last executing test programs:

7.025459356s ago: executing program 4 (id=18522):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x18, 0x30, 0x101, 0x70bd2b, 0x25dfdbfe, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000080)
socket(0x10, 0x803, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @local}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_IP_TTL={0x5, 0x4b, 0x2}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x20040054)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$can_bcm(0x1d, 0x2, 0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xb, 0x8, 0xd, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="000000000000004a000000000006000001000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800004f0400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000180))
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)

6.442275045s ago: executing program 3 (id=18525):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000340)=""/212, 0xd4}], 0x1}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0300001a"], 0x34c}}, 0x0)

6.06111171s ago: executing program 3 (id=18528):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000580)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000bc0)={r2, 0x0, 0x0}, 0x10)
bind$alg(r1, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
connect$rds(r3, &(0x7f00000000c0)={0x2, 0x4e24, @loopback}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2})
r4 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r6)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x2c, r7, 0x301, 0x70bd2b, 0x25dfdbfe, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x844}, 0x90)
pselect6(0x40, &(0x7f0000001040)={0x1ff, 0x3, 0x4, 0x81, 0x2, 0x81, 0x9, 0x5}, &(0x7f00000010c0)={0xa, 0x2000000000, 0x1, 0x4, 0x400, 0x4, 0x0, 0x8}, &(0x7f0000001100)={0x3, 0x8, 0x50, 0x5, 0x5, 0x4, 0x101}, &(0x7f0000001140)={0x77359400}, &(0x7f00000011c0)={&(0x7f0000001180)={[0x6]}, 0x8})
socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=@newtfilter={0x274, 0x2c, 0xd27, 0x70bd25, 0x80002, {0x0, 0x0, 0x0, 0x0, {0xd, 0x1}, {}, {0xd, 0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x244, 0x2, [@TCA_FLOW_EMATCHES={0x240, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x148, 0x2, 0x0, 0x1, [@TCF_EM_META={0xec, 0x2, 0x0, 0x0, {{0x6, 0x4, 0x2}, [@TCA_EM_META_RVALUE={0x1d, 0x3, [@TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="1821e3", @TCF_META_TYPE_VAR='[', @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="a4d644e462cd9ebbbb"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x47, 0x2}, {0x8, 0x4, 0x1}}}, @TCA_EM_META_RVALUE={0x14, 0x3, [@TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x2]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0x20, 0x1}, {0x8000, 0x5b, 0x1}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x7f, 0x2}, {0x532, 0x6, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8, 0x10}, {0x3, 0x2, 0x1}}}, @TCA_EM_META_LVALUE={0x18, 0x2, [@TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_VAR="1a6dd65b"]}, @TCA_EM_META_RVALUE={0x33, 0x3, [@TCF_META_TYPE_VAR="85baeef04fc110743bed", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="daf1c48d69851eb33b", @TCF_META_TYPE_VAR="14a35ff5", @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x2]}, @TCA_EM_META_LVALUE={0x2d, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="7f4248", @TCF_META_TYPE_VAR='bKr', @TCF_META_TYPE_VAR='g!-a', @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="adbe5d85", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="ad411ded7c38a0"]}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x3ff, 0x8, 0x5}, {0x1, 0x1, 0x52414e4c50aa5067}}}, @TCF_EM_META={0x48, 0x3, 0x0, 0x0, {{0x401, 0x4, 0x2}, [@TCA_EM_META_LVALUE={0x2d, 0x2, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="4f616e52bf4185db", @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="9b35b8c0b1633d95e7", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x4, 0x1}, {0x6d2, 0x0, 0x1}}}]}}]}, @TCA_EMATCH_TREE_LIST={0xe8, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x6, 0x3, 0xa59}, {0x1, 0xa, 0x6dd358a5, 0x10001}}}, @TCF_EM_META={0xbc, 0x2, 0x0, 0x0, {{0x9, 0x4, 0x6}, [@TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT]}, @TCA_EM_META_RVALUE={0x1d, 0x3, [@TCF_META_TYPE_VAR="84", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="6bcd", @TCF_META_TYPE_VAR="60737fd7c3ea25a390ce"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5a14}, {0x7, 0x4}}}, @TCA_EM_META_RVALUE={0x27, 0x3, [@TCF_META_TYPE_VAR="b0a651a561c4d963", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="f5b7", @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="220d17b290", @TCF_META_TYPE_VAR="8a1ba36d33", @TCF_META_TYPE_VAR="a3b7422b707675"]}, @TCA_EM_META_RVALUE={0x27, 0x3, [@TCF_META_TYPE_VAR="532799275a352a5560", @TCF_META_TYPE_VAR='G', @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="5123d2", @TCF_META_TYPE_VAR="a1", @TCF_META_TYPE_VAR="dd17fa8813b8", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="f2c1ba"]}, @TCA_EM_META_LVALUE={0x29, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="d4bd08c76a09", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="e8d197", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="8960b555", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x5]}]}}, @TCF_EM_IPT={0xc, 0x2, 0x0, 0x0, {{0xa, 0x9, 0x2}}}]}]}]}}]}, 0x274}, 0x1, 0x0, 0x0, 0x4008081}, 0x20000000)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r6)

6.05940707s ago: executing program 4 (id=18529):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4000000040000100fcff0700040000000100000004004880200001801c00"], 0x40}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="bc000000", @ANYRES16=0x0, @ANYBLOB="00049e419240ffdbdf2509080000480004000500000008000600030000000800040004000000080006005c0314356550f2eca600000000000500010100000c000380060004000b00000058000380140002006c6f000000000000000000000000000008000500ac1414aa0800030000000000140002006970365f76746930000000000000000014000600fc00000000000000000000800000000108000300020000000c00038008000500ac1414160800040003000000a95e934f39c2e7f275be36e6eb9971a09c76cbbbe326b9204267d181e85a0e31488567da6463f6e4a9b85885b30057329e52015ad7a12f59653442b3563e8019af91e4715eccc54639d3e43b12114a4367f4f4a83fdc11d816303523d59e3276013856a378e494f00e3c4385b9a315490c5497fb2dfaabc119f6204981d9008e6d59632e00"/327], 0xbc}, 0x1, 0x0, 0x0, 0x24006810}, 0xc001)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000080)={{0x2, 0x4e21, @empty}, {0x0, @random="4d8ab36b2919"}, 0x4, {0x2, 0x4e20, @remote}, 'lo\x00'})
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x5c}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x100}, 0x1, 0x0, 0x0, 0x4}, 0x40050)

5.966238001s ago: executing program 4 (id=18531):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448e4, &(0x7f00000009c0)={0x0, 0x0, "0db43f"})
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x4008054)
write$nci(0xffffffffffffffff, 0x0, 0xc)
write$nci(r0, &(0x7f0000000240)=ANY=[], 0x14)

5.812401429s ago: executing program 3 (id=18532):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000001c0)={@mcast2, 0x200000, 0x0, 0xff, 0x1, 0x22d, 0x40}, 0x2f)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r1)
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="12de8d0a88966d8e293dc6e8b11b0b79839b74aa88e09c65748974cb2ac93ef47220e90508254c7174220c84f824f4ad5c8e9772be32a722c29e698570cafcff", @ANYRES16=r2, @ANYBLOB="01002abd7000fddbdf25140000000c0007800800020007000000"], 0x20}, 0x1, 0x0, 0x0, 0x20004044}, 0xc000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'veth0_vlan\x00', <r3=>0x0})
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf09"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x86}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000fffe80000000000000101000007f0600080000000000000071273fa7b49301641184a907"], 0xfdef)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', r3}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00'], 0x3c}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000600)={0xfdf9, 0x8, 0x1f}, 0x8)
sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x1, 0x80, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3355}, 0x1c)
setsockopt$inet6_mreq(r5, 0x29, 0x15, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="6f0000003a000103298df8ad60d9d72506000000aae1ddc458f0ab4d9e4a57a8b930efc3b0df5620b9fad474c7768a1d956ca8feb59b9d1c823bba0aaca49356570de2571db33d083e03beeee788794b703727a605fe62f1f58c92dde4fb7b653957bb125b1a4d769e22af5dd12b9e86cd348f5508ce9d3d7c46cf1929b381dec72167542448cb66f96c54a9bf58e8c9f8a6215203ca5a63b6fced7f0640a7238af4f74e67babcf21129eaf15667fff5"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x440, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0xc0501, 0x0)
close(r8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$netlink(0x10, 0x3, 0x4)

4.578998665s ago: executing program 2 (id=18538):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010000000000fedbdf250a01000000fc0000000002000800040001"], 0x24}}, 0x0)

4.506141955s ago: executing program 2 (id=18539):
syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) (async)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f00000002c0), &(0x7f0000000380)=""/100}, 0x20)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0x8918, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) (async, rerun: 64)
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) (rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000001540)=ANY=[@ANYBLOB="18030000f000000000000000ff00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b5020000140000008500000083000000bc0900000000000055090100240000009500000000002fa86e4e000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x1006, &(0x7f0000001b00)=""/4102, 0x40f00, 0x9, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) (async)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f0000000b40)={{<r4=>r1, &(0x7f0000000140)='\x00', 0x1, &(0x7f00000001c0)={@align=0xe4, {0x4, 0x7, 0x2, 0x7}}, 0xfffffe01, &(0x7f0000000240)={@_ha_fsid}, &(0x7f0000000280)=0x67d}, 0x7, &(0x7f0000000a40)=[{0x1, 0xfffffff5, &(0x7f00000002c0)='\x00', &(0x7f0000000400)="406acef8e6ffcbf8fb25173dcbc13afe656c8cc37c36db826149495f6a15477a5e4bf38406053fb83ec3cd009920fefd5eaf579eee210d529ddf3e3b484b425634bd893e3593e659a2b9457f88a1dc86a2489224ecf7099279dd", 0x5a, 0xa}, {0x1, 0x2, &(0x7f0000000480)='TIPC\x00', &(0x7f0000000540)="aa53d4501cc5e1813727dc979409f5c9bdfc3fe297571f9569a7cb194194182a25ed3fb5a7c1a5e7b7a83c49c9cbabf6edb6e8c768693a22fee094cd2d22afbc35eae207802298c60404410dce92bb4a6e6f446825aa944c8426a0859da2428813026b87312cb865b08fbb2a7ff3cb7a7b073476c73022b00c1e148aba0b5904d191563522a81147337ee298f47b4c90946568", 0x93}, {0x3, 0x8000, &(0x7f0000000600)='TIPC\x00', &(0x7f0000000640)="a25378234a2bd975bbdfa2f1f347ce7b4c4d5859d12e3211bd49db4b", 0x1c, 0x28}, {0x1, 0x8, &(0x7f0000000680)='TIPCv2\x00', &(0x7f00000006c0)="db79f42c225943b64c270d9dfc7fb8a89d396ced4dee8bd2350c3f71e5ead262c72ad6ed78a5449bf2d39275200daa5c2f3ada187ec2635cf52c3c481d6aed6736a59f176917b4eddd9749c6de5f8851fd428076635eecbfe8afdd91ae33ebbeb62acf4df68beeebd6a537f4229c98728aed20d9d9cd7b46f27d09389be6de34461b9444d2375c052a4e10f83601d0b3bcd3b0dd26f84e7c4a6f2a7ec29d55609a69c3b1fb83546e1c647bd6c933d52ca1a74abc9c03940131695a4ff6eeeedd3e3daf5d9142781e3b4235dab23cf3ab", 0xd0, 0x18}, {0x1, 0x0, &(0x7f00000007c0)='H//&=]\x00', &(0x7f0000000800)="7d0d59c28785ee8cc6fa2cba7e2ff9a76b3b556e8d04fd752b5fb9d8ea7d99ad84440d0c69f47addbfda052d274b53f75ef88975", 0x34, 0x20}, {0x1, 0x8, &(0x7f0000000840)='nl80211\x00', &(0x7f0000000880)="4c6d2a2fd4fb177b2112b4931a5e556f08cda671edeb5ac04c71771ccdddad380141967ccb2153e90134520c9bd59a41adc86dce1aa801d077dd1c48a4593d0e82ce95fac28b6d84204f970e42ebb9d20dbacbdb248a0d90349be8c2a52f8d9fa89bccfd67c9084be58d31f231d066794592aa64356fa8e8393d3684ceb5f9c71369facecafa79d2ee7609b28bf215faf230ea0dcf6ba7ffb2bc8761ecca2737629431f3677d6f7d91c4614bd770bfe1eefbdbfc41856cc4c845118f93e30e3262d692f8e288b968cd2d6aa0b66b0aba04d125bb76784a12", 0xd8, 0x20}, {0x2, 0xfffffffc, &(0x7f0000000980)='TIPC\x00', &(0x7f00000009c0)="d8bd315794ceef999f7cf7206f1acf43ac51e2477b9a5dd9f501e0d1f1ad3c2f7d13fffd479e690daa537ce6e1a248af688357150340e3479a9e10449d76989985b9c95c65e09e7b036a1810debb36", 0x4f, 0x10}]})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@cgroup=r4, 0x24, 0x7260a283242b0f77, 0xc, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000040), &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0]}, 0x40) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x20, r6, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7db}]}]}, 0x20}}, 0x0) (async)
syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r5)

4.346785075s ago: executing program 1 (id=18541):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000000), 0x4)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'nr0\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x20, 0x3b, "a32473bc35b044b43d9f516d71e346f2845816c51ec15dc16428f74bbe4e6ee10213e31d6bbaec08af342faa37e81e45486c1f1c1edd895349b866"}})
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x1409, 0x1, 0x70bd25, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0xc008080}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000081}, 0x4)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x5c, r3, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x12}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x9}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8e}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xcc}, @IEEE802154_ATTR_SCAN_TYPE={0x5}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x5}, 0x4004)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), r2)
sendto$inet6(r1, &(0x7f00000005c0)="ddd64840a9a185a9674bdfd6c25a26a7b2749a2ec5071998454f3dc00fe63115ab4c2427c2a5aa28d3b427315edd2dc021eae68dd34cf81e53703e5aa88972b64341b3801047dbf1330d15708afee0385b309e37b71f3f255860ffa84675c4f1b7845287bd707af2c068ae7f25c79111c6b2ae8237cd9ec99b43ba7dec0d6a333a4b7a3ba610a696a634b0058cbbd50baed04fee3deec7acb7c298f2eb654b63d6b6970bf1d5fed6da3853c1ef7fddb2d773abee2deaf0b932d642d4f085ea89a3f0e09185137c9a1b0260791524368931ca82baa176aa6180ea8f889fdff1b059f8e8beac82b2f30646e1406b", 0xed, 0x10800, &(0x7f00000006c0)={0xa, 0x4e24, 0x400, @remote, 0x9}, 0x1c)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000700)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x2})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000740)=<r4=>0x0)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000780)=r4)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x64, 0x3, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x80014}, 0x8000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000900), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r5)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r6, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x20, r7, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000002}, 0x24004044)
r8 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
r9 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
r10 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x64, 0x1402, 0x8, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r9}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r10}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x4091}, 0x4c081)
ioctl$NILFS_IOCTL_GET_VINFO(r2, 0xc0186e86, &(0x7f0000000c40)={&(0x7f0000000bc0)=[{0x101, 0xeb, 0x40, 0x5}, {0x8, 0x80000001, 0x1, 0x4}, {0x3355, 0x80, 0x2, 0x5}, {0x10, 0x3, 0x1}], 0x4, 0x20, 0x4, 0x9})
r11 = accept4$rose(0xffffffffffffffff, &(0x7f0000000c80)=@short={0xb, @remote, @default, 0x1, @rose}, &(0x7f0000000cc0)=0x1c, 0x80800)
getsockopt$rose(r11, 0x104, 0x7, &(0x7f0000000d00), &(0x7f0000000d40)=0x4)
ioctl$XFS_IOC_DIOINFO(r10, 0x800c581e, &(0x7f0000000d80))
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x78, 0x0, 0x14, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4aa0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_BACKEND_IDENTIFIER={0x8, 0xa, 'nr0\x00'}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '!'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x48841)

2.874374415s ago: executing program 4 (id=18542):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b0000000000"], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.826250466s ago: executing program 3 (id=18543):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000a, 0x204031, 0xffffffffffffffff, 0x5f456000)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x2004c840}, 0x44040)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c03000017"], 0x34c}}, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r4, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0xfffffffe)
r5 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r5, 0x0, 0x81, &(0x7f00000001c0)={'filter\x00', 0x0, 0x3, 0x0, [0xb, 0xffffffffffffffff, 0xe, 0xc0000000000000, 0x8000, 0xc], 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x78)
accept4$unix(r1, 0x0, 0x0, 0x80000)
recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0xff6}], 0x1}, 0x8000}], 0x1, 0x10002, 0x0)

2.768495271s ago: executing program 1 (id=18544):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x20, 0x10, 0x1, 0x70bd6c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x15b30}}, 0x20}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000300036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040", 0xa2}], 0x1}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.753247301s ago: executing program 2 (id=18545):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x80050}, 0x60008845)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305839, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @empty, 0x5}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000004)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c00)={'macvtap0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000300012800b000100657273"], 0x50}}, 0x4080)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="b0010000", @ANYRES16=0x0, @ANYBLOB="000828bd7000fcdbdf25070000002400018008000300010000000800030001000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="2800018008000300020000001400020064756d6d79300000000000000000000008000300366eba111800018014000200766972745f77696669300000000000002400018008000100", @ANYRES32=0x0, @ANYBLOB="0800030003000000080003000200000008000300030000002000018008000300020000001400020076657468315f6d616376746170003800008400018008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000000800030002000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="1400020067726574617030000000000000000000140002006d6163766c616e300000000000000000140002006e6574706369300000000000000000001400020076657468315f746f5f62726964676500700001801400020065727370616e300000000000000000001400020064756d6d79300000000000000000000008000100", @ANYRES32=r6, @ANYBLOB="1400020070696d367265673000000000000000001400020074756e6c30000000000000000000000014000200766574683100"/60], 0x1b0}, 0x1, 0x0, 0x0, 0x40800}, 0x40000)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x60)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x11ea, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

2.630548162s ago: executing program 2 (id=18546):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="358742049b86c1751bfb595e0dd58bf17265acb1180b5898f90a91ea5bef85e84fbdc31246d81871c681af7476ac0258e700000000000012ff49b7cc71a11d063acb03695b39ef94023a", @ANYRES8=r0], 0x44}, 0x1, 0x0, 0x0, 0x6cb3fe8b19b50faa}, 0x0) (fail_nth: 6)

2.236526294s ago: executing program 2 (id=18549):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="04010000100033060000000000fc0000fc000000000000000000000000000000ffffffff00000000000000000000000000004000000080010000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000003c000000fe80000000000000000000000000000b2303000000000000feffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000029bd7000000000000a000200000000000000000014000e"], 0x104}, 0x1, 0x0, 0x0, 0x2000c8c0}, 0x0)

2.235600021s ago: executing program 1 (id=18550):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000f00)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1400000000000000000000000200000003000000000000001800000000000000000000000700000086"], 0x30}}], 0x1, 0x8000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'lo\x00', <r2=>0x0})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x6)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000180)=[{0x1d, 0x5, 0xa, 0x5}, {0xd, 0x85, 0xd, 0x403}, {0x8, 0x0, 0x6, 0x1}]})
write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6)
r4 = accept4(r1, 0x0, &(0x7f0000000240), 0x80800)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r2, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
sendto$inet6(r5, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
r6 = socket(0xa, 0x1, 0x84)
setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f00000002c0)={0x1, {{0x2, 0x4e24, @multicast1}}, {{0x2, 0x4e23, @broadcast}}}, 0x108)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300080fe1000010025bd7000fddbdf25eeff7700", @ANYRES32=0x0, @ANYBLOB="390902000360000008001b0000000000080004"], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)

2.205775921s ago: executing program 4 (id=18551):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmsg(r0, &(0x7f0000001280)={&(0x7f0000000000)=@generic, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)=""/102, 0x66}, {&(0x7f0000000100)}, {&(0x7f0000000140)=""/198, 0xc6}], 0x3, &(0x7f0000000280)=""/4096, 0x1000}, 0x10163)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001300), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001380)={&(0x7f0000001340)={0x24, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e22}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x804}, 0xc014)
setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f0000001400)=0x4, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001480), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000001540)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001500)={&(0x7f00000014c0)={0x30, r3, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0xf, 0x9, 0xffff, 0x1}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000015c0), r2)
sendmsg$NL80211_CMD_START_NAN(r2, &(0x7f00000016c0)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001680)={&(0x7f0000001600)={0x4c, r4, 0x2, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x7}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xff}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xc4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000001700)={<r6=>0x0, 0xdc, "67c3858ad9cbc31ffd78eee0eed0bf439635759a2bc021c2dd7828ab71243b401be78dbd1c5058614d4c1aa18134630df51d6d7855a765d7bb79691682c9a6acc2770ef6f478a13f014725b6cbe520a3ca1153580edae0a72824a844010e8e863e91f257c9bc0ef7a6828fe08fb05a79e54597465c4ee839c303eda138494ee4cd453b9d77512c4d7ba25b9edb6879d5f30da3cc98ffcbaa04def331a5a6c30c571ba376c735990eb2e8c3345773e08d4dd3bddf08ecaaa9905f064077594e6a77b82d8f1b5bc24288390035811cbdeb0e3052bf8e2cde22bbd8b2cc"}, &(0x7f0000001800)=0xe4)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r5, 0x84, 0x19, &(0x7f0000001840)={r6, 0x1}, 0x8)
r7 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000001880), 0x4)
r8 = bpf$ITER_CREATE(0x21, &(0x7f00000018c0)={r7}, 0x8)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r9, 0x0, 0x483, &(0x7f0000001900), &(0x7f0000001980)=0x68)
socket$inet_tcp(0x2, 0x1, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_SEC_DEV(r10, &(0x7f0000001a80)={&(0x7f00000019c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x20, 0x0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f0000001ac0)=@gcm_256={{0x303}, "0dd5a871f51a7f49", "48c6584d9c8649acbab948aeab9e5a83b0439364f81087c244e6e44f199b19a4", 'Yk}A', "fdff035cd769f92c"}, 0x38)
sendmsg$NL80211_CMD_DISCONNECT(r8, &(0x7f0000001c00)={&(0x7f0000001b00)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001bc0)={&(0x7f0000001b40)={0x70, r4, 0x20, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1ff, 0x74}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x26}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2a}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3d}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3d}, @NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2c}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r11 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000001c40), 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000001c80)=r11, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000001d00)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000001dc0)={&(0x7f0000001cc0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001d80)={&(0x7f0000001d40)={0x30, r4, 0x0, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x6, 0x57}}}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x1)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000001e00)={'pim6reg\x00', 0x2000})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001f40)={@map=r8, 0x1d, 0x0, 0x9b, &(0x7f0000001e40)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000001e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001ec0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r13=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001f80)={@ifindex, r8, 0x25, 0x4, r8, @void, @value=r2, @void, @void, r13}, 0x20)

