_stack_lvl+0x189/0x250
[  765.459270][T25927]  ? __pfx____ratelimit+0x10/0x10
[  765.459297][T25927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.459320][T25927]  ? __pfx__printk+0x10/0x10
[  765.459357][T25927]  ? __lock_acquire+0xab9/0xd20
[  765.459392][T25927]  should_fail_ex+0x414/0x560
[  765.459429][T25927]  should_failslab+0xa8/0x100
[  765.459462][T25927]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  765.459491][T25927]  ? __alloc_skb+0x112/0x2d0
[  765.459527][T25927]  __alloc_skb+0x112/0x2d0
[  765.459562][T25927]  tipc_msg_create+0x51/0x4d0
[  765.459599][T25927]  tipc_group_proto_xmit+0xce/0x790
[  765.459646][T25927]  tipc_group_delete+0x146/0x480
[  765.459695][T25927]  ? __pfx_tipc_group_delete+0x10/0x10
[  765.459738][T25927]  ? tipc_group_self+0x26/0x1c0
[  765.459770][T25927]  tipc_sk_leave+0x138/0x4e0
[  765.459801][T25927]  ? __pfx_tipc_sk_leave+0x10/0x10
[  765.459825][T25927]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  765.459857][T25927]  tipc_release+0x5fc/0x2160
[  765.459893][T25927]  ? __pfx_tipc_release+0x10/0x10
[  765.459913][T25927]  ? down_write+0x162/0x1f0
[  765.459929][T25927]  ? __pfx_down_write+0x10/0x10
[  765.459947][T25927]  ? ksys_write+0x1cb/0x250
[  765.459969][T25927]  ? locks_remove_posix+0x381/0x650
[  765.460003][T25927]  sock_close+0xc0/0x240
[  765.460026][T25927]  ? __pfx_sock_close+0x10/0x10
[  765.460048][T25927]  __fput+0x449/0xa70
[  765.460081][T25927]  fput_close_sync+0x119/0x200
[  765.460106][T25927]  ? __pfx_fput_close_sync+0x10/0x10
[  765.460139][T25927]  __x64_sys_close+0x7f/0x110
[  765.460181][T25927]  do_syscall_64+0xfa/0x3b0
[  765.460208][T25927]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.460235][T25927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.460257][T25927]  ? clear_bhb_loop+0x60/0xb0
[  765.460282][T25927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.460302][T25927] RIP: 0033:0x7ff744f8ebe9
[  765.460320][T25927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  765.460339][T25927] RSP: 002b:00007ff745dda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  765.460360][T25927] RAX: ffffffffffffffda RBX: 00007ff7451b5fa0 RCX: 00007ff744f8ebe9
[  765.460375][T25927] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  765.460387][T25927] RBP: 00007ff745dda090 R08: 0000000000000000 R09: 0000000000000000
[  765.460400][T25927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.460412][T25927] R13: 00007ff7451b6038 R14: 00007ff7451b5fa0 R15: 00007fffe64df838
[  765.460445][T25927]  </TASK>
[  766.407228][T25950] __nla_validate_parse: 1 callbacks suppressed
[  766.407248][T25950] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5241'.
[  766.504914][T25955] netlink: 'syz.2.5243': attribute type 1 has an invalid length.
[  766.632961][T25955] 8021q: adding VLAN 0 to HW filter on device bond0
[  766.640995][T25960] netlink: 'syz.1.5245': attribute type 2 has an invalid length.
[  766.687658][T25962] netlink: 'syz.4.5244': attribute type 4 has an invalid length.
[  766.811077][T25961] veth5: entered promiscuous mode
[  766.832020][T25961] bond0: (slave veth5): Enslaving as an active interface with a down link
[  767.232313][T25985] tipc: Resetting bearer <eth:syzkaller0>
[  767.242304][T25987] FAULT_INJECTION: forcing a failure.
[  767.242304][T25987] name failslab, interval 1, probability 0, space 0, times 0
[  767.255886][T25987] CPU: 0 UID: 0 PID: 25987 Comm: syz.0.5253 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  767.255912][T25987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  767.255941][T25987] Call Trace:
[  767.255949][T25987]  <TASK>
[  767.255957][T25987]  dump_stack_lvl+0x189/0x250
[  767.255984][T25987]  ? __pfx____ratelimit+0x10/0x10
[  767.256011][T25987]  ? __pfx_dump_stack_lvl+0x10/0x10
[  767.256035][T25987]  ? __pfx__printk+0x10/0x10
[  767.256057][T25987]  ? tipc_sk_leave+0x138/0x4e0
[  767.256081][T25987]  ? fput_close_sync+0x119/0x200
[  767.256102][T25987]  ? do_syscall_64+0xfa/0x3b0
[  767.256126][T25987]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.256156][T25987]  should_fail_ex+0x414/0x560
[  767.256186][T25987]  should_failslab+0xa8/0x100
[  767.256213][T25987]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  767.256240][T25987]  ? __alloc_skb+0x112/0x2d0
[  767.256273][T25987]  __alloc_skb+0x112/0x2d0
[  767.256306][T25987]  tipc_msg_create+0x51/0x4d0
[  767.256337][T25987]  tipc_group_proto_xmit+0xce/0x790
[  767.256371][T25987]  tipc_group_delete+0x146/0x480
[  767.256407][T25987]  ? __pfx_tipc_group_delete+0x10/0x10
[  767.256462][T25987]  ? tipc_group_self+0x26/0x1c0
[  767.256493][T25987]  tipc_sk_leave+0x138/0x4e0
[  767.256523][T25987]  ? __pfx_tipc_sk_leave+0x10/0x10
[  767.256546][T25987]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  767.256576][T25987]  tipc_release+0x5fc/0x2160
[  767.256610][T25987]  ? __pfx_tipc_release+0x10/0x10
[  767.256630][T25987]  ? down_write+0x162/0x1f0
[  767.256647][T25987]  ? __pfx_down_write+0x10/0x10
[  767.256664][T25987]  ? ksys_write+0x1cb/0x250
[  767.256687][T25987]  ? locks_remove_posix+0x381/0x650
[  767.256721][T25987]  sock_close+0xc0/0x240
[  767.256745][T25987]  ? __pfx_sock_close+0x10/0x10
[  767.256767][T25987]  __fput+0x449/0xa70
[  767.256799][T25987]  fput_close_sync+0x119/0x200
[  767.256824][T25987]  ? __pfx_fput_close_sync+0x10/0x10
[  767.256859][T25987]  __x64_sys_close+0x7f/0x110
[  767.256882][T25987]  do_syscall_64+0xfa/0x3b0
[  767.256910][T25987]  ? lockdep_hardirqs_on+0x9c/0x150
[  767.256935][T25987]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.256954][T25987]  ? clear_bhb_loop+0x60/0xb0
[  767.256977][T25987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.256996][T25987] RIP: 0033:0x7fd07478ebe9
[  767.257014][T25987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.257030][T25987] RSP: 002b:00007fd075528038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  767.257051][T25987] RAX: ffffffffffffffda RBX: 00007fd0749b5fa0 RCX: 00007fd07478ebe9
[  767.257065][T25987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  767.257076][T25987] RBP: 00007fd075528090 R08: 0000000000000000 R09: 0000000000000000
[  767.257087][T25987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.257098][T25987] R13: 00007fd0749b6038 R14: 00007fd0749b5fa0 R15: 00007ffcd88c4598
[  767.257142][T25987]  </TASK>
[  767.901666][T26005] FAULT_INJECTION: forcing a failure.
[  767.901666][T26005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.916939][T26005] CPU: 0 UID: 0 PID: 26005 Comm: syz.0.5264 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  767.916969][T26005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  767.916983][T26005] Call Trace:
[  767.916992][T26005]  <TASK>
[  767.917002][T26005]  dump_stack_lvl+0x189/0x250
[  767.917030][T26005]  ? __pfx____ratelimit+0x10/0x10
[  767.917058][T26005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  767.917083][T26005]  ? __pfx__printk+0x10/0x10
[  767.917111][T26005]  ? __might_fault+0xb0/0x130
[  767.917151][T26005]  should_fail_ex+0x414/0x560
[  767.917189][T26005]  _copy_from_user+0x2d/0xb0
[  767.917213][T26005]  ___sys_recvmsg+0x12e/0x510
[  767.917242][T26005]  ? __pfx____sys_recvmsg+0x10/0x10
[  767.917293][T26005]  ? __fget_files+0x3a0/0x420
[  767.917324][T26005]  do_recvmmsg+0x307/0x770
[  767.917375][T26005]  ? __pfx_do_recvmmsg+0x10/0x10
[  767.917412][T26005]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  767.917465][T26005]  __x64_sys_recvmmsg+0x190/0x240
[  767.917493][T26005]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  767.917513][T26005]  ? rcu_is_watching+0x15/0xb0
[  767.917541][T26005]  ? do_syscall_64+0xbe/0x3b0
[  767.917576][T26005]  do_syscall_64+0xfa/0x3b0
[  767.917605][T26005]  ? lockdep_hardirqs_on+0x9c/0x150
[  767.917632][T26005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.917654][T26005]  ? clear_bhb_loop+0x60/0xb0
[  767.917680][T26005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.917700][T26005] RIP: 0033:0x7fd07478ebe9
[  767.917719][T26005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.917738][T26005] RSP: 002b:00007fd075528038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  767.917761][T26005] RAX: ffffffffffffffda RBX: 00007fd0749b5fa0 RCX: 00007fd07478ebe9
[  767.917777][T26005] RDX: 0000000000000001 RSI: 00002000000048c0 RDI: 0000000000000004
[  767.917790][T26005] RBP: 00007fd075528090 R08: 0000000000000000 R09: 0000000000000000
[  767.917803][T26005] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  767.917816][T26005] R13: 00007fd0749b6038 R14: 00007fd0749b5fa0 R15: 00007ffcd88c4598
[  767.917850][T26005]  </TASK>
[  768.196090][T26013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5262'.
[  768.262785][T26013] team1: entered promiscuous mode
[  768.271523][T26013] team1: entered allmulticast mode
[  768.277831][T26013] 8021q: adding VLAN 0 to HW filter on device team1
[  768.288657][T26015] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5266'.
[  768.516988][T26029] netlink: 'syz.1.5271': attribute type 1 has an invalid length.
[  768.536861][T26029] NCSI netlink: No device for ifindex 0
[  768.718209][T26037] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5277'.
[  768.779405][T26043] FAULT_INJECTION: forcing a failure.
[  768.779405][T26043] name failslab, interval 1, probability 0, space 0, times 0
[  768.846087][T26043] CPU: 0 UID: 0 PID: 26043 Comm: syz.3.5279 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  768.846120][T26043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  768.846134][T26043] Call Trace:
[  768.846143][T26043]  <TASK>
[  768.846152][T26043]  dump_stack_lvl+0x189/0x250
[  768.846182][T26043]  ? __pfx____ratelimit+0x10/0x10
[  768.846211][T26043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  768.846236][T26043]  ? __pfx__printk+0x10/0x10
[  768.846272][T26043]  ? __pfx___might_resched+0x10/0x10
[  768.846298][T26043]  should_fail_ex+0x414/0x560
[  768.846332][T26043]  should_failslab+0xa8/0x100
[  768.846375][T26043]  __kmalloc_noprof+0xcb/0x4f0
[  768.846403][T26043]  ? sock_kmalloc+0xd6/0x160
[  768.846431][T26043]  sock_kmalloc+0xd6/0x160
[  768.846457][T26043]  af_alg_alloc_areq+0x8d/0x260
[  768.846485][T26043]  aead_recvmsg+0x490/0x13f0
[  768.846514][T26043]  ? __lock_acquire+0xab9/0xd20
[  768.846569][T26043]  ? __pfx_aead_recvmsg+0x10/0x10
[  768.846595][T26043]  ? __lock_acquire+0xab9/0xd20
[  768.846629][T26043]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  768.846651][T26043]  ? security_socket_recvmsg+0x7e/0x2e0
[  768.846676][T26043]  ? __pfx_aead_recvmsg+0x10/0x10
[  768.846705][T26043]  sock_recvmsg+0x229/0x270
[  768.846736][T26043]  ____sys_recvmsg+0x1c9/0x460
[  768.846769][T26043]  ? __pfx_____sys_recvmsg+0x10/0x10
[  768.846812][T26043]  ? import_iovec+0x74/0xa0
[  768.846841][T26043]  ___sys_recvmsg+0x1b5/0x510
[  768.846871][T26043]  ? __pfx____sys_recvmsg+0x10/0x10
[  768.846924][T26043]  ? __fget_files+0x3a0/0x420
[  768.846957][T26043]  do_recvmmsg+0x307/0x770
[  768.846992][T26043]  ? __pfx_do_recvmmsg+0x10/0x10
[  768.847030][T26043]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  768.847084][T26043]  __x64_sys_recvmmsg+0x190/0x240
[  768.847112][T26043]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  768.847133][T26043]  ? rcu_is_watching+0x15/0xb0
[  768.847161][T26043]  ? do_syscall_64+0xbe/0x3b0
[  768.847198][T26043]  do_syscall_64+0xfa/0x3b0
[  768.847238][T26043]  ? lockdep_hardirqs_on+0x9c/0x150
[  768.847266][T26043]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.847287][T26043]  ? clear_bhb_loop+0x60/0xb0
[  768.847312][T26043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.847332][T26043] RIP: 0033:0x7f8c7158ebe9
[  768.847351][T26043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  768.847375][T26043] RSP: 002b:00007f8c72416038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  768.847396][T26043] RAX: ffffffffffffffda RBX: 00007f8c717b5fa0 RCX: 00007f8c7158ebe9
[  768.847411][T26043] RDX: 0000000000000001 RSI: 00002000000048c0 RDI: 0000000000000004
[  768.847423][T26043] RBP: 00007f8c72416090 R08: 0000000000000000 R09: 0000000000000000
[  768.847435][T26043] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  768.847447][T26043] R13: 00007f8c717b6038 R14: 00007f8c717b5fa0 R15: 00007fff203b1ad8
[  768.847481][T26043]  </TASK>
[  769.349114][T26057] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5283'.
[  769.444109][T26057] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5283'.
[  769.512647][T26058] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5283'.
[  769.694918][T26067] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5286'.
[  769.818454][T26069] FAULT_INJECTION: forcing a failure.
