last executing test programs:

18.349580651s ago: executing program 2 (id=3002):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac"], 0xb8}, 0x1, 0x0, 0x0, 0x40000000}, 0x20008019)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x60, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

18.148453057s ago: executing program 2 (id=3004):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'erspan0\x00', 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0xa9}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

4.705545301s ago: executing program 3 (id=3068):
unshare(0x10040200)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, 0x0, 0x8600)
r1 = socket$inet(0x2, 0x1, 0x6)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000240000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r3}, &(0x7f0000000280), &(0x7f0000000740), 0x600}, 0x20)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
close(0x4)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xc, 0x4, 0x268, 0xffffffff, 0x130, 0x0, 0x98, 0x98, 0xffffffff, 0x1d0, 0x98, 0x1d0, 0x98, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@local, @broadcast, 0x0, 0x0, 'ip6tnl0\x00', 'hsr0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000000301810100000000000000000a000000140019800800010008000000080002002381"], 0x38}}, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000000)=0xeead228d, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c000000190001002bbd7000000000008020"], 0x3c}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'tunl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x2101, 0x700, 0x0, 0x0, {{0x1c, 0x4, 0x0, 0x0, 0x70, 0x5f, 0x0, 0x3, 0x2f, 0x0, @broadcast, @multicast1, {[@cipso={0x86, 0x2f, 0x3, [{0x5, 0x12, "7de8935d9097c9f9d682282769aab5b5"}, {0x6, 0x4, "16d3"}, {0x7, 0xd, "6bca2a1d2432682823a7c9"}, {0x5, 0x6, "fc430a27"}]}, @timestamp_prespec={0x44, 0x2c, 0xa7, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x21, 0x0}, 0x1}, {@local, 0xfffffff9}, {@multicast1, 0x6}, {@private=0xa010102, 0x5}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x4}]}]}}}}})
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close(0x4)
socket$vsock_stream(0x28, 0x1, 0x0)

4.572756882s ago: executing program 4 (id=3069):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x80000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x81}]}}}]}, 0x3c}}, 0x40)
socketpair(0x21, 0x2, 0x45, &(0x7f0000000000))
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x3, 0x13, 0x0, 0x70bd2c, 0x25dfdbff, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x8, @mcast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x9, @empty, 0x6}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x70bd28, 0x3503}]}, 0x98}, 0x1, 0x7}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, 0x0, &(0x7f0000000140)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x8}, 0x94)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r6, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x4000010)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000004)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES32=r0, @ANYRES32=r9, @ANYBLOB="080026008516"], 0x4c}}, 0x0)

4.250740055s ago: executing program 4 (id=3071):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40050}, 0x40081)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x15)
writev(r1, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a0603a6ff8000000000000000006302496b3a17b42e64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000140)=0x600000, 0x4)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

4.10329367s ago: executing program 1 (id=3073):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000001c0)="2e00000010008188040f46ecdb4cb9cca7480ef40f000000e3bd6efb010509000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x8600)
r1 = socket$inet(0x2, 0x1, 0x6)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000240000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r3}, &(0x7f0000000280), &(0x7f0000000740), 0x600}, 0x20)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
close(0x4)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xc, 0x4, 0x268, 0xffffffff, 0x130, 0x0, 0x98, 0x98, 0xffffffff, 0x1d0, 0x98, 0x1d0, 0x98, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@local, @broadcast, 0x0, 0x0, 'ip6tnl0\x00', 'hsr0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380000000301810100000000000000000a000000140019800800010008000000080002002381"], 0x38}}, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000000)=0xeead228d, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c000000190001002bbd7000000000008020"], 0x3c}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'tunl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x2101, 0x700, 0x0, 0x0, {{0x1c, 0x4, 0x0, 0x0, 0x70, 0x5f, 0x0, 0x3, 0x2f, 0x0, @broadcast, @multicast1, {[@cipso={0x86, 0x2f, 0x3, [{0x5, 0x12, "7de8935d9097c9f9d682282769aab5b5"}, {0x6, 0x4, "16d3"}, {0x7, 0xd, "6bca2a1d2432682823a7c9"}, {0x5, 0x6, "fc430a27"}]}, @timestamp_prespec={0x44, 0x2c, 0xa7, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x21, 0x0}, 0x1}, {@local, 0xfffffff9}, {@multicast1, 0x6}, {@private=0xa010102, 0x5}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x4}]}]}}}}})
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close(0x4)
socket$vsock_stream(0x28, 0x1, 0x0)

2.284838301s ago: executing program 3 (id=3075):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@allocspi={0xf8, 0x16, 0x629, 0x70bd2a, 0x25dfdbff, {{{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, @in=@local, 0x4e22, 0xd64c, 0x4e23, 0x4, 0x2, 0x20, 0x0, 0x73}, {@in=@loopback, 0x4d2, 0x33}, @in=@remote, {0x401, 0xd, 0x2, 0xffff, 0x4, 0x6, 0x0, 0xfffffffffffffffa}, {0x4554, 0x0, 0xffffffffffffffff, 0x1000}, {0x5, 0x8, 0x3}, 0x70bd2a, 0x0, 0xa, 0x3, 0xdf, 0x14}, 0x1, 0x6}}, 0xf8}}, 0x4040840)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x2, 0x9, 0x6, 0x2, 0x2, 0x0, 0x70bd0b, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x1100000000000000}, 0x10)

2.241376837s ago: executing program 0 (id=3076):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffecffb702000008000000b70300000000000085598b4f6110fce00f"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x3, &(0x7f0000000080), &(0x7f0000000180)=0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
pread64(r4, 0x0, 0x0, 0x2)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000005c0)='%pi6   \x00'}, 0x20)
ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000a00)={0x5b4, 0x9, 0x3, 0x3, 0x7, 0x0, [{0x1, 0x9, 0xfa, '\x00', 0x400}, {0x6, 0x4, 0xfffffffffffffff7, '\x00', 0xa83}, {0x6, 0x6, 0x626, '\x00', 0x801}, {0x1, 0x56, 0x3}, {0x7, 0xb, 0x8001, '\x00', 0x284}, {0x0, 0xfffffffffffffff8, 0x4, '\x00', 0x802}, {0x0, 0x2, 0x8000}]})
syz_emit_ethernet(0x6a, &(0x7f00000001c0)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0xfe, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x1, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6c, 0x0, @remote, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3, 0x2}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast1=0xe0000006, 0x8}, {@dev, 0x4}, {@dev}, {@local, 0x7}]}]}}}}}}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={r6}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0xa, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002020752500000000002020207b1af82000000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000008500000006000000154bfcffffffffff95"], &(0x7f0000000300)='GPL\x00', 0x5, 0xff7, &(0x7f0000001e00)=""/4087, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101}, 0x94)
socket(0x2a, 0x80000, 0x4)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x4, 0x4}}]}, {0x0, [0x5f]}}, &(0x7f0000000280)=""/63, 0x33, 0x3f, 0x0, 0x11}, 0x28)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f00000003c0)=ANY=[@ANYRESHEX=r3, @ANYRESOCT=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r8, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0xe)

2.231765167s ago: executing program 1 (id=3077):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a00f0ff000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e12"], 0x44}}, 0x0)

2.102995211s ago: executing program 3 (id=3078):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4000}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0xf5}, @NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_DREG={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)
r2 = socket(0x10, 0x2, 0x0)
sendto$inet6(r2, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006020a0000000d0085a168d0bf46d32345653600648d270005000a00000849935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160012000a0000000000e000e218d1dd3b6ed538f6523250", 0x78, 0x0, 0x0, 0xe0ffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027", @ANYRES32=0x0, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000140), 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000451500000000000033440ba539d07ca5f83267e383e9ef1d12a918de02e54180279772b9e30d77de6a261074ea4b5787ba3eb28967e65ccbf86b4ec312331ef233", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x600}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r5)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="070607bd7002fddbdf252d00000008002f00000000000a0001007770616e310000000c000500529caaaaaaaaaaaa05002b000300000005002e00"], 0x44}}, 0x4008400)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x10, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711020000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x94)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x11)
shutdown(r0, 0x1)
socket$inet6(0xa, 0x2, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r7, 0x6, 0x2, 0xfffffffffffffffd, &(0x7f0000000000))
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5, 0xe}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x0, 0x2c, 0x0, @remote, @local}}}}, 0x0)
close(0x3)

2.065810853s ago: executing program 0 (id=3079):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = socket(0x1, 0x803, 0x0)
getpeername$netlink(r0, &(0x7f0000000040), 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000340)={<r8=>0x0, 0x0, 0x0, 0xe8a8, 0x1a, 0x8}, &(0x7f0000000380)=0x14)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000400)={r8, 0x3, 0x14c2}, &(0x7f0000000440)=0x8)
unshare(0x62040200)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYRES64], 0x1c}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
vmsplice(r10, &(0x7f0000003680)=[{&(0x7f0000001400)="eb", 0x1}], 0x2000000000000138, 0xe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendto$inet6(r2, &(0x7f0000000500)="10f57416215a7f4aef843024fb66d6e1a75fb3b725ac0d25ee3a193d25cca5f965c06edeca11e6a2d769604eb8c0558f2ebedd6ea4433f89e01f819778e1648a4dbcd8", 0x43, 0x800, &(0x7f0000000580)={0xa, 0x4e24, 0x0, @loopback, 0x9}, 0x1c)
setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f00000007c0)={0x5, {{0xa, 0x4e22, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x733f}}, 0x1, 0xa, [{{0xa, 0x4e23, 0xfffffff4, @empty, 0x80000001}}, {{0xa, 0x4e23, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}}, {{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0xf4}, 0xb0}}, {{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, '\x00', 0x34}, 0x7da}}, {{0xa, 0x4e23, 0x7, @loopback, 0x5}}, {{0xa, 0x4e20, 0xe, @private1, 0x2}}, {{0xa, 0x4e22, 0x7, @loopback, 0x5a5}}, {{0xa, 0x4e21, 0x5, @private1, 0x6}}, {{0xa, 0x4e24, 0x10001, @ipv4={'\x00', '\xff\xff', @multicast2}}}, {{0xa, 0x4e24, 0x9, @mcast1, 0xfffffff7}}]}, 0x590)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001", @ANYRES32=r7], 0x50}}, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r11=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r11}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

2.0443254s ago: executing program 1 (id=3080):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x80000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x81}]}}}]}, 0x3c}}, 0x40)
socketpair(0x21, 0x2, 0x45, &(0x7f0000000000))
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x3, 0x0, 0x3, 0x13, 0x0, 0x70bd2c, 0x25dfdbff, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x8, @mcast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0xc, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e24, 0x9, @empty, 0x6}}, @sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x70bd28, 0x3503}]}, 0x98}, 0x1, 0x7}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, 0x0, &(0x7f0000000140)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x8}, 0x94)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r6, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x4000010)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000004)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES32=r0, @ANYRES32=r9, @ANYBLOB="080026008516"], 0x4c}}, 0x0)

1.846844392s ago: executing program 3 (id=3081):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x7, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000240)="80000080cd7a000000008100000000000000", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x9, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

1.679056382s ago: executing program 1 (id=3082):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x63ba, 0x4)
sendmmsg$inet6(r0, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c, 0x0}}], 0x1, 0x40000)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0x400, 0x6, 0x10, 0x3}, 0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000002780)='O', 0x1, 0x2000c8d4, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000cc0)={<r2=>0x0, @in={{0x2, 0x4e24, @loopback}}, 0x0, 0x100}, &(0x7f0000000300)=0x90)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000800006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b4090a79507df79f298129da487130d5f24b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad379e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488a010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7962b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac2bba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f407000000000000006d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab669ab377e4c2422a47e9ffe2d4a2d32f7528751313694bf57704400b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6940b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d30902208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c8000000000000003a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f000000000facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f296115d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc05000000000000006c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a4619a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806b90cc39c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d3133319e069f9648a2ff93060ff073b3a113e47e447c030931651dd315003b7a6a47c912853826c4c65433a2bb560ae99ec4b227eda2e63a1cb1a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e5f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec90f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754c68b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8adbd2c2604eab3a62a28611da1dae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412cbbdebae06edb51a134301d2627d4927287daf9dcae6720334862d3a18094f1edd9e350337cbb804004d1755cfe7d7fa01872fb99815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2b63a6038ab5546ba1e5ad6a329f2c627100e0442f865fc6c179ad3edcb6b000000000000000b0000000000000000ac192d48d76e2a8cae83ae850f73fdfbaca81b6b7b1a0d7b517f41fbd46aa24b0f4b8e0202e3a580947f1925ba4de097e8dcb6bd7f686322b45d4a544ca1e83b592d4a6d46d0a0dc39634550bc77d4cabba01b283082e66778de7c61a1a36838d36c2f8e58cef603770ee3d6a9625be0bc21d2be2da69ac9e9c5e88278d39239501b465102ad16d651ea8bb8cee35527c1ad42ac6a565e449929ccb4469bdd6824b64e13579b7188566e735200000000000000000094e05bcda1e96e4c33ccf6d74046e45bafe9d512c43a3e485dedad9a38b34f7fcd00fafcc25dc36716f0e21e0632425b7a1c1a6bc15c3fc07d914c88103411d8d2b77b72a796fd3aaa7ea493c7bc43e63b2b0d05ad5682121682096b224933fa20255d58a680cc2ec200"/3002], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x3f)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r5, r4, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x100}}, 0x30)
syz_emit_ethernet(0xd83, &(0x7f0000002f40)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6f8a09690d4d06fffe880000000000000000000000000101000000000000000000000000000000000404000000000000040102c204000000080718000000000405ffff070000000000000001000000000000000000000000429c00000000000010df306e940942af94fb902f6bd6c918bd36ddd792086bff492009a115d3f10391785148c91d22952d099fec8c34dcc63a01f4f62d56d6183c43605bb2ac2a61cff5651181dac5a17121d892a26a42ffd684ef14fb17953425ff6df6e54835ffd02a4b8279b71c74205c1318d0e74b10a2fbf3b7342b0f7222a9e5fe7514d3d4e6e01d32e062e9f6dd82e4329c4799af057da6df07b7f4ade1d85739040d704f9fe86af34ca5119badf9b3f37033efcf3889d7cfe57205990efb2e331ec770964e3138546ffc07409716cc36ecd19a393f22d69ed5284af1bb92b18230e75bc5f21efdf124d7e7380ecbced609df9d72fb11494f6de038526e7b7dd502f4e5d68acf8b5e133dfb45d79f01d2434138e1950cbd51be7a342f21995af5b10f2897fabfda89c4978dfa779556fa915f540371905b26f3043ed90342cce1af8e3325b5b0ef4e04463a3a0fe52020f4222472b0c61e285c09fb223dbb49cf130784bb272b57977dc6966654644e8034e5f4351c4fb770e806c88f0ee9ad9eee43102fe4ed5e027888372a1499d7efffa8634f3a11f8ccfbb6d7d0fb2c188fd4cb46f192bde0e5eaea2364810c747e3f313acfe43b2b9319ac7c247d338038dcfd09bd49c231b5ca942574f47b92e09ef0c4cf19df18d2aa843a8e55a645beac4c2121967d7ec33cb959bc0367192d46d4838471b8aa8982b8a57ee7290bc4950cfc075e669c214dbe44e3c35fd89c3521f137daf5dc2777374cc051a5845bbc802aac87c07d8cad035c4b40ec4c34e2611e1ab253aa91ae45a157ec83cf6ca68613a3e4f8fc1109850e68c60cd6f12c4c0b0756a47b84ff7caa1e5d3197e135b3319eb8901eceebb5a6dc1f42f20403e9a0e9c5e0865d05645325e985ad6d97808e0a9cf698add539d3ca0a4a31d9e48b594fa1736e75f58a9c290a32459f2279a7c05849f1d3bfbafa16cb1d7582d1dbfd801e4963ee0359c674300bfa30bda54b35209c81904b501f270dacb8b6e9e9f5a398969e619156b3c399b5f9fd4bb20c6e316bd78b785af4e5d12713245dcbf4ad079edbbf52315345d3235a229dd528ca402be0dcff35c8fbcc40e73e6b07bfc3ddf1bf8e0613eae349c41f68664fde26b705e40bbafd9287860b2e3097733f8d576872bb488e1b64ecaa961b62d64d4d06d29dcf65c9bde40dd1519cb5862dd966b752a6758624859ff5414b7ee9bd60d64289acf421c9d5345619a8e089074c2e437c5742bde300f33d5432f32e66ceda2979c39dc4cf741902cd8dc7812de33d76dc5897c3a8285a1608948b85cce39f38658e85c806f0c0fa2028e8d1938ab0598e95e9acc09cbbf863c87f82a2e395043aa2d2c17fd2f249cc1a4ea293e673adb26f373fbaa94d5ab2a0a5ab13c52f862f2f3a942f57f29917b961722ccdac30765090ff1612d3c7f1ca4669e33e2c98ef1b4c263bd664e4f40948b6171188ab503d91638e14b85e86b6b782a4efbd5f6014db32d2b98e719c08ff2c33b859839f2dfc7eccab679eded8b5d10294349d261e076aafb1e26a6dd3d5bc9251b51fffe4a3e94d2f9cb85ad3545b041403717ce7b3728d82ec3b178f0ac3cc80c0afdebfcee559a3cb107e91df2c4a58f2b39f39d86d6a6ac070ca02355079a6bb275e5b25bcdf81c8c4937cd369d819670ce283deaa678c215628111999ed93f0762a917284728d7e0ac76c34f028370535580b400809f1349c2e17fa1e3b330163eff049afe1c1c4f74cb5ba3868746dd0b316c35c284057bbf2322fb047095edc5b6802059e7a88cc7d0000b114a03b222600ecba09485873ea6b7107c12c2f0057aa1563f2584ce7b5cf06c8d5617577aeaa030694990fe81c2b01eda240704eabb13403407e72455b86fda2c5ca57ba14f5e0bf1782a564ea91e523036d6cbf158113ed3cd7c506c839c783c3312c74723038e9bc7189bf5530fb1e9c30f4df71b1b0af3ecd692ba61e4ecda1be3f4fbb98bc616cdfaff94115051ebaa1c1656ee7caf3d25614578c2dd8839d807859f6c424e2a0ec531960490200423fd1bab358090330068162a1a7fbd7fac4d57a221eb33b59a6e498b2a7f63b3d567b828c9bc82308fc2f88ce224560ed165d7a268cb41824fac391851337e81ba5ea49284ad96b858257604f7db8fc94e642c36be13109f55e74a8f46674a63bc5f9c9b710adad57c541bb3b69ed14ea56316aa32a6c9435e5a1180104729aaf480f28e6e5e9beafe1f4c189c1d715b2d2c69f7de546635a331889febdf92a7071fbcd0aa5f4f6d1eb49972f30fac9612f055bdb61a84ec4a0bbb91011efdf954cdc7db10494c6fe74cf10750db2a00d5a8f55f44ce38268cd3f0533a64b8286fa41df7db717880dd47e8dd2f6e607b2ef3fe784765277a5b4c0822b62e96bd452a0783d9aad71113da4aeedb5a5061445b14da166ca96851d4299f2ac6ac858bb73b339f1040cdf24b6622992d440942f091abb6409328ec96dfa8a0372bf06a83ebbd64b48949aedbe570d597c0f0283b2cccc07f541f8a6d97f716917a58f845c6d55dd65a39674693c1528569ddd41fa52d4f818b79f8b616fd335882947ecba215aecda4d56fadceecebc3cda0e1c18c23eaa4212ff079ce7f4b8711e1f10ae220880ebe4dee2ff962c106e0dcbac9421cef75ffe3f2a5e3402a037bcf6912f5d06f0c59aa61087708917d9c4410bc38a27b50a28600d5ceb3b77fa55e17ea83a06284f2301da129a8c3149104dddb456d55d762f0bb239681eb719e9741eae546997648e4e6bbb89bbf2e5ac9c01c712a875836ae39bfcfadee9d34136092522fe52150864ef48e9b7417a0b86980b2f4cf55271eb8e1ef8772fb08ee2559578028358db89a320f92763870f3f7f013480fa2ee980ee071fa11059bf4fd43d6525d60a264879097b266d40126a64fe7f8c0819bf497b0d1be30b6493f359c387ed9d1c20b4ce14309118967540a467e1ad0f05fe48198c620105a5587ff966410d1815c7945767ec64acb4060561d41a043989e143528af4fca1b6aad2c4764b317ba4b7c380e59a9df0b4221227fbd2877285fa7f48298975fbb2890c5033aa701074ba0955cee5ad128cac27a71d261f4c8ca9561a6410578577ba8249abbffbca54481b5549689819817b197a7a89b611e5292f0924cb9aabd27bf9797e78173d3c82dfb2ab72079089e19bc65e196ee2d47ed6a3f57c8f02c40006c87788e6637d5f456a1cf0ee5e36637e213d19ef54fafe8f49254b5c10ce5b62e0f73ecf2d6c3f27249cf4d446176e050022dfccf06c90448a12fb27913698cedd1837719015f8e400dd36adb74cf9c3fc737fecf6d0aaea21c89f3404d89d1d7e603d2cf6a39feb07719abb7e15a7dc32c5334803590d6e6ed6d9557c52448a62cf29f76adc1f55ac8fa01d533e94ebcd174b444932444225f0b9d0261afc0fcd4956bf61c0dbf45c36f746b2d6c1a625137254b22273c1a63cc29e1f31abbdd6ca26a60a316a8c56b09121c5922766166a79b65bc9947279894c08d0d5770c49d8817a7bab8b39b77aaee3746f1486bc04a52e21659d8f3c9ee7e901e66a6044006541be05d659e83d81add81311deba1e4de55c9389127ed23ba80848ab822d75a6b053e249694ad3e13e41bd6a5d2af3a0b453974fda231f7adea8884e782a222031e2f8d17f8d73ca3ca19dbc30d90c642cc301008703f855655e462e4f5875760244d2594d0b1bf002bb14181c1fb3e0385ae0238df32612aa153e647b1997eb095329a28778e9fd47958ebca889e25b321029269a62c872ac81e732eeaf5405e9606ae612575582d2669b5aa176aef765c46008f581be38fdeb0a56ba0c66208a697ab7ca2893a16f5325360d92f0ce5f2fec75bd174aad33d87065ecdd629cf45b128d145814273cbdf3e89f081c5ff300762bd46240f0aa95fd7c64ba6674b6a3db6ff25e214cf975ae0d127d6a20b2cd685cf0bef99406096481ad486f27215ba8e9baaea02c92955a897a1a173aa5aede5ce66b542a84622695173f5efcb72cb8957c11538e166d8c11bdb6e4dba30addf0d577028596260b688a2414d74491030660ce74750903cd01a22384a861f3c8aa22476ba3f3e7b49cc1c44f8c7164cafc4261a373567700d01777f8145e820ea49a07482ae8fb58c18443659df964db76e46e2c9a74108f7d2e5d9ac1c053eb47090e267899762af87bab2f622e40fcba0b5408dbf68a86aa04b9d801b4dbed08644c10661b79b71293e688803faf23e477e825a102e8dcbce8383c4f41214cb76801726d5c320328a6e6279f55b20511e54d56b902b5e85edbc1b3dc6b870a5a86a28156a3a1772cbb26d9169c162f21c06b2b216ce4dda4102be437f4b3a1501a5a9931f9abc5033175e0ce172867a8ef3c2aa290acfe7e31a86321b6c8cd3cf9e1fc254473e881d12b438e65b3a16c7f28f1d3ea68143c855008dcbab7b1f6b7dbe012805ea3f547505c3334c53ddf9ceffc4743f1c53322b7ad46acac775495b9be3b74a1ecb412d5a6f4752b67a4c6a3e00ffc6e88be2a46d44763fba064b1b22c395e36a725ed16ed4890111ecdffd47026ca03a4d83085ce14596023cbf9459ac320d88be2ec36ce2cf13f3779c58ff5770e00206b49024d86ff600e9f497eac7d40397b38eef96262eaa4eabe63000000000000000000000000000000000000000000000100004e2100004e200000000200000000000000000000000200000001000000000263f394a6d780eb66944d43d55daca1b6b95bc685617363d63c81e3dea9f5d7861dddf04f8d83028268a478e04d7d05e86c9e6591f554d7640a9d80dd4b4a216f9f0a8c48afd03983ca33eb6bf456e48ddf59058677bfd06cafb32320b28b069be5a780f69291f24a95d8"], 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000d80)={r2, 0xfff8, 0x8, 0x9, 0xffffffff, 0xcf}, 0x14)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1d5d6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe2c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9a3359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069d532749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b87cf6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a57f810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e92604f8e86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd3536460000000000000000000000000000000000000000001e000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775aea28905c3a1ace5f05689ae67e26856816"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7}, 0x94)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f00000001c0)={@mcast2={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, 0x0, 0x0, 0x0, 0x100, 0x0, 0x200, r9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141644089ffe4d2f87e5860c6aab845013f2325f1a39014403048da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
socket$netlink(0x10, 0x3, 0xf)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000000)=0x3)