2.115628381s ago: executing program 2 (id=18552):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448e4, &(0x7f00000009c0)={0x0, 0x0, "0db43f"})
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x4008054)
write$nci(0xffffffffffffffff, 0x0, 0xc)
write$nci(r0, &(0x7f0000000240)=ANY=[], 0x14)

2.115345285s ago: executing program 1 (id=18553):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a3100000000050001000700"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20080)

2.114089302s ago: executing program 4 (id=18554):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000000), 0x4)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'nr0\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x20, 0x3b, "a32473bc35b044b43d9f516d71e346f2845816c51ec15dc16428f74bbe4e6ee10213e31d6bbaec08af342faa37e81e45486c1f1c1edd895349b866"}})
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x1409, 0x1, 0x70bd25, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0xc008080}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={&(0x7f0000000300), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000081}, 0x4)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$IEEE802154_SCAN_REQ(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400), 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x5c, r3, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x12}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x9}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x8e}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xcc}, @IEEE802154_ATTR_SCAN_TYPE={0x5}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7f}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x7}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x5}, 0x4004)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), r2)
sendto$inet6(r1, &(0x7f00000005c0)="ddd64840a9a185a9674bdfd6c25a26a7b2749a2ec5071998454f3dc00fe63115ab4c2427c2a5aa28d3b427315edd2dc021eae68dd34cf81e53703e5aa88972b64341b3801047dbf1330d15708afee0385b309e37b71f3f255860ffa84675c4f1b7845287bd707af2c068ae7f25c79111c6b2ae8237cd9ec99b43ba7dec0d6a333a4b7a3ba610a696a634b0058cbbd50baed04fee3deec7acb7c298f2eb654b63d6b6970bf1d5fed6da3853c1ef7fddb2d773abee2deaf0b932d642d4f085ea89a3f0e09185137c9a1b0260791524368931ca82baa176aa6180ea8f889fdff1b059f8e8beac82b2f30646e1406b", 0xed, 0x10800, &(0x7f00000006c0)={0xa, 0x4e24, 0x400, @remote, 0x9}, 0x1c)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000700)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x2})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000740)=<r4=>0x0)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000780)=r4)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x64, 0x3, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x80014}, 0x8000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000900), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000980), r5)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r6, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x20, r7, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x16}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000002}, 0x24004044)
r8 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
r9 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
r10 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x64, 0x1402, 0x8, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r9}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r10}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x4091}, 0x4c081)
ioctl$NILFS_IOCTL_GET_VINFO(r2, 0xc0186e86, &(0x7f0000000c40)={&(0x7f0000000bc0)=[{0x101, 0xeb, 0x40, 0x5}, {0x8, 0x80000001, 0x1, 0x4}, {0x3355, 0x80, 0x2, 0x5}, {0x10, 0x3, 0x1}], 0x4, 0x20, 0x4, 0x9})
r11 = accept4$rose(0xffffffffffffffff, &(0x7f0000000c80)=@short={0xb, @remote, @default, 0x1, @rose}, &(0x7f0000000cc0)=0x1c, 0x80800)
getsockopt$rose(r11, 0x104, 0x7, &(0x7f0000000d00), &(0x7f0000000d40)=0x4)
ioctl$XFS_IOC_DIOINFO(r10, 0x800c581e, &(0x7f0000000d80))
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x78, 0x0, 0x14, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4aa0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_BACKEND_IDENTIFIER={0x8, 0xa, 'nr0\x00'}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '!'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x48841)

2.041218212s ago: executing program 1 (id=18555):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.96807244s ago: executing program 3 (id=18556):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4000000040000100fcff0700040000000100000004004880200001801c0010800e000b800a000100ac1414bb0c00330006000000"], 0x40}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="bc000000", @ANYRES16=0x0, @ANYBLOB="00049e419240ffdbdf2509080000480004000500000008000600030000000800040004000000080006005c0314356550f2eca600000000000500010100000c000380060004000b00000058000380140002006c6f000000000000000000000000000008000500ac1414aa0800030000000000140002006970365f76746930000000000000000014000600fc00000000000000000000800000000108000300020000000c00038008000500ac1414160800040003000000a95e934f39c2e7f275be36e6eb9971a09c76cbbbe326b9204267d181e85a0e31488567da6463f6e4a9b85885b30057329e52015ad7a12f59653442b3563e8019af91e4715eccc54639d3e43b12114a4367f4f4a83fdc11d816303523d59e3276013856a378e494f00e3c4385b9a315490c5497fb2dfaabc119f6204981d9008e6d59632e00"/327], 0xbc}, 0x1, 0x0, 0x0, 0x24006810}, 0xc001)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000080)={{0x2, 0x4e21, @empty}, {0x0, @random="4d8ab36b2919"}, 0x4, {0x2, 0x4e20, @remote}, 'lo\x00'})
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x34, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x5c}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x100}, 0x1, 0x0, 0x0, 0x4}, 0x40050)

1.829171007s ago: executing program 1 (id=18557):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000010004b0401800000000000007a000000", @ANYRES32=0x0, @ANYBLOB="4800000000000000240012800b0001006272696467650000140002800800080088a80000060027"], 0x44}}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="050003000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="b6827036922aa472784a151853bdfb576dbcc3c61f308a3947af01c0c18b17c6b1d20d3e51dbf5a6ae689a0b3886092143974bf6b2b298255104a740672df734cd705ada725aec9906f7f66ee3933dd91a71c41f9c709e873b0395beae5fdcefb6631ed3fb29f4a7893aeac23c90947bada25c90f34284c1a73b5d0ce1e6879ad9911d2d2f1ee34d6131d5f50dbb415dc1b993efbf62ebc801f1f565ad3f9c412e1e02b589a04922a1a7a42132ab573f3562c68bad1cad2354d185583723df0d23e2f2e4d33d2968609c56f5fd472f86313c44dcfd680c9fcd21d2ae967a4d10e53cc37d0e365e1ad15942f13be38b37f90000000000009f40876288f83e51ff62c39ad7dd949632c17542ae3ad1d97d0f4b253502ab19c101b8afc92fa88b3db90cf696bcfd433217e7618c2bffb9a8eb6ae40312eb5b3b4a3d354e41b309cc0f1f8b109866383182f85f5f6ebe3b5ba5c72a9abc037ddd22270ce851c2a1f38729f31d94efb3c3f2633329a05c77fe2ac8e805ff3a4b7859471a0728806688098a938e70a9e7ddb1de3d7f8ff12296ab44cc927e532ae17a7b8e12def8059bf67683fe780be3128e82f9ad8ef5ae550ae780d85144a3190c6f85dba6ec181f71aa3c860646dc4487c4ef640b79017c4990d6ae6d8555be98e4fa2790db4c98cba750257f48b8427cd7e5c23c4fa96dc8bfb8b39536c7"], 0x1c}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f00000016c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001680)={&(0x7f0000001700)={0x11fc, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_PROBE_RESP={0x3f6, 0x91, "f6296e57d5e823bd0d79602047d7c8ef925ffa17cbe87d06aec058c0f2507343e3ae81857bb9a0a93380a06638f8e3ee3e10c9c6af9d66ed9f804f9f47e0fe9ad890ef3d543ea8d9a38ae398a67b05619514d6e3657c82313d6745f925166ea090f5968c70495379f890c8010372c790aa44c04092d102964c128a1c0241e382b745ce62e23582ba112d00a4b0ee9ca8c246ebe9c0633c9bc8739db135eca19c152ef28bb90603b8162f8a6b047aed7099e0a2004930bb40ec0fa9993d0ee7aa87660cd77dd8e1ecb2a4a277fae8d7cd61f46513db0f6577fe7146b70df14621dac390a8ce7864276e497681d3e1c66007ddaa85106a618436ccaa6efd8e5204ae024a3e0746e5ed9adb93924ca236a15696d9c1077bebfdd613c415d6535d57a36d8ad9b81e7b2db2168a270af8d69e855201fb660eca02de02342d3329b8b8e3c159ec270491616ecb25d2014aea6915a2cee416c72ae9fea14e10f13c0d842e4f0f6ccdb18597aa18c9781f3d4d521f8a19e1b8bee4e180e931d46cfceec3d8f89a89ce59cdff2c1a7d0e04f10b9d8799bb1fd003bea07fca22e7d8ce5a084c63ae8ce4c71dd181bd2ca53afa53b996eb16ac25ceb08f3f0e4753f45e6a2bbfa4ca42dead6bff2e7f601177f09d84cad0328dbb30b3937476b951d94d0d67274200ad5878021d06f0cd1166f00bd62d37573f591f23145e7e144b14acb90ecbeea3be9b16ad481df544c42e2a87d9393b1eb778ac8b0adf16be70f113a42f455310a5de107e20c1e31a4750f6c56c3243554385cfb0acc139ebffc9de915b52e4d84f578522ca8830a2c761d5cf1c027a9d0042f959b092855c553a1904e09384faa3cc3a8437625fc296e7b92ca0e42967da554ab8345703d9bbc993813100a10f959b5867186120506acc4feb2cd3a2be4a2634476c7f7bbac5ef028be32d76d6105d79dc612b6362c863dd30f01c2246140966f95a38c7b752bca89be4af2d7886f57948a81f07104bc6bbef146f80e45c13e143b811b99c62525a7254ca993215c23eebc4c0741a693f75f6d0ad122bc0119413cb91a3a202fe078c210420c210465dd73a43e8ea19c5021c53ee6defedef57569a58c68e82d216d50e4046139b8f5a993eae818db859c9e00524ab67ecb443877c92079a28399718a030c3ec23bbe9f71ff537babee08f3f9938fc69e8bab9095997339fa056b4d97e1f4db8a44727e6f48c2618a9f771ba5a766c46011fb8375b4a267498e94411cf0d6e021ff9d0786a4be12ae3b49f310683019c76a4655b461b964e83948508ceee2d8ee64eb896b638a44ebb0fd96ca186fb5bedd88762da037973540571615e3f2c8f14c68ffea3730140d68f09faba6fc80f3144da5ac99251dc7c47b57ec80c0a09b3b6e1e170d38fc7a0535ef7faee85"}, @NL80211_ATTR_IE_PROBE_RESP={0xbf, 0x7f, [@prep={0x83, 0x25, {{0x0, 0x1}, 0x9, 0xfe, @device_a, 0x1c, @value=@device_b, 0x35, 0x6, @device_a, 0x100}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0x2c, 0x7}}, @gcr_ga={0xbd, 0x6}, @mesh_config={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x7d, 0x8}}, @dsss={0x3, 0x1, 0x78}, @ht={0x2d, 0x1a, {0x20, 0x0, 0x2, 0x0, {0x5, 0x3, 0x0, 0x7}, 0x6, 0x6, 0x3}}, @perr={0x84, 0x5c, {0x7f, 0x6, [{{}, @device_a, 0xb8, @void, 0x13}, {{}, @device_b, 0xfffffffc, @void, 0x19}, {{0x0, 0x1}, @device_b, 0x4, @value, 0x2b}, {{0x0, 0x1}, @device_b, 0x1ff, @value=@device_b, 0x2}, {{}, @device_b, 0x81, @void, 0x3b}, {{}, @device_a, 0x4, @void, 0x25}]}}]}, @NL80211_ATTR_BEACON_TAIL={0xd0, 0xf, [@mesh_config={0x71, 0x7, {0x0, 0x1, 0xffffffffffffffff, 0x0, 0x2, 0x5, 0x60}}, @perr={0x84, 0xc1, {0x0, 0xb, [{{}, @device_a, 0x80000001, @void, 0x37}, {{0x0, 0x1}, @device_a, 0x7, @value=@broadcast, 0xf}, {{0x0, 0x1}, @broadcast, 0x7fffffff, @value=@broadcast, 0x3d}, {{0x0, 0x1}, @broadcast, 0x6, @value=@device_b, 0x25}, {{0x0, 0x1}, @device_b, 0x7fff, @value=@device_b, 0x27}, {{}, @broadcast, 0x7, @void, 0x1d}, {{0x0, 0x1}, @device_a, 0x2, @value=@broadcast, 0x33}, {{0x0, 0x1}, @device_b, 0x4, @value, 0x26}, {{}, @device_b, 0xfff, @void, 0x1f}, {{0x0, 0x1}, @device_b, 0x6, @value=@device_b, 0x3}, {{0x0, 0x1}, @device_b, 0x1, @value=@device_b, 0x5}]}}]}, @NL80211_ATTR_BEACON_HEAD={0x4d1, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x5}, @broadcast, @device_a, @initial, {0x6}}, 0x2, @random=0xff, 0x201, @void, @val={0x1, 0x4, [{0x48, 0x1}, {0x3, 0x1}, {0x18}, {0x12}]}, @void, @void, @val={0x6, 0x2}, @val={0x5, 0x31, {0x2, 0x9c, 0x6, "3a594474b02c6ea30ee52a92f1469dff5d338148298ba63fe55efa8d9c911db97e90935bba57f66f5a73eea85162"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0xc, 0x1, 0x1, 0x0, {0xffffffffffffac10, 0x5, 0x0, 0xc2, 0x0, 0x1, 0x0, 0x2}, 0x800, 0x5, 0x4}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xbf, 0x40}}, @val={0x76, 0x6, {0x6, 0x5, 0x18, 0x1}}, [{0xdd, 0xd7, "45b6fde67adec9c5ab5edf277a95192bdd068ee2be5ccf70284f02bb59972e31e24b533e55c00153e8e366af7beea13ffee749ac85dfd6e4b59a770b1a4b01d7c9cb7ec0a06bd9f1be6c590ad13f42d531972e613d322d45f82d762658d0fd02cf96f7326a1308d4839d73a582e93bdb47f698d79e56605b9bf5e808e0812b644cf39792384c8d22c257e846f64459f0bfaee77b7c13ca7dd53883678fb8098d3d72e3622bd837cf8dc59e0b029d7ace4f1bc70a79a818991925849fc9147c68d377526deb93cf9f7ef67d7af675bcb04c0cd0939f1e29"}, {0xdd, 0x3c, "66e07b34cdeecec337ffbe9874e4996f151ff505636091f14d467277ad14929f9112fa4c91bf3717331043275227918590fe121f2c9e7a9e97afd16c"}, {0xdd, 0xe9, "988275b9595722d73845f81e77df3d0ae15c0e6cd5838e9aaa13c6cb884379947815c87bf6553cb9fd4b2ff2ad2539e96875941fe02fd210490c4b02ce087fc938641f52eb3f4c2c353b174b430705c3c155fdf272aaa3ef9a841d9b7458d121f1dada2278179b38680300e5d9afa4d04c2157abee6656f63e393491957f0e6aece28f85dca2537d5c3f0435faa35ed98f8f7ad6e92bf7358ed4f7e492eaee79bfd629511b626e87f339c925c89608625aefef6c79fc3c1da4579dca985d61ead09d6d96f63ada28971b77db5f1202bb0216708c0fd120d1113a85708d71629a9539e16952abe311dc"}, {0xdd, 0xe4, "0a81eda623176d2713f13410d283cd2e3fbecaf18577ca725fdc28ec451de82754748801d89074fdf7f7e9930d2fe9decbd9da2c2c37c45b2d56f4873ae42bbdfa7e2719741566841d74543f78990cf14d991a7b01838f694ed274890d2f872acb94b3dea85fdeb56c161c52ba18f9731ab43055c67daf9521a38cee42d8d9de9cc841b587a156c9c3b71583821589e0bcbe643e48573ca2adc5302175ffd99f6a873e7ac4f6b4cec8b1d4eaacbd7d36623f9b8c4fb6e84ad4ecfb8e2cc13e0aed666d8cec6459138df6aa641fcad81f862332fd4b62cf7097dd492fb4368fe958ba1fb8"}, {0xdd, 0x24, "b1efe6fa890f13978aa6dde73a3f6aa629959d0e92b573665ea85cfe2838a03c7fe320fa"}, {0xdd, 0x67, "e6a683a39a132bc2e181a37cc5ab63406e60fdde3dc16eff6e402e0f2934bcd9bd0650441afa68b90ca8cae6c5acca0cee8253af7349424c2dcabf8ee8e6d48056a36b0f11c6ab870fb316dcab6c7288dc3444742aa00bff96af95ec4d1320bd01f41f36724c60"}, {0xdd, 0x2e, "0c8eed5598b337715357be11b1d4ea8519af3d370109a46221155cbaca501c4c1e007013ceb1073605f6a7ccb4dd"}, {0xdd, 0x72, "80d57a2ec001a8a8ea5076dfe3499f0d14dd0a26c309c03e67035de24da95af477db9512495cb363bf885f66c687d22a282e126820afb2cf2af47f1fa20ebed6edd48868e8c7246966250b9b619c7054436456c91448922d04b677caba4190548dd29c67ac57f94896d5befe61f257e152a7"}, {0xdd, 0x17, "0cae3c8c06f4021a2e5a7ee0996902000a06bd5ec90d5e"}]}}, @NL80211_ATTR_IE={0x73, 0x2a, [@mesh_chsw={0x76, 0x6, {0x0, 0x8, 0x29, 0x7f}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0xd, 0xd, 0x5}}, @challenge={0x10, 0x1, 0xd6}, @random_vendor={0xdd, 0x5c, "1cf20f65af17d672f58bbed8923009e45568a7384addd41b102ff522fa848291024b2d84eb49763017db0e36781b2dc69fe0482fd1cf31d53ac17240e9addba354cf1f71a84f4446c5ef4609e3aab5eacd3c5bc9f9d6be98b5b52967"}]}, @NL80211_ATTR_PROBE_RESP={0x718, 0x91, "bdc9db91e2cafd81651e6eec28f97ba4740f01bd8f4a8940abb127f1006c7033693cd65c45bc84060f4988428832aba7e1e9014f306421282e1013464aaad2c990062eb204157c4f1bff5ea6b7455fb623c12258757f4e8cb7c7b811c393d26f8a5157d18ac638c80f4d9f91ea62c1dc179c24f28e854b759248d3e8be5afa018d3f87b802dbb9887e6d4a4dad24d8f2dd81a9bfa399a06fa178ab39786f04bf6be1f7bf99529f69f550bf5ea0b4fa30d0d4af8516a104b4f3956cee0f349a83a1a004ea7de6f7f5a1ec077304e4b1be76c6377740efa5c3f40bf872d132aff20fda58dfe4eb176ddfb371890fe8c9fabf7ca8e6f3dcb13c5a29a0aba90904aea82917eff6a544a37eff4b5a92897b33816f9ec517fc7a3bb86727134f490fd85e3f601d09ad4bfa537a622f27066218001e194e79173c5a803d0a89eb301dfb1dc1cd4bee3d78ff3254d31c078912d5277353d80df98c58e52e49bb591a04e8168a88aa2aa0a87d9e1fe768c392bdc6eeaaf4659061b40c51783667b553c9e7e8b2fdc062e2c8afcb5c5c1c7aec5fb07958fac84857698c25e619a247f6bbaeb0dce39b1684ec485dda1cb8e8b4fb0ab36efc2619183339d3f751c9655e13c33d2fb144e992aa3d7543ca200a29879aa0b3794a06f7d2afcc893c84eff89afbc7f9eaedf7b592458848dde4d2f58a6526eef20703893504eccff328a502f72fa9d7521bdb7e9a8acf8a32850112b13cf986fe3300259a669e0381dd5cddb7ff1fcbe5cfdcf20ab1b3d394eeb330923fa92e703657ca208be300550584f725d4c150625f13685e453d2af2f556278ce6f4f47f6600a467e09755750a407cf8d09f020536a20a7af277541b71b4d5bf78f8174717f4b4e0542ec610e8d434c62702c50639211468c356d9bbbe9a61fbabd0ea012e25840af6c0dfa2a7c74cb6f0b7a70bfedec5a6858b838cd1e7a7adde6fd334591b6510a30f15ebdf4bba23855c0a4087ec51e0428672893b2c263b2a5f61213fc934073d85492b887b042b15da286b7b26c07f501c16d6eaa9c7ea787d70b98d87972534be34825553d7b4f6471ead8c5aa2f32b55ab2d94dda032c704585c69bce0338e1f3b7942b99c9652dcfe707c1af71a3c52a67786c20e9b2dc6564226bf81b6febcac4565206222a119010e55216f38ff3e558a65ee4df1e5506a36553cc4a4b86fded69cff5bd635100ce3750b4548e6dfe2af0794bbb07a3f3ec71c321d4532599e686bbac4ad1eb8583550c43fae34ce91f538ee364cc6461c137f515e6ee9006062a6eeb85d196c9e35f06b9d843c4b94fbaa30da22dd630a8018f86a1e8cb4d43ee6ebeb8fc468f77d5ff9c4e2afc2f77daf71098011305070d0e8a15e31bbbcda3f8ff60d23dd5d22842192e4d299e165a675dbb5a46ed4f0b4d2904da43735b91de164769b54610ccf1273df820fdaec6a0a4ee268644344c7a48ddbc622a67492f2f06470f6b59d46fb661da8d1ea5c836c4137360556497773eca6e6c58f2a667f5c0a6227b04439dc51c63f469a90185babc8498f0c0911df577324ce317e3067e57d9bbda38511d4d74e7343a263d8afb097d0bb0f3fe49aa6abe7e961c00be44bbbcf45250da40f3ccef806ed8d1b9b4d03574c298e8d1be5cb923524977a30140b0d17a87b26e7b0a3ac14f356b9ce7a9e510dec043595d37d1b91c09f3c2729aac2e068412223725d95e1d046f3bcab6487dcb00f7213d9181176d3df51e4383183d7368a92e45164b40a767a74a08aa2de0ddf8b47082c89a5b13c882cf32bcb6c4c79d3ce797915d927c306a0c48f43e56e89ba28352316ef97fbb938242ed43e72a5cb311985d06239ace2a1b92d1bc3d218f4677b03a4a2f1fd72d7889757115f71d16f38f23dc2fd9c79d32e6ad587d3e03ecbd001868573c8f0e3ef0fa210673d9963b3d282c9cffbc55bd09aad81f41a0d41f208656eafbce41d75460374ce2c8b59dcb5e2fe8d61e8821a80798126874bcc26c53b8aa44b53ad7ebdef1d595a7eb0fc53e409e7c08985c722fa5c774dfeb8ea8c68138aeb905614a5b0af5ef1610f7bddb95dfe41c733f7d8a3e900a885743f68a5b633493b01b76ac91ce01100d4b2c10de7a26c0ccd8830fe779feab5dcf0533a65156d1c692cfda30f7c42cff7e58d68d43aade7b90616092f77cc92cb399806caae65aaf28c5453acddece8b3ec17d3d9e615ab2b42a540058ee375b3d277b68b1e13eb7198c651f821f49c16f95fd63e8457a3e7b23e3cc5e64f25a400869674f8b7ba5a38a40529e8e0b0503fb084955f6033fa32d1770754ab043ef18f98a56f448eb84b340aa437916009a80fb036580b40515fac7d08ca17a3ff46839ca88db7c767de24e3a1326ac1281eed0581253563ae5946067e2a626c5e077077b33b65f0f16a45bdb700fd5fd38f38ffabb5edc34006ac756bbf9dd5fcb626c4a3bfbe4cac7eb2a7e90e0d4c94b00e61aba3c065d64ebbc116456f9f1cb97d54430b39e63ce2933e16201b109d8c93ff4e596c27ebe4cb4fb1fb817865"}]}, 0x11fc}, 0x1, 0x0, 0x0, 0x24008080}, 0x10)