[  769.818454][T26069] name failslab, interval 1, probability 0, space 0, times 0
[  769.862630][T26069] CPU: 1 UID: 0 PID: 26069 Comm: syz.4.5287 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  769.862660][T26069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  769.862672][T26069] Call Trace:
[  769.862680][T26069]  <TASK>
[  769.862689][T26069]  dump_stack_lvl+0x189/0x250
[  769.862718][T26069]  ? __pfx____ratelimit+0x10/0x10
[  769.862746][T26069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  769.862769][T26069]  ? __pfx__printk+0x10/0x10
[  769.862792][T26069]  ? tipc_sk_leave+0x138/0x4e0
[  769.862818][T26069]  ? fput_close_sync+0x119/0x200
[  769.862839][T26069]  ? do_syscall_64+0xfa/0x3b0
[  769.862865][T26069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.862894][T26069]  should_fail_ex+0x414/0x560
[  769.862925][T26069]  should_failslab+0xa8/0x100
[  769.862956][T26069]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  769.862984][T26069]  ? __alloc_skb+0x112/0x2d0
[  769.863020][T26069]  __alloc_skb+0x112/0x2d0
[  769.863054][T26069]  tipc_msg_create+0x51/0x4d0
[  769.863088][T26069]  tipc_group_proto_xmit+0xce/0x790
[  769.863126][T26069]  tipc_group_delete+0x146/0x480
[  769.863166][T26069]  ? __pfx_tipc_group_delete+0x10/0x10
[  769.863212][T26069]  ? tipc_group_self+0x26/0x1c0
[  769.863244][T26069]  tipc_sk_leave+0x138/0x4e0
[  769.863283][T26069]  ? __pfx_tipc_sk_leave+0x10/0x10
[  769.863308][T26069]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  769.863341][T26069]  tipc_release+0x5fc/0x2160
[  769.863378][T26069]  ? __pfx_tipc_release+0x10/0x10
[  769.863399][T26069]  ? down_write+0x162/0x1f0
[  769.863417][T26069]  ? __pfx_down_write+0x10/0x10
[  769.863435][T26069]  ? ksys_write+0x1cb/0x250
[  769.863458][T26069]  ? locks_remove_posix+0x381/0x650
[  769.863493][T26069]  sock_close+0xc0/0x240
[  769.863517][T26069]  ? __pfx_sock_close+0x10/0x10
[  769.863541][T26069]  __fput+0x449/0xa70
[  769.863574][T26069]  fput_close_sync+0x119/0x200
[  769.863599][T26069]  ? __pfx_fput_close_sync+0x10/0x10
[  769.863634][T26069]  __x64_sys_close+0x7f/0x110
[  769.863657][T26069]  do_syscall_64+0xfa/0x3b0
[  769.863683][T26069]  ? lockdep_hardirqs_on+0x9c/0x150
[  769.863709][T26069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.863728][T26069]  ? clear_bhb_loop+0x60/0xb0
[  769.863752][T26069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.863788][T26069] RIP: 0033:0x7ff744f8ebe9
[  769.863808][T26069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  769.863825][T26069] RSP: 002b:00007ff745dda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  769.863846][T26069] RAX: ffffffffffffffda RBX: 00007ff7451b5fa0 RCX: 00007ff744f8ebe9
[  769.863861][T26069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  769.863873][T26069] RBP: 00007ff745dda090 R08: 0000000000000000 R09: 0000000000000000
[  769.863886][T26069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.863927][T26069] R13: 00007ff7451b6038 R14: 00007ff7451b5fa0 R15: 00007fffe64df838
[  769.863963][T26069]  </TASK>
[  770.458950][T26089] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  770.471471][T26089] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0
[  770.846444][T26102] netlink: 'syz.3.5295': attribute type 1 has an invalid length.
[  771.567679][T21332] block nbd66: Receive control failed (result -32)
[  771.821060][T26133] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5302'.
[  771.847417][T26128] netlink: 'syz.2.5300': attribute type 4 has an invalid length.
[  771.922368][T26130] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5300'.
[  771.990451][T26133] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5302'.
[  772.018915][T26144] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5306'.
[  772.131132][T26144] netlink: 'syz.4.5306': attribute type 10 has an invalid length.
[  772.208560][T26149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5307'.
[  772.238890][T26149] netlink: 'syz.1.5307': attribute type 10 has an invalid length.
[  772.261022][T26144] macvlan0: entered promiscuous mode
[  772.262423][T26149] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  772.283077][T26144] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  772.321325][T26147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5307'.
[  772.401768][T26154] netlink: 'syz.0.5309': attribute type 2 has an invalid length.
[  772.426700][T26154] þ`Ì: entered promiscuous mode
[  772.666230][T26163] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5312'.
[  772.787598][T26175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5315'.
[  772.882112][T26167] ip6erspan0: entered allmulticast mode
[  772.980385][T26170] lo speed is unknown, defaulting to 1000
[  773.158316][T26184] syzkaller0: entered promiscuous mode
[  773.175511][T26184] syzkaller0: entered allmulticast mode
[  773.250756][T26170] lo speed is unknown, defaulting to 1000
[  773.339541][T26194] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5320'.
[  773.394680][T26202] netlink: 'syz.1.5322': attribute type 2 has an invalid length.
[  773.507257][T10733] IPVS: starting estimator thread 0...
[  773.524471][T26203] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  773.595670][T26208] IPVS: using max 27 ests per chain, 64800 per kthread
[  775.516033][T26204] lo speed is unknown, defaulting to 1000
[  775.541045][T26221] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5326'.
[  776.060777][T26255] netlink: 'syz.1.5333': attribute type 13 has an invalid length.
[  776.248071][T26204] lo speed is unknown, defaulting to 1000
[  776.916688][T26283] __nla_validate_parse: 5 callbacks suppressed
[  776.916710][T26283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5340'.
[  777.348150][T26300] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  777.837294][T26329] netlink: 'syz.2.5347': attribute type 1 has an invalid length.
[  777.854585][T26329] netlink: 140 bytes leftover after parsing attributes in process `syz.2.5347'.
[  777.864004][T26329] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5347'.
[  777.886857][T26334] netlink: 'syz.0.5353': attribute type 2 has an invalid length.
[  778.114750][T26337] lo speed is unknown, defaulting to 1000
[  778.134832][T26341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5356'.
[  778.577504][T26337] lo speed is unknown, defaulting to 1000
[  778.577511][T26349] lo speed is unknown, defaulting to 1000
[  778.672390][T26363] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5362'.
[  778.846123][T26370] FAULT_INJECTION: forcing a failure.
[  778.846123][T26370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  778.885700][T26370] CPU: 0 UID: 0 PID: 26370 Comm: syz.0.5364 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  778.885733][T26370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  778.885746][T26370] Call Trace:
[  778.885755][T26370]  <TASK>
[  778.885765][T26370]  dump_stack_lvl+0x189/0x250
[  778.885795][T26370]  ? __pfx____ratelimit+0x10/0x10
[  778.885824][T26370]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.885850][T26370]  ? __pfx__printk+0x10/0x10
[  778.885880][T26370]  ? __might_fault+0xb0/0x130
[  778.885924][T26370]  should_fail_ex+0x414/0x560
[  778.885958][T26370]  _copy_from_user+0x2d/0xb0
[  778.885983][T26370]  __sys_bpf+0x1ed/0x870
[  778.886015][T26370]  ? __pfx___sys_bpf+0x10/0x10
[  778.886058][T26370]  ? ksys_write+0x22a/0x250
[  778.886089][T26370]  ? __pfx_ksys_write+0x10/0x10
[  778.886126][T26370]  __x64_sys_bpf+0x7c/0x90
[  778.886152][T26370]  do_syscall_64+0xfa/0x3b0
[  778.886181][T26370]  ? lockdep_hardirqs_on+0x9c/0x150
[  778.886209][T26370]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.886230][T26370]  ? clear_bhb_loop+0x60/0xb0
[  778.886257][T26370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.886278][T26370] RIP: 0033:0x7fd07478ebe9
[  778.886296][T26370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  778.886314][T26370] RSP: 002b:00007fd075528038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  778.886336][T26370] RAX: ffffffffffffffda RBX: 00007fd0749b5fa0 RCX: 00007fd07478ebe9
[  778.886359][T26370] RDX: 0000000000000028 RSI: 0000200000000540 RDI: 0000000000000012
[  778.886374][T26370] RBP: 00007fd075528090 R08: 0000000000000000 R09: 0000000000000000
[  778.886387][T26370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  778.886400][T26370] R13: 00007fd0749b6038 R14: 00007fd0749b5fa0 R15: 00007ffcd88c4598
[  778.886436][T26370]  </TASK>
[  779.141176][T26349] lo speed is unknown, defaulting to 1000
[  779.438547][T26387] netlink: 'syz.2.5370': attribute type 1 has an invalid length.
[  779.627039][T21812] page_pool_release_retry() stalled pool shutdown: id 86, 3329 inflight 362 sec
[  779.951955][T26404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5373'.
[  779.990024][T26404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5373'.
[  780.163975][T26408] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5374'.
[  780.204787][T26408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5374'.
[  780.314683][T26414] netlink: 'syz.2.5377': attribute type 22 has an invalid length.
[  780.480296][T26422] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5381'.
[  780.520585][T26422] rdma_rxe: rxe_newlink: failed to add lo
[  780.715453][T26422] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  780.733729][T26436] netlink: 'syz.1.5384': attribute type 32 has an invalid length.
[  780.822553][T26434] lo speed is unknown, defaulting to 1000
[  781.028619][T26443] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  781.131980][T21332] Bluetooth: hci1: link tx timeout
[  781.138321][T21332] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  781.150499][T21332] Bluetooth: hci1: link tx timeout
[  781.155798][T21332] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  781.163658][T21332] Bluetooth: hci1: link tx timeout
[  781.169013][T21332] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  781.177143][T21332] Bluetooth: hci1: link tx timeout
[  781.182424][T21332] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  781.190515][T21332] Bluetooth: hci1: link tx timeout
[  781.195992][T21332] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  781.514348][T26443] lo speed is unknown, defaulting to 1000
[  781.522771][T26434] lo speed is unknown, defaulting to 1000
[  782.011473][T26444] lo speed is unknown, defaulting to 1000
[  782.254590][T26443] lo speed is unknown, defaulting to 1000
[  782.303692][T26444] lo speed is unknown, defaulting to 1000
[  783.081754][T26474] __nla_validate_parse: 3 callbacks suppressed
[  783.081775][T26474] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5395'.
[  783.131837][T26474] netlink: 'syz.4.5395': attribute type 1 has an invalid length.
[  783.227089][T21332] Bluetooth: hci1: command 0x0405 tx timeout
[  783.403043][T26474] 8021q: adding VLAN 0 to HW filter on device bond4
[  783.460124][T26476] bond4: (slave gretap0): making interface the new active one
[  783.477490][T26476] bond4: (slave gretap0): Enslaving as an active interface with an up link
[  783.491503][T26472] lo speed is unknown, defaulting to 1000
[  783.690755][T26485] netlink: 'syz.3.5397': attribute type 2 has an invalid length.
[  783.730133][T26487] netlink: 'syz.4.5398': attribute type 1 has an invalid length.
[  783.763109][T26472] lo speed is unknown, defaulting to 1000
[  783.902226][T26487] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5398'.
[  784.405117][ T5184] block nbd67: Receive control failed (result -32)
[  785.020506][T26528] netlink: 'syz.1.5410': attribute type 2 has an invalid length.
[  785.153802][T26533] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5413'.
[  785.310671][T26544] netlink: 'syz.0.5415': attribute type 1 has an invalid length.
[  785.430515][T26555] FAULT_INJECTION: forcing a failure.
[  785.430515][T26555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  785.458809][T26555] CPU: 0 UID: 0 PID: 26555 Comm: syz.1.5419 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  785.458840][T26555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  785.458853][T26555] Call Trace:
[  785.458861][T26555]  <TASK>
[  785.458870][T26555]  dump_stack_lvl+0x189/0x250
[  785.458908][T26555]  ? __pfx____ratelimit+0x10/0x10
[  785.458936][T26555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  785.458960][T26555]  ? __pfx__printk+0x10/0x10
[  785.458988][T26555]  ? __might_fault+0xb0/0x130
[  785.459040][T26555]  should_fail_ex+0x414/0x560
[  785.459069][T26555]  _copy_from_user+0x2d/0xb0
[  785.459091][T26555]  btf_new_fd+0x33a/0xc90
[  785.459111][T26555]  ? apparmor_capable+0x137/0x1b0
[  785.459141][T26555]  ? __pfx_btf_new_fd+0x10/0x10
[  785.459163][T26555]  ? bpf_token_put+0x143/0x160
[  785.459190][T26555]  ? bpf_btf_load+0x126/0x190
[  785.459219][T26555]  __sys_bpf+0x406/0x870
[  785.459245][T26555]  ? __pfx___sys_bpf+0x10/0x10
[  785.459282][T26555]  ? ksys_write+0x22a/0x250
[  785.459310][T26555]  ? __pfx_ksys_write+0x10/0x10
[  785.459331][T26555]  ? rcu_is_watching+0x15/0xb0
[  785.459358][T26555]  __x64_sys_bpf+0x7c/0x90
[  785.459380][T26555]  do_syscall_64+0xfa/0x3b0
[  785.459406][T26555]  ? lockdep_hardirqs_on+0x9c/0x150
[  785.459429][T26555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  785.459448][T26555]  ? clear_bhb_loop+0x60/0xb0
[  785.459471][T26555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  785.459489][T26555] RIP: 0033:0x7f070bb8ebe9
[  785.459506][T26555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  785.459522][T26555] RSP: 002b:00007f070c994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  785.459542][T26555] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8ebe9
[  785.459555][T26555] RDX: 0000000000000028 RSI: 0000200000000540 RDI: 0000000000000012
[  785.459567][T26555] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  785.459578][T26555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  785.459589][T26555] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  785.459619][T26555]  </TASK>
[  785.482136][T26539] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5415'.
[  785.989200][T26569] lo speed is unknown, defaulting to 1000
[  786.081547][ T5184] block nbd68: Receive control failed (result -32)
[  786.427296][T26569] lo speed is unknown, defaulting to 1000
[  786.752249][T26603] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5430'.
[  786.766482][T26603] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5430'.
[  786.795776][T26603] netlink: 'syz.3.5430': attribute type 5 has an invalid length.
[  786.813517][T26603] netlink: 43 bytes leftover after parsing attributes in process `syz.3.5430'.
[  786.836755][T26597] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5428'.
[  787.024301][T26608] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5431'.
[  787.034752][T26603] lo speed is unknown, defaulting to 1000
[  787.059926][T26612] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5433'.
[  787.513277][T26603] lo speed is unknown, defaulting to 1000
[  788.549533][T26666] __nla_validate_parse: 1 callbacks suppressed
[  788.549568][T26666] netlink: 80 bytes leftover after parsing attributes in process `syz.2.5450'.
[  788.611326][T26667] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5451'.
[  788.706375][T26671] netlink: 'syz.2.5453': attribute type 2 has an invalid length.
[  788.739166][T26673] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5454'.
[  788.748884][T26671] þ`Ì: entered promiscuous mode
[  788.843281][T26679] netlink: 'syz.1.5456': attribute type 1 has an invalid length.
[  788.942118][T26681] lo speed is unknown, defaulting to 1000
[  789.041834][T26675] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5456'.
[  789.081052][T26659] netlink: 'syz.3.5448': attribute type 1 has an invalid length.
[  789.217387][ T8087] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  789.570595][T26681] lo speed is unknown, defaulting to 1000
[  789.586994][ T5184] block nbd69: Receive control failed (result -32)
[  789.623201][   T30] audit: type=1804 audit(1755346455.983:15): pid=26710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5460" name="/newroot/484/cgroup.controllers" dev="tmpfs" ino=2489 res=1 errno=0
[  789.648174][   T30] audit: type=1800 audit(1755346455.983:16): pid=26710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5460" name="cgroup.controllers" dev="tmpfs" ino=2489 res=0 errno=0
[  790.098320][T26721] FAULT_INJECTION: forcing a failure.