1.45261557s ago: executing program 3 (id=3083):
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendto$inet(r1, &(0x7f0000000000)='\x00', 0x1, 0x24008800, 0x0, 0x0)
accept4$tipc(r1, 0x0, 0x0, 0x800)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000002c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0], 0x0, 0x70, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0xf6, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
socket(0x1e, 0x4, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001d00010429bd7000fedbdf2507000000", @ANYRES32=r5], 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x20000040)

1.32297598s ago: executing program 4 (id=3084):
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000002fc0)=[{{&(0x7f0000000180)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000001c0)="05", 0x1}], 0x1}}], 0x1, 0x24000045)
shutdown(r3, 0x1)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x2}, 0x8)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200c}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x19}, @IFLA_BR_HELLO_TIME={0x8, 0x2, 0x5}]}}}]}, 0x44}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x1000, {0x0, 0x0, 0x0, 0x0, 0xb029}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x40)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x6, 0x6, 0x5}, 0x50)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="07002abd7000000000000200e3ff0b0001800500020006000000"], 0x20}}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r5, @ANYRES64=r7], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0x10)
recvfrom$inet6(r0, &(0x7f0000000300)=""/41, 0x29, 0x12020, 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)='%pS    \x00'}, 0x20)
r9 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x10000000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r11, 0x84, 0x7, &(0x7f0000000000)={0x3}, 0x4)

1.290372426s ago: executing program 3 (id=3085):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket(0x10, 0x3, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$packet(0x11, 0x3, 0x300)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r2 = socket(0x1d, 0x2, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000a00)={0x1b8, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x50}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xb0}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}, @NL80211_ATTR_FRAME_MATCH={0x97, 0x5b, "4209061474ee7488a02be0ab6ede35c614838e3945a34370c7948fee70e34b67b8e3b37efbeccd0f5ed429e48a373cd89824f153624924051646f2b725b10423b5bac9f518f1bfde993b27dfa3fab85f1efe14427bc264b7d38d8f2340cf436b5c0048fb58d13bd090ba76ecd3713ff9bdcae9b9ecedff0e3f047bbf0f33a46b6c0b7ec25ba90a0fc41b4f30d64f35d4ac509b"}, @NL80211_ATTR_FRAME_MATCH={0xef, 0x5b, "497a3ecdb4e98843394fe2f85b8967010defb0387cb645c17915be01fbb77bc344e54c3859d0a6f40fc904579388a930232aa41293da638037438acb2c20e2514305dcfb1d22c66050efa3d2edf42c3719aceb7528caa5b2d262357d886f54f911ea342012d642f73a778fb703ac05c80e2144413afd0f581c3f54f35b5136ab69351322064a29aa78fc819ccf9542fdc5164e8d6771d0a00fa735276fc1d287a7eaab336fc6e9909e3c83d7fc3e8705bdbb0c99108ac4d7fce1e718c5dde8aaff73e1e54f7f502a306265b44bb4be521d70fcde89c20ada3f6d8f27c605332c46444c06f7ebe57b6b33f7"}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x840}, 0x800)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000600), r0)
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x68, r3, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xe}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8999}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000014}, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000c80)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB="08000a00c74ff47c556eb76f55a407a1aae137c23ce149d448abe0b27f5c4d058e5e43455ffa8ee403b2122e69a5968b77fa3cb1f2ca2e286d7b3500a26927ce8fc23c7673087d29a4cdcdd5e2993132a9133fc7ece5caacf3030000003c5f0f672e98159d9c79cde034507f38081017a05024e609ea91258c55dd147ed0055298fed75f1d460000000000000099c91046ef38f2a4024341e8e10ce1df29f17aed8dbe697bf5d66408562acf8342d0830a6cbe9540b5369c86f858d4d053e5d3405bed80069dc59d6c25685e5f12c351c56437f717d26e42e33384b2054a0c06e180bd7bb385a5d865569e52cd8dfe4c292dff4be88ef342b68dee78d83bf7e34d73393831968430ac32cf05defaafac831b80c7983d522ebc0426e752a07d7b0df92648355d6ee9408ccee5129dfbf2882a3b5ef21fb12046ee1799485dfeeb498b01777f97a7011b7e6c880d8d209e49fc2535ea42dc3b184ff2ad145d27e9ad86be3c7e08e4dd192a0de69b034c051eb8012ffe3135d700e4227139e96650596cd4d458d15ebab4437b38fce90c3204b128c4fae7499ecde80a44c00cd03b06779f3ab9416994c3e5d93dc75e0bf2015e3e492c602246ef96917f3c3c594204f1e55a17bdcf22420646e4866f9cdf074eadde63ed8227c9eb42cc91c05f5330633bc754e7464f0fe542", @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8001}, 0x0)

1.154466734s ago: executing program 0 (id=3086):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000240)=@mangle={'mangle\x00', 0x1f, 0x6, 0x4e0, 0x390, 0x1c8, 0x1c8, 0x0, 0x290, 0x448, 0x448, 0x448, 0x448, 0x448, 0x6, &(0x7f00000001c0), {[{{@uncond, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x8, 0x6, @ipv4=@private=0xa010102, 0x4e21}}}, {{@uncond, 0x0, 0xe8, 0x118, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0xa, 0x2}}, @common=@inet=@length={{0x28}, {0x1, 0x13, 0x1}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x7, 0x3, @local, 0x4e20}}}, {{@ip={@multicast1, @private=0xa010100, 0xffffffff, 0xffffff00, 'veth1_to_hsr\x00', 'ip_vti0\x00', {}, {}, 0x5c, 0x2, 0xa}, 0x0, 0x98, 0xc8, 0x0, {}, [@common=@ttl={{0x28}, {0x1, 0x6}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x2, 0x10, @broadcast, 0x4e24}}}, {{@ip={@multicast1, @multicast1, 0xff000000, 0x0, 'xfrm0\x00', 'netdevsim0\x00', {0xff}, {}, 0x84, 0x1, 0xc2}, 0x0, 0xc0, 0x100, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x6, 0x2, 0x2}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "b660a7c5ebe5102f2a2200a80f3faff18ad1f768a2aa32e4c8ec7bbba683"}}, {{@ip={@rand_addr=0x64010100, @loopback, 0xffffffff, 0x0, 'gre0\x00', 'bridge0\x00', {}, {0xff}, 0x16, 0x3}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x2, 0x5}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x540)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000800)=@nat={'nat\x00', 0x1b, 0x5, 0x778, 0x238, 0x6a8, 0xffffffff, 0x0, 0x238, 0x6a8, 0x6a8, 0xffffffff, 0x6a8, 0x6a8, 0x5, &(0x7f0000000780), {[{{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d2], 0x9, 0x0, 0x2}}, @common=@hl={{0x28}, {0x1, 0x8}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0x7, {0x9e}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @ipv6=@mcast1, @gre_key=0x3ff, @gre_key=0x2}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d3], 0x6, 0xff, 0x3}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x2, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, @ipv4=@empty, @icmp_id=0x68, @gre_key=0x3}}}, {{@ipv6={@empty, @mcast1, [0xff, 0x0, 0xffffff00, 0xff], [0xff, 0x0, 0xffffff00, 0xffffffff], 'bond0\x00', 'pimreg\x00', {}, {0xff}, 0x3a, 0x8, 0x2, 0x14}, 0x0, 0x228, 0x350, 0x0, {}, [@common=@dst={{0x48}, {0x4, 0x4, 0x1, [0x1, 0x7, 0x97, 0xfffe, 0x101, 0x6, 0x8, 0x9, 0x4, 0x5, 0x7, 0x6, 0x5, 0x6, 0x7, 0xbb9], 0xd}}, @common=@rt={{0x138}, {0xbe, [0x3, 0x140000], 0xb, 0x30, 0x4, [@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x12}, @private0, @local, @remote, @remote, @local, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, @mcast1], 0x6}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x7ff, 'system_u:object_r:removable_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7d8)
r2 = openat$cgroup_ro(r0, &(0x7f0000000180)='memory.swap.current\x00', 0x275a, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018008000100666962001c0002800800014000000000080002400000000208000340000000160900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r4, 0x1, 0x1c, &(0x7f0000000000)=""/155, &(0x7f0000000200)=0x9b)
read(r2, &(0x7f0000000040)=""/190, 0xbe)

1.147023316s ago: executing program 2 (id=3008):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000000000001d00000008000300", @ANYRES32=r2, @ANYBLOB="38002f800c00020000000000000000020800010000000000200003801400038006000100000000008800020005000000080001"], 0x54}}, 0x44)

967.410754ms ago: executing program 0 (id=3087):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000200)={<r2=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={@remote, 0x35, r2})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
ioctl(r3, 0x8916, &(0x7f0000000000))
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newsa={0x188, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3a}, {@in, 0x0, 0x33}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0x1000000007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x8000000, 0x7fffffff}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0xa, 0x0, 0x0, 0xcd}, [@algo_auth_trunc={0x4c, 0x14, {{'md5\x00'}, 0x0, 0x18}}, @algo_aead={0x4c, 0x12, {{'aegis256-aesni\x00'}, 0x0, 0xc0}}]}, 0x188}}, 0x800)
sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newsa={0x150, 0x10, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x40}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8}, @XFRMA_IF_ID={0x8}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x430}]}, 0x150}}, 0x0)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)

744.042101ms ago: executing program 0 (id=3089):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xec)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x84, r2, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x44}}}}, [@acl_policy=[@NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0xd5}, @NL80211_ATTR_HE_OBSS_PD={0x28, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "d2d2b1e800780be4"}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xf}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "ec8ca8ff362eb243"}]}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0xfd}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xec) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x84, r2, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x44}}}}, [@acl_policy=[@NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0xd5}, @NL80211_ATTR_HE_OBSS_PD={0x28, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "d2d2b1e800780be4"}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xf}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "ec8ca8ff362eb243"}]}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0xfd}, @NL80211_ATTR_PBSS={0x4}]}, 0x84}, 0x1, 0x0, 0x0, 0x1}, 0x4000) (async)

709.34354ms ago: executing program 2 (id=3090):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0100230100003402000002000000080001"], 0x1c}}, 0x0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010023010000340200000600000008000100", @ANYRES32=0x0, @ANYBLOB="08000e0038"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000000c0)=ANY=[], 0x0)

508.29ms ago: executing program 4 (id=3091):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d00000000000000000a000000000000060000000008001e0002"], 0x30}}, 0x4090)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x38}, 0x1, 0x300}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)

470.157265ms ago: executing program 2 (id=3092):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x7, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000240)="80000080cd7a000000008100000000000000", 0x12, 0x40, &(0x7f00000001c0)={0x11, 0x9, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14)

451.549609ms ago: executing program 0 (id=3093):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x2}, 0x1c)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_emit_ethernet(0xde, &(0x7f0000000bc0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000286dd6000050000a83afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000002000000000040000000000000000000e50053bff4db7fb81947a98ef6c30aef8bffd4310d8c8cfbdfdcf5ad49792ea9afa9060000000000000001a9bda9916838f848a6e18c02bf95848d398ec9dba34d082016dcb10b44b93da65d02ba88666428204a908ad971d0047aabc2491e667b99000000000000000000000000000000001804a78ce54006598080a8030037004023493b87aafaffffffffffffff2373247322ec81fec41fe2e3fba6402d4528db2948f8e62ab3f0f2497ee7579920f48dcbdea6a3ff7567b94dfc4992d8f31cbaf4189ee1a9054142468cb325350aca283f2d3d9a4d10a9142780cf7eeb2de94dffa6151aa60f58df4f5ac0e99ce46383241d405002a36218569ab53791d7e9657e3427997177e31e988b6dc12e7ac9bce1a4a91bd56218ec864f9ca1bcd8a0136fcc73a391e9020e2018222e3f7fddf77df077f8910d61353485b279d44bf0a23f4e1bd0070d6ca557c08d6c5c4779b031a6ed4dafc12c8b67a07c84b1e4112bedaea2de81f5e8988ae21d92298a20baace4bba661a574f1c4983d3cb80589c3f0b1206f858111780e9257b6717eb15e4c6d834077f8286e249272743ca1fcdefe857e89f810c5473801bfab610ef5727d3103236b0857eda0169b8b882d18fee3fcbed743456ce5d41b22921e", @ANYRESHEX=r2], 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000108a80)={{0x0, 0x10001, 0x8a, 0x1, 0x6, 0x7fffffffffffffff, 0x5, 0x2, 0x2, 0x8, 0x5, 0xffffffffffffff42, 0x9a57, 0x6, 0xffffffffffffff1b}, 0x10, [0x0, 0x0]})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3f8, 0x2c0, 0x2c0, 0xc0, 0xc0, 0x190, 0x360, 0x360, 0x360, 0x360, 0x360, 0x6, 0x0, {[{{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{}, {0x2, 0x7}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x228}}, {{@ip={@private=0xa010101, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffff, [0x11, 0x7]}, {0x0, [0x2, 0x0, 0x0, 0x2, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00', {}, {0xff}}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x8000, 0x1000, @remote, 0x4e24}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x465)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000002c00ef5f"], 0x14}, 0x1, 0x0, 0x0, 0x20008081}, 0x800)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000000)=0x83, 0x4)
recvmmsg(r7, &(0x7f00000013c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)}, 0x1}], 0x1, 0x60, 0x0)
unshare(0x20400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x3, 0x2000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r1, @ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000007b17a33aff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

445.710414ms ago: executing program 1 (id=3094):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}, [@alu={0x7, 0x0, 0x8, 0x0, 0x0, 0x10}]}, &(0x7f0000000540)='GPL\x00', 0x7}, 0x94)

264.978741ms ago: executing program 1 (id=3095):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = socket(0x1, 0x803, 0x0)
getpeername$netlink(r0, &(0x7f0000000040), 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000340)={<r8=>0x0, 0x0, 0x0, 0xe8a8, 0x1a, 0x8}, &(0x7f0000000380)=0x14)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000400)={r8, 0x3, 0x14c2}, &(0x7f0000000440)=0x8)
unshare(0x62040200)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYRES64], 0x1c}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
vmsplice(r10, &(0x7f0000003680)=[{&(0x7f0000001400)="eb", 0x1}], 0x2000000000000138, 0xe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendto$inet6(r2, &(0x7f0000000500)="10f57416215a7f4aef843024fb66d6e1a75fb3b725ac0d25ee3a193d25cca5f965c06edeca11e6a2d769604eb8c0558f2ebedd6ea4433f89e01f819778e1648a4dbcd8", 0x43, 0x800, &(0x7f0000000580)={0xa, 0x4e24, 0x0, @loopback, 0x9}, 0x1c)
setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f00000007c0)={0x5, {{0xa, 0x4e22, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x733f}}, 0x1, 0xa, [{{0xa, 0x4e23, 0xfffffff4, @empty, 0x80000001}}, {{0xa, 0x4e23, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}}, {{0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0xf4}, 0xb0}}, {{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, '\x00', 0x34}, 0x7da}}, {{0xa, 0x4e23, 0x7, @loopback, 0x5}}, {{0xa, 0x4e20, 0xe, @private1, 0x2}}, {{0xa, 0x4e22, 0x7, @loopback, 0x5a5}}, {{0xa, 0x4e21, 0x5, @private1, 0x6}}, {{0xa, 0x4e24, 0x10001, @ipv4={'\x00', '\xff\xff', @multicast2}}}, {{0xa, 0x4e24, 0x9, @mcast1, 0xfffffff7}}]}, 0x590)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008", @ANYRES32=r7], 0x50}}, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r11=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r11}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

263.192882ms ago: executing program 4 (id=3096):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000004c0)=0x2)
unshare(0x26020480)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$kcm(0x29, 0x7, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="021800001b000000000000000000000005000600000000000a000000000000000000000000000000000000000000000000000000000000000800120000000300000000000000000006000000000000000000000000000000ac1414aa000000000000000000000000e000000200000000000000000000000005000500000000000a004e2200000000fc0100000000000000000000000000000000000000000000070019"], 0xd8}}, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f00000000c0))
syz_emit_ethernet(0x2e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004608002000650000060290780a010102ac0000000004041012fc907864010102b949ca466ff38e0a057e59696c9d9c5d87ed59baa250a08f30f431b7ae3f248edf261edaabb95e95417fc4403ab6c788d113e77b44c5fff593387616d71ba9ceeba3a09f8263dc841a5fffa02a3a5b96bd9eccea0fb8fdd85b39e52b31c3c1bc38670b79b64602c865e204b765880d827a10ad27e43dff9db70c7b565c56d74b8d59ab2e5014379487c87b18e5a65e4c7a455da305d8ab1129555a5a1ca4bd0eb86719d9cb339d0dc0bf845bb18d6703e46a109a9d4875"], 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={@multicast1, 0x1, 0x0, 0x50, 0x0, [{@remote}, {@multicast1}, {@multicast2}, {@remote}, {@local}]}})