1.779675127s ago: executing program 3 (id=18558):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000202000000000000000000000b030000000000000000000002"], 0x0, 0x3e}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r0, 0x8)
accept$netrom(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x5c000000, 0x0, 0x800}, 0x0)

290.348532ms ago: executing program 0 (id=18562):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b0000000000"], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

206.138848ms ago: executing program 0 (id=18563):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a44, 0x1700)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r4 = socket(0x25, 0x6, 0xfffff524)
listen(r4, 0x8)
ioctl$sock_qrtr_TIOCINQ(r4, 0x541b, 0x0)
write$cgroup_subtree(r3, &(0x7f00000006c0)=ANY=[@ANYBLOB="2088bc1cc0f661d33cf1add16938940de6d5d6272809fd121f206d0e1873341b760ec059cdf3949a6f164610a580b318b952db2ce619e8832c8b79790b31127b7cfbee840e8ab443eaf6e3f4891b8b85f657079321a9cec664c7e8b5f27f2369ce7dd9210d6692ccc8ed7110b1d44fc34bfbd3fbacb74b5afd6b617666038d27a1e536b4037bb7816f1b1447602ea1ac3d0dc70584473ca49f00d6439f8f751150f077a4724747c6d72d28b82c83f1d902c36d11f2d04bf98a263f3e1aaa11642aefe689bfbd6e230b3c86f2cd5d262503629dd7dbcdf48be574b851db9fd44b6a3e586d176f5e5d9d044c0960f25fd2fdcfa1231c7f8074a5de07f7ca440a72c8329bcd7282d188f2312b7626c0d08c26495cc340de70f7e7ce1f7afb5d87664ca798e672"], 0x5)
ioctl$FS_IOC_RESVSP(r3, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})
syz_emit_ethernet(0x143, &(0x7f0000000a80)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb81003f0086dd60095081010904ff00000000000000000000ffff0a010102000000000000000000000000000000016703000000000000010400000000c91000000000000000000000ffffac1e00013c1a399f3bcdafc33a8ab59ba840c29964ad8076f809711baff985e465713008c8b34f2b6580d51bb91370031747d2515a53c32c10c739efff0a50c56e488d24e420ecd0ad96a1b8183e8967308503688091bd13502ab3b6afc67a40bdb90c4ca7e07afa8a7bad575ca41c30efe9264b4c10644b27195c0fb0ebeeb35f5365d504bf62a677a1160b4909976ac84b224883aefecf20cba869145141d1c16399bd0e31afc8e9e73b04019b426b9ef0b1dc8578d4eb45f6afce33d65cd1391d4c8c2bd600cdf1c929efa9f9ba9c7be4a4c3ed092496b6e9aea394d5d6d369a088abe5fee93bbb28d744156526d001b0d332b7c2"], 0x0)
sendfile(r2, r1, 0x0, 0x10000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000002000010027bd7000fbdbdf250a000040000000070600000008000d000500000018000e"], 0x2c}, 0x1, 0x0, 0x0, 0x24048860}, 0x44)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRES16], 0x5c}}, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0xaf1}, 0x8)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x13, &(0x7f0000000800)=ANY=[@ANYBLOB="18020000ffffffff000000000400000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000088310000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000007b1400009500000000000000ac22e0931ecdcaea915fc874682cea8995847d775f0572d8c2d491a0c03b165525df040f44ffc3fe1eab58be25a376cac717a0f086f972c345a6533b01d4415caf27", @ANYBLOB="111bb792bfb1c7113cccddb46ec398d747116cc0ef6346685ea8ca5286149b607e0a0b6d933bcaf8d42d8395aa498ad63685c01eda9948e57e2a4970701436a0b680b5bc3f8b96b26f54cd4befc9531f636e0d88cd13980d55ca5ff930b95230c6e7d6c12c4e52e094daaa4dda46051a832423e84e35293d09dbeb908888dc42ed5455058fe05275c1cbafe57e4e648d958317d39fc39cab2582e986f95b59b47f4acc7d85e31dbffa7638d418dcbcbe2698e86bda0c5df28bac0b0a5461adce05b0188649fb9332b29e8227a55f2baaafe2f8cd46a14b53169e1102eba47d4ee6a24342d61968171d54849f1a359fd6c2f0e69be799c506b73aeb5a957c"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440100001000130726bd70000000000000000000000000000000ffffe0000002ac1414130000000000000000000000004e22000100000003020000003a000000", @ANYRES32=0x0, @ANYRES32, @ANYRES8=r5], 0x144}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000680)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))

114.239398ms ago: executing program 0 (id=18564):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x338, 0x1000000, 0xffffffff, 0x280, 0xffffffff, 0x338, 0xffffffff, 0xffffffff, 0x338, 0xffffffff, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010101, @private=0xa010100, 0x0, 0x0, 'bond_slave_1\x00', 'geneve1\x00', {}, {}, 0x84, 0x0, 0x28}, 0x0, 0x220, 0x280, 0x0, {0x3f000000, 0x1c8}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_batadv\x00', {0x6, 0x0, 0x39, 0x338, 0x0, 0x80000000, 0x3, 0x3}, {0x3}}}, @common=@inet=@hashlimit1={{0x58}, {'veth0_to_batadv\x00', {0xf, 0x0, 0x8, 0x0, 0x0, 0x5, 0x23}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x0, 0x8, 0x7, 0x4, 0xb], 0x3, 0xdab9f66e79d89cfe}, {0x1, [0x0, 0x4, 0x2, 0x0, 0x5, 0x2], 0x1}}}}, {{@ip={@remote, @rand_addr=0x64010101, 0xff, 0xffffff, 'veth0_vlan\x00', 'vcan0\x00', {}, {0xff}}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6d12, 0x3ff, 0x6, 'netbios-ns\x00', {0xffffffffffffffff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x64}}}}, 0x430)

113.371717ms ago: executing program 0 (id=18565):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a3100000000050001000700"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20080)

25.024587ms ago: executing program 0 (id=18566):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000010100000000000000000000850000004f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 0 (id=18567):
r0 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0))
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x38, 0x1412, 0x1, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x5}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4000080)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x42, 0x8, 0x2, 0x0, 0x1}, 0x48)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={<r4=>0x0}, &(0x7f00000001c0)=0xc)
ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f0000000240)=r4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000007c0)={r2, &(0x7f00000004c0), &(0x7f0000000780)=@udp6=r3, 0x2}, 0x20)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0x10000008ebc, 0x4)
splice(r6, 0x0, r8, 0x0, 0x80000025a5, 0x0)
close(0x4)
connect$can_bcm(r5, &(0x7f00000000c0), 0x10)
sendmmsg$inet(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="050000007402b8f419", 0x9}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}, {&(0x7f0000000200)="587211", 0x3}], 0x3}}], 0x1, 0x240400c4)
close(r5)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371c00000069bd6efb2502eaf60d000100020400bf050005001201", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