[  790.098320][T26721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  790.155657][T26721] CPU: 0 UID: 0 PID: 26721 Comm: syz.1.5465 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  790.155691][T26721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  790.155711][T26721] Call Trace:
[  790.155720][T26721]  <TASK>
[  790.155731][T26721]  dump_stack_lvl+0x189/0x250
[  790.155762][T26721]  ? __pfx____ratelimit+0x10/0x10
[  790.155791][T26721]  ? __pfx_dump_stack_lvl+0x10/0x10
[  790.155827][T26721]  ? __pfx__printk+0x10/0x10
[  790.155869][T26721]  should_fail_ex+0x414/0x560
[  790.155903][T26721]  _copy_to_user+0x31/0xb0
[  790.155929][T26721]  simple_read_from_buffer+0xe1/0x170
[  790.155965][T26721]  proc_fail_nth_read+0x1b3/0x220
[  790.155992][T26721]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  790.156019][T26721]  ? rw_verify_area+0x2a6/0x4d0
[  790.156044][T26721]  ? __lock_acquire+0xab9/0xd20
[  790.156073][T26721]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  790.156099][T26721]  vfs_read+0x1fd/0xa30
[  790.156125][T26721]  ? fdget_pos+0x247/0x320
[  790.156149][T26721]  ? __pfx___mutex_lock+0x10/0x10
[  790.156180][T26721]  ? __pfx_vfs_read+0x10/0x10
[  790.156210][T26721]  ? __fget_files+0x2a/0x420
[  790.156234][T26721]  ? __fget_files+0x3a0/0x420
[  790.156250][T26721]  ? __fget_files+0x2a/0x420
[  790.156280][T26721]  ksys_read+0x145/0x250
[  790.156310][T26721]  ? __pfx_ksys_read+0x10/0x10
[  790.156344][T26721]  ? do_syscall_64+0xbe/0x3b0
[  790.156378][T26721]  do_syscall_64+0xfa/0x3b0
[  790.156405][T26721]  ? lockdep_hardirqs_on+0x9c/0x150
[  790.156432][T26721]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.156453][T26721]  ? clear_bhb_loop+0x60/0xb0
[  790.156479][T26721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  790.156499][T26721] RIP: 0033:0x7f070bb8d5fc
[  790.156518][T26721] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  790.156536][T26721] RSP: 002b:00007f070c994030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  790.156559][T26721] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8d5fc
[  790.156574][T26721] RDX: 000000000000000f RSI: 00007f070c9940a0 RDI: 0000000000000005
[  790.156588][T26721] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  790.156601][T26721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  790.156613][T26721] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  790.156649][T26721]  </TASK>
[  790.607923][T26733] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5471'.
[  790.640130][T26733] netlink: 188 bytes leftover after parsing attributes in process `syz.2.5471'.
[  790.685553][T26715] tipc: Resetting bearer <eth:syzkaller0>
[  790.730317][T26728] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  790.882568][T26750] netlink: 'syz.3.5475': attribute type 2 has an invalid length.
[  790.895934][T26747] netlink: 'syz.2.5473': attribute type 1 has an invalid length.
[  790.966290][T26753] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  790.976541][T26753] tc_dump_action: action bad kind
[  791.466546][ T5184] block nbd70: Receive control failed (result -32)
[  791.725896][T26775] syzkaller0: entered promiscuous mode
[  791.731433][T26775] syzkaller0: entered allmulticast mode
[  791.760142][T26783] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5485'.
[  792.072976][T26797] netlink: 308 bytes leftover after parsing attributes in process `syz.3.5489'.
[  792.094849][T26797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5489'.
[  792.148725][T26802] netlink: 124 bytes leftover after parsing attributes in process `syz.3.5489'.
[  793.754129][T26795] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  793.832731][T26801] lo speed is unknown, defaulting to 1000
[  793.904064][T26806] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5493'.
[  793.924554][T26810] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5492'.
[  794.094251][T26821] FAULT_INJECTION: forcing a failure.
[  794.094251][T26821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  794.135383][T26821] CPU: 1 UID: 0 PID: 26821 Comm: syz.2.5496 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  794.135412][T26821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  794.135425][T26821] Call Trace:
[  794.135432][T26821]  <TASK>
[  794.135441][T26821]  dump_stack_lvl+0x189/0x250
[  794.135469][T26821]  ? __pfx____ratelimit+0x10/0x10
[  794.135497][T26821]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.135528][T26821]  ? __pfx__printk+0x10/0x10
[  794.135572][T26821]  should_fail_ex+0x414/0x560
[  794.135602][T26821]  _copy_to_user+0x31/0xb0
[  794.135625][T26821]  finalize_log+0xe1/0x160
[  794.135649][T26821]  ? __pfx_finalize_log+0x10/0x10
[  794.135668][T26821]  ? btf_check_type_tags+0x679/0x680
[  794.135697][T26821]  btf_new_fd+0x6fa/0xc90
[  794.135716][T26821]  ? apparmor_capable+0x137/0x1b0
[  794.135747][T26821]  ? __pfx_btf_new_fd+0x10/0x10
[  794.135769][T26821]  ? bpf_token_put+0x143/0x160
[  794.135797][T26821]  ? bpf_btf_load+0x126/0x190
[  794.135825][T26821]  __sys_bpf+0x406/0x870
[  794.135853][T26821]  ? __pfx___sys_bpf+0x10/0x10
[  794.135891][T26821]  ? ksys_write+0x22a/0x250
[  794.135920][T26821]  ? __pfx_ksys_write+0x10/0x10
[  794.135952][T26821]  __x64_sys_bpf+0x7c/0x90
[  794.135976][T26821]  do_syscall_64+0xfa/0x3b0
[  794.136003][T26821]  ? lockdep_hardirqs_on+0x9c/0x150
[  794.136027][T26821]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.136046][T26821]  ? clear_bhb_loop+0x60/0xb0
[  794.136069][T26821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.136088][T26821] RIP: 0033:0x7fd31718ebe9
[  794.136105][T26821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.136121][T26821] RSP: 002b:00007fd317f2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  794.136141][T26821] RAX: ffffffffffffffda RBX: 00007fd3173b5fa0 RCX: 00007fd31718ebe9
[  794.136155][T26821] RDX: 0000000000000028 RSI: 0000200000000540 RDI: 0000000000000012
[  794.136167][T26821] RBP: 00007fd317f2d090 R08: 0000000000000000 R09: 0000000000000000
[  794.136179][T26821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  794.136190][T26821] R13: 00007fd3173b6038 R14: 00007fd3173b5fa0 R15: 00007ffd169d1828
[  794.136219][T26821]  </TASK>
[  794.578308][T26832] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5502'.
[  794.944092][T26801] lo speed is unknown, defaulting to 1000
[  795.136313][T26846] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5506'.
[  795.291104][T26854] netlink: 'syz.0.5507': attribute type 1 has an invalid length.
[  795.468563][T26851] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5507'.
[  796.046777][ T5184] block nbd71: Receive control failed (result -32)
[  796.487517][T26893] lo speed is unknown, defaulting to 1000
[  796.734843][T26893] lo speed is unknown, defaulting to 1000
[  796.850476][T26911] FAULT_INJECTION: forcing a failure.
[  796.850476][T26911] name failslab, interval 1, probability 0, space 0, times 0
[  796.863626][T26911] CPU: 0 UID: 0 PID: 26911 Comm: syz.1.5525 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  796.863653][T26911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  796.863665][T26911] Call Trace:
[  796.863674][T26911]  <TASK>
[  796.863683][T26911]  dump_stack_lvl+0x189/0x250
[  796.863711][T26911]  ? __pfx____ratelimit+0x10/0x10
[  796.863738][T26911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  796.863761][T26911]  ? __pfx__printk+0x10/0x10
[  796.863802][T26911]  should_fail_ex+0x414/0x560
[  796.863832][T26911]  should_failslab+0xa8/0x100
[  796.863862][T26911]  kmem_cache_alloc_noprof+0x73/0x3c0
[  796.863887][T26911]  ? radix_tree_node_alloc+0x7e/0x3a0
[  796.863936][T26911]  radix_tree_node_alloc+0x7e/0x3a0
[  796.863972][T26911]  idr_get_free+0x2b3/0xa70
[  796.864014][T26911]  idr_alloc_u32+0x159/0x2d0
[  796.864070][T26911]  ? __pfx_idr_alloc_u32+0x10/0x10
[  796.864103][T26911]  ? do_raw_spin_lock+0x121/0x290
[  796.864137][T26911]  idr_alloc_cyclic+0x9b/0x1b0
[  796.864173][T26911]  btf_new_fd+0x7d0/0xc90
[  796.864196][T26911]  ? apparmor_capable+0x137/0x1b0
[  796.864232][T26911]  ? __pfx_btf_new_fd+0x10/0x10
[  796.864257][T26911]  ? bpf_token_put+0x143/0x160
[  796.864287][T26911]  ? bpf_btf_load+0x126/0x190
[  796.864326][T26911]  __sys_bpf+0x406/0x870
[  796.864356][T26911]  ? __pfx___sys_bpf+0x10/0x10
[  796.864408][T26911]  ? rcu_is_watching+0x15/0xb0
[  796.864439][T26911]  __x64_sys_bpf+0x7c/0x90
[  796.864465][T26911]  do_syscall_64+0xfa/0x3b0
[  796.864494][T26911]  ? lockdep_hardirqs_on+0x9c/0x150
[  796.864522][T26911]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.864543][T26911]  ? clear_bhb_loop+0x60/0xb0
[  796.864569][T26911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.864589][T26911] RIP: 0033:0x7f070bb8ebe9
[  796.864608][T26911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  796.864626][T26911] RSP: 002b:00007f070c994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  796.864649][T26911] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8ebe9
[  796.864665][T26911] RDX: 0000000000000028 RSI: 0000200000000540 RDI: 0000000000000012
[  796.864678][T26911] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  796.864691][T26911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  796.864703][T26911] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  796.864739][T26911]  </TASK>
[  797.363270][T26920] netlink: 'syz.0.5528': attribute type 2 has an invalid length.
[  797.447333][T26922] netlink: 'syz.1.5527': attribute type 1 has an invalid length.
[  797.665882][T26916] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5527'.
[  798.101506][T26937] lo speed is unknown, defaulting to 1000
[  798.164524][T26943] netlink: 212340 bytes leftover after parsing attributes in process `syz.2.5531'.
[  798.214900][ T5184] block nbd72: Receive control failed (result -32)
[  798.819324][T26937] lo speed is unknown, defaulting to 1000
[  799.010746][T26962] netlink: 'syz.1.5536': attribute type 1 has an invalid length.
[  799.019826][T26962] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5536'.
[  799.391618][T26972] lo speed is unknown, defaulting to 1000
[  800.077278][T26972] lo speed is unknown, defaulting to 1000
[  800.184560][T26985] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  800.222525][T26985] tc_dump_action: action bad kind
[  800.562002][T27001] netlink: 'syz.0.5545': attribute type 13 has an invalid length.
[  801.086018][T27019] netlink: 'syz.1.5554': attribute type 2 has an invalid length.
[  801.426132][T27028] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  801.511243][T27020] syzkaller0: entered promiscuous mode
[  801.525385][T27020] syzkaller0: entered allmulticast mode
[  801.549184][T27028] tc_dump_action: action bad kind
[  803.552877][T27041] lo speed is unknown, defaulting to 1000
[  803.708941][T27060] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5564'.
[  803.713818][T27066] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5566'.
[  803.835232][T27073] netlink: 'syz.0.5567': attribute type 2 has an invalid length.
[  804.045987][T27084] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  804.060912][T27085] netlink: 164 bytes leftover after parsing attributes in process `syz.1.5571'.
[  804.092615][T27084] tc_dump_action: action bad kind
[  804.102536][T27083] netlink: 164 bytes leftover after parsing attributes in process `syz.1.5571'.
[  804.142674][T27087] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  804.167591][T27041] lo speed is unknown, defaulting to 1000
[  804.366578][T27099] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5575'.
[  804.376609][T27099] nbd: nbd63 already in use
[  804.985156][T27135] netlink: 'syz.2.5583': attribute type 2 has an invalid length.
[  804.988875][T27136] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  805.005908][T27136] tc_dump_action: action bad kind
[  805.167174][T27141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5589'.
[  805.462121][T27162] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  805.499175][T27166] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5595'.
[  805.686180][T27174] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  805.697244][T27174] tc_dump_action: action bad kind
[  805.757109][T27176] netlink: 'syz.4.5599': attribute type 2 has an invalid length.
[  805.810272][T27178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5600'.
[  805.820106][T27178] netlink: 'syz.1.5600': attribute type 1 has an invalid length.
[  805.828938][T27178] netlink: 'syz.1.5600': attribute type 2 has an invalid length.
[  805.902219][T27184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5604'.
[  805.923509][T27184] netlink: 'syz.1.5604': attribute type 10 has an invalid length.
[  805.946572][T27184] team0: Cannot enslave team device to itself
[  806.043631][T27184] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5604'.
[  806.081620][T27184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5604'.
[  806.186645][T27194] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5607'.
[  806.467131][T27217] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  806.481721][T27215] netlink: 'syz.2.5614': attribute type 2 has an invalid length.
[  806.502407][T27217] netlink: 'syz.1.5615': attribute type 4 has an invalid length.
[  806.839942][T27238] netlink: 'syz.3.5622': attribute type 1 has an invalid length.
[  807.696881][T27268] netlink: 'syz.2.5629': attribute type 2 has an invalid length.
[  807.711371][ T5184] block nbd73: Receive control failed (result -32)
[  807.779686][T27270] netlink: 'syz.1.5628': attribute type 13 has an invalid length.
[  807.958000][T27277] ip6gre0: Master is either lo or non-ether device
[  808.237805][T27300] netlink: 'syz.2.5637': attribute type 1 has an invalid length.
[  808.330634][T27307] lo speed is unknown, defaulting to 1000
[  808.751396][ T1300] aoe: packet could not be sent on bond0.  consider increasing tx_queue_len
[  809.010015][ T5184] block nbd74: Receive control failed (result -32)
[  809.293313][T27307] lo speed is unknown, defaulting to 1000
[  809.366091][T27338] __nla_validate_parse: 10 callbacks suppressed
[  809.366111][T27338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5648'.
[  809.382408][T27339] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  809.406893][T27338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5648'.
[  809.426502][T27339] tc_dump_action: action bad kind
[  809.734094][T27358] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5651'.
[  809.870016][T27363] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5655'.
[  810.512603][T27382] tipc: Resetting bearer <eth:syzkaller0>
[  810.602751][T27396] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5661'.
[  810.634832][ T5184] block nbd75: Receive control failed (result -32)
[  810.892811][T27401] validate_nla: 6 callbacks suppressed
[  810.892831][T27401] netlink: 'syz.2.5662': attribute type 32 has an invalid length.
[  810.942907][T27401] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5662'.
[  810.996023][T27407] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5665'.
[  811.254636][T27419] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5668'.
[  811.279336][T27419] nbd: must specify a size in bytes for the device
[  811.297919][T27421] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  811.312417][T27418] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5669'.
[  811.472617][T27432] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5673'.
[  811.694771][T27444] netlink: 'syz.3.5677': attribute type 2 has an invalid length.
[  811.812700][T27447] netlink: 'syz.0.5678': attribute type 2 has an invalid length.
[  812.030802][T27453] lo speed is unknown, defaulting to 1000
[  812.152561][T27465] netlink: 'syz.0.5684': attribute type 13 has an invalid length.
[  812.257191][T27467] netlink: 'syz.1.5686': attribute type 32 has an invalid length.
[  812.510151][T21818] IPVS: starting estimator thread 0...
[  812.519989][T27477] IPVS: set_ctl: invalid protocol: 94 224.0.0.1:20000
[  812.625467][T27481] IPVS: using max 33 ests per chain, 79200 per kthread
[  812.753365][T27486] lo speed is unknown, defaulting to 1000
[  812.760495][T27453] lo speed is unknown, defaulting to 1000
[  812.997701][T27497] FAULT_INJECTION: forcing a failure.