27.317051ms ago: executing program 4 (id=3097):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x1}}, 0x40)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x6000000)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=3098):
socket$inet(0xa, 0x801, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
socket$netlink(0x10, 0x3, 0xf)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0xe, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0xfe0f, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

kernel console output (not intermixed with test programs):

peed is unknown, defaulting to 1000
[  378.818091][T13496] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2302'.
[  379.013244][T13500] netlink: 'syz.0.2303': attribute type 10 has an invalid length.
[  379.022171][T13500] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2303'.
[  379.038702][T13500] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2303'.
[  379.093435][T13502] FAULT_INJECTION: forcing a failure.
[  379.093435][T13502] name failslab, interval 1, probability 0, space 0, times 0
[  379.154792][T13502] CPU: 1 UID: 0 PID: 13502 Comm: syz.4.2304 Not tainted syzkaller #0 PREEMPT(full) 
[  379.154826][T13502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  379.154839][T13502] Call Trace:
[  379.154848][T13502]  <TASK>
[  379.154857][T13502]  dump_stack_lvl+0x189/0x250
[  379.154894][T13502]  ? __pfx____ratelimit+0x10/0x10
[  379.154917][T13502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.154948][T13502]  ? __pfx__printk+0x10/0x10
[  379.154973][T13502]  ? __pfx___might_resched+0x10/0x10
[  379.154998][T13502]  ? fs_reclaim_acquire+0x7d/0x100
[  379.155025][T13502]  should_fail_ex+0x414/0x560
[  379.155066][T13502]  should_failslab+0xa8/0x100
[  379.155092][T13502]  __kmalloc_cache_noprof+0x6f/0x6f0
[  379.155125][T13502]  ? sctp_datamsg_from_user+0x88/0xef0
[  379.155166][T13502]  sctp_datamsg_from_user+0x88/0xef0
[  379.155201][T13502]  ? __sk_mem_raise_allocated+0x28d/0x1280
[  379.155232][T13502]  ? __genradix_ptr+0x1e1/0x220
[  379.155267][T13502]  ? sctp_primitive_ASSOCIATE+0x95/0xc0
[  379.155297][T13502]  sctp_sendmsg_to_asoc+0xffe/0x1810
[  379.155321][T13502]  ? __asan_memcpy+0x40/0x70
[  379.155367][T13502]  ? sctp_assoc_add_peer+0xcfa/0x13b0
[  379.155412][T13502]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  379.155439][T13502]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  379.155464][T13502]  ? __local_bh_enable_ip+0x12d/0x1c0
[  379.155498][T13502]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  379.155522][T13502]  ? security_sctp_bind_connect+0x7e/0x2e0
[  379.155553][T13502]  sctp_sendmsg+0x1941/0x2810
[  379.155593][T13502]  ? __pfx_sctp_sendmsg+0x10/0x10
[  379.155623][T13502]  ? aa_sk_perm+0x81e/0x950
[  379.155654][T13502]  ? __lock_acquire+0xab9/0xd20
[  379.155679][T13502]  ? __pfx_aa_sk_perm+0x10/0x10
[  379.155715][T13502]  ? sock_rps_record_flow+0x19/0x410
[  379.155743][T13502]  ? inet_sendmsg+0x2f4/0x370
[  379.155772][T13502]  __sock_sendmsg+0x19c/0x270
[  379.155810][T13502]  ____sys_sendmsg+0x52d/0x830
[  379.155844][T13502]  ? __pfx_____sys_sendmsg+0x10/0x10
[  379.155883][T13502]  ? import_iovec+0x74/0xa0
[  379.155915][T13502]  ___sys_sendmsg+0x21f/0x2a0
[  379.155945][T13502]  ? __pfx____sys_sendmsg+0x10/0x10
[  379.156015][T13502]  ? __fget_files+0x2a/0x420
[  379.156036][T13502]  ? __fget_files+0x3a0/0x420
[  379.156070][T13502]  __sys_sendmmsg+0x227/0x430
[  379.156104][T13502]  ? __pfx___sys_sendmmsg+0x10/0x10
[  379.156143][T13502]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  379.156190][T13502]  ? ksys_write+0x22a/0x250
[  379.156225][T13502]  ? __pfx_ksys_write+0x10/0x10
[  379.156263][T13502]  __x64_sys_sendmmsg+0xa0/0xc0
[  379.156293][T13502]  do_syscall_64+0xfa/0xfa0
[  379.156314][T13502]  ? lockdep_hardirqs_on+0x9c/0x150
[  379.156344][T13502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.156367][T13502]  ? clear_bhb_loop+0x60/0xb0
[  379.156394][T13502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.156416][T13502] RIP: 0033:0x7f34f6f8f749
[  379.156436][T13502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.156456][T13502] RSP: 002b:00007f34f7ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  379.156480][T13502] RAX: ffffffffffffffda RBX: 00007f34f71e5fa0 RCX: 00007f34f6f8f749
[  379.156497][T13502] RDX: 0000000000000001 RSI: 0000200000001c80 RDI: 0000000000000004
[  379.156511][T13502] RBP: 00007f34f7ed7090 R08: 0000000000000000 R09: 0000000000000000
[  379.156524][T13502] R10: 931766f6319eed00 R11: 0000000000000246 R12: 0000000000000002
[  379.156539][T13502] R13: 00007f34f71e6038 R14: 00007f34f71e5fa0 R15: 00007ffd86b13ee8
[  379.156576][T13502]  </TASK>
[  379.746159][T13511] netlink: 'syz.4.2306': attribute type 10 has an invalid length.
[  379.784537][T13491] ip6_vti0 speed is unknown, defaulting to 1000
[  381.490121][T13514] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  381.738757][T13528] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2311'.
[  382.466918][T13550] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  382.727310][T13550] netlink: 'syz.3.2318': attribute type 1 has an invalid length.
[  382.763072][T13562] netlink: 'syz.4.2323': attribute type 10 has an invalid length.
[  382.777153][T13536] ip6_vti0 speed is unknown, defaulting to 1000
[  382.787093][T13562] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2323'.
[  382.829064][T13562] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2323'.
[  384.839449][T13571] ip6_vti0 speed is unknown, defaulting to 1000
[  385.086053][T13597] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2330'.
[  385.736348][T13615] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  385.751713][T13606] ip6_vti0 speed is unknown, defaulting to 1000
[  385.943820][T13615] netlink: 'syz.2.2336': attribute type 1 has an invalid length.
[  386.321948][T13625] netlink: 'syz.3.2339': attribute type 2 has an invalid length.
[  386.460317][T13629] netlink: 'syz.1.2340': attribute type 10 has an invalid length.
[  386.480084][T13629] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2340'.
[  386.554417][T13629] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2340'.
[  386.582702][T13633] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2341'.
[  386.613313][T13633] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2341'.
[  386.637287][T13629] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2340'.
[  386.846348][T13639] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2342'.
[  386.963014][T13647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2344'.
[  386.982793][T13645] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2345'.
[  387.070989][T13641] bond4: Unable to set down delay as MII monitoring is disabled
[  387.093323][T13641] bond4 (unregistering): Released all slaves
[  387.136965][T13640] ip6_vti0 speed is unknown, defaulting to 1000
[  387.150390][T13654] sctp: [Deprecated]: syz.0.2345 (pid 13654) Use of struct sctp_assoc_value in delayed_ack socket option.
[  387.150390][T13654] Use struct sctp_sack_info instead
[  387.399504][T13644] ip6_vti0 speed is unknown, defaulting to 1000
[  387.719086][T13671] netlink: 'syz.4.2352': attribute type 10 has an invalid length.
[  387.728824][T13671] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2352'.
[  387.742017][T13671] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2352'.
[  387.751815][T13671] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2352'.
[  387.916793][T13676] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2354'.
[  387.937252][T13676] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2354'.
[  387.950564][T13677] netlink: 'syz.0.2353': attribute type 10 has an invalid length.
[  390.300687][T13677] bond0: (slave wlan1): Opening slave failed
[  390.627032][T13664] ip6_vti0 speed is unknown, defaulting to 1000
[  390.707753][T13695] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2360'.
[  391.362257][T13686] ip6_vti0 speed is unknown, defaulting to 1000
[  391.649014][T13713] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2365'.
[  391.938407][T13719] bond3: Unable to set down delay as MII monitoring is disabled
[  391.948653][T13719] bond3 (unregistering): Released all slaves
[  391.957728][T13722] __nla_validate_parse: 2 callbacks suppressed
[  391.957746][T13722] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2367'.
[  392.087964][T13724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2368'.
[  392.331999][T13724] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2368'.
[  392.341695][T13724] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2368'.
[  392.791759][T13745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2371'.
[  392.841316][T13739] ip6_vti0 speed is unknown, defaulting to 1000
[  393.322295][T13755] IPVS: Scheduler module ip_vs_ not found
[  393.332094][T13759] IPVS: length: 24 != 12792
[  393.861602][T13778] syz2: rxe_newlink: already configured on ip6_vti0
[  394.433040][T13793] ip6_vti0 speed is unknown, defaulting to 1000
[  394.871901][T13797] ip6_vti0 speed is unknown, defaulting to 1000
[  394.975106][T13811] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2392'.
[  395.042503][T13811] veth6: entered allmulticast mode
[  395.073328][T13812] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2392'.
[  395.249404][T13801] ip6_vti0 speed is unknown, defaulting to 1000
[  395.556264][T13823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2393'.
[  395.567654][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2394'.
[  395.772384][T13816] ip6_vti0 speed is unknown, defaulting to 1000
[  396.018956][T13818] ip6_vti0 speed is unknown, defaulting to 1000
[  397.277698][T13838] SET target dimension over the limit!
[  397.561901][T13847] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2399'.
[  397.628380][T13848] syz2: rxe_newlink: already configured on ip6_vti0
[  397.657108][T13843] bridge0: port 4(gretap0) entered blocking state
[  397.663781][T13843] bridge0: port 4(gretap0) entered forwarding state
[  397.670838][T13843] bridge0: port 3(bond0) entered blocking state
[  397.677295][T13843] bridge0: port 3(bond0) entered forwarding state
[  397.694252][T13843] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  397.847922][T13850] bond5: Unable to set down delay as MII monitoring is disabled
[  397.859331][T13850] bond5 (unregistering): Released all slaves
[  398.023356][T13856] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  398.218228][T13867] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2408'.
[  398.606952][T13878] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2411'.
[  399.122322][T13881] ip6_vti0 speed is unknown, defaulting to 1000
[  399.285585][T13897] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2417'.
[  399.351207][T13901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2415'.
[  399.639769][T13894] ip6_vti0 speed is unknown, defaulting to 1000
[  399.655420][T13902] ip6gretap0: entered promiscuous mode
[  399.661371][T13902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2417'.
[  399.672609][T13900] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  400.329891][T13912] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  400.399147][T13915] ip6_vti0 speed is unknown, defaulting to 1000
[  401.738225][T13926] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.876731][T13926] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.967344][T13926] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.070537][T13926] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.303311][   T36] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  402.325100][   T36] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  402.387441][   T36] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  402.391451][T13938] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20004
[  402.415362][   T36] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  402.484473][T13938] netlink: 356 bytes leftover after parsing attributes in process `syz.2.2427'.
[  402.552016][T13944] netlink: 'syz.3.2428': attribute type 10 has an invalid length.
[  402.572556][T13944] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2428'.
[  402.723288][T13948] bond4: Unable to set down delay as MII monitoring is disabled
[  402.725545][T13944] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2428'.
[  402.750775][T13948] bond4 (unregistering): Released all slaves
[  402.805165][T13944] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2428'.
[  402.900087][T13955] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2431'.
[  403.982905][T13989] FAULT_INJECTION: forcing a failure.
[  403.982905][T13989] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  403.997326][T13989] CPU: 0 UID: 0 PID: 13989 Comm: syz.4.2440 Not tainted syzkaller #0 PREEMPT(full) 
[  403.997357][T13989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  403.997372][T13989] Call Trace:
[  403.997381][T13989]  <TASK>
[  403.997391][T13989]  dump_stack_lvl+0x189/0x250
[  403.997426][T13989]  ? __pfx____ratelimit+0x10/0x10
[  403.997448][T13989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.997478][T13989]  ? __pfx__printk+0x10/0x10
[  403.997503][T13989]  ? fs_reclaim_acquire+0x7d/0x100
[  403.997534][T13989]  should_fail_ex+0x414/0x560
[  403.997572][T13989]  prepare_alloc_pages+0x213/0x610
[  403.997597][T13989]  __alloc_frozen_pages_noprof+0x123/0x370
[  403.997621][T13989]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  403.997651][T13989]  ? policy_nodemask+0x27c/0x720
[  403.997676][T13989]  alloc_pages_mpol+0x232/0x4a0
[  403.997701][T13989]  vma_alloc_folio_noprof+0xe4/0x200
[  403.997724][T13989]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  403.997756][T13989]  folio_prealloc+0x30/0x180
[  403.997786][T13989]  do_wp_page+0x1231/0x5800
[  403.997842][T13989]  ? __pfx_do_wp_page+0x10/0x10
[  403.997865][T13989]  ? do_raw_spin_lock+0x121/0x290
[  403.997895][T13989]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  403.997933][T13989]  __handle_mm_fault+0x1033/0x5400
[  403.997977][T13989]  ? __pfx___handle_mm_fault+0x10/0x10
[  403.998025][T13989]  ? find_vma+0xe7/0x160
[  403.998049][T13989]  ? __pfx_find_vma+0x10/0x10
[  403.998086][T13989]  handle_mm_fault+0x40a/0x8e0
[  403.998124][T13989]  do_user_addr_fault+0x764/0x1380
[  403.998162][T13989]  exc_page_fault+0x82/0x100
[  403.998185][T13989]  asm_exc_page_fault+0x26/0x30
[  403.998203][T13989] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  403.998230][T13989] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 7f 31 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  403.998246][T13989] RSP: 0018:ffffc9000e4373d8 EFLAGS: 00050206
[  403.998264][T13989] RAX: ffffffff84871d01 RBX: ffff8880550b0000 RCX: 0000000000000200
[  403.998278][T13989] RDX: 0000000000000000 RSI: ffff8880550b7e00 RDI: 000020000001c000
[  403.998291][T13989] RBP: ffffc9000e437558 R08: ffff8880550b7fff R09: 1ffff1100aa16fff
[  403.998305][T13989] R10: dffffc0000000000 R11: ffffed100aa17000 R12: 1ffff92001c86fbf
[  403.998321][T13989] R13: 0000200000014200 R14: ffffc9000e437e08 R15: 0000000000008000
[  403.998343][T13989]  ? _copy_to_iter+0x181/0x1790
[  403.998372][T13989]  _copy_to_iter+0x24f/0x1790
[  403.998392][T13989]  ? sock_recvmsg+0x22c/0x270
[  403.998418][T13989]  ? ____sys_recvmsg+0x1c9/0x460
[  403.998439][T13989]  ? ___sys_recvmsg+0x1b5/0x510
[  403.998460][T13989]  ? __x64_sys_recvmsg+0x198/0x260
[  403.998498][T13989]  ? __pfx__copy_to_iter+0x10/0x10
[  403.998538][T13989]  __skb_datagram_iter+0x41a/0x990
[  403.998566][T13989]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  403.998601][T13989]  skb_copy_datagram_iter+0xc5/0x230
[  403.998632][T13989]  unix_stream_read_actor+0x6c/0xb0
[  403.998661][T13989]  unix_stream_read_generic+0xa67/0x2390
[  403.998722][T13989]  ? __pfx_unix_stream_read_generic+0x10/0x10
[  403.998773][T13989]  unix_stream_recvmsg+0x15d/0x1b0
[  403.998803][T13989]  ? __pfx_unix_stream_recvmsg+0x10/0x10
[  403.998828][T13989]  ? __pfx_unix_stream_read_actor+0x10/0x10
[  403.998856][T13989]  ? aa_sock_msg_perm+0xda/0x1d0
[  403.998888][T13989]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  403.998906][T13989]  ? security_socket_recvmsg+0x7e/0x2e0
[  403.998926][T13989]  ? __pfx_unix_stream_recvmsg+0x10/0x10
[  403.998953][T13989]  sock_recvmsg+0x22c/0x270
[  403.998987][T13989]  ____sys_recvmsg+0x1c9/0x460
[  403.999021][T13989]  ? __pfx_____sys_recvmsg+0x10/0x10
[  403.999071][T13989]  ? import_iovec+0x74/0xa0
[  403.999101][T13989]  ___sys_recvmsg+0x1b5/0x510
[  403.999132][T13989]  ? __pfx____sys_recvmsg+0x10/0x10
[  403.999186][T13989]  ? __fget_files+0x3a0/0x420
[  403.999217][T13989]  __x64_sys_recvmsg+0x198/0x260
[  403.999245][T13989]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  403.999281][T13989]  ? __pfx_ksys_write+0x10/0x10
[  403.999315][T13989]  ? do_syscall_64+0xbe/0xfa0
[  403.999340][T13989]  do_syscall_64+0xfa/0xfa0
[  403.999359][T13989]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.999379][T13989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.999398][T13989]  ? clear_bhb_loop+0x60/0xb0
[  403.999422][T13989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.999441][T13989] RIP: 0033:0x7f34f6f8f749
[  403.999459][T13989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.999475][T13989] RSP: 002b:00007f34f7eb6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  403.999497][T13989] RAX: ffffffffffffffda RBX: 00007f34f71e6090 RCX: 00007f34f6f8f749
[  403.999511][T13989] RDX: 0000000040000300 RSI: 0000200000001140 RDI: 0000000000000004
[  403.999524][T13989] RBP: 00007f34f7eb6090 R08: 0000000000000000 R09: 0000000000000000
[  403.999535][T13989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  403.999546][T13989] R13: 00007f34f71e6128 R14: 00007f34f71e6090 R15: 00007ffd86b13ee8
[  403.999581][T13989]  </TASK>
[  405.279949][T13982] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  405.397063][T13993] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2442'.
[  405.418759][T13993] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2442'.
[  405.506736][T13997] bond5: Unable to set down delay as MII monitoring is disabled
[  405.536851][T13997] bond5 (unregistering): Released all slaves
[  405.550526][T14004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2445'.
[  405.910113][T14021] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2448'.
[  405.930420][T14021] bridge0: port 4(gretap0) entered disabled state
[  405.937171][T14021] bridge0: port 3(bond0) entered disabled state
[  405.980143][T14019] FAULT_INJECTION: forcing a failure.
[  405.980143][T14019] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.999177][T14024] ip6_vti0 speed is unknown, defaulting to 1000
[  406.025502][T14019] CPU: 0 UID: 0 PID: 14019 Comm: syz.1.2449 Not tainted syzkaller #0 PREEMPT(full) 
[  406.025535][T14019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  406.025550][T14019] Call Trace:
[  406.025559][T14019]  <TASK>
[  406.025569][T14019]  dump_stack_lvl+0x189/0x250
[  406.025607][T14019]  ? __pfx____ratelimit+0x10/0x10
[  406.025629][T14019]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.025660][T14019]  ? __pfx__printk+0x10/0x10
[  406.025683][T14019]  ? __might_fault+0xb0/0x130
[  406.025728][T14019]  should_fail_ex+0x414/0x560
[  406.025768][T14019]  _copy_from_user+0x2d/0xb0
[  406.025798][T14019]  ___sys_recvmsg+0x12e/0x510
[  406.025834][T14019]  ? __pfx____sys_recvmsg+0x10/0x10
[  406.025907][T14019]  ? __might_fault+0xb0/0x130
[  406.025944][T14019]  do_recvmmsg+0x307/0x770
[  406.025981][T14019]  ? __pfx_do_recvmmsg+0x10/0x10
[  406.026022][T14019]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  406.026065][T14019]  __x64_sys_recvmmsg+0x190/0x240
[  406.026098][T14019]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  406.026131][T14019]  ? do_syscall_64+0xbe/0xfa0
[  406.026159][T14019]  do_syscall_64+0xfa/0xfa0
[  406.026181][T14019]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.026203][T14019]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.026225][T14019]  ? clear_bhb_loop+0x60/0xb0
[  406.026252][T14019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.026274][T14019] RIP: 0033:0x7fb3a158f749
[  406.026293][T14019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.026312][T14019] RSP: 002b:00007fb3a2507038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  406.026336][T14019] RAX: ffffffffffffffda RBX: 00007fb3a17e5fa0 RCX: 00007fb3a158f749
[  406.026353][T14019] RDX: 0000000000000414 RSI: 0000200000000840 RDI: 0000000000000003
[  406.026368][T14019] RBP: 00007fb3a2507090 R08: 0000000000000000 R09: 0000000000000000