slaves
[ 1773.130262][ T1117] bond13 (unregistering): Released all slaves
[ 1773.143213][ T1117] bond14 (unregistering): Released all slaves
[ 1773.162445][ T1117] bond15 (unregistering): Released all slaves
[ 1773.176078][ T1117] bond16 (unregistering): Released all slaves
[ 1773.189513][ T1117] bond17 (unregistering): Released all slaves
[ 1773.206431][ T1117] bond18 (unregistering): Released all slaves
[ 1773.380188][ T1130] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1773.402192][ T1130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1773.475554][ T1130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1773.576354][ T1117] tipc: Left network mode
[ 1773.578079][ T1130] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1773.599522][ T1130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1773.690076][ T1130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1773.866248][ T1255] netlink: 'syz.2.17780': attribute type 4 has an invalid length.
[ 1774.283910][ T1130] hsr_slave_0: entered promiscuous mode
[ 1774.313891][ T1130] hsr_slave_1: entered promiscuous mode
[ 1774.328403][ T1130] debugfs: 'hsr0' already exists in 'hsr'
[ 1774.343075][ T1130] Cannot create hsr debugfs directory
[ 1774.369853][ T1268] ipt_REJECT: ECHOREPLY no longer supported.
[ 1774.386374][ T1268] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17782'.
[ 1774.396403][ T1268] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17782'.
[ 1774.747880][ T1282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17785'.
[ 1774.836060][ T1289] netlink: 32 bytes leftover after parsing attributes in process `syz.0.17786'.
[ 1775.004913][ T5144] Bluetooth: hci5: command tx timeout
[ 1775.033788][ T1296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17787'.
[ 1775.147122][ T1306] netlink: 24 bytes leftover after parsing attributes in process `syz.0.17787'.
[ 1775.198262][ T1296] 8021q: adding VLAN 0 to HW filter on device bond16
[ 1775.717765][ T1298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17788'.
[ 1775.768143][ T1325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.17788'.
[ 1775.955155][ T1335] netlink: 'syz.0.17792': attribute type 11 has an invalid length.
[ 1776.004179][ T1337] netlink: 'syz.0.17792': attribute type 10 has an invalid length.
[ 1776.096304][ T1337] veth1_macvtap: left promiscuous mode
[ 1776.102857][ T1337] `: Device veth1_macvtap failed to register rx_handler
[ 1776.358318][ T1349] lo: entered allmulticast mode
[ 1776.382250][ T1349] tunl0: entered allmulticast mode
[ 1776.410236][ T1349] gre0: entered allmulticast mode
[ 1776.456570][ T1346] netlink: 'syz.0.17795': attribute type 30 has an invalid length.
[ 1776.626330][ T1349] erspan0: entered allmulticast mode
[ 1776.640240][ T1349] ip_vti0: entered allmulticast mode
[ 1776.679137][ T1349] ip6_vti0: entered allmulticast mode
[ 1776.692521][ T1349] sit0: entered allmulticast mode
[ 1776.705033][ T1349] ip6tnl0: entered allmulticast mode
[ 1776.726468][ T1349] ip6gre0: entered allmulticast mode
[ 1776.949844][ T1349] bridge0: port 3(syz_tun) entered disabled state
[ 1777.012434][ T1349] ip6gretap0: entered allmulticast mode
[ 1777.037666][ T1349] bridge0: entered allmulticast mode
[ 1777.084083][ T5144] Bluetooth: hci5: command tx timeout
[ 1777.095691][ T1349] bond0: entered allmulticast mode
[ 1777.104203][ T1349] bond_slave_0: entered allmulticast mode
[ 1777.113371][ T1349] bond_slave_1: entered allmulticast mode
[ 1777.127397][ T1349] `: entered allmulticast mode
[ 1777.132491][ T1349] team_slave_0: entered allmulticast mode
[ 1777.145450][ T1349] team_slave_1: entered allmulticast mode
[ 1777.151283][ T1349] bridge1: entered allmulticast mode
[ 1777.159273][ T1349] dummy0: entered allmulticast mode
[ 1777.166890][ T1349] nlmon0: entered allmulticast mode
[ 1777.173802][ T1349] caif0: entered allmulticast mode
[ 1777.181077][ T1349] batadv0: entered allmulticast mode
[ 1777.186621][ T1349] vxcan0: entered allmulticast mode
[ 1777.191944][ T1349] vxcan1: entered allmulticast mode
[ 1777.197777][ T1349] veth0: entered allmulticast mode
[ 1777.203091][ T1349] veth1: entered allmulticast mode
[ 1777.208483][ T1349] wg1: entered allmulticast mode
[ 1777.213583][ T1349] wg2: entered allmulticast mode
[ 1777.219032][ T1349] veth1_to_bridge: entered allmulticast mode
[ 1777.225846][ T1349] veth0_to_bond: entered allmulticast mode
[ 1777.227346][ T1372] __nla_validate_parse: 3 callbacks suppressed
[ 1777.227361][ T1372] netlink: 24 bytes leftover after parsing attributes in process `syz.1.17797'.
[ 1777.232226][ T1349] veth1_to_bond: entered allmulticast mode
[ 1777.253657][ T1349] veth0_to_team: entered allmulticast mode
[ 1777.260269][ T1349] veth1_to_team: entered allmulticast mode
[ 1777.266682][ T1349] veth0_to_batadv: entered allmulticast mode
[ 1777.272758][ T1349] batadv_slave_0: entered allmulticast mode
[ 1777.285964][ T1349] veth1_to_batadv: entered allmulticast mode
[ 1777.292095][ T1349] batadv_slave_1: entered allmulticast mode
[ 1777.298211][ T1349] xfrm0: entered allmulticast mode
[ 1777.303448][ T1349] veth0_to_hsr: entered allmulticast mode
[ 1777.309823][ T1349] hsr_slave_0: entered allmulticast mode
[ 1777.315783][ T1349] veth1_to_hsr: entered allmulticast mode
[ 1777.321607][ T1349] hsr_slave_1: entered allmulticast mode
[ 1777.327923][ T1349] hsr0: entered allmulticast mode
[ 1777.333107][ T1349] veth1_virt_wifi: entered allmulticast mode
[ 1777.339916][ T1349] veth0_virt_wifi: entered allmulticast mode
[ 1777.346448][ T1349] veth1_macvtap: entered allmulticast mode
[ 1777.352344][ T1349] veth0_macvtap: entered allmulticast mode
[ 1777.358383][ T1349] macvtap0: entered allmulticast mode
[ 1777.363904][ T1349] macsec0: entered allmulticast mode
[ 1777.369703][ T1349] geneve0: left promiscuous mode
[ 1777.375017][ T1349] mac80211_hwsim hwsim210 wlan1: entered allmulticast mode
[ 1777.382494][ T1349] mac80211_hwsim hwsim211 wlan2: entered allmulticast mode
[ 1777.390205][ T1349] veth0_to_hsr.3: entered allmulticast mode
[ 1777.396334][ T1349] ipvlan2: left promiscuous mode
[ 1777.401354][ T1349] mac80211_hwsim hwsim219 wlan3: entered allmulticast mode
[ 1777.409314][ T1349] bond1: entered allmulticast mode
[ 1777.414608][ T1349] bond2: entered allmulticast mode
[ 1777.419733][ T1349] vxlan0: entered allmulticast mode
[ 1777.425416][ T1349] vxlan0: left promiscuous mode
[ 1777.430501][ T1349] veth2: entered allmulticast mode
[ 1777.435914][ T1349] veth3: entered allmulticast mode
[ 1777.441164][ T1349] bond3: entered allmulticast mode
[ 1777.446985][ T1349] bond4: entered allmulticast mode
[ 1777.452209][ T1349] vlan2: left promiscuous mode
[ 1777.457093][ T1349] geneve1: left promiscuous mode
[ 1777.462612][ T1349] mac80211_hwsim hwsim226 wlan4: entered allmulticast mode
[ 1777.470286][ T1349] erspan1: entered allmulticast mode
[ 1777.475906][ T1349] bridge2: entered allmulticast mode
[ 1777.481355][ T1349] mac80211_hwsim hwsim231 wlan5: entered allmulticast mode
[ 1777.488971][ T1349] bond5: entered allmulticast mode
[ 1777.494299][ T1349] veth5: entered allmulticast mode
[ 1777.499771][ T1349] veth4: entered allmulticast mode
[ 1777.505408][ T1349] veth5: left promiscuous mode
[ 1777.510497][ T1349] mac80211_hwsim hwsim238 wlan6: entered allmulticast mode
[ 1777.518028][ T1349] ip6gre1: entered allmulticast mode
[ 1777.523558][ T1349] bond6: left promiscuous mode
[ 1777.528691][ T1349] bond6: entered allmulticast mode
[ 1777.534072][ T1349] bridge3: entered allmulticast mode
[ 1777.539594][ T1349] mac80211_hwsim hwsim246 wlan7: entered allmulticast mode
[ 1777.547733][ T1349] mac80211_hwsim hwsim253 wlan8: entered allmulticast mode
[ 1777.555374][ T1349] : entered allmulticast mode
[ 1777.560222][ T1349] mac80211_hwsim hwsim258 wlan9: entered allmulticast mode
[ 1777.568079][ T1349] mac80211_hwsim hwsim259 wlan10: entered allmulticast mode
[ 1777.575700][ T1349] mac80211_hwsim hwsim262 wlan11: entered allmulticast mode
[ 1777.583154][ T1349] bond9: entered allmulticast mode
[ 1777.588742][ T1349] netdevsim netdevsim0 eth0: entered allmulticast mode
[ 1777.595817][ T1349] netdevsim netdevsim0 eth1: entered allmulticast mode
[ 1777.602864][ T1349] netdevsim netdevsim0 eth2: entered allmulticast mode
[ 1777.610279][ T1349] netdevsim netdevsim0 eth3: entered allmulticast mode
[ 1777.617365][ T1349] mac80211_hwsim hwsim268 wlan12: entered allmulticast mode
[ 1777.625117][ T1349] mac80211_hwsim hwsim270 wlan13: entered allmulticast mode
[ 1777.632532][ T1349] ipvlan0: left promiscuous mode
[ 1777.637834][ T1349] bond10: left promiscuous mode
[ 1777.642736][ T1349] bridge6: left promiscuous mode
[ 1777.648808][ T1349] bond11: left promiscuous mode
[ 1777.653663][ T1349] bridge7: left promiscuous mode
[ 1777.659134][ T1349] mac80211_hwsim hwsim277 wlan0: entered allmulticast mode
[ 1777.666885][ T1349] mac80211_hwsim hwsim278 wlan14: entered allmulticast mode
[ 1777.674702][ T1349] bond12: left promiscuous mode
[ 1777.679570][ T1349] bond12: entered allmulticast mode
[ 1777.685216][ T1349] bond13: entered allmulticast mode
[ 1777.690435][ T1349] bridge8: entered allmulticast mode
[ 1777.696645][ T1349] vxlan1: entered allmulticast mode
[ 1777.706889][ T1349] vxlan2: entered allmulticast mode
[ 1777.714716][ T1349] bond14: entered allmulticast mode
[ 1777.721125][ T1349] geneve2: entered allmulticast mode
[ 1777.727283][ T1349] mac80211_hwsim hwsim302 wlan15: entered allmulticast mode
[ 1777.738856][ T1349] mac80211_hwsim hwsim303 wlan16: entered allmulticast mode
[ 1777.746847][ T1349] bond15: left promiscuous mode
[ 1777.751818][ T1349] bridge9: left promiscuous mode
[ 1777.760346][ T1349] bridge10: entered allmulticast mode
[ 1777.767632][ T1349] mac80211_hwsim hwsim312 wlan17: entered allmulticast mode
[ 1777.775248][ T1349] mac80211_hwsim hwsim314 wlan18: entered allmulticast mode
[ 1777.783026][ T1349] bond16: entered allmulticast mode
[ 1777.919477][T19086] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1777.933777][T19086] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1778.077504][T19086] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1778.131537][ T1130] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1778.171141][ T1388] netlink: 'syz.2.17802': attribute type 4 has an invalid length.
[ 1778.210673][T19086] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1778.289562][ T1130] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1778.360254][ T1130] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1778.375971][ T1401] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1778.381482][ T1130] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1778.438343][ T1403] netlink: 56 bytes leftover after parsing attributes in process `syz.4.17805'.
[ 1778.455055][ T1403] netlink: 19 bytes leftover after parsing attributes in process `syz.4.17805'.
[ 1778.467892][ T1403] netlink: 19 bytes leftover after parsing attributes in process `syz.4.17805'.
[ 1778.691785][ T1415] netlink: 'syz.0.17807': attribute type 4 has an invalid length.
[ 1778.871828][ T1422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17808'.
[ 1779.053673][ T1130] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1779.230304][ T1130] 8021q: adding VLAN 0 to HW filter on device team0
[ 1779.255376][ T1433] netlink: 'syz.1.17810': attribute type 1 has an invalid length.
[ 1779.260722][ T1429] netlink: 32 bytes leftover after parsing attributes in process `syz.0.17809'.
[ 1779.323021][ T1435] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17810'.
[ 1779.351608][ T1433] bond16: entered promiscuous mode
[ 1779.368619][ T1433] 8021q: adding VLAN 0 to HW filter on device bond16
[ 1779.437742][ T1435] bond16: entered allmulticast mode
[ 1779.478770][T19076] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1779.486071][T19076] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1779.524915][T19076] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1779.532104][T19076] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1779.574566][ T1433] bond16: (slave bridge12): making interface the new active one
[ 1779.582311][ T1433] bridge12: entered promiscuous mode
[ 1779.588413][ T1433] bridge12: entered allmulticast mode
[ 1779.597873][ T1433] bond16: (slave bridge12): Enslaving as an active interface with an up link
[ 1779.999292][ T1458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17815'.
[ 1780.009582][ T1462] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1780.088844][ T1465] netlink: 'syz.0.17818': attribute type 4 has an invalid length.
[ 1780.207487][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1780.270535][ T1478] netlink: 'syz.0.17822': attribute type 1 has an invalid length.
[ 1780.274436][ T1477] xt_recent: hitcount (262143) is larger than allowed maximum (65535)
[ 1780.327853][ T1478] bond18: entered promiscuous mode
[ 1780.333556][ T1478] 8021q: adding VLAN 0 to HW filter on device bond18
[ 1780.384490][ T1478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.17822'.
[ 1780.426606][ T1130] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1780.458070][ T1478] bond18: entered allmulticast mode
[ 1780.502144][ T1480] bond18: (slave bridge11): making interface the new active one
[ 1780.512423][ T1480] bridge11: entered promiscuous mode
[ 1780.518628][ T1480] bridge11: entered allmulticast mode
[ 1780.532052][ T1480] bond18: (slave bridge11): Enslaving as an active interface with an up link
[ 1780.697206][ T1130] veth0_vlan: entered promiscuous mode
[ 1780.733469][ T1130] veth1_vlan: entered promiscuous mode
[ 1780.824984][ T1485] lo speed is unknown, defaulting to 1000
[ 1780.835156][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1780.878793][ T1130] veth0_macvtap: entered promiscuous mode
[ 1780.911664][ T1130] veth1_macvtap: entered promiscuous mode
[ 1780.938665][ T1485] gre0 speed is unknown, defaulting to 1000
[ 1780.971304][ T1130] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1780.990620][ T1130] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1781.054204][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1781.105659][T19088] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.124912][T19088] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.133661][T19088] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.200200][T19088] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1781.404523][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1781.422831][ T1117] hsr_slave_0: left promiscuous mode
[ 1781.436486][ T1117] hsr_slave_1: left promiscuous mode
[ 1781.500919][ T1117] pim6reg (unregistering): left allmulticast mode
[ 1781.646102][ T1504] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1781.810798][ T1509] netlink: 'syz.2.17831': attribute type 4 has an invalid length.
[ 1781.982664][ T1486] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17824'.
[ 1782.193119][ T1516] netlink: 'syz.4.17833': attribute type 1 has an invalid length.
[ 1782.292483][ T1522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17833'.
[ 1782.303421][ T1516] bond16: entered promiscuous mode
[ 1782.312869][ T1516] 8021q: adding VLAN 0 to HW filter on device bond16
[ 1782.411912][ T1516] bond16: (slave bridge12): making interface the new active one
[ 1782.419904][ T1516] bridge12: entered promiscuous mode
[ 1782.439834][ T1516] bond16: (slave bridge12): Enslaving as an active interface with an up link
[ 1782.474310][ T1522] bond16: entered allmulticast mode
[ 1782.479657][ T1522] bridge12: entered allmulticast mode
[ 1782.506660][T19086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1782.533706][T19086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1782.629364][ T1531] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17839'.
[ 1782.769021][ T1537] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1782.770496][ T1531] 8021q: adding VLAN 0 to HW filter on device bond17
[ 1782.842128][ T1117] IPVS: stop unused estimator thread 0...
[ 1782.867034][T19076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1782.876761][T19076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1783.010546][ T1526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17838'.
[ 1783.042582][ T1526] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17838'.
[ 1783.085535][ T1548] netlink: 'syz.4.17844': attribute type 4 has an invalid length.
[ 1783.114294][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1783.177757][ T1551] lo speed is unknown, defaulting to 1000
[ 1783.247563][ T1551] gre0 speed is unknown, defaulting to 1000
[ 1783.271737][ T1555] lo speed is unknown, defaulting to 1000
[ 1783.519677][ T1555] gre0 speed is unknown, defaulting to 1000
[ 1783.624454][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1783.816074][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1783.849928][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1783.860156][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1783.873918][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1783.887771][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1783.904991][ T1570] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1784.114780][ T1564] lo speed is unknown, defaulting to 1000
[ 1784.283025][ T1583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17851'.
[ 1784.422209][T24052] syz_tun (unregistering): left promiscuous mode
[ 1784.438639][T24052] bridge0: port 3(syz_tun) entered disabled state
[ 1784.445686][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1784.523417][ T1564] gre0 speed is unknown, defaulting to 1000
[ 1784.832231][ T1603] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1784.858062][ T1603] syzkaller1: entered promiscuous mode
[ 1784.863662][ T1603] syzkaller1: entered allmulticast mode
[ 1785.414376][ T1614] bridge0: port 3(syz_tun) entered blocking state
[ 1785.443801][ T1618] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17863'.
[ 1785.466045][ T1614] bridge0: port 3(syz_tun) entered disabled state
[ 1785.472999][ T1614] syz_tun: entered allmulticast mode
[ 1785.491081][ T1614] syz_tun: entered promiscuous mode
[ 1785.497936][ T1614] bridge0: port 3(syz_tun) entered blocking state
[ 1785.504518][ T1614] bridge0: port 3(syz_tun) entered forwarding state
[ 1785.811239][ T1564] chnl_net:caif_netlink_parms(): no params data found
[ 1785.964720][ T5829] Bluetooth: hci3: command tx timeout
[ 1786.068548][ T1638] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1786.077481][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1786.106459][ T1564] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1786.113673][ T1564] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1786.122198][ T1564] bridge_slave_0: entered allmulticast mode
[ 1786.130325][ T1564] bridge_slave_0: entered promiscuous mode
[ 1786.138134][ T1636] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1786.266795][ T1564] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1786.274446][ T1564] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1786.282815][ T1564] bridge_slave_1: entered allmulticast mode
[ 1786.297998][ T1564] bridge_slave_1: entered promiscuous mode
[ 1786.383588][ T1564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1786.396295][ T1653] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1786.415539][ T1564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1786.481083][ T1656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17874'.
[ 1786.513527][ T1564] team0: Port device team_slave_0 added
[ 1786.535602][ T1564] team0: Port device team_slave_1 added
[ 1786.609695][ T1564] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1786.617067][ T1666] netlink: 104 bytes leftover after parsing attributes in process `syz.2.17877'.
[ 1786.617093][ T1666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17877'.
[ 1786.633947][ T1564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1786.634581][ T1661] netlink: 24 bytes leftover after parsing attributes in process `syz.1.17875'.
[ 1786.672599][ T1564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1786.697464][ T1564] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1786.707111][ T1564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1786.739069][ T1564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1786.813271][ T1671] netlink: 'syz.3.17879': attribute type 1 has an invalid length.
[ 1786.849438][ T1564] hsr_slave_0: entered promiscuous mode
[ 1786.856445][ T1564] hsr_slave_1: entered promiscuous mode
[ 1786.863198][ T1564] debugfs: 'hsr0' already exists in 'hsr'
[ 1786.874059][ T1564] Cannot create hsr debugfs directory
[ 1787.132512][ T1684] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1787.191679][ T1689] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1787.539236][ T1710] __nla_validate_parse: 4 callbacks suppressed
[ 1787.539256][ T1710] netlink: 24 bytes leftover after parsing attributes in process `syz.2.17890'.
[ 1787.679387][ T1714] netlink: 'syz.3.17892': attribute type 13 has an invalid length.
[ 1787.687485][ T1714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17892'.
[ 1787.861581][ T1564] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1787.891392][ T1564] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1787.909300][ T1564] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1787.959950][ T1564] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1788.047814][ T5829] Bluetooth: hci3: command tx timeout
[ 1788.097772][ T1736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17898'.
[ 1788.484803][ T1747] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1788.643517][ T1564] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1788.667534][ T1754] FAULT_INJECTION: forcing a failure.
[ 1788.667534][ T1754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1788.704048][ T1564] 8021q: adding VLAN 0 to HW filter on device team0
[ 1788.711801][ T1754] CPU: 0 UID: 0 PID: 1754 Comm: syz.4.17903 Not tainted syzkaller #0 PREEMPT(full) 
[ 1788.711835][ T1754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1788.711847][ T1754] Call Trace:
[ 1788.711855][ T1754]  <TASK>
[ 1788.711863][ T1754]  dump_stack_lvl+0xe8/0x150
[ 1788.711895][ T1754]  should_fail_ex+0x412/0x560
[ 1788.711926][ T1754]  _copy_to_iter+0x589/0x17d0
[ 1788.711968][ T1754]  ? __pfx__copy_to_iter+0x10/0x10
[ 1788.711996][ T1754]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1788.712020][ T1754]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1788.712045][ T1754]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1788.712069][ T1754]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 1788.712101][ T1754]  __skb_datagram_iter+0xf8/0x980
[ 1788.712127][ T1754]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1788.712160][ T1754]  skb_copy_datagram_iter+0xb5/0x270
[ 1788.712190][ T1754]  netlink_recvmsg+0x2c3/0xa50
[ 1788.712211][ T1754]  ? __lock_acquire+0x6b5/0x2cf0
[ 1788.712241][ T1754]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1788.712267][ T1754]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1788.712295][ T1754]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1788.712316][ T1754]  ? security_socket_recvmsg+0x7e/0x2c0
[ 1788.712336][ T1754]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1788.712357][ T1754]  sock_recvmsg+0x172/0x1b0
[ 1788.712379][ T1754]  ____sys_recvmsg+0x1e6/0x4a0
[ 1788.712412][ T1754]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1788.712450][ T1754]  ? import_iovec+0x73/0xa0
[ 1788.712473][ T1754]  ___sys_recvmsg+0x215/0x590
[ 1788.712502][ T1754]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1788.712552][ T1754]  ? __fget_files+0x3a0/0x420
[ 1788.712589][ T1754]  do_recvmmsg+0x334/0x800
[ 1788.712621][ T1754]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1788.712654][ T1754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1788.712695][ T1754]  __x64_sys_recvmmsg+0x198/0x250
[ 1788.712721][ T1754]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1788.712753][ T1754]  do_syscall_64+0x14d/0xf80
[ 1788.712778][ T1754]  ? trace_irq_disable+0x3b/0x150
[ 1788.712794][ T1754]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1788.712819][ T1754]  ? clear_bhb_loop+0x40/0x90
[ 1788.712842][ T1754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1788.712860][ T1754] RIP: 0033:0x7f084539c819
[ 1788.712877][ T1754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1788.712893][ T1754] RSP: 002b:00007f08435f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1788.712913][ T1754] RAX: ffffffffffffffda RBX: 00007f0845615fa0 RCX: 00007f084539c819
[ 1788.712926][ T1754] RDX: 0000000000000001 RSI: 0000200000002b00 RDI: 0000000000000003
[ 1788.712938][ T1754] RBP: 00007f08435f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1788.712950][ T1754] R10: 0000000000000102 R11: 0000000000000246 R12: 0000000000000001
[ 1788.712961][ T1754] R13: 00007f0845616038 R14: 00007f0845615fa0 R15: 00007ffff957a578
[ 1788.712990][ T1754]  </TASK>
[ 1789.003543][T19086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1789.010747][T19086] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1789.024589][T19086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1789.031819][T19086] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1789.067748][ T1564] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1789.078349][ T1564] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1789.259326][ T1763] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17908'.
[ 1789.313565][ T1763] netlink: 64 bytes leftover after parsing attributes in process `syz.4.17908'.
[ 1789.363804][ T1770] netlink: 'syz.3.17909': attribute type 29 has an invalid length.
[ 1789.373234][ T1770] netlink: 'syz.3.17909': attribute type 29 has an invalid length.
[ 1789.382195][ T1770] netlink: 500 bytes leftover after parsing attributes in process `syz.3.17909'.
[ 1789.396239][ T1772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17910'.