[  812.997701][T27497] name failslab, interval 1, probability 0, space 0, times 0
[  813.115465][T27497] CPU: 1 UID: 0 PID: 27497 Comm: syz.2.5695 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  813.115518][T27497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  813.115541][T27497] Call Trace:
[  813.115550][T27497]  <TASK>
[  813.115560][T27497]  dump_stack_lvl+0x189/0x250
[  813.115603][T27497]  ? __pfx____ratelimit+0x10/0x10
[  813.115632][T27497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  813.115657][T27497]  ? __pfx__printk+0x10/0x10
[  813.115682][T27497]  ? nfnetlink_rcv+0x26a/0x2520
[  813.115709][T27497]  ? ____sys_sendmsg+0x505/0x830
[  813.115729][T27497]  ? __x64_sys_sendmsg+0x19b/0x260
[  813.115761][T27497]  should_fail_ex+0x414/0x560
[  813.115795][T27497]  should_failslab+0xa8/0x100
[  813.115827][T27497]  kmem_cache_alloc_noprof+0x73/0x3c0
[  813.115855][T27497]  ? skb_clone+0x212/0x3a0
[  813.115882][T27497]  skb_clone+0x212/0x3a0
[  813.115909][T27497]  __netlink_deliver_tap+0x404/0x850
[  813.115953][T27497]  ? netlink_deliver_tap+0x2e/0x1b0
[  813.115985][T27497]  netlink_deliver_tap+0x19c/0x1b0
[  813.116015][T27497]  netlink_sendskb+0x68/0x140
[  813.116044][T27497]  netlink_unicast+0x397/0x9e0
[  813.116067][T27497]  ? __asan_memcpy+0x40/0x70
[  813.116100][T27497]  ? __pfx_netlink_unicast+0x10/0x10
[  813.116139][T27497]  netlink_rcv_skb+0x28c/0x470
[  813.116177][T27497]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  813.116206][T27497]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  813.116249][T27497]  ? bpf_lsm_capable+0x9/0x20
[  813.116276][T27497]  ? security_capable+0x7e/0x2e0
[  813.116315][T27497]  nfnetlink_rcv+0x26a/0x2520
[  813.116344][T27497]  ? __dev_queue_xmit+0x1d79/0x3b50
[  813.116380][T27497]  ? __dev_queue_xmit+0x27b/0x3b50
[  813.116417][T27497]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  813.116443][T27497]  ? __pfx___dev_queue_xmit+0x10/0x10
[  813.116482][T27497]  ? ref_tracker_free+0x63a/0x7d0
[  813.116512][T27497]  ? __asan_memcpy+0x40/0x70
[  813.116534][T27497]  ? __pfx_ref_tracker_free+0x10/0x10
[  813.116581][T27497]  ? skb_clone+0x246/0x3a0
[  813.116608][T27497]  ? __netlink_deliver_tap+0x807/0x850
[  813.116637][T27497]  ? netlink_deliver_tap+0x2e/0x1b0
[  813.116675][T27497]  ? netlink_deliver_tap+0x2e/0x1b0
[  813.116713][T27497]  netlink_unicast+0x82c/0x9e0
[  813.116751][T27497]  ? __pfx_netlink_unicast+0x10/0x10
[  813.116780][T27497]  ? netlink_sendmsg+0x642/0xb30
[  813.116807][T27497]  ? skb_put+0x11b/0x210
[  813.116830][T27497]  netlink_sendmsg+0x805/0xb30
[  813.116873][T27497]  ? __pfx_netlink_sendmsg+0x10/0x10
[  813.116908][T27497]  ? aa_sock_msg_perm+0xf1/0x1d0
[  813.116941][T27497]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  813.116963][T27497]  ? __pfx_netlink_sendmsg+0x10/0x10
[  813.116994][T27497]  __sock_sendmsg+0x219/0x270
[  813.117024][T27497]  ____sys_sendmsg+0x505/0x830
[  813.117052][T27497]  ? __pfx_____sys_sendmsg+0x10/0x10
[  813.117084][T27497]  ? import_iovec+0x74/0xa0
[  813.117113][T27497]  ___sys_sendmsg+0x21f/0x2a0
[  813.117137][T27497]  ? __pfx____sys_sendmsg+0x10/0x10
[  813.117207][T27497]  ? __fget_files+0x2a/0x420
[  813.117224][T27497]  ? __fget_files+0x3a0/0x420
[  813.117256][T27497]  __x64_sys_sendmsg+0x19b/0x260
[  813.117280][T27497]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  813.117313][T27497]  ? __pfx_ksys_write+0x10/0x10
[  813.117338][T27497]  ? rcu_is_watching+0x15/0xb0
[  813.117366][T27497]  ? do_syscall_64+0xbe/0x3b0
[  813.117399][T27497]  do_syscall_64+0xfa/0x3b0
[  813.117427][T27497]  ? lockdep_hardirqs_on+0x9c/0x150
[  813.117453][T27497]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.117474][T27497]  ? clear_bhb_loop+0x60/0xb0
[  813.117499][T27497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  813.117519][T27497] RIP: 0033:0x7fd31718ebe9
[  813.117538][T27497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  813.117556][T27497] RSP: 002b:00007fd317f2d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  813.117578][T27497] RAX: ffffffffffffffda RBX: 00007fd3173b5fa0 RCX: 00007fd31718ebe9
[  813.117593][T27497] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[  813.117606][T27497] RBP: 00007fd317f2d090 R08: 0000000000000000 R09: 0000000000000000
[  813.117619][T27497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  813.117631][T27497] R13: 00007fd3173b6038 R14: 00007fd3173b5fa0 R15: 00007ffd169d1828
[  813.117666][T27497]  </TASK>
[  813.204207][T27486] lo speed is unknown, defaulting to 1000
[  814.036616][T27527] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12
[  814.065597][T27527] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12
[  814.128228][T27527] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  814.336667][T27542] netlink: 'syz.1.5708': attribute type 1 has an invalid length.
[  814.459502][T27547] netlink: 'syz.2.5709': attribute type 1 has an invalid length.
[  815.131560][ T5184] block nbd76: Receive control failed (result -32)
[  815.212238][T27572] netlink: 'syz.4.5711': attribute type 13 has an invalid length.
[  815.426894][T27579] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  815.451219][T27580] __nla_validate_parse: 11 callbacks suppressed
[  815.451239][T27580] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5714'.
[  815.467559][T27579] tc_dump_action: action bad kind
[  815.476298][T27583] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5716'.
[  815.646047][T27589] unknown channel width for channel at 909000KHz?
[  815.651515][T27590] netlink: 'syz.4.5719': attribute type 2 has an invalid length.
[  815.789011][T27600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5719'.
[  815.879267][T27600] bridge_slave_1: left allmulticast mode
[  815.880411][T27604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5723'.
[  815.891173][T27600] bridge_slave_1: left promiscuous mode
[  815.912948][T27600] bridge0: port 2(bridge_slave_1) entered disabled state
[  815.929811][T27600] bridge_slave_0: left allmulticast mode
[  815.937872][T27600] bridge_slave_0: left promiscuous mode
[  815.944163][T27600] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.094335][T27602] tipc: Resetting bearer <eth:syzkaller0>
[  816.567132][T27623] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  816.600099][T27625] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5730'.
[  816.612277][T27623] tc_dump_action: action bad kind
[  816.843645][T27631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5733'.
[  816.972697][T27642] netlink: 'syz.4.5733': attribute type 15 has an invalid length.
[  817.002386][T27640] netlink: 'syz.2.5735': attribute type 3 has an invalid length.
[  817.026174][T27640] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.5735'.
[  817.035669][T27641] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5736'.
[  817.140056][T27648] netlink: 'syz.0.5739': attribute type 32 has an invalid length.
[  817.150026][T27648] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5739'.
[  817.151473][T27631] bond0: (slave macvlan0): Releasing backup interface
[  817.488787][T27660] tipc: Resetting bearer <eth:syzkaller0>
[  817.812407][T27672] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5744'.
[  818.218196][T27701] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  818.244302][T27701] tc_dump_action: action bad kind
[  818.372254][T27704] bridge0 (unregistering): left promiscuous mode
[  818.701037][T27727] netlink: 'syz.0.5761': attribute type 15 has an invalid length.
[  818.961210][T27742] netlink: 'syz.3.5766': attribute type 13 has an invalid length.
[  818.970565][T27742] tipc: Resetting bearer <eth:syzkaller0>
[  819.221918][T27754] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  819.250103][T27754] tc_dump_action: action bad kind
[  819.504516][T27762] netlink: 'syz.3.5770': attribute type 1 has an invalid length.
[  819.831329][T27775] netlink: 'syz.0.5774': attribute type 13 has an invalid length.
[  820.241265][T27790] netlink: 'syz.0.5779': attribute type 2 has an invalid length.
[  820.270637][ T5184] block nbd77: Receive control failed (result -32)
[  820.293370][T27790] þ: entered promiscuous mode
[  820.377956][T27792] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  820.449600][T27796] lo speed is unknown, defaulting to 1000
[  820.584877][T27801] netlink: 'syz.3.5783': attribute type 4 has an invalid length.
[  820.647209][T27801] __nla_validate_parse: 11 callbacks suppressed
[  820.647231][T27801] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5783'.
[  820.714662][T27796] lo speed is unknown, defaulting to 1000
[  820.721584][T27807] netlink: 'syz.0.5785': attribute type 13 has an invalid length.
[  820.766311][T27807] netlink: 80 bytes leftover after parsing attributes in process `syz.0.5785'.
[  820.871505][T27803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5783'.
[  820.947120][T27813] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5786'.
[  821.286698][T27826] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  821.343225][T27826] tc_dump_action: action bad kind
[  821.527706][T27835] IPVS: set_ctl: invalid protocol: 219 0.0.0.0:20003
[  821.553472][T27835] netlink: 128 bytes leftover after parsing attributes in process `syz.0.5795'.
[  821.697076][T27844] netlink: 80 bytes leftover after parsing attributes in process `syz.2.5796'.
[  821.761383][T27836] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5794'.
[  821.858612][T27854] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5798'.
[  821.957575][T27841] tipc: Resetting bearer <eth:syzkaller0>
[  822.324927][T27873] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5801'.
[  822.376251][ T5184] block nbd78: Receive control failed (result -32)
[  822.597754][T27878] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5806'.
[  822.613450][T27884] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  822.633337][T27884] tc_dump_action: action bad kind
[  822.896686][T27898] validate_nla: 2 callbacks suppressed
[  822.896708][T27898] netlink: 'syz.1.5812': attribute type 13 has an invalid length.
[  822.916391][T27898] tipc: Resetting bearer <eth:syzkaller0>
[  823.089696][T27904] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode
[  823.144439][T27904] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode
[  823.213129][T27913] netlink: 'syz.2.5816': attribute type 1 has an invalid length.
[  823.607766][T27932] tc_dump_action: action bad kind
[  823.971136][T27951] mac80211_hwsim hwsim40 syzkaller0: left promiscuous mode
[  823.986253][T27951] mac80211_hwsim hwsim40 syzkaller0: left allmulticast mode
[  824.018437][T27948] netlink: 'syz.3.5829': attribute type 1 has an invalid length.
[  824.043249][T27948] netlink: 'syz.3.5829': attribute type 2 has an invalid length.
[  824.045355][ T5184] block nbd79: Receive control failed (result -32)
[  824.135512][T27948] netlink: 'syz.3.5829': attribute type 1 has an invalid length.
[  824.433868][T27966] tc_dump_action: action bad kind
[  824.696802][T27978] netlink: 'syz.1.5840': attribute type 2 has an invalid length.
[  824.827140][T27978] þ: entered promiscuous mode
[  824.933616][T27989] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  825.032514][T27987] lo speed is unknown, defaulting to 1000
[  825.080333][T27999] netlink: 'syz.4.5843': attribute type 1 has an invalid length.
[  825.182384][T27995] tipc: Resetting bearer <eth:syzkaller0>
[  825.678876][T27982] lo speed is unknown, defaulting to 1000
[  825.684354][T27987] lo speed is unknown, defaulting to 1000
[  825.744721][T28013] netlink: 'syz.1.5845': attribute type 41 has an invalid length.
[  825.771618][T28013] tipc: Failed to remove unknown binding: 66,1,1/3656112887:1820178157/1820178159
[  825.835522][ T5184] block nbd80: Receive control failed (result -32)
[  825.876095][T28013] tipc: Failed to remove unknown binding: 66,1,1/3656112887:1820178157/1820178159
[  825.902706][T28013] tipc: Failed to remove unknown binding: 66,1,1/3656112887:1820178157/1820178159
[  825.959081][T28016] __nla_validate_parse: 8 callbacks suppressed
[  825.959102][T28016] netlink: 788 bytes leftover after parsing attributes in process `syz.1.5845'.
[  826.348119][T27996] lo speed is unknown, defaulting to 1000
[  826.864672][T21332] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  826.889489][T21332] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  826.906000][T21332] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  826.916480][T21332] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  826.924292][T21332] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  826.924458][T28037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5854'.
[  826.997761][T27996] lo speed is unknown, defaulting to 1000
[  827.073722][T27982] lo speed is unknown, defaulting to 1000
[  827.247147][T28033] lo speed is unknown, defaulting to 1000
[  827.733154][T28033] lo speed is unknown, defaulting to 1000
[  828.453695][T28075] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5866'.
[  828.473476][T28078] netlink: 'syz.2.5867': attribute type 2 has an invalid length.
[  828.490226][T28078] þ: entered promiscuous mode
[  828.590822][T28033] chnl_net:caif_netlink_parms(): no params data found
[  828.639049][T28080] mac80211_hwsim hwsim40 syzkaller0: entered promiscuous mode
[  828.653094][T28080] mac80211_hwsim hwsim40 syzkaller0: entered allmulticast mode
[  828.733564][T28085] netlink: 'syz.2.5869': attribute type 1 has an invalid length.
[  828.941336][T28033] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.975208][T28033] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.985310][ T5184] Bluetooth: hci4: command tx timeout
[  829.046431][T28033] bridge_slave_0: entered allmulticast mode
[  829.076151][T28033] bridge_slave_0: entered promiscuous mode
[  829.100832][T28033] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.125914][T28033] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.133321][T28033] bridge_slave_1: entered allmulticast mode
[  829.153228][T28033] bridge_slave_1: entered promiscuous mode
[  829.165855][T28101] netlink: 'syz.3.5871': attribute type 1 has an invalid length.
[  829.286960][T28101] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5871'.
[  829.299999][T21332] block nbd81: Receive control failed (result -32)
[  829.570605][T28033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  829.638182][T28033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  829.790428][T28124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5876'.
[  829.866194][ T5184] block nbd82: Receive control failed (result -32)
[  829.874355][T28127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5876'.
[  830.064176][T28033] team0: Port device team_slave_0 added
[  830.068485][T28133] netlink: 'syz.1.5879': attribute type 2 has an invalid length.
[  830.082484][T28131] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  830.094927][T28131] tipc: Resetting bearer <eth:syzkaller0>
[  830.114138][T28033] team0: Port device team_slave_1 added
[  830.161993][T28121] lo speed is unknown, defaulting to 1000
[  830.223414][T28131] tipc: Resetting bearer <eth:syzkaller0>
[  830.268083][T28033] batman_adv: batadv0: Adding interface: batadv_slave_0
[  830.287580][T28033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  830.375686][T28033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  830.403205][T28033] batman_adv: batadv0: Adding interface: batadv_slave_1
[  830.423401][T28033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  830.454070][T28033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  830.504240][T28142] tipc: Resetting bearer <eth:syzkaller0>
[  830.618838][T28148] netlink: 'syz.0.5884': attribute type 1 has an invalid length.
[  830.700776][T28121] lo speed is unknown, defaulting to 1000
[  830.711985][T28033] hsr_slave_0: entered promiscuous mode
[  830.720250][T28033] hsr_slave_1: entered promiscuous mode
[  830.736560][T28033] debugfs: 'hsr0' already exists in 'hsr'
[  830.742351][T28033] Cannot create hsr debugfs directory
[  830.777852][T28146] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5884'.