[  406.026382][T14019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  406.026394][T14019] R13: 00007fb3a17e6038 R14: 00007fb3a17e5fa0 R15: 00007ffc17e2e608
[  406.026430][T14019]  </TASK>
[  406.072151][T14031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2451'.
[  406.497408][T14035] ip6_vti0 speed is unknown, defaulting to 1000
[  407.118010][T14039] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  407.280829][T14063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2458'.
[  407.379939][T14061] bond1: Unable to set down delay as MII monitoring is disabled
[  407.399784][T14061] bond1 (unregistering): Released all slaves
[  407.540517][T14069] ip6_vti0 speed is unknown, defaulting to 1000
[  407.646064][T14078] __nla_validate_parse: 1 callbacks suppressed
[  407.646086][T14078] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2462'.
[  407.674338][T14078] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2462'.
[  407.697698][T14082] openvswitch: netlink: Message has 8 unknown bytes.
[  407.723870][T14078] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2462'.
[  407.821497][T14085] Cannot find add_set index 0 as target
[  408.613286][T14105] ip6_vti0 speed is unknown, defaulting to 1000
[  408.626538][T14107] FAULT_INJECTION: forcing a failure.
[  408.626538][T14107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.640644][T14107] CPU: 1 UID: 0 PID: 14107 Comm: syz.1.2472 Not tainted syzkaller #0 PREEMPT(full) 
[  408.640676][T14107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  408.640689][T14107] Call Trace:
[  408.640698][T14107]  <TASK>
[  408.640707][T14107]  dump_stack_lvl+0x189/0x250
[  408.640744][T14107]  ? __pfx____ratelimit+0x10/0x10
[  408.640767][T14107]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.640798][T14107]  ? __pfx__printk+0x10/0x10
[  408.640846][T14107]  should_fail_ex+0x414/0x560
[  408.640888][T14107]  _copy_to_user+0x31/0xb0
[  408.640921][T14107]  simple_read_from_buffer+0xe1/0x170
[  408.640962][T14107]  proc_fail_nth_read+0x1b3/0x220
[  408.640996][T14107]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.641029][T14107]  ? rw_verify_area+0x2a6/0x4d0
[  408.641059][T14107]  ? __lock_acquire+0xab9/0xd20
[  408.641079][T14107]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.641110][T14107]  vfs_read+0x200/0xa30
[  408.641140][T14107]  ? fdget_pos+0x247/0x320
[  408.641167][T14107]  ? __pfx___mutex_lock+0x10/0x10
[  408.641194][T14107]  ? __pfx_vfs_read+0x10/0x10
[  408.641228][T14107]  ? __fget_files+0x2a/0x420
[  408.641255][T14107]  ? __fget_files+0x3a0/0x420
[  408.641275][T14107]  ? __fget_files+0x2a/0x420
[  408.641307][T14107]  ksys_read+0x145/0x250
[  408.641337][T14107]  ? __fget_files+0x2a/0x420
[  408.641360][T14107]  ? __pfx_ksys_read+0x10/0x10
[  408.641396][T14107]  ? do_syscall_64+0xbe/0xfa0
[  408.641424][T14107]  do_syscall_64+0xfa/0xfa0
[  408.641446][T14107]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.641470][T14107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.641492][T14107]  ? clear_bhb_loop+0x60/0xb0
[  408.641520][T14107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.641546][T14107] RIP: 0033:0x7fb3a158e15c
[  408.641566][T14107] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  408.641585][T14107] RSP: 002b:00007fb3a2507030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  408.641608][T14107] RAX: ffffffffffffffda RBX: 00007fb3a17e5fa0 RCX: 00007fb3a158e15c
[  408.641624][T14107] RDX: 000000000000000f RSI: 00007fb3a25070a0 RDI: 0000000000000003
[  408.641638][T14107] RBP: 00007fb3a2507090 R08: 0000000000000000 R09: 0000000000000000
[  408.641652][T14107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.641665][T14107] R13: 00007fb3a17e6038 R14: 00007fb3a17e5fa0 R15: 00007ffc17e2e608
[  408.641704][T14107]  </TASK>
[  409.078633][T14112] bond5: Unable to set down delay as MII monitoring is disabled
[  409.090863][T14114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2474'.
[  409.123578][T14112] bond5 (unregistering): Released all slaves
[  409.793653][T14138] netlink: 'syz.2.2482': attribute type 10 has an invalid length.
[  409.813816][T14138] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2482'.
[  409.866677][T14138] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2482'.
[  409.903400][T14138] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2482'.
[  410.778338][T14155] bond5: Unable to set down delay as MII monitoring is disabled
[  410.793404][T14155] bond5 (unregistering): Released all slaves
[  412.535814][T14171] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  412.566022][T14172] syzkaller0: entered promiscuous mode
[  412.573542][T14172] syzkaller0: entered allmulticast mode
[  412.607866][T14175] tipc: Resetting bearer <eth:syzkaller0>
[  412.728004][T14181] netlink: 'syz.4.2494': attribute type 13 has an invalid length.
[  412.769123][T14181] netlink: 'syz.4.2494': attribute type 17 has an invalid length.
[  412.789303][T14181] netlink: 'syz.4.2494': attribute type 27 has an invalid length.
[  412.859927][T14179] ip6_vti0 speed is unknown, defaulting to 1000
[  412.927943][T14190] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2498'.
[  412.948494][T14190] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2498'.
[  413.077025][T14193] bond5: Unable to set down delay as MII monitoring is disabled
[  413.137541][T14193] bond5 (unregistering): Released all slaves
[  413.499146][T14213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2506'.
[  413.550928][T14213] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2506'.
[  413.586386][   T43] tipc: Node number set to 254046408
[  413.592712][T14213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2506'.
[  413.630841][T14213] netlink: 'syz.1.2506': attribute type 23 has an invalid length.
[  413.660524][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2508'.
[  414.269688][T14231] netlink: 'syz.0.2511': attribute type 4 has an invalid length.
[  414.344244][T14233] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  414.455298][T14235] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2513'.
[  414.497811][T14235] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2513'.
[  415.516767][T14276] netlink: 'syz.2.2524': attribute type 2 has an invalid length.
[  415.827810][T14280] ip6_vti0 speed is unknown, defaulting to 1000
[  416.239397][T14298] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2530'.
[  416.270761][T14298] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2530'.
[  416.733881][T14307] xt_l2tp: v2 tid > 0xffff: 37482740
[  416.752843][T14277] ip6_vti0 speed is unknown, defaulting to 1000
[  416.864070][T14314] netlink: 'syz.2.2535': attribute type 10 has an invalid length.
[  417.073951][T14289] ip6_vti0 speed is unknown, defaulting to 1000
[  418.743485][T14317] __nla_validate_parse: 3 callbacks suppressed
[  418.743505][T14317] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2536'.
[  419.653759][T14340] ip6_vti0 speed is unknown, defaulting to 1000
[  419.679068][T14343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2542'.
[  419.720546][T14334] netlink: 'syz.4.2540': attribute type 30 has an invalid length.
[  419.815028][T14334] bond5: option arp_missed_max: invalid value (0)
[  419.821810][T14334] bond5: option arp_missed_max: allowed values 1 - 255
[  419.831256][T14334] bond5 (unregistering): Released all slaves
[  420.016595][T14348] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2544'.
[  420.301051][T14355] bond5: Unable to set down delay as MII monitoring is disabled
[  420.319898][T14355] bond5 (unregistering): Released all slaves
[  420.671320][T14372] netlink: 'syz.4.2550': attribute type 10 has an invalid length.
[  420.704065][T14373] netlink: 'syz.2.2549': attribute type 13 has an invalid length.
[  420.704817][T14372] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2550'.
[  420.752668][T14376] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2550'.
[  420.820697][T14373] gretap0: refused to change device tx_queue_len
[  420.851950][T14373] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  420.913562][T14376] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2550'.
[  421.582081][T14399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2553'.
[  422.107910][T14403] netlink: 'syz.2.2556': attribute type 3 has an invalid length.
[  422.495641][T14411] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2558'.
[  423.347391][T14391] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  423.409911][T14392] ip6_vti0 speed is unknown, defaulting to 1000
[  423.552755][T14420] bond3: Unable to set down delay as MII monitoring is disabled
[  423.576660][T14420] bond3 (unregistering): Released all slaves
[  423.978234][T14443] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2567'.
[  424.759394][T14453] netlink: 'syz.0.2571': attribute type 10 has an invalid length.
[  424.774735][T14453] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2571'.
[  424.798503][T14453] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2571'.
[  424.809731][T14453] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2571'.
[  424.860527][T14454] ip6_vti0 speed is unknown, defaulting to 1000
[  426.102827][T14480] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2577'.
[  427.280138][T14455] ip6_vti0 speed is unknown, defaulting to 1000
[  427.286441][T14474] netlink: 6 bytes leftover after parsing attributes in process `syz.4.2575'.
[  427.288775][T14474] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  427.315660][T14479] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  427.656471][T14486] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  428.799655][T14515] tc_dump_action: action bad kind
[  428.872554][T14515] ip6_vti0 speed is unknown, defaulting to 1000
[  429.276643][T14525] FAULT_INJECTION: forcing a failure.
[  429.276643][T14525] name failslab, interval 1, probability 0, space 0, times 0
[  429.314833][T14525] CPU: 1 UID: 0 PID: 14525 Comm: syz.4.2590 Not tainted syzkaller #0 PREEMPT(full) 
[  429.314865][T14525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  429.314883][T14525] Call Trace:
[  429.314892][T14525]  <TASK>
[  429.314902][T14525]  dump_stack_lvl+0x189/0x250
[  429.314937][T14525]  ? __pfx____ratelimit+0x10/0x10
[  429.314959][T14525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  429.314989][T14525]  ? __pfx__printk+0x10/0x10
[  429.315015][T14525]  ? __pfx___might_resched+0x10/0x10
[  429.315040][T14525]  ? fs_reclaim_acquire+0x7d/0x100
[  429.315070][T14525]  should_fail_ex+0x414/0x560
[  429.315111][T14525]  should_failslab+0xa8/0x100
[  429.315135][T14525]  kmem_cache_alloc_node_noprof+0x77/0x710
[  429.315174][T14525]  ? __alloc_skb+0x255/0x430
[  429.315195][T14525]  ? napi_skb_cache_get+0x4a5/0x790
[  429.315216][T14525]  ? napi_skb_cache_get+0x151/0x790
[  429.315242][T14525]  __alloc_skb+0x255/0x430
[  429.315269][T14525]  ? __pfx___alloc_skb+0x10/0x10
[  429.315298][T14525]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  429.315327][T14525]  netlink_sendmsg+0x5c6/0xb30
[  429.315365][T14525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.315395][T14525]  ? aa_sock_msg_perm+0xf1/0x1d0
[  429.315431][T14525]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  429.315452][T14525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  429.315498][T14525]  __sock_sendmsg+0x21c/0x270
[  429.315536][T14525]  ____sys_sendmsg+0x505/0x830
[  429.315570][T14525]  ? __pfx_____sys_sendmsg+0x10/0x10
[  429.315608][T14525]  ? import_iovec+0x74/0xa0
[  429.315641][T14525]  ___sys_sendmsg+0x21f/0x2a0
[  429.315671][T14525]  ? __pfx____sys_sendmsg+0x10/0x10
[  429.315736][T14525]  ? __fget_files+0x2a/0x420
[  429.315757][T14525]  ? __fget_files+0x3a0/0x420
[  429.315790][T14525]  __x64_sys_sendmsg+0x19b/0x260
[  429.315821][T14525]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  429.315860][T14525]  ? __pfx_ksys_write+0x10/0x10
[  429.315896][T14525]  ? do_syscall_64+0xbe/0xfa0
[  429.315924][T14525]  do_syscall_64+0xfa/0xfa0
[  429.315946][T14525]  ? lockdep_hardirqs_on+0x9c/0x150
[  429.315969][T14525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.315991][T14525]  ? clear_bhb_loop+0x60/0xb0
[  429.316019][T14525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.316047][T14525] RIP: 0033:0x7f34f6f8f749
[  429.316066][T14525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.316085][T14525] RSP: 002b:00007f34f7ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  429.316109][T14525] RAX: ffffffffffffffda RBX: 00007f34f71e5fa0 RCX: 00007f34f6f8f749
[  429.316125][T14525] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  429.316144][T14525] RBP: 00007f34f7ed7090 R08: 0000000000000000 R09: 0000000000000000
[  429.316159][T14525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.316172][T14525] R13: 00007f34f71e6038 R14: 00007f34f71e5fa0 R15: 00007ffd86b13ee8
[  429.316208][T14525]  </TASK>
[  429.898816][T14536] netlink: 'syz.4.2593': attribute type 1 has an invalid length.
[  429.913072][T14536] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  429.930024][T14536] netlink: 'syz.4.2593': attribute type 3 has an invalid length.
[  429.946988][T14536] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2593'.
[  430.242092][T14544] ip6_vti0 speed is unknown, defaulting to 1000
[  430.344532][T14551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2597'.
[  430.393660][T14553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2595'.
[  430.596924][T14557] netlink: 'syz.4.2598': attribute type 10 has an invalid length.
[  430.768523][T14559] syzkaller0: entered promiscuous mode
[  430.776560][T14559] syzkaller0: entered allmulticast mode
[  430.796589][T14559] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.819341][T14547] ip6_vti0 speed is unknown, defaulting to 1000
[  431.130578][T14564] ip6_vti0 speed is unknown, defaulting to 1000
[  431.243150][T14558] tipc: Resetting bearer <eth:syzkaller0>
[  431.269798][T14558] tipc: Disabling bearer <eth:syzkaller0>
[  431.497207][T14563] ip6_vti0 speed is unknown, defaulting to 1000
[  431.914297][T14591] FAULT_INJECTION: forcing a failure.
[  431.914297][T14591] name failslab, interval 1, probability 0, space 0, times 0
[  431.964912][T14591] CPU: 1 UID: 0 PID: 14591 Comm: syz.2.2607 Not tainted syzkaller #0 PREEMPT(full) 
[  431.964950][T14591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  431.964964][T14591] Call Trace:
[  431.964973][T14591]  <TASK>
[  431.964983][T14591]  dump_stack_lvl+0x189/0x250
[  431.965020][T14591]  ? __pfx____ratelimit+0x10/0x10
[  431.965043][T14591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.965075][T14591]  ? __pfx__printk+0x10/0x10
[  431.965113][T14591]  should_fail_ex+0x414/0x560
[  431.965155][T14591]  should_failslab+0xa8/0x100
[  431.965181][T14591]  kmem_cache_alloc_node_noprof+0x77/0x710
[  431.965214][T14591]  ? __alloc_skb+0x255/0x430
[  431.965237][T14591]  ? napi_skb_cache_get+0x4a5/0x790
[  431.965259][T14591]  ? napi_skb_cache_get+0x151/0x790
[  431.965288][T14591]  __alloc_skb+0x255/0x430
[  431.965313][T14591]  ? __pfx___alloc_skb+0x10/0x10
[  431.965339][T14591]  ? __pfx_sctp_bind_addrs_to_raw+0x10/0x10
[  431.965370][T14591]  _sctp_make_chunk+0x5e/0x430
[  431.965400][T14591]  sctp_make_init+0x58b/0xd30
[  431.965433][T14591]  ? is_bpf_text_address+0x292/0x2b0
[  431.965471][T14591]  ? __pfx_sctp_make_init+0x10/0x10
[  431.965518][T14591]  ? stack_trace_save+0x9c/0xe0
[  431.965547][T14591]  ? __pfx_stack_trace_save+0x10/0x10
[  431.965581][T14591]  sctp_sf_do_prm_asoc+0xd2/0x3f0
[  431.965615][T14591]  sctp_do_sm+0x1e7/0x5a20
[  431.965646][T14591]  ? __pfx_sctp_pname+0x10/0x10
[  431.965675][T14591]  ? kasan_save_track+0x4f/0x80
[  431.965704][T14591]  ? kasan_save_track+0x3e/0x80
[  431.965743][T14591]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  431.965776][T14591]  ? sctp_sendmsg_to_asoc+0x12f8/0x1810
[  431.965802][T14591]  ? ____sys_sendmsg+0x52d/0x830
[  431.965827][T14591]  ? ___sys_sendmsg+0x21f/0x2a0
[  431.965851][T14591]  ? __sys_sendmmsg+0x227/0x430
[  431.965876][T14591]  ? __x64_sys_sendmmsg+0xa0/0xc0
[  431.965902][T14591]  ? do_syscall_64+0xfa/0xfa0
[  431.965931][T14591]  ? __pfx_sctp_do_sm+0x10/0x10
[  431.966008][T14591]  ? __sk_mem_raise_allocated+0x28d/0x1280
[  431.966040][T14591]  ? __genradix_ptr+0x1e1/0x220
[  431.966079][T14591]  sctp_primitive_ASSOCIATE+0x95/0xc0
[  431.966113][T14591]  sctp_sendmsg_to_asoc+0x1028/0x1810
[  431.966138][T14591]  ? __asan_memcpy+0x40/0x70
[  431.966177][T14591]  ? sctp_assoc_add_peer+0xcfa/0x13b0
[  431.966221][T14591]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  431.966249][T14591]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  431.966274][T14591]  ? __local_bh_enable_ip+0x12d/0x1c0
[  431.966308][T14591]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  431.966334][T14591]  ? security_sctp_bind_connect+0x7e/0x2e0
[  431.966366][T14591]  sctp_sendmsg+0x1941/0x2810
[  431.966406][T14591]  ? __pfx_sctp_sendmsg+0x10/0x10
[  431.966437][T14591]  ? aa_sk_perm+0x81e/0x950
[  431.966469][T14591]  ? __lock_acquire+0xab9/0xd20
[  431.966495][T14591]  ? __pfx_aa_sk_perm+0x10/0x10
[  431.966532][T14591]  ? sock_rps_record_flow+0x19/0x410
[  431.966562][T14591]  ? inet_sendmsg+0x2f4/0x370
[  431.966592][T14591]  __sock_sendmsg+0x19c/0x270
[  431.966630][T14591]  ____sys_sendmsg+0x52d/0x830
[  431.966665][T14591]  ? __pfx_____sys_sendmsg+0x10/0x10
[  431.966704][T14591]  ? import_iovec+0x74/0xa0
[  431.966746][T14591]  ___sys_sendmsg+0x21f/0x2a0
[  431.966777][T14591]  ? __pfx____sys_sendmsg+0x10/0x10
[  431.966847][T14591]  ? __fget_files+0x2a/0x420
[  431.966869][T14591]  ? __fget_files+0x3a0/0x420
[  431.966903][T14591]  __sys_sendmmsg+0x227/0x430
[  431.966939][T14591]  ? __pfx___sys_sendmmsg+0x10/0x10
[  431.966978][T14591]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  431.967026][T14591]  ? ksys_write+0x22a/0x250
[  431.967062][T14591]  ? __pfx_ksys_write+0x10/0x10
[  431.967100][T14591]  __x64_sys_sendmmsg+0xa0/0xc0
[  431.967131][T14591]  do_syscall_64+0xfa/0xfa0
[  431.967154][T14591]  ? lockdep_hardirqs_on+0x9c/0x150
[  431.967178][T14591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.967201][T14591]  ? clear_bhb_loop+0x60/0xb0
[  431.967228][T14591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.967251][T14591] RIP: 0033:0x7f9f41b8f749
[  431.967273][T14591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.967293][T14591] RSP: 002b:00007f9f42973038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  431.967318][T14591] RAX: ffffffffffffffda RBX: 00007f9f41de5fa0 RCX: 00007f9f41b8f749
[  431.967335][T14591] RDX: 0000000000000001 RSI: 0000200000001c80 RDI: 0000000000000004
[  431.967349][T14591] RBP: 00007f9f42973090 R08: 0000000000000000 R09: 0000000000000000
[  431.967364][T14591] R10: 931766f6319eed00 R11: 0000000000000246 R12: 0000000000000002
[  431.967379][T14591] R13: 00007f9f41de6038 R14: 00007f9f41de5fa0 R15: 00007fff9da02848
[  431.967417][T14591]  </TASK>
[  432.629657][T14594] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2608'.
[  433.381237][T14613] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2612'.
[  433.391893][T14600] ip6_vti0 speed is unknown, defaulting to 1000
[  433.554099][T14617] FAULT_INJECTION: forcing a failure.
[  433.554099][T14617] name failslab, interval 1, probability 0, space 0, times 0
[  433.567661][T14617] CPU: 0 UID: 0 PID: 14617 Comm: syz.4.2613 Not tainted syzkaller #0 PREEMPT(full) 
[  433.567693][T14617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  433.567708][T14617] Call Trace:
[  433.567718][T14617]  <TASK>
[  433.567729][T14617]  dump_stack_lvl+0x189/0x250
[  433.567766][T14617]  ? __pfx____ratelimit+0x10/0x10
[  433.567789][T14617]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.567821][T14617]  ? __pfx__printk+0x10/0x10
[  433.567862][T14617]  should_fail_ex+0x414/0x560
[  433.567904][T14617]  should_failslab+0xa8/0x100
[  433.567930][T14617]  __kmalloc_cache_noprof+0x6f/0x6f0
[  433.567963][T14617]  ? __sctp_v6_cmp_addr+0x1dc/0x510
[  433.567985][T14617]  ? sctp_v6_cmp_addr+0x15/0xd0
[  433.568005][T14617]  ? sctp_add_bind_addr+0x8c/0x370
[  433.568037][T14617]  ? sctp_add_bind_addr+0xb0/0x370
[  433.568078][T14617]  sctp_add_bind_addr+0x8c/0x370
[  433.568118][T14617]  sctp_copy_local_addr_list+0x30b/0x4e0
[  433.568158][T14617]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  433.568193][T14617]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  433.568231][T14617]  ? sctp_v6_is_any+0x64/0x80
[  433.568254][T14617]  ? sctp_copy_one_addr+0x93/0x360
[  433.568293][T14617]  sctp_bind_addr_copy+0xb3/0x3c0
[  433.568330][T14617]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  433.568367][T14617]  sctp_connect_new_asoc+0x2e0/0x690