[ 1789.511177][ T1564] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1789.601663][ T1564] veth0_vlan: entered promiscuous mode
[ 1789.607880][ T1782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17913'.
[ 1789.641344][ T1564] veth1_vlan: entered promiscuous mode
[ 1789.723418][ T1564] veth0_macvtap: entered promiscuous mode
[ 1789.750398][ T1564] veth1_macvtap: entered promiscuous mode
[ 1789.792834][ T1564] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1789.827468][ T1564] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1789.844666][ T8041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1789.879764][T19086] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1789.890790][T19086] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1789.925703][T19086] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1790.125555][ T5829] Bluetooth: hci3: command tx timeout
[ 1790.161441][ T1804] net_ratelimit: 1 callbacks suppressed
[ 1790.161460][ T1804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1790.190879][T19086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1790.202162][ T1804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1790.217001][ T1804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1790.220814][T19086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1790.226142][ T1804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1790.242681][ T1804] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1790.258843][ T1807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17921'.
[ 1790.288562][ T8041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1790.302269][ T8041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1790.363854][ T1813] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17923'.
[ 1790.525999][ T1826] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[ 1790.726301][ T1835] bridge0: entered promiscuous mode
[ 1790.731655][ T1835] vlan2: entered promiscuous mode
[ 1790.935122][ T5144] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1790.946042][ T5144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1790.957816][ T5144] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1790.966920][ T5144] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1790.979845][ T5144] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1791.048392][ T1808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1791.107108][ T1847] lo speed is unknown, defaulting to 1000
[ 1791.139399][ T1847] gre0 speed is unknown, defaulting to 1000
[ 1791.145398][ T1841] lo speed is unknown, defaulting to 1000
[ 1791.377879][T23623] syz_tun (unregistering): left allmulticast mode
[ 1791.386945][T23623] syz_tun (unregistering): left promiscuous mode
[ 1791.401324][T23623] bridge0: port 3(syz_tun) entered disabled state
[ 1791.752442][ T1877] FAULT_INJECTION: forcing a failure.
[ 1791.752442][ T1877] name failslab, interval 1, probability 0, space 0, times 0
[ 1791.769060][ T1877] CPU: 0 UID: 0 PID: 1877 Comm: syz.0.17940 Not tainted syzkaller #0 PREEMPT(full) 
[ 1791.769085][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1791.769097][ T1877] Call Trace:
[ 1791.769105][ T1877]  <TASK>
[ 1791.769114][ T1877]  dump_stack_lvl+0xe8/0x150
[ 1791.769143][ T1877]  should_fail_ex+0x412/0x560
[ 1791.769175][ T1877]  should_failslab+0xa8/0x100
[ 1791.769199][ T1877]  ? dst_alloc+0x105/0x170
[ 1791.769225][ T1877]  kmem_cache_alloc_noprof+0x87/0x650
[ 1791.769260][ T1877]  dst_alloc+0x105/0x170
[ 1791.769289][ T1877]  ipv4_blackhole_route+0x32/0x680
[ 1791.769318][ T1877]  xfrm_lookup_route+0xd7/0x1c0
[ 1791.769347][ T1877]  udp_sendmsg+0x141a/0x21a0
[ 1791.769369][ T1877]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1791.769408][ T1877]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1791.769446][ T1877]  ? aa_sk_perm+0x6d5/0x900
[ 1791.769475][ T1877]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1791.769497][ T1877]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 1791.769527][ T1877]  ? count_memcg_event_mm+0x21/0x260
[ 1791.769549][ T1877]  ? sock_rps_record_flow+0x19/0x350
[ 1791.769573][ T1877]  ? inet_sendmsg+0x29c/0x370
[ 1791.769594][ T1877]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1791.769615][ T1877]  ____sys_sendmsg+0x80a/0x9f0
[ 1791.769644][ T1877]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1791.769674][ T1877]  ? import_iovec+0x73/0xa0
[ 1791.769697][ T1877]  ___sys_sendmsg+0x2a5/0x360
[ 1791.769727][ T1877]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1791.769771][ T1877]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1791.769823][ T1877]  __sys_sendmmsg+0x27c/0x4e0
[ 1791.769852][ T1877]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1791.769874][ T1877]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1791.769926][ T1877]  ? ksys_write+0x242/0x270
[ 1791.769949][ T1877]  ? __pfx_ksys_write+0x10/0x10
[ 1791.769977][ T1877]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1791.770002][ T1877]  do_syscall_64+0x14d/0xf80
[ 1791.770027][ T1877]  ? trace_irq_disable+0x3b/0x150
[ 1791.770043][ T1877]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1791.770066][ T1877]  ? clear_bhb_loop+0x40/0x90
[ 1791.770088][ T1877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1791.770107][ T1877] RIP: 0033:0x7f0aadb9c819
[ 1791.770125][ T1877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1791.770141][ T1877] RSP: 002b:00007f0aaea0a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1791.770162][ T1877] RAX: ffffffffffffffda RBX: 00007f0aade15fa0 RCX: 00007f0aadb9c819
[ 1791.770176][ T1877] RDX: 07fffffffffffd33 RSI: 0000200000004d00 RDI: 0000000000000003
[ 1791.770188][ T1877] RBP: 00007f0aaea0a090 R08: 0000000000000000 R09: 0000000000000000
[ 1791.770198][ T1877] R10: 0000000020000890 R11: 0000000000000246 R12: 0000000000000002
[ 1791.770208][ T1877] R13: 00007f0aade16038 R14: 00007f0aade15fa0 R15: 00007ffc1f9e02b8
[ 1791.770242][ T1877]  </TASK>
[ 1792.113344][ T1881] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1792.133170][ T1841] gre0 speed is unknown, defaulting to 1000
[ 1792.207126][ T5829] Bluetooth: hci3: command tx timeout
[ 1792.225681][ T1887] ipt_REJECT: ECHOREPLY no longer supported.
[ 1792.370538][ T1894] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1792.451775][ T1894] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2)
[ 1793.018292][ T1841] chnl_net:caif_netlink_parms(): no params data found
[ 1793.036357][ T1916] __nla_validate_parse: 4 callbacks suppressed
[ 1793.036375][ T1916] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17950'.
[ 1793.061392][ T1002] bridge_slave_1: left allmulticast mode
[ 1793.067727][ T1002] bridge_slave_1: left promiscuous mode
[ 1793.077256][ T1002] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1793.084209][ T5829] Bluetooth: hci0: command tx timeout
[ 1793.094446][ T1002] bridge_slave_0: left allmulticast mode
[ 1793.100305][ T1002] bridge_slave_0: left promiscuous mode
[ 1793.106475][ T1002] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1793.287109][ T1002] bond4: left allmulticast mode
[ 1793.292084][ T1002] bond4: left promiscuous mode
[ 1793.297736][ T1002] bridge6: port 1(bond4) entered disabled state
[ 1793.308479][ T1002] bond5: left allmulticast mode
[ 1793.313337][ T1002] bond5: left promiscuous mode
[ 1793.328229][ T1002] bridge8: port 1(bond5) entered disabled state
[ 1793.339918][ T1002] bond11: left allmulticast mode
[ 1793.345888][ T1002] bond11: left promiscuous mode
[ 1793.350886][ T1002] bridge11: port 1(bond11) entered disabled state
[ 1793.360196][ T1002] bond12: left allmulticast mode
[ 1793.365371][ T1002] bond12: left promiscuous mode
[ 1793.370387][ T1002] bridge12: port 1(bond12) entered disabled state
[ 1793.552736][ T1002] bond7 (unregistering): (slave gretap3): Releasing active interface
[ 1793.564094][ T1002] gretap3 (unregistering): left promiscuous mode
[ 1793.576558][T11414] smc: removing ib device syz1
[ 1793.645881][   T11] block nbd1: Possible stuck request ffff88809dc70000: control (read@0,1024B). Runtime 300 seconds
[ 1793.657343][   T11] block nbd1: Possible stuck request ffff88809dc70200: control (read@1024,1024B). Runtime 300 seconds
[ 1793.668969][   T11] block nbd1: Possible stuck request ffff88809dc70400: control (read@2048,1024B). Runtime 300 seconds
[ 1793.680097][   T11] block nbd1: Possible stuck request ffff88809dc70600: control (read@3072,1024B). Runtime 300 seconds
[ 1793.696870][ T1002] bond8 (unregistering): (slave vxlan0): Releasing active interface
[ 1793.926412][ T1002] bond1 (unregistering): (slave bridge2): Releasing backup interface
[ 1793.940950][ T1002] bridge2 (unregistering): left promiscuous mode
[ 1793.948606][ T1002] bridge2 (unregistering): left allmulticast mode
[ 1794.582552][ T1002] bond10 (unregistering): (slave bridge10): Releasing backup interface
[ 1794.591038][ T1002] bridge10 (unregistering): left promiscuous mode
[ 1794.597857][ T1002] bridge10 (unregistering): left allmulticast mode
[ 1794.837696][ T1002] bond13 (unregistering): (slave bridge13): Releasing backup interface
[ 1794.847210][ T1002] bridge13 (unregistering): left promiscuous mode
[ 1794.925485][ T1002] bond0 (unregistering): (slave bridge14): Releasing backup interface
[ 1794.938262][ T1002] bridge14 (unregistering): left promiscuous mode
[ 1795.094592][ T1002] bond1 (unregistering): Released all slaves
[ 1795.135335][ T1002] bond2 (unregistering): Released all slaves
[ 1795.171849][ T5829] Bluetooth: hci0: command tx timeout
[ 1795.183430][ T1002] bond3 (unregistering): Released all slaves
[ 1795.242406][ T1002] bond4 (unregistering): Released all slaves
[ 1795.308555][ T1002] bond5 (unregistering): Released all slaves
[ 1795.341168][ T1002] bond6 (unregistering): Released all slaves
[ 1795.371644][ T1002] bond7 (unregistering): (slave veth3): Releasing active interface
[ 1795.380874][ T1002] bond7 (unregistering): Released all slaves
[ 1795.395622][ T1002] bond8 (unregistering): Released all slaves
[ 1795.411884][ T1002] bond9 (unregistering): Released all slaves
[ 1795.433901][ T1002] bond10 (unregistering): Released all slaves
[ 1795.446456][ T1002] bond11 (unregistering): Released all slaves
[ 1795.459842][ T1002] bond12 (unregistering): Released all slaves
[ 1795.472513][ T1002] bond13 (unregistering): Released all slaves
[ 1795.488725][ T1002] bond14 (unregistering): (slave veth5): Releasing backup interface
[ 1795.509093][ T1002] bond14 (unregistering): Released all slaves
[ 1795.522628][ T1002] bond15 (unregistering): Released all slaves
[ 1795.535635][ T1002] bond0 (unregistering): Released all slaves
[ 1795.550937][ T1002] bond16 (unregistering): Released all slaves
[ 1795.598815][ T1921] netlink: 16 bytes leftover after parsing attributes in process `syz.4.17952'.
[ 1795.725926][ T1925] bond_slave_0: left allmulticast mode
[ 1795.746296][ T1925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17953'.
[ 1795.756802][ T1925] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 1795.842415][ T1002] tipc: Left network mode
[ 1795.859539][ T1933] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1795.940010][ T1935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17956'.
[ 1795.949270][ T1935] netlink: 24 bytes leftover after parsing attributes in process `syz.3.17956'.
[ 1795.971088][ T1935] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma?
[ 1796.025666][ T1941] netlink: 68 bytes leftover after parsing attributes in process `syz.1.17957'.
[ 1796.084846][ T1841] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1796.113295][ T1841] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1796.141561][ T1841] bridge_slave_0: entered allmulticast mode
[ 1796.152311][ T1841] bridge_slave_0: entered promiscuous mode
[ 1796.176016][ T1933] syzkaller0: entered promiscuous mode
[ 1796.182768][ T1933] syzkaller0: entered allmulticast mode
[ 1796.247812][ T1841] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1796.255069][ T1954] netlink: 424 bytes leftover after parsing attributes in process `syz.3.17959'.
[ 1796.277353][ T1841] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1796.289486][ T1954] netlink: 'syz.3.17959': attribute type 1 has an invalid length.
[ 1796.302932][ T1841] bridge_slave_1: entered allmulticast mode
[ 1796.338460][ T1841] bridge_slave_1: entered promiscuous mode
[ 1796.349445][ T1942] syzkaller1: entered promiscuous mode
[ 1796.355374][ T1942] syzkaller1: entered allmulticast mode
[ 1796.618422][ T1841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1796.669292][ T1841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1796.828587][ T1841] team0: Port device team_slave_0 added
[ 1796.853505][ T1841] team0: Port device team_slave_1 added
[ 1797.011570][ T1993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17969'.
[ 1797.227608][ T1841] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1797.244057][ T5829] Bluetooth: hci0: command tx timeout
[ 1797.244918][ T1841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1797.262385][ T2000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.17970'.
[ 1797.297322][ T1841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1797.362439][ T2000] vlan2: entered promiscuous mode
[ 1797.369130][ T2000] batadv0: entered promiscuous mode
[ 1797.476484][ T1841] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1797.494577][ T1841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1797.540026][ T1841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1797.704655][ T2023] netlink: zone id is out of range
[ 1797.710070][ T2023] netlink: zone id is out of range
[ 1797.717533][ T2023] netlink: zone id is out of range
[ 1797.729499][ T2023] netlink: zone id is out of range
[ 1797.756334][ T1841] hsr_slave_0: entered promiscuous mode
[ 1797.766202][ T2023] netlink: zone id is out of range
[ 1797.772224][ T2023] netlink: zone id is out of range
[ 1797.777791][ T2023] netlink: zone id is out of range
[ 1797.794851][ T2023] netlink: zone id is out of range
[ 1797.806952][ T2023] netlink: zone id is out of range
[ 1797.830916][ T1841] hsr_slave_1: entered promiscuous mode
[ 1797.845050][ T1841] debugfs: 'hsr0' already exists in 'hsr'
[ 1797.850815][ T1841] Cannot create hsr debugfs directory
[ 1797.875969][ T2037] IPVS: set_ctl: invalid protocol: 137 172.20.20.170:20002
[ 1797.902679][ T2014] lo speed is unknown, defaulting to 1000
[ 1798.220159][ T2045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.17978'.
[ 1798.279710][ T2048] netlink: 'syz.0.17979': attribute type 4 has an invalid length.
[ 1798.304350][ T2045] FAULT_INJECTION: forcing a failure.
[ 1798.304350][ T2045] name failslab, interval 1, probability 0, space 0, times 0
[ 1798.341996][ T2045] CPU: 0 UID: 0 PID: 2045 Comm: syz.1.17978 Not tainted syzkaller #0 PREEMPT(full) 
[ 1798.342031][ T2045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1798.342041][ T2045] Call Trace:
[ 1798.342049][ T2045]  <TASK>
[ 1798.342058][ T2045]  dump_stack_lvl+0xe8/0x150
[ 1798.342089][ T2045]  should_fail_ex+0x412/0x560
[ 1798.342117][ T2045]  ? __d_alloc+0x37/0x6f0
[ 1798.342136][ T2045]  should_failslab+0xa8/0x100
[ 1798.342162][ T2045]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 1798.342191][ T2045]  __d_alloc+0x37/0x6f0
[ 1798.342217][ T2045]  d_alloc+0x4b/0x190
[ 1798.342233][ T2045]  ? lookup_one_qstr_excl+0xc8/0x360
[ 1798.342261][ T2045]  lookup_one_qstr_excl+0xdc/0x360
[ 1798.342285][ T2045]  ? lookup_noperm_common+0x245/0x430
[ 1798.342313][ T2045]  start_dirop+0x5c/0x90
[ 1798.342341][ T2045]  simple_start_creating+0xcc/0x110
[ 1798.342360][ T2045]  ? __pfx_simple_start_creating+0x10/0x10
[ 1798.342379][ T2045]  ? do_raw_spin_unlock+0xf5/0x210
[ 1798.342400][ T2045]  ? mntput+0x65/0xc0
[ 1798.342427][ T2045]  debugfs_start_creating+0xdb/0x1a0
[ 1798.342449][ T2045]  __debugfs_create_file+0x6f/0x400
[ 1798.342473][ T2045]  debugfs_create_file_full+0x3f/0x60
[ 1798.342497][ T2045]  ref_tracker_dir_debugfs+0x197/0x360
[ 1798.342522][ T2045]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 1798.342568][ T2045]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 1798.342590][ T2045]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 1798.342620][ T2045]  ? __raw_spin_lock_init+0x45/0x100
[ 1798.342643][ T2045]  alloc_netdev_mqs+0x272/0x11b0
[ 1798.342667][ T2045]  ? __pfx_vlan_setup+0x10/0x10
[ 1798.342693][ T2045]  rtnl_create_link+0x31f/0xd70
[ 1798.342726][ T2045]  rtnl_newlink_create+0x277/0xb70
[ 1798.342754][ T2045]  ? __mutex_lock+0x5ac/0x1300
[ 1798.342783][ T2045]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1798.342806][ T2045]  ? __pfx___mutex_lock+0x10/0x10
[ 1798.342843][ T2045]  ? ns_capable+0x89/0xe0
[ 1798.342871][ T2045]  rtnl_newlink+0x1666/0x1be0
[ 1798.342907][ T2045]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1798.342925][ T2045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.342983][ T2045]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1798.343006][ T2045]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1798.343043][ T2045]  ? kmem_cache_free+0x187/0x630
[ 1798.343063][ T2045]  ? nlmon_xmit+0xb0/0x100
[ 1798.343099][ T2045]  ? __lock_acquire+0x6b5/0x2cf0
[ 1798.343129][ T2045]  ? __local_bh_enable_ip+0xd0/0x130
[ 1798.343152][ T2045]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1798.343176][ T2045]  ? __dev_queue_xmit+0x28b/0x3870
[ 1798.343200][ T2045]  ? __local_bh_enable_ip+0xd0/0x130
[ 1798.343250][ T2045]  ? __dev_queue_xmit+0x28b/0x3870
[ 1798.343300][ T2045]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1798.343320][ T2045]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1798.343344][ T2045]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1798.343364][ T2045]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1798.343382][ T2045]  ? ref_tracker_free+0x693/0x840
[ 1798.343410][ T2045]  ? __copy_skb_header+0xa3/0x4a0
[ 1798.343435][ T2045]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1798.343463][ T2045]  netlink_rcv_skb+0x232/0x4b0
[ 1798.343484][ T2045]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1798.343505][ T2045]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1798.343537][ T2045]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1798.343566][ T2045]  netlink_unicast+0x80f/0x9b0
[ 1798.343643][ T2045]  ? __pfx_netlink_unicast+0x10/0x10
[ 1798.343675][ T2045]  ? netlink_sendmsg+0x650/0xb40
[ 1798.343693][ T2045]  ? skb_put+0x11b/0x210
[ 1798.343718][ T2045]  netlink_sendmsg+0x813/0xb40
[ 1798.343746][ T2045]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1798.343770][ T2045]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1798.343798][ T2045]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1798.343822][ T2045]  ____sys_sendmsg+0x972/0x9f0
[ 1798.343855][ T2045]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1798.343883][ T2045]  ? import_iovec+0x73/0xa0
[ 1798.343904][ T2045]  ___sys_sendmsg+0x2a5/0x360
[ 1798.343940][ T2045]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1798.343993][ T2045]  ? __fget_files+0x2a/0x420
[ 1798.344016][ T2045]  ? __fget_files+0x3a0/0x420
[ 1798.344057][ T2045]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1798.344089][ T2045]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1798.344121][ T2045]  ? __pfx_ksys_write+0x10/0x10
[ 1798.344154][ T2045]  do_syscall_64+0x14d/0xf80
[ 1798.344179][ T2045]  ? trace_irq_disable+0x3b/0x150
[ 1798.344196][ T2045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.344215][ T2045]  ? clear_bhb_loop+0x40/0x90
[ 1798.344238][ T2045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.344256][ T2045] RIP: 0033:0x7f17e0d9c819
[ 1798.344274][ T2045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1798.344290][ T2045] RSP: 002b:00007f17e1ba4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1798.344310][ T2045] RAX: ffffffffffffffda RBX: 00007f17e1015fa0 RCX: 00007f17e0d9c819
[ 1798.344323][ T2045] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000015
[ 1798.344335][ T2045] RBP: 00007f17e1ba4090 R08: 0000000000000000 R09: 0000000000000000
[ 1798.344347][ T2045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1798.344358][ T2045] R13: 00007f17e1016038 R14: 00007f17e1015fa0 R15: 00007ffe4e8795a8
[ 1798.344389][ T2045]  </TASK>
[ 1799.324599][ T5829] Bluetooth: hci0: command tx timeout
[ 1800.189536][ T1841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1800.199377][ T2098] netlink: 44 bytes leftover after parsing attributes in process `syz.3.17988'.
[ 1800.252643][ T2095] vlan2: entered promiscuous mode
[ 1800.341839][ T1841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1800.460763][ T2106] bridge0: entered promiscuous mode
[ 1800.478214][ T2106] vlan2: entered promiscuous mode
[ 1800.503707][ T1841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1800.548333][ T2113] ipt_REJECT: ECHOREPLY no longer supported.
[ 1800.568074][ T1841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1800.575456][ T2111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.17993'.
[ 1800.648124][ T2111] netlink: 28 bytes leftover after parsing attributes in process `syz.0.17993'.
[ 1800.930292][ T2137] ipt_REJECT: ECHOREPLY no longer supported.
[ 1801.009763][ T2137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17994'.
[ 1801.044334][ T2137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17994'.
[ 1801.517920][ T1002] hsr_slave_0: left promiscuous mode
[ 1801.540311][ T1002] hsr_slave_1: left promiscuous mode
[ 1801.554944][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1801.571285][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1801.610626][ T1002] pim6reg (unregistering): left allmulticast mode
[ 1801.911485][ T1002] ` (unregistering): Port device team_slave_1 removed
[ 1801.933733][ T1002] ` (unregistering): Port device team_slave_0 removed
[ 1802.039553][ T2186] netlink: 80 bytes leftover after parsing attributes in process `syz.3.18002'.
[ 1802.267111][ T1841] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1802.303922][ T1841] 8021q: adding VLAN 0 to HW filter on device team0
[ 1802.372892][   T84] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1802.380127][   T84] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1802.409734][ T2197] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.18003'.
[ 1802.434484][ T2197] net_ratelimit: 99 callbacks suppressed
[ 1802.434504][ T2197] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2)
[ 1802.465690][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1802.472883][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1802.912624][ T1002] IPVS: stop unused estimator thread 0...
[ 1803.059495][ T1841] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1803.141171][ T1841] veth0_vlan: entered promiscuous mode
[ 1803.154554][ T1841] veth1_vlan: entered promiscuous mode
[ 1803.192904][ T1841] veth0_macvtap: entered promiscuous mode
[ 1803.202460][ T1841] veth1_macvtap: entered promiscuous mode
[ 1803.220584][ T1841] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1803.240302][ T1841] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1803.260613][ T1117] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1803.270189][ T1117] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1803.281666][ T1117] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1803.292822][ T1117] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1804.461067][ T2162] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1804.624546][T19086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1804.632571][T19086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1804.721396][ T2231] ipvlan2: entered promiscuous mode
[ 1804.727358][ T2231] ipvlan2: entered allmulticast mode
[ 1804.732787][ T2231] gretap0: entered allmulticast mode
[ 1804.740783][ T2231] team0: Device ipvlan2 is up. Set it down before adding it as a team port
[ 1804.801134][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1804.833397][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1804.970437][ T2247] netlink: 68 bytes leftover after parsing attributes in process `syz.3.18018'.
[ 1805.030934][ T2248] netlink: 'syz.2.17927': attribute type 4 has an invalid length.
[ 1805.436588][ T5144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1805.447271][ T5144] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1805.465210][ T5144] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1805.473248][ T5144] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1805.481421][ T5144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1805.713694][ T2263] lo speed is unknown, defaulting to 1000
[ 1805.972527][T24783] bridge0: port 1(syz_tun) entered disabled state
[ 1806.012626][T24783] syz_tun (unregistering): left allmulticast mode
[ 1806.020528][T24783] syz_tun (unregistering): left promiscuous mode
[ 1806.027936][T24783] bridge0: port 1(syz_tun) entered disabled state
[ 1806.295615][ T2263] chnl_net:caif_netlink_parms(): no params data found
[ 1806.472496][ T2263] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1806.483405][ T2280] netlink: 'syz.3.18024': attribute type 1 has an invalid length.
[ 1806.492575][ T2263] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1806.503357][ T2263] bridge_slave_0: entered allmulticast mode
[ 1806.512922][ T2263] bridge_slave_0: entered promiscuous mode
[ 1806.539770][ T2280] bond1: entered promiscuous mode
[ 1806.548761][ T2280] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1806.549194][ T2284] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18024'.
[ 1806.567016][ T2263] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1806.574249][ T2263] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1806.581514][ T2263] bridge_slave_1: entered allmulticast mode
[ 1806.590761][ T2263] bridge_slave_1: entered promiscuous mode
[ 1806.597649][ T2284] bond1: entered allmulticast mode