[  831.066452][T21332] Bluetooth: hci4: command tx timeout
[  831.108531][ T5184] block nbd83: Receive control failed (result -32)
[  831.411519][T28176] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  831.435745][T28176] tipc: Resetting bearer <eth:syzkaller0>
[  831.472914][T28171] lo speed is unknown, defaulting to 1000
[  831.543487][ T2861] bridge_slave_1: left allmulticast mode
[  831.564072][ T2861] bridge_slave_1: left promiscuous mode
[  831.584452][ T2861] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.610842][ T2861] bridge_slave_0: left allmulticast mode
[  831.624492][ T2861] bridge_slave_0: left promiscuous mode
[  831.636108][ T2861] bridge0: port 1(bridge_slave_0) entered disabled state
[  832.046490][ T2861] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  832.085741][ T2861] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  832.127982][ T2861] bond0 (unregistering): Released all slaves
[  832.230818][T28171] lo speed is unknown, defaulting to 1000
[  832.384205][T28182] netlink: 536 bytes leftover after parsing attributes in process `syz.1.5894'.
[  832.483258][T28182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5894'.
[  832.699487][T28193] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.5897'.
[  832.782419][T21332] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  832.792934][T21332] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  832.800924][T21332] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  832.809082][T21332] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  832.817008][T21332] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  832.859281][ T2861] hsr_slave_0: left promiscuous mode
[  832.876339][ T2861] hsr_slave_1: left promiscuous mode
[  832.882738][ T2861] batman_adv: batadv0: Removing interface: batadv_slave_0
[  832.956947][ T2861] batman_adv: batadv0: Removing interface: batadv_slave_1
[  832.977290][T28204] netlink: 'syz.2.5899': attribute type 1 has an invalid length.
[  833.029069][T28205] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5900'.
[  833.099144][T28199] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5899'.
[  833.296361][ T2861] team0 (unregistering): Port device team_slave_1 removed
[  833.380003][ T2861] team0 (unregistering): Port device team_slave_0 removed
[  833.715926][ T5184] block nbd84: Receive control failed (result -32)
[  833.819205][T28192] lo speed is unknown, defaulting to 1000
[  833.826076][ T8077] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  833.850437][T23769] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  833.891879][T23769] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  833.938096][T23769] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  834.091086][T28217] netlink: 'syz.2.5902': attribute type 15 has an invalid length.
[  834.501027][T28192] lo speed is unknown, defaulting to 1000
[  834.509194][T28194] lo speed is unknown, defaulting to 1000
[  834.917222][ T5184] Bluetooth: hci4: command tx timeout
[  834.964239][T28243] nbd: illegal input index -1
[  835.017071][T28237] lo speed is unknown, defaulting to 1000
[  835.286393][T28237] lo speed is unknown, defaulting to 1000
[  835.294941][T28249] lo speed is unknown, defaulting to 1000
[  835.447727][T28194] lo speed is unknown, defaulting to 1000
[  835.798570][T28249] lo speed is unknown, defaulting to 1000
[  836.118715][T28262] netlink: 6 bytes leftover after parsing attributes in process `syz.0.5917'.
[  836.759366][T28194] chnl_net:caif_netlink_parms(): no params data found
[  836.933441][T28299] netlink: 'syz.2.5925': attribute type 1 has an invalid length.
[  836.957243][T28194] bridge0: port 1(bridge_slave_0) entered blocking state
[  836.964701][T28194] bridge0: port 1(bridge_slave_0) entered disabled state
[  836.966771][T28300] FAULT_INJECTION: forcing a failure.
[  836.966771][T28300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  836.972795][T28194] bridge_slave_0: entered allmulticast mode
[  836.993535][T28194] bridge_slave_0: entered promiscuous mode
[  837.004463][ T5184] Bluetooth: hci4: command tx timeout
[  837.010865][T28194] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.022764][T28300] CPU: 0 UID: 0 PID: 28300 Comm: syz.1.5927 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  837.022792][T28300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  837.022805][T28300] Call Trace:
[  837.022813][T28300]  <TASK>
[  837.022822][T28300]  dump_stack_lvl+0x189/0x250
[  837.022850][T28300]  ? __pfx____ratelimit+0x10/0x10
[  837.022877][T28300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  837.022900][T28300]  ? __pfx__printk+0x10/0x10
[  837.022928][T28300]  ? __might_fault+0xb0/0x130
[  837.022967][T28300]  should_fail_ex+0x414/0x560
[  837.022997][T28300]  _copy_from_user+0x2d/0xb0
[  837.023021][T28300]  ___sys_sendmsg+0x158/0x2a0
[  837.023045][T28300]  ? __pfx____sys_sendmsg+0x10/0x10
[  837.023103][T28300]  ? __fget_files+0x2a/0x420
[  837.023119][T28300]  ? __fget_files+0x3a0/0x420
[  837.023146][T28300]  __x64_sys_sendmsg+0x19b/0x260
[  837.023169][T28300]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  837.023205][T28300]  ? __pfx_ksys_write+0x10/0x10
[  837.023236][T28300]  ? do_syscall_64+0xbe/0x3b0
[  837.023267][T28300]  do_syscall_64+0xfa/0x3b0
[  837.023293][T28300]  ? lockdep_hardirqs_on+0x9c/0x150
[  837.023318][T28300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.023336][T28300]  ? clear_bhb_loop+0x60/0xb0
[  837.023360][T28300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  837.023378][T28300] RIP: 0033:0x7f070bb8ebe9
[  837.023396][T28300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  837.023414][T28300] RSP: 002b:00007f070c973038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  837.023433][T28300] RAX: ffffffffffffffda RBX: 00007f070bdb6090 RCX: 00007f070bb8ebe9
[  837.023447][T28300] RDX: 0000000000008010 RSI: 0000200000001280 RDI: 0000000000000003
[  837.023459][T28300] RBP: 00007f070c973090 R08: 0000000000000000 R09: 0000000000000000
[  837.023470][T28300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  837.023482][T28300] R13: 00007f070bdb6128 R14: 00007f070bdb6090 R15: 00007ffd8e57b688
[  837.023533][T28300]  </TASK>
[  837.023859][T28194] bridge0: port 2(bridge_slave_1) entered disabled state
[  837.249139][T28194] bridge_slave_1: entered allmulticast mode
[  837.337171][T28194] bridge_slave_1: entered promiscuous mode
[  837.537050][T21332] block nbd85: Receive control failed (result -32)
[  837.710147][T28194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  837.766781][T28194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  837.905860][T28325] ip6tnl3: entered promiscuous mode
[  837.966950][T28194] team0: Port device team_slave_0 added
[  837.997389][T28194] team0: Port device team_slave_1 added
[  838.169652][T28194] batman_adv: batadv0: Adding interface: batadv_slave_0
[  838.186991][T28194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  838.235667][T28194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  838.254141][T28331] lo speed is unknown, defaulting to 1000
[  838.264098][T28337] netlink: 212340 bytes leftover after parsing attributes in process `syz.0.5937'.
[  838.299453][T28339] FAULT_INJECTION: forcing a failure.
[  838.299453][T28339] name failslab, interval 1, probability 0, space 0, times 0
[  838.341564][T28339] CPU: 1 UID: 0 PID: 28339 Comm: syz.1.5938 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  838.341596][T28339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  838.341610][T28339] Call Trace:
[  838.341619][T28339]  <TASK>
[  838.341629][T28339]  dump_stack_lvl+0x189/0x250
[  838.341659][T28339]  ? __pfx____ratelimit+0x10/0x10
[  838.341688][T28339]  ? __pfx_dump_stack_lvl+0x10/0x10
[  838.341714][T28339]  ? __pfx__printk+0x10/0x10
[  838.341751][T28339]  ? __pfx___might_resched+0x10/0x10
[  838.341777][T28339]  should_fail_ex+0x414/0x560
[  838.341811][T28339]  should_failslab+0xa8/0x100
[  838.341844][T28339]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  838.341874][T28339]  ? __alloc_skb+0x112/0x2d0
[  838.341910][T28339]  __alloc_skb+0x112/0x2d0
[  838.341946][T28339]  netlink_sendmsg+0x5c6/0xb30
[  838.341988][T28339]  ? __pfx_netlink_sendmsg+0x10/0x10
[  838.342023][T28339]  ? aa_sock_msg_perm+0xf1/0x1d0
[  838.342059][T28339]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  838.342082][T28339]  ? __pfx_netlink_sendmsg+0x10/0x10
[  838.342115][T28339]  __sock_sendmsg+0x219/0x270
[  838.342146][T28339]  ____sys_sendmsg+0x505/0x830
[  838.342175][T28339]  ? __pfx_____sys_sendmsg+0x10/0x10
[  838.342209][T28339]  ? import_iovec+0x74/0xa0
[  838.342238][T28339]  ___sys_sendmsg+0x21f/0x2a0
[  838.342278][T28339]  ? __pfx____sys_sendmsg+0x10/0x10
[  838.342348][T28339]  ? __fget_files+0x2a/0x420
[  838.342366][T28339]  ? __fget_files+0x3a0/0x420
[  838.342397][T28339]  __x64_sys_sendmsg+0x19b/0x260
[  838.342423][T28339]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  838.342464][T28339]  ? __pfx_ksys_write+0x10/0x10
[  838.342489][T28339]  ? rcu_is_watching+0x15/0xb0
[  838.342520][T28339]  ? do_syscall_64+0xbe/0x3b0
[  838.342555][T28339]  do_syscall_64+0xfa/0x3b0
[  838.342584][T28339]  ? lockdep_hardirqs_on+0x9c/0x150
[  838.342612][T28339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  838.342632][T28339]  ? clear_bhb_loop+0x60/0xb0
[  838.342659][T28339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  838.342679][T28339] RIP: 0033:0x7f070bb8ebe9
[  838.342698][T28339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  838.342717][T28339] RSP: 002b:00007f070c994038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  838.342751][T28339] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8ebe9
[  838.342765][T28339] RDX: 0000000000008010 RSI: 0000200000001280 RDI: 0000000000000003
[  838.342778][T28339] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  838.342790][T28339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  838.342802][T28339] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  838.342835][T28339]  </TASK>
[  838.485408][T28331] lo speed is unknown, defaulting to 1000
[  838.561580][T28341] lo speed is unknown, defaulting to 1000
[  838.577705][T28194] batman_adv: batadv0: Adding interface: batadv_slave_1
[  838.647288][T28194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  838.705945][T28194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  838.926797][T28341] lo speed is unknown, defaulting to 1000
[  838.944994][T28194] hsr_slave_0: entered promiscuous mode
[  838.952100][T28194] hsr_slave_1: entered promiscuous mode
[  838.958703][T28194] debugfs: 'hsr0' already exists in 'hsr'
[  838.964632][T28194] Cannot create hsr debugfs directory
[  839.065150][T21332] Bluetooth: hci4: command tx timeout
[  840.008867][T28194] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  840.049446][T28194] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  840.084198][T28194] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  840.129700][T28194] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  840.377039][T28194] 8021q: adding VLAN 0 to HW filter on device bond0
[  840.386349][T28388] netlink: 'syz.3.5953': attribute type 13 has an invalid length.
[  840.394468][T28388] netlink: 'syz.3.5953': attribute type 17 has an invalid length.
[  840.606956][T28388] 8021q: adding VLAN 0 to HW filter on device team0
[  840.619089][T28397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5953'.
[  840.666906][T21806] page_pool_release_retry() stalled pool shutdown: id 86, 3329 inflight 423 sec
[  840.718515][T28400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  840.907093][T28388] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  840.956346][T28194] 8021q: adding VLAN 0 to HW filter on device team0
[  840.991778][T28391] lo speed is unknown, defaulting to 1000
[  841.052824][ T2861] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.060170][ T2861] bridge0: port 1(bridge_slave_0) entered forwarding state
[  841.120913][ T2861] bridge0: port 2(bridge_slave_1) entered blocking state
[  841.128305][ T2861] bridge0: port 2(bridge_slave_1) entered forwarding state
[  841.146462][T21332] Bluetooth: hci4: command tx timeout
[  841.261896][T28194] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  841.284208][T28194] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  841.531715][T28389] lo speed is unknown, defaulting to 1000
[  841.547909][T28391] lo speed is unknown, defaulting to 1000
[  841.842934][T28194] 8021q: adding VLAN 0 to HW filter on device batadv0
[  841.892754][T28407] lo speed is unknown, defaulting to 1000
[  842.243164][T28194] veth0_vlan: entered promiscuous mode
[  842.269088][T28194] veth1_vlan: entered promiscuous mode
[  842.279669][T28407] lo speed is unknown, defaulting to 1000
[  842.301017][T28389] lo speed is unknown, defaulting to 1000
[  842.459270][T28194] veth0_macvtap: entered promiscuous mode
[  842.470640][T28194] veth1_macvtap: entered promiscuous mode
[  842.594422][T28194] batman_adv: batadv0: Interface activated: batadv_slave_0
[  842.622604][T28194] batman_adv: batadv0: Interface activated: batadv_slave_1
[  842.643631][ T8087] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  842.670646][ T8087] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  842.694209][ T8087] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  842.728046][ T8087] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  842.976588][T28422] FAULT_INJECTION: forcing a failure.
[  842.976588][T28422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  843.008463][T28422] CPU: 0 UID: 0 PID: 28422 Comm: syz.0.5959 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  843.008493][T28422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  843.008505][T28422] Call Trace:
[  843.008514][T28422]  <TASK>
[  843.008522][T28422]  dump_stack_lvl+0x189/0x250
[  843.008551][T28422]  ? __pfx____ratelimit+0x10/0x10
[  843.008579][T28422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  843.008602][T28422]  ? __pfx__printk+0x10/0x10
[  843.008628][T28422]  ? __might_fault+0xb0/0x130
[  843.008666][T28422]  should_fail_ex+0x414/0x560
[  843.008697][T28422]  _copy_from_iter+0x1db/0x16f0
[  843.008722][T28422]  ? rcu_is_watching+0x15/0xb0
[  843.008742][T28422]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  843.008771][T28422]  ? __pfx__copy_from_iter+0x10/0x10
[  843.008792][T28422]  ? __build_skb_around+0x257/0x3e0
[  843.008825][T28422]  ? netlink_sendmsg+0x642/0xb30
[  843.008850][T28422]  ? skb_put+0x11b/0x210
[  843.008872][T28422]  netlink_sendmsg+0x6b2/0xb30
[  843.008909][T28422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  843.008941][T28422]  ? aa_sock_msg_perm+0xf1/0x1d0
[  843.008972][T28422]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  843.008993][T28422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  843.009021][T28422]  __sock_sendmsg+0x219/0x270
[  843.009055][T28422]  ____sys_sendmsg+0x505/0x830
[  843.009081][T28422]  ? __pfx_____sys_sendmsg+0x10/0x10
[  843.009111][T28422]  ? import_iovec+0x74/0xa0
[  843.009136][T28422]  ___sys_sendmsg+0x21f/0x2a0
[  843.009158][T28422]  ? __pfx____sys_sendmsg+0x10/0x10
[  843.009216][T28422]  ? __fget_files+0x2a/0x420
[  843.009232][T28422]  ? __fget_files+0x3a0/0x420
[  843.009260][T28422]  __x64_sys_sendmsg+0x19b/0x260
[  843.009282][T28422]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  843.009313][T28422]  ? __pfx_ksys_write+0x10/0x10
[  843.009335][T28422]  ? rcu_is_watching+0x15/0xb0
[  843.009359][T28422]  ? do_syscall_64+0xbe/0x3b0
[  843.009391][T28422]  do_syscall_64+0xfa/0x3b0
[  843.009416][T28422]  ? lockdep_hardirqs_on+0x9c/0x150
[  843.009441][T28422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.009460][T28422]  ? clear_bhb_loop+0x60/0xb0
[  843.009483][T28422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.009501][T28422] RIP: 0033:0x7fd07478ebe9
[  843.009519][T28422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  843.009535][T28422] RSP: 002b:00007fd0729f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  843.009556][T28422] RAX: ffffffffffffffda RBX: 00007fd0749b6090 RCX: 00007fd07478ebe9
[  843.009570][T28422] RDX: 0000000000008010 RSI: 0000200000001280 RDI: 0000000000000003
[  843.009582][T28422] RBP: 00007fd0729f6090 R08: 0000000000000000 R09: 0000000000000000
[  843.009593][T28422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  843.009604][T28422] R13: 00007fd0749b6128 R14: 00007fd0749b6090 R15: 00007ffcd88c4598
[  843.009635][T28422]  </TASK>
[  843.385581][ T8077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.417537][ T8077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.462221][T28424] veth0: entered promiscuous mode
[  843.480354][ T2861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  843.496056][ T2861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.511817][T28423] veth0: left promiscuous mode
[  843.801407][T28435] netlink: 'syz.3.5962': attribute type 1 has an invalid length.