[  433.568399][T14617]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  433.568425][T14617]  ? __local_bh_enable_ip+0x12d/0x1c0
[  433.568459][T14617]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  433.568484][T14617]  ? security_sctp_bind_connect+0x7e/0x2e0
[  433.568543][T14617]  sctp_sendmsg+0x155c/0x2810
[  433.568584][T14617]  ? __pfx_sctp_sendmsg+0x10/0x10
[  433.568615][T14617]  ? aa_sk_perm+0x81e/0x950
[  433.568647][T14617]  ? __lock_acquire+0xab9/0xd20
[  433.568673][T14617]  ? __pfx_aa_sk_perm+0x10/0x10
[  433.568710][T14617]  ? sock_rps_record_flow+0x19/0x410
[  433.568740][T14617]  ? inet_sendmsg+0x2f4/0x370
[  433.568771][T14617]  __sock_sendmsg+0x19c/0x270
[  433.568810][T14617]  ____sys_sendmsg+0x52d/0x830
[  433.568845][T14617]  ? __pfx_____sys_sendmsg+0x10/0x10
[  433.568885][T14617]  ? import_iovec+0x74/0xa0
[  433.568919][T14617]  ___sys_sendmsg+0x21f/0x2a0
[  433.568950][T14617]  ? __pfx____sys_sendmsg+0x10/0x10
[  433.569021][T14617]  ? __fget_files+0x2a/0x420
[  433.569043][T14617]  ? __fget_files+0x3a0/0x420
[  433.569078][T14617]  __sys_sendmmsg+0x227/0x430
[  433.569113][T14617]  ? __pfx___sys_sendmmsg+0x10/0x10
[  433.569153][T14617]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  433.569201][T14617]  ? ksys_write+0x22a/0x250
[  433.569237][T14617]  ? __pfx_ksys_write+0x10/0x10
[  433.569276][T14617]  __x64_sys_sendmmsg+0xa0/0xc0
[  433.569307][T14617]  do_syscall_64+0xfa/0xfa0
[  433.569330][T14617]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.569353][T14617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.569376][T14617]  ? clear_bhb_loop+0x60/0xb0
[  433.569404][T14617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.569426][T14617] RIP: 0033:0x7f34f6f8f749
[  433.569447][T14617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.569467][T14617] RSP: 002b:00007f34f7ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  433.569491][T14617] RAX: ffffffffffffffda RBX: 00007f34f71e5fa0 RCX: 00007f34f6f8f749
[  433.569508][T14617] RDX: 0000000000000002 RSI: 0000200000000280 RDI: 0000000000000003
[  433.569523][T14617] RBP: 00007f34f7ed7090 R08: 0000000000000000 R09: 0000000000000000
[  433.569544][T14617] R10: 0000000024000045 R11: 0000000000000246 R12: 0000000000000002
[  433.569559][T14617] R13: 00007f34f71e6038 R14: 00007f34f71e5fa0 R15: 00007ffd86b13ee8
[  433.569599][T14617]  </TASK>
[  434.685726][T14644] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2620'.
[  434.877215][T14649] IPVS: nq: FWM 3 0x00000003 - no destination available
[  435.086633][T14655] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2624'.
[  435.167133][T14658] ip6_vti0 speed is unknown, defaulting to 1000
[  435.277733][T14669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2626'.
[  435.319580][T14673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2625'.
[  435.340080][T14675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2629'.
[  435.608270][T14660] ip6_vti0 speed is unknown, defaulting to 1000
[  435.997134][T14667] ip6_vti0 speed is unknown, defaulting to 1000
[  436.036726][T14692] FAULT_INJECTION: forcing a failure.
[  436.036726][T14692] name failslab, interval 1, probability 0, space 0, times 0
[  436.052704][T14692] CPU: 0 UID: 0 PID: 14692 Comm: syz.4.2633 Not tainted syzkaller #0 PREEMPT(full) 
[  436.052735][T14692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  436.052748][T14692] Call Trace:
[  436.052756][T14692]  <TASK>
[  436.052765][T14692]  dump_stack_lvl+0x189/0x250
[  436.052798][T14692]  ? __pfx____ratelimit+0x10/0x10
[  436.052818][T14692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.052845][T14692]  ? __pfx__printk+0x10/0x10
[  436.052871][T14692]  ? __pfx___might_resched+0x10/0x10
[  436.052891][T14692]  ? fs_reclaim_acquire+0x7d/0x100
[  436.052915][T14692]  should_fail_ex+0x414/0x560
[  436.052951][T14692]  should_failslab+0xa8/0x100
[  436.052974][T14692]  __kmalloc_node_noprof+0xd2/0x800
[  436.053002][T14692]  ? qdisc_alloc+0x92/0x900
[  436.053029][T14692]  qdisc_alloc+0x92/0x900
[  436.053060][T14692]  qdisc_create+0x12c/0xea0
[  436.053094][T14692]  ? nla_strcmp+0xe6/0x140
[  436.053119][T14692]  tc_modify_qdisc+0x1547/0x2020
[  436.053163][T14692]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  436.053224][T14692]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  436.053252][T14692]  rtnetlink_rcv_msg+0x77c/0xb70
[  436.053279][T14692]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  436.053298][T14692]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  436.053316][T14692]  ? ref_tracker_free+0x63a/0x7d0
[  436.053336][T14692]  ? __asan_memcpy+0x40/0x70
[  436.053362][T14692]  ? __pfx_ref_tracker_free+0x10/0x10
[  436.053395][T14692]  netlink_rcv_skb+0x208/0x470
[  436.053421][T14692]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  436.053444][T14692]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  436.053479][T14692]  ? netlink_deliver_tap+0x2e/0x1b0
[  436.053510][T14692]  netlink_unicast+0x82f/0x9e0
[  436.053540][T14692]  ? __pfx_netlink_unicast+0x10/0x10
[  436.053563][T14692]  ? netlink_sendmsg+0x642/0xb30
[  436.053584][T14692]  ? skb_put+0x11b/0x210
[  436.053610][T14692]  netlink_sendmsg+0x805/0xb30
[  436.053653][T14692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.053685][T14692]  ? aa_sock_msg_perm+0xf1/0x1d0
[  436.053717][T14692]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  436.053737][T14692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.053761][T14692]  __sock_sendmsg+0x21c/0x270
[  436.053794][T14692]  ____sys_sendmsg+0x505/0x830
[  436.053825][T14692]  ? __pfx_____sys_sendmsg+0x10/0x10
[  436.053860][T14692]  ? import_iovec+0x74/0xa0
[  436.053891][T14692]  ___sys_sendmsg+0x21f/0x2a0
[  436.053919][T14692]  ? __pfx____sys_sendmsg+0x10/0x10
[  436.053983][T14692]  ? __fget_files+0x2a/0x420
[  436.054002][T14692]  ? __fget_files+0x3a0/0x420
[  436.054032][T14692]  __x64_sys_sendmsg+0x19b/0x260
[  436.054060][T14692]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  436.054096][T14692]  ? __pfx_ksys_write+0x10/0x10
[  436.054138][T14692]  ? do_syscall_64+0xbe/0xfa0
[  436.054165][T14692]  do_syscall_64+0xfa/0xfa0
[  436.054185][T14692]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.054206][T14692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.054227][T14692]  ? clear_bhb_loop+0x60/0xb0
[  436.054251][T14692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.054271][T14692] RIP: 0033:0x7f34f6f8f749
[  436.054291][T14692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.054310][T14692] RSP: 002b:00007f34f7ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  436.054332][T14692] RAX: ffffffffffffffda RBX: 00007f34f71e5fa0 RCX: 00007f34f6f8f749
[  436.054347][T14692] RDX: 0000000000040000 RSI: 00002000000012c0 RDI: 0000000000000004
[  436.054361][T14692] RBP: 00007f34f7ed7090 R08: 0000000000000000 R09: 0000000000000000
[  436.054374][T14692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.054387][T14692] R13: 00007f34f71e6038 R14: 00007f34f71e5fa0 R15: 00007ffd86b13ee8
[  436.054422][T14692]  </TASK>
[  436.531672][T14698] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2635'.
[  436.601915][T14699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2634'.
[  436.720017][T14704] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2634'.
[  436.853037][T14685] ip6_vti0 speed is unknown, defaulting to 1000
[  437.055902][T14687] ip6_vti0 speed is unknown, defaulting to 1000
[  437.282235][T14696] ip6_vti0 speed is unknown, defaulting to 1000
[  437.372127][T14710] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2638'.
[  439.190899][T14731] pimreg: entered allmulticast mode
[  439.208905][T14729] Cannot find del_set index 4 as target
[  439.284042][T14737] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2646'.
[  439.303081][T14739] FAULT_INJECTION: forcing a failure.
[  439.303081][T14739] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.320979][T14739] CPU: 0 UID: 0 PID: 14739 Comm: syz.1.2645 Not tainted syzkaller #0 PREEMPT(full) 
[  439.321013][T14739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  439.321038][T14739] Call Trace:
[  439.321047][T14739]  <TASK>
[  439.321058][T14739]  dump_stack_lvl+0x189/0x250
[  439.321100][T14739]  ? __pfx____ratelimit+0x10/0x10
[  439.321124][T14739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.321155][T14739]  ? __pfx__printk+0x10/0x10
[  439.321180][T14739]  ? __might_fault+0xb0/0x130
[  439.321225][T14739]  should_fail_ex+0x414/0x560
[  439.321265][T14739]  _copy_from_iter+0x1de/0x1790
[  439.321289][T14739]  ? kmem_cache_alloc_node_noprof+0x483/0x710
[  439.321322][T14739]  ? kmalloc_reserve+0xbd/0x290
[  439.321361][T14739]  ? __pfx__copy_from_iter+0x10/0x10
[  439.321384][T14739]  ? __alloc_skb+0x2f1/0x430
[  439.321411][T14739]  ? __pfx___alloc_skb+0x10/0x10
[  439.321438][T14739]  ? netlink_sendmsg+0x642/0xb30
[  439.321463][T14739]  ? skb_put+0x11b/0x210
[  439.321493][T14739]  netlink_sendmsg+0x6b2/0xb30
[  439.321530][T14739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.321562][T14739]  ? aa_sock_msg_perm+0xf1/0x1d0
[  439.321598][T14739]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  439.321621][T14739]  ? __pfx_netlink_sendmsg+0x10/0x10
[  439.321650][T14739]  __sock_sendmsg+0x21c/0x270
[  439.321689][T14739]  ____sys_sendmsg+0x505/0x830
[  439.321723][T14739]  ? __pfx_____sys_sendmsg+0x10/0x10
[  439.321761][T14739]  ? import_iovec+0x74/0xa0
[  439.321795][T14739]  ___sys_sendmsg+0x21f/0x2a0
[  439.321826][T14739]  ? __pfx____sys_sendmsg+0x10/0x10
[  439.321892][T14739]  ? __fget_files+0x2a/0x420
[  439.321914][T14739]  ? __fget_files+0x3a0/0x420
[  439.321948][T14739]  __x64_sys_sendmsg+0x19b/0x260
[  439.321980][T14739]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  439.322019][T14739]  ? __pfx_ksys_write+0x10/0x10
[  439.322065][T14739]  ? do_syscall_64+0xbe/0xfa0
[  439.322095][T14739]  do_syscall_64+0xfa/0xfa0
[  439.322117][T14739]  ? lockdep_hardirqs_on+0x9c/0x150
[  439.322141][T14739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.322165][T14739]  ? clear_bhb_loop+0x60/0xb0
[  439.322193][T14739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.322216][T14739] RIP: 0033:0x7fb3a158f749
[  439.322237][T14739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.322258][T14739] RSP: 002b:00007fb3a2507038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  439.322283][T14739] RAX: ffffffffffffffda RBX: 00007fb3a17e5fa0 RCX: 00007fb3a158f749
[  439.322301][T14739] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  439.322316][T14739] RBP: 00007fb3a2507090 R08: 0000000000000000 R09: 0000000000000000
[  439.322331][T14739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.322346][T14739] R13: 00007fb3a17e6038 R14: 00007fb3a17e5fa0 R15: 00007ffc17e2e608
[  439.322383][T14739]  </TASK>
[  439.784771][T14751] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  440.628065][T14762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2652'.
[  440.707303][T14764] bond3: Unable to set down delay as MII monitoring is disabled
[  440.724219][T14764] bond3 (unregistering): Released all slaves
[  440.730011][T14768] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2654'.
[  440.898813][T14775] ip6_vti0 speed is unknown, defaulting to 1000
[  440.927020][T14780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2657'.
[  440.988854][T14783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2657'.
[  441.068212][T14784] bridge10: the hash_elasticity option has been deprecated and is always 16
[  441.102218][T14784] bridge10: entered allmulticast mode
[  441.127431][T14787] SET target dimension over the limit!
[  441.231206][T14792] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2662'.
[  441.375183][T14796] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  442.063875][T14806] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2668'.
[  442.146803][T14813] bond4: Unable to set down delay as MII monitoring is disabled
[  442.189489][T14813] bond4 (unregistering): Released all slaves
[  442.209782][T14817] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2669'.
[  442.325401][T14819] nbd0: detected capacity change from 0 to 3
[  442.348460][   T52] block nbd0: Receive control failed (result -32)
[  442.518510][T14827] ip6_vti0 speed is unknown, defaulting to 1000
[  442.520702][T14829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2675'.
[  442.688182][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2675'.
[  443.091988][T14844] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2678'.
[  443.140073][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  443.155854][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  443.167384][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  443.184242][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  443.196328][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  443.385657][T14852] FAULT_INJECTION: forcing a failure.
[  443.385657][T14852] name failslab, interval 1, probability 0, space 0, times 0
[  443.412434][T14852] CPU: 1 UID: 0 PID: 14852 Comm: syz.2.2680 Not tainted syzkaller #0 PREEMPT(full) 
[  443.412467][T14852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  443.412482][T14852] Call Trace:
[  443.412491][T14852]  <TASK>
[  443.412502][T14852]  dump_stack_lvl+0x189/0x250
[  443.412539][T14852]  ? __pfx____ratelimit+0x10/0x10
[  443.412563][T14852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  443.412594][T14852]  ? __pfx__printk+0x10/0x10
[  443.412622][T14852]  ? __pfx___might_resched+0x10/0x10
[  443.412648][T14852]  ? fs_reclaim_acquire+0x7d/0x100
[  443.412677][T14852]  should_fail_ex+0x414/0x560
[  443.412719][T14852]  should_failslab+0xa8/0x100
[  443.412745][T14852]  kmem_cache_alloc_noprof+0x74/0x6e0
[  443.412777][T14852]  ? security_inode_alloc+0x39/0x330
[  443.412824][T14852]  security_inode_alloc+0x39/0x330
[  443.412862][T14852]  inode_init_always_gfp+0x9ed/0xdc0
[  443.412907][T14852]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  443.412942][T14852]  alloc_inode+0x82/0x1b0
[  443.412979][T14852]  new_inode+0x22/0x170
[  443.413013][T14852]  __debugfs_create_file+0x14d/0x4f0
[  443.413054][T14852]  debugfs_create_file_full+0x3f/0x60
[  443.413093][T14852]  ref_tracker_dir_debugfs+0x14e/0x270
[  443.413117][T14852]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  443.413176][T14852]  ? trace_kmalloc+0x1f/0xd0
[  443.413204][T14852]  ? __kvmalloc_node_noprof+0x5ed/0x910
[  443.413245][T14852]  ? __raw_spin_lock_init+0x45/0x100
[  443.413281][T14852]  alloc_netdev_mqs+0x272/0x11b0
[  443.413312][T14852]  ? __pfx_vxlan_setup+0x10/0x10
[  443.413353][T14852]  rtnl_create_link+0x31f/0xd10
[  443.413394][T14852]  rtnl_newlink_create+0x25c/0xb00
[  443.413428][T14852]  ? __mutex_lock+0x5bb/0x1350
[  443.413462][T14852]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  443.413495][T14852]  ? __pfx___mutex_lock+0x10/0x10
[  443.413534][T14852]  ? ns_capable+0x8a/0xf0
[  443.413564][T14852]  rtnl_newlink+0x16e4/0x1c80
[  443.413591][T14852]  ? ____sys_sendmsg+0x52d/0x830
[  443.413634][T14852]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.413686][T14852]  ? kasan_quarantine_put+0xdd/0x220
[  443.413718][T14852]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.413750][T14852]  ? nlmon_xmit+0xb0/0x100
[  443.413778][T14852]  ? kmem_cache_free+0x19b/0x690
[  443.413824][T14852]  ? __local_bh_enable_ip+0x12d/0x1c0
[  443.413850][T14852]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.413876][T14852]  ? __local_bh_enable_ip+0x12d/0x1c0
[  443.413899][T14852]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  443.413930][T14852]  ? __dev_queue_xmit+0x284/0x3740
[  443.413965][T14852]  ? __dev_queue_xmit+0x284/0x3740
[  443.413995][T14852]  ? __dev_queue_xmit+0x1bfb/0x3740
[  443.414044][T14852]  ? __lock_acquire+0xab9/0xd20
[  443.414100][T14852]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.414124][T14852]  rtnetlink_rcv_msg+0x7cf/0xb70
[  443.414153][T14852]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  443.414176][T14852]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.414198][T14852]  ? ref_tracker_free+0x63a/0x7d0
[  443.414221][T14852]  ? __asan_memcpy+0x40/0x70
[  443.414251][T14852]  ? __pfx_ref_tracker_free+0x10/0x10
[  443.414285][T14852]  netlink_rcv_skb+0x208/0x470
[  443.414314][T14852]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.414341][T14852]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  443.414384][T14852]  ? netlink_deliver_tap+0x2e/0x1b0
[  443.414421][T14852]  netlink_unicast+0x82f/0x9e0
[  443.414457][T14852]  ? __pfx_netlink_unicast+0x10/0x10
[  443.414483][T14852]  ? netlink_sendmsg+0x642/0xb30
[  443.414507][T14852]  ? skb_put+0x11b/0x210
[  443.414535][T14852]  netlink_sendmsg+0x805/0xb30
[  443.414572][T14852]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.414602][T14852]  ? aa_sock_msg_perm+0xf1/0x1d0
[  443.414638][T14852]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  443.414660][T14852]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.414686][T14852]  __sock_sendmsg+0x21c/0x270
[  443.414721][T14852]  ____sys_sendmsg+0x52d/0x830
[  443.414756][T14852]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.414796][T14852]  ? import_iovec+0x74/0xa0
[  443.414831][T14852]  ___sys_sendmsg+0x21f/0x2a0
[  443.414862][T14852]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.414938][T14852]  ? __fget_files+0x2a/0x420
[  443.414959][T14852]  ? __fget_files+0x3a0/0x420
[  443.414993][T14852]  __sys_sendmmsg+0x227/0x430
[  443.415037][T14852]  ? __pfx___sys_sendmmsg+0x10/0x10
[  443.415078][T14852]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  443.415127][T14852]  ? ksys_write+0x22a/0x250
[  443.415162][T14852]  ? __pfx_ksys_write+0x10/0x10
[  443.415201][T14852]  __x64_sys_sendmmsg+0xa0/0xc0
[  443.415233][T14852]  do_syscall_64+0xfa/0xfa0
[  443.415257][T14852]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.415281][T14852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.415302][T14852]  ? clear_bhb_loop+0x60/0xb0
[  443.415330][T14852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.415353][T14852] RIP: 0033:0x7f9f41b8f749
[  443.415374][T14852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.415395][T14852] RSP: 002b:00007f9f42973038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  443.415420][T14852] RAX: ffffffffffffffda RBX: 00007f9f41de5fa0 RCX: 00007f9f41b8f749
[  443.415437][T14852] RDX: 0492492492492627 RSI: 00002000000000c0 RDI: 0000000000000003
[  443.415454][T14852] RBP: 00007f9f42973090 R08: 0000000000000000 R09: 0000000000000000
[  443.415469][T14852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  443.415482][T14852] R13: 00007f9f41de6038 R14: 00007f9f41de5fa0 R15: 00007fff9da02848
[  443.415520][T14852]  </TASK>
[  443.953379][T14852] debugfs: out of free dentries, can not create file 'netdev@ffff888055554618'
[  444.023584][T14846] ip6_vti0 speed is unknown, defaulting to 1000
[  444.270067][T14860] bond5: Unable to set down delay as MII monitoring is disabled
[  444.281510][T14860] bond5 (unregistering): Released all slaves
[  444.305326][T14866] syz2: rxe_newlink: already configured on ip6_vti0
[  444.837054][T14846] chnl_net:caif_netlink_parms(): no params data found
[  445.280844][ T5844] Bluetooth: hci5: command tx timeout
[  445.300415][   T13] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.505463][   T13] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.531338][T14846] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.539947][T14846] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.547464][T14846] bridge_slave_0: entered allmulticast mode
[  445.555880][T14846] bridge_slave_0: entered promiscuous mode
[  445.568977][T14846] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.576543][T14846] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.583841][T14846] bridge_slave_1: entered allmulticast mode
[  445.596935][T14846] bridge_slave_1: entered promiscuous mode
[  445.635913][   T13] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.728883][   T13] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.757440][T14907] __nla_validate_parse: 2 callbacks suppressed
[  445.757464][T14907] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2699'.
[  445.800809][T14846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.816855][T14846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.981534][T14846] team0: Port device team_slave_0 added
[  445.991129][T14914] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2699'.
[  446.046301][T14914] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2699'.
[  446.070784][T14846] team0: Port device team_slave_1 added