[ 1806.634813][ T2263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1806.649610][ T2263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1806.694909][ T2263] team0: Port device team_slave_0 added
[ 1806.700765][ T2288] syzkaller1: entered promiscuous mode
[ 1806.706751][ T2288] syzkaller1: entered allmulticast mode
[ 1806.716552][ T2263] team0: Port device team_slave_1 added
[ 1806.762756][ T2263] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1806.771023][ T2263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1806.808859][ T2263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1806.822846][ T2263] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1806.829977][ T2263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1806.857548][ T2263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1806.885837][ T2291] syzkaller1: entered promiscuous mode
[ 1806.891501][ T2291] syzkaller1: entered allmulticast mode
[ 1806.925578][ T2263] hsr_slave_0: entered promiscuous mode
[ 1806.931920][ T2263] hsr_slave_1: entered promiscuous mode
[ 1806.938525][ T2263] debugfs: 'hsr0' already exists in 'hsr'
[ 1806.944549][ T2263] Cannot create hsr debugfs directory
[ 1806.954930][ T2292] netlink: 40 bytes leftover after parsing attributes in process `syz.3.18027'.
[ 1806.974565][ T2292] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18027'.
[ 1807.565057][ T5829] Bluetooth: hci4: command tx timeout
[ 1807.917077][ T2302] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1807.976776][ T2304] pim6reg: entered allmulticast mode
[ 1807.983536][ T2304] netlink: 32 bytes leftover after parsing attributes in process `syz.3.18032'.
[ 1808.022380][ T2306] netlink: 56 bytes leftover after parsing attributes in process `syz.3.18033'.
[ 1808.101046][ T2310] netlink: 'syz.3.18035': attribute type 1 has an invalid length.
[ 1808.121837][ T2310] bond2: entered promiscuous mode
[ 1808.129069][ T2310] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1808.149527][ T2310] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18035'.
[ 1808.159187][ T2310] bond2: entered allmulticast mode
[ 1808.208223][ T2313] dummy0: entered promiscuous mode
[ 1808.213503][ T2313] vlan2: entered promiscuous mode
[ 1808.290073][ T2257] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1808.313041][ T2263] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1808.363606][ T2263] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1808.463432][ T2263] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1808.506381][ T2263] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1808.559942][ T2318] lo speed is unknown, defaulting to 1000
[ 1809.316537][ T2353] bridge0: port 3(syz_tun) entered disabled state
[ 1809.341751][ T2353] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1809.349578][ T2353] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1809.646052][ T5829] Bluetooth: hci4: command tx timeout
[ 1809.686767][ T2353] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1809.748156][ T2353] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1810.311142][   T84] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1810.339356][   T84] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1810.380774][   T84] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1810.405194][   T84] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1810.449588][ T2373] lo speed is unknown, defaulting to 1000
[ 1810.471138][ T2377] lo speed is unknown, defaulting to 1000
[ 1810.556032][ T2263] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1810.733937][ T2263] 8021q: adding VLAN 0 to HW filter on device team0
[ 1810.774445][T19086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1810.781805][T19086] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1810.802793][T19086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1810.810158][T19086] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1811.069991][ T2263] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1811.128640][ T2263] veth0_vlan: entered promiscuous mode
[ 1811.143101][ T2263] veth1_vlan: entered promiscuous mode
[ 1811.179024][ T2263] veth0_macvtap: entered promiscuous mode
[ 1811.190559][ T2263] veth1_macvtap: entered promiscuous mode
[ 1811.213802][ T2263] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1811.229784][ T2263] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1811.250500][ T8041] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.259773][ T8041] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.272135][ T8041] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.281844][ T8041] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1811.299439][ T2411] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1811.307869][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1811.334397][ T2411] netlink: 'syz.4.18056': attribute type 33 has an invalid length.
[ 1811.344186][ T2411] netlink: 152 bytes leftover after parsing attributes in process `syz.4.18056'.
[ 1811.724535][ T5829] Bluetooth: hci4: command tx timeout
[ 1812.724983][ T2364] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1812.896515][T25745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1812.920977][T25745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1812.968077][ T2428] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1813.020172][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1813.043864][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1813.176549][ T2436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18063'.
[ 1813.222187][ T2436] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1813.250277][ T2436] netlink: 20 bytes leftover after parsing attributes in process `syz.0.18063'.
[ 1813.289029][ T2436] vxlan0: entered promiscuous mode
[ 1813.308379][ T2436] bond1: (slave vxlan0): Enslaving as an active interface with an up link
[ 1813.334997][ T2453] netlink: 44 bytes leftover after parsing attributes in process `syz.2.18065'.
[ 1813.354695][T25745] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1813.375917][T25745] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1813.396772][T25745] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1813.407407][T25745] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1813.465406][ T2423] lo: entered allmulticast mode
[ 1813.492395][ T2423] lo: left allmulticast mode
[ 1813.509390][ T2423] netlink: 36 bytes leftover after parsing attributes in process `syz.4.18058'.
[ 1813.531852][ T2465] netlink: 'syz.1.18067': attribute type 4 has an invalid length.
[ 1813.814315][ T5829] Bluetooth: hci4: command tx timeout
[ 1813.847145][ T2483] FAULT_INJECTION: forcing a failure.
[ 1813.847145][ T2483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1813.860641][ T2483] CPU: 1 UID: 0 PID: 2483 Comm: syz.2.18070 Not tainted syzkaller #0 PREEMPT(full) 
[ 1813.860665][ T2483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1813.860677][ T2483] Call Trace:
[ 1813.860685][ T2483]  <TASK>
[ 1813.860693][ T2483]  dump_stack_lvl+0xe8/0x150
[ 1813.860723][ T2483]  should_fail_ex+0x412/0x560
[ 1813.860755][ T2483]  _copy_from_user+0x2d/0xb0
[ 1813.860774][ T2483]  ___sys_sendmsg+0x1c6/0x360
[ 1813.860800][ T2483]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1813.860839][ T2483]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1813.860887][ T2483]  __sys_sendmmsg+0x27c/0x4e0
[ 1813.860915][ T2483]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1813.860938][ T2483]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1813.860988][ T2483]  ? ksys_write+0x242/0x270
[ 1813.861010][ T2483]  ? __pfx_ksys_write+0x10/0x10
[ 1813.861034][ T2483]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1813.861060][ T2483]  do_syscall_64+0x14d/0xf80
[ 1813.861084][ T2483]  ? trace_irq_disable+0x3b/0x150
[ 1813.861101][ T2483]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1813.861120][ T2483]  ? clear_bhb_loop+0x40/0x90
[ 1813.861143][ T2483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1813.861161][ T2483] RIP: 0033:0x7f3e0a19c819
[ 1813.861177][ T2483] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1813.861192][ T2483] RSP: 002b:00007f3e0b10b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1813.861212][ T2483] RAX: ffffffffffffffda RBX: 00007f3e0a415fa0 RCX: 00007f3e0a19c819
[ 1813.861225][ T2483] RDX: 07fffffffffffd33 RSI: 0000200000004d00 RDI: 0000000000000003
[ 1813.861238][ T2483] RBP: 00007f3e0b10b090 R08: 0000000000000000 R09: 0000000000000000
[ 1813.861250][ T2483] R10: 0000000020000890 R11: 0000000000000246 R12: 0000000000000002
[ 1813.861261][ T2483] R13: 00007f3e0a416038 R14: 00007f3e0a415fa0 R15: 00007ffda2c8d908
[ 1813.861290][ T2483]  </TASK>
[ 1814.658985][ T5144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1814.670301][ T5144] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1814.680350][ T5144] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1814.701564][ T5144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1814.709333][ T5144] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1814.760377][ T2505] lo speed is unknown, defaulting to 1000
[ 1815.156814][T24480] bridge0: port 3(syz_tun) entered disabled state
[ 1815.204681][ T2519] ipvlan2: entered promiscuous mode
[ 1815.210034][ T2519] ipvlan2: entered allmulticast mode
[ 1815.223641][ T2519] gretap0: entered allmulticast mode
[ 1815.231256][ T2519] team0: Device ipvlan2 is up. Set it down before adding it as a team port
[ 1815.320855][ T2523] netlink: 76 bytes leftover after parsing attributes in process `syz.0.18081'.
[ 1815.339574][ T2523] netlink: 76 bytes leftover after parsing attributes in process `syz.0.18081'.
[ 1815.379942][ T2536] IPVS: set_ctl: invalid protocol: 60 10.1.1.0:20004
[ 1815.387521][ T2536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18084'.
[ 1815.400123][ T2536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18084'.
[ 1815.793547][ T2539] lo speed is unknown, defaulting to 1000
[ 1815.810028][ T2505] chnl_net:caif_netlink_parms(): no params data found
[ 1815.956041][ T2566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18090'.
[ 1816.027595][ T2568] netlink: 'syz.0.18091': attribute type 1 has an invalid length.
[ 1816.122980][ T2568] bond2: entered promiscuous mode
[ 1816.140254][ T2568] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1816.188435][ T2568] bond2: entered allmulticast mode
[ 1816.197960][ T2578] bridge0: port 3(syz_tun) entered blocking state
[ 1816.214722][ T2578] bridge0: port 3(syz_tun) entered disabled state
[ 1816.223464][ T2578] syz_tun: entered allmulticast mode
[ 1816.231031][ T2578] syz_tun: entered promiscuous mode
[ 1816.238145][ T2578] bridge0: port 3(syz_tun) entered blocking state
[ 1816.244721][ T2578] bridge0: port 3(syz_tun) entered forwarding state
[ 1816.265969][ T2581] vlan2: entered promiscuous mode
[ 1816.271052][ T2581] bond0: entered promiscuous mode
[ 1816.276839][ T2581] bond_slave_0: entered promiscuous mode
[ 1816.286720][ T2581] bond_slave_1: entered promiscuous mode
[ 1816.367231][ T2579] lo speed is unknown, defaulting to 1000
[ 1816.456936][ T2505] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1816.464907][ T2505] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1816.480755][ T2505] bridge_slave_0: entered allmulticast mode
[ 1816.490512][ T2505] bridge_slave_0: entered promiscuous mode
[ 1816.541606][ T2505] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1816.566845][ T2505] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1816.594578][ T2505] bridge_slave_1: entered allmulticast mode
[ 1816.602336][ T2505] bridge_slave_1: entered promiscuous mode
[ 1816.625825][ T2602] __nla_validate_parse: 2 callbacks suppressed
[ 1816.625846][ T2602] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18082'.
[ 1816.635508][ T2604] FAULT_INJECTION: forcing a failure.
[ 1816.635508][ T2604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1816.697075][ T2604] CPU: 1 UID: 0 PID: 2604 Comm: syz.0.18098 Not tainted syzkaller #0 PREEMPT(full) 
[ 1816.697098][ T2604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1816.697108][ T2604] Call Trace:
[ 1816.697115][ T2604]  <TASK>
[ 1816.697123][ T2604]  dump_stack_lvl+0xe8/0x150
[ 1816.697151][ T2604]  should_fail_ex+0x412/0x560
[ 1816.697180][ T2604]  _copy_from_iter+0x1d3/0x1670
[ 1816.697209][ T2604]  ? rcu_is_watching+0x15/0xb0
[ 1816.697248][ T2604]  ? __pfx__copy_from_iter+0x10/0x10
[ 1816.697279][ T2604]  ? netlink_sendmsg+0x650/0xb40
[ 1816.697298][ T2604]  ? skb_put+0x11b/0x210
[ 1816.697326][ T2604]  netlink_sendmsg+0x6c0/0xb40
[ 1816.697353][ T2604]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1816.697374][ T2604]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1816.697401][ T2604]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1816.697425][ T2604]  ____sys_sendmsg+0x972/0x9f0
[ 1816.697454][ T2604]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1816.697483][ T2604]  ? import_iovec+0x73/0xa0
[ 1816.697505][ T2604]  ___sys_sendmsg+0x2a5/0x360
[ 1816.697531][ T2604]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1816.697581][ T2604]  ? __fget_files+0x2a/0x420
[ 1816.697603][ T2604]  ? __fget_files+0x3a0/0x420
[ 1816.697635][ T2604]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1816.697660][ T2604]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1816.697692][ T2604]  ? __pfx_ksys_write+0x10/0x10
[ 1816.697723][ T2604]  do_syscall_64+0x14d/0xf80
[ 1816.697748][ T2604]  ? trace_irq_disable+0x3b/0x150
[ 1816.697764][ T2604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.697783][ T2604]  ? clear_bhb_loop+0x40/0x90
[ 1816.697805][ T2604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.697823][ T2604] RIP: 0033:0x7f0aadb9c819
[ 1816.697840][ T2604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1816.697855][ T2604] RSP: 002b:00007f0aaea0a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1816.697875][ T2604] RAX: ffffffffffffffda RBX: 00007f0aade15fa0 RCX: 00007f0aadb9c819
[ 1816.697888][ T2604] RDX: 0000000000008024 RSI: 0000200000000140 RDI: 0000000000000003
[ 1816.697900][ T2604] RBP: 00007f0aaea0a090 R08: 0000000000000000 R09: 0000000000000000
[ 1816.697911][ T2604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1816.697922][ T2604] R13: 00007f0aade16038 R14: 00007f0aade15fa0 R15: 00007ffc1f9e02b8
[ 1816.697950][ T2604]  </TASK>
[ 1816.963269][ T2588] syzkaller0: entered promiscuous mode
[ 1816.967948][ T5829] Bluetooth: hci2: command tx timeout
[ 1816.973549][ T2588] syzkaller0: entered allmulticast mode
[ 1817.072280][ T2505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1817.086379][ T2505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1817.131528][ T1002] bridge_slave_1: left allmulticast mode
[ 1817.143132][ T1002] bridge_slave_1: left promiscuous mode
[ 1817.153711][ T1002] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1817.199199][ T2625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18101'.
[ 1817.245455][ T1002] bond14: left allmulticast mode
[ 1817.250493][ T1002] bond14: left promiscuous mode
[ 1817.259500][ T1002] bridge7: port 1(bond14) entered disabled state
[ 1817.272307][ T1002] bond15: left allmulticast mode
[ 1817.277921][ T1002] bond15: left promiscuous mode
[ 1817.283342][ T1002] bridge9: port 1(bond15) entered disabled state
[ 1817.502209][ T1002] bond11 (unregistering): (slave geneve3): Releasing active interface
[ 1817.527251][ T1002] bond1 (unregistering): (slave geneve2): Releasing active interface
[ 1817.535666][ T2636] openvswitch: netlink: Missing valid actions attribute.
[ 1817.542725][ T2636] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1817.551879][ T1002] geneve2 (unregistering): left allmulticast mode
[ 1817.594455][ T1002] bond2 (unregistering): (slave vxlan0): Releasing backup interface
[ 1817.601518][ T2641] netlink: 'syz.0.18104': attribute type 1 has an invalid length.
[ 1817.665967][ T2642] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18104'.
[ 1817.792363][ T2644] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18104'.
[ 1817.930100][ T1002] bond10 (unregistering): (slave bridge6): Releasing backup interface
[ 1817.938418][ T1002] bridge6 (unregistering): left promiscuous mode
[ 1817.944974][ T1002] bridge6 (unregistering): left allmulticast mode
[ 1818.178270][ T1002] bond16 (unregistering): (slave bridge12): Releasing backup interface
[ 1818.186878][ T1002] bridge12 (unregistering): left promiscuous mode
[ 1818.193325][ T1002] bridge12 (unregistering): left allmulticast mode
[ 1818.239847][ T1002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1818.250769][ T1002] bond_slave_0: left promiscuous mode
[ 1818.256414][ T1002] bond_slave_0: left allmulticast mode
[ 1818.263244][ T1002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1818.272759][ T1002] bond_slave_1: left promiscuous mode
[ 1818.280234][ T1002] bond_slave_1: left allmulticast mode
[ 1818.286425][ T1002] bond0 (unregistering): Released all slaves
[ 1818.301089][ T1002] bond1 (unregistering): Released all slaves
[ 1818.315090][ T1002] bond2 (unregistering): Released all slaves
[ 1818.328911][ T1002] bond3 (unregistering): Released all slaves
[ 1818.352817][ T1002] bond4 (unregistering): (slave veth3): Releasing backup interface
[ 1818.361676][ T1002] bond4 (unregistering): Released all slaves
[ 1818.376514][ T1002] bond5 (unregistering): Released all slaves
[ 1818.391632][ T1002] bond6 (unregistering): (slave veth5): Releasing backup interface
[ 1818.405806][ T1002] bond6 (unregistering): Released all slaves
[ 1818.418627][ T1002] bond7 (unregistering): Released all slaves
[ 1818.432597][ T1002] bond8 (unregistering): Released all slaves
[ 1818.446413][ T1002] bond9 (unregistering): Released all slaves
[ 1818.470206][ T1002] bond10 (unregistering): Released all slaves
[ 1818.482732][ T1002] bond11 (unregistering): Released all slaves
[ 1818.496902][ T1002] bond12 (unregistering): (slave veth7): Releasing backup interface
[ 1818.507199][ T1002] bond12 (unregistering): Released all slaves
[ 1818.523767][ T1002] bond13 (unregistering): (slave veth9): Releasing backup interface
[ 1818.536123][ T1002] bond13 (unregistering): Released all slaves
[ 1818.550587][ T1002] bond14 (unregistering): Released all slaves
[ 1818.562783][ T1002] bond15 (unregistering): Released all slaves
[ 1818.575939][ T1002] bond16 (unregistering): Released all slaves
[ 1818.627177][ T2505] team0: Port device team_slave_0 added
[ 1818.640003][ T2641] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1818.670338][ T2505] team0: Port device team_slave_1 added
[ 1818.912280][ T2651] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18107'.
[ 1818.959721][ T2505] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1818.974109][ T2505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1819.004138][ T5829] Bluetooth: hci2: command tx timeout
[ 1819.054161][ T2505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1819.065924][ T1002] tipc: Left network mode
[ 1819.067311][ T2505] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1819.078162][ T2505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1819.134215][ T2505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1819.261630][ T2678] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18111'.
[ 1819.316003][ T2683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18112'.
[ 1819.497150][ T2505] hsr_slave_0: entered promiscuous mode
[ 1819.510533][ T2505] hsr_slave_1: entered promiscuous mode
[ 1819.532210][ T2505] debugfs: 'hsr0' already exists in 'hsr'
[ 1819.544253][ T2505] Cannot create hsr debugfs directory
[ 1819.670696][ T2705] netlink: 'syz.1.18116': attribute type 1 has an invalid length.
[ 1819.716461][ T2705] netlink: 28 bytes leftover after parsing attributes in process `syz.1.18116'.
[ 1819.780046][ T2705] batadv_slave_0: entered promiscuous mode
[ 1819.790374][ T2705] batadv_slave_0: entered allmulticast mode
[ 1819.809018][ T2710] netlink: 'syz.0.18117': attribute type 8 has an invalid length.
[ 1819.820387][ T2705] netlink: 28 bytes leftover after parsing attributes in process `syz.1.18116'.
[ 1820.579834][ T2736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18118'.
[ 1820.902436][ T2757] vlan2: entered promiscuous mode
[ 1820.908159][ T2757] bond0: entered promiscuous mode
[ 1820.913210][ T2757] bond_slave_0: entered promiscuous mode
[ 1820.925735][ T2757] bond_slave_1: entered promiscuous mode
[ 1821.092419][ T5829] Bluetooth: hci2: command tx timeout
[ 1821.253415][ T2778] netlink: 'syz.1.18128': attribute type 1 has an invalid length.
[ 1821.306861][ T2781] veth1_vlan: entered allmulticast mode
[ 1821.385604][ T2778] bond1: entered promiscuous mode
[ 1821.391062][ T2778] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1821.728517][ T2804] __nla_validate_parse: 6 callbacks suppressed
[ 1821.728536][ T2804] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18130'.
[ 1821.941078][ T2800] veth3: entered promiscuous mode
[ 1821.956907][ T2800] bond3: (slave veth3): Enslaving as an active interface with an up link
[ 1821.975604][ T2804] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1821.982865][ T2505] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1822.080708][ T2505] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1822.101028][ T2505] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1822.112580][ T2505] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1822.272202][ T2824] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1822.419157][ T2824] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1822.542506][ T2824] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1822.743204][ T2824] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1822.901548][ T2880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18138'.
[ 1822.958094][ T2866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18138'.
[ 1822.993110][ T2883] netlink: 'syz.3.18140': attribute type 1 has an invalid length.
[ 1823.060496][ T2887] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18140'.
[ 1823.080192][ T2883] bond4: entered promiscuous mode
[ 1823.089758][ T2883] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1823.147775][ T2887] bond4: entered allmulticast mode
[ 1823.164248][ T5829] Bluetooth: hci2: command tx timeout
[ 1823.174895][ T2887] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18140'.
[ 1823.230496][   T84] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1823.287936][ T2505] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1823.320843][   T84] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1823.353244][ T2892] FAULT_INJECTION: forcing a failure.
[ 1823.353244][ T2892] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1823.361477][ T2505] 8021q: adding VLAN 0 to HW filter on device team0
[ 1823.373396][ T2892] CPU: 1 UID: 0 PID: 2892 Comm: syz.0.18141 Not tainted syzkaller #0 PREEMPT(full) 
[ 1823.373420][ T2892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1823.373430][ T2892] Call Trace:
[ 1823.373437][ T2892]  <TASK>
[ 1823.373445][ T2892]  dump_stack_lvl+0xe8/0x150
[ 1823.373473][ T2892]  should_fail_ex+0x412/0x560
[ 1823.373501][ T2892]  _copy_from_user+0x2d/0xb0
[ 1823.373521][ T2892]  ___sys_sendmsg+0x1c6/0x360
[ 1823.373547][ T2892]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1823.373597][ T2892]  ? __fget_files+0x2a/0x420
[ 1823.373622][ T2892]  ? __fget_files+0x3a0/0x420
[ 1823.373657][ T2892]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1823.373693][ T2892]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1823.373726][ T2892]  ? __pfx_ksys_write+0x10/0x10
[ 1823.373758][ T2892]  do_syscall_64+0x14d/0xf80
[ 1823.373783][ T2892]  ? trace_irq_disable+0x3b/0x150
[ 1823.373800][ T2892]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1823.373815][ T2892]  ? clear_bhb_loop+0x40/0x90
[ 1823.373831][ T2892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1823.373844][ T2892] RIP: 0033:0x7f0aadb9c819
[ 1823.373858][ T2892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1823.373870][ T2892] RSP: 002b:00007f0aaea0a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1823.373886][ T2892] RAX: ffffffffffffffda RBX: 00007f0aade15fa0 RCX: 00007f0aadb9c819
[ 1823.373896][ T2892] RDX: 0000000000000880 RSI: 0000200000000000 RDI: 0000000000000004
[ 1823.373904][ T2892] RBP: 00007f0aaea0a090 R08: 0000000000000000 R09: 0000000000000000
[ 1823.373913][ T2892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1823.373922][ T2892] R13: 00007f0aade16038 R14: 00007f0aade15fa0 R15: 00007ffc1f9e02b8
[ 1823.373947][ T2892]  </TASK>
[ 1823.416286][ T1117] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1823.583725][ T1117] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1823.632265][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1823.639466][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1823.729259][   T11] block nbd1: Possible stuck request ffff88809dc70000: control (read@0,1024B). Runtime 330 seconds
[ 1823.751429][   T11] block nbd1: Possible stuck request ffff88809dc70200: control (read@1024,1024B). Runtime 330 seconds
[ 1823.764347][   T11] block nbd1: Possible stuck request ffff88809dc70400: control (read@2048,1024B). Runtime 330 seconds
[ 1823.776136][   T11] block nbd1: Possible stuck request ffff88809dc70600: control (read@3072,1024B). Runtime 330 seconds
[ 1823.792511][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1823.799784][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1823.926167][ T2896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1823.933910][ T2896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1824.119121][ T2902] netlink: 'syz.2.18143': attribute type 8 has an invalid length.
[ 1824.140998][ T2896] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1824.156743][ T2896] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1824.297185][ T2902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.18143'.