[  843.825765][T28437] tipc: Resetting bearer <eth:syzkaller0>
[  843.870456][T28438] netlink: 'syz.5.5963': attribute type 1 has an invalid length.
[  843.995664][T28431] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5962'.
[  844.032332][T28434] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5963'.
[  844.130081][T28449] netlink: 'syz.1.5966': attribute type 5 has an invalid length.
[  844.541217][T21332] block nbd86: Receive control failed (result -32)
[  844.552219][T28465] FAULT_INJECTION: forcing a failure.
[  844.552219][T28465] name failslab, interval 1, probability 0, space 0, times 0
[  844.582881][T28465] CPU: 1 UID: 0 PID: 28465 Comm: syz.0.5969 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  844.582912][T28465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  844.582926][T28465] Call Trace:
[  844.582947][T28465]  <TASK>
[  844.582956][T28465]  dump_stack_lvl+0x189/0x250
[  844.582985][T28465]  ? __pfx____ratelimit+0x10/0x10
[  844.583012][T28465]  ? __pfx_dump_stack_lvl+0x10/0x10
[  844.583054][T28465]  ? __pfx__printk+0x10/0x10
[  844.583089][T28465]  ? __pfx___might_resched+0x10/0x10
[  844.583109][T28465]  ? fs_reclaim_acquire+0x7d/0x100
[  844.583147][T28465]  should_fail_ex+0x414/0x560
[  844.583180][T28465]  should_failslab+0xa8/0x100
[  844.583212][T28465]  __kmalloc_cache_noprof+0x70/0x3d0
[  844.583241][T28465]  ? genl_start+0x1c9/0x6c0
[  844.583270][T28465]  genl_start+0x1c9/0x6c0
[  844.583291][T28465]  ? netlink_lookup+0x30/0x200
[  844.583326][T28465]  __netlink_dump_start+0x469/0x7e0
[  844.583364][T28465]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  844.583393][T28465]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  844.583426][T28465]  ? __pfx_genl_start+0x10/0x10
[  844.583446][T28465]  ? __pfx_genl_dumpit+0x10/0x10
[  844.583465][T28465]  ? __pfx_genl_done+0x10/0x10
[  844.583491][T28465]  ? bpf_lsm_capable+0x9/0x20
[  844.583517][T28465]  ? security_capable+0x7e/0x2e0
[  844.583554][T28465]  genl_rcv_msg+0x5da/0x790
[  844.583585][T28465]  ? __pfx_genl_rcv_msg+0x10/0x10
[  844.583615][T28465]  ? __pfx_seg6_genl_dumphmac_start+0x10/0x10
[  844.583634][T28465]  ? __pfx_seg6_genl_dumphmac+0x10/0x10
[  844.583652][T28465]  ? __pfx_seg6_genl_dumphmac_done+0x10/0x10
[  844.583689][T28465]  netlink_rcv_skb+0x205/0x470
[  844.583717][T28465]  ? __lock_acquire+0xab9/0xd20
[  844.583747][T28465]  ? __pfx_genl_rcv_msg+0x10/0x10
[  844.583772][T28465]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  844.583823][T28465]  ? down_read+0x1ad/0x2e0
[  844.583846][T28465]  genl_rcv+0x28/0x40
[  844.583866][T28465]  netlink_unicast+0x82c/0x9e0
[  844.583907][T28465]  ? __pfx_netlink_unicast+0x10/0x10
[  844.583955][T28465]  ? netlink_sendmsg+0x642/0xb30
[  844.583983][T28465]  ? skb_put+0x11b/0x210
[  844.584007][T28465]  netlink_sendmsg+0x805/0xb30
[  844.584050][T28465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.584086][T28465]  ? aa_sock_msg_perm+0xf1/0x1d0
[  844.584121][T28465]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  844.584144][T28465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.584175][T28465]  __sock_sendmsg+0x219/0x270
[  844.584207][T28465]  ____sys_sendmsg+0x505/0x830
[  844.584236][T28465]  ? __pfx_____sys_sendmsg+0x10/0x10
[  844.584270][T28465]  ? import_iovec+0x74/0xa0
[  844.584299][T28465]  ___sys_sendmsg+0x21f/0x2a0
[  844.584324][T28465]  ? __pfx____sys_sendmsg+0x10/0x10
[  844.584391][T28465]  ? __fget_files+0x2a/0x420
[  844.584409][T28465]  ? __fget_files+0x3a0/0x420
[  844.584441][T28465]  __x64_sys_sendmsg+0x19b/0x260
[  844.584467][T28465]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  844.584502][T28465]  ? __pfx_ksys_write+0x10/0x10
[  844.584527][T28465]  ? rcu_is_watching+0x15/0xb0
[  844.584555][T28465]  ? do_syscall_64+0xbe/0x3b0
[  844.584597][T28465]  do_syscall_64+0xfa/0x3b0
[  844.584626][T28465]  ? lockdep_hardirqs_on+0x9c/0x150
[  844.584654][T28465]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.584676][T28465]  ? clear_bhb_loop+0x60/0xb0
[  844.584702][T28465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.584723][T28465] RIP: 0033:0x7fd07478ebe9
[  844.584743][T28465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.584761][T28465] RSP: 002b:00007fd075528038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  844.584784][T28465] RAX: ffffffffffffffda RBX: 00007fd0749b5fa0 RCX: 00007fd07478ebe9
[  844.584799][T28465] RDX: 0000000000008010 RSI: 0000200000001280 RDI: 0000000000000003
[  844.584813][T28465] RBP: 00007fd075528090 R08: 0000000000000000 R09: 0000000000000000
[  844.584827][T28465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.584839][T28465] R13: 00007fd0749b6038 R14: 00007fd0749b5fa0 R15: 00007ffcd88c4598
[  844.584877][T28465]  </TASK>
[  844.648952][T28466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5968'.
[  844.831027][T28467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5968'.
[  845.738095][T28507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5979'.
[  845.749943][T28508] FAULT_INJECTION: forcing a failure.
[  845.749943][T28508] name failslab, interval 1, probability 0, space 0, times 0
[  845.763124][T28508] CPU: 1 UID: 0 PID: 28508 Comm: syz.0.5981 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  845.763150][T28508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  845.763161][T28508] Call Trace:
[  845.763168][T28508]  <TASK>
[  845.763175][T28508]  dump_stack_lvl+0x189/0x250
[  845.763198][T28508]  ? __pfx____ratelimit+0x10/0x10
[  845.763220][T28508]  ? __pfx_dump_stack_lvl+0x10/0x10
[  845.763239][T28508]  ? __pfx__printk+0x10/0x10
[  845.763266][T28508]  ? __pfx___might_resched+0x10/0x10
[  845.763303][T28508]  should_fail_ex+0x414/0x560
[  845.763329][T28508]  should_failslab+0xa8/0x100
[  845.763357][T28508]  __kmalloc_cache_noprof+0x70/0x3d0
[  845.763379][T28508]  ? seg6_genl_dumphmac_start+0xfe/0x150
[  845.763401][T28508]  seg6_genl_dumphmac_start+0xfe/0x150
[  845.763419][T28508]  genl_start+0x4c3/0x6c0
[  845.763446][T28508]  __netlink_dump_start+0x469/0x7e0
[  845.763476][T28508]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  845.763499][T28508]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  845.763531][T28508]  ? __pfx_genl_start+0x10/0x10
[  845.763547][T28508]  ? __pfx_genl_dumpit+0x10/0x10
[  845.763563][T28508]  ? __pfx_genl_done+0x10/0x10
[  845.763584][T28508]  ? bpf_lsm_capable+0x9/0x20
[  845.763606][T28508]  ? security_capable+0x7e/0x2e0
[  845.763636][T28508]  genl_rcv_msg+0x5da/0x790
[  845.763661][T28508]  ? __pfx_genl_rcv_msg+0x10/0x10
[  845.763678][T28508]  ? __pfx_seg6_genl_dumphmac_start+0x10/0x10
[  845.763692][T28508]  ? __pfx_seg6_genl_dumphmac+0x10/0x10
[  845.763706][T28508]  ? __pfx_seg6_genl_dumphmac_done+0x10/0x10
[  845.763735][T28508]  netlink_rcv_skb+0x205/0x470
[  845.763757][T28508]  ? __lock_acquire+0xab9/0xd20
[  845.763784][T28508]  ? __pfx_genl_rcv_msg+0x10/0x10
[  845.763804][T28508]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  845.763849][T28508]  ? down_read+0x1ad/0x2e0
[  845.763867][T28508]  genl_rcv+0x28/0x40
[  845.763883][T28508]  netlink_unicast+0x82c/0x9e0
[  845.763913][T28508]  ? __pfx_netlink_unicast+0x10/0x10
[  845.763956][T28508]  ? netlink_sendmsg+0x642/0xb30
[  845.763979][T28508]  ? skb_put+0x11b/0x210
[  845.763998][T28508]  netlink_sendmsg+0x805/0xb30
[  845.764032][T28508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  845.764061][T28508]  ? aa_sock_msg_perm+0xf1/0x1d0
[  845.764090][T28508]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  845.764109][T28508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  845.764135][T28508]  __sock_sendmsg+0x219/0x270
[  845.764160][T28508]  ____sys_sendmsg+0x505/0x830
[  845.764183][T28508]  ? __pfx_____sys_sendmsg+0x10/0x10
[  845.764209][T28508]  ? import_iovec+0x74/0xa0
[  845.764232][T28508]  ___sys_sendmsg+0x21f/0x2a0
[  845.764252][T28508]  ? __pfx____sys_sendmsg+0x10/0x10
[  845.764303][T28508]  ? __fget_files+0x2a/0x420
[  845.764318][T28508]  ? __fget_files+0x3a0/0x420
[  845.764343][T28508]  __x64_sys_sendmsg+0x19b/0x260
[  845.764363][T28508]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  845.764390][T28508]  ? __pfx_ksys_write+0x10/0x10
[  845.764411][T28508]  ? rcu_is_watching+0x15/0xb0
[  845.764433][T28508]  ? do_syscall_64+0xbe/0x3b0
[  845.764462][T28508]  do_syscall_64+0xfa/0x3b0
[  845.764485][T28508]  ? lockdep_hardirqs_on+0x9c/0x150
[  845.764508][T28508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  845.764531][T28508]  ? clear_bhb_loop+0x60/0xb0
[  845.764553][T28508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  845.764569][T28508] RIP: 0033:0x7fd07478ebe9
[  845.764585][T28508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  845.764600][T28508] RSP: 002b:00007fd075528038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  845.764619][T28508] RAX: ffffffffffffffda RBX: 00007fd0749b5fa0 RCX: 00007fd07478ebe9
[  845.764631][T28508] RDX: 0000000000008010 RSI: 0000200000001280 RDI: 0000000000000003
[  845.764643][T28508] RBP: 00007fd075528090 R08: 0000000000000000 R09: 0000000000000000
[  845.764654][T28508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  845.764664][T28508] R13: 00007fd0749b6038 R14: 00007fd0749b5fa0 R15: 00007ffcd88c4598
[  845.764692][T28508]  </TASK>
[  846.161062][T28511] tc_dump_action: action bad kind
[  846.295987][T28515] netlink: 'syz.3.5985': attribute type 5 has an invalid length.
[  846.325427][T28517] netlink: 'syz.0.5984': attribute type 13 has an invalid length.
[  846.403327][T28519] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5986'.
[  846.478990][T28520] netlink: 80 bytes leftover after parsing attributes in process `syz.0.5984'.
[  846.672222][T28529] netlink: 566 bytes leftover after parsing attributes in process `syz.0.5989'.
[  846.689665][T28527] netlink: 'syz.1.5988': attribute type 32 has an invalid length.
[  846.714917][T28527] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5988'.
[  847.383453][T28554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5995'.
[  847.694589][T28563] netlink: 'syz.0.5998': attribute type 1 has an invalid length.
[  847.708360][T28561] netlink: 'syz.1.5997': attribute type 5 has an invalid length.
[  847.730497][T28563] netlink: 'syz.0.5998': attribute type 2 has an invalid length.
[  847.885528][T28573] netlink: 'syz.3.6000': attribute type 1 has an invalid length.
[  848.399884][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  848.410082][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  848.428288][ T5875] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  848.441452][ T5875] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  848.464959][ T5875] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  848.490765][T28592] bridge0: port 1(veth0_to_bridge) entered blocking state
[  848.503249][T21332] block nbd87: Receive control failed (result -32)
[  848.522631][T28592] bridge0: port 1(veth0_to_bridge) entered disabled state
[  848.559301][T28598] netlink: 'syz.5.6007': attribute type 32 has an invalid length.
[  848.649977][T28592] veth0_to_bridge: entered allmulticast mode
[  848.681997][T28592] veth0_to_bridge: entered promiscuous mode
[  848.906614][T28593] lo speed is unknown, defaulting to 1000
[  849.044472][T28613] __nla_validate_parse: 5 callbacks suppressed
[  849.044496][T28613] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6011'.
[  849.716338][T28593] lo speed is unknown, defaulting to 1000
[  849.764368][T28643] netlink: 'syz.5.6020': attribute type 2 has an invalid length.
[  849.778253][T28645] FAULT_INJECTION: forcing a failure.