[  446.086918][T14916] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  446.318807][T14846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  446.336995][T14846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.418827][T14846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.447863][T14846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.465355][T14846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  446.514740][T14846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  446.711192][T14846] hsr_slave_0: entered promiscuous mode
[  446.718815][T14846] hsr_slave_1: entered promiscuous mode
[  446.728305][T14846] debugfs: 'hsr0' already exists in 'hsr'
[  446.735929][T14846] Cannot create hsr debugfs directory
[  446.751165][   T13] gretap0: left allmulticast mode
[  446.758420][   T13] gretap0: left promiscuous mode
[  446.765348][   T13] bridge0: port 4(gretap0) entered disabled state
[  446.780198][   T13] bond0: left allmulticast mode
[  446.785789][   T13] bond_slave_0: left allmulticast mode
[  446.796083][   T13] bond_slave_1: left allmulticast mode
[  446.801625][   T13] team0: left allmulticast mode
[  446.807272][   T13] team_slave_0: left allmulticast mode
[  446.812784][   T13] team_slave_1: left allmulticast mode
[  446.819670][   T13] bridge0: port 3(bond0) entered disabled state
[  446.828030][   T13] bridge_slave_1: left allmulticast mode
[  446.833713][   T13] bridge_slave_1: left promiscuous mode
[  446.839658][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.866022][   T13] bridge_slave_0: left allmulticast mode
[  446.871958][   T13] bridge_slave_0: left promiscuous mode
[  446.878728][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.199905][T14932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2705'.
[  447.355040][ T5844] Bluetooth: hci5: command tx timeout
[  447.991162][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  448.001070][   T13] bond_slave_0: left promiscuous mode
[  448.008647][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  448.018016][   T13] bond_slave_1: left promiscuous mode
[  448.025521][   T13] bond0 (unregistering): (slave team0): Releasing backup interface
[  448.034517][   T13] bond0 (unregistering): Released all slaves
[  448.050588][   T13] bond1 (unregistering): Released all slaves
[  448.169594][   T13] bond2 (unregistering): (slave bond3): Releasing backup interface
[  448.178047][   T13] bond3 (unregistering): left promiscuous mode
[  448.185810][   T13] bond2 (unregistering): Released all slaves
[  448.288029][   T13] bond3 (unregistering): Released all slaves
[  448.303889][   T13] bond4 (unregistering): Released all slaves
[  448.487752][   T13] !: left promiscuous mode
[  448.615881][   T13] : left promiscuous mode
[  448.713911][   T13] tipc: Left network mode
[  448.873848][T14962] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  449.430500][T14976] netlink: 'syz.2.2717': attribute type 10 has an invalid length.
[  449.449042][ T5844] Bluetooth: hci5: command tx timeout
[  449.475376][   T30] audit: type=1107 audit(1764048775.547:5): pid=14977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='‡mg'
[  449.528006][T14979] netlink: 'syz.2.2717': attribute type 10 has an invalid length.
[  449.544941][T14846] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  449.559612][T14846] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  449.590770][T14846] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  449.616931][T14846] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  450.000942][T14846] 8021q: adding VLAN 0 to HW filter on device bond0
[  450.181076][   T13] hsr_slave_0: left promiscuous mode
[  450.188362][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.197004][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  450.209711][   T13] batman_adv: batadv0: Removing interface: vlan2
[  450.220613][   T13] batman_adv: batadv0: Removing interface: macvtap0
[  450.446688][   T13] pimreg (unregistering): left allmulticast mode
[  451.322437][   T13] team_slave_1 (unregistering): left promiscuous mode
[  451.331346][   T13] team0 (unregistering): Port device team_slave_1 removed
[  451.372990][   T13] team_slave_0 (unregistering): left promiscuous mode
[  451.381220][   T13] team0 (unregistering): Port device team_slave_0 removed
[  451.527099][ T5844] Bluetooth: hci5: command tx timeout
[  451.887276][T15001] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  452.001645][T14846] 8021q: adding VLAN 0 to HW filter on device team0
[  452.028778][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.036007][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[  452.101773][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.109010][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  452.164236][T15023] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2729'.
[  452.288594][T15025] ip6_vti0 speed is unknown, defaulting to 1000
[  452.423441][T15033] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2731'.
[  452.449720][T15033] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2731'.
[  452.480407][T15036] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2731'.
[  452.617445][T14846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  452.650668][T15028] ip6_vti0 speed is unknown, defaulting to 1000
[  453.291323][T14846] veth0_vlan: entered promiscuous mode
[  453.363557][T15055] bond4: Unable to set down delay as MII monitoring is disabled
[  453.394431][T15055] bond4 (unregistering): Released all slaves
[  453.516161][T14846] veth1_vlan: entered promiscuous mode
[  453.697687][T14846] veth0_macvtap: entered promiscuous mode
[  453.719122][T14846] veth1_macvtap: entered promiscuous mode
[  453.746018][T14846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.783768][T14846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.801909][ T2952] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.824337][ T2952] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.864527][ T2952] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.909147][ T2952] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  454.122549][ T3012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.133171][ T3012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.292753][   T13] IPVS: stop unused estimator thread 0...
[  454.587111][T15084] syzkaller1: entered promiscuous mode
[  454.598789][T15084] syzkaller1: entered allmulticast mode
[  454.617642][ T2976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.631152][ T2976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.862479][T15092] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2674'.
[  455.167415][T15094] bond4: Unable to set down delay as MII monitoring is disabled
[  455.207456][T15094] bond4 (unregistering): Released all slaves
[  455.796816][T15106] netlink: 'syz.1.2751': attribute type 22 has an invalid length.
[  456.317858][T15098] ip6_vti0 speed is unknown, defaulting to 1000
[  456.694471][T15135] netlink: 476 bytes leftover after parsing attributes in process `syz.2.2758'.
[  456.705173][T15135] openvswitch: netlink: Flow key attr not present in new flow.
[  456.721186][T15135] netlink: 'syz.2.2758': attribute type 39 has an invalid length.
[  456.772439][T15141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2757'.
[  456.911828][T15132] ip6_vti0 speed is unknown, defaulting to 1000
[  457.267323][T15146] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2759'.
[  457.527512][T15148] bond5: Unable to set down delay as MII monitoring is disabled
[  457.539115][T15148] bond5 (unregistering): Released all slaves
[  457.904532][T15160] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  458.258818][T15164] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  458.419916][T15166] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2765'.
[  458.551227][T15170] netlink: 'syz.4.2767': attribute type 30 has an invalid length.
[  458.888824][T15182] bridge0: port 3(gretap0) entered blocking state
[  458.917803][T15182] bridge0: port 3(gretap0) entered disabled state
[  458.942080][T15182] gretap0: entered allmulticast mode
[  458.972588][T15182] gretap0: entered promiscuous mode
[  458.982699][T15184] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2771'.
[  458.998412][T15182] bridge0: port 3(gretap0) entered blocking state
[  459.005312][T15182] bridge0: port 3(gretap0) entered forwarding state
[  459.540020][T15189] bond5: Unable to set down delay as MII monitoring is disabled
[  459.627840][T15189] bond5 (unregistering): Released all slaves
[  459.967077][T15213] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  460.046152][T15215] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  460.053896][T15215] syzkaller0: entered promiscuous mode
[  460.059742][T15215] syzkaller0: entered allmulticast mode
[  460.086087][T15215] tipc: Resetting bearer <eth:syzkaller0>
[  460.097923][T15214] tipc: Resetting bearer <eth:syzkaller0>
[  460.130948][T15214] tipc: Disabling bearer <eth:syzkaller0>
[  460.154264][T15219] syzkaller0: entered promiscuous mode
[  460.160419][T15219] syzkaller0: entered allmulticast mode
[  460.631848][T15237] ip6_vti0 speed is unknown, defaulting to 1000
[  460.647672][T15239] batadv_slave_1: entered promiscuous mode
[  461.015402][T15236] batadv_slave_1: left promiscuous mode
[  461.190665][T15247] netlink: 'syz.2.2791': attribute type 5 has an invalid length.
[  461.227987][T15247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2791'.
[  461.367632][T15253] netlink: 'syz.1.2793': attribute type 4 has an invalid length.
[  461.417531][T15254] ip6_vti0 speed is unknown, defaulting to 1000
[  461.539745][T15265] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  461.547716][T15268] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2797'.
[  461.660595][T15270] macvlan2: entered promiscuous mode
[  461.741128][T15274] syz2: rxe_newlink: already configured on ip6_vti0
[  461.936723][T15251] ip6_vti0 speed is unknown, defaulting to 1000
[  462.761227][T15291] FAULT_INJECTION: forcing a failure.
[  462.761227][T15291] name failslab, interval 1, probability 0, space 0, times 0
[  462.780447][T15291] CPU: 1 UID: 0 PID: 15291 Comm: syz.2.2808 Not tainted syzkaller #0 PREEMPT(full) 
[  462.780481][T15291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  462.780497][T15291] Call Trace:
[  462.780506][T15291]  <TASK>
[  462.780515][T15291]  dump_stack_lvl+0x189/0x250
[  462.780551][T15291]  ? __pfx____ratelimit+0x10/0x10
[  462.780573][T15291]  ? __pfx_dump_stack_lvl+0x10/0x10
[  462.780605][T15291]  ? __pfx__printk+0x10/0x10
[  462.780634][T15291]  ? __pfx___might_resched+0x10/0x10
[  462.780659][T15291]  ? fs_reclaim_acquire+0x7d/0x100
[  462.780687][T15291]  should_fail_ex+0x414/0x560
[  462.780729][T15291]  should_failslab+0xa8/0x100
[  462.780754][T15291]  __kmalloc_cache_noprof+0x6f/0x6f0
[  462.780788][T15291]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  462.780822][T15291]  ? sctp_transport_new+0x7e/0x640
[  462.780853][T15291]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  462.780893][T15291]  sctp_transport_new+0x7e/0x640
[  462.780929][T15291]  sctp_assoc_add_peer+0x260/0x13b0
[  462.780960][T15291]  ? sctp_bind_addr_copy+0x380/0x3c0
[  462.781005][T15291]  sctp_connect_new_asoc+0x30a/0x690
[  462.781037][T15291]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  462.781063][T15291]  ? __local_bh_enable_ip+0x12d/0x1c0
[  462.781097][T15291]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  462.781122][T15291]  ? security_sctp_bind_connect+0x7e/0x2e0
[  462.781155][T15291]  sctp_sendmsg+0x155c/0x2810
[  462.781197][T15291]  ? __pfx_sctp_sendmsg+0x10/0x10
[  462.781227][T15291]  ? aa_sk_perm+0x81e/0x950
[  462.781260][T15291]  ? __lock_acquire+0xab9/0xd20
[  462.781286][T15291]  ? __pfx_aa_sk_perm+0x10/0x10
[  462.781323][T15291]  ? sock_rps_record_flow+0x19/0x410
[  462.781352][T15291]  ? inet_sendmsg+0x2f4/0x370
[  462.781390][T15291]  __sock_sendmsg+0x19c/0x270
[  462.781429][T15291]  ____sys_sendmsg+0x52d/0x830
[  462.781465][T15291]  ? __pfx_____sys_sendmsg+0x10/0x10
[  462.781504][T15291]  ? import_iovec+0x74/0xa0
[  462.781538][T15291]  ___sys_sendmsg+0x21f/0x2a0
[  462.781568][T15291]  ? __pfx____sys_sendmsg+0x10/0x10
[  462.781639][T15291]  ? __fget_files+0x2a/0x420
[  462.781660][T15291]  ? __fget_files+0x3a0/0x420
[  462.781695][T15291]  __sys_sendmmsg+0x227/0x430
[  462.781730][T15291]  ? __pfx___sys_sendmmsg+0x10/0x10
[  462.781769][T15291]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  462.781815][T15291]  ? ksys_write+0x22a/0x250
[  462.781851][T15291]  ? __pfx_ksys_write+0x10/0x10
[  462.781890][T15291]  __x64_sys_sendmmsg+0xa0/0xc0
[  462.781921][T15291]  do_syscall_64+0xfa/0xfa0
[  462.781944][T15291]  ? lockdep_hardirqs_on+0x9c/0x150
[  462.781968][T15291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.781991][T15291]  ? clear_bhb_loop+0x60/0xb0
[  462.782019][T15291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.782042][T15291] RIP: 0033:0x7f9f41b8f749
[  462.782062][T15291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.782084][T15291] RSP: 002b:00007f9f42973038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  462.782109][T15291] RAX: ffffffffffffffda RBX: 00007f9f41de5fa0 RCX: 00007f9f41b8f749
[  462.782126][T15291] RDX: 0000000000000001 RSI: 0000200000001c80 RDI: 0000000000000004
[  462.782141][T15291] RBP: 00007f9f42973090 R08: 0000000000000000 R09: 0000000000000000
[  462.782156][T15291] R10: 931766f6319eed00 R11: 0000000000000246 R12: 0000000000000002
[  462.782172][T15291] R13: 00007f9f41de6038 R14: 00007f9f41de5fa0 R15: 00007fff9da02848
[  462.782212][T15291]  </TASK>
[  463.257713][T15298] netlink: 'syz.2.2810': attribute type 10 has an invalid length.
[  463.268700][T15298] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2810'.
[  463.349286][T15298] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2810'.
[  463.466497][T15298] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2810'.
[  463.499936][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2809'.
[  463.703189][T15310] netlink: 'syz.1.2812': attribute type 13 has an invalid length.
[  463.792499][T15310] bridge0: port 1(gretap0) entered blocking state
[  463.799225][T15310] bridge0: port 1(gretap0) entered listening state
[  463.806997][T15310] gretap0: refused to change device tx_queue_len
[  463.813691][T15310] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  464.107843][T15312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2813'.
[  465.635706][T15319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  465.659698][T15319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  465.690364][T15319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  465.704267][T15319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  465.720817][T15319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  465.761252][T15327] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  465.941572][T15332] can: request_module (can-proto-5) failed.
[  466.043342][T15340] Unsupported ieee802154 address type: 0
[  466.060143][T15341] ip6_vti0 speed is unknown, defaulting to 1000
[  466.530130][T15351] netlink: 'syz.3.2827': attribute type 10 has an invalid length.
[  466.891088][T15363] bond5: Unable to set down delay as MII monitoring is disabled
[  466.916099][T15363] bond5 (unregistering): Released all slaves
[  466.975439][T15366] tipc: Started in network mode
[  466.983733][T15366] tipc: Node identity e2b78c876817, cluster identity 4711
[  466.997064][T15366] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  468.664395][T15360] syzkaller0: entered promiscuous mode
[  468.670745][T15360] syzkaller0: entered allmulticast mode
[  468.691877][T15366] tipc: Resetting bearer <eth:syzkaller0>
[  468.763968][T15379] pimreg3: entered allmulticast mode
[  468.770166][T15359] tipc: Resetting bearer <eth:syzkaller0>
[  468.790406][T15359] tipc: Disabling bearer <eth:syzkaller0>
[  468.803441][T11058] tipc: Node number set to 2325777543
[  468.957908][T15395] __nla_validate_parse: 88 callbacks suppressed
[  468.957930][T15395] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2836'.
[  469.064492][T15398] bridge0: port 3(gretap0) entered disabled state
[  469.089624][T15401] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  469.113185][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2840'.
[  469.126870][T15403] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2840'.
[  469.142450][T15403] No such timeout policy "syz1"
[  469.468987][T15413] macsec0: entered promiscuous mode
[  469.474495][T15413] macsec0: entered allmulticast mode
[  469.596859][T15415] bond1: Unable to set down delay as MII monitoring is disabled
[  469.616701][T15415] bond1 (unregistering): Released all slaves
[  469.935842][T15419] netlink: 'syz.4.2848': attribute type 10 has an invalid length.
[  469.953980][T15419] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2848'.
[  469.962998][T15419] bond0: entered promiscuous mode
[  469.978458][T15419] bond_slave_0: entered promiscuous mode
[  469.984383][T15419] bond_slave_1: entered promiscuous mode
[  470.014993][T15419] bridge0: port 4(bond0) entered blocking state
[  470.033288][T15419] bridge0: port 4(bond0) entered disabled state
[  470.052267][T15428] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2848'.
[  470.069462][T15419] bond0: entered allmulticast mode
[  470.081838][T15419] bond_slave_0: entered allmulticast mode
[  470.088596][T15419] bond_slave_1: entered allmulticast mode
[  470.105130][T15419] bridge0: port 4(bond0) entered blocking state
[  470.111726][T15419] bridge0: port 4(bond0) entered forwarding state
[  470.120435][T15428] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2848'.
[  472.078849][T15449] bond1: Unable to set down delay as MII monitoring is disabled
[  472.111987][T15449] bond1 (unregistering): Released all slaves
[  472.198600][T15454] netlink: 'syz.2.2859': attribute type 10 has an invalid length.
[  472.212870][T15458] FAULT_INJECTION: forcing a failure.
[  472.212870][T15458] name failslab, interval 1, probability 0, space 0, times 0
[  472.226793][T15458] CPU: 0 UID: 0 PID: 15458 Comm: syz.3.2858 Not tainted syzkaller #0 PREEMPT(full) 
[  472.226825][T15458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  472.226841][T15458] Call Trace:
[  472.226850][T15458]  <TASK>
[  472.226861][T15458]  dump_stack_lvl+0x189/0x250
[  472.226900][T15458]  ? __pfx____ratelimit+0x10/0x10
[  472.226923][T15458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.226955][T15458]  ? __pfx__printk+0x10/0x10
[  472.226981][T15458]  ? rcu_is_watching+0x15/0xb0
[  472.227009][T15458]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  472.227038][T15458]  ? kmem_cache_alloc_node_noprof+0x483/0x710
[  472.227075][T15458]  should_fail_ex+0x414/0x560
[  472.227116][T15458]  should_failslab+0xa8/0x100
[  472.227142][T15458]  kmem_cache_alloc_noprof+0x74/0x6e0
[  472.227174][T15458]  ? skb_clone+0x212/0x3a0
[  472.227208][T15458]  skb_clone+0x212/0x3a0
[  472.227240][T15458]  bpf_clone_redirect+0xad/0x3d0
[  472.227283][T15458]  ? bpf_test_run+0x192/0x7a0
[  472.227309][T15458]  bpf_prog_53f18857bc887b09+0x22/0x2a
[  472.227330][T15458]  bpf_test_run+0x313/0x7a0
[  472.227390][T15458]  ? __pfx_bpf_test_run+0x10/0x10
[  472.227426][T15458]  ? csum_partial+0x239/0x2c0
[  472.227458][T15458]  ? skb_checksum+0x7c1/0x8c0
[  472.227498][T15458]  ? convert___skb_to_skb+0x3d/0x590
[  472.227526][T15458]  bpf_prog_test_run_skb+0xb4e/0x1550
[  472.227562][T15458]  ? __fget_files+0x2a/0x420
[  472.227591][T15458]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  472.227617][T15458]  bpf_prog_test_run+0x2c7/0x340
[  472.227647][T15458]  __sys_bpf+0x562/0x860
[  472.227672][T15458]  ? __pfx___sys_bpf+0x10/0x10
[  472.227714][T15458]  ? ksys_write+0x22a/0x250
[  472.227749][T15458]  ? __pfx_ksys_write+0x10/0x10
[  472.227788][T15458]  __x64_sys_bpf+0x7c/0x90
[  472.227823][T15458]  do_syscall_64+0xfa/0xfa0
[  472.227846][T15458]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.227875][T15458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.227898][T15458]  ? clear_bhb_loop+0x60/0xb0
[  472.227926][T15458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.227948][T15458] RIP: 0033:0x7f798af8f749
[  472.227967][T15458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.227986][T15458] RSP: 002b:00007f798beb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  472.228011][T15458] RAX: ffffffffffffffda RBX: 00007f798b1e5fa0 RCX: 00007f798af8f749
[  472.228028][T15458] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[  472.228043][T15458] RBP: 00007f798beb1090 R08: 0000000000000000 R09: 0000000000000000
[  472.228058][T15458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  472.228072][T15458] R13: 00007f798b1e6038 R14: 00007f798b1e5fa0 R15: 00007fff37ae5d58