[ 1824.314491][ T8041] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1824.335430][ T8041] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1824.351828][ T8041] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1824.362884][ T8041] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1824.396675][ T8041] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1824.415393][ T8041] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1824.425495][ T8041] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1824.437027][ T8041] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1824.480627][ T2898] lo speed is unknown, defaulting to 1000
[ 1824.485766][ T2929] netlink: 'syz.0.18151': attribute type 1 has an invalid length.
[ 1824.535730][ T2929] bond3: entered promiscuous mode
[ 1824.541197][ T2929] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1824.609962][ T2929] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18151'.
[ 1824.624731][ T1002] hsr_slave_0: left promiscuous mode
[ 1824.631339][ T1002] hsr_slave_1: left promiscuous mode
[ 1824.641896][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1824.664171][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1824.679742][ T1002] pim6reg (unregistering): left allmulticast mode
[ 1824.730387][ T2936] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18151'.
[ 1824.904381][ T1002] ` (unregistering): Port device team_slave_1 removed
[ 1824.919159][ T1002] ` (unregistering): Port device team_slave_0 removed
[ 1825.043352][ T2929] bond3: entered allmulticast mode
[ 1825.517869][ T2505] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1825.678344][ T2957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18153'.
[ 1825.711438][ T2951] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18153'.
[ 1825.725198][ T1002] IPVS: stop unused estimator thread 0...
[ 1825.964763][ T2973] netlink: 'syz.1.18162': attribute type 1 has an invalid length.
[ 1826.076219][ T2973] bond2: entered promiscuous mode
[ 1826.097562][ T2973] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1826.130781][ T2978] bond2: entered allmulticast mode
[ 1826.286422][ T2987] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1826.346094][ T2505] veth0_vlan: entered promiscuous mode
[ 1826.381729][ T2505] veth1_vlan: entered promiscuous mode
[ 1826.472596][ T2505] veth0_macvtap: entered promiscuous mode
[ 1826.485535][ T2993] netlink: 'syz.3.18168': attribute type 1 has an invalid length.
[ 1826.504780][ T2505] veth1_macvtap: entered promiscuous mode
[ 1826.548524][ T2993] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1826.562626][ T2995] vlan2: entered promiscuous mode
[ 1826.576831][ T2996] bond5: entered promiscuous mode
[ 1826.581890][ T2996] bond5: entered allmulticast mode
[ 1826.620138][ T2997] bond5: (slave dummy0): making interface the new active one
[ 1826.644677][ T2997] dummy0: entered allmulticast mode
[ 1826.651268][ T2997] bond5: (slave dummy0): Enslaving as an active interface with an up link
[ 1826.713136][ T2505] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1826.769650][ T3001] __nla_validate_parse: 4 callbacks suppressed
[ 1826.769681][ T3001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18166'.
[ 1826.778810][ T2505] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1826.805878][ T3003] sctp: [Deprecated]: syz.0.18170 (pid 3003) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1826.805878][ T3003] Use struct sctp_sack_info instead
[ 1826.815744][T19076] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.839358][ T3006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18166'.
[ 1826.853253][T19076] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.915663][T19076] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.933029][T19076] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1827.088270][ T3020] netlink: 'syz.2.18175': attribute type 1 has an invalid length.
[ 1827.129258][ T3020] bond1: entered promiscuous mode
[ 1827.135119][ T3020] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1827.158323][ T3020] netlink: 28 bytes leftover after parsing attributes in process `syz.2.18175'.
[ 1827.167878][ T3020] bond1: entered allmulticast mode
[ 1827.176701][ T3020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18175'.
[ 1827.186172][ T3020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18175'.
[ 1827.274603][T19076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1827.323089][T19076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1827.390430][ T8041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1827.416544][ T8041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1827.425016][ T3030] openvswitch: netlink: VXLAN extension 1 has unexpected len 6 expected 4
[ 1827.618155][ T3037] syzkaller1: entered promiscuous mode
[ 1827.644996][ T3037] syzkaller1: entered allmulticast mode
[ 1827.762521][ T3042] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18176'.
[ 1827.782670][ T3042] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18176'.
[ 1828.288690][ T3068] netlink: 'syz.2.18188': attribute type 1 has an invalid length.
[ 1828.407263][ T3070] netlink: 28 bytes leftover after parsing attributes in process `syz.2.18188'.
[ 1828.431404][ T3072] IPVS: set_ctl: invalid protocol: 60 10.1.1.0:20004
[ 1828.439263][ T3068] bond2: entered promiscuous mode
[ 1828.445747][ T3068] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1828.473002][ T3070] bond2: entered allmulticast mode
[ 1828.493849][ T3068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18188'.
[ 1828.497191][ T3072] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18189'.
[ 1828.650156][ T3084] netlink: 'syz.1.18195': attribute type 3 has an invalid length.
[ 1828.951853][ T3106] netlink: 'syz.3.18202': attribute type 13 has an invalid length.
[ 1828.963556][ T3106] netlink: 'syz.3.18202': attribute type 17 has an invalid length.
[ 1829.172521][ T3106] bridge0: port 3(syz_tun) entered blocking state
[ 1829.179087][ T3106] bridge0: port 3(syz_tun) entered forwarding state
[ 1829.191964][ T3106] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1829.200127][ T3106] 8021q: adding VLAN 0 to HW filter on device team0
[ 1829.209767][ T3106] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1829.338443][ T3127] FAULT_INJECTION: forcing a failure.
[ 1829.338443][ T3127] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1829.341903][ T3126] netlink: 'syz.1.18208': attribute type 1 has an invalid length.
[ 1829.360169][ T3127] CPU: 1 UID: 0 PID: 3127 Comm: syz.2.18206 Not tainted syzkaller #0 PREEMPT(full) 
[ 1829.360193][ T3127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1829.360204][ T3127] Call Trace:
[ 1829.360211][ T3127]  <TASK>
[ 1829.360219][ T3127]  dump_stack_lvl+0xe8/0x150
[ 1829.360250][ T3127]  should_fail_ex+0x412/0x560
[ 1829.360280][ T3127]  _copy_to_iter+0x589/0x17d0
[ 1829.360321][ T3127]  ? __pfx__copy_to_iter+0x10/0x10
[ 1829.360345][ T3127]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1829.360370][ T3127]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1829.360394][ T3127]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1829.360424][ T3127]  ? __skb_try_recv_datagram+0x3d4/0x4d0
[ 1829.360453][ T3127]  __skb_datagram_iter+0xf8/0x980
[ 1829.360478][ T3127]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1829.360506][ T3127]  skb_copy_datagram_iter+0xb5/0x270
[ 1829.360533][ T3127]  netlink_recvmsg+0x2c3/0xa50
[ 1829.360554][ T3127]  ? __lock_acquire+0x6b5/0x2cf0
[ 1829.360581][ T3127]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1829.360605][ T3127]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1829.360630][ T3127]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1829.360649][ T3127]  ? security_socket_recvmsg+0x7e/0x2c0
[ 1829.360668][ T3127]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1829.360685][ T3127]  sock_recvmsg+0x172/0x1b0
[ 1829.360705][ T3127]  ____sys_recvmsg+0x1e6/0x4a0
[ 1829.360735][ T3127]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1829.360770][ T3127]  ? import_iovec+0x73/0xa0
[ 1829.360792][ T3127]  ___sys_recvmsg+0x215/0x590
[ 1829.360821][ T3127]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1829.360866][ T3127]  ? __fget_files+0x3a0/0x420
[ 1829.360903][ T3127]  do_recvmmsg+0x334/0x800
[ 1829.360933][ T3127]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1829.360965][ T3127]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1829.361009][ T3127]  __x64_sys_recvmmsg+0x198/0x250
[ 1829.361035][ T3127]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1829.361069][ T3127]  do_syscall_64+0x14d/0xf80
[ 1829.361094][ T3127]  ? trace_irq_disable+0x3b/0x150
[ 1829.361109][ T3127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.361127][ T3127]  ? clear_bhb_loop+0x40/0x90
[ 1829.361153][ T3127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.361170][ T3127] RIP: 0033:0x7f3e0a19c819
[ 1829.361189][ T3127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1829.361204][ T3127] RSP: 002b:00007f3e0b10b028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1829.361223][ T3127] RAX: ffffffffffffffda RBX: 00007f3e0a415fa0 RCX: 00007f3e0a19c819
[ 1829.361236][ T3127] RDX: 0000000000000001 RSI: 0000200000002b00 RDI: 0000000000000003
[ 1829.361246][ T3127] RBP: 00007f3e0b10b090 R08: 0000000000000000 R09: 0000000000000000
[ 1829.361254][ T3127] R10: 0000000000000102 R11: 0000000000000246 R12: 0000000000000001
[ 1829.361263][ T3127] R13: 00007f3e0a416038 R14: 00007f3e0a415fa0 R15: 00007ffda2c8d908
[ 1829.361287][ T3127]  </TASK>
[ 1829.675969][ T3126] bond3: entered promiscuous mode
[ 1829.681463][ T3126] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1829.693277][ T3132] bond3: entered allmulticast mode
[ 1830.167523][ T3157] netlink: zone id is out of range
[ 1830.188588][ T3157] netlink: zone id is out of range
[ 1830.193873][ T3157] netlink: zone id is out of range
[ 1830.199333][ T3157] netlink: zone id is out of range
[ 1830.269502][ T3157] netlink: zone id is out of range
[ 1830.304486][ T3157] netlink: zone id is out of range
[ 1830.309847][ T3157] netlink: zone id is out of range
[ 1830.520321][ T3188] netlink: 'syz.1.18226': attribute type 15 has an invalid length.
[ 1830.950737][ T3223] FAULT_INJECTION: forcing a failure.
[ 1830.950737][ T3223] name failslab, interval 1, probability 0, space 0, times 0
[ 1830.974594][ T3223] CPU: 0 UID: 0 PID: 3223 Comm: syz.2.18235 Not tainted syzkaller #0 PREEMPT(full) 
[ 1830.974620][ T3223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1830.974632][ T3223] Call Trace:
[ 1830.974640][ T3223]  <TASK>
[ 1830.974647][ T3223]  dump_stack_lvl+0xe8/0x150
[ 1830.974677][ T3223]  should_fail_ex+0x412/0x560
[ 1830.974709][ T3223]  should_failslab+0xa8/0x100
[ 1830.974733][ T3223]  ? skb_clone+0x212/0x3a0
[ 1830.974757][ T3223]  kmem_cache_alloc_noprof+0x87/0x650
[ 1830.974777][ T3223]  ? __netlink_lookup+0xc6/0x8b0
[ 1830.974806][ T3223]  skb_clone+0x212/0x3a0
[ 1830.974832][ T3223]  __netlink_deliver_tap+0x404/0x850
[ 1830.974864][ T3223]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1830.974885][ T3223]  netlink_deliver_tap+0x19c/0x1b0
[ 1830.974907][ T3223]  netlink_unicast+0x7e3/0x9b0
[ 1830.974943][ T3223]  ? __pfx_netlink_unicast+0x10/0x10
[ 1830.974972][ T3223]  ? netlink_sendmsg+0x650/0xb40
[ 1830.974989][ T3223]  ? skb_put+0x11b/0x210
[ 1830.975015][ T3223]  netlink_sendmsg+0x813/0xb40
[ 1830.975052][ T3223]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1830.975077][ T3223]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1830.975106][ T3223]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1830.975131][ T3223]  ____sys_sendmsg+0x972/0x9f0
[ 1830.975164][ T3223]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1830.975196][ T3223]  ? import_iovec+0x73/0xa0
[ 1830.975220][ T3223]  ___sys_sendmsg+0x2a5/0x360
[ 1830.975249][ T3223]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1830.975306][ T3223]  ? __fget_files+0x2a/0x420
[ 1830.975333][ T3223]  ? __fget_files+0x3a0/0x420
[ 1830.975369][ T3223]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1830.975396][ T3223]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1830.975429][ T3223]  ? __pfx_ksys_write+0x10/0x10
[ 1830.975461][ T3223]  do_syscall_64+0x14d/0xf80
[ 1830.975486][ T3223]  ? trace_irq_disable+0x3b/0x150
[ 1830.975504][ T3223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.975522][ T3223]  ? clear_bhb_loop+0x40/0x90
[ 1830.975543][ T3223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.975561][ T3223] RIP: 0033:0x7f3e0a19c819
[ 1830.975579][ T3223] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1830.975594][ T3223] RSP: 002b:00007f3e0b10b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1830.975614][ T3223] RAX: ffffffffffffffda RBX: 00007f3e0a415fa0 RCX: 00007f3e0a19c819
[ 1830.975631][ T3223] RDX: 0000000000008024 RSI: 0000200000000140 RDI: 0000000000000003
[ 1830.975643][ T3223] RBP: 00007f3e0b10b090 R08: 0000000000000000 R09: 0000000000000000
[ 1830.975655][ T3223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1830.975666][ T3223] R13: 00007f3e0a416038 R14: 00007f3e0a415fa0 R15: 00007ffda2c8d908
[ 1830.975696][ T3223]  </TASK>
[ 1831.593248][ T3223] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1831.600945][ T3223] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1831.719111][ T3223] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1831.749032][ T3223] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1831.953108][ T3232] bridge0: port 3(syz_tun) entered blocking state
[ 1831.970237][ T3232] bridge0: port 3(syz_tun) entered disabled state
[ 1832.000397][ T3232] syz_tun: entered allmulticast mode
[ 1832.018275][ T3232] syz_tun: entered promiscuous mode
[ 1832.054579][ T8041] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1832.065205][ T8041] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1832.076083][ T3245] netlink: 'syz.4.18242': attribute type 29 has an invalid length.
[ 1832.088396][ T3245] netlink: 'syz.4.18242': attribute type 29 has an invalid length.
[ 1832.098168][ T3245] __nla_validate_parse: 11 callbacks suppressed
[ 1832.098189][ T3245] netlink: 500 bytes leftover after parsing attributes in process `syz.4.18242'.
[ 1832.104637][ T8041] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1832.118769][   T84] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1832.164399][ T3241] net_ratelimit: 47 callbacks suppressed
[ 1832.164413][ T3241] netlink: zone id is out of range
[ 1832.198157][ T3241] netlink: zone id is out of range
[ 1832.203462][ T3241] netlink: zone id is out of range
[ 1832.250098][ T3241] netlink: zone id is out of range
[ 1832.275923][ T3241] netlink: zone id is out of range
[ 1832.303224][ T3241] netlink: zone id is out of range
[ 1832.313306][ T3241] netlink: zone id is out of range
[ 1832.323126][ T3241] netlink: zone id is out of range
[ 1832.344623][ T3241] netlink: zone id is out of range
[ 1832.349592][ T3261] FAULT_INJECTION: forcing a failure.
[ 1832.349592][ T3261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1832.354846][ T3241] netlink: zone id is out of range
[ 1832.389886][ T3261] CPU: 1 UID: 0 PID: 3261 Comm: syz.0.18246 Not tainted syzkaller #0 PREEMPT(full) 
[ 1832.389912][ T3261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1832.389923][ T3261] Call Trace:
[ 1832.389931][ T3261]  <TASK>
[ 1832.389940][ T3261]  dump_stack_lvl+0xe8/0x150
[ 1832.389971][ T3261]  should_fail_ex+0x412/0x560
[ 1832.390001][ T3261]  _copy_from_user+0x2d/0xb0
[ 1832.390023][ T3261]  sock_do_ioctl+0x195/0x320
[ 1832.390053][ T3261]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1832.390078][ T3261]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1832.390120][ T3261]  sock_ioctl+0x5c6/0x7f0
[ 1832.390148][ T3261]  ? __pfx_sock_ioctl+0x10/0x10
[ 1832.390174][ T3261]  ? __fget_files+0x2a/0x420
[ 1832.390200][ T3261]  ? __fget_files+0x3a0/0x420
[ 1832.390225][ T3261]  ? __fget_files+0x2a/0x420
[ 1832.390260][ T3261]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1832.390284][ T3261]  ? __pfx_sock_ioctl+0x10/0x10
[ 1832.390310][ T3261]  __se_sys_ioctl+0xfc/0x170
[ 1832.390334][ T3261]  do_syscall_64+0x14d/0xf80
[ 1832.390359][ T3261]  ? trace_irq_disable+0x3b/0x150
[ 1832.390375][ T3261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1832.390394][ T3261]  ? clear_bhb_loop+0x40/0x90
[ 1832.390416][ T3261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1832.390435][ T3261] RIP: 0033:0x7f0aadb9c819
[ 1832.390453][ T3261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1832.390470][ T3261] RSP: 002b:00007f0aaea0a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1832.390514][ T3261] RAX: ffffffffffffffda RBX: 00007f0aade15fa0 RCX: 00007f0aadb9c819
[ 1832.390527][ T3261] RDX: 0000200000000500 RSI: 0000000000008946 RDI: 0000000000000005
[ 1832.390540][ T3261] RBP: 00007f0aaea0a090 R08: 0000000000000000 R09: 0000000000000000
[ 1832.390552][ T3261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1832.390563][ T3261] R13: 00007f0aade16038 R14: 00007f0aade15fa0 R15: 00007ffc1f9e02b8
[ 1832.390591][ T3261]  </TASK>
[ 1832.901778][ T3275] pim6reg: entered allmulticast mode
[ 1832.914303][ T3272] netlink: 'syz.3.18252': attribute type 1 has an invalid length.
[ 1832.934165][ T3272] netlink: 248 bytes leftover after parsing attributes in process `syz.3.18252'.
[ 1833.013520][ T3281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18254'.
[ 1833.224797][ T3296] netlink: 'syz.0.18260': attribute type 1 has an invalid length.
[ 1833.268903][ T3296] bond4: entered promiscuous mode
[ 1833.275119][ T3296] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1833.290639][ T3296] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18260'.
[ 1833.299977][ T3296] bond4: entered allmulticast mode
[ 1833.307563][ T3296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18260'.
[ 1833.577030][ T3305] pim6reg: entered allmulticast mode
[ 1833.893657][ T3323] bridge0: port 3(syz_tun) entered blocking state
[ 1833.901988][ T3323] bridge0: port 3(syz_tun) entered disabled state
[ 1833.914728][ T3323] syz_tun: entered allmulticast mode
[ 1833.932257][ T3323] syz_tun: entered promiscuous mode
[ 1833.946060][ T3323] bridge0: port 3(syz_tun) entered blocking state
[ 1833.952674][ T3323] bridge0: port 3(syz_tun) entered forwarding state
[ 1834.300371][ T3333] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[ 1834.929803][ T3362] bridge0: port 3(syz_tun) entered disabled state
[ 1834.953070][ T3362] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1834.960846][ T3362] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1835.091716][ T3362] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1835.122367][ T3362] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1835.268048][T19076] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1835.286947][T19076] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1835.356462][T19076] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1835.374398][T19076] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1835.609380][ T3404] bridge0: port 3(syz_tun) entered blocking state
[ 1835.616891][ T3404] bridge0: port 3(syz_tun) entered disabled state
[ 1835.623691][ T3404] syz_tun: entered allmulticast mode
[ 1835.631803][ T3404] syz_tun: entered promiscuous mode
[ 1838.037862][ T3380] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1838.841108][ T3452] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18313'.
[ 1838.859726][ T3452] vlan2: entered promiscuous mode
[ 1838.865476][ T3452] batadv0: entered promiscuous mode
[ 1838.984834][ T3455] batman_adv: batadv0: Adding interface: dummy0
[ 1839.002226][ T3455] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1839.040386][ T3455] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[ 1839.237521][ T3465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18318'.
[ 1839.624176][ T3484] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18323'.
[ 1839.696561][ T3484] syz_tun: left allmulticast mode
[ 1839.701824][ T3484] syz_tun: left promiscuous mode
[ 1839.737045][ T3484] bridge0: port 3(syz_tun) entered disabled state
[ 1839.770456][ T3484] bond5: (slave dummy0): Releasing active interface
[ 1839.797923][ T3484] dummy0: left allmulticast mode
[ 1839.807481][ T3484] bridge_slave_0: left allmulticast mode
[ 1839.818969][ T3484] bridge_slave_0: left promiscuous mode
[ 1839.825387][ T3484] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1840.022107][ T3484] bridge_slave_1: left allmulticast mode
[ 1840.028057][ T3484] bridge_slave_1: left promiscuous mode
[ 1840.033800][ T3484] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1840.053854][ T3484] bond0: (slave bond_slave_0): Releasing backup interface
[ 1840.063453][ T3484] bond0: (slave bond_slave_1): Releasing backup interface
[ 1840.074926][ T3484] team0: Port device team_slave_0 removed
[ 1840.121264][ T3484] team0: Port device team_slave_1 removed
[ 1840.134915][ T3484] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1840.145173][ T3484] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1840.153425][ T3484] net_ratelimit: 44 callbacks suppressed
[ 1840.153441][ T3484] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1840.347208][ T3498] netlink: 48 bytes leftover after parsing attributes in process `syz.2.18327'.
[ 1840.367137][ T3499] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18326'.
[ 1840.506849][ T3509] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18326'.
[ 1840.653438][T24023] IPVS: starting estimator thread 0...
[ 1840.744207][ T3518] IPVS: using max 36 ests per chain, 86400 per kthread
[ 1841.061601][ T3533] netlink: set zone limit has 4 unknown bytes
[ 1841.486349][ T3544] netlink: 44 bytes leftover after parsing attributes in process `syz.1.18336'.
[ 1841.527566][ T3545] bond0: entered promiscuous mode
[ 1841.535003][ T3545] bond_slave_0: entered promiscuous mode
[ 1841.540856][ T3545] bond_slave_1: entered promiscuous mode
[ 1841.550378][ T3545] bridge1: entered promiscuous mode
[ 1841.581801][ T3549] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.18339'.
[ 1841.614256][ T3549] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2)
[ 1841.684868][ T3552] IPVS: set_ctl: invalid protocol: 60 10.1.1.0:20004
[ 1841.705804][ T3552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18340'.
[ 1841.749998][ T3552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18340'.
[ 1843.637538][ T3633] ipvlan2: entered promiscuous mode
[ 1843.643614][ T3633] ipvlan2: entered allmulticast mode
[ 1843.649313][ T3633] gretap0: entered allmulticast mode
[ 1843.656984][ T3633] team0: Device ipvlan2 is up. Set it down before adding it as a team port
[ 1843.755597][ T3638] netlink: 'syz.0.18367': attribute type 13 has an invalid length.
[ 1843.765574][ T3638] netlink: 'syz.0.18367': attribute type 17 has an invalid length.
[ 1844.161374][ T3638] bridge0: port 3(syz_tun) entered blocking state
[ 1844.168011][ T3638] bridge0: port 3(syz_tun) entered forwarding state
[ 1844.182309][ T3638] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1844.233873][ T3638] 8021q: adding VLAN 0 to HW filter on device team0
[ 1844.276871][ T3662] __nla_validate_parse: 2 callbacks suppressed
[ 1844.276890][ T3662] netlink: 32 bytes leftover after parsing attributes in process `syz.1.18373'.
[ 1844.296789][ T3638] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1845.390586][ T3700] netlink: 32 bytes leftover after parsing attributes in process `syz.1.18386'.
[ 1845.628348][ T3708] bridge0: port 1(syz_tun) entered blocking state
[ 1845.641910][ T3708] bridge0: port 1(syz_tun) entered disabled state
[ 1845.649948][ T3708] syz_tun: entered allmulticast mode
[ 1845.660563][ T3708] syz_tun: entered promiscuous mode
[ 1845.678310][ T3708] bridge0: port 1(syz_tun) entered blocking state
[ 1845.684974][ T3708] bridge0: port 1(syz_tun) entered forwarding state
[ 1845.805229][ T3716] netlink: 188 bytes leftover after parsing attributes in process `syz.4.18390'.
[ 1845.812662][ T3717] netlink: 88 bytes leftover after parsing attributes in process `syz.1.18391'.
[ 1845.936058][ T3720] netlink: 'syz.1.18393': attribute type 1 has an invalid length.
[ 1845.985870][ T3720] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1845.997743][ T3720] netlink: 20 bytes leftover after parsing attributes in process `syz.1.18393'.
[ 1846.015805][ T3720] vxlan0: entered promiscuous mode
[ 1846.026038][ T3720] bond4: (slave vxlan0): making interface the new active one
[ 1846.046200][ T3720] bond4: (slave vxlan0): Enslaving as an active interface with an up link
[ 1846.068765][ T8041] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1846.090022][ T8041] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1846.101065][ T8041] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1846.112392][ T8041] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1846.366634][ T3743] netlink: 32 bytes leftover after parsing attributes in process `syz.1.18399'.
[ 1846.875537][ T3757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18402'.
[ 1846.892301][ T3757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18402'.
[ 1847.041414][ T3759] netlink: set zone limit has 4 unknown bytes
[ 1847.923856][ T3786] netlink: 32 bytes leftover after parsing attributes in process `syz.4.18411'.
[ 1847.933784][ T3787] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[ 1847.942610][ T3787] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[ 1847.951597][ T3787] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[ 1849.932472][ T3765] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1850.135960][ T3822] netlink: 32 bytes leftover after parsing attributes in process `syz.3.18422'.
[ 1850.171893][ T3827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18425'.
[ 1850.359179][ T3836] ipt_REJECT: ECHOREPLY no longer supported.
[ 1850.366979][ T3836] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18428'.