[  849.778253][T28645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  849.825824][T28645] CPU: 0 UID: 0 PID: 28645 Comm: syz.1.6021 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  849.825854][T28645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  849.825866][T28645] Call Trace:
[  849.825875][T28645]  <TASK>
[  849.825884][T28645]  dump_stack_lvl+0x189/0x250
[  849.825930][T28645]  ? __pfx____ratelimit+0x10/0x10
[  849.825959][T28645]  ? __pfx_dump_stack_lvl+0x10/0x10
[  849.825983][T28645]  ? __pfx__printk+0x10/0x10
[  849.826027][T28645]  should_fail_ex+0x414/0x560
[  849.826060][T28645]  _copy_to_user+0x31/0xb0
[  849.826085][T28645]  simple_read_from_buffer+0xe1/0x170
[  849.826121][T28645]  proc_fail_nth_read+0x1b3/0x220
[  849.826148][T28645]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  849.826175][T28645]  ? rw_verify_area+0x2a6/0x4d0
[  849.826201][T28645]  ? __lock_acquire+0xab9/0xd20
[  849.826229][T28645]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  849.826253][T28645]  vfs_read+0x1fd/0xa30
[  849.826279][T28645]  ? fdget_pos+0x247/0x320
[  849.826302][T28645]  ? __pfx___mutex_lock+0x10/0x10
[  849.826333][T28645]  ? __pfx_vfs_read+0x10/0x10
[  849.826361][T28645]  ? __fget_files+0x2a/0x420
[  849.826385][T28645]  ? __fget_files+0x3a0/0x420
[  849.826401][T28645]  ? __fget_files+0x2a/0x420
[  849.826430][T28645]  ksys_read+0x145/0x250
[  849.826466][T28645]  ? __pfx_ksys_read+0x10/0x10
[  849.826490][T28645]  ? rcu_is_watching+0x15/0xb0
[  849.826516][T28645]  ? do_syscall_64+0xbe/0x3b0
[  849.826550][T28645]  do_syscall_64+0xfa/0x3b0
[  849.826582][T28645]  ? lockdep_hardirqs_on+0x9c/0x150
[  849.826609][T28645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.826630][T28645]  ? clear_bhb_loop+0x60/0xb0
[  849.826655][T28645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.826675][T28645] RIP: 0033:0x7f070bb8d5fc
[  849.826693][T28645] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  849.826711][T28645] RSP: 002b:00007f070c994030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  849.826732][T28645] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8d5fc
[  849.826747][T28645] RDX: 000000000000000f RSI: 00007f070c9940a0 RDI: 0000000000000004
[  849.826761][T28645] RBP: 00007f070c994090 R08: 0000000000000000 R09: 0000000000000000
[  849.826773][T28645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  849.826785][T28645] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  849.826820][T28645]  </TASK>
[  850.211754][T28651] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6023'.
[  850.262144][T28593] chnl_net:caif_netlink_parms(): no params data found
[  850.366810][T28664] netlink: 'syz.0.6026': attribute type 32 has an invalid length.
[  850.385160][T28664] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6026'.
[  850.544958][T28672] netlink: 80 bytes leftover after parsing attributes in process `syz.3.6027'.
[  850.587492][T21332] Bluetooth: hci2: command tx timeout
[  850.766454][T28688] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  850.778500][T28688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6030'.
[  850.791884][T28691] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  851.071831][T28698] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6034'.
[  851.178799][T28669] tipc: Resetting bearer <eth:syzkaller0>
[  851.212508][T28704] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6036'.
[  851.235774][T28593] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.243429][T28593] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.251402][T28593] bridge_slave_0: entered allmulticast mode
[  851.259737][T28593] bridge_slave_0: entered promiscuous mode
[  851.377686][T28593] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.404565][T28593] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.428340][T28593] bridge_slave_1: entered allmulticast mode
[  851.437165][T28593] bridge_slave_1: entered promiscuous mode
[  851.481031][T28710] validate_nla: 3 callbacks suppressed
[  851.481053][T28710] netlink: 'syz.0.6037': attribute type 1 has an invalid length.
[  851.499156][T28713] netlink: 'syz.1.6038': attribute type 1 has an invalid length.
[  851.545931][T28593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  851.569178][T28593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  851.582471][T28713] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6038'.
[  851.641409][T28710] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6037'.
[  851.691847][T28593] team0: Port device team_slave_0 added
[  851.767288][T28593] team0: Port device team_slave_1 added
[  852.294911][T21332] block nbd88: Receive control failed (result -32)
[  852.319060][T28593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  852.346132][T28593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.486104][T28593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  852.528168][T28593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  852.555976][T28593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.598695][T28593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  852.665597][T21332] Bluetooth: hci2: command tx timeout
[  852.738806][T28750] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6046'.
[  852.971846][T28593] hsr_slave_0: entered promiscuous mode
[  853.018852][T28593] hsr_slave_1: entered promiscuous mode
[  853.043502][T28593] debugfs: 'hsr0' already exists in 'hsr'
[  853.063173][T28593] Cannot create hsr debugfs directory
[  853.137598][T28765] bond5: entered promiscuous mode
[  853.142707][T28765] bond5: entered allmulticast mode
[  853.149264][T28765] 8021q: adding VLAN 0 to HW filter on device bond5
[  853.641895][T28788] netlink: 'syz.1.6058': attribute type 32 has an invalid length.
[  853.756673][T28791] netlink: 'syz.3.6059': attribute type 5 has an invalid length.
[  854.032028][T28593] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  854.074327][T28593] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  854.136880][T28593] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  854.178646][T28593] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  854.478847][T28816] __nla_validate_parse: 4 callbacks suppressed
[  854.478868][T28816] netlink: 80 bytes leftover after parsing attributes in process `syz.0.6063'.
[  854.681574][T28593] 8021q: adding VLAN 0 to HW filter on device bond0
[  854.737789][T28820] netlink: 'syz.0.6065': attribute type 1 has an invalid length.
[  854.751326][T28593] 8021q: adding VLAN 0 to HW filter on device team0
[  854.755177][T21332] Bluetooth: hci2: command tx timeout
[  854.808941][ T3522] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.816206][ T3522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  854.851624][T28821] vlan0: entered allmulticast mode
[  854.876245][T28821] veth1: entered allmulticast mode
[  854.931673][T28820] vlan0: entered allmulticast mode
[  854.977035][T10864] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.984366][T10864] bridge0: port 2(bridge_slave_1) entered forwarding state
[  855.199014][T28836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6068'.
[  855.372579][T28840] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6071'.
[  855.599723][T28849] netlink: 'syz.3.6073': attribute type 23 has an invalid length.
[  855.742604][T28593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  855.892775][T28593] veth0_vlan: entered promiscuous mode
[  855.931303][T28593] veth1_vlan: entered promiscuous mode
[  856.041605][T28593] veth0_macvtap: entered promiscuous mode
[  856.089170][T28593] veth1_macvtap: entered promiscuous mode
[  856.161232][T28593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  856.198343][T28593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  856.222115][T23769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  856.246523][T23769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  856.311567][T23769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  856.339396][T23769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  856.389389][T10864] nci: nci_rsp_packet: unknown rsp opcode 0x73a
[  856.430829][T28874] lo speed is unknown, defaulting to 1000
[  856.587810][T23769] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.612525][T23769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.766303][T23769] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  856.790475][T23769] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  856.825858][T21332] Bluetooth: hci2: command tx timeout
[  856.989982][T28885] netlink: 'syz.1.6084': attribute type 12 has an invalid length.
[  857.002625][T28885] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.6084'.
[  857.010132][T28874] lo speed is unknown, defaulting to 1000
[  857.491907][   T30] audit: type=1804 audit(1755346523.853:17): pid=28901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.6091" name="memory.events" dev="tmpfs" ino=169 res=1 errno=0
[  857.580473][   T30] audit: type=1800 audit(1755346523.853:18): pid=28901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.6091" name="memory.events" dev="tmpfs" ino=169 res=0 errno=0
[  857.664418][T28907] netlink: 'syz.1.6093': attribute type 1 has an invalid length.
[  857.726988][T28909] netlink: 'syz.2.6092': attribute type 1 has an invalid length.
[  857.806401][T28910] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6094'.
[  857.934662][T28905] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6092'.
[  858.183991][ T5875] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  858.207746][ T5875] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  858.216534][ T5875] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  858.232656][ T5875] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  858.255853][ T5875] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  858.450267][T21332] block nbd89: Receive control failed (result -32)
[  858.683789][T28922] lo speed is unknown, defaulting to 1000
[  858.839246][T28942] netlink: 'syz.1.6098': attribute type 32 has an invalid length.
[  858.896031][T28942] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6098'.
[  859.084953][T28949] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6100'.
[  859.176101][T28953] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6101'.
[  859.352413][T28953] bridge9: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  859.425901][T28922] lo speed is unknown, defaulting to 1000
[  859.426126][T28936] lo speed is unknown, defaulting to 1000
[  859.835982][T28975] netlink: 'syz.5.6106': attribute type 1 has an invalid length.
[  859.878667][T28979] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6108'.
[  859.927155][T28936] lo speed is unknown, defaulting to 1000
[  859.963860][T28971] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6106'.
[  860.034281][T28922] chnl_net:caif_netlink_parms(): no params data found
[  860.346418][ T5875] Bluetooth: hci5: command tx timeout
[  860.577480][T21332] block nbd90: Receive control failed (result -32)
[  860.770751][T29003] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6112'.
[  860.840829][T29005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6113'.
[  861.218880][T28922] bridge0: port 1(bridge_slave_0) entered blocking state
[  861.246519][T28922] bridge0: port 1(bridge_slave_0) entered disabled state
[  861.254887][T28922] bridge_slave_0: entered allmulticast mode
[  861.264628][T28922] bridge_slave_0: entered promiscuous mode
[  861.304300][T28922] bridge0: port 2(bridge_slave_1) entered blocking state
[  861.323682][T28922] bridge0: port 2(bridge_slave_1) entered disabled state
[  861.339777][T28922] bridge_slave_1: entered allmulticast mode
[  861.356505][T28922] bridge_slave_1: entered promiscuous mode
[  861.462225][T29023] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6119'.
[  861.504277][T28922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  861.560678][T28922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  861.732085][T28922] team0: Port device team_slave_0 added
[  861.758240][T28922] team0: Port device team_slave_1 added
[  861.829165][T29035] netlink: 'syz.1.6122': attribute type 1 has an invalid length.
[  861.858301][T28922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  861.876346][T28922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  861.903617][T28922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  861.922800][T28922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  861.932065][T28922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  861.963820][T29031] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6122'.
[  861.984936][T28922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  862.186500][T29051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6125'.
[  862.197535][T29040] syzkaller0: entered promiscuous mode
[  862.203161][T29040] syzkaller0: entered allmulticast mode
[  862.393596][T29057] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6126'.
[  862.424349][T29057] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6126'.
[  862.439635][ T5875] Bluetooth: hci5: command tx timeout
[  862.477188][T21332] block nbd91: Receive control failed (result -32)
[  862.495147][T29057] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6126'.
[  863.060710][T29074] netlink: 'syz.1.6132': attribute type 2 has an invalid length.
[  864.519658][T21332] Bluetooth: hci5: command tx timeout
[  864.782354][T29077] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  864.933112][T29086] __nla_validate_parse: 3 callbacks suppressed
[  864.933132][T29086] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6135'.
[  864.934099][T28922] hsr_slave_0: entered promiscuous mode
[  864.963517][T28922] hsr_slave_1: entered promiscuous mode
[  864.982771][T28922] debugfs: 'hsr0' already exists in 'hsr'
[  864.991185][T29089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6136'.
[  864.995091][T28922] Cannot create hsr debugfs directory
[  865.114444][T29099] netlink: 'syz.0.6138': attribute type 2 has an invalid length.
[  865.132614][T29100] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6137'.
[  865.142649][T29100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6137'.
[  865.329607][T29104] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6139'.
[  865.533413][T29112] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6143'.
[  865.548079][T29110] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6142'.
[  865.762282][T29119] lo speed is unknown, defaulting to 1000
[  866.262147][T29119] lo speed is unknown, defaulting to 1000
[  866.311010][T28922] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  866.321485][T29130] netlink: 'syz.1.6150': attribute type 2 has an invalid length.
[  866.348070][T28922] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  866.392516][T28922] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  866.453871][T28922] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  866.562210][T29142] netlink: 'syz.1.6153': attribute type 13 has an invalid length.
[  866.571747][T29141] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6152'.
[  866.588026][T21332] Bluetooth: hci5: command tx timeout
[  866.646944][T29145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6153'.
[  866.688015][T29142] tipc: Resetting bearer <eth:syzkaller0>
[  866.839905][T29148] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6155'.
[  866.879339][T29148] netlink: 'syz.2.6155': attribute type 6 has an invalid length.
[  866.880960][T29145] bridge11: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  866.902811][T23769] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  866.937949][T23769] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  867.016582][T29148] bond_slave_0: entered promiscuous mode
[  867.022673][T29148] bond_slave_1: entered promiscuous mode
[  867.043062][T29148] macsec1: entered allmulticast mode
[  867.054931][T29148] bond0: entered allmulticast mode
[  867.060608][T29148] bond_slave_0: entered allmulticast mode
[  867.075224][T29148] bond_slave_1: entered allmulticast mode
[  867.099368][T29148] bond0: left allmulticast mode
[  867.105639][T29148] bond_slave_0: left allmulticast mode
[  867.111646][T29148] bond_slave_1: left allmulticast mode
[  867.117932][T29148] bond_slave_0: left promiscuous mode
[  867.124953][T29148] bond_slave_1: left promiscuous mode
[  867.161144][T10865] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  867.259109][T10865] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  867.275378][T29162] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  867.288397][T29162] tipc: Resetting bearer <eth:syzkaller0>
[  867.349046][T28922] 8021q: adding VLAN 0 to HW filter on device bond0
[  867.383010][T29166] netlink: 'syz.2.6160': attribute type 2 has an invalid length.
[  867.422088][T28922] 8021q: adding VLAN 0 to HW filter on device team0
[  867.442822][ T3522] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.450061][ T3522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  867.497734][ T8077] bridge0: port 2(bridge_slave_1) entered blocking state
[  867.505030][ T8077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  867.758943][T29179] netlink: 'syz.2.6165': attribute type 13 has an invalid length.
[  868.010886][T29179] bridge0: port 2(bridge_slave_1) entered disabled state
[  868.018674][T29179] bridge0: port 1(bridge_slave_0) entered disabled state
[  868.304541][T29179] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  868.331425][T29179] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  868.531570][T29183] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  868.596587][ T8086] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  868.625899][ T8086] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  868.634838][ T8086] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  868.665626][ T8086] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  868.788905][T29208] netlink: 'syz.2.6171': attribute type 13 has an invalid length.
[  868.850077][T29211] lo speed is unknown, defaulting to 1000
[  868.862116][T28922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  869.030550][T28922] veth0_vlan: entered promiscuous mode
[  869.037470][T29215] netlink: 'syz.5.6172': attribute type 2 has an invalid length.
[  869.081163][T28922] veth1_vlan: entered promiscuous mode
[  869.178553][T28922] veth0_macvtap: entered promiscuous mode
[  869.208573][T28922] veth1_macvtap: entered promiscuous mode
[  869.263674][T28922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  869.290564][T29211] lo speed is unknown, defaulting to 1000
[  869.301760][T28922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  869.337084][ T8086] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  869.364396][ T8086] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  869.401856][ T8086] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  869.453918][ T8086] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.635486][T29231] netlink: 'syz.5.6180': attribute type 13 has an invalid length.
[  869.859926][T29231] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.867676][T29231] bridge0: port 1(bridge_slave_0) entered disabled state
[  870.120133][T29231] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  870.141970][T29231] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  870.422901][T29234] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  870.453026][ T8077] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  870.497207][ T8077] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  870.582495][T10865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.596276][T10865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.638480][ T8077] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  870.662456][ T8077] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  870.674280][T29249] netlink: 'syz.5.6184': attribute type 1 has an invalid length.
[  870.708846][T29250] __nla_validate_parse: 7 callbacks suppressed
[  870.708885][T29250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6185'.
[  870.786227][T29252] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6184'.
[  870.812806][T29248] lo speed is unknown, defaulting to 1000
[  870.824276][ T3522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.843755][ T3522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.847838][T29252] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6184'.
[  870.957725][T29252] bond0: (slave bond_slave_1): Releasing backup interface
[  871.098864][T29249] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6184'.
[  871.566271][T29264] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6188'.
[  871.987605][T29248] lo speed is unknown, defaulting to 1000
[  872.087394][T29276] netlink: 'syz.3.6194': attribute type 13 has an invalid length.