[  472.228110][T15458]  </TASK>
[  472.582470][T15454] 8021q: adding VLAN 0 to HW filter on device team0
[  472.593332][T15454] bond0: (slave team0): Enslaving as an active interface with an up link
[  472.812234][T15471] syzkaller0: entered promiscuous mode
[  472.821421][T15471] syzkaller0: entered allmulticast mode
[  472.891923][T15478] netlink: 'syz.2.2867': attribute type 10 has an invalid length.
[  472.907481][T15478] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2867'.
[  472.939396][T15478] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2867'.
[  472.954293][T15478] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2867'.
[  472.960508][T15480] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2868'.
[  473.209202][T15496] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  473.327522][T15502] FAULT_INJECTION: forcing a failure.
[  473.327522][T15502] name failslab, interval 1, probability 0, space 0, times 0
[  473.340415][T15502] CPU: 1 UID: 0 PID: 15502 Comm: syz.4.2875 Not tainted syzkaller #0 PREEMPT(full) 
[  473.340445][T15502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  473.340459][T15502] Call Trace:
[  473.340468][T15502]  <TASK>
[  473.340478][T15502]  dump_stack_lvl+0x189/0x250
[  473.340523][T15502]  ? __pfx____ratelimit+0x10/0x10
[  473.340547][T15502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.340576][T15502]  ? __pfx__printk+0x10/0x10
[  473.340603][T15502]  ? __pfx___might_resched+0x10/0x10
[  473.340623][T15502]  ? fs_reclaim_acquire+0x7d/0x100
[  473.340647][T15502]  should_fail_ex+0x414/0x560
[  473.340683][T15502]  should_failslab+0xa8/0x100
[  473.340705][T15502]  __kmalloc_noprof+0xcb/0x7f0
[  473.340736][T15502]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  473.340769][T15502]  ? rcu_is_watching+0x15/0xb0
[  473.340800][T15502]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  473.340842][T15502]  genl_family_rcv_msg_doit+0xb8/0x300
[  473.340883][T15502]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  473.340922][T15502]  ? __pfx_genl_get_cmd+0x10/0x10
[  473.340951][T15502]  ? __pfx_ieee802154_list_phy+0x10/0x10
[  473.340983][T15502]  ? __pfx_ieee802154_dump_phy+0x10/0x10
[  473.341017][T15502]  ? __pfx_stack_trace_save+0x10/0x10
[  473.341059][T15502]  genl_rcv_msg+0x60e/0x790
[  473.341099][T15502]  ? __pfx_genl_rcv_msg+0x10/0x10
[  473.341130][T15502]  ? __pfx_ieee802154_list_phy+0x10/0x10
[  473.341180][T15502]  netlink_rcv_skb+0x208/0x470
[  473.341203][T15502]  ? __lock_acquire+0xab9/0xd20
[  473.341226][T15502]  ? __pfx_genl_rcv_msg+0x10/0x10
[  473.341258][T15502]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  473.341300][T15502]  ? down_read+0x1ad/0x2e0
[  473.341327][T15502]  genl_rcv+0x28/0x40
[  473.341351][T15502]  netlink_unicast+0x82f/0x9e0
[  473.341381][T15502]  ? __pfx_netlink_unicast+0x10/0x10
[  473.341402][T15502]  ? netlink_sendmsg+0x642/0xb30
[  473.341423][T15502]  ? skb_put+0x11b/0x210
[  473.341448][T15502]  netlink_sendmsg+0x805/0xb30
[  473.341481][T15502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.341514][T15502]  ? aa_sock_msg_perm+0xf1/0x1d0
[  473.341547][T15502]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  473.341566][T15502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.341590][T15502]  __sock_sendmsg+0x21c/0x270
[  473.341623][T15502]  ____sys_sendmsg+0x505/0x830
[  473.341652][T15502]  ? __pfx_____sys_sendmsg+0x10/0x10
[  473.341686][T15502]  ? import_iovec+0x74/0xa0
[  473.341715][T15502]  ___sys_sendmsg+0x21f/0x2a0
[  473.341741][T15502]  ? __pfx____sys_sendmsg+0x10/0x10
[  473.341803][T15502]  ? __fget_files+0x2a/0x420
[  473.341822][T15502]  ? __fget_files+0x3a0/0x420
[  473.341852][T15502]  __x64_sys_sendmsg+0x19b/0x260
[  473.341879][T15502]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  473.341914][T15502]  ? __pfx_ksys_write+0x10/0x10
[  473.341946][T15502]  ? do_syscall_64+0xbe/0xfa0
[  473.341971][T15502]  do_syscall_64+0xfa/0xfa0
[  473.341990][T15502]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.342010][T15502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.342029][T15502]  ? clear_bhb_loop+0x60/0xb0
[  473.342053][T15502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.342073][T15502] RIP: 0033:0x7f60e038f749
[  473.342092][T15502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.342109][T15502] RSP: 002b:00007f60e122d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  473.342130][T15502] RAX: ffffffffffffffda RBX: 00007f60e05e5fa0 RCX: 00007f60e038f749
[  473.342144][T15502] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  473.342157][T15502] RBP: 00007f60e122d090 R08: 0000000000000000 R09: 0000000000000000
[  473.342169][T15502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.342181][T15502] R13: 00007f60e05e6038 R14: 00007f60e05e5fa0 R15: 00007ffee766d228
[  473.342215][T15502]  </TASK>
[  474.719653][   T52] Bluetooth: hci5: command 0x0405 tx timeout
[  475.328018][T15490] bridge0: port 1(gretap0) entered disabled state
[  475.336038][T15500] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  475.396581][T15509] ip6_vti0 speed is unknown, defaulting to 1000
[  475.558643][T15527] __nla_validate_parse: 1 callbacks suppressed
[  475.558666][T15527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2880'.
[  475.818422][T15515] ip6_vti0 speed is unknown, defaulting to 1000
[  475.888920][T15540] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2884'.
[  476.082730][T15546] IPVS: Error connecting to the multicast addr
[  476.229642][T15520] ip6_vti0 speed is unknown, defaulting to 1000
[  476.367853][T15553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2888'.
[  476.487111][T15536] ip6_vti0 speed is unknown, defaulting to 1000
[  476.550607][T15558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2890'.
[  476.654530][T15560] bond4: Unable to set down delay as MII monitoring is disabled
[  476.666007][T15560] bond4 (unregistering): Released all slaves
[  476.908465][T15564] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2892'.
[  477.067985][T15568] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2894'.
[  477.894241][T15579] ip6_vti0 speed is unknown, defaulting to 1000
[  478.135137][T15595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2901'.
[  478.233334][T15600] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2903'.
[  478.249047][T15597] bond1: Unable to set down delay as MII monitoring is disabled
[  478.363180][T15597] bond1 (unregistering): Released all slaves
[  478.422822][T15581] ip6_vti0 speed is unknown, defaulting to 1000
[  478.486778][T15593] netlink: 'syz.2.2899': attribute type 6 has an invalid length.
[  478.781851][T15611] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2907'.
[  478.796383][T15611] netlink: 'syz.1.2907': attribute type 33 has an invalid length.
[  478.824922][T15611] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2907'.
[  478.850446][T15611] `: renamed from team0
[  479.174045][T15622] C: renamed from lo
[  479.199259][T15622] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  479.215405][T15585] ip6_vti0 speed is unknown, defaulting to 1000
[  480.177915][T15633] vlan2: entered promiscuous mode
[  480.183190][T15633] vlan2: entered allmulticast mode
[  480.189410][T15638] FAULT_INJECTION: forcing a failure.
[  480.189410][T15638] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  480.204737][T15633] hsr_slave_1: entered allmulticast mode
[  480.255258][T15638] CPU: 0 UID: 0 PID: 15638 Comm: syz.3.2913 Not tainted syzkaller #0 PREEMPT(full) 
[  480.255292][T15638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  480.255308][T15638] Call Trace:
[  480.255318][T15638]  <TASK>
[  480.255328][T15638]  dump_stack_lvl+0x189/0x250
[  480.255365][T15638]  ? __pfx____ratelimit+0x10/0x10
[  480.255388][T15638]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.255420][T15638]  ? __pfx__printk+0x10/0x10
[  480.255444][T15638]  ? __might_fault+0xb0/0x130
[  480.255489][T15638]  should_fail_ex+0x414/0x560
[  480.255529][T15638]  _copy_from_user+0x2d/0xb0
[  480.255560][T15638]  ___sys_sendmsg+0x158/0x2a0
[  480.255592][T15638]  ? __pfx____sys_sendmsg+0x10/0x10
[  480.255660][T15638]  ? __fget_files+0x2a/0x420
[  480.255681][T15638]  ? __fget_files+0x3a0/0x420
[  480.255715][T15638]  __x64_sys_sendmsg+0x19b/0x260
[  480.255746][T15638]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  480.255786][T15638]  ? __pfx_ksys_write+0x10/0x10
[  480.255822][T15638]  ? do_syscall_64+0xbe/0xfa0
[  480.255851][T15638]  do_syscall_64+0xfa/0xfa0
[  480.255873][T15638]  ? lockdep_hardirqs_on+0x9c/0x150
[  480.255897][T15638]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.255920][T15638]  ? clear_bhb_loop+0x60/0xb0
[  480.255954][T15638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.255976][T15638] RIP: 0033:0x7f798af8f749
[  480.255996][T15638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.256016][T15638] RSP: 002b:00007f798be90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  480.256040][T15638] RAX: ffffffffffffffda RBX: 00007f798b1e6090 RCX: 00007f798af8f749
[  480.256058][T15638] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  480.256073][T15638] RBP: 00007f798be90090 R08: 0000000000000000 R09: 0000000000000000
[  480.256087][T15638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.256101][T15638] R13: 00007f798b1e6128 R14: 00007f798b1e6090 R15: 00007fff37ae5d58
[  480.256138][T15638]  </TASK>
[  480.480200][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  480.503701][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  480.519930][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  480.530974][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  480.540035][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  480.667414][T15634] ip6_vti0 speed is unknown, defaulting to 1000
[  480.950221][T15640] ip6_vti0 speed is unknown, defaulting to 1000
[  481.097262][T15643] __nla_validate_parse: 2 callbacks suppressed
[  481.097282][T15643] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2914'.
[  481.330318][ T2935] gretap0: left allmulticast mode
[  481.348525][ T2935] gretap0: left promiscuous mode
[  481.353807][ T2935] bridge0: port 1(gretap0) entered disabled state
[  481.375988][T15645] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2915'.
[  481.572014][ T2935] tipc: Resetting bearer <eth:syzkaller0>
[  481.998135][ T2935] bond1 (unregistering): (slave gretap1): Releasing active interface
[  482.267167][ T2935] tipc: Disabling bearer <eth:syzkaller0>
[  482.635881][ T5844] Bluetooth: hci1: command tx timeout
[  482.682139][ T2935] bond0 (unregistering): Released all slaves
[  482.696727][ T2935] bond1 (unregistering): Released all slaves
[  482.804719][ T2935] bond2 (unregistering): Released all slaves
[  482.911072][ T2935] bond3 (unregistering): Released all slaves
[  483.016977][ T2935] bond4 (unregistering): (slave veth7): Releasing active interface
[  483.026182][ T2935] bond4 (unregistering): Released all slaves
[  483.043563][T15650] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  483.126328][T15655] netlink: 'syz.3.2917': attribute type 10 has an invalid length.
[  483.214024][T15655] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  483.223143][T15655] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  483.234885][ T2935] !: left promiscuous mode
[  483.334301][ T2935] tipc: Left network mode
[  483.433578][T15658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.483260][T15660] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.563718][T15664] netlink: 'syz.4.2921': attribute type 10 has an invalid length.
[  483.664550][T15665] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  483.737378][T15640] chnl_net:caif_netlink_parms(): no params data found
[  484.715216][ T5844] Bluetooth: hci1: command tx timeout
[  484.913723][T15703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2927'.
[  485.130764][T15705] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2927'.
[  485.918030][T15640] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.925982][T15640] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.933353][T15640] bridge_slave_0: entered allmulticast mode
[  485.941803][T15640] bridge_slave_0: entered promiscuous mode
[  485.958154][T15640] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.974973][T15640] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.990398][T15640] bridge_slave_1: entered allmulticast mode
[  485.999660][T15640] bridge_slave_1: entered promiscuous mode
[  486.029860][T15701] ip6_vti0 speed is unknown, defaulting to 1000
[  486.100731][T15712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2929'.
[  486.166417][T15712] vlan2: entered promiscuous mode
[  486.220654][T15640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  486.240337][T15640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  486.405411][ T2935] IPVS: stop unused estimator thread 0...
[  486.406648][T15640] team0: Port device team_slave_0 added
[  486.431122][T15640] team0: Port device team_slave_1 added
[  486.452859][T15688] ip6_vti0 speed is unknown, defaulting to 1000
[  486.560166][T15640] batman_adv: batadv0: Adding interface: batadv_slave_0
[  486.570743][T15640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  486.600658][T15640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  486.630007][T15640] batman_adv: batadv0: Adding interface: batadv_slave_1
[  486.637455][T15640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  486.665027][T15640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  486.675998][T15723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2933'.
[  486.692313][T15723] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2933'.
[  486.794946][ T5844] Bluetooth: hci1: command tx timeout
[  486.817066][T15728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2933'.
[  486.880913][T15640] hsr_slave_0: entered promiscuous mode
[  486.888080][T15640] hsr_slave_1: entered promiscuous mode
[  486.898776][T15640] debugfs: 'hsr0' already exists in 'hsr'
[  486.904969][T15640] Cannot create hsr debugfs directory
[  486.965646][T15685] ip6_vti0 speed is unknown, defaulting to 1000
[  487.241100][T15724] ip6_vti0 speed is unknown, defaulting to 1000
[  487.828738][T15742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2937'.
[  488.089596][T15640] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  488.117530][T15640] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  488.187253][T15640] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  488.207348][T15747] ip6_vti0 speed is unknown, defaulting to 1000
[  488.208041][T15640] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  488.835349][T15750] netlink: 'syz.2.2939': attribute type 6 has an invalid length.
[  488.875953][ T5844] Bluetooth: hci1: command tx timeout
[  489.149425][T15640] 8021q: adding VLAN 0 to HW filter on device bond0
[  489.150655][T15770] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2943'.
[  489.176310][T15640] 8021q: adding VLAN 0 to HW filter on device team0
[  489.213281][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.220541][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[  489.243683][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.250974][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  489.332070][T15773] netlink: 'syz.4.2944': attribute type 13 has an invalid length.
[  489.426953][T15773] bridge0: port 3(gretap0) entered blocking state
[  489.433634][T15773] bridge0: port 3(gretap0) entered forwarding state
[  489.448589][T15773] gretap0: refused to change device tx_queue_len
[  489.470633][T15773] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  489.528683][T15779] FAULT_INJECTION: forcing a failure.
[  489.528683][T15779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  489.572594][T15779] CPU: 0 UID: 0 PID: 15779 Comm: syz.0.2946 Not tainted syzkaller #0 PREEMPT(full) 
[  489.572626][T15779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  489.572641][T15779] Call Trace:
[  489.572650][T15779]  <TASK>
[  489.572660][T15779]  dump_stack_lvl+0x189/0x250
[  489.572697][T15779]  ? __pfx____ratelimit+0x10/0x10
[  489.572720][T15779]  ? __pfx_dump_stack_lvl+0x10/0x10
[  489.572750][T15779]  ? __pfx__printk+0x10/0x10
[  489.572775][T15779]  ? __might_fault+0xb0/0x130
[  489.572820][T15779]  should_fail_ex+0x414/0x560
[  489.572861][T15779]  _copy_from_iter+0x1de/0x1790
[  489.572886][T15779]  ? kmem_cache_alloc_node_noprof+0x483/0x710
[  489.572917][T15779]  ? kmalloc_reserve+0xbd/0x290
[  489.572956][T15779]  ? __pfx__copy_from_iter+0x10/0x10
[  489.572990][T15779]  ? __alloc_skb+0x2f1/0x430
[  489.573016][T15779]  ? __pfx___alloc_skb+0x10/0x10
[  489.573043][T15779]  ? netlink_sendmsg+0x642/0xb30
[  489.573067][T15779]  ? skb_put+0x11b/0x210
[  489.573096][T15779]  netlink_sendmsg+0x6b2/0xb30
[  489.573132][T15779]  ? __pfx_netlink_sendmsg+0x10/0x10
[  489.573163][T15779]  ? aa_sock_msg_perm+0xf1/0x1d0
[  489.573199][T15779]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  489.573221][T15779]  ? __pfx_netlink_sendmsg+0x10/0x10
[  489.573248][T15779]  __sock_sendmsg+0x21c/0x270
[  489.573285][T15779]  ____sys_sendmsg+0x505/0x830
[  489.573319][T15779]  ? __pfx_____sys_sendmsg+0x10/0x10
[  489.573358][T15779]  ? import_iovec+0x74/0xa0
[  489.573391][T15779]  ___sys_sendmsg+0x21f/0x2a0
[  489.573421][T15779]  ? __pfx____sys_sendmsg+0x10/0x10
[  489.573489][T15779]  ? __fget_files+0x2a/0x420
[  489.573510][T15779]  ? __fget_files+0x3a0/0x420
[  489.573543][T15779]  __x64_sys_sendmsg+0x19b/0x260
[  489.573574][T15779]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  489.573613][T15779]  ? __pfx_ksys_write+0x10/0x10
[  489.573650][T15779]  ? do_syscall_64+0xbe/0xfa0
[  489.573678][T15779]  do_syscall_64+0xfa/0xfa0
[  489.573699][T15779]  ? lockdep_hardirqs_on+0x9c/0x150
[  489.573723][T15779]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.573745][T15779]  ? clear_bhb_loop+0x60/0xb0
[  489.573773][T15779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.573794][T15779] RIP: 0033:0x7f8daf58f749
[  489.573814][T15779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.573831][T15779] RSP: 002b:00007f8db03ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  489.573851][T15779] RAX: ffffffffffffffda RBX: 00007f8daf7e5fa0 RCX: 00007f8daf58f749
[  489.573864][T15779] RDX: 0000000000000080 RSI: 00002000000000c0 RDI: 0000000000000003
[  489.573875][T15779] RBP: 00007f8db03ca090 R08: 0000000000000000 R09: 0000000000000000
[  489.573886][T15779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  489.573896][T15779] R13: 00007f8daf7e6038 R14: 00007f8daf7e5fa0 R15: 00007ffc788b4948
[  489.573925][T15779]  </TASK>
[  489.951965][T15788] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2950'.
[  489.967685][T15788] syz_tun: entered allmulticast mode
[  489.974787][T15787] syz_tun: left allmulticast mode
[  490.177212][T15794] ip6_vti0 speed is unknown, defaulting to 1000
[  490.192442][T15796] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2951'.
[  490.337138][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2951'.
[  490.548722][T15640] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.630300][T15640] veth0_vlan: entered promiscuous mode
[  490.648931][T15640] veth1_vlan: entered promiscuous mode
[  490.702183][T15640] veth0_macvtap: entered promiscuous mode
[  490.717363][T15640] veth1_macvtap: entered promiscuous mode
[  490.770172][T15640] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.779008][T15800] ip6_vti0 speed is unknown, defaulting to 1000
[  490.803420][T15640] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.915136][ T1161] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.970382][ T1161] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.989306][ T1161] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  491.000259][ T1161] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  491.263680][T15802] ip6_vti0 speed is unknown, defaulting to 1000
[  491.283713][T15814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2955'.
[  491.302379][ T2935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.321158][ T2935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.322608][T15814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2955'.
[  491.590417][ T1339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  491.608088][ T1339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.133649][T15818] ip6_vti0 speed is unknown, defaulting to 1000
[  492.189649][T15832] batman_adv: batadv0: Adding interface: vlan2
[  492.198663][T15832] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  492.226414][T15832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.241526][T15832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.257882][T15832] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active
[  492.627293][T15850] __nla_validate_parse: 1 callbacks suppressed
[  492.627319][T15850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2962'.
[  492.822649][T15855] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2964'.
[  492.836727][T15850] vlan2: entered promiscuous mode
[  492.965626][T15855] vlan3: entered promiscuous mode
[  492.972997][T15855] bond0: entered promiscuous mode
[  492.997189][T15855] bond_slave_0: entered promiscuous mode
[  493.003142][T15855] bond_slave_1: entered promiscuous mode
[  493.342470][T15859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2966'.
[  493.374952][T15859] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2966'.
[  493.399390][T15863] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2967'.
[  493.426045][T15860] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2966'.
[  493.605088][T11049] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  493.840231][T15868] bridge0: port 3(gretap0) entered blocking state
[  493.854981][T15868] bridge0: port 3(gretap0) entered disabled state
[  493.874156][T15868] gretap0: entered allmulticast mode
[  493.895498][T15868] gretap0: entered promiscuous mode
[  493.901507][T15868] bridge0: port 3(gretap0) entered blocking state
[  493.908187][T15868] bridge0: port 3(gretap0) entered forwarding state
[  494.038711][T15867] netlink: 'syz.2.2969': attribute type 4 has an invalid length.
[  494.297959][T15878] 8021q: VLANs not supported on ip6tnl0
[  494.635342][   T43] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  494.715952][T15898] macsec0: entered allmulticast mode
[  494.741198][T15898] ip6gretap0: entered promiscuous mode
[  494.749945][T15898] ip6gretap0: entered allmulticast mode
[  494.759916][T15898] macsec0: left allmulticast mode
[  494.765566][T15898] ip6gretap0: left allmulticast mode
[  494.773650][T15902] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2980'.
[  494.787897][T15900] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2979'.
[  494.860059][T15902] vlan2: entered promiscuous mode
[  495.217483][T15922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.429751][T15922] netlink: 'syz.4.2986': attribute type 11 has an invalid length.
[  495.549351][T15931] netlink: 'syz.1.2987': attribute type 2 has an invalid length.
[  495.587869][T15922] netlink: 'syz.4.2986': attribute type 23 has an invalid length.
[  495.665778][T15922] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2986'.
[  495.850500][T15931] !: entered promiscuous mode
[  496.407974][T15958] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2995'.
[  496.427879][T15958] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1
[  496.457228][T15958] erspan1: entered allmulticast mode
[  496.827953][T15971] bond3: Unable to set down delay as MII monitoring is disabled
[  496.867406][T15971] bond3 (unregistering): Released all slaves
[  496.997043][T15951] ip6_vti0 speed is unknown, defaulting to 1000
[  497.795566][T16001] __nla_validate_parse: 3 callbacks suppressed
[  497.795588][T16001] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3010'.
[  497.820453][T16001] vlan3: entered promiscuous mode
[  498.281181][   T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  498.291065][   T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  498.302538][   T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  498.315978][   T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  498.327556][   T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  498.424397][T16008] bond1: Unable to set down delay as MII monitoring is disabled
[  498.443763][T16008] bond1 (unregistering): Released all slaves
[  498.578902][ T3012] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  498.657915][T16006] ip6_vti0 speed is unknown, defaulting to 1000
[  498.691871][ T3012] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  499.195641][ T3012] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  499.299384][T16028] syzkaller0: entered promiscuous mode
[  499.320314][T16028] syzkaller0: entered allmulticast mode
[  499.359139][ T3012] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  499.546033][T16030] ip6_vti0 speed is unknown, defaulting to 1000
[  499.887437][T16006] chnl_net:caif_netlink_parms(): no params data found
[  499.973482][ T3012] gretap0: left allmulticast mode
[  499.986881][ T3012] bridge0: port 2(gretap0) entered disabled state
[  500.122321][T16051] netlink: 'syz.4.3023': attribute type 1 has an invalid length.
[  500.395676][   T52] Bluetooth: hci3: command tx timeout
[  500.887556][ T3012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.896736][ T3012] bond_slave_0: left promiscuous mode
[  500.903537][ T3012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.912551][ T3012] bond_slave_1: left promiscuous mode
[  500.919483][ T3012] bond0 (unregistering): (slave team0): Releasing backup interface
[  500.929624][ T3012] bond0 (unregistering): Released all slaves
[  501.039453][ T3012] bond1 (unregistering): Released all slaves
[  501.054239][ T3012] bond2 (unregistering): Released all slaves
[  501.161479][ T3012] bond3 (unregistering): Released all slaves
[  501.193474][T16046] geneve2: entered promiscuous mode
[  501.336404][T16053] bond1: (slave xfrm1): The slave device specified does not support setting the MAC address
[  501.362790][T16053] bond1: (slave xfrm1): Setting fail_over_mac to active for active-backup mode
[  501.380028][T16053] bond1: (slave xfrm1): making interface the new active one
[  501.392430][T16053] bond1: (slave xfrm1): Enslaving as an active interface with an up link
[  501.424693][ T1339] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 34534 - 0
[  501.435872][T16060] nbd1: detected capacity change from 0 to 127
[  501.443375][ T1339] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 34534 - 0
[  501.454787][   T52] block nbd1: Receive control failed (result -32)
[  501.502372][ T3012] !: left promiscuous mode
[  501.542137][ T1339] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 34534 - 0
[  501.606164][ T1339] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 34534 - 0
[  501.623777][ T3012] tipc: Left network mode
[  501.668392][T16006] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.676345][T16006] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.683630][T16006] bridge_slave_0: entered allmulticast mode
[  501.691774][T16006] bridge_slave_0: entered promiscuous mode
[  501.767544][T16006] bridge0: port 2(bridge_slave_1) entered blocking state
[  501.788582][T16006] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.799323][T16006] bridge_slave_1: entered allmulticast mode
[  501.808470][T16006] bridge_slave_1: entered promiscuous mode
[  502.161388][T16078] syzkaller0: entered promiscuous mode
[  502.168557][T16078] syzkaller0: entered allmulticast mode
[  502.291125][T16006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.474994][   T52] Bluetooth: hci3: command tx timeout
[  502.656948][T16006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.714393][T16088] delete_channel: no stack
[  502.768552][T16006] team0: Port device team_slave_0 added
[  502.778275][T16006] team0: Port device team_slave_1 added
[  502.848103][T16090] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3033'.
[  502.872943][T16090] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3033'.
[  502.894787][T16006] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.901874][T16006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.928236][T16006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.950264][T16006] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.964697][T16006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.991060][T16006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  503.080087][T16096] vlan3: entered promiscuous mode
[  503.085679][T16096] vlan3: entered allmulticast mode
[  503.092039][T16096] hsr_slave_1: entered allmulticast mode
[  503.100489][T16101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3035'.
[  503.158749][T16096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3035'.
[  503.172897][ T3012] hsr_slave_0: left promiscuous mode
[  503.194180][ T3012] batman_adv: batadv0: Removing interface: batadv_slave_0
[  503.207079][ T3012] batman_adv: batadv0: Removing interface: batadv_slave_1
[  503.798536][T16121] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3039'.
[  503.874849][ T3012] team_slave_1 (unregistering): left promiscuous mode
[  503.882977][ T3012] team0 (unregistering): Port device team_slave_1 removed
[  503.927993][ T3012] team_slave_0 (unregistering): left promiscuous mode
[  503.936094][ T3012] team0 (unregistering): Port device team_slave_0 removed
[  504.554810][   T52] Bluetooth: hci3: command tx timeout
[  504.580442][T16006] hsr_slave_0: entered promiscuous mode
[  504.596468][T16006] hsr_slave_1: entered promiscuous mode
[  504.605266][T16006] debugfs: 'hsr0' already exists in 'hsr'
[  504.611163][T16006] Cannot create hsr debugfs directory
[  504.656909][T16127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3040'.
[  506.635330][   T52] Bluetooth: hci3: command tx timeout
[  506.829901][T16127] vlan2: entered promiscuous mode
[  507.119376][ T3012] IPVS: stop unused estimator thread 0...
[  507.294455][T16146] rdma_rxe: rxe_newlink: failed to add ip6_vti0
[  507.325769][T16141] bridge0: port 3(gretap0) entered disabled state
[  507.386152][T16149] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3050'.
[  507.413072][T16149] vlan2: entered promiscuous mode
[  507.701894][T16154] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3052'.
[  507.711858][T16154] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3052'.
[  507.740693][T16006] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  507.755945][T16006] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  507.814780][T16006] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  507.828668][T16006] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  509.361438][T16177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3057'.
[  509.489203][T16181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3057'.
[  509.639456][T16157] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  509.715827][T16176] ip6_vti0 speed is unknown, defaulting to 1000
[  509.881875][T16006] 8021q: adding VLAN 0 to HW filter on device bond0
[  509.960635][T16006] 8021q: adding VLAN 0 to HW filter on device team0
[  510.041848][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  510.049121][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  510.080615][T16197] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3061'.
[  510.103880][ T3012] bridge0: port 2(bridge_slave_1) entered blocking state
[  510.111123][ T3012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  510.271695][T16197] nbd: socks must be embedded in a SOCK_ITEM attr
[  510.433672][T16210] netlink: 212924 bytes leftover after parsing attributes in process `syz.3.3065'.
[  510.557623][T16210] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  510.565070][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  510.571747][T16210] syzkaller0: entered promiscuous mode
[  510.582562][T16210] syzkaller0: entered allmulticast mode
[  510.612273][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3066'.
[  510.626261][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3066'.
[  510.671368][T16210] tipc: Resetting bearer <eth:syzkaller0>
[  510.737063][T16209] tipc: Resetting bearer <eth:syzkaller0>
[  510.810324][T16209] tipc: Disabling bearer <eth:syzkaller0>
[  510.877001][T16006] 8021q: adding VLAN 0 to HW filter on device batadv0
[  510.920670][T16219] Cannot find add_set index 1 as target
[  511.027594][T16006] veth0_vlan: entered promiscuous mode
[  511.097543][T16006] veth1_vlan: entered promiscuous mode
[  511.139862][T16222] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3068'.
[  511.163448][T16222] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3068'.
[  511.216769][T16225] bond2: Unable to set down delay as MII monitoring is disabled
[  511.226635][T16225] bond2 (unregistering): Released all slaves
[  511.277469][T16228] bond1: Unable to set down delay as MII monitoring is disabled
[  511.293600][T16228] bond1 (unregistering): Released all slaves
[  511.362675][T16006] veth0_macvtap: entered promiscuous mode
[  511.535754][T16237] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3071'.
[  511.560990][T16240] netlink: 'syz.1.3073': attribute type 10 has an invalid length.
[  511.571072][T16240] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3073'.
[  511.587818][T16240] bridge0: port 4(bond0) entered blocking state
[  511.595315][T16240] bridge0: port 4(bond0) entered disabled state
[  511.601836][T16240] bond0: entered allmulticast mode
[  511.607537][T16240] bond_slave_0: entered allmulticast mode
[  511.613311][T16240] bond_slave_1: entered allmulticast mode
[  511.622511][T16240] bridge0: port 4(bond0) entered blocking state
[  511.628914][T16240] bridge0: port 4(bond0) entered forwarding state
[  513.233487][T16237] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.255611][T16006] veth1_macvtap: entered promiscuous mode
[  513.294274][T16250] vlan2: entered promiscuous mode
[  513.360656][T16237] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.444217][T16006] batman_adv: batadv0: Interface activated: batadv_slave_0
[  513.519443][T16237] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.545588][T16006] batman_adv: batadv0: Interface activated: batadv_slave_1
[  513.578762][ T2935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  513.599485][ T2935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  513.659892][T16237] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.677092][ T2935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  513.688195][ T2935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  513.723021][T16264] bond1: Unable to set down delay as MII monitoring is disabled
[  513.741270][T16264] bond1 (unregistering): Released all slaves
[  513.875930][T16270] ip6_vti0 speed is unknown, defaulting to 1000
[  513.943336][T16276] syzkaller0: entered promiscuous mode
[  513.961050][T16276] syzkaller0: entered allmulticast mode
[  514.048250][ T2935] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  514.069926][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  514.084241][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  514.175474][ T2976] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  514.200618][ T2976] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  514.231166][ T2976] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  514.251429][ T2976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  514.321557][ T2976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  514.446125][T16285] __nla_validate_parse: 6 callbacks suppressed
[  514.446144][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3085'.
[  514.569941][T16293] x_tables: duplicate underflow at hook 1
[  514.631644][T16285] vlan3: entered promiscuous mode
[  514.784898][   T43] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  514.807240][T16288] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  515.016115][T16304] netlink: 'syz.0.3089': attribute type 9 has an invalid length.
[  515.024252][T16304] netlink: 'syz.0.3089': attribute type 6 has an invalid length.
[  515.061159][T16307] netlink: 'syz.0.3089': attribute type 9 has an invalid length.
[  515.072526][T16307] netlink: 'syz.0.3089': attribute type 6 has an invalid length.
[  515.417214][T16315] syzkaller0: entered promiscuous mode
[  515.439099][T16315] syzkaller0: entered allmulticast mode
[  515.618099][T16321] ip6_vti0 speed is unknown, defaulting to 1000
[  515.662200][T16325] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3095'.
[  515.696202][ T8710] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI
[  515.708162][ T8710] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  515.716609][ T8710] CPU: 0 UID: 0 PID: 8710 Comm: kbnepd  Not tainted syzkaller #0 PREEMPT(full) 
[  515.725732][ T8710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  515.735804][ T8710] RIP: 0010:klist_del+0x49/0x110
[  515.740845][ T8710] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 29 ea e7 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 0b ea e7 f6 4d 8b 7e 58 4c 89 f7 e8 3f f8
[  515.760484][ T8710] RSP: 0000:ffffc9001b0b7748 EFLAGS: 00010202
[  515.766567][ T8710] RAX: 000000000000000b RBX: ffff88807d057060 RCX: ffff888028b10000
[  515.774550][ T8710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
[  515.782556][ T8710] RBP: ffffc9001b0b7870 R08: ffff88807a0731e3 R09: 1ffff1100f40e63c
[  515.790539][ T8710] R10: dffffc0000000000 R11: ffffed100f40e63d R12: dffffc0000000000
[  515.798531][ T8710] R13: 1ffff1100fa0ae0c R14: 0000000000000000 R15: ffff888031762758
[  515.806541][ T8710] FS:  0000000000000000(0000) GS:ffff888126135000(0000) knlGS:0000000000000000
[  515.815479][ T8710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  515.822084][ T8710] CR2: 00007f60e05d1d37 CR3: 000000007f15e000 CR4: 00000000003526f0
[  515.830071][ T8710] Call Trace:
[  515.833359][ T8710]  <TASK>
[  515.836300][ T8710]  device_del+0x280/0x8e0
[  515.840681][ T8710]  ? _raw_spin_unlock_irq+0x2e/0x50
[  515.845900][ T8710]  ? pm_runtime_set_memalloc_noio+0x1f4/0x260
[  515.852007][ T8710]  ? __pfx_device_del+0x10/0x10
[  515.856870][ T8710]  ? netdev_unregister_kobject+0x344/0x450
[  515.862698][ T8710]  unregister_netdevice_many_notify+0x1df2/0x2390
[  515.869135][ T8710]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  515.875931][ T8710]  ? rtnl_net_dev_lock+0x257/0x2f0
[  515.881072][ T8710]  unregister_netdevice_queue+0x33c/0x380
[  515.886809][ T8710]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  515.893069][ T8710]  ? rtnl_net_dev_lock+0x36/0x2f0
[  515.898105][ T8710]  ? rtnl_net_dev_lock+0x2de/0x2f0
[  515.903229][ T8710]  unregister_netdev+0x1f/0x60
[  515.908009][ T8710]  bnep_session+0x294d/0x2b40
[  515.912704][ T8710]  ? rcu_is_watching+0x15/0xb0
[  515.917481][ T8710]  ? trace_sched_exit_tp+0x36/0x110
[  515.922698][ T8710]  ? __lock_acquire+0xab9/0xd20
[  515.927567][ T8710]  ? __pfx_bnep_session+0x10/0x10
[  515.932604][ T8710]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  515.938519][ T8710]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  515.944953][ T8710]  ? __pfx_woken_wake_function+0x10/0x10
[  515.950690][ T8710]  ? __kthread_parkme+0x7b/0x200
[  515.955641][ T8710]  ? __kthread_parkme+0x1a1/0x200
[  515.960680][ T8710]  kthread+0x711/0x8a0
[  515.964787][ T8710]  ? __pfx_bnep_session+0x10/0x10
[  515.969828][ T8710]  ? __pfx_kthread+0x10/0x10
[  515.974434][ T8710]  ? _raw_spin_unlock_irq+0x23/0x50
[  515.979650][ T8710]  ? lockdep_hardirqs_on+0x9c/0x150
[  515.984859][ T8710]  ? __pfx_kthread+0x10/0x10
[  515.989468][ T8710]  ret_from_fork+0x4bc/0x870
[  515.994070][ T8710]  ? __pfx_ret_from_fork+0x10/0x10
[  515.999193][ T8710]  ? __switch_to_asm+0x39/0x70
[  516.003967][ T8710]  ? __switch_to_asm+0x33/0x70
[  516.008735][ T8710]  ? __pfx_kthread+0x10/0x10
[  516.013376][ T8710]  ret_from_fork_asm+0x1a/0x30
[  516.018155][ T8710]  </TASK>
[  516.021195][ T8710] Modules linked in:
[  516.026446][ T8710] ---[ end trace 0000000000000000 ]---
[  516.035139][   T43] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  516.036790][ T8710] RIP: 0010:klist_del+0x49/0x110
[  516.048136][ T8710] Code: f6 49 89 dd 49 c1 ed 03 43 80 7c 25 00 00 74 08 48 89 df e8 29 ea e7 f6 4c 8b 33 49 83 e6 fe 49 8d 7e 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 0b ea e7 f6 4d 8b 7e 58 4c 89 f7 e8 3f f8
[  516.068810][ T8710] RSP: 0000:ffffc9001b0b7748 EFLAGS: 00010202
[  516.075363][ T8710] RAX: 000000000000000b RBX: ffff88807d057060 RCX: ffff888028b10000
[  516.083507][ T8710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
[  516.091661][ T8710] RBP: ffffc9001b0b7870 R08: ffff88807a0731e3 R09: 1ffff1100f40e63c
[  516.100541][ T8710] R10: dffffc0000000000 R11: ffffed100f40e63d R12: dffffc0000000000
[  516.109391][ T8710] R13: 1ffff1100fa0ae0c R14: 0000000000000000 R15: ffff888031762758
[  516.117495][ T8710] FS:  0000000000000000(0000) GS:ffff888126135000(0000) knlGS:0000000000000000
[  516.127060][ T8710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  516.133781][ T8710] CR2: 00007f027e1a2f98 CR3: 0000000078bae000 CR4: 00000000003526f0
[  516.141955][ T8710] Kernel panic - not syncing: Fatal exception
[  516.148319][ T8710] Kernel Offset: disabled
[  516.152649][ T8710] Rebooting in 86400 seconds..