[ 1850.376307][ T3836] netlink: 28 bytes leftover after parsing attributes in process `syz.3.18428'.
[ 1850.475592][ T3846] netlink: 20 bytes leftover after parsing attributes in process `syz.4.18430'.
[ 1850.501546][ T3834] bridge0: port 3(syz_tun) entered disabled state
[ 1850.559728][ T3834] vxlan0: left promiscuous mode
[ 1850.565361][ T3834] bond2: left promiscuous mode
[ 1850.570294][ T3834] bond2: left allmulticast mode
[ 1850.575770][ T3834] bond3: left promiscuous mode
[ 1850.580593][ T3834] bond3: left allmulticast mode
[ 1850.586894][ T3834] bond4: left promiscuous mode
[ 1850.591667][ T3834] bond4: left allmulticast mode
[ 1850.929732][ T3868] netlink: 36 bytes leftover after parsing attributes in process `syz.0.18438'.
[ 1851.141609][ T3883] vlan2: entered promiscuous mode
[ 1851.158795][ T3883] bond0: entered promiscuous mode
[ 1851.163876][ T3883] bond_slave_0: entered promiscuous mode
[ 1851.170802][ T3883] bond_slave_1: entered promiscuous mode
[ 1851.713431][ T3916] netlink: 36 bytes leftover after parsing attributes in process `syz.1.18452'.
[ 1851.756734][ T3920] netlink: 'syz.1.18453': attribute type 21 has an invalid length.
[ 1851.765731][ T3920] netlink: 156 bytes leftover after parsing attributes in process `syz.1.18453'.
[ 1851.777595][ T3920] netlink: 'syz.1.18453': attribute type 21 has an invalid length.
[ 1851.786094][ T3920] netlink: 156 bytes leftover after parsing attributes in process `syz.1.18453'.
[ 1852.078257][ T3933] netlink: 'syz.4.18457': attribute type 29 has an invalid length.
[ 1852.092705][ T3933] netlink: 'syz.4.18457': attribute type 29 has an invalid length.
[ 1852.116866][ T3933] netlink: 500 bytes leftover after parsing attributes in process `syz.4.18457'.
[ 1853.804776][   T11] block nbd1: Possible stuck request ffff88809dc70000: control (read@0,1024B). Runtime 360 seconds
[ 1853.815939][   T11] block nbd1: Possible stuck request ffff88809dc70200: control (read@1024,1024B). Runtime 360 seconds
[ 1853.827521][ T3993] netlink: 'syz.2.18481': attribute type 29 has an invalid length.
[ 1853.827804][   T11] block nbd1: Possible stuck request ffff88809dc70400: control (read@2048,1024B). Runtime 360 seconds
[ 1853.846782][   T11] block nbd1: Possible stuck request ffff88809dc70600: control (read@3072,1024B). Runtime 360 seconds
[ 1853.847181][ T3996] netlink: 'syz.2.18481': attribute type 29 has an invalid length.
[ 1854.011916][ T4007] vxcan5: entered promiscuous mode
[ 1854.040222][ T4005] veth3: entered promiscuous mode
[ 1854.048597][ T4005] bond1: (slave veth3): Enslaving as an active interface with an up link
[ 1854.060554][ T4009] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1854.578370][ T4020] IPVS: set_ctl: invalid protocol: 41 172.30.0.4:20003
[ 1855.283628][ T4036] FAULT_INJECTION: forcing a failure.
[ 1855.283628][ T4036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1855.315329][ T4036] CPU: 0 UID: 0 PID: 4036 Comm: syz.1.18494 Not tainted syzkaller #0 PREEMPT(full) 
[ 1855.315354][ T4036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1855.315365][ T4036] Call Trace:
[ 1855.315373][ T4036]  <TASK>
[ 1855.315381][ T4036]  dump_stack_lvl+0xe8/0x150
[ 1855.315411][ T4036]  should_fail_ex+0x412/0x560
[ 1855.315442][ T4036]  _copy_to_user+0x31/0xb0
[ 1855.315464][ T4036]  simple_read_from_buffer+0xe1/0x170
[ 1855.315491][ T4036]  proc_fail_nth_read+0x1bb/0x230
[ 1855.315519][ T4036]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1855.315544][ T4036]  ? rw_verify_area+0x2a6/0x4d0
[ 1855.315562][ T4036]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1855.315588][ T4036]  vfs_read+0x20c/0xa70
[ 1855.315605][ T4036]  ? fdget_pos+0x246/0x320
[ 1855.315619][ T4036]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1855.315646][ T4036]  ? __pfx___mutex_lock+0x10/0x10
[ 1855.315672][ T4036]  ? __pfx_vfs_read+0x10/0x10
[ 1855.315692][ T4036]  ? __fget_files+0x2a/0x420
[ 1855.315720][ T4036]  ? __fget_files+0x3a0/0x420
[ 1855.315744][ T4036]  ? __fget_files+0x2a/0x420
[ 1855.315776][ T4036]  ksys_read+0x150/0x270
[ 1855.315796][ T4036]  ? __pfx_ksys_read+0x10/0x10
[ 1855.315826][ T4036]  do_syscall_64+0x14d/0xf80
[ 1855.315849][ T4036]  ? trace_irq_disable+0x3b/0x150
[ 1855.315864][ T4036]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.315882][ T4036]  ? clear_bhb_loop+0x40/0x90
[ 1855.315902][ T4036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.315919][ T4036] RIP: 0033:0x7f08cdb5d04e
[ 1855.315936][ T4036] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1855.315950][ T4036] RSP: 002b:00007f08cea5cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1855.315968][ T4036] RAX: ffffffffffffffda RBX: 00007f08cea5d6c0 RCX: 00007f08cdb5d04e
[ 1855.315981][ T4036] RDX: 000000000000000f RSI: 00007f08cea5d0a0 RDI: 0000000000000004
[ 1855.315993][ T4036] RBP: 00007f08cea5d090 R08: 0000000000000000 R09: 0000000000000000
[ 1855.316004][ T4036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1855.316015][ T4036] R13: 00007f08cde16038 R14: 00007f08cde15fa0 R15: 00007ffe35802fe8
[ 1855.316042][ T4036]  </TASK>
[ 1855.635034][ T4047] FAULT_INJECTION: forcing a failure.
[ 1855.635034][ T4047] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1855.636370][ T4037] netlink: set zone limit has 4 unknown bytes
[ 1855.651934][ T4047] CPU: 1 UID: 0 PID: 4047 Comm: syz.4.18500 Not tainted syzkaller #0 PREEMPT(full) 
[ 1855.651960][ T4047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1855.651971][ T4047] Call Trace:
[ 1855.651979][ T4047]  <TASK>
[ 1855.651987][ T4047]  dump_stack_lvl+0xe8/0x150
[ 1855.652018][ T4047]  should_fail_ex+0x412/0x560
[ 1855.652047][ T4047]  _copy_from_iter+0x1d3/0x1670
[ 1855.652078][ T4047]  ? rcu_is_watching+0x15/0xb0
[ 1855.652108][ T4047]  ? __pfx__copy_from_iter+0x10/0x10
[ 1855.652141][ T4047]  ? netlink_sendmsg+0x650/0xb40
[ 1855.652161][ T4047]  ? skb_put+0x11b/0x210
[ 1855.652186][ T4047]  netlink_sendmsg+0x6c0/0xb40
[ 1855.652213][ T4047]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1855.652236][ T4047]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1855.652263][ T4047]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1855.652286][ T4047]  ____sys_sendmsg+0x972/0x9f0
[ 1855.652324][ T4047]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1855.652354][ T4047]  ? import_iovec+0x73/0xa0
[ 1855.652376][ T4047]  ___sys_sendmsg+0x2a5/0x360
[ 1855.652404][ T4047]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1855.652457][ T4047]  ? __fget_files+0x2a/0x420
[ 1855.652481][ T4047]  ? __fget_files+0x3a0/0x420
[ 1855.652515][ T4047]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1855.652541][ T4047]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1855.652571][ T4047]  ? __pfx_ksys_write+0x10/0x10
[ 1855.652603][ T4047]  do_syscall_64+0x14d/0xf80
[ 1855.652628][ T4047]  ? trace_irq_disable+0x3b/0x150
[ 1855.652644][ T4047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.652661][ T4047]  ? clear_bhb_loop+0x40/0x90
[ 1855.652683][ T4047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1855.652701][ T4047] RIP: 0033:0x7f530cd9c819
[ 1855.652718][ T4047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1855.652732][ T4047] RSP: 002b:00007f530dc30028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1855.652751][ T4047] RAX: ffffffffffffffda RBX: 00007f530d015fa0 RCX: 00007f530cd9c819
[ 1855.652764][ T4047] RDX: 0000000000000880 RSI: 0000200000000000 RDI: 0000000000000004
[ 1855.652775][ T4047] RBP: 00007f530dc30090 R08: 0000000000000000 R09: 0000000000000000
[ 1855.652787][ T4047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1855.652797][ T4047] R13: 00007f530d016038 R14: 00007f530d015fa0 R15: 00007fff850b0b28
[ 1855.652825][ T4047]  </TASK>
[ 1856.077448][ T4060] netlink: 'syz.2.18502': attribute type 29 has an invalid length.
[ 1856.090398][ T4059] __nla_validate_parse: 7 callbacks suppressed
[ 1856.090415][ T4059] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18504'.
[ 1856.105123][ T4060] netlink: 'syz.2.18502': attribute type 29 has an invalid length.
[ 1856.119359][ T4060] netlink: 500 bytes leftover after parsing attributes in process `syz.2.18502'.
[ 1856.133140][ T4059] vlan2: entered promiscuous mode
[ 1856.520447][ T4068] lo speed is unknown, defaulting to 1000
[ 1856.554612][ T4073] netlink: 20 bytes leftover after parsing attributes in process `syz.3.18507'.
[ 1856.902371][ T4085] vlan2: entered promiscuous mode
[ 1857.143736][ T4089] bridge0: port 1(syz_tun) entered disabled state
[ 1857.964273][T24023] page_pool_release_retry() stalled pool shutdown: id 710, 1 inflight 60 sec
[ 1858.289342][ T4041] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1858.480543][ T4115] FAULT_INJECTION: forcing a failure.
[ 1858.480543][ T4115] name failslab, interval 1, probability 0, space 0, times 0
[ 1858.493281][ T4115] CPU: 1 UID: 0 PID: 4115 Comm: syz.3.18521 Not tainted syzkaller #0 PREEMPT(full) 
[ 1858.493306][ T4115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1858.493318][ T4115] Call Trace:
[ 1858.493326][ T4115]  <TASK>
[ 1858.493334][ T4115]  dump_stack_lvl+0xe8/0x150
[ 1858.493366][ T4115]  should_fail_ex+0x412/0x560
[ 1858.493397][ T4115]  should_failslab+0xa8/0x100
[ 1858.493421][ T4115]  ? skb_clone+0x212/0x3a0
[ 1858.493444][ T4115]  kmem_cache_alloc_noprof+0x87/0x650
[ 1858.493466][ T4115]  ? __bpf_redirect+0x9b4/0x12a0
[ 1858.493490][ T4115]  skb_clone+0x212/0x3a0
[ 1858.493517][ T4115]  bpf_clone_redirect+0x16a/0x4b0
[ 1858.493536][ T4115]  ? bpf_test_run+0x1d1/0x830
[ 1858.493561][ T4115]  ? bpf_test_run+0x1d1/0x830
[ 1858.493581][ T4115]  bpf_prog_e4907c0d029eaf1c+0x22/0x2a
[ 1858.493600][ T4115]  bpf_test_run+0x354/0x830
[ 1858.493640][ T4115]  ? __pfx_bpf_test_run+0x10/0x10
[ 1858.493668][ T4115]  ? trace_kmem_cache_alloc+0x29/0xf0
[ 1858.493686][ T4115]  ? slab_build_skb+0x52/0x410
[ 1858.493708][ T4115]  ? __kasan_krealloc+0xeb/0x110
[ 1858.493729][ T4115]  ? eth_type_trans+0x35e/0x6d0
[ 1858.493760][ T4115]  ? convert___skb_to_skb+0x3d/0x5b0
[ 1858.493782][ T4115]  bpf_prog_test_run_skb+0xd22/0x1c90
[ 1858.493813][ T4115]  ? __fget_files+0x2a/0x420
[ 1858.493838][ T4115]  ? __fget_files+0x3a0/0x420
[ 1858.493863][ T4115]  ? __fget_files+0x2a/0x420
[ 1858.493893][ T4115]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1858.493914][ T4115]  bpf_prog_test_run+0x2c7/0x340
[ 1858.493937][ T4115]  __sys_bpf+0x643/0x950
[ 1858.493961][ T4115]  ? __pfx___sys_bpf+0x10/0x10
[ 1858.493989][ T4115]  ? ksys_write+0x242/0x270
[ 1858.494009][ T4115]  ? __pfx_ksys_write+0x10/0x10
[ 1858.494034][ T4115]  __x64_sys_bpf+0x7c/0x90
[ 1858.494057][ T4115]  do_syscall_64+0x14d/0xf80
[ 1858.494080][ T4115]  ? trace_irq_disable+0x3b/0x150
[ 1858.494105][ T4115]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1858.494123][ T4115]  ? clear_bhb_loop+0x40/0x90
[ 1858.494145][ T4115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1858.494163][ T4115] RIP: 0033:0x7fe86a39c819
[ 1858.494180][ T4115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1858.494194][ T4115] RSP: 002b:00007fe86b21b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1858.494212][ T4115] RAX: ffffffffffffffda RBX: 00007fe86a615fa0 RCX: 00007fe86a39c819
[ 1858.494226][ T4115] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[ 1858.494237][ T4115] RBP: 00007fe86b21b090 R08: 0000000000000000 R09: 0000000000000000
[ 1858.494247][ T4115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1858.494258][ T4115] R13: 00007fe86a616038 R14: 00007fe86a615fa0 R15: 00007fff2f9b8c08
[ 1858.494286][ T4115]  </TASK>
[ 1859.054680][ T4131] netlink: 548 bytes leftover after parsing attributes in process `syz.2.18523'.
[ 1859.124590][ T4134] netlink: 604 bytes leftover after parsing attributes in process `syz.3.18525'.
[ 1859.237824][ T4123] netlink: 'syz.2.18523': attribute type 29 has an invalid length.
[ 1859.254518][ T4128] netlink: 'syz.2.18523': attribute type 29 has an invalid length.
[ 1859.262628][ T4130] netlink: 'syz.3.18525': attribute type 29 has an invalid length.
[ 1859.284399][ T4132] netlink: 'syz.3.18525': attribute type 29 has an invalid length.
[ 1859.397544][ T4143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18529'.
[ 1859.413779][ T4143] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1859.567507][ T4148] netlink: set zone limit has 4 unknown bytes
[ 1859.759399][ T4157] syzkaller0: entered promiscuous mode
[ 1859.765861][ T4157] syzkaller0: entered allmulticast mode
[ 1859.767022][ T4158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18530'.
[ 1859.792469][ T4158] netlink: 12 bytes leftover after parsing attributes in process `syz.0.18530'.
[ 1862.487614][ T4148] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1862.589142][ T4191] netlink: 'syz.3.18543': attribute type 29 has an invalid length.
[ 1862.598731][ T4191] netlink: 'syz.3.18543': attribute type 29 has an invalid length.
[ 1862.614648][ T4191] netlink: 500 bytes leftover after parsing attributes in process `syz.3.18543'.
[ 1862.840183][ T4202] FAULT_INJECTION: forcing a failure.
[ 1862.840183][ T4202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1862.853631][ T4202] CPU: 0 UID: 0 PID: 4202 Comm: syz.2.18546 Not tainted syzkaller #0 PREEMPT(full) 
[ 1862.853655][ T4202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1862.853666][ T4202] Call Trace:
[ 1862.853673][ T4202]  <TASK>
[ 1862.853681][ T4202]  dump_stack_lvl+0xe8/0x150
[ 1862.853709][ T4202]  should_fail_ex+0x412/0x560
[ 1862.853748][ T4202]  _copy_from_iter+0x1d3/0x1670
[ 1862.853780][ T4202]  ? rcu_is_watching+0x15/0xb0
[ 1862.853807][ T4202]  ? __pfx__copy_from_iter+0x10/0x10
[ 1862.853839][ T4202]  ? netlink_sendmsg+0x650/0xb40
[ 1862.853856][ T4202]  ? skb_put+0x11b/0x210
[ 1862.853877][ T4202]  netlink_sendmsg+0x6c0/0xb40
[ 1862.853903][ T4202]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1862.853924][ T4202]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1862.853948][ T4202]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1862.853973][ T4202]  ____sys_sendmsg+0x972/0x9f0
[ 1862.854002][ T4202]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1862.854033][ T4202]  ? import_iovec+0x73/0xa0
[ 1862.854054][ T4202]  ___sys_sendmsg+0x2a5/0x360
[ 1862.854080][ T4202]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1862.854135][ T4202]  ? __fget_files+0x2a/0x420
[ 1862.854162][ T4202]  ? __fget_files+0x3a0/0x420
[ 1862.854197][ T4202]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1862.854223][ T4202]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1862.854256][ T4202]  ? __pfx_ksys_write+0x10/0x10
[ 1862.854287][ T4202]  do_syscall_64+0x14d/0xf80
[ 1862.854313][ T4202]  ? trace_irq_disable+0x3b/0x150
[ 1862.854329][ T4202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1862.854348][ T4202]  ? clear_bhb_loop+0x40/0x90
[ 1862.854371][ T4202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1862.854388][ T4202] RIP: 0033:0x7f3e0a19c819
[ 1862.854406][ T4202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1862.854422][ T4202] RSP: 002b:00007f3e0b10b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1862.854442][ T4202] RAX: ffffffffffffffda RBX: 00007f3e0a415fa0 RCX: 00007f3e0a19c819
[ 1862.854456][ T4202] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[ 1862.854468][ T4202] RBP: 00007f3e0b10b090 R08: 0000000000000000 R09: 0000000000000000
[ 1862.854480][ T4202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1862.854490][ T4202] R13: 00007f3e0a416038 R14: 00007f3e0a415fa0 R15: 00007ffda2c8d908
[ 1862.854520][ T4202]  </TASK>
[ 1863.109749][ T4204] netlink: 16 bytes leftover after parsing attributes in process `syz.0.18547'.
[ 1863.341692][ T4217] netlink: 40 bytes leftover after parsing attributes in process `syz.1.18553'.
[ 1863.499373][ T4216] netlink: set zone limit has 4 unknown bytes
[ 1863.577802][ T4233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18556'.
[ 1863.591854][ T4233] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1863.604212][ T4235] netlink: 'syz.1.18557': attribute type 8 has an invalid length.
[ 1864.152836][ T4245] netlink: 180568 bytes leftover after parsing attributes in process `syz.0.18560'.
[ 1864.953094][ T4247] ipt_REJECT: ECHOREPLY no longer supported.
[ 1864.960031][ T4247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18561'.
[ 1864.970366][ T4247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18561'.
[ 1865.249035][ T4257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18563'.
[ 1865.290174][ T4259] Cannot find del_set index 1 as target
[ 1865.323309][ T4261] netlink: 40 bytes leftover after parsing attributes in process `syz.0.18565'.
[ 1865.556292][ T4267] bridge_slave_0 (unregistering): left allmulticast mode
[ 1865.563440][ T4267] bridge_slave_0 (unregistering): left promiscuous mode
[ 1865.571661][ T4267] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1865.964344][   T31] INFO: task udevd:23590 blocked for more than 143 seconds.
[ 1865.971919][   T31]       Not tainted syzkaller #0
[ 1865.977094][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1865.985938][   T31] task:udevd           state:D stack:22496 pid:23590 tgid:23590 ppid:5194   task_flags:0x400140 flags:0x00080002
[ 1865.998032][   T31] Call Trace:
[ 1866.001315][   T31]  <TASK>
[ 1866.004366][   T31]  __schedule+0x15dd/0x52d0
[ 1866.008933][   T31]  ? __lock_acquire+0x6b5/0x2cf0
[ 1866.014084][   T31]  ? __pfx___schedule+0x10/0x10
[ 1866.019073][   T31]  ? schedule+0x90/0x360
[ 1866.023406][   T31]  schedule+0x164/0x360
[ 1866.027735][   T31]  io_schedule+0x7f/0xd0
[ 1866.032103][   T31]  folio_wait_bit_common+0x6d8/0xbc0
[ 1866.037565][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[ 1866.043400][   T31]  ? __pfx_wake_page_function+0x10/0x10
[ 1866.049221][   T31]  ? __filemap_get_folio_mpol+0x7a9/0xb00
[ 1866.060342][   T31]  do_read_cache_folio+0x1ad/0x590
[ 1866.065595][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1866.071083][   T31]  read_part_sector+0xb6/0x2b0
[ 1866.076102][   T31]  adfspart_check_POWERTEC+0x92/0xef0
[ 1866.081492][   T31]  ? __pfx_adfspart_check_ICS+0x10/0x10
[ 1866.087332][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[ 1866.093326][   T31]  bdev_disk_changed+0x7ba/0x1550
[ 1866.098436][   T31]  ? bdev_open+0xe0/0xd30
[ 1866.102780][   T31]  ? __pfx_bdev_disk_changed+0x10/0x10
[ 1866.108350][   T31]  blkdev_get_whole+0x380/0x510
[ 1866.113216][   T31]  bdev_open+0x31e/0xd30
[ 1866.117568][   T31]  blkdev_open+0x470/0x610
[ 1866.122014][   T31]  ? __pfx_blkdev_open+0x10/0x10
[ 1866.127087][   T31]  do_dentry_open+0x785/0x14e0
[ 1866.131890][   T31]  vfs_open+0x3b/0x340
[ 1866.136064][   T31]  ? path_openat+0x2df0/0x3860
[ 1866.140841][   T31]  path_openat+0x2e08/0x3860
[ 1866.145565][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[ 1866.151118][   T31]  ? stack_depot_save_flags+0x33/0x810
[ 1866.156667][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1866.161609][   T31]  ? __x64_sys_openat+0x138/0x170
[ 1866.166903][   T31]  ? do_syscall_64+0x14d/0xf80
[ 1866.171679][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.177847][   T31]  ? __lock_acquire+0x6b5/0x2cf0
[ 1866.182819][   T31]  do_file_open+0x23e/0x4a0
[ 1866.187460][   T31]  ? __pfx_do_file_open+0x10/0x10
[ 1866.192507][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1866.197592][   T31]  ? alloc_fd+0x64b/0x6c0
[ 1866.201942][   T31]  do_sys_openat2+0x113/0x200
[ 1866.206791][   T31]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1866.212280][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1866.217572][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1866.222357][   T31]  __x64_sys_openat+0x138/0x170
[ 1866.227451][   T31]  do_syscall_64+0x14d/0xf80
[ 1866.232072][   T31]  ? trace_irq_disable+0x3b/0x150
[ 1866.237285][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.243370][   T31]  ? clear_bhb_loop+0x40/0x90
[ 1866.248157][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1866.254122][   T31] RIP: 0033:0x7f7c9fca7407
[ 1866.258544][   T31] RSP: 002b:00007fff8208d3e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1866.267076][   T31] RAX: ffffffffffffffda RBX: 00007f7ca0377880 RCX: 00007f7c9fca7407
[ 1866.275120][   T31] RDX: 00000000000a0800 RSI: 0000557b21e472d0 RDI: ffffffffffffff9c
[ 1866.283114][   T31] RBP: 0000557b21e46910 R08: 0000000000000000 R09: 0000000000000000
[ 1866.291470][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000557b21e59e20
[ 1866.299780][   T31] R13: 0000557b21e54190 R14: 0000000000000000 R15: 0000557b21e59e20
[ 1866.308739][   T31]  </TASK>
[ 1866.311977][   T31] 
[ 1866.311977][   T31] Showing all locks held in the system:
[ 1866.320120][ T4227] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1866.329461][   T31] 1 lock held by khungtaskd/31:
[ 1866.339172][   T31]  #0: ffffffff8e75e620 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1866.351400][   T31] 2 locks held by getty/5579:
[ 1866.357077][   T31]  #0: ffff8880325440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1866.377393][   T31]  #1: ffffc9000321e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[ 1866.399502][   T31] 1 lock held by udevd/23590:
[ 1866.404689][   T31]  #0: ffff888066bf4358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[ 1866.424400][   T31] 2 locks held by syz-executor/2505:
[ 1866.429725][   T31] 2 locks held by syz.2.18552/4213:
[ 1866.435464][   T31] 
[ 1866.437981][   T31] =============================================
[ 1866.437981][   T31] 
[ 1866.447720][   T31] NMI backtrace for cpu 1
[ 1866.447736][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1866.447754][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1866.447764][   T31] Call Trace:
[ 1866.447771][   T31]  <TASK>
[ 1866.447778][   T31]  dump_stack_lvl+0xe8/0x150
[ 1866.447807][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[ 1866.447827][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1866.447850][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1866.447872][   T31]  sys_info+0x135/0x170
[ 1866.447887][   T31]  watchdog+0xfd9/0x1030
[ 1866.447908][   T31]  ? watchdog+0x21a/0x1030
[ 1866.447929][   T31]  kthread+0x388/0x470
[ 1866.447946][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1866.447959][   T31]  ? __pfx_kthread+0x10/0x10
[ 1866.447975][   T31]  ret_from_fork+0x51e/0xb90
[ 1866.447998][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1866.448017][   T31]  ? __switch_to+0xc7d/0x1450
[ 1866.448039][   T31]  ? __pfx_kthread+0x10/0x10
[ 1866.448055][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1866.448091][   T31]  </TASK>
[ 1866.448098][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1866.562614][    C0] NMI backtrace for cpu 0
[ 1866.562631][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[ 1866.562647][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1866.562657][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1866.562684][    C0] Code: 2e 6d 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 42 18 00 fb f4 <e9> fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[ 1866.562698][    C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000242
[ 1866.562712][    C0] RAX: 0000000000448efd RBX: ffffffff819a913a RCX: 0000000080000001
[ 1866.562723][    C0] RDX: 0000000000000001 RSI: ffffffff8df27289 RDI: ffffffff8c27ca80
[ 1866.562734][    C0] RBP: ffffffff8e407eb0 R08: ffff8880b863399b R09: 1ffff110170c6733
[ 1866.562745][    C0] R10: dffffc0000000000 R11: ffffed10170c6734 R12: 0000000000000000
[ 1866.562756][    C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 1ffffffff1c929d8
[ 1866.562766][    C0] FS:  0000000000000000(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
[ 1866.562779][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1866.562789][    C0] CR2: 00007f3e0a3e7158 CR3: 0000000077f46000 CR4: 00000000003526f0
[ 1866.562804][    C0] Call Trace:
[ 1866.562811][    C0]  <TASK>
[ 1866.562817][    C0]  default_idle+0x9/0x20
[ 1866.562832][    C0]  default_idle_call+0x72/0xb0
[ 1866.562848][    C0]  do_idle+0x36a/0x5f0
[ 1866.562871][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1866.562891][    C0]  ? do_idle+0x5c1/0x5f0
[ 1866.562912][    C0]  cpu_startup_entry+0x43/0x60
[ 1866.562932][    C0]  rest_init+0x2de/0x300
[ 1866.562948][    C0]  start_kernel+0x385/0x3d0
[ 1866.562965][    C0]  x86_64_start_reservations+0x24/0x30
[ 1866.562986][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1866.563005][    C0]  common_startup_64+0x13e/0x147
[ 1866.563027][    C0]  </TASK>
[ 1866.754152][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1866.761058][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1866.770168][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1866.780341][   T31] Call Trace:
[ 1866.783611][   T31]  <TASK>
[ 1866.786531][   T31]  vpanic+0x56c/0xa60
[ 1866.790508][   T31]  ? __pfx___schedule+0x10/0x10
[ 1866.795351][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1866.799852][   T31]  ? __pfx_console_unlock+0x10/0x10
[ 1866.805148][   T31]  panic+0xc5/0xd0
[ 1866.808897][   T31]  ? __pfx_panic+0x10/0x10
[ 1866.813311][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1866.818674][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1866.824818][   T31]  watchdog+0x1023/0x1030
[ 1866.829139][   T31]  ? watchdog+0x21a/0x1030
[ 1866.833544][   T31]  kthread+0x388/0x470
[ 1866.837602][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1866.842267][   T31]  ? __pfx_kthread+0x10/0x10
[ 1866.846842][   T31]  ret_from_fork+0x51e/0xb90
[ 1866.851426][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1866.856526][   T31]  ? __switch_to+0xc7d/0x1450
[ 1866.861198][   T31]  ? __pfx_kthread+0x10/0x10
[ 1866.865797][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1866.870566][   T31]  </TASK>
[ 1866.874090][   T31] Kernel Offset: disabled
[ 1866.878404][   T31] Rebooting in 86400 seconds..