[  872.133110][T29275] 
[  872.135504][T29275] ======================================================
[  872.142532][T29275] WARNING: possible circular locking dependency detected
[  872.149573][T29275] 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 Not tainted
[  872.156700][T29275] ------------------------------------------------------
[  872.163732][T29275] syz.1.6193/29275 is trying to acquire lock:
[  872.169805][T29275] ffffffff8f68d298 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x25/0xe0
[  872.179267][T29275] 
[  872.179267][T29275] but task is already holding lock:
[  872.186648][T29275] ffff888062bf5070 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  872.195983][T29275] 
[  872.195983][T29275] which lock already depends on the new lock.
[  872.195983][T29275] 
[  872.206380][T29275] 
[  872.206380][T29275] the existing dependency chain (in reverse order) is:
[  872.215388][T29275] 
[  872.215388][T29275] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  872.223380][T29275]        lock_acquire+0x120/0x360
[  872.228414][T29275]        _raw_spin_lock_bh+0x36/0x50
[  872.233701][T29275]        nr_rt_ioctl+0x193/0xd50
[  872.238661][T29275]        sock_do_ioctl+0xd9/0x300
[  872.243694][T29275]        sock_ioctl+0x576/0x790
[  872.248548][T29275]        __se_sys_ioctl+0xf9/0x170
[  872.253659][T29275]        do_syscall_64+0xfa/0x3b0
[  872.258688][T29275]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.265121][T29275] 
[  872.265121][T29275] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  872.272960][T29275]        lock_acquire+0x120/0x360
[  872.277987][T29275]        _raw_spin_lock_bh+0x36/0x50
[  872.283270][T29275]        nr_rt_device_down+0xa9/0x720
[  872.288646][T29275]        nr_device_event+0x137/0x150
[  872.293930][T29275]        notifier_call_chain+0x1b6/0x3e0
[  872.299618][T29275]        netif_close_many+0x29c/0x410
[  872.305001][T29275]        netif_close+0x158/0x210
[  872.309941][T29275]        dev_close+0x10a/0x220
[  872.314703][T29275]        bpq_device_event+0x377/0x6a0
[  872.320090][T29275]        notifier_call_chain+0x1b6/0x3e0
[  872.325732][T29275]        netif_close_many+0x29c/0x410
[  872.331131][T29275]        netif_close+0x158/0x210
[  872.336070][T29275]        dev_close+0x10a/0x220
[  872.340837][T29275]        bond_setup_by_slave+0x5f/0x3f0
[  872.346388][T29275]        bond_enslave+0x7a0/0x3a20
[  872.351498][T29275]        bond_do_ioctl+0x635/0x9b0
[  872.356609][T29275]        dev_ifsioc+0x908/0xf00
[  872.361463][T29275]        dev_ioctl+0x7b4/0x1150
[  872.366321][T29275]        sock_do_ioctl+0x22c/0x300
[  872.371446][T29275]        sock_ioctl+0x576/0x790
[  872.376291][T29275]        __se_sys_ioctl+0xf9/0x170
[  872.381397][T29275]        do_syscall_64+0xfa/0x3b0
[  872.386424][T29275]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.392840][T29275] 
[  872.392840][T29275] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  872.400746][T29275]        validate_chain+0xb9b/0x2140
[  872.406030][T29275]        __lock_acquire+0xab9/0xd20
[  872.411233][T29275]        lock_acquire+0x120/0x360
[  872.416259][T29275]        _raw_spin_lock_bh+0x36/0x50
[  872.421544][T29275]        nr_remove_neigh+0x25/0xe0
[  872.426688][T29275]        nr_add_node+0x1d9f/0x2570
[  872.431796][T29275]        nr_rt_ioctl+0xc12/0xd50
[  872.436737][T29275]        sock_do_ioctl+0xd9/0x300
[  872.441781][T29275]        sock_ioctl+0x576/0x790
[  872.446628][T29275]        __se_sys_ioctl+0xf9/0x170
[  872.451753][T29275]        do_syscall_64+0xfa/0x3b0
[  872.456782][T29275]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.463195][T29275] 
[  872.463195][T29275] other info that might help us debug this:
[  872.463195][T29275] 
[  872.473416][T29275] Chain exists of:
[  872.473416][T29275]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  872.473416][T29275] 
[  872.487246][T29275]  Possible unsafe locking scenario:
[  872.487246][T29275] 
[  872.494697][T29275]        CPU0                    CPU1
[  872.500059][T29275]        ----                    ----
[  872.505415][T29275]   lock(&nr_node->node_lock);
[  872.510176][T29275]                                lock(nr_node_list_lock);
[  872.517280][T29275]                                lock(&nr_node->node_lock);
[  872.524559][T29275]   lock(nr_neigh_list_lock);
[  872.529247][T29275] 
[  872.529247][T29275]  *** DEADLOCK ***
[  872.529247][T29275] 
[  872.537413][T29275] 1 lock held by syz.1.6193/29275:
[  872.542513][T29275]  #0: ffff888062bf5070 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0xcce/0x2570
[  872.552283][T29275] 
[  872.552283][T29275] stack backtrace:
[  872.558179][T29275] CPU: 1 UID: 0 PID: 29275 Comm: syz.1.6193 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) 
[  872.558200][T29275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  872.558211][T29275] Call Trace:
[  872.558218][T29275]  <TASK>
[  872.558226][T29275]  dump_stack_lvl+0x189/0x250
[  872.558250][T29275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  872.558269][T29275]  ? __pfx__printk+0x10/0x10
[  872.558289][T29275]  ? stack_trace_save+0x9c/0xe0
[  872.558313][T29275]  print_circular_bug+0x2ee/0x310
[  872.558333][T29275]  check_noncircular+0x134/0x160
[  872.558352][T29275]  validate_chain+0xb9b/0x2140
[  872.558377][T29275]  __lock_acquire+0xab9/0xd20
[  872.558401][T29275]  ? nr_remove_neigh+0x25/0xe0
[  872.558420][T29275]  lock_acquire+0x120/0x360
[  872.558441][T29275]  ? nr_remove_neigh+0x25/0xe0
[  872.558463][T29275]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  872.558482][T29275]  ? nr_remove_neigh+0x25/0xe0
[  872.558501][T29275]  _raw_spin_lock_bh+0x36/0x50
[  872.558519][T29275]  ? nr_remove_neigh+0x25/0xe0
[  872.558553][T29275]  nr_remove_neigh+0x25/0xe0
[  872.558596][T29275]  nr_add_node+0x1d9f/0x2570
[  872.558618][T29275]  ? __asan_memcpy+0x40/0x70
[  872.558640][T29275]  ? nr_call_to_digi+0x126/0x1b0
[  872.558662][T29275]  nr_rt_ioctl+0xc12/0xd50
[  872.558686][T29275]  ? kasan_quarantine_put+0xdd/0x220
[  872.558707][T29275]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  872.558743][T29275]  ? apparmor_capable+0x137/0x1b0
[  872.558765][T29275]  ? capable+0x89/0xe0
[  872.558780][T29275]  ? nr_ioctl+0x1b1/0x3b0
[  872.558795][T29275]  sock_do_ioctl+0xd9/0x300
[  872.558816][T29275]  ? __pfx_sock_do_ioctl+0x10/0x10
[  872.558835][T29275]  ? __lock_acquire+0xab9/0xd20
[  872.558864][T29275]  sock_ioctl+0x576/0x790
[  872.558883][T29275]  ? __pfx_sock_ioctl+0x10/0x10
[  872.558902][T29275]  ? __fget_files+0x2a/0x420
[  872.558914][T29275]  ? __fget_files+0x3a0/0x420
[  872.558927][T29275]  ? __fget_files+0x2a/0x420
[  872.558941][T29275]  ? bpf_lsm_file_ioctl+0x9/0x20
[  872.558961][T29275]  ? __pfx_sock_ioctl+0x10/0x10
[  872.558978][T29275]  __se_sys_ioctl+0xf9/0x170
[  872.558999][T29275]  do_syscall_64+0xfa/0x3b0
[  872.559022][T29275]  ? lockdep_hardirqs_on+0x9c/0x150
[  872.559043][T29275]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.559058][T29275]  ? clear_bhb_loop+0x60/0xb0
[  872.559076][T29275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.559092][T29275] RIP: 0033:0x7f070bb8ebe9
[  872.559108][T29275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  872.559122][T29275] RSP: 002b:00007f070c994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  872.559138][T29275] RAX: ffffffffffffffda RBX: 00007f070bdb5fa0 RCX: 00007f070bb8ebe9
[  872.559150][T29275] RDX: 0000200000000440 RSI: 000000000000890b RDI: 000000000000000b
[  872.559161][T29275] RBP: 00007f070bc11e19 R08: 0000000000000000 R09: 0000000000000000
[  872.559170][T29275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  872.559180][T29275] R13: 00007f070bdb6038 R14: 00007f070bdb5fa0 R15: 00007ffd8e57b688
[  872.559199][T29275]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  872.906576][T29280] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6194'.
[  872.964718][ T5875] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  872.983642][ T5875] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  872.992260][ T5875] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  873.033065][ T5875] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  873.054053][ T5875] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  873.383495][T29276] bridge0: port 2(bridge_slave_1) entered disabled state
[  873.391021][T29276] bridge0: port 1(bridge_slave_0) entered disabled state
[  873.525145][T29276] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  873.538994][T29276] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  873.639890][T29280] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  873.723469][T10864] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  873.735862][T10864] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  873.744812][ T8087] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  873.774251][ T8087] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  873.788859][T29282] lo speed is unknown, defaulting to 1000
[  873.963831][T29282] lo speed is unknown, defaulting to 1000
[  874.120722][T29282] chnl_net:caif_netlink_parms(): no params data found
[  874.171219][T29282] bridge0: port 1(bridge_slave_0) entered blocking state
[  874.178866][T29282] bridge0: port 1(bridge_slave_0) entered disabled state
[  874.187088][T29282] bridge_slave_0: entered allmulticast mode
[  874.194148][T29282] bridge_slave_0: entered promiscuous mode
[  874.202699][T29282] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.210915][T29282] bridge0: port 2(bridge_slave_1) entered disabled state
[  874.218317][T29282] bridge_slave_1: entered allmulticast mode
[  874.225482][T29282] bridge_slave_1: entered promiscuous mode
[  874.261557][T29282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  874.273211][T29282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  874.314766][T29282] team0: Port device team_slave_0 added
[  874.324510][T29282] team0: Port device team_slave_1 added
[  874.344921][T29282] batman_adv: batadv0: Adding interface: batadv_slave_0
[  874.352375][T29282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  874.378803][T29282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  874.390910][T29282] batman_adv: batadv0: Adding interface: batadv_slave_1
[  874.398076][T29282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  874.424082][T29282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  874.472353][T29282] hsr_slave_0: entered promiscuous mode
[  874.478897][T29282] hsr_slave_1: entered promiscuous mode
[  874.484884][T29282] debugfs: 'hsr0' already exists in 'hsr'
[  874.490828][T29282] Cannot create hsr debugfs directory
[  874.627172][ T8077] bridge_slave_1: left allmulticast mode
[  874.632837][ T8077] bridge_slave_1: left promiscuous mode
[  874.639149][ T8077] bridge0: port 2(bridge_slave_1) entered disabled state
[  874.654267][ T8077] bridge_slave_0: left allmulticast mode
[  874.661897][ T8077] bridge_slave_0: left promiscuous mode
[  874.671152][ T8077] bridge0: port 1(bridge_slave_0) entered disabled state
[  874.980155][ T8077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  874.990989][ T8077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  875.001269][ T8077] bond0 (unregistering): Released all slaves
[  875.145198][ T5875] Bluetooth: hci3: command tx timeout
[  875.231621][T29282] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  875.241424][T29282] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  875.251010][T29282] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  875.277746][T29282] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  875.364683][ T8077] hsr_slave_0: left promiscuous mode
[  875.370711][ T8077] hsr_slave_1: left promiscuous mode
[  875.379022][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_0
[  875.391412][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_1
[  875.677692][ T8077] team0 (unregistering): Port device team_slave_1 removed
[  875.712594][ T8077] team0 (unregistering): Port device team_slave_0 removed
[  876.041208][T29282] 8021q: adding VLAN 0 to HW filter on device bond0
[  876.059266][T29282] 8021q: adding VLAN 0 to HW filter on device team0
[  876.072062][ T8087] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.079216][ T8087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  876.103221][ T8087] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.110370][ T8087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  876.284709][T29282] 8021q: adding VLAN 0 to HW filter on device batadv0
[  876.324931][T29282] veth0_vlan: entered promiscuous mode
[  876.335792][T29282] veth1_vlan: entered promiscuous mode
[  876.358044][T29282] veth0_macvtap: entered promiscuous mode
[  876.377590][T29282] veth1_macvtap: entered promiscuous mode
[  876.394933][T29282] batman_adv: batadv0: Interface activated: batadv_slave_0
[  876.416213][T29282] batman_adv: batadv0: Interface activated: batadv_slave_1
[  876.430745][ T8087] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  876.440624][ T8087] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  876.449987][ T8087] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  876.459854][ T8087] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  876.492550][T29282] ieee80211 phy68: Selected rate control algorithm 'minstrel_ht'
[  876.523600][ T3522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  876.526283][T29282] ieee80211 phy69: Selected rate control algorithm 'minstrel_ht'
[  876.539967][ T3522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  876.583593][T10865] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  876.591836][ T8077] bridge_slave_1: left allmulticast mode
[  876.595920][T10865] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  876.603689][ T8077] bridge_slave_1: left promiscuous mode
[  876.610837][ T8077] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.620089][ T8077] bridge_slave_0: left allmulticast mode
[  876.626502][ T8077] bridge_slave_0: left promiscuous mode
[  876.632156][ T8077] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.761560][ T8077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  876.771595][ T8077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  876.782379][ T8077] bond0 (unregistering): Released all slaves
[  877.101136][ T8077] hsr_slave_0: left promiscuous mode
[  877.114783][ T8077] hsr_slave_1: left promiscuous mode
[  877.120832][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_0
[  877.129619][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_1
[  877.203926][ T8077] team0 (unregistering): Port device team_slave_1 removed
[  877.222119][ T8077] team0 (unregistering): Port device team_slave_0 removed
[  877.669896][ T8077] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.090516][ T8077] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.709092][ T8077] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  879.120591][ T8077] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  879.187687][ T8077] bridge_slave_1: left allmulticast mode
[  879.193366][ T8077] bridge_slave_1: left promiscuous mode
[  879.199616][ T8077] bridge0: port 2(bridge_slave_1) entered disabled state
[  879.208436][ T8077] bridge_slave_0: left allmulticast mode
[  879.214096][ T8077] bridge_slave_0: left promiscuous mode
[  879.219978][ T8077] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.328995][ T8077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  879.341312][ T8077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  879.351016][ T8077] bond0 (unregistering): Released all slaves
[  879.587325][ T8077] hsr_slave_0: left promiscuous mode
[  879.593084][ T8077] hsr_slave_1: left promiscuous mode
[  879.613534][ T8077] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  879.621522][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_0
[  879.637232][ T8077] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  879.644648][ T8077] batman_adv: batadv0: Removing interface: batadv_slave_1
[  879.660396][ T8077] veth1_macvtap: left promiscuous mode
[  879.666413][ T8077] veth0_macvtap: left promiscuous mode
[  879.671973][ T8077] veth1_vlan: left promiscuous mode
[  879.678194][ T8077] veth0_vlan: left promiscuous mode
[  879.801795][ T8077] team0 (unregistering): Port device team_slave_1 removed
[  879.814853][ T8077] team0 (unregistering): Port device team_slave_0 